Post History

Coming from a background of safety-related applications and industrial control systems, with some maritime applications experience, I could offer a few insights.

These kind of game controls are literally only good for one single thing: button ruggedness. They need to withstand some pretty brutal treatment. I've done evaluations where we compared button components taken from game consoles with military grade equivalents and there weren't really much in the way of difference in _ruggedness_ of the actual button mechanics. Number of electrical/mechanical operations, shock & vibration etc, they perform well - to the point where we used the actual buttons from a game console in industrial control system at one point. They were even better than some military grade components that used hall effect sensors, because hall effect sensors tend to go haywire in demanding environments. So far so good.

Where these fail is where it comes to _redundancy_. It is custom for safety-critical control system to have some sort of backup plan when the unexpected unlikely happens. The mindset difference between general development and safety-related is that the former is at best concerned with "how long can we keep this from failing", whereas the later does that but also considers "what do we do when it fails". Not _if_ it fails but _when_ it fails. You need a safe mode of some sort when that happens.

In this case, a submarine is similar to automotive or med-tech concerns: when something fails the safe mode is to keep running the best you can, so-called "limp home" mode. So you'd need to have a backup system and/or a backup technology to fall back to. 

And with that in mind you also have to consider the application-specific requirements. What happens if the controller gets covered in salt water, for example. These controllers have a pretty low IP class and it would have been reasonable to demand somewhere around IP66/67 even if the environment is expected to be nice and dry in normal conditions. There is a whole set of rules/qualification for marine applications and equipment specifically. IEC 60945 might be applicable - it is used for handheld and bridge-mounted electrical equipment in a maritime setting and covers both EMC and environmental requirements. Including high IP class, salt water/fog tests, UV tests and so on - these tests are _tough_ and marine environments are pretty extreme. In addition, regular EMC + ESD testing and requirements equivalent to the average industrial application.

An unprotected PCB like in the picture probably won't do - you would cover them with some manner of protection like lacquer or silicon, or perhaps simply embed the whole thing in non-conductive moulding. Oxidation would be a major concern, especially around contact areas and poorly made solder joints. Gold-plated connectors and highest IPC class would be some of the standard measures.

Software and microcontrollers for safety-related applications also come with a lot of requirements regarding redundancies and safe modes. Nowadays you typically pick specialized microcontrollers for such applications and you code them according to various coding standards (MISRA-C, SIL etc). You'll need to integrate this with your quality system. Both the software and the PCB will need to implement means to supervise critical functions, so that when something breaks you detect the problem and fall back to a safe mode. The IC and PCB inside the game controller will have none of these safety measures implemented.

And then if it would be a military submarine, we would obviously pile up a whole lot of even more demanding requirements and then all electronics would definitely have to be re-designed, since there's just no chance that some video game console will pass through the extreme EMC testing required - the MIL-STD-461 places military submarines in the toughest EMC category of all possible applications.

Finally, you'll need some sort of maintenance plan. Electronics doesn't last forever, so it would need to be inspected on regular basis. For safety-related applications that usually means an annual maintenance where seals, mechanics, connectors etc are checked. And some components like electrolyte capacitors and microcontrollers always come with a "best-before" date, even if that means they'll work just fine for 10+ years - but then what?

---

This specific disaster will no doubt get examined by accident commission and it will end up in court sooner or later. And in court, the designers will have to make an argument that they did their best in following engineering/maritime standards and best practices. If they have at least made that attempt but it failed anyway, then juridically they are in a much better position than if they put some video game controllers or Arduinos in there - then it's an open goal for the prosecution. The designers will need to show documentation that they put this whole thing through maritime certification from some reputable 3rd party test house.