ANNEX S

A Pilotís Viewpoint cpt-r.jpg (85855 bytes)
The Author is an ATPL Holder (Command Inst Rating with Helo and Multi-engine Instructor Rating). He has been a pilot in three Air Forces (RAAF 24yrs/RAF 6yrs/Royal Saudi Air Force 6.5yrs) and currently works for British Aerospace. He has over 14,000 flight hours. He runs the web-site at: www.iasa.com.au . It is based on reporting the Swissair MD-11 accident outcomes with a wider brief of aviation safety generally. He contributes to a very qualified Technical Forum that includes Patrick Price (37 year Boeing wiring expert). Price’s web-site is concerned with deficient aircraft wiring concerns and is at: http://members.aol.com/papcecst

Other contributors are pilots, licensed technicians, ex-FAA technical personnel and lawyer-pilots.

His concerns are:

a) that the elimination of the Flight Engineer third crewman from the CRM equation has left a gaping hole that affects passenger safety – particularly in a systems emergency such as Smoke-In-The-Cockpit;

b) that reliance upon electronic automated trouble-shooting systems such as in the MD-11 is akin to putting your trust in a fire-engine that is itself on fire. It has already become evident (and admitted by the Investigator) that the MD-11 Smoke/Elec/Air switch was instrumental in permitting the development of the fire - because it only swaps sources (and never permanently takes power off busses or circuits);

c) the current smoke-in-the-cockpit checklist is a time-consuming, piecemeal, optimistic quest for the cause that is always destined to allow a fire to take hold and the crew be disabled. He has suggested a very viable alternative;

d) Many additional concerns related to cockpit configuration and safety equipment (emergency cockpit lighting, full-face smoke-masks, standby flight instrument positioning, type/positioning and number of hand-held fire-extinguishers). In particular he feels that glass cockpits, FBW and software glitches are opening up new vulnerabilities for crews when added to the fundamental failures that can stem from electrical wiring faults.

e) The effect of increased computerization of cockpits upon pilot competencies, awareness, basic flying skills and emergency handling. In addition it is becoming apparent that training deficiencies and "modal confusion" is causing incidents and accidents;

f) The publicity stemming from the sr111 accident may well mean that, in the future, cockpit invasion by panicked passengers may become a real cause for concern.

g) The FAA's role in ensuring safety in this deregulated climate has been less than laudable. Personnel change-over, bureaucratic arrogance and an increasing politicisation of the Authority has meant that many aspects of their regulatory remit are simply falling through the cracks.

Editor’s Note: TSB investigators investigating the sr111 crash are becoming convinced that approximately forty events recorded on the Digital Flight Data Recorder during the recorded last 6 minutes available did not actually happen. Presumably due to the nefarious spiked electrical activity, shorting out, tripped circuit-breakers, etc. The inter-relationship between systems and the effect of their failure / malfunction modes on other systems appears to be causing considerable problems in creating a reasonable model and time line of the events themselves.

 

FUTURE SOLUTIONS

"Investigators probing the crash of Swissair Flight 111 have discovered signs of a fire in the ceiling of the plane between the forward passenger doors, the same area airlines flying similar airplanes have been warned to check."

"While the doors themselves showed no signs of heat damage, the ceiling between the doors does."

"It originates and stems from a center line but it also progresses outwards from the centre line above the left and right doors," Gerden [TSB investigator] said.

Ninety seconds before the plane's flight-data and cockpit -voice recorders stopped working, six minutes before impact, they recorded failures in about 40 of the plane's 250 systems. "That would have affected the displays the pilots had," Gerden said.

Commentary:

It's a little hard yet to say whether the "failures" were as a result of the checklist or the progressive disabling of systems by the elec initiated fire. It however reinforces my belief that the ongoing, optimistic, discretionary, time-consuming, trouble-shooting smoke checklist MUST be discarded and manufacturers must incorporate a "fall-back" electrics selection that will inert the majority of the normal electrics and revert to a "virgin" Flight Essential bus that has on it, very simply, the "get-you-home" items. At least in this way:

a. everyone lives

b. expensive time-consuming rescue efforts, salvage and subsequent crash investigations are avoided.

c. the problem is immediately apparent and thereby fixable (if they wish they can power the normal electrics up again on the ground and just see where the inflight fire would have gone). Other similar jets won't then be operating for many months (or years?) whilst the deadly glitch is uncovered (with all the abiding concerns of a fearful public and crews). DFDR/CVR data will still be available for trouble-shooting. The uncertainty of a PROBABLE CAUSE finding will be avoided.

d. Fewer people would be afraid of flying if it was known that fire-in-the-air was now less of a wild card (despite being by far the worst aerial prospect short of total structural failure).

e. You could perhaps then conscionably afford to live with Kapton, its variants and even the metalized mylar sound blankets (until the aircraft go out of service).

f. Insurance underwriters would be happier because the risks would diminish. Airline and manufacturer's accountants would be able to justify premium reductions.

             g There'd be fewer diversions at the least hint of a "dark brown smell" i.e. to say that:

h. Airline crews would have more confidence about this dire emergency that is of greater risk to them because it affects every day of their working lives.

i. Particular aircraft (and therefore airlines) won't get a bad name because of accidents (and the inevitable other disclosures of a probing investigation).

             j. Airlines that comply are seen by passengers as being very responsible and safety conscious.

k. Expensive court cases that enrich lawyers, stoke premiums and provoke primal fears (fire and flying) would be minimized.

l. Manufacturers that offered such an option (or retro-fit kit) would have a distinct commercial advantage because of their enhanced public image (at an insignificant cost in terms of weight, complexity, maintainability and justifiability).

             m. Presently mooted Kapton wiring health monitoring systems may prove unnecessary.

n. Geriatric jets may thereby be given a new lease of life (at least from the wiring integrity point of view)

o. Fuel dumping may not then always prove urgently necessary and this can be important when en route alternate weather is lousy (i.e. when holding off or pressing on to a distant div or destination may be required or prudent).

p. Once the normal electrics go OFF, experience has been that any elec fire will fizzle out (or be easily doused). Crews are then in a better position to communicate and back each other up (i.e. smoke masks can come off, intercom's not necessary, peripheral vision is restored). Fire-extinguishers are far more effective on a fire that is minus the stoking electrics. But whenever the fire is worsening the pilots are restricted in their movement - both by their oxygen umbilicals and a checklist that bans them from leaving their seats. Who fights the fire with the handheld then?

 

BUT ABOVE ALL BECAUSE

            q.   Crews would have a definitive operational directive rather than agonizing
             about diverting rapidly, ditching, rushing to land overweight in a crippled
              configuration, proceeding with or "holding" the existing trouble-shooting
              smoke checklists (whilst perilously waiting to see if things are going to
              get worse/improve/stay the same).

r. The likelihood of a mid-oceanic sr111 type emergency carrying out an intentional (perhaps unecessary) ditching with great loss     of life would be much reduced. The ditchability of large underwing turbofans?-------They’re not a survivable ditching proposition      -so it’s another strong case for adopting the Virgin Bus as a preferred alternative to allowing catastrophic fires to develop.

             s. Passengers are less likely to panic if, when all their lights go out, they realize that the
              crews are erring on the side of caution and not toying with their lives via an Emperor Nero
              like fiddle with busses, avionics, circuit-breakers, smoke/elec/air switches, hand-held
              fire extinguishers, EVAS vision maintenance devices, below floor E/E bay visitations,
               consultations on Company freqs, wading through manuals and schematics etc., etc. In the post
               sr111 climate just think for a moment about the possibility (and certainly the effect) of
               a panic-stricken (inebriated or not?) pax invading the cockpit -or for that matter, general
                panic.

t.  Passengers are also going to be reassured that their pilots aren't going to be knocked out by ingestion of toxic gases that sneak up on them whilst they're busy trouble-shooting. Beyond theories on hardware causes, it goes without saying that the toxicological results of the flight-crew post-mortems may confirm the human vulnerability factor. Superimposed upon the hardware deficiencies, the susceptibility of crews to succumbing to the very toxic gases in electrical smoke might indicate that incident survivability is much lower than previously thought.

u.   Crew uncertainty can be avoided by airlines mandating this basic survival configuration for whenever the smoke detectors go off (for cause) or a pilot or F/A reports a smoke/smell or fire whose source cannot be immediately determined and quelled.In this way professional crews no longer have the option of an adventurous (but foolhardy) trouble-shooting exercise - and they need not fear ridicule nor criticism for doing the right thing as per their Standard Operating Procedure. Simulator drills (with a Flt Ess Bus) are likely to be more definitive than very airy-fairy and open-endedly inconclusive (as they are at present).

v.   The very nature of electrical emergencies (as manifested by smoke in the cockpit or cabin) is that it can be a bottomless pit of possibilities - none of which are likely to have been envisaged by the designers (as evidenced by the MD11 smoke/elec switch design and function). Batteries are vulnerable to being flattened by a progressive electrical wiring malfunction such as a massive short. The ability to continue IMC operation for even a short period may be compromised.

w. Reliance upon automated systems (such as in the MD11) to detect, trouble-shoot and rectify electrical problems is akin to putting your faith in a fire engine that is itself on fire. Once electrical system integrity is compromised the whole system must be suspect.

The latest info I have is that the investigators are thoroughly confused by the revelations of the DFDR and its timelines. They have decided that a lot of the data on the DFDR has been corrupted by the electrical malfunction (i.e. a lot of the events on the DFDR didn't really happen). That is one of the really devilish things about electrical malfunctions - they throw everything into an anomalous frenzy and such devices as the DFDR begin to tell lies to crash investigators.

Electric jets are just not able to operate with a "total electrics" so any problems must be nipped in the bud, once they're evident, via a reversion to a previously dormant "virgin bus" -or a repeat of sr111's outcome must always be a possibility.

             x.   Families of victims would be less frustrated by the apparently avoidable consequences of the
              present state of affairs (because there'd be fewer victims and more evidence that all concerned
              had addressed the problem of fire-in-the-air and had genuinely done all that's humanly possible
              -rather than pay lip-service to a real problem that's unfortunately not yet statistically
              significant enough to warrant the expenditure).

y. Two man crews can cope much better if the situation doesn't develop. That is because, if it does, one of the likely results is incapacitation of at least one (or more likely both) pilot(s). It's always possible too, let us not forget, that a cockpit fire can cripple the pilots' oxy systems (hoses, regulators or bottles). The next most likely happenstance is a loss-of-control caused by pilots trying to fly partial panel off of poorly positioned (and widely separated) standby analogue instruments whilst semi-asphyxiated, distracted, suffering direct (and peripheral) vision smoke impairment compounded by unfamiliar cockpit emergency flood lighting.

If you cannot follow the logic, write me and I'll try to resolve your doubts. The philosophy is just as applicable to the military. Another subject worth thinking about is the next generation of DFDR/CVR. My suggestion is that they should be capable of uploading via a dedicated Inmarsat transponder channel and that this should happen automatically any time an airliner crew squawks the distress, comms loss or hijacked code. There is already discussion of FMS/engine/systems data being regularly routed this way for ops management purposes.

The virgin bus concept is discussed in:

http://www.iasa.com.au/responses.html  

http://www.iasa.com.au/barndoor2.html  

http://www.iasa.com.au/quitsmokin.html

http://www.iasa.com.au/basics.html

http://www.iasa.com.au/tofaahf.html

http://www.iasa.com.au/seatbacks.html

http://www.iasa.com.au/boeinglinepilot.html

http://www.iasa.com.au/captw5.html

http://www.iasa.com.au/pprune.html

http://www.iasa.com.au/switcher.html  

email.gif                                           go forth and multiply                         List of Annexes altimeter.gif