Malaysian Airlines MH370 & Proactive Safety Management

The search for Malaysian Airlines MH370 might remind us how little thought is devoted to proactive safety management. Flight recorders and in-cockpit voice recorders (known as black boxes) were a good idea at the time they were introduced into aviation and the design solutions were appropriate for that time. The limitations of this system have, however become apparent with this current incident.

Black Box Finder

The black-box recorders emit acoustic pings that can be detected with a suitable locating device. The range and battery life of the ping-emitting beacons in the black-box recorders are issues that came to the fore in the search for box for Air France Flight 447, which crashed into the Atlantic Ocean off the northeast coast of Brazil in 2009.

It took two years to find the wreckage of Air France Flight 447 although, as became evident only after the black-box recorders were recovered, that search was impeded by the failure of the ping-emitting beacons. Nevertheless, the search conditions for Malaysian Airlines MH370 are considerably more challenging (the sea bed is more complex and at least as deep, and the surface conditions more prone to stormy weather) and the battery life of the ping-emitting beacons is nearing its end even before the crash site has been identified. Even when the crash site is identified, it will certainly be more approximate than for Air France Flight 447 and, given our experience with that accident, we cannot even be sure that the ping-emitting beacons are operational.

It is quite possible that we will never find the wreckage of Malaysian Airlines MH 370.

MH370 Search Area

If we do find the wreckage of MH370, there will be considerable interest in what can be found on the in-cockpit voice recordings. Unfortunately, there will be only two hours of in-cockpit voice recordings on the storage device. After two hours, the new recording writes over what has gone before. Of course, in most accidents, two hours is more than adequate. The crucial information is in the seconds, possibly up to several minutes before the accident. In this case, the two-hour limit means that we will never know what went on in the cockpit at the crucial moments that MH370 turned from its scheduled track. We will never have access to the conversations in those significant minutes and hours as the aircraft traveled back across Malaysia and then turned south towards the Indian Ocean.

Surely, in this time and age, we can do better. In that I do not have expertise in engineering design, I hesitate to suggest solutions but surely we can now do better with battery life and locating systems. And, with terabytes of storage space now relatively inexpensive, the limit of two hours is ridiculous.

Many will argue that the failure to upgrade these recording systems is based on cost. Even today, a terabyte of storage is more expensive than a megabyte. The difference may not be much, but why not save it if the expense is unnecessary? Personally, I doubt this sort of explanation. Design engineers are quick to add technologically elegant functionality in areas that engage their interest. Human motivations are always complex. While cost is often a factor, it is rarely just about money. I suggest that this is more about the fact that proactive safety management does not excite management technocrats or design engineers.

4 responses to “Malaysian Airlines MH370 & Proactive Safety Management

  1. Interesting point, Gavan. I wonder, too, whether GPS technology could do a better job of tracking aircraft over water, where conventional radar is absent.

  2. Hello Betty. Yes, I was thinking GPS as I wrote this. However, I am not an expert in that area. I also imagine there are other possibilities and then I wonder what the downside is for any seemingly feasible solution. We do somehow need to motivate those who have the responsibility in this area to attend to proactive safety management. That, I think, is a job for cognitive systems engineers.

  3. Good observations and points Gavin and Betty. The cost issue may be nil to integrate GPS coordinates with existing aircraft downlink systems. This could be as simple as a software update like Tesla Motors does for the Model S. Since the proposed software update would only add Lat/Long position coordinates to each downlink engine data burst, increased data storage would be nil.

    On commercial jets the transponder control switch is within easy reach of anyone on the flight deck, which means someone can turn it off like on the four aircraft during 9/11 attacks. ADS-B satellite reporting can also be depowered by pulling ACARS circuit breakers, but even with CBs pulled, other features of ACARS remain autonomous and operational like automatic engine data downlink reporting.

    On MA370 flight, features of ACARS autonomously sent engine data approximately every 30 minutes via satellite directly to Boeing/engine manufacturer for about 7 hours after the copilot’s last radio transmission. On B777 and other commercial jet aircraft, this automatic ACARS feature is required by regulations to monitor engine health for long-haul overwater operations. This engine health monitoring feature cannot be switched off in flight.

  4. Thanks Mike. It sounds like much of the type of monitoring functionality we need is already available. Is that correct?

    For those who do not know Mike, he has relevant expertise on this topic with a diverse aviation background including 20 plus years as a commercial pilot.

Join the discussion