Flying – Page 4 – John Vincent

Understanding Aviation Safety

The recent dramatic events in Toronto brought to mind the equally dramatic event of Air France Flight 358 back at the latter half of 2005. Then a large aircraft was destroyed but the crew and passengers got away without fatalities. The combination of bad weather and poor decision-making led to a catastrophic runway excursion.

I remember that the year 2005 shook the aviation community. There was a whole succession of fatal aircraft accidents across the globe. In Europe, Helios Airways Flight 522 was particularly tragic. Errors led to the crew suffering hypoxia and as a result the aircraft and everyone onboard was lost. In Italy, lives were lost as an ATR72 aircraft ran out of fuel and plunged into the Mediterranean Sea near Palermo.

West Caribbean Airways Flight 708 fell from the sky killing all on-board. Kam Air Flight 904 hit a mountain killing all on-board. In Indonesian, Mandala Airlines Flight 091 crashed. A few passengers survived but many people were killed on the ground.

I sincerely hope that 2025 is not going to turn into another 2005. However, I do take the view that there is a cyclic element to the occurrence of fatal accidents. We are often proud to be able to say that the time (number of years) between one cluster of aviation accidents and another grows as overall safety improves but we are a long way from zero-accidents.

The global aviation industry is an incredibly safe industry when considering how many passengers are carried every year. However, zero-accidents remain an illusion however it might be touted as the ultimate goal.

As safety practitioners try to be ever more pro-active in our safety regimes there’s inevitably a reactive element to aviation safety. The aftermath of the 2005 experiences led to ICAO holding its first high-level safety conference in 2010 in Montréal. There have been two more such conferences since. One in 2015 and one in 2011.

The results have been to push the aviation industry towards a more pro-active management of safety. It’s not just the industry. In cases, the regulatory weaknesses that exist in individual States has needed to be given attention.

Add all this up over the last 20-years and you would expect everyone to be pro-actively managing aviation safety. Sadly, that’s not the case as some States and organisations are still managing the transition to a more pro-active approach. Some are so resource constrained that they are more inclined to talk about aviation safety than to act upon it.

Regulatory weaknesses exist in some unlikely places. Additionally, with the fashion of the time being to cut “red tape” at every opportunity, more troubles might be just over the horizon.

I’d like to see a break between the association of what is regulatory and what is considered bureaucracy. The two are not necessarily the same. Regulation and standards are synonymous. And what we know is that there is no successful complex industry without standards.

Please let’s not wait for the next accident report to tell us what to do.

The Evolution of Air Traffic Control

Until civil air traffic started to grow the need for its control wasn’t the number one consideration. The pilot was the master of the skies. A basic “see and avoid” approach was taken. See another aircraft and avoid it at all costs. Note, I am talking about the early 1920s.

If you want a nice exploration of how it all started keep an eye on the site of the Croydon Airport Visitor Centre[1]. The first London airport was not Heathrow or Gatwick. No, there’s a stretch of grass, a hotel, industrial units and out of town shopping standing on the site in Croydon of the first London airport.

Firstly, we can thank Marconi for the first radiotelephony. Providing a means for pilots to speak to airports enabled the development of Air Traffic Control (ATC)[2]. It got going out of necessity because there was limited space on the ground and many aircraft wanted to take-off and land.

Aerial navigation took off in the 1920s. A hundred years ago. WWII drove advancement in every aspect of technology. After WWII, the basic having been established, an international body was established to set standards for international flying. That’s where today’s ICAO originated.

Radar and VHF radio transmissions were the cutting-edge technology that enabled air traffic to grow. Radio navigation aids developed as did automatic landing systems. So, by the time the jet-age started there was a whole selection of technology available to manage air traffic. Not only that but the standards required for these systems to interoperate around the globe were put down on paper.

That legacy has served aviation remarkably well. Incremental changes have been made as new capabilities have been developed. Most notable of that evolution is to return elements of control to the cockpit. A traffic alert and collision avoidance system (TCAS) does just that. It provides a safety net.

What we have available to manage dense airspace and busy airports is a complex, highly interconnected, interdependent set of systems of systems and procedures that is not easy to unravel. Each part, in each phase of flight, plays its role in assuring safe operations.

News and rumours are that quick fixes are being demanded in the US. Responding to recent accidents and a perception that all the above in antiquated, a well know tech guru has been thrown at the “problem”. I shouldn’t be a cynic, as having a fresh pair of eyes looking at the next steps in the development of air traffic management should be good – shouldn’t it?

It’s my observation, as an engineer who knows a thing or two about these things, is that any simple solution means that the parties have not thought long enough about the problem. In this case there are no quick fixes. However, there’s likely to be incremental improvements and they will not come cheap.

[1] https://www.historiccroydonairport.org.uk/opening-hours/

[2] https://www.historiccroydonairport.org.uk/interesting-topics/air-traffic-control/

Challenges Facing Supersonic Flight

Congratulations go to “Boom” for their supersonic jet flight[1]. Civil aerospace hasn’t ventured into this space for some time. Breaking the sound barrier is not an everyday occurrence in the civil world. There may be an international market for such new aircraft as much as there’s a market for fast cars and expensive boats.

However, I do not think a supersonic flight is the future of civil aerospace. It’s not mainstream. The environmental objectives for the future of aviation are ambitious. Generally, that means getting people from A to B in as clean and efficient a manner as is feasible. That does not include going ever faster and faster.

This new aircraft type is likely to be solely made in America. So, it does fit with the current political direction of the administration in the US. A triumph of technology. President Trump’s instinct to get rid of rules and regulations may work in the favour of Boom. However, in the end, the deciding factor will be – will the international marketplace want such a new aircraft type?

I certainly recall amazing ambition of the people who brought us the Eclipse aircraft[2]. Small light jets were going to be everywhere. Like a Silicon Valley revolution for the aerospace industries. That didn’t happen as predicted because the economics didn’t stack up. I don’t recall rules and regulations being the problem.

Even so, BOOM technology will have a hard job meeting international safety and environmental standards. I seem to remember that’s not new for supersonic flight. Even if the advancements made improve noise performance, there’s emissions and contrails to ponder.

There is another consideration too. It’s the problem Advanced Air Mobility (AAM) is facing now. To capitalise on their capabilities, these aircraft technologies require the reorganisation (modernisation) of national airspace. Plus, agreement at international level[3].

Supersonic flight over the world’s oceans may get agreement. Supersonic flight over national territory is a much harder sell. Some fliers may pay to slashing their travel times on-route. Going round and round in a stack, waiting to land, with conventional aircraft all around, will soon dispel any excitement.

Good luck to Boom. If civil use is minimal, no doubt defence applications will be numerous.

[1] https://boomsupersonic.com/

[2] https://www.eclipse.aero/about/

[3] https://www.icao.int/environmental-protection/Pages/default.aspx

About Animals and Flying

Pigs do fly[1]. But only the more privileged ones. Yes, animals that fly are not restricted to those with their own wings. It’s true that the animal kingdom has been showing us how to fly long before powered flight took-off. Nothing more graceful than a bird of pray swooping and diving. We (humans) can’t match much of what they do with our flying machines however hard we try.

Birds long inspired great thinkers. They opened the prospect of human flight. If they can do it – why can’t we? Surely the right combination of aerodynamic structures and a source of power would solve the problem. Shocking, in a way, that it wasn’t until a couple of keen bicycle repair men and a smart mechanic persisted until they had a working machine. That was only just over a hundred years back.

So, today’s novelty News item[2] of a cat that didn’t want to leave an aircraft puts a smile on my morning face. For all the farm cats I have known, the story doesn’t surprise me at all. It’s the sort of situation where humans are almost powerless in the face of the preferences of a feline.

Naturally, the engineering staff of an airline will have a good look at where the cat has been in its wanderings. There’s always the remote chance for a rogue moggy to play with something they shouldn’t ought to play with. Even on a modern Boeing 737.

I used the word “remote” but there are definite cases of loose animals causing air safety hazards. Looking this one up, because it sits vaguely in my memory, I do recall a dog that crewed through electrical cables after it got free in a cargo hold. Now, however lovable and cuddly a dog maybe that’s a place that no one wants to be in.

Back in 2002, American Airlines Flight 282 approached New York’s JFK. It was a Boeing 757 that landed with chewed-up electrical cables. Crew members heard noises coming from the cargo hold and found that some aircraft radio and navigational equipment wasn’t working. A dog had chewed its way through a cargo bulkhead and attacked wires in an electronics compartment.

A quick search reveals that there are more cases of incidents caused by loose animals than might first be thought. Animals are potentially hazardous cargo. Sadly, often these flight incidents are not good for the animals concerned.

One thing to remember is that a large aircraft, at flight altitude, is pressurised. That’s not at the air pressure on the ground (unless an airport is a long way up a mountain range). A dog with breathing difficulties is going to find an aircraft environment distressing. Dogs can be skillful escape artists. Myself, I’m not keen to share a flight with them.

[1] https://intradco-global.com/livestock-transport/

[2] https://www.thesun.co.uk/news/33273791/cat-causes-chaos-ryanair-plane-rome/

The Swiss Cheese Model in Aviation Safety

Models in safety thinking take different shapes and forms. A conversation might start – what’s a model? Why are they useful?

Here’s a go at an answer. It’s always risky to explain why something works. It can be like a dry analysis of the particulars of a good joke. That kills the essence. As the words attributed to Albert Einstein say: if you can’t explain it simply then you don’t understand it well enough. Even if that’s not literally a quote it sums-up the need for simplicity.

Aviation is a highly complex, interconnected, socio-technical system with a legacy that coexists with rapid advancement. There are few parts of the globe that are not touched by aviation in some way or another. Getting to and from Arctic wastes, commuting between vast cities or traversing the widest oceans. Aviation touches all of them every day.

There is no piece of paper big enough to write a detailed description of every part of the worldwide aviation system. Even the most extensive computer simulations just take on a small part of the whole. I often use this phrase – “it’s more than a head full”. What I mean is that however smart we might think we are, the normal person can only comprehend a slice of what’s happening. A slice frozen in time.

We get over our limitations in perception and understanding but approximating. That is to carve out a “model” of what’s happening and how parts of a complex system interact. That sounds easy enough to construct. It’s a lot harder than first might be thought.

For one, a model needs to be sufficiently universal to capture an underlying reality or theme.

Next, a model needs to be useful. It has utility. It’s proven to work. To produce useful outcomes.

Thirdly, a model needs to communicate a message across cultures, beliefs and disciplines.

A model that meets all the needs described above can be as big an advancement as any hard technology. I guess it’s not surprising that a professor of psychology comes up with one that has been used and reused successfully over decades.

This week has seen the passing of Professor James T. Reason. He’s left us with a legacy that’s almost incomparable. His Swiss cheese model[1] has become a basic part of every aviation safety professional’s training.

I’ve debated and discussed accident causation a lot. The Swiss cheese model[2] is not the only way of thinking about how accidents happen, but it is an extremely good one. It promotes a way of thinking about how to defend against accidents. That’s powerful.

Like all models it’s a simplification of a highly complex system. Its great strength is that this model allows us to see through the mist. To see part of what is obscured by complexity. That is immensely valuable.

Thank you, Professor Reason.

NOTE: An IFA Video with Professor Reason Every Day – 20 min film – International Federation of Airworthiness.

[1] https://en.wikipedia.org/wiki/Swiss_cheese_model

[2] https://www.eurocontrol.int/sites/default/files/library/017_Swiss_Cheese_Model.pdf

Future of Single Pilot Operations in Aviation

Flying embraces automation. Now, there’s a statement that didn’t ought to be controversial, but it can be. Even before we became engulfed by the modern digital age, analogue autopilots could assist in the task of flying. Some early ones were mechanical.

The need for full-time hands-on piloting of the physical controls that linked a human and an aircraft’s control surfaces is not fundamental. Large transport aircraft have stepped further, somewhat mimicking what their military counterparts did, and fly-by-wire systems have become commonplace.

As far as technological evolution is concerned, we remain in a transitionary phase. Commercial aircraft that fly overhead are a mixed community. Some, like the Boeing 737 series continue to have cables and pulleys that link aircraft systems and controls. Others, like the Airbus A320 series are the fly-by-wire digital aircraft types in regular service.

Between the pilots in the cockpit and the motion of an aircraft there is a computer. In fact, several computers arranged in a manner so that they continue to work even when subject to failures. A great deal of thought and effort has gone into designing aircraft systems that will be reliable in-service.

Looking at the safety numbers, starting in the 1980s when fly-by-wire was introduced, the overall service experience is extremely good. The practice of system safety assessment has delivered dependable and robust aircraft. Rigorous certification processes are applied.

Through the technical developments that marched on from the 1980s one requirement has remained. That is that two pilots are needed in the aircraft cockpit. Granted there are exceptions to this rule for smaller transport aircraft. Single pilot operations are not new. For example, in many countries, the Cessna Caravan[1] is approved for a single pilot.

It’s 2025. It’s difficult not to notice the debate around Single Pilot Operations (SPO). That is to open large transport aircraft operations to a new rule. Lower operating costs may be achievable by making a change. It’s even said that this move is a way of continuing aviation’s growth as it becomes more and more difficult worldwide to increase the number of qualified pilots.

It’s good to see this subject being taken up in a forthcoming conference.

RAeS Flight Operations Conference 2025: Single Pilot Operations – Logical Progression or a Step Too Far?[2] 19 March 2025 – 20 March 2025. Royal Aeronautical Society Headquarters in London.

SPO may be enabled by use of complex systems to help make mission-critical decisions. The next step maybe with real-time “artificial” copilots and intelligent monitoring. Will this move the aviation industry toward safer and more efficient aircraft operations? That is the question.

[1] https://cessna.txtav.com/en/turboprop/caravan

[2] https://www.aerosociety.com/events-calendar/raes-flight-operations-conference-2025-single-pilot-operations-logical-progression-or-a-step-too-far

Advancements in Flight Recorder Technology and Regulations

My last posting addressed accident flight recorders and airworthiness requirements. That’s not enough. It’s important to note that aircraft equipage standards are addressed in operational rules. So, the airworthiness requirements define what an acceptable installation looks like but as to whether an operator needs to have specific equipage or not, that’s down to the operational rules in each country.

Internationally, the standards and recommended practices of ICAO Annex 6 are applicable. These cover the operation of aircraft. Flight recorders are addressed in para 6.3.1. and Appendix 8. Let’s note that ICAO is not a regulator. There are international standards but operational rules in each country apply to each country’s aircraft.

One of the major advances in accident flight recorders technology is the capability to record more data than was formerly practical. This has led to standards for Cockpit Voice Recorders (CVRs) advancing from 2-hour recording duration to 25-hours.

Proposed rule changes have been hampered by the impact of the global pandemic. Some new operational rules apply only to newly built aircraft. That means some existing aircraft can retain their 2-hour CVRs.

Another technology advance is what’s known as Recorder Independent Power Supply (RIPS). RIPS can provided power to the CVR for at least 10 minutes after aircraft electrical power is lost. The RIPS is often offered as a relatively straightforward aircraft modification.

I do not know if the South Korea Boeing 737-800 was required to have accident recorders with the capabilities listed above. If they were not, then there’s a good basis for recommending that changes be made to existing aircraft.

Understanding Aircraft Accident Recorders

There’s quite a bit of chatter on social media about accident flight recorders.

One of the skills required by an aircraft accident investigator, and not often mentioned, is the ability to grapple with rules, regulations, and technical requirements. This is given that civil aviation is one of the most highly regulated industries in the world.

The story of the development of the accident flight recorder is a long one. No way can a few words here do justice to all the efforts that has been made over decades to ensure that this vital tool for accident and incident investigation does what it’s intended to do.

In fact, that’s the first technical requirement to mention for accident recorders. Namely, FAR and CS Subpart F, 25.1301: Each item of installed equipment must be of a kind and design appropriate to its intended function. That basic intended function being to preserve a record of aircraft operational data post-accident.

Aircraft accident recorders are unusual. They are mentioned in the airworthiness requirements, however they play no part in the day-to-day airworthiness of an aircraft. The reality is more nuanced than that, but an aircraft can fly safely without working flight recorders.

FAR and CS 25.1457 refers to Cockpit Voice Recorders (CVR)[1] and 25.1459 refers to Flight Data Recorders[2]. Both CVR and FDR receive electrical power from the aircraft electrical bus that provides the maximum reliability for operation of the recorder without jeopardising service to essential or emergency electrical loads. Both CVR and FDR should remain powered for as long as possible without jeopardising aircraft emergency operations.

Before drawing too many conclusions, it’s important to look at the above certification requirements in relation to their amendment state at the time of type certification of an aircraft.

If the aircraft of interest is the Boeing 737-800 then the FAA Type Certification date is 13 March 1998 and the EASA / JAA Type Certification date is 9 April 1998. Without wading through all the detailed condition, the certification basis for the above aircraft type was FAR Part 25 Amendment 25-77 and JAR 25 Change 13 [Note: EASA did not exist at the time].

FAR and CS 25.1457 and 25.1459 were in an earlier state than that which is written above. That said, the objective of powering the recorders in a reliable way was still applicable. There was no requirement for the CVR or FDR to be powered by a battery. What hasn’t changed is the requirement for a means to stop a recorder and prevent erasure, within 10 minutes after a crash impact. That’s assuming that aircraft electrical power was still provided.

So, when it’s reported that the South Korea Boeing 737 accident recorders[3] are missing the final 4 minutes of recoding, the cause is likely to be the loss of the aircraft electrical buses or termination by automatic means or the removal of power via circuit breakers. We will need to wait to hear what is found as the on-going accident investigation progresses.

[1] https://www.ecfr.gov/current/title-14/section-25.1457

[2] https://www.ecfr.gov/current/title-14/section-25.1459

[3] https://www.bbc.co.uk/news/articles/cjr8dwd1rdno

MH370 and MH17: A Decade On

The unthinkable happened in 2014. One major international airline suffered two catastrophic accidents. These tragic events ran contrary to all the trends in historic aircraft accident data.

In March, flight MH370 disappeared. In July, flight MH17 was shot down. In both cases there were no survivors from these international flights. This remains an unprecedented situation. It is a sobering consideration that such dreadful events were possible in a mature international framework of civil aircraft operations and regulation.

A decade on the pain of those who lost friends, family and colleagues in these tragedies is not diminished. Aviation should not lessen its attention to discovering more about what happened and putting measure in place to prevent reoccurrence of these events.

These two aviation catastrophes are different in respect of causal factors. One remains a mystery but, from what is known, has the hallmarks of an operational accident. The other is undoubtably an aggressive malicious act. Failings in the two elements of aviation safety and security, often viewed separately, are both capable of catastrophic outcomes.

Malaysia Airlines was a State-owned airline in the traditional model. There’s no reason to suppose that the airline harboured deficiencies that led directly to the two fatal accidents. In hindsight, the question is often asked: could both accidents have been avoided?

The extensive underwater search for MH370, in the southern Indian Ocean, resulted in no findings. However, floating debris from the fateful Boeing 777-200ER was discovered. Unlike what happened with Air France Flight 447 were the installed accident flight recorders were recovered from the deep ocean, there has been no such good fortune in respect of MH370.

Accident flight recorders are one of the primary tools for accident investigators. Installed recorders are built and tested to withstand extreme conditions. The reasonable assumption being that they will be found with any aircraft wreckage. The accident of MH370, is one where a deployable recorder may have been beneficial. That is one that ejects from an aircraft when it is subject to the high impact of the sea surface and then floats, possibly away from an accident site. There is a good case to be made for installing both deployable and installed recorders[1]. Particularly a case for long-range international overwater aircraft operations.

The facts surrounding the criminal act of shooting down of flight MH17 are well established. Sadly, in a troubled world it is impossible to say that such malicious acts will never occur again. What is to be done? Avoidance is by far the optimal approach. Commercial flying over warzones, where heavy weapons are known to be used, is extremely foolish. Now, it is good that much more flight planning attention is paid to understanding where conflict zones exist[2].

NOTE 1: On 07 March 2014 at 1642 UTC1 [0042 MYT, 08 March 2014], a Malaysia Airlines (MAS) Flight MH370, a Beijing-bound international scheduled passenger flight, departed from KL International Airport [KLIA] with a total of 239 persons on board (227 passengers and 12 crew). The aircraft was a Boeing 777-200ER, registered as 9M-MRO.

NOTE 2: On 17 July 2014, at 13:20 (15:20 CET) a Boeing 777-200 with the Malaysia Airlines nationality and registration mark 9M-MRD disappeared to the west of the TAMAK air navigation waypoint in Ukraine. All 298 persons on-bard lost their lives.

[1] https://flightsafety.org/files/DFRS_0.pdf

[2] https://www.easa.europa.eu/en/domains/air-operations/czibs

H2 Aircraft Design

Cards on the table. I’m a believer. Despite the immense technical challenges, Hydrogen is a viable fuel for future large civil aircraft. That said, operational service of such revolutionary aircraft isn’t going to happen in a hurry.

Reading the history, Concorde was an incredible test of the boundaries of what was possible and that was met, but it didn’t come easy. Breaking new ground is never easy. [A common saying that’s maybe open to challenge]. In aviation making step-changes happens every decade. What’s nearly always required is exceptional determination, almost beyond reason, large sums of money and special people.

Control systems – no big deal. Mechanical components – evolution possible. Turning a gaseous fuel into high-levels of propulsive thrust – can be done. Building a one-off technology proving research vehicle. It’s happening. At least for the light and commuter class of aircraft.

None of this is enough. Because the gap between an aircraft that can fly and an aircraft that can be produced in the thousands and go on to make an operational living and build an impressive safety and reliability reputation, that’s still a million miles off.

Today, there’s artist impressions of all sorts of different H2 aircraft configurations. It’s like people painted pictures of Mars with imaginary canals, long before anyone knew what the planet looked like in reality. Innovation starts with ideas and not all of them are sound.

As I expressed in my last article, crashworthiness must be given much consideration when speculating about future designs. It’s not always explicit in aircraft certification, cabin safety being the exception, but studying the history of accidents and incidents is essential. One of the successes of the authorities and industry working together is to take lessons learned seriously.

I remember looking at the pictures of the wreckage of Air France Flight 358, which crashed on landing in Toronto, Canada[1]. The fact that there were no fatalities from that accident is a testament to good operations and good design practices. The Airbus aircraft burned out but there was enough time for passengers and crew to get away.

My thought is what kind of H2 aircraft configurations would permit the same opportunity?

Considering this large aircraft accident, and others like it, then there’s a message as to where fuel tanks might best be placed. There’re some aircraft configurations that would have little hope of providing the opportunity for rapid evacuation of hundreds of people.

So, in my mind, don’t attached large pressurised cryogenic fuel tanks to the underbody structure of an aircraft fuselage. However robust the design and build of such fuel tanks they would be unlikely to survive as well as the cabin passenger seats, namely 9g[2]. That would not provide a good outcome post-accident.

Maybe, like aircraft engines sitting on pylons off the wings, that too is a good place for fuel tanks.

[1] https://asn.flightsafety.org/asndb/322361

[2] https://www.easa.europa.eu/sites/default/files/dfu/NPA%202013-20.pdf