FLIGHT SAFETY

Technology and the Human Factor

A pilot’s perspective

by

Prof. dr ir J.A. Mulder

Delft University of Technology

Contents

• How safe is it?

• The common causes of accidents

• The Flight Deck: past, present and future….

• Automation and Situation Awareness

• Review of a famous accident

• Lessons learnt

• How safe will it be?

Dependent Failures

Independent Events

A B

P (A & B) = P (A) · P (B)

Dependent Events

P (A & B) > P (A) · P (B)

A B

P (A & B) = P (A) · P (B/A)

The pilots of an Air France Airbus A330 that

crashed into the Atlantic Ocean two years ago

apparently became distracted with faulty

airspeed indicators and failed to properly deal

with other vital systems, including adjusting

engine thrust, according to people familiar with

preliminary findings from the plane's recorders.

The Wall Street Journal (2011 May 24, Pasztor,

Michaels)

•The aircraft slowed to a stall shortly after the

autopilot disconnected. The pilots faced a

series of automation failures and disconnects

related to the plane's airspeed sensors.

•Within 4 min 28 sec 16 ACARS fault messages

were sent to home base on faults resulting

from these unreliable airspeed sensors (display

indications, auto thrust, TCAS, …..).

•Loss of Situation Awareness.

More examples of common cause accidents

JA8119, 1985

UA232, 1989

OO-DLL, 2003

LY1862, 1992

El Al LY 1862, 1992: Pylon failure DHL OO-DLL: Hit by missile

Japan Airlines JA8119: Lost vertical tail United Airlines UA232: Engine desintegration

Cockpit Douglas DC-3, first modern transport aircraft

Flight deck Lockheed Constellation, 4 man crew

Flight EngineerNavigator

Flight deck Boeing 737-300, FMC

Flight deck Boeing 767-300, FMC, EFIS

Rasmussen’s ‘Skills, Rules, Knowledge’

framework, from pilot to supervisor

• Skill based behavior

• Rule based behavior

• Knowledge based

behavior

• Manual control, effort, training, the pilot as ‘ace’

• Handling the auto pilot, procedures, check lists

• Feed Flight Management System (FMC) with information, direct the flight through the the coupled FMC

Invest in pilot skills!

Advanced flight simulators!

Lufthansa_Airbus_320_crosswind_landing_wing_strike.wmv

So, we have to do better!

Better Safety & Performance by:

• Technical advances in– Aerodynamics, structural design & materials, systems

– Engines

– Avionics (Fly by Wire, ‘Glass cockpit’, triple redundant auto flight systems with autoland, Flight Management System (FMS), TCAS, GPWS)

• Human Factors– Crew Resource Management (CRM)

– Automation

– Situation awareness

– Training, checking

Flight deck (r)evolution

LOW SITUATION

AWARENESS

Ironies of automation

Aircraft are open systemselectricity

waterin

waterout

Aircraft are open systems

But … automation will proceed

Crew Resource Management (CRM)

• 80% of non-technical accidents due CRM failure:

‘individual pilots do not crash airplanes, crews do’

• Good leadership:

– be a strong leader, but not autocratic

– delegation of responsibilities

– communicate, support, joint decision making

• Pilot training in CRM

– missions in flight simulator

– videotaped sessions, debriefing

Human-Machine Interface (1)

Intuitive 3D perspective display

Human-Machine Interface (2)

low situation awareness

Display of commands, do

what you are told….

CPA

PZ

IF (tCPA< look-ahead) AND (|CPA|< 5 NM) THENconflict = TRUE

ELSEconflict = FALSE

5 NM

Human-Machine Interface (3)

optimal situation awareness

Ecological display, see

what you should do!

min

max

Last resort: ‘Care-free’ handling and navigation!

On October 4th 1992 a Boeing 747-200F

freighter aircraft, Flight LY 1862, departing

from Schiphol, crashed into an apartment

building in the Bijlmer neighborhood of

Amsterdam killing 43 people.

Flight LY 1862 failures

• Structural failure pylon eng # 3 due to fatique

• Destruction of wing pylon eng # 4

• Wing leading edge damaged

• Loss of hydraulic systems 3 and 4

• Loss of electrical systems

• Partial and complete loss of control surfaces

• Reduced thrust, increased aerodynamic drag

• Asymmetrical thrust, aerodynamic asymmetry

• Asymmetrical mass distribution

Route to disaster

Flight 1862, Amsterdam, October 4th, 1992

Failure mode analysisEl Al Flight 1862 Failure Mode Configuration

Aircraft Systems

Hydraulic systems 3 and 4 off

Engine 1 and 2 thrust asymmetry

Lower rudder lag

Mass Properties

Engine no. 3 and 4 weight loss, 4,014 kg each

Pylon no. 3 and 4 weight loss, ± 1,000 kg each

Lateral center of gravity displacement

Total weight loss: 10,0028 kg

Aerodynamics

Lift loss due to wing damage (∆Lwing)

Rolling moment due to wing damage (∆Lwing)

Drag due to wing damage (∆Dwing)

Yawing moment due to wing damage (∆Nwing)

Pitching moment due to wing damage (∆Mwing)

Right inboard aileron and spoiler 10 and 11aerodynamic efficiency loss

Control surface lost

50% Hinge moment loss / half trim rate

Control surface available

∆∆∆∆Dwing

Yββββ

T1

T2

NT + ∆∆∆∆Nwing

Nββββ + Nδδδδr

ββββ

V

Yδδδδrδδδδr

W*sin(φφφφ)

∆∆∆∆Lwing + Lδδδδr

φφφφ

W*sin(φφφφ)

Yδδδδr

W

∆∆∆∆Lwing

Flight 1862 damaged aircraft flight mechanics

What was learnt?

• Extreme example of common cause

• Situation awareness was poor on aircraft status, lateral navigation and vertical navigation (kinetic and potential energy management)

• Unaware of reduced safe flight envelope

• Workload (manual control) prevented ‘high level’ decision making

Defenses against Common Cause

failures

•Improved design, materials, maintenance, systems

•Automation to reduce crew workload

•Focus on ways to improve situation awareness

•Crew resource Management & training

•Advanced measures which will exploit (remaining)

physical options for survival in case of….

Advanced Flight Control: YES!

• All transport aircraft will be ‘Fly by Wire’

• Much redundancy in sensors, systems, control

effectors, aerodynamics, computers (infinite capacity)

• Controllers work with nonlinear aircraft dynamic

models (NDI)

• On-line model identification, sensor integrity checks,

use all information to estimate state

• Adaptation, reconfiguration, control allocation, keep

aircraft in computed adapted safe flight envelope

• Care free maneuvering, navigation

How safe will it be?

• Automation (and systems)!

• Need still Human Pilot, open system

• Support the pilot through improved Situation

Awareness

• The unthinkable is bound to happen

sometime. Not 100% but close, very close.