B737max, Air France 447, Asiana 214 – and computer failures reason for the largest flight cancellations in the past two years. Lesson (to be) learned…?
Following a discussion triggered by Airbus’ automated take-off last week, I posted a comment on LinkedIn:
“Just discussed the issue of “autonomous flying”, two examples against it. Asiana flight 214 (there was also a similar incident with Turkish Airlines) caused by a pilot with a semi-religious belief in the Auto-Pilot. Said to have very little experience “flying manual”. And the 737MAX, also to keep in mind the missing redundancy of sensors to safe cost. Also Air France 447 accounted to incorrect sensor readings. One reason I don’t see a “pilot free cockpit”, but a “cockpit flight manager”. Like the flight attendants there in case of need, but usually just monitoring proper systems. “Accompanied” by a drone-operator at the AOC. Having GBAS+GPS a system to constantly monitor the four-dimensional position of the aircraft and if in line with flight plan. If not, maybe a sensor-glitch misguiding the aircraft? Please “Pilot” or “drone operator” override the faulty sensor…”
Several replies, notably the one public response by David Eiser outline the threat: “Too much reliance on automation by both operators and pilots is one of the biggest threats today.”
A frequent issue I discuss when discussing AOC or APOC (airline or airport operations centers) is the necessity to have fallback procedures in case of IT failure! This is also in line with disruption management and the fact that the major disruptions of the past two years were caused not by weather, but IT failures! Just an example reported by Wall Street Journal.
Back in 1990, I came as a Sales person to the Frankfurt Airport to meet and greet an important FAM-group – FAMiliarization – a group of journalists invited for a trip overseas. To learn the flight would not take off, as the airport check-in-system failed. I got a printed passenger list, a stack of boarding passes and after 10 minutes of preparations issued the boarding passes to the passenger. With only 75 minutes into the process the flight got readied for departure. It was as far as I remember, the only flight that left that day during the computer downtime. Lufthansa used a different system, their flights were not impacted.
That was my day to learn the lesson to have fallback procedures in case of a computer glitch. It was driven home over the years by other failures that became public. But more and more, I also learned that managers developed a semi-religious faith in computer systems. Redundant systems cover for a failure, right? Wrong. Working with AOCs and APOCs – there are no system redundancies. If a system fails, there is a downtime. Period.
As Richard Maslen just wrote on CAPA’s Blue Swan Daily: “It used to all be about passes in English and Mathematics, now it is blockchain, cloud computing and analytical reasoning – the changing mix of skills most prized by the business world”. It is another example of the semi-religious faith in IT I talk about. Big Data was the buzzword everyone talked about and nobody had a clue on what it really meant. It’s hip, so it must be good. Now we added blockchain, cloud computing and analytical reasoning. Important buzzwords, but if you look for a business case, it’s for the ones making themselves a business with it.
Did you know that aviation was the first large application of cloud computing? Sabre enabled to book flights from anywhere in the world anywhere in the world. I used Sabre-messages back in 1987 – that was years before e-Mail. Tell me about Cloud Computing. On the backside, most recent computer failures forcing airline downtimes were caused by small cloud solutions failing and taking down the airlines’ IT system as a collateral damage. Leaving airplanes grounded, passengers stranded.
Where aviation has a strong requirement to keep a “history” of changes in their IT systems, blockchain might help, but it adds complexity and slows down systems. And keeps the question of the ultimate truth. If there is a data discrepancy between two independent systems, which ones is the right one? That’s not just on A-CDM between different stakeholders, I’ve seen the same problem arise on internal systems aplenty!
Now on analytical reasoning, it goes with the old issue of who analyses with what intent. As the old saying goes, I only trust the statistics I falsified myself.
Aircraft System Redundancy
Now have we learned our lessons? Speaking to academically educated managers, I find a lot of superficial knowledge. Like the Big Data picture. Someone – usually the IT companies – come up with those buzz words and explain they are important. They are not unimportant. But it boils down to my usual question: Give me a business case. No wishful thinking. Nor divine revelation and forget what the stars foretell!
Boeing managers, in what I consider a criminal neglect, prioritized commerce over safety. In line with FAA and others. “Shareholder Value” is a word that was invented in the U.S. It implies that the only value a shareholder has is short-term profit. I disagree ever since I learned the word back in 1997 in the process of the IPO of Cytric. At the time my baby – yes, the one today owned by Amadeus. Shareholders have different values. Long term profitability. Sustainability, not even linked to profitability. An idea. Something “good”.
Now Boeing used a single sensor to trigger MCAS. And the system overruled the pilots. It crashed two airplanes. The cause? Greed. A mortal sin.
Faith in The Computer
A key-finding on Asiana 214 was a pilot who believed in his on-board computers. Who had thousands of “auto-pilot” hours, but very little experience in manual flying. Who did not grasp that for a wrong sensor his system was wrong. Who made small mistakes on his computers’ settings (i.e. direct input, no landing flaps) ignored the tower’s advise to do a turn-around, to disrupt the landing and start the landing process anew. A similar case grounded a Turkish Airline plane. Pilots like this make a case for autonomous flying. Better a stupid computer than a pilot with blinders.
Another sensor failure caused the crash of Air France 447. GPS giving a three-dimensional point in space, where are the systems that provide that information to the pilots at night? How can it be that pilots and airplanes loose their direction in the air?
And while we talk about GPS and GBAS in aviation, a flight like MH 370 teaches the same lesson. Not the one shot down over Ukraine, but the one that got lost over the Indian Ocean. Airline and authorities are blind over the big oceans. All those fancy systems, satellites, etc. and we have no information, neither in the cockpit nor at the control centers, where the flights are? And trust in pilots following navigational directions (semi-)blind?
Faith in the Pilot
A frequent argument for the cockpit automation is German Wings flight 9525, where the pilot flew the airplane into the mountain. While that was a freak incident, neither pilot nor computers are “fail-safe”. All we can do is to minimize the risk. And while autonomous flying will come, I’m an advocate for a “flight operator”, both in the cockpit, as well as on the ground. Then we have three independent “systems” and any two will override the third. Still, there will be ad hoc decisions to be taken, then who “rules”? If you have another aircraft on collision course. If you have foreign object or another aircraft on the runway.
Fly by Wire, Drones and Air Taxis
Since the development of Fly-by-Wire, airplanes cannot fly without computer aid. If the computer fails, the steering signals from the side stick go nowhere. So we already rely on the computers in airplanes. And a computer failure will result in a crash. Period. But Fly-by-Wire also makes the case for automated flying.
Pilot-less air taxis already require a fully automated system. If you consider them to fly in airport vicinity, they interact with the flight plans of commercial airplanes, today considered a major security risk with an excessive bureaucracy for a single approval for any plane, helicopter or drone entering the airport’s air space!
A similar case is the automated drones as envisioned by Amazon, DHL and others, for automatic passenger delivery. As the air taxis, they will rely on a fully-automated flight planning and flight plan filing with the authorities’ computers. Simply to avoid in-air-collisions.
While commerical airplanes, delivery drones and air taxis follow pre-assigned flight plans and routes, drones are operator-guided… Can we expect manually guided drones in the air space of other operators? Be it air taxis, helicopters or airplanes? I doubt it, I believe this is a short-lived fashion. Soon drones will be so restricted in use that they go back to hobby and in pre-assigned areas. All other operations requiring the filing of a flight plan!
I like the examples in The Fifth Element. Or Doctor Who’s episode Gridlock (image). We’re not talking about individual travel or we risk air accidents, way more potent than any car accident you might imagine today! This can only work in a fully automated environment. You want to change your flight plan? The computers must secure a safe route in four-dimensional space – including the time, beyond what ATC can do today! A constant prediction of traffic for several hours ahead!
I take it with Heinlein, as he wrote in Friday, a 1982 novel. I believe we will have ability for a fully automated flight, which will also improve A-CDM and flight planning. We will have a pilot on board. Plus a drone-pilot in the AOC. Heinlein wrote that the pilot no longer pilots but is there for the sake of passengers’ reassurance. The pilot unlikely to have better ideas than the computer.
The pilots will be turned into a flight operator in the cockpit, plus a flight operator on the ground. Both will be specialists, but I predict that their “work times” will no longer be privileged, but more like computer specialist. Automated flight management will reduce the work load and make those jobs mostly observational. Making privileges in duty times or salaries obsolete. Heresy. To the pilot industry. But in my opinion a “logical consequence” since the introduction of fly-by-wire – which also was the start of the discussion about autonomous flying.
Side note: This will also automate Air Traffic Control, ground handling, etc., etc. – Give take 100 years, likely less, we will have air traffic automated. With very limited manual input by pilots or other stakeholders. Backbone is slot management, scheduled flight planning. Then add “scheduled air-taxi” (air-bus), followed by delivery drones (for people or freight), ad-hoc flights. Think about medical emergency but also “VIP” flights (Air Force One)…
Food for Thought!