Month: July 2025

Understanding Boeing 787 Avionics

In what I’ve written so far, I’ve taken the humancentric view much as most commentators. The focus of interest being on what the two Air India crew members were doing during the critical moments of this tragic flight. Let’s shift perspective. It’s time to take an aircraft level view.

On the Boeing 787-8 “Dreamliner”, the flight deck has two crew seats and two observer seats. One observer seat is directly behind and between the two crew seats. Since these observer seats are not mentioned in the preliminary report, it’s responsible to assume that they were unoccupied.

In my days working on civil aircraft certification, it was often as a part of a multidisciplinary team. I suppose one of the privileges of working on aircraft avionic systems is that they touch every part of a modern civil aircraft. That meant working with highly experienced specialist in every technical field, including flight test pilots and engineers.

When it came to reviewing aircraft system safety assessments, we’d often put it like this, you look at the aircraft from the inside out and well look at the aircraft from the outside in. Meaning that the flight test team looked at how the aircraft flew and performed. Systems engineering specialists focused on how the aircraft functioned. What was the detailed design, the means and mechanisms. It was by putting these differing perspectives together that a comprehensive review of an aircraft could be established.

Here’s where I need to be careful. Although, I worked on the technical standards1 for complex aircraft systems, I did not work on the Boeing 787 at initial certification.

If I go back 25-years, a major change that was happening with respect to aircraft systems. It was the move to apply Integrated Modular Avionics (IMA). This was a move away from federated systems, where just about every aircraft function had its own box (autopilot, autothrottles, instruments, etc.) There was a fundamental architectural difference between federated and IMA systems.

The Boeing 787 has what is called a Common Core System (CCS). As an analogy let’s think of a time before the smart phone became universal. I had a Nokia mobile phone, a Canon camera, a HP calculator, a Dell lap-top, lots of connectors and pen and paper. Now, the only one that has survived the passage of time is the pen and paper.

So, it is with modern civil aircraft. An Integrated Modular Avionics (IMA) hosts the applications that are necessary for safe flight and landing. The IMA hosts functions that provide, Environmental Control, Electrical, Mechanical, Hydraulic, Auxiliary Power Unit (APU), Cabin Services, Flight Controls, Health Management, Fuel, Payloads, and Propulsion systems.

Information is digitised (sensors, switches and alike), processed and then acted upon. General Processing Modules (GPM) inside the aircraft CCS perform the functions needed. There’s an array of these GPMs and redundancy to provide a high integrity aircraft system.

An aircraft’s Fuel Shutoff Valve Actuator depend on the above working as intended in all foreseeable circumstances. No doubt the accident investigators are undertaking an analysis of the Boeing 787 avionics architecture to gain assurance that it worked as intended.

  1. Standards: EUROCAE started a working group (Number 60) in September 2001, which was tasked to define guidance. Later, in November 2002, there was a merge with an RTCA steering committee (Number 200). ↩︎

Fuel Control Switches

I’ll not go any further than the investigation report that’s in the public domain. The Air India AI171 Boeing 787-800 Preliminary Report is published for all to read. The aircraft’s Enhanced Airborne Flight Recorder (EAFR) has been replayed. Sadly, this report raised questions as much as it closes down erroneous theories.

It warrants saying again, and again. My thoughts are with the friends and families of those affected. They deserve to know exactly what happened and as far as is possible, why. Not only that but the global travelling public need to be confident that any necessary corrective action is being taken to prevent a recurrence of such a rare fatal accident.

What requires a one or two words is one of the commonest ways we interact with electrical and electronic systems. The humble switch. In fact, they are far from humble and come in lots of shapes and sizes. The general idea is that a mechanical device, that can be manipulated with a purpose in mind, is used to control the flow of electrical current. There are non-mechanical switches, but I’ll not go there for the moment.

I remember conversations with my aircraft electrical engineering colleagues. It goes like this – you deal with the small currents (avionic systems), and we will deal with the big ones (power systems). Also, a mantra was that all electrical systems are, in part, mechanical systems. Switches, cables, generators, control valves, relays, bonding, you name it, they are in part, mechanical systems. In the past traditional electrical engineers got a but jittery when faced with “solid state” controls (semiconductors).

Switches. I’ve seen the words “cognitive engagement” used. In simpler terms, by design, pilots interact with switches with a purpose in mind. Equally, as in the world of human factors, unprotected switches can be operated in error, unintentionally or by physical force.

So, what are the chances of two protected Fuel Control Switches moving, within seconds of each other, at the most critical phase of an aircraft’s flight?

[There is a discussion to be had in respect of timing. Remember the record from the flight recorders is a sampling of events. The sampling rate maybe as low as one per second. Note: EASA AMC2 CAT.IDE.A.190.]

These cockpit switches are designed and certificated to perform as intended under specified operating and environmental conditions. That’s a wide range of vibration and temperature (shake and bake).

Switch operation is indicated by their physical position[1]. In addition, operation of these switches will be evident by cockpit indications. The concept being that a flight crew can confirm that the Fuel Control Switches have moved by their effect on the engines. If a crew need to take corrective action it is in relation to the information presented to them by the engine instrument system.

The report makes it clear that both mechanical switches transitioned from ‘RUN’ to ‘CUT-OFF’ almost immediately as the aircraft became airborne. That is a worst-case scenario. The time available to recognise and understand the situation, for training to kick-in, and then to take appropriate corrective action was insufficient.

This leads me to think that there may be a case for disabling the Fuel Control Switch function up until at least an altitude where aircraft recovery is possible. Now, these switches need to be available up until the V1 speed is achieved (Example: aborting a take-off with an engine fire). After that an aircraft is committed to becoming airborne.

I suspect the reason there is no inhibit function is the possibility of adding another potential failure condition. Inadvertent and unrecoverable disabling of ‘CUT-OFF’ are scenarios that would need to be considered. No doubt a reasonableness argument was used. No crew would shut-down both engines down immediately an aircraft became airborne, would they?

POST: I hope I haven’t given the impression that this is a case of simple switches and wires. The Boeing 787 is a digital aircraft.  Mechanical fuel technology plays its part but control functions are digital.

[1] Designs that offer switch illumination are not used in this case.

Insights from AAIB Report on Boeing 787 Accident

Now, we know more about the most tragic aviation accident of recent years. The report by India’s Aircraft Accident Investigation Bureau (AAIB) about the June 12 fatal accident of a Boeing 787 raises new questions.

The careful wording of the preliminary report[1] is eminently sensible. The facts are what they are, but it remains difficult to construct a scenario around these facts. I suspect that all the parties involved in this fatal accident investigation had a hand in ensuring that the words used where as clear as can be at this early stage. As I said, the facts are what they are.

It’s good that the report shuts down some of the fervent and erroneous speculation that was filling the international media. For this accident, fuel supply being the substantive issue, decisions around flying controls and other aircraft performance issues can be put to one side.

The crew encountered, or were responsible for a situation that once established led to one inevitable sad outcome. The time available to react, at such low altitude, was less than that which was needed to continue a safe flight.

A focus at this point is on the Boeing 787 aircraft’s fuel control switches. These switches are installed in the flight deck and used by a pilot to cutoff fuel to the engines. When correctly installed, these fuel control switches have a locking feature to prevent inadvertent operation.

Clearly unintended switch movement between the fuel supply and fuel cutoff positions can be hazardous. Inadvertent operation of one or both switches could result in an unintended consequence, e.g. engine(s) shutdown. What we know is that sufficient fuel was supplied to the aircraft engines to conduct a take-off. Then for some unknown reason that fuel supply did not continue as it should.

So far, the respectable technical speculation I’ve read (pilot and aircraft engineer led), raises a limited number of possibilities.

One being that the crew acted in an inappropriate or inadvertent manner. Another being that the aircraft’s fuel control switches failed or were caused to fail. Another being that aircraft’s fuel control system (including wiring) failed or were caused to fail. The movement of the flight deck switches may or may not have been involved. What we know is that the record on the accident flight recorder shows a condition occurred that should not occur.

There is no doubt that this would have been a highly stressful situation in the cockpit whatever the root cause. Normally, immediately after the aircraft is leaving the runway the pilot-in-command would have no good reason to look at the aircraft’s fuel control switches. They would be looking forward at the aircraft instruments.

We can take it that every aviation authority/agency/administration with a Boeing aircraft on its aircraft register will be closely watching the progress of this accident investigation. Since, to date, no Airworthiness Directive (AD) has been issued, related this fatal accident, it is reasonable to assume that aircraft systems and equipment failure or maintenance error has not been found. That said, it is worth noting FAA Special Airworthiness Information Bulletin (SAIB) No. NM-18-33 dated December 17, 2018.

We cannot rule out the possibility that this fatal accident was intentional. However, in the whole history of civil aviation this is one of the most extreme explanations. Looking at evidence, a situation when a competent and sane pilot is found to choose to act in an irrational manner is hard to diagnose.

POST: Just over 3-years ago, I wrote “The case for video”. That case to update the rules is now stronger than ever. The case for video.

[1] https://aaib.gov.in/

Causal Chains in Accidents

It becomes apparent to me that there’s much commonplace thinking about accidents. What I mean by this is that there’s simple mental models of how events happen that we all share. These simple models are often not all that helpful. Commonplace in that journalists and commentators use them as a default. It’s a way of communicating.

Don’t worry I’m not going on a tirade of how complex the world happens to be, with a dig in the ribs for anyone who tries to oversimplify it. We need simple mental models. Answering questions and explaining as if everything is an academic paper doesn’t help most of us.

I talk of no less than the causal chain. That’s a love of putting the details of events into a chronological sequence. For an aviation accident it might go like this – fuel gets contaminated, fuel is loaded onto aircraft, engine stops, pilot makes an emergency landing, aircraft ends up in a field and an investigation starts. The headline is dominated by the scariest part of the sequence of events. Key words like “emergency” are going to command the readers attention.

In my example above it’s reasonable to assume that there’s a relationship between each link in the chain. The sequence seems obvious. It’s easy to assume that’s the way the situation developed and thus made the accident or incident. However, it doesn’t have to be so. Let’s say there was contaminated fuel but not sufficient to stop an engine. Let’s say for entirely unrelated reasons (past events) the spluttering of the engine led the pilot to think that there was a fire on-board. Fuel was shut down. Thus, events took a different sequence.

Anyway, my point is an ancient maximum. Question what you first hear (or see). The recent tragic fatal accident in India is an example of much speculation often based on a proposed orderly sequence of events. Many commentators have lined them up as, this happened, and then that happened and then something else happened. QED.

What I’ve learned from reading and analysing accident reports over the years is that such major accidents are rarely, if ever, a simple sequence or only a couple of factors combined.

Yes, adding circumstantial factors to a causal chain adds realism. Even that is not so easy given that each factor has a different potential influence on the outcome. Atypical circumstantial factors are time of day or night, weather, atmosphere conditions and the human and organisational cultural ones.

To make sense of the need to put events in an order a more sophisticated model is the fishbone diagram[1]. The basic theme is the same. A core causal chain. What’s better is the injection of multiple factors to make a more authentic accident model.

Although, we do think in a cause-and-effect way about the world, if there are more than 4 or 5 factors combined in a random manner these models are far from authentic. My message is not so sophisticated, beware of simple sequences as being definitive.

[1] https://asq.org/quality-resources/fishbone

Discovering Tomorrow

Daily writing prompt
What are you most excited about for the future?
View all responses

As an engineering guy who’s made a living out of technology (mostly aerospace) you may think that I’d pipe-up with the super shiny stuff that fills the pages of WIRED[1]. I know that’s a media brand but it’s a mighty strange name in a time when traditional wiring is falling out of fashion. My high-speed INTERNET gets to me by light.

Technology is an enabler. It’s not the answer. I’m not going to get terribly excited about “1” and “0” or even qubits[2]. Technology is a means to an end. Yes, it is transformative. We are where we are because of it. Technology opens possibilities.

I’m excited about ideas. It will be a light blub moment or years of hard work that will bring about the step changes that may make life in the future unrecognisable from today. Being a glass is half full thinker, I’m excited about how the human imagination will flourish in the future. I don’t see a dark sky and a dystopia of brainy robots marshalling us around. Even with our accumulated knowledge we are mostly ignorant about how the universe works. Be excited about the future because there’s so much to discover.

[1] https://www.wired.com/

[2] https://www.ibm.com/think/topics/quantum-computing

Tariff Turbulence

Tariffs are back in the daily News again. In fact, they never went away it’s just that more attention getting events have been happening. Tariffs were something specialist trade negotiators talked about before this year started. Now, the word is commonplace.

The simple assumption is always made that everyone knows what the word means. Apparently, the origins of the word are Arabic[1]. Linked to information. Now, it’s a fee that someone must pay. The important bit being “must”. In this context it’s about the import and export of goods. The relations between countries.

A presumption made by politicians, who like these bureaucratic instruments, is that they can help protect a nation’s domestic industry from competition from other countries. Thus, tipping the balance away from investments made abroad to those made at home. This chimes with nationalistic instincts.

If only it were as simple. Globalisation is a reality. Kicking against it has its attractive points, if it weren’t for the overall benefits that it has delivered in recent decades. Much of the technology we take for granted is available at low prices because of where and how it’s manufactured.

One advice given out by banks is to avoid knee-jerk reactions. In other words, the ups and downs and on and offs of changing tariff regimes may seem to demand an immediate response. However, it could be wiser to ride out the turbulence of these early months of 2025. To sit back and let the dust settle.

Politically driven efforts to disrupt global trade are likely to impact both importer and exporter. It doesn’t take more than a few minutes walking around a large warehouse store to see goods originating from all over the world. That is quality goods that are offered for sale at astonishingly low prices. It astounds me that I can easily buy a perfectly good basic kitchen microwave for £50.

I hate to say it, but I don’t think there’s anyway whatsoever that a domestic manufacturer could compete with that electrical product’s price and quality even if there was a 100% tariff placed on its import. The story vacuum cleaners is one of designs emanating from Britain but being made in Asia. Globalisation is a reality.

I will make at least one concession. That’s the environmental one. Shipping vast qualities of raw materials and goods around the globe has a real cost. An environmental cost. So, it would be wise, at least, to investigate if domestic production is a viable prospect before automatically assuming an import is better. This is a matter for both industry and public policy.

Not only this point but for some critical products, say steel and semiconductors, there should be a domestic capability even if it’s only aimed at meeting a fraction of the potential demand. Strategic needs are not trivial.

Are tariffs a good way to shift the global balance sheet? To me the answer depends on adopting either a short-term or long-term perspective. Certainly, in the later tariffs are a foolish measure. My recollections come from the history of subsidised industries in the 1970s and the poor products that resulted. It a sorry saga of designed decline. One quick look at the story of the British Leyland Motor Company (BLMC) is a good lesson.

I know for a liberal I sound Thatcherite but competition brings better outcomes than protectionism. That generally depends on a level playing field. Yes, tariffs are a form domestic protectionism and that’s much like a permanent subsidy. Trouble is that permanence is never permanent.

Trump maybe a part-time socialist. If not by word then by action. For the time being the tariff humbug will continue to command attention. In the longer term – I think not. Relearning what has been learnt in the past.

[1] https://blog.collinsdictionary.com/language-lovers/the-fascinating-journey-of-the-word-tariff/

Music Genres

Daily writing prompt
What is your favorite genre of music?
View all responses

One way I could throw out a “smart” answer is to say – the one that hasn’t been coined yet. Let’s face it, going back a decade and more the list of categories was far smaller than it is today.

Why? It could be fusion. Where two types of music are fused to create a new one. It could be pure invention. It could be sounds in nature that we suddenly “discover”.

The audible spectrum for most people may not reach the highest frequencies that a good pair of speakers can handle but the range is there for an almost infinite combination of frequencies. Then there’s timing. Let’s just say that the potential of new sounds is still there despite the proliferation of different types of music.

Maybe my answer should centre around what’s on my phone. I’m predictable. It’s rock.

Cynicism to Appreciation

A couple of things came together this week. I had the pleasure of enjoying 35 degrees in Brussels. The joy of the odious metro, the brutalist main station and the wandering herds of tourists. Overhead one couple saying do you know that they have a statue of a little boy having a wee. I flinched because I genuinely thought everyone in the world knew of the Manneken Pis[1]. How can anyone not know?

It was a Canadian who prompted me to undo a prejudice of mine. Loving the air conditioning in the hotel, I looked to my iPad for late evening entertainment. There was the man – Clarkson. Irritating prankster and motorhead. Not known for meaningful commentary. I’d resisted watching his series Clarkson’s Farm[2] on the basis that I’d want to throw bricks at the screen.

This week I watched the first series. Made pre-COVID. Fine, it’s not a serious documentary about the trials and tribulations of British farming in the 21st century. True to form it’s pure entertainment. Edited highlights of comic moments and true to form tomfoolery.

My mind is changed. I started as a cynic. Here’s a moneymaking scheme for a wealthy landowner who made riches in the television world. To here’s a have a go spirit let loose on what people often assume is easy but, in fact, is mighty hard to do. The series is an engaging journey of discovery all but made for the small screen.

How can you not make a profit out of a highly desirable spread of a thousand acres in some of the most beautiful countryside in Britain? Experience counts and when you have none, it counts even more. Watching the lights come on in Clarkson’s head is well worth a watch.

Farming with drone shots and a camera crew following is obviously not the real world. Nicely edited highlights tell the story on the page. Put aside any cynicism. The show has a way of story telling that brings out the awkward, funny and frustrating reality of farming. Folly, errors and mishaps are all part of what happens in that colourful industry.

There was a world pre-COVID. Going back even further, there was a world before the fireworks of the year 2000. It was summed up by the brothers Gallagher. Yes, I am talking about the getting back together of Oasis. A band that was a bit more than an everyday rock band.

Having survived watching last week’s televising of the one millionth Glastonbury festival (exaggeration), the memories of the “real” contrast with the artificial, bland and merely controversial for the sake of it. Those years in the mid-1990s were good ones, if only I’m using the trick of selective memory. Remember when people who supported leaving Europe were strange and social media was only a rare tacky e-mail.

Maybe I’m getting more Clarkson-like as time flies.

[1] https://www.introducingbrussels.com/manneken-pis

[2] https://www.imdb.com/title/tt10558964/

The Intriguing Life of Jackdaws

As the grass turns brown, the sun beats down. Me, I just a lawnmower[1]. Now, that’s probably the daftest lyric that has ever been written in the history of rock. As I look out of the window at the parched grass there’s no way I’d take my lawnmower to it. If I did there would be nothing, but dirt left in its wake. Stubborn deep-rooted weeds and dead moss.

It’s summer. It’s unusually dry. Although, as the sun came up this morning, looking out of the bedroom window, a thin mist covered the ground. That was early. Between 4am and 5am. A thin white mist, low to the ground, must refresh the grass just a little. Most of nature sleeps.

As the morning progresses its not long before one dominant sound fills the air. It’s not the cars on the nearby road. One species of bird has adopted the tall trees, field next door and my garden. They are not a quite bird. To those that know their call is instantly recognisable. Their sound isn’t musical like some birds. It’s an incessant chatter. Loud and repetitious.

Jackdaws are having no trouble despite the dying grass and rock-hard ground. Our community of noisy birds is thriving. I guess their advantage is that they eat just about anything that’s going. Not much concern about predators as they take no care to hide their presence. I’ve seen them happily mocking larger birds. Showing off seems to make them happy.

As far as evolution goes, they have a lot of advantages. Equally agile hopping around on the ground as they are swooping and diving from tall trees. There’s no doubt they have a complex social etiquette. One or two minutes watching how they interact gives this away. Bigger, more mature, birds intimidate the younger ones.

Can’t say I like them much. More that I admire them for being so savvy. Jackdaws look as if they own the place. It’s not my garden. They are saying, we come a go as we please, you can share the space if you like. Sooty black masters of the airspace.

We’ll tolerate each other mainly because we have no other choice. Trying to scare a jackdaw is a fruitless task. They learn quickly. Soon sussing out that they can get the better of you.

As the sun beats down, I lay on my lounger. Listening to the endless chatter. Me, I’m just a bird feeder. Watching as the skies fill with shiny black dots. There for moment and gone the next.

[1] https://genius.com/Genesis-i-know-what-i-like-in-your-wardrobe-lyrics

Long view

What are you most worried about for the future?

Our inclination to think of time without perspective. Short term mentality is an enemy. The thought that big problems are fixed by a wave of the hand is a human weakness. Attractive propositions are easily accepted even if their result is merely to delay or avoid the action that’s needed. Nature runs on longer timescales than our news cycles. If we are to have a future we need to take the tough road now and then.