The media reports aren’t particularly informative, but the Australian Transport Safety Bureau’s news release contains a fairly good explanation of why a Qantas Airbus A330 airliner suddenly decided to dive a couple of hundred metres (not thousands of metres as some of the more colourful passenger interviews state).
All Airbus airliners since the A320, and the more recent of Boeing’s aircraft models, are “fly-by-wire” craft. That is, there is no direct mechanical or hydraulic connection between the control stick, and the aircraft’s control surfaces, at all. So, even when the plane is not on autopilot, there is a computer system that translates the pilot’s commands on the controls into movement of the various movable bits on the wings and tail. This is by no means a new thing - the A320 first went in to service in 1988, and the F-16 fighter had such a system way back in 1979.
Obviously, to get regulatory approval for such systems, the manufacturers had to demonstrate that the systems wouldn’t malfunction and cause the plane to dive into the ground. So all flight control systems implement multiple, redundant control computers, wiring, and whatnot, and the software is developed to the very highest standards, with highly rigorous testing and using the most advanced software engineering techniques to ensure reliability.
This isn’t just marketing guff, either; I’m no expert in aviation, but I am a published academic in the area of software reliability. And so, I’ve read one or two technical papers that came out of Airbus work. They do some very clever stuff (as, I’m sure, do Boeing).
One of the basic tenets of designing reliable systems is redundancy; the aircraft should be able to survive the failure of any single component, and critical components often have triple or quadruple redundancy. And so it is the case with the A320’s flight control system.
The first relevant bit was the “angle of attack” sensors on the plane’s exterior, of which there were three. These measure the angle at which the plane is pointing. These are fed into three Air Data Inertial Reference Unit (ADIRU) units, which translate the raw readings of the sensors into processed data, which is then fed to the three, redundant flight computers which end up controlling the aircraft.
In a nutshell, one of the ADIRU units went nuts, feeding garbage data to the flight computers telling it that the aircraft was pointing its nose way too high. The flight control computers reacted by moving the elevators (the movable little wings on the tail of the aircraft) to point the nose down fairly dramatically. The pilots reacted quickly to get the aircraft flying straight and level again, but in those few seconds it had dropped 650 feet (welcome to the anachronistic world of aviation, where feet still rule for altitude), at a maximum angle of 8.5 degrees. That was enough to throw a lot of passengers around the cabin.
As the ATSB report says, Airbuses with this control system have been flying for many years and this is the first such incident. I’d speculate that it’s probably not Qantas’s fault either: no matter how well-designed they are, components do break sometimes, and electronic ones tend to do so fairly suddenly and without any detectable warning of impending failure. It does appear, however, a little bit odd that the failure of one computer component - no matter how that failure occurred - caused the plane to react so violently. That seems to indicate that the redundancy in the flight control system is less complete than it should be.
I’d still be perfectly happy to fly on an Airbus plane. However, there will be some head-scratching at Airbus over this incident, and I’d expect it will be followed by some modifications to the A330 flight control systems. While a plane misbehaving at 37,000 feet is usually recoverable, a plane at takeoff or landing might not have been.
UPDATE: Courtesy a piece in Crikey today, this rather technical post from the Risks Digest about ADIRU faults. There is a lot of discussion of Byzantine faults - none of which I’m convinced actually applies here, given the architecture of the system. More interestingly, however, it turns out that other aircraft have undergone in-flight anomalies from such failures in the past. This doesn’t directly contradict the ATSB’s press release, which says that to their knowledge no Airbus aircraft have suffered similar anomalies, but is relevant.
Discuss in our Forums
See what other readers are saying about this article!
Click here to read & post comments.
7 posts so far.