Is Flying Really Safe?

“I always fly safely, knowing  that I will arrive at the scene of the accident a micro-second before you!”

Flying is statistically one of the safest ways to travel.  (In a future blog, we’ll discuss safety and the geography of commercial air travel.) Because of intentional redundancy in commercial aviation, what we call “defense in depth”, it is very rare for one person’s actions to lead to an accident.  System design is “fault tolerant and fail safe”, resistant to catastrophic breakdowns because it is created to ‘fail’ to an operationally safe condition.

Some years ago, Dr. James Reason proposed a “Swiss Cheese” accident model.  Picture a wedge of Swiss cheese, riddled with holes.  Shoot a bullet at the cheese.  Only a perfect shot can pass through all the holes cleanly.  If the wedge of cheese represents the aviation system and the bullet a breakdown or error, it would require a very rare set of circumstances for the bullet to pass through the cheese unobstructed, leading to an accident.

US Air Flight #1549, which ditched in the Hudson River in New York City on the 15th of January this year, and Continental Flight #3407, which crashed near Buffalo New York on the 12th of February, represent two such events.  (More about both of these accidents in a future blog)  In the “miracle on the Hudson”, a reverse perfect storm led to 100% survival; with the Continental crash, just the opposite was true and everyone perished.  Prior to these accidents, it had been almost 2 ½ years since the last US commercial accident. During that time, US airlines operated in excess of 16 million flights and transported over 2 billion passengers without a single accident or fatality!

Safety never occurs by accident, pardon the pun!  Rather, it results from many years of intentional design, continuous improvement, and thorough and rigorous standards and training.  Today’s safety system is built upon the knowledge gained from yesterday’s accidents.  Each accident teaches us invaluable lessons which are then applied to future operations.  Perfection is never possible.  It is, however, a constant goal.

It will be my pleasure in coming blogs to highlight different aspects of the commercial aviation system, and discuss current events such as the US Air, Continental, and Turkish Air accidents.  Your feedback will be essential so we’ll include a “because you asked” section to highlight issues and questions of importance to you.

During my many years as a captain, I made it a practice to greet my passengers during boarding.  Occasionally, they told me to “fly safe.”  My response was always the same – I always fly safely, knowing  that I will arrive at the scene of the accident a micro-second before you!
Stow your loose items, take your seats, and buckle up as we prepare for take-off on our flight into aviation history.  It will be my pleasure to be your captain on this and future flights.  Thanks for being with us today and welcome aboard.

Captain Alan W. Price

5 thoughts on “Is Flying Really Safe?”

  1. Sorry to disagree:

    Investigations of the recent 737 Schiphol crash learn that automatic landing is hooked up with one altometer which crashes the plane if there is a defect in the one altometer…no redundancy designed here by linking it to the two altometers…..

  2. Thanks for your response and interest. You raise two issues:
    First, what caused the crash. Second, is the system truly redundant as mentioned in my blog. Let’s take these two issues together.

    It is never advisable to rush to conclusions. The first and foremost rule in any accident investigation is to remain open-minded until all the facts are known. Although early indications are that a faulty radio altimeter played a role, we cannot assume this until all the facts are in. Tangentially, there may be other equally important factors that play into this crash which are as or more important than what we know at this early stage of the investigation.

    Boeing has issued an advisory to all operators of 737 aircraft concerning the possibility that the left radio altimeter, one of two installed, might have caused an erroneous input to the auto flight system.

    Here is the summary wording in their advisory:
    “The Boeing memo notes that “the autothrottle, which uses the left radio altimeter data, transitioned to landing flare mode and retarded the throttles to the idle stop. The throttles remained at the idle stop for approximately 100 seconds during which time the airspeed decreased to approximately 40 knots below the selected approach speed.”

    As pilots, we are taught to use automation as a tool and not rely on it without monitoring to insure it is doing what we asked it to do. 100 seconds with the throttles at idle on an approach with a fully
    configured aircraft (gear/landing flaps) while the airspeed decayed is an incredible amount of time. We can only speculate as to what the pilots were doing while the auto flight system reduced power to idle.
    At the very least, they should be monitoring the automation and airspeed, fundamental aspects of airmanship – bottom line is the aircraft appears to have slowed below controllable airspeed, and
    stalled into the ground. The open question is “why?”

    While you suggest both radio altimeters should be linked into the system, it is simply not possible to design a system that is fail-proof. Remember, pilots are the redundant element in this and
    almost any conceivable flight condition. The automated tools with which we work are merely aids, not decision-makers. In my next blog I will focus on the role of the pilot in the modern automated cockpit.

    Thanks for your input and thoughts, Happy Hotelier. Hope this discussion is helpful.

    Capt Alan Price

  3. Thank you for your explanation.

    You’re right we have to wait for the full investigation. I quoted preliminary findings.

    As a yachtsman I’m a bit knowledgeable about the idiosyncrasies of an autopilot (in 2D). As such I’m a bit surprised to learn the Boeing system doesn’t allow for the pilot sole discretion to lessen speed or brake before and during landing…..

    In addition I have another question: Turkish media suggest the Tower should have warned the pilots of this plane for their lack of altitude and/or speed….. What would be your point of view?

    Thank you again.

  4. You raise two questions:

    First, with Boeing equipment, the pilot has a great deal of interventional control. I’ve flown the 737, not the -800, but a similar system. Even in an autoland configuration, the pilot can intervene to adjust speed and to reduce the amount of autobraking or to go to manual braking once on the runway. Nothing in the design of the system prevents this.

    As to the tower-cockpit relationship, it is always easy to second guess. I am not aware of the media comments you reference, but let me speak in generalities. If the tower/approach control was actively monitoring the airspeed of the approaching 737 (with busy airports they are) it would be expected that the controller communicate with the aircraft if they see something out of the ordinary. On the evening of the 22nd of December, 1972 Eastern Airlines Flight #401, an L1011, crashed into the Everglades approaching Miami International Airport while the approach controller watched the flight’s altitude decrease. The controller did ask an indirect question but did not alert the pilots they were descending perilously close to the ground. The crew was responsible but the controller could have prevented a disaster.

    A good controller is proactive and will notify an aircraft should something seem abnormal. Not having specific details here, I don’t wish to comment further. At the end of the day, however, it is always the Pilot In Command’s responsibilty to insure the safety of his or her flight. It is most puzzling in this case to know the aircraft was on approach with power at idle for 100 seconds, airspeed decreasing, without any pilot intervention.

    Hope this helps.

    Capt Alan W. Price

Leave a Reply

Your email address will not be published. Required fields are marked *