FLIGHT SAFETY Technology and the Human Factor A pilot s perspective by Prof. dr ir J.A. Mulder Delft University of Technology
Contents How safe is it? The common causes of accidents The Flight Deck: past, present and future. Automation and Situation Awareness Review of a famous accident Lessons learnt How safe will it be?
Dependent Failures Independent Events Dependent Events A B A B P (A & B) = P (A) P (B) P (A & B) > P (A) P (B) P (A & B) = P (A) P (B/A)
The pilots of an Air France Airbus A330 that crashed into the Atlantic Ocean two years ago apparently became distracted with faulty airspeed indicators and failed to properly deal with other vital systems, including adjusting engine thrust, according to people familiar with preliminary findings from the plane's recorders. The Wall Street Journal (2011 May 24, Pasztor, Michaels)
The aircraft slowed to a stall shortly after the autopilot disconnected. The pilots faced a series of automation failures and disconnects related to the plane's airspeed sensors. Within 4 min 28 sec 16ACARS fault messages were sent to home base on faults resulting from these unreliable airspeed sensors (display indications, auto thrust, TCAS,..). Loss of Situation Awareness.
More examples of common cause accidents LY1862, 1992 OO-DLL, 2003 UA232, 1989 JA8119, 1985 El Al LY 1862, 1992: Pylon failure DHL OO-DLL: Hit by missile Japan Airlines JA8119: Lost vertical tail United Airlines UA232: Engine desintegration
Cockpit Douglas DC-3, first modern transport aircraft
Flight deck Lockheed Constellation, 4 man crew
Navigator Flight Engineer
Flight deck Boeing 737-300, FMC
Flight deck Boeing 767-300, FMC, EFIS
Rasmussen s Skills, Rules, Knowledge framework, from pilot to supervisor Skill based behavior Rule based behavior Manual control, effort, training, the pilot as ace Handling the auto pilot, procedures, check lists Knowledge based behavior Feed Flight Management System (FMC) with information, direct the flight through the the coupled FMC
Invest in pilot skills! Advanced flight simulators! Lufthansa_Airbus_320_crosswind_landing_wing_strike.wmv
So, we have to do better!
Better Safety & Performance by: Technical advances in Aerodynamics, structural design & materials, systems Engines Avionics (Fly by Wire, Glass cockpit, triple redundant auto flight systems with autoland, Flight Management System (FMS), TCAS, GPWS) Human Factors Crew Resource Management (CRM) Automation Situation awareness Training, checking
Flight deck (r)evolution LOW SITUATION AWARENESS
Ironies of automation
Aircraft are opensystems water out electricity water in
Aircraft are opensystems
But automation will proceed
Crew Resource Management (CRM) 80% of non-technical accidents due CRM failure: individual pilots do not crash airplanes, crews do Good leadership: be a strong leader, but not autocratic delegation of responsibilities communicate, support, joint decision making Pilot training in CRM missions in flight simulator videotaped sessions, debriefing
Human-Machine Interface (1) Intuitive 3D perspective display
Human-Machine Interface (2) low situation awareness Display of commands, do what you are told. CPA 5 NM PZ IF (t CPA < look-ahead) AND ( CPA < 5 NM) THEN conflict = TRUE ELSE conflict = FALSE
Human-Machine Interface (3) optimal situation awareness Ecological display, see what you should do! min max
Last resort: Care-free handling and navigation!
On October 4 th 1992 a Boeing 747-200F freighter aircraft, Flight LY 1862,departing from Schiphol, crashed into an apartment building in the Bijlmer neighborhood of Amsterdam killing 43 people.
Flight LY 1862 failures Structural failure pylon eng # 3 due to fatique Destruction of wing pylon eng # 4 Wing leading edge damaged Loss of hydraulic systems 3 and 4 Loss of electrical systems Partial and complete loss of control surfaces Reduced thrust, increased aerodynamic drag Asymmetrical thrust, aerodynamic asymmetry Asymmetrical mass distribution
Route to disaster Flight 1862, Amsterdam, October 4 th, 1992
Aircraft Systems Hydraulic systems 3 and 4 off Engine 1 and 2 thrust asymmetry Lower rudder lag Failure mode analysis El Al Flight 1862 Failure Mode Configuration Mass Properties Engine no. 3 and 4 weight loss, 4,014 kg each Pylon no. 3 and 4 weight loss, ± 1,000 kg each Lateral center of gravity displacement Total weight loss: 10,0028 kg Aerodynamics Lift loss due to wing damage ( L wing ) Rolling moment due to wing damage ( L wing ) Drag due to wing damage ( D wing ) Yawing moment due to wing damage ( N wing ) Pitching moment due to wing damage ( M wing ) Right inboard aileron and spoiler 10 and 11 aerodynamic efficiency loss Control surface lost 50% Hinge moment loss / half trim rate Control surface available
Flight 1862 damaged aircraft flight mechanics V β L wing Y δr T 1 T 2 W*sin(φ) W*sin(φ) D wing Y β L wing + L δr N T + N wing φ N β + N δr W δ r Y δr
What was learnt? Extreme example of common cause Situation awareness was poor on aircraft status, lateral navigation and vertical navigation (kinetic and potential energy management) Unaware of reduced safe flight envelope Workload (manual control) prevented high level decision making
Defenses against Common Cause failures Improved design, materials, maintenance, systems Automation to reduce crew workload Focus on ways to improve situation awareness Crew resource Management & training Advanced measures which will exploit (remaining) physical options for survival in case of.
Advanced Flight Control:YES! All transport aircraft will be Fly by Wire Much redundancy in sensors, systems, control effectors, aerodynamics, computers (infinite capacity) Controllers work with nonlinear aircraft dynamic models (NDI) On-line model identification, sensor integrity checks, use all information to estimate state Adaptation, reconfiguration, control allocation, keep aircraft in computed adapted safe flight envelope Care free maneuvering, navigation
How safe will it be? Automation (and systems)! Need still Human Pilot, open system Support the pilot through improved Situation Awareness The unthinkable is bound to happen sometime. Not 100% but close, very close.