The BLUF without the fluff. TL;DR:

• INCOSE SE Flash Cards – 15% off for newsletter subscribers!
• Functional Failure Analysis – considering taxonomy of functional failure modes will improve failure mode analysis;
• Skydio UAV Systems Engineering Failure – work around to mitigate interference with UHF radio communication exposes lack of operational context awareness and elicitation of stakeholder needs;
• US Coast Guard published Report on TITAN catastrophic failure – looking behind the veil shows the concentration of executive, engineering and operational decision making, with a bias to economic gain, results in a degradation of capability increasing the possibility of catastrophic failure.

INCOSE SE Flash Cards

The 500+ INCOSE SE Handbook Flash Cards have been live since June and already there’s been great uptake. Check out https://fitzgeraldsystems.com/services/incose-se-handbook-v5-flash-cards/. Sign up to the monthly TL;DR SE Newsletter to get a limited availability promo code for 15% off.

Elevating System Architecture Through Functional Failure Mode Awareness

In the evolving landscape of systems engineering, traditional architectural design often emphasizes functional exchanges between sub-systems — with an emphasis on how they interact. But what if we elevated this approach by systematically analyzing how these exchanges might fail?

John Lindland, president of QualSAT, author of 7FM The Seven Failure Modes¹, proposes a compelling framework: by examining each functional exchange through the lens of potential failure modes—such as 1) omission function, 2) excessive function, 3) incomplete function, 4) erratic/unstable function, 5) uneven/biased function, 6) late/slow function response, or 7) too soon/fast function — we can uncover a broader spectrum of vulnerabilities. Lindland boldly claims this method can identify 100% of all potential failure modes.

While that’s an ambitious benchmark, the practical value is clear. Considering failure modes like “Too Soon/Fast Function” or “Uneven/Biased Function” forces teams to think beyond binary success/failure and into nuanced performance degradations that often go unnoticed until late-stage testing—or worse, post-deployment.

For system architects and integration leads, this mindset shift means embedding resilience at the design phase. It encourages richer interface definitions, more robust validation criteria, and ultimately, systems that are not only functional but fault-tolerant.

As complexity grows and interdependencies deepen, this failure-mode-aware architecture could be the key to building systems that don’t just work—but work reliably under stress.

When Engineering without Systems Engineering Falls Short: The Skydio X2/X10 Case Study

The promise of Skydio’s X2 and X10 drones, autonomous, responsive, and mission-ready, has captivated public safety agencies across the U.S. But a recent safety bulletin² reveals a critical oversight: handheld radios operating in the 450–500 MHz range can disable the drone controllers, causing video degradation, link loss, or even full shutdowns.

From a systems engineering perspective, this is a textbook case of insufficient understanding of the operational context of the UAVs and the lack of stakeholder needs elicitation within that context. The functional exchange between the controller and drone—arguably the system’s lifeline—was not adequately hardened against electromagnetic interference (EMI), a foreseeable hazard in multi-agency environments where UHF radios are ubiquitous.

Skydio’s mitigation advice, keep radios 12 inches away, feels more like a workaround than a systems-level solution. The company now promises shielding and software alerts in future iterations, but the vulnerability appears to have been known since the X2 era. That raises questions about traceability, verification, and validation, core tenets of systems engineering.

As agencies invest millions into Drone as First Responder programs, this case underscores the need for rigorous, failure-aware systems engineering. The lesson? A system that performs well in the lab may still fail spectacularly in its operational environment.

The TITAN Tragedy: When Technical Failure Follows Leadership Failure

On June 18, 2023, the submersible TITAN suffered a catastrophic implosion in the North Atlantic, resulting in the deaths of all five occupants. Two years later the US Coast Guard published their 300 page Report of Investigation on the tragic event³. The immediate cause was the sudden loss of structural integrity in the vessel’s carbon fiber hull, which failed under immense pressure at depth. This technical failure, while tragic, was only the final link in a much longer chain of causation.

The secondary cause was a series of engineering and operational missteps: inadequate testing, disregard for established safety standards, and a reliance on unproven materials and monitoring systems. These failures were compounded by a lack of independent oversight and a pattern of ignoring warnings from both internal and external experts.

But the and arguably most critical cause was the concentration of power and responsibility in a single individual: Mr. Rush. As captain, chief engineer, and CEO, Mr. Rush was simultaneously the chief operator of the vessel, chief engineer of the technical definition, implementation and verification of the vessel, and responsible for the economic viability of the company. When one person is responsible for operation, design, and business longevity, and that individual prioritizes economic gain above all, that person’s risk appetite inevitably grows. In this case, that risk appetite led to catastrophic failure, not only causing the death of Mr. Rush, but, more tragically, four other occupants on that catastrophic day.

Most commentary has focused on technical failures, but the deeper lesson is organizational: a toxic safety culture, driven by unchecked authority and conflicting priorities, set the stage for disaster. The TITAN tragedy is a stark reminder that safety must be embedded in both engineering and leadership—never sacrificed for speed or ambition.

1. Lindland, J. L. (2007). 7FM: The seven failure modes. Bella Group, Incorporated. ↩︎
2. Skydio. (2025, September 2). NTO: Third-party radio interference with Skydio X10 Controller. Skydio Support Center. https://support.skydio.com/hc/en-us/articles/40299378962075-NTO-Third-party-radio-interference-with-Skydio-X10-Controller-Updated-2-September-2025 ↩︎
3. U.S. Coast Guard. (2025, August 4). Report of the Marine Board of Investigation into the Implosion of the Submersible TITAN (CG1788361) in the North Atlantic Ocean near the wreck site of the RMS Titanic resulting in the loss of five lives on June 18, 2023 [Marine Board of Investigation Report]. United States Coast Guard. ↩︎