A tough challenge for fellow PH aero-geeks
Discussion
I need some help.
I'm trying to calculate a rough probability of pilot error resulting in a crash, when the pilot is using using advanced flight controls (MFDs, fly-by-wire etc.).
However, knowing very little about airliners or air crash statistics I am a little stumped as where to start.
I got as far as there being on average 36 fatal crashes worldwide per year (source NTSB) and 76.4 million plane movements per year, which gives a probability of roughly 10E-6.
However these statistics are for all planes (so older models with lower tech flight controls) and will include things like mechanical failure, both of which will skew the data.
So can anyone come up with a more accurate figure or suggest where I might find better data?
Thanks,
Rich.
I'm trying to calculate a rough probability of pilot error resulting in a crash, when the pilot is using using advanced flight controls (MFDs, fly-by-wire etc.).
However, knowing very little about airliners or air crash statistics I am a little stumped as where to start.
I got as far as there being on average 36 fatal crashes worldwide per year (source NTSB) and 76.4 million plane movements per year, which gives a probability of roughly 10E-6.
However these statistics are for all planes (so older models with lower tech flight controls) and will include things like mechanical failure, both of which will skew the data.
So can anyone come up with a more accurate figure or suggest where I might find better data?
Thanks,
Rich.
i can't help at all sorry, but if i understand it correctly you are trying to work out the probability of a pilot making a mistake that results in a crash scenario? i'd have thought the sheer volume of possible scenarios and influences on such an event would render this a futile exercise.
If you are restricting your research for fly by wire airliners only (I presume you aren't including military accidents), then you would have to concentrate on crashes involving the following aircraft only -
BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
You mentioned "advanced flight controls" but then suggest MFDs which aren't really controls as such, more information displays. I wouldn't have thought fly-by-wire was a problem for pilots as much as the difference between glass vs steam instruments (i.e. large computer screens vs analogue gauges). In this day and age, very few airliners still use steam gauges though, so I'm not sure what the OP is trying to find out?
The aircraft Eric's listed are indeed pure fly-by-wire, so if that's what you're after, I would certainly look at the stats for those types.
The aircraft Eric's listed are indeed pure fly-by-wire, so if that's what you're after, I would certainly look at the stats for those types.
I'm not sure what you are trying to discover by working our that statistic. I don't think it would be very indicative even if you do manage to get the data together, due to the huge number of variables present in circumstances when an aircraft crashes.
There is always a reason why an aircraft crashes, and as part of that reason, the flight control system will either be relevent or not. If it is relevant, the chances are it would be identified as such in the accident investigation report, with recommendations for changes to prevent recurrence.
There is always a reason why an aircraft crashes, and as part of that reason, the flight control system will either be relevent or not. If it is relevant, the chances are it would be identified as such in the accident investigation report, with recommendations for changes to prevent recurrence.
Sorry chaps I was trying to be a little careful with the detail I go into - it could get very boring very quickly. Here's the background to the question.
Currently most nuclear control rooms use old analogue tech, and the best human reliability that one can reasonably expect from this technology is 10E-5. Computerised control and instrumentation should give you better reliability if designed right.
However, here's the rub, software is extremely expensive to justify to the required safety levels (SIL4 in tech speak - and were talking £10s to 100s of millions potentially). This means that in all likelihood next generation reactors will stick with the old tech control rooms missing out on the potentially huge advantages that controls under glass can provide. Especially as no one can say what improvements in human performance the adoption of such tech will provide.
So if no one is using controls under glass in the nuclear arena, it's difficult to present evidence that people will be more reliable using the new stuff as you can't generate empirical evidence without huge cost.
Another route is therefore to look at what human reliability advanced C&I engenders in other applications. Hence the question re modern C&I on aircraft. If I can show that, for example, the use of new tech is offering two orders of magnitude improvements in reliability then it at least helps spark debate and hopefully some proper studies - not just my back-of-fag-packet calcs.
Told you it was long and boring
Currently most nuclear control rooms use old analogue tech, and the best human reliability that one can reasonably expect from this technology is 10E-5. Computerised control and instrumentation should give you better reliability if designed right.
However, here's the rub, software is extremely expensive to justify to the required safety levels (SIL4 in tech speak - and were talking £10s to 100s of millions potentially). This means that in all likelihood next generation reactors will stick with the old tech control rooms missing out on the potentially huge advantages that controls under glass can provide. Especially as no one can say what improvements in human performance the adoption of such tech will provide.
So if no one is using controls under glass in the nuclear arena, it's difficult to present evidence that people will be more reliable using the new stuff as you can't generate empirical evidence without huge cost.
Another route is therefore to look at what human reliability advanced C&I engenders in other applications. Hence the question re modern C&I on aircraft. If I can show that, for example, the use of new tech is offering two orders of magnitude improvements in reliability then it at least helps spark debate and hopefully some proper studies - not just my back-of-fag-packet calcs.
Told you it was long and boring
not arf!
only my opinion, but i can't see the benefit being human error, that will come down to how simple/complex the interface is and the decision process that an operator has to go through in a particular scenario.
the benefit of computers on flight decks was to reduce weight [of hydraulic systems etc] and introduce multiple levels of redundancy so critical failures could be more easily avoided. pilot error can be dialled out to an extent by limiting control inputs that the computers sense are wrong/dangerous, but then there are incidents [i.e. '88 paris airshow] that highlight the pilot can still mess up, and surely in the nuclear environment things are much simpler?
usual 'shirt may or may not be a numpty' disclaimer applies
only my opinion, but i can't see the benefit being human error, that will come down to how simple/complex the interface is and the decision process that an operator has to go through in a particular scenario.
the benefit of computers on flight decks was to reduce weight [of hydraulic systems etc] and introduce multiple levels of redundancy so critical failures could be more easily avoided. pilot error can be dialled out to an extent by limiting control inputs that the computers sense are wrong/dangerous, but then there are incidents [i.e. '88 paris airshow] that highlight the pilot can still mess up, and surely in the nuclear environment things are much simpler?
usual 'shirt may or may not be a numpty' disclaimer applies
Edited by shirt on Thursday 6th August 15:24
shirt said:
not arf!
only my opinion, but i can't see the benefit being human error, that will come doen to how simple/comples the interface is and the decision process that an operator has to go through in a particular scenario.
the benefit of computers on flight decks was to reduce weight [of hydraulic systems etc] and introduce multiple levels of redundancy so critical failures could be more easily avoided. pilot error can be dialled out to an extent by limiting control inputs that the computers sense are wrong/dangerous, but then there are incidents [i.e. '88 paris airshow] that highlight the pilot can still mess up, and surely in the nuclear environment things are much simpler?
usual 'shirt may or may not be a numpty' disclaimer applies
But if you take something like the Typhoon II, the C&I allows the deletion of a back-seater, reduces the cognitive workload of the pilot and increases the situational awareness. It's not all about weight, in that case the design brief was to improve the pilots ability to do what he/she's got to do more reliably and efficiently than the enemy.only my opinion, but i can't see the benefit being human error, that will come doen to how simple/comples the interface is and the decision process that an operator has to go through in a particular scenario.
the benefit of computers on flight decks was to reduce weight [of hydraulic systems etc] and introduce multiple levels of redundancy so critical failures could be more easily avoided. pilot error can be dialled out to an extent by limiting control inputs that the computers sense are wrong/dangerous, but then there are incidents [i.e. '88 paris airshow] that highlight the pilot can still mess up, and surely in the nuclear environment things are much simpler?
usual 'shirt may or may not be a numpty' disclaimer applies
The point is, I guess, if that pilots using this stuff catastrophically screw up in some way 1 in every 10 or 100 million times, then it provides weight to the argument that perhaps it's worth spending the money on similar tech in the nuke industry.
What you tend to find in most high hazard industries is either the engineers can't do it, or the costs are predicted to be too high, so the argument is that the operator will cope - make him / her do it instead.
i'd have hoped that nuclear is the one situation where the H&S brigade should be allowed to win out!
i really can't contribute to what you want to do. out of interest though, what is the main cost element - programming, equipment? i am not a systems man but it seems like a lot of sensors, actuators and some programming to me.
[simpsons]i have a spare T-437 Safety Command Console
though if you need it [/simpsons]
i really can't contribute to what you want to do. out of interest though, what is the main cost element - programming, equipment? i am not a systems man but it seems like a lot of sensors, actuators and some programming to me.
[simpsons]i have a spare T-437 Safety Command Console
though if you need it [/simpsons]
The Airbus accident in 1988 wasn't at the Paris Air show. It was at a small air display at Mulsheim - a grass airfield not far from Strasbourg.
One of the problems with over reliance on computer control and preprogrammed data is that most of the set-ups controlling the aircraft have been installed by someone sitting at a desk not remotely conected with the actual flying of the aeroplane. Therefore, the programmers do not do their work with that same sense of personal survival that a pilot will have as he works the controls. On the whole, this isn't actually a big issue as I am sure most programmers and data inputters in aviation are thorough and very safety conscious.
However, look up the facts behind what happened to the Air New Zealand DC-10 that flew into Mount Erebus in 1979. A major factor in that accident was poor overview of the data being inputted by ground staff into the Inertial Guidance Navigation System.
One of the problems with over reliance on computer control and preprogrammed data is that most of the set-ups controlling the aircraft have been installed by someone sitting at a desk not remotely conected with the actual flying of the aeroplane. Therefore, the programmers do not do their work with that same sense of personal survival that a pilot will have as he works the controls. On the whole, this isn't actually a big issue as I am sure most programmers and data inputters in aviation are thorough and very safety conscious.
However, look up the facts behind what happened to the Air New Zealand DC-10 that flew into Mount Erebus in 1979. A major factor in that accident was poor overview of the data being inputted by ground staff into the Inertial Guidance Navigation System.
If I understand you correctly, you are trying to find data that will provide evidence that operators of non analog systems are likely to make less mistakes. And if this is the case, digital systems should be installed in nuclear installations.
I can see why you are looking at 'glass cockpit' aircraft but I'm not sure the data will be applicable. The aircraft that Eric has listed come from three different manufacturers, I expect that means three different FBW systems are involved. Not only that but the pilots will have been trained in different countries, probably to some pretty different standards.
What you really need are the results from MBTF or MTTF metrics that have been applied to human operators under a given set of conditions with a given set of training and level of ability.
I would have thought that some kind of ethnographic study based on simulations could also provide the necessary data.
I would recommend contacting an expert in user interface design and HCI.
I can see why you are looking at 'glass cockpit' aircraft but I'm not sure the data will be applicable. The aircraft that Eric has listed come from three different manufacturers, I expect that means three different FBW systems are involved. Not only that but the pilots will have been trained in different countries, probably to some pretty different standards.
What you really need are the results from MBTF or MTTF metrics that have been applied to human operators under a given set of conditions with a given set of training and level of ability.
I would have thought that some kind of ethnographic study based on simulations could also provide the necessary data.
I would recommend contacting an expert in user interface design and HCI.
Can't be of much use, but have a look at the Embraer Phenom. It's a very modern small biz jet. It's flightdeck is equipped with what is basically Garmin G100 modified and upgraded to accomodate advanced autopilot, and flight management systems.
How this differs from 'conventional' glass, though, is that it takes all of the 'mundane' checks and tasks from the pilot. For instance, When you start a jet engine, your strobe light must be on. Then you spin the engine a little, then insert fuel at a certain point, watch for a temp rise and then release the starer knobs.
The phenom knows all this, so you just get clearence to start engines over the radio, and then press a button. If something out of the ordinary happens, it'll tell you.
In flight, it continually transmits messages to the maitainance facilities like any other airline, but it doesn't bother the pilot with error messages which he can't do anything about, and aren't important to the safety of the flight.
There's a fine line with glass, in that it is all to easy to overload information to a pilot (or anyone else), but you want that info available when you want it. Properly laid out/categorized pages are brilliant in comparison to analogue, so long as they are laid out in a suitable way. I find G1000 brilliant for this in terms of aviation.
How this differs from 'conventional' glass, though, is that it takes all of the 'mundane' checks and tasks from the pilot. For instance, When you start a jet engine, your strobe light must be on. Then you spin the engine a little, then insert fuel at a certain point, watch for a temp rise and then release the starer knobs.
The phenom knows all this, so you just get clearence to start engines over the radio, and then press a button. If something out of the ordinary happens, it'll tell you.
In flight, it continually transmits messages to the maitainance facilities like any other airline, but it doesn't bother the pilot with error messages which he can't do anything about, and aren't important to the safety of the flight.
There's a fine line with glass, in that it is all to easy to overload information to a pilot (or anyone else), but you want that info available when you want it. Properly laid out/categorized pages are brilliant in comparison to analogue, so long as they are laid out in a suitable way. I find G1000 brilliant for this in terms of aviation.
Eric Mc said:
If you are restricting your research for fly by wire airliners only (I presume you aren't including military accidents), then you would have to concentrate on crashes involving the following aircraft only -
BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
Is there a reason why Boeing tend not to use fly by wire systems and Airbus do?BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
Sorry to go O/T OP, but it's interesting to see the split.
theboyfold said:
Eric Mc said:
If you are restricting your research for fly by wire airliners only (I presume you aren't including military accidents), then you would have to concentrate on crashes involving the following aircraft only -
BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
Is there a reason why Boeing tend not to use fly by wire systems and Airbus do?BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
Sorry to go O/T OP, but it's interesting to see the split.
The new Boeings are joining in though, the 777 is the newest, and the 787 will have FBW, as will (I think) the 747-800.
rhinochopig said:
I'm trying to calculate a rough probability of pilot error resulting in a crash, when the pilot is using using advanced flight controls (MFDs, fly-by-wire etc.).
I suppose the NTSB and CAA probably collect stats about this sort of thing. You might be able to find out how what proportion of crashes are caused by pilot error. Perhaps you can correlate that with the instrumentation/control type to see whether there's any obvious change in the accident rate. This doesn't tell you the probability that a pilot error would lead to a crash (which is what you want, I believe) but the factor you're missing is how many mistakes pilots actually make. Unless some large institution such as CAA or NTSB has worked that out, I suspect you'll struggle to find that for yourself.The Air Inter Airbus A320 crash in 1992 was caused by exactly this.
Have a look at www.airdisaster.com and you will get some basic data on air accidents.
Have a look at www.airdisaster.com and you will get some basic data on air accidents.
Papoo said:
theboyfold said:
Eric Mc said:
If you are restricting your research for fly by wire airliners only (I presume you aren't including military accidents), then you would have to concentrate on crashes involving the following aircraft only -
BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
Is there a reason why Boeing tend not to use fly by wire systems and Airbus do?BAC/Sud Aviation Concorde (early analogue FBW)
Airbus A318
Airbus A319
Airbus A320
Airbus A321
Airbus A330
Airbus A340
Airbus A380
Boeing 777
All other airliners in service do not have direct digital fly by wire control systems - although they are all pretty sophisticated machines with lots of other automated systems in use on the flight deck.
Sorry to go O/T OP, but it's interesting to see the split.
The new Boeings are joining in though, the 777 is the newest, and the 787 will have FBW, as will (I think) the 747-800.
SlipStream77 said:
If I understand you correctly, you are trying to find data that will provide evidence that operators of non analog systems are likely to make less mistakes. And if this is the case, digital systems should be installed in nuclear installations.
I can see why you are looking at 'glass cockpit' aircraft but I'm not sure the data will be applicable. The aircraft that Eric has listed come from three different manufacturers, I expect that means three different FBW systems are involved. Not only that but the pilots will have been trained in different countries, probably to some pretty different standards.
What you really need are the results from MBTF or MTTF metrics that have been applied to human operators under a given set of conditions with a given set of training and level of ability.
I would have thought that some kind of ethnographic study based on simulations could also provide the necessary data.
I would recommend contacting an expert in user interface design and HCI.
You're sort of right with your summary. Within the nuclear industry there is a cap on Human Reliability of no more than 10E-5. This was arrived at in the 60s/70s and this figure has become sacrosanct - the regulator will not accept higher claims than this. What this has meant that within the safety case you see a claim of this figure for old analogue tech which TBH is (relatively speaking) fairly average in terms of usability / operability.I can see why you are looking at 'glass cockpit' aircraft but I'm not sure the data will be applicable. The aircraft that Eric has listed come from three different manufacturers, I expect that means three different FBW systems are involved. Not only that but the pilots will have been trained in different countries, probably to some pretty different standards.
What you really need are the results from MBTF or MTTF metrics that have been applied to human operators under a given set of conditions with a given set of training and level of ability.
I would have thought that some kind of ethnographic study based on simulations could also provide the necessary data.
I would recommend contacting an expert in user interface design and HCI.
So when it comes to embracing new technology that WILL make the role of the operator easier in terms of fault detection workload etc. there is absolutely no point in doing so because you won't be able to claim any benefit within the safety case as we've already reached the cap allowed by the regulator. So why spend the millions on developing it when there will be little "benefit".
So industry and the regulator need to bite the bullet and agree that actually improvements in human reliability will be seen using this more modern tech and that it is possible for human to be more reliable than 10E-5. If you look at the Aero industry the data does support better than 10E-5, and it would strengthen the argument for the industry to do a proper study if I could say look the chaps using glass cockpits are routinely getting 10E-6 or 7 per year.
Re your point regarding simulations - there simply aren't enough out there with the relevant tech to generate that sort of data.
Re the MTBF comment. That's not how HRA (Human Reliability Assessment) tool work. The industry doesn't capture failure rates of humans for future use - they should but they don't. Mainly because there are so few plants that are the same.
Oh and to Eric - thanks for the list. I forgot to thank you in my last post.
Gassing Station | Boats, Planes & Trains | Top of Page | What's New | My Stuff