Rant Image

The Risk

Air France Airbus Crash - an example of misguided trust in technology?

Submitted by Leonidas » Tue 21-Feb-2012, 11:14

Subject Area: Safety

Keywords: airbus crash, aviation incident, Air France, operator error, 447

1 member rating

The Incident
On 1st June 2009 Air France flight AF 447, an Airbus A330-203 en route from Rio de Janeiro to Paris crashed into the Atlantic ocean at coordinates 3°03’57’’ N, 30°33’42’’ W. There were no survivors. Lost were 3 flight crew, 9 cabin crew and 216 passengers.

The Search
The aircraft's track was known from radio transmissions. 7000 km² of seabed was searched using sonar technology. The wreckage of the airplane was finally located on 3 April 2011, about 6.5 nautical miles north north-east of the last position transmitted.

The aircraft's Flight Data Recorder (FDR) was brought to the surface from a depth of 3,980 metres on 1 May, 2011 and the Cockpit Voice Recorder (CVR) on 2 May 2011.

BEA Report
An interim report on the incident has been published by the French aviation safety bureau BEA (Bureau d'Enquêtes et d'Analyses pour la sécurité de l'aviation civile). See: http://www.bea.aero/docspa/2009/f-cp090601e3.en/pdf/f-cp090601e3.en.pdf

What Happened
(From the BEA report)
At 2:10:05 AM, likely following the obstruction of the pitot probes in an ice crystal environment, the speed indications became erroneous and the automatic systems disconnected. The airplane’s flight path was not brought under control by the two co-pilots, who were rejoined shortly after by the Captain. The airplane went into a stall that lasted until the impact with the sea at 2:14:28 AM.

The Chain of Events
The aircraft flew into a tropical storm and all the pito tubes were blocked with ice denying the automatic control system any airspeed indication. With the loss of speed sensors the autopilot automatically disengaged at around 2:10 AM leaving the plane in the manual control of the pilots.
The BEA is yet to publish a final report however FDR and CVR evidence indicates that the crash was avoidable and entirely due to pilot error. An Airbus A330 can be flown manually without airspeed indication.
When the autopilot disengaged the fate of the plane and its passengers was placed in the hands of the most inexperienced co-pilot on the flight deck. The captain had left the flight deck to take a nap at 2:02 AM. Within 15 minutes all passengers and crew would be dead.
For some reason that professional aviators find hard to understand the co-pilot pulled the aircraft into a climb and despite some 75 separate synthetic voice "stall" alarms continued to pull back on the stick until the plane crashed into the sea. At one point the rapid climb reduced the aircraft's airspeed to less than 95 knots - an airspeed more appropriate to a light aircraft than a heavy jet airliner.
The loss of the airspeed indication was brief. At 2:10:35 AM the de-icing system worked and the cockpit displays indicated a valid airspeed. Still the co-pilot did not lower the nose.
The co-pilot became increasingly agitated and lamented the absence of the Captain.
2:11:06 AM - (Co-pilot). "Dammit, is he coming or not?"
At this point the plane had reached its maximum altitude (38,000 ft) with the engines on full power and the nose pitched up at an angle of 16 deg - airspeed approximately 186 kn. The physics of aerodynamics, thin air and low speed caused the aircraft to sink back towards the ocean.

2:11:43 AM - the Captain re-entered the cockpit. (Captain) "What the hell are you doing?"
2:11:45 AM - (Co-pilot) "We've lost control of the plane!"

At 35,000 ft, the angle of attack exceeded 40 degrees and the plane was dropping at a rate of 10,000 ft/min.
The captain did not take control of the aircraft he sat in a co-pilot seat behind the co-pilot.

2:12:14 AM - (Co-pilot) "What do you think? What do you think? What should we do?"
2:12:15 AM - (Captain) "I don't know."
2:14:23 AM - (Second Co-pilot) "Dammit, we going to crash ... this can't be happening!"
2:14:25 AM - (Co-pilot) "But what is happening?"
2:14:27 AM - (Captain) "Ten degrees of pitch ... "
2:14:28 AM - recording ends.

The last recorded values were a vertical speed of -10,912 ft/min, a ground speed of 107 knots, pitch attitude of 16.2 degrees nose-up, roll angle of 5.3 degrees left and a magnetic heading of 270 degrees.

Further details may be found in a popular mechanics article at: http://spectrum.ieee.org/riskfactor/aerospace/aviation/air-france-flight-447s-final-minutes-reconstructed

Analysis
The pilot in control of the aircraft was not trained to fly an Airbus with no airspeed indicators. In the high stress environment that ensued his more experienced colleagues failed to diagnose the problem and bring the plane under control.

This incident points to a larger problem with the design and operation of complex systems. Sitting atop a multilayered hierarchy of usually reliable systems it is easy for operators to be lulled into a false sense of security and become disoriented and ineffective when things go wrong. From a designer's perspective a misguided faith in multiple layers of functional safety engineering may also cause us to ignore the obvious. The need to train operators in emergency procedures when a system fails.

Corrective action
1. Accept that systems will fail.
2. Take a closer look at system failure modes.
3. Develop and train operators in emergency procedures on system failure.

By now Airbus pilots all over the world receive simulator training in dealing with this type of incident. It is a tragedy that this was not the norm prior to 1st June 2009.


1 Comment 

Member Comments

RE: Air France Airbus Crash - an example of misguided trust in technology?

The swiss cheese model.

By bill » Wed 22-Feb-2012, 10:12, My rating: ✭ ✭ ✭ ✩ ✩

As a highly experienced A330/A340 Check Capt my points would be as follows;
1. Poor engineering practice by Air France in not replacing the pitot tubes 15 years earlier.
They had a known higher susceptibility to ice accretion and replacement had been recommended. My Airline had recorded the old part as never to be fitted to their aircraft.
2. Poor basic pilot training. Not able to fly a perfectly serviceable aircraft without reference to airspeed. The very basic rule of instrument flying is Power plus Attitude = Performance.
That is, set an appropriate power and an appropriate pitch attitude for the altitude and weight. It was common practice in our airline to record these values about every hour on long flights. Prepare for the worst.
3 Poor pilot training systems. Failures such as these should be practised on a cyclical basis in the simulator. It was a known problem. It had happened twice to friends and in both cases the aircraft was recovered with only small exceedences in normal parameters. Practice lessons that experience has taught you.
4 The pilots were presented with; rapidly changing display of failure checklists as the pitots clogged and unclogged (you have to see this to understand how confusing it can be); the aural stall warnings blaring; obviously inaccurate airspeed indications; turbulence and probably lightning.
The failure messages and checklist display probably make sense in a software lab, but put together in the AF mix would have created a toxic level of acute stress which made it very difficult for the inexperienced junior pilot flying to think clearly. As a measure of his stress level, it would have required something like a 20kg force to hold full back stick for the 3-4 minutes it took to reach the ocean. Low airspeed and full back stick?

Email to a friend

Email this Risk Statement to a friend

Email to a friend