Q2)
The answer provided to this one does consider the dual-tandem
operation of virtually all
Electro-Hydraulic Valve (EHV) control
surface actuators used by autopilots (and a similar parallel
redundancy
for "cable grabber"
autopilots that use electric motors). Autopilot EHV's
always receive their hydraulic
power from a DIFFERENT hydraulic
source than the pilot's control wheel, mechanically-operated
hydraulic valve. This is per-design
to that a cable failure to the surface will still allow the
A/P to fly the
airplane under this failure condition
(a parallel control path).
This feature could be
exploited in such a way to rob control from hijackers in the
cockpit. The system
that reconfigured the aircraft
to make the cockpit "go dark" could close shutoff
valves to the mechanical
input valves to the control
surfaces, thereby only leaving the autopilot EHVs with hydraulic
power. It
becomes even easier when the
airplane is full fly-by-wire (a la Airbus family and 777) since
you can
simply ignore the pilot's wheel
(or side-stick
on Airbus) electronic inputs to the flight control system.
I repeat from earlier EMAILs of
mine: Such a system is WELL within our technology, even on older
airplanes, and the operational
issues are not insurmountable. I try not to be an arrogant person,
but
I am very much an expert in flight
control system design. I may not know much about anything
else
in this world (and will readily
admit it) but airplanes and autopilot design is certainly
not one of them.
>One of the big considerations on systems like remote control
is the importance
>of not taking the pilots prerogatives
away when not desired, and not limiting his
>authority unnecessarily.
And to this I would use an observation
I have made before. I design systems full-well knowing what
their failure modes are.
And we design them to fail in specific ways because we know the
PILOT
is the strongest link for safety
when it comes to equipment malfunction or external weather
phenomenon that may endanger a
flight. However, in the situation of a hijacking, that strongest
link immediately becomes one of
the weakest links, for a hijacker only need to usurp the pilot's
authority (by either killing them,
or appealing to their surrender by killing others onboard).
Taking away control from ANY person
onboard (only in such situations as hijacking) spells
"game over" for both
the hijackers or any flight crew coerced by the hijackers.
It removes the
option. Of course,
the safety and reliability of the system during normal (non-hijack
and
failure conditions) would need
to be assured thru proper design, just like the Autoland
systems are designed and certified.
Design criteria for such "hijacker denial" systems
could be written by industry in
the form of an FAA Advisory Circular (and I think the
industry should begin work on
such an AC).
Furthermore, ground-based control
is only one option which needs to be considered and evaluated.
The other is simple on-board autoflight
and the "restricted WPT" feature in the FMS. Couple
the secured AP to a secured FMC,
and the airplane will fly itself to the ground, with minimal
need for interaction by ground
or ATC. But a secure data-link to provide ATC some "inputs"
to how the airplane is flown to
safety certainly would be greater safety redundancy for the
end-item system.
This should be done, it should
be studied, and a Proof Of Concept installation on a non-fly-by
wire airplane would certainly....well....
prove the concept! :-)
Kind regards,
Ray
Hudson
----- Original Message -----
Sent: Friday, 21 September,
2001 14:14
Subject: Re: Remote Piloted
Vehicles and Exclusionary WPTs
Other
Solutions (and answers in green/<<chevrons>>
to the comments below).
Q2.....Could not be controlled with today's airplanes since
the pilot can fly it
anywhere he wants manually and that is the way it almost has to
be.
One of the big considerations on systems like remote control is
the importance
of not taking the pilots prerogatives
away when not desired, and not limiting his
authority unnecessarily.
____________________Reply Separator____________________
Subject: Remote Piloted Vehicles and Exclusionary
WPTs
Author: Daire97@aol.com
Date: 9/17/2001 10:07 PM
Dear Blues in light of recent events I must direct this question
to my
engineering friends at Smith Industies, BMAC Northrop/Grumman and
GE.
Q1 What has been accomplished in the field of RPV pertaining
to adaptation
to (retrofit) existing commercial flight guidance and control architecture.
Q2 Would you consider an exclusionary WPT table
within a WPT database that
would prevent navigation to or through prohibited airspace be it
engaged in
autopilot or manual
posted
21 September 2001 18:25 
