The first and foremost response to any incident is rapid rescue and for sympathy to victims, survivors, and those that loved them.Timely alerting and accurate aircraft position is the key to rapid response.
Moving beyond rescue becomes recovery. At this point the motivation is to collect the remains of those lost and as much of the airplane itself. Assembly of the airplane parts into a skeleton gives a foundation to check and verify various failure scenarios.
Regardless of the cause of catastrophe, airplane structure and systems are designed to be fault tolerant. Crash survivability is a paramount endeavor. Materials are evaluated for their contributions to post-crash fire and smoke. While the first objective is to understand what led to the catastrophe, just as important is to understand what can be improved to enhance prevention and survivability.
Air Safety Investigation
Air Safety investigation revolves around assembling information. With all the information at hand, one can draw conclusions and recommendations.The public are rarely given all of the information in any situation, but rather some of the information comes out in bits and pieces and then gets mixed with mis-information as it ripples outwards. The news cycle is driving the tempo to be the first to report.
As an example, audio recording are extremely sensitive.
One accident investigation organization takes the lead in the investigation and directs the recovery efforts. The public rely on this organization to be forthcoming and timely in releasing facts as they are discovered.
A comprehensive process follows any catastrophe so that the proper studies can be conducted on the materials and the aircraft systems, as well the human factors. Aircraft catastrophes are put into a context that includes the air traffic control and maintenance activities associated with the aircraft in the time leading up to the event.
Probable cause describes the factors that lead to the catastrophe. Rarely is there a single cause, but rather a progression of contributing factors that aligned themselves towards a deadly outcome, the absence of any one which would have avoided or minimized it.
For example, Captain Ayman Elmokadem, Head of the Independent Investigation Committee into the Metrojet crash in the Sinai on 31 October 2015, said:
“Since the publication of the preliminary report issued by the Committee on 13 December 2015, the Committee has completed a number of tasks as part of its ongoing investigation process...
...The Committee continues to investigate the technical history of the aircraft, including its full service record and repairs carried out on the aircraft structure, systems and engines since the date of its production until the date of the accident. The Committee is still awaiting a number of documents from countries participating in the investigation. Given the aircraft was manufactured in May 1997 (almost 19 years ago), this detailed process is very time consuming.
In the context of ongoing collaboration with the countries participating in the investigation, the Committee received on 14 March 2016 an official report from the Russian Federation Investigative Committee. After studying this report, which suggests suspected criminal activity, the Committee has referred the matter to the Attorney General of the Arab Republic of Egypt.
The Investigation Committee will continue with its technical investigation while being ready to provide any assistance to the Attorney General.”
One would surmise the Metrojet loss was attributable to a bomb based on the Russian report. One would expect that the evidence of an explosion would be discernible. Yet the Egyptian investigation has not released a report detailing probable cause.
It is notable that the President of Egypt acknowledged his belief that a bomb led to the Metrojet catastrophe in February, 2016.
Malicious and criminal acts have contributed to aircraft catastrophes dating back at least 80 years. Criminal behavior is investigated differently from the air safety investigation itself, adding an entire other dimension to the effort, and frankly leave this venue for discussion. However, it highlights the issue of liability and prevention, which are quite volatile.
The assertion of probable cause and contributing factors will lead to recommendations for improvement. While a dark shadow is cast across any catastrophe, the silver lining is the lessons learned that may prevent or minimize any future occurrence. The challenge is taking those lessons learned and translating them into tangible changes in aircraft systems, training, procedures, or otherwise. The process may be done aggressively, by grounding airplanes until corrective actions are taken; through normal processes of system upgrade; or in many cases left aside for another time.
Data Recording and Reporting
Underwater Locating Beacon (ULB)
Much attention has been raised now with a handful of under-water crash sites, most notably MH370 which has yet to be located. Note that the vast majority of accident sites are on land.
The Underwater Locating Beacon (ULB) is attached to each of the CVR and DFDR to aid in finding these recorders under the sea.
The ULB operating at 37.5 kHz has range limits from 6,000 to 18,000 feet underwater. The NTSB issued an interesting report regarding aircraft tracking and recording, including recommendations to improve the ULB. An excerpt (link embedded) follows:
Fault detection, recording and reporting
Centralized maintenance is the concept of gathering system information into a centralized data base upon which intelligent reporting and response can be created. Flight displays, including the display of faults, operate independently from centralized maintenance. Centralized maintenance is, strictly speaking, not a part of operating the airplane - it is not meant for the flight crew. Flight displays present information to the flight crew based on loss of function and required action. Loss of redundancy, for example, has no flight deck effect - the pilot does not take any action - but the centralized maintenance system is alerted and creates reports.There is no technical limitation to the level of information that can be recorded. The limiting factor is expense, which drives the marketplace to minimum operational performance from required systems. The airlines have long recognized the benefits of data analysis to justify non-required systems to enhance airplane health monitoring. For example, the same inputs used to compose the DFDR recording stream can be used by a second processor to compose airline-defined recording and reporting services. Aircraft Condition Monitoring System (ACMS) or Aircraft Integrated Data System (AIDS) are examples of these supplementary data recording systems. An onboard Quick Access Recorder (QAR), while not crash survivable, offers a repository of much greater capacity, depth and breadth compared to the mandatory data parameters recorded on the DFDR.
Telemetry is the process of using a radio connection to convey airplane information from the airplane to a ground system. Aircraft Communication Addressing and Reporting System (ACARS) is the telemetry (or data link) for an airliner. ACARS operates over VHF, HF, and satcom radio channels. ACARS has been in continuous service for nearly 40 years, bearing the test of time while a bit underwhelming in performance and functionality. The VHF data link can operate in a shared channel at either 2.4 or 31.5 kbps. Recent migration towards Inmarsat Swift Broadband (SBB) permits much higher data rates. ACARS messages are directed to a data link service provider (DSP) that manages the air-ground data exchange in tandem with a ground-ground exchange with the participating end-system at an airline, at an air navigation service provider (ANSP), or at a third-party.
Systems on the airplane use ACARS to route messages automatically with their peers on the ground. The flight crew and cabin crew can also interact with ACARS through composing or receiving messages in pre-defined forms as a part of regular reporting and in free-text messages.
Starting with the 747-400, centralized maintenance reports were communicated using ACARS. Since 1990, centralized maintenance, ACMS, and ACARS embedded applications automatically create and transmit reports regarding faults, configuration, exceedences, and other trend monitoring information. These reports can be communicated rapidly, less than a minute from when the event triggering the report.
Other data recordings
Any system on the airplane that includes a computer processor may have nonvolatile memory (NVM). While not crash survivable, NVM can be accessed in some cases to offer significant detail into a particular subsystem.Surviving passenger devices that may have recorded images or sounds are useful.
Control settings
Every airplane is a unique combination of aircraft systems in a particular software configuration and in a particular state of affairs. The configuration is largely confirmed by maintenance records checked and cross-checked with whatever supporting information is available. The state-of-affairs, or the status of each system against internal failures and the control settings has a temporal aspect that is a real challenge, and to which the DFDR is applied, as well observations from any recovered control panels or systems.Other radios
In-flight, another radio may be available for other types of communications largely centered on direct services to the passenger, such as a Ku-band or Ka-band satcom (Ku/Ka). Ku/Ka are capable of supporting "non-safety" applications, that includes the potential to service an Electronic Flight Bag (EFB). Ku/Ka systems typically provide an IP connection to the Internet, from which each connected application communicates. Line-of-site networks, such as Gogo ATG or the complementary ground component of the emerging T-Mobile/Inmarsat European Aviation Network offer similar capabilities.Cellular, Terminal Wireless LAN (802.11), AeroMACS (802.16), JetwayNet, and human sneaker net are available for gathering data recordings from the airplane when it is on the ground. These methods are "too late" when applied to a catastrophe, but are always valuable in understanding the trends leading up to an event.
Air Traffic Control and Surveillance
ATC Voice
Pilot voice communications are provided using a set of dedicated VHF radios, with HF and satcom radios as an option depending on the operational requirements from the routes flown. The loss of voice communication is a major hazard. VHF and HF radios are built in a redundant manner for continued service in the case of a single failure, which also includes the systems powering the radios and the systems controlling the radios.Surviellance
Airplane surveillance facilitates the process for an air navigation service provider (ANSP) to offer air traffic control (ATC) by ensuring safe separation between aircraft.Primary surveillance radar (PSR) is used principally for intruder detection, based on returns from the aircraft body itself (skin painting). Primary radar can detect aircraft, or parts of aircraft, that are not transmitting any information over a radio link.
National governments operate air defense networks that are sensitive to intruders. There are private, civil, and military satellite networks that can detect high-thermal events or other features that can aid an investigation. These types of sensors are rarely in the public domain, and the investigation depends on the voluntary cooperation from any source of information. It is possible that the information may be held confidential, or that only small aspects are released publicly.
When using secondary surveillance radar (SSR), tactical control is provided where separation is based on knowing the actual position of surrounding aircraft. Transponders on the aircraft respond to interrogation with information that can determine identity, range, bearing, and altitude, and further state information depending on whether equipped with Mode A, Mode C, or Mode S transponders.
Aircraft Collision Alerting System (ACAS, also TCAS) allows nearby aircraft to interrogate each other using the same transponders used for secondary surveillance.
Automatic Dependent Surveillance - Broadcast (ADS-B) is another technology where the airplane automatically transmits its position using the Mode-S transponder (XPDR). An ANSP can rely on the received ADS-B position reports instead of using SSR. An ANSP can apply multi-lateration (MLAT) to independently monitor the accuracy of reported position reports or as another means for position determination.
ADS-B Out is the process of transmitting aircraft information. Nearby aircraft may also receive the ADS-B information using a technology called ADS-B In. ADS-B In permits local situational awareness that enables enhancements to aircraft operations.
Procedural airspace is when an ASNP relies on reported positions that are updated at a much lower rate than in tactical airspace (e.g., 15 minutes Versus 12 seconds). Simply stated, in procedural airspace, ATC conflict probe is based on assuming an airplane is following its cleared route where in tactical airspace an ATC conflict probe is based on knowing where the airplane is precisely all the time.
Automation has offered relief to the flight crew having to read-out their position reports over a noisy HF radio channel by sending the position reports using ACARS. Flight Management System (FMS) position reports delivered by ACARS messages may used in lieu of a pilot position reports.
Another use of ACARS messages is called Automatic Dependent Surveillance - Contract (ADS-C). ADS-C is an interactive application between the ANSP and the onboard systems that enable the ANSP to command position and exception reporting at rates of their choosing, for example from 1-15 minutes.
ADS-C differs from ADS-B by virtue that each uses a completely different radio technology. ADS-B offers a state vector where ADS-C delivers flight path intent. Furthermore, ADS-C can deliver an alert if the airplane deviates from the cleared flight path.
ADS-B use of the transponder implies line-of-sight transmission at 1090 MHz. Space-based ADS-B receivers, such as being developed by Aireon, will extend ADS-B to a global solution without any change to the airplane systems.
Aircraft Position
Whether primary radar, secondary surveillance radar (Mode-A,C,S), multi-lateration, pilot position report, FMS position report, ADS-B, ADS-C; each of these services deliver a position that will focus the rescue and recovery efforts expeditiously. There are cases where none of these services is available in a timely manner, to which considerable attention has been raised. The long time from the loss of AF447 to locating it was met with much study and one critical change; that situation has been worsened considerably with MH370. While mandates are forthcoming, ADS-B coupled with space-based receivers has the greatest likelihood for near-term global implementation, but the answer is all-of-the-above to which a multitude of mechanisms are in-work.The one critical change is a truly laudable example of learning and improving that came about internal to Inmarsat, who provide the satcom service to both AF447 and MH370. Mark Dickinson, Inmarsat, relays the story as it picks up with the loss of MH370:
“We had engineering logs from our Perth ground station relating to the missing plane. What this told us was that the Inmarsat terminal on-board the flight had continued to operate for many hours after the contact was lost when the aircraft left Malaysian airspace,” he says
The fact that this data was available was thanks to additional storage capacity Inmarsat had incorporated during its ground network upgrade in 2013. This, in turn, was a direct result of the company’s involvement in the search for Air France 447 flight in 2009, where 229 people lost their lives. While Inmarsat was not directly involved in this investigation, the company took steps to store more data fields with the thought that this information could prove valuable in the future.
“We added the BTO values to the GES logs that we stored following our experience with AF447. When we took this decision, we did not know precisely how it might be useful but we had a hunch and decided to make the investment. So we went through an upgrade process on our software for all of our ground stations so that we could record this information. This rolled out in Perth last year,” Dickinson says. “If it wasn’t for that upgrade, we would not have had the relevant data and hence the range rings that we, and the international investigation team, were able to construct.”
After AF447 was lost, Inmarsat took it upon themselves to voluntarily upgrade their network to record a critical parameter. That parameter is the only information we have for MH370 final position. All it takes is for one person, such as Alan Schuster-Bruce, to make a significant difference. While it doesn't always take a regulatory mandate, every enterprise can contribute with a safety-minded culture and a commitment to improve.
Areas identified after AF447 that are now proceeding (with an imperative from MH370) include longer ULB operating time (90 days), an underwater locating device that can be installed to the aircraft structure like the ULB to a flight recorder, and the use of 8.8 kHz as an alternative ping frequency.
Aircraft Tracking Radio
Airlines have the option to install a tracker application that uses ACARS or a dedicated radio (such as Iridium) to relay aircraft position either periodically or as a result of pre-determined event triggers.FLYHT offers an Iridium-powered flight tracker.
FLYHT conducted flight tests that demonstrated no loss of data during extreme attitude excursions.
Cloudy Day Scenarios
Anyone can look up in the sky and enjoy the sunny day, and wish it would last forever. When everything is working well, things are simpler and predictable.Aviation catastrophe usually involves some distress to airplane systems, in unexpected combinations of failures and state. Power may fluctuate, equipment may end up in a power-up reset or trying to recover a radio log on, or worse, locked up all together. Navigation sensor and other input references may become unreliable or unavailable. Data buses may be interrupted or severed. Ships attitude may prevent line of sight communication, whether terrestrial or satellite. All of this can happen repeatedly. Sinister acts may interfere with system functionality, which introduces another dimension of pain.
Applying normal functionality in abnormal scenarios is fundamentally in conflict Data reporting systems are not essential to the safe operation of an airplane and have no assurance of continued serviceability during a catastrophic event. Self-contained, self-powered devices that have internal sensors and rely on a passive antenna have the best opportunity for operability under any scenario.
Aircraft tracking services
Service providers operating satellite communications to aircraft have a need to track the position of the remote radio (installed on the aircraft) to compensate for doppler shift and to ensure compliance to radio regulations (plus unique proprietary aspects). The radio-derived position has varying degrees of accuracy. Privacy concerns are a factor in how the service provider collects and stores this information that may limit its utility for accident investigation.Here are three examples of aircraft tracking services:
Emergency Locating Transmitter (ELT)
The Emergency Locating Transmitter (ELT) is another system that is installed on the airplane to broadcast the final resting place of the wreckage. The ELT relies on a g-switch, and possibly other measures to trigger the battery powered transmissions. The ELT transmits on 121.5 MHz and 406 MHz. 406 MHz transmission can encode a position report, monitored globally by Cospas-Sarsat.The International Cospas-Sarsat Programme is a satellite-based search and rescue (SAR) distress alert detection and information distribution system, best known for detecting and locating emergency beacons activated by aircraft, ships and backcountry hikers in distress.
The International Cospas-Sarsat Programme (the Programme) began as a joint effort of Canada, France, the United States, and the former Soviet Union in 1979. It was formally constituted as an intergovernmental organisation in 1988 through the International Cospas-Sarsat Programme Agreement (the Agreement or ICSPA) signed by the four “Parties” to the Agreement: Canada, France, the USA and the former USSR. The Russian Federation replaced the USSR as Party to the Agreement in January 1992.
Including the four Parties to the Agreement, 41 States and 2 organisations (the Participants) are now currently formally associated with the Programme and actively participate in the management and the operation of the Cospas-Sarsat System (the System).
Example of an Incident Report
An Incident or Accident Report offers a comprehensive description of the events and systems contributing to a situation. Having gotten this far, you may well want to read an example report. Here is an Airbus A319 incident that thankfully had no injury, but where there was (at the time of the report) no success in reproducing the failure scenario (and thus identifying a corrective measure). This British Airways flight crew was able to maintain control of the airplane and continue on to their destination, but a more dire outcome was certainly conceivable.
As the aircraft climbed to Flight Level (FL) 200 in night Visual Meteorological Conditions (VMC) with autopilot and autothrust engaged, there was a major electrical failure. This resulted in the loss or degradation of a number of important aircraft systems. The crew reported that both the commander’s and co-pilot’s Primary Flight Displays (PFD) and Navigation Displays (ND) went blank, as did the upper ECAM1 display. The autopilot and autothrust systems disconnected, the VHF radio and intercom were inoperative and most of the cockpit lighting went off. There were several other more minor concurrent failures.
Stay tuned,
Peter Lemme
peter @ satcom.guru
Copyright 2016 satcom.guru All Rights Reserved
Peter Lemme has been a leader in avionics engineering for 35 years. He offers independent consulting services largely focused on avionics and L, Ku, and Ka band satellite communications to aircraft. Peter chairs the SAE-ITC AEEC Ku/Ka-band satcom subcommittee developing PP848, ARINC 791, and PP792 standards and characteristics.
Peter was Boeing avionics supervisor for 767 and 747-400 data link recording, data link reporting, and satellite communications. He was an FAA designated engineering representative (DER) for ACARS, satellite communications, DFDAU, DFDR, ACMS and printers. Peter was also lead engineer for Thrust Management System (757, 767, 747-400), supervisor for satellite communications for 777, and manager of terminal-area projects.
"The one critical change is a truly laudable example of learning and improving".
ReplyDelete---
Talking about mh370 & the Inmarsat experimental approach, your heart may have been in the right place, though may I challenge that the mind wasn't following on that day, a few years ago, Satcom Guru.
A quarter of a billion pounds of searching, the most expensive search in history, and I wonder if any of it was worth it at all. This experimental approach to finding a location after the fact, using theoretical calculations, is fully unproven.
After considerable searching, Captain Simon Hardy made representations to the Australian Transport Safety Board of his own estimations, coming out at not too far off the original search area. Hardy used the same kind of approach as Inmarsat in its theoretical calculations, working out a route to match BFO calculations to intersect each arc and finally the 7th arc of the BTO calculations. The Inmarsat area searched over two different attempts was huge, the largest area ever searched in an investigation.
Bear in mind, as Hardy has explained, echoing Inmarsat, the results were based upon an estimated flight route using the complete assumptions of constant speed, constant heading and more or less constant altitude, their guesses being into the cruising altitude and staying there. Otherwise, there is nearly nothing that Inmarsat's theoretical approach can tell us beyond - possibly and again still possibly not because there are numerous reasons even this could be incorrect - a huge series of arcs upon the globe.
The ATSB assessed Hardy's estimated location. It also assessed new theoretical results from members of the Independent Group and their estimated new location. In both cases the ATSB concluded that there was no credible new evidence which would give reason for a search. We know Ocean Infinity subsequently took up the second leg of searching, regardless on a no find no fee basis, again without a hint of success.
Ocean Infinity has yet been offering more no find no fee searching, depending upon the agreement of the Malaysian government. There has been a concerted effort by members of the Independent Group, still ongoing today I think, to show credible evidence for a new search area around the last areas. Despite this, last year, Malaysia stated there was no credible new evidence since the negative conclusion of the original searches to warrant any further searching in this southern Indian Ocean vicinity of the 7th arc.
Of course Malaysia has and contracts to top experts in the world to make these decisions. It is not shown, but likely that this decision will have been taken in some kind of consultation with other numerous, national authorities who were involved in the initial investigation. That includes USA, UK, China and Australia. I think France wasn't involved originally but set up its own investigation a couple of years ago.
The conclusion to be drawn from everything is that it seems after all that there easily really was no credible evidence in the first place.
I'm not criticising the searching by any means. I think it's very serious to understand, however, there had been something of a very unrealistic, cult-like devotion, an unwarranted adulation which developed around the whole experimental endeavour of Inmarsat which led to immense costs and no clues turned up after so much. From the very beginning I was extremely sceptical of this experimental approach to locating a plane using an approach which still has never been shown, let alone certified, to locate anything after the event.