In the aftermath of plane crashes official spokespersons always caution against “engaging in speculation”. However, speculation is what solves problems, sometimes on the basis of very sparse facts. The Germanwings 4U 9525 crash is one such problem. If you prefer, call it examining hypotheses.
Many facts were clear within a few minutes of the crash. Flying in good weather, the Airbus 320 had lost altitude in an almost normal descent while maintaining its course. That immediately tells you it did not explode in mid air. Radar was able to track it to the point of impact, which strongly implies the airframe was intact until impact, and very likely that at least one engine was functioning, probably both. It suggests pilots were in control, or had initiated the descent. The lack of distress calls and lack of response to traffic control messages in the 8 minutes of descent opens two categories of cause: pilot incapacity or unwillingness. Incapacity could be caused by depressurisation. However, that would also make it likely the plane would maintain its course, not descend. That would accord with the Helios Airways Flight 522 crash, which continued in level flight until it ran out of fuel. The controlled descent in this case is unusual. Technically, other rare events like iced up airspeed indicators being misinterpreted by the flight computer could have caused something like this, but an alert pilot would have corrected it. Incapacity could also include a terrorist incapacitating the pilot, then taking the controls. Overall, unwillingness is a somewhat better fit with the events at the moment.
If the reported comments from an un-named investigator of cockpit recordings are correct, then for some reason one pilot left the cockpit and was unable to get back, hammering on the cockpit door, strongly suggesting that the remaining pilot did not let him back in, or could not do so. It has now been confirmed that the co-pilot was at the controls throughout. The main pilot Patrick S had over 6000 flying hours, the recently trained younger co-pilot Andreas L 630 hours. Pilot action, as the polite phrase has it, must now rise to the top of the list of hypotheses. Mozambican Airlines flight TM470 was probably caused by a pilot electing to put his plane into a nose dive. There will be intense interest in finding out much more about the pilots.
It may seem strange to turn from the high drama of aviation crashes to the mundane Blackwall Tunnel under the Thames, first constructed in 1987 and altered since then, carrying road traffic but, because of safety restrictions, not carrying any dangerous goods such as large amounts of fuel or liquid petroleum gas. Makes sense. If those ignite or explode they will cause injuries, deaths and destruction in the confined space of the tunnel. However, the unintended consequence is that these dangerous loads are now carried across central London bridges, and past many schools, hospitals and other public places.
Cockpit security keeps out terrorists, but provides a refuge for pilots who are suicidal or malevolent. The costs of preventing terrorism have to be balanced against the costs of the occasional unbalanced pilot.
David Kaminski-Morrow, air transport editor of the Flight global publication says: “I'm starting to count the number of fatalities that can be attributed to the cockpit doors and whether its locks are saving lives."
Naturally, there is never a perfect solution to such problems, because no cut-off point can perfectly remove residual conflicting risks. Confining both pilots to the cabin at all times conceivably may lead to an increase in fatigue or arguments, or an inability for one pilot to enter the main body of the plane to look at an engine or a wing and thus spot a malfunction. Making another cabin crew member replace the absent pilot is required by some airlines, but may be cumbersome and anyway far from perfect if the replacement is easily overpowered.
Once the official enquiry makes its final report it will be time to get out the fault trees and flow charts and pore over the conflicting risk estimates. However, if you present experts with a fault tree they tend to believe that it has covered all possible problems (even if about a third of it is missing). Since experts are rational people, and mostly good natured, they tend to have difficulty believing that some people will do stupid, dishonest and malevolent acts. Humans are a tricky bunch, capable of the sublime and the ridiculous. They can construct and keep in the thin blue air a 450 ton metal magic carpet and very occasionally bring it crashing down. Sometimes I can almost believe that psychology is an interesting subject.
We should not engage in speculation, but it would be a dull, stagnant and even more error-prone world if we did not.
I fear that if we try to invent ways to stop pilots from doing things like this, we will introduce a dozen more serious failure modes. There comes a point where you have to accept that you're running up against an almost Gödel-style limitation to our ability to control systems; we have to place our trust in someone (and I'd rather place it in the average airline pilot than the average politician).
ReplyDeleteWell said, Dr T.
ReplyDeleteI predicted that this would be the investigation outcome yesterday. It's the only scenario that really made any sense.
ReplyDeletePilots have been responsible for nearly all the major recent airliner crashes - Air France 447, AirAsia 8501, and now this Germanwings crash. It seems very likely that one of the pilots, probably the Captain, was also responsible for the disappearance of flight MH370, but this remains technically unconfirmed. The crashes came about either through pilot suicide or through pilots massively compounding minor technical problems caused by weather conditions. Will this spur a movement towards full airliner automation? The logical solution seems to be to get rid of the pilot.
Perhaps we should also relax some of the cockpit security restrictions introduced after 9/11. Apparently there's a manual override which allows a pilot to completely lock everyone else out of the cockpit, with no counter-override possible. I guess it makes sense as an anti-hijacking measure, but is that the real threat? & judging by
https://www.youtube.com/watch?t=17&v=ixEHV7c3VXs
interaction between pilots & other flight crew seems very constrained and would be very clunky in an emergency if the pilots needed assistance.
When my daughter was three, and I was snoozing, she let herself into the cockpit to talk to the pilot. An irate stewardess shook me awake to complain. I asked whether they didn't have locks on the cockpit door. She looked embarrassed, and said "she must have watched how I opened the door".
ReplyDeleteThese deaths, where inability to enter the cockpit dooms everyone aboard, must be chalked up as another success for the terrorists. Perhaps the money spent on security theatre applied to the passengers might better be spent on psychological testing of the pilots. Or plain snooping - who's gambling too much, who drinks, who's ...... ? Come what may, nothing will be perfect.
Hey ho
Egypt Air 990 came to mind as soon as I heard the details of the story yesterday.
ReplyDeletehad forgotten that, but it certainly has similarities
Delete