"NASA is paradoxical, because in terms of how they are perceived they're seen as this ultra risk averse safety-first organization, but in terms of actual behavior - they keep doing the exact same thing"
This paradox is easily resolved. As risk aversion goes to maximum, the only acceptable solution is to do what was done before. Anything we deviate from doing before is something that could fail in a new and unknown way, possibly bigger than before.
This isn't a NASA thing, this is one of the basics of large bureaucracies. It is one of the major drivers of their inertia and inability to change course. When the penalty for slightly more failure than before (in anything except money spend, that's OK as long as it's done by high level people) is expulsion and scapegoating and the reward for doing slightly better is a pat on the back and a denied request for a salary upgrade/slight promotion, you converge on having an organization full of people where this is the only path forward, no matter how much acknowledgement there is that the current situation is broken by every last person involved.
To take a really big diversion, one of the deeper aspects of the "move fast and break things" philosophy isn't just about directly moving fast and breaking things; it is creating a culture where people have permission to fail at least a little before being evicted from it. Your biggest successes will always involve some failures on the way, so if you rigorously eliminate all failure from your organization, all but the smallest, most basic of successes will go with it. It's not that you literally want to break things or that managers should necessarily create a "broken things" metric and try to keep it in some band above zero but below catastrophe, it's about making avoiding breakage not calcifying and paralyzing your company by making it the absolute number one priority above all else.
> This isn't a NASA thing, this is one of the basics of large bureaucracies.
Not really, because commercial air travel had problems early on, and the FAA approach was to investigate, determine root causes, and make changes to eliminate or reduce the probability of them happening again. Assigning blame or scapegoating was not part of their process (not that it didn't happen in the media). And now commercial air travel is very safe.
Except commercial and amateur air travel seems to now be stuck in a local maxima deeply similar to what the parent talks about, avoiding risk by doing the same thing. There are good processes to improve the safety of existing operations and good reasons to keep doing proven things, but innovation is deeply choked.
See the decades long process of trying to switch away from leaded aviation fuel. Small aircraft are all running engine designs from the 1960s despite huge advances in internal combustion and fuel composition in other applications. Getting a new engine design or fuel mixture approved has proven effectively impossible, so processes have defaulted to doing things the exact same way to avoid risk.
See also the 737 MCAS debacle. Boeing was highly incentivized to keep the 737 flight characteristics exactly the same to avoid needing to re-certify the airframe or re-train pilots they invented MCAS to mimic the old behaviour and didn't tell pilots about it, leading to deadly results. Rules designed to allow change actually perversely made it a better option to avoid change (or at least avoid the appearance of change), so risk behaviour defaulted to do it the same way as before.
This paradox is easily resolved. As risk aversion goes to maximum, the only acceptable solution is to do what was done before. Anything we deviate from doing before is something that could fail in a new and unknown way, possibly bigger than before.
This isn't a NASA thing, this is one of the basics of large bureaucracies. It is one of the major drivers of their inertia and inability to change course. When the penalty for slightly more failure than before (in anything except money spend, that's OK as long as it's done by high level people) is expulsion and scapegoating and the reward for doing slightly better is a pat on the back and a denied request for a salary upgrade/slight promotion, you converge on having an organization full of people where this is the only path forward, no matter how much acknowledgement there is that the current situation is broken by every last person involved.
To take a really big diversion, one of the deeper aspects of the "move fast and break things" philosophy isn't just about directly moving fast and breaking things; it is creating a culture where people have permission to fail at least a little before being evicted from it. Your biggest successes will always involve some failures on the way, so if you rigorously eliminate all failure from your organization, all but the smallest, most basic of successes will go with it. It's not that you literally want to break things or that managers should necessarily create a "broken things" metric and try to keep it in some band above zero but below catastrophe, it's about making avoiding breakage not calcifying and paralyzing your company by making it the absolute number one priority above all else.