Air France Airbus Crash - an example of misguided trust in technology?
Submitted by Leonidas » Tue 21-Feb-2012, 11:14
Subject Area: Safety
Keywords: airbus crash, aviation incident, Air France, operator error, 447
1 member rating
On 1st June 2009 Air France flight AF 447, an Airbus A330-203 en route from Rio de Janeiro to Paris crashed into the Atlantic ocean at coordinates 3Â°03â€™57â€™â€™ N, 30Â°33â€™42â€™â€™ W. There were no survivors. Lost were 3 flight crew, 9 cabin crew and 216 passengers.
The aircraft's track was known from radio transmissions. 7000 kmÂ² of seabed was searched using sonar technology. The wreckage of the airplane was finally located on 3 April 2011, about 6.5 nautical miles north north-east of the last position transmitted.
The aircraft's Flight Data Recorder (FDR) was brought to the surface from a depth of 3,980 metres on 1 May, 2011 and the Cockpit Voice Recorder (CVR) on 2 May 2011.
An interim report on the incident has been published by the French aviation safety bureau BEA (Bureau d'EnquÃªtes et d'Analyses pour la sÃ©curitÃ© de l'aviation civile). See: http://www.bea.aero/docspa/2009/f-cp090601e3.en/pdf/f-cp090601e3.en.pdf
(From the BEA report)
At 2:10:05 AM, likely following the obstruction of the pitot probes in an ice crystal environment, the speed indications became erroneous and the automatic systems disconnected. The airplaneâ€™s flight path was not brought under control by the two co-pilots, who were rejoined shortly after by the Captain. The airplane went into a stall that lasted until the impact with the sea at 2:14:28 AM.
The Chain of Events
The aircraft flew into a tropical storm and all the pito tubes were blocked with ice denying the automatic control system any airspeed indication. With the loss of speed sensors the autopilot automatically disengaged at around 2:10 AM leaving the plane in the manual control of the pilots.
The BEA is yet to publish a final report however FDR and CVR evidence indicates that the crash was avoidable and entirely due to pilot error. An Airbus A330 can be flown manually without airspeed indication.
When the autopilot disengaged the fate of the plane and its passengers was placed in the hands of the most inexperienced co-pilot on the flight deck. The captain had left the flight deck to take a nap at 2:02 AM. Within 15 minutes all passengers and crew would be dead.
For some reason that professional aviators find hard to understand the co-pilot pulled the aircraft into a climb and despite some 75 separate synthetic voice "stall" alarms continued to pull back on the stick until the plane crashed into the sea. At one point the rapid climb reduced the aircraft's airspeed to less than 95 knots - an airspeed more appropriate to a light aircraft than a heavy jet airliner.
The loss of the airspeed indication was brief. At 2:10:35 AM the de-icing system worked and the cockpit displays indicated a valid airspeed. Still the co-pilot did not lower the nose.
The co-pilot became increasingly agitated and lamented the absence of the Captain.
2:11:06 AM - (Co-pilot). "Dammit, is he coming or not?"
At this point the plane had reached its maximum altitude (38,000 ft) with the engines on full power and the nose pitched up at an angle of 16 deg - airspeed approximately 186 kn. The physics of aerodynamics, thin air and low speed caused the aircraft to sink back towards the ocean.
2:11:43 AM - the Captain re-entered the cockpit. (Captain) "What the hell are you doing?"
2:11:45 AM - (Co-pilot) "We've lost control of the plane!"
At 35,000 ft, the angle of attack exceeded 40 degrees and the plane was dropping at a rate of 10,000 ft/min.
The captain did not take control of the aircraft he sat in a co-pilot seat behind the co-pilot.
2:12:14 AM - (Co-pilot) "What do you think? What do you think? What should we do?"
2:12:15 AM - (Captain) "I don't know."
2:14:23 AM - (Second Co-pilot) "Dammit, we going to crash ... this can't be happening!"
2:14:25 AM - (Co-pilot) "But what is happening?"
2:14:27 AM - (Captain) "Ten degrees of pitch ... "
2:14:28 AM - recording ends.
The last recorded values were a vertical speed of -10,912 ft/min, a ground speed of 107 knots, pitch attitude of 16.2 degrees nose-up, roll angle of 5.3 degrees left and a magnetic heading of 270 degrees.
Further details may be found in a popular mechanics article at: http://spectrum.ieee.org/riskfactor/aerospace/aviation/air-france-flight-447s-final-minutes-reconstructed
The pilot in control of the aircraft was not trained to fly an Airbus with no airspeed indicators. In the high stress environment that ensued his more experienced colleagues failed to diagnose the problem and bring the plane under control.
This incident points to a larger problem with the design and operation of complex systems. Sitting atop a multilayered hierarchy of usually reliable systems it is easy for operators to be lulled into a false sense of security and become disoriented and ineffective when things go wrong. From a designer's perspective a misguided faith in multiple layers of functional safety engineering may also cause us to ignore the obvious. The need to train operators in emergency procedures when a system fails.
1. Accept that systems will fail.
2. Take a closer look at system failure modes.
3. Develop and train operators in emergency procedures on system failure.
By now Airbus pilots all over the world receive simulator training in dealing with this type of incident. It is a tragedy that this was not the norm prior to 1st June 2009.