Principles save lives

Published: Mon, 03/18/19

Hi ,


There have been two tragic plane crashes in the past six months. The first was in October 2018 when Lion Air Flight 583 took off from Jakarta airport in Indonesia. The second was just this month when Ethiopian Airlines flight 302 crashed on take off from Addis Ababa, in Ethiopia. Both planes were Boeing 737-8 MAX aircraft. From the reports I have read it was no coincidence that both accidents involved the same plane on take off. The original Boeing 737 is a short to medium range airliner which has been in service since 1968. As you might expect there has been design development and upgrades to the technology over the years. The latest version, the MAX-8, entered service in 2017. It is this version which has been involved in both the recent crashes and all similar planes have now been grounded until further notice.

So, what went wrong? From my reading it seems that the MAX-8 version had new and bigger engines fitted to improve performance and economy. The new engines also upset the balance of the plane and meant that it tended to fly with its nose up instead of being inherently stable in flight. Boeing did not want the airlines to think that they would need to provide expensive and time consuming re-training for crews already familiar with the 737. So, they kept quiet about the change to the flight characteristics. In order to cover up the inherent instability of the MAX-8 Boeing installed an angle of attack sensor (which would detect when the nose started to climb) in the nose of the aeroplane and connected it into the flight control system so that the plane would correct itself when the front started to rise. The airlines and the aircrews were not told about either the instability of the MAX-8 or the technology which had been installed
to compensate for the problem. Apparently the sensor and correction system worked when the plane was on automatic pilot and when when being flown manually. It is possible to turn the system off if you know how, but to do that you would have to know that the system was there in the first place.

It seems that the angle of attack sensor as used in the MAX-8 is prone to malfunction and will sometimes send a signal to the flight control system indicating that the nose of the plane is rising too fast. This can happen even when the rate of climb is in fact perfectly appropriate for a normal take off. The flight control system will then keep pulling the nose down just when the plane needs to be climbing to a safe altitude. Each time the pilots try to climb the nose will dip and eventually and the plane will crash. There is little the pilots can do to their plane because it is impossible to over ride the system. As a result hundreds of people are dead and more could have been had not the planes been grounded as soon as they were.

This whole story is particularly shocking because the air transport industry generally has a good record of safety. Over the years air travel has become progressively safer as certain principles have become industry standards. These recent crashes are a direct result of not adhering to the principles which have made commercial flight a safe way to travel.

The first principle is designing and building aircraft according to the principles of aeronautics. The original 737 seems to have been a perfectly sound design. If it was not possible to develop the original concept any further then perhaps it was time for a new design altogether.

The second principle is full disclosure. The airlines which bought the MAX-8 planes and the aircrews who flew them had no idea that a single sensor and some dubious software was all that kept the planes in the air. Would this version of the 737 have been so popular with airlines and profitable to Boeing if the truth had been told? Probably not, but lives come first and Boeing’s reputation will take a long time to recover.

Thirdly, the principle of redundancy. One of the reasons that air travel is generally safe is that commercial aircraft are always built with back up systems. If one thing fails then another system should take over and the crew be alerted so that they can take appropriate action too. In this case there was no redundancy at all. If one sensor malfunctioned the plane was doomed, no back up system, no warning to the crew so that they could just take over and fly the plane manually.

Accidents don’t just happen. The airline industry talks about the swiss cheese theory of risk. Each bubble in the cheese is a potential cause of an accident. So long as there are not too many bubbles and they never line up then a hole all the way through will not occur. Boeing created a situation where an accident was much more likely than they should have been and two have now happened.

These same principles apply to anything we do or create. Make sure that whatever you create is fit for purpose. Be honest and open about how it works and use it safely. Build in redundancy in case there is a problem. Following such principles may incur more time, effort and expense but violating principles of good design, full disclosure and redundancy can and does save lives.

Regards

Graham

PS On the 23rd of March we have a course on training with a walking stick in Beverley. On the 6th of April I will be teaching Stav in Somerset. In both cases I will emphasise the principles of working with the Stances, web and five principles of Stav. Full details of Beverley course here http://iceandfire.org.uk/train.html and Somerset event here http://crewkernestav.iceandfire.org.uk/060419.html