![]()
1
Commercial Aviation: A General Picture
Compared with many other activities, Commercial Aviation is still relatively young. However, the relevance – in terms of the number of users – as well as the improvement in safety levels are impressive.
It is far from being a failed model, but pressure to improve grows with the number of flights and with the size of the planes, increasing the potential impact of a single event.
As could be expected, it is a highly technical field, but some of the potential problems come precisely from disregarding the non-technical aspects, both on the individual side and on the social side.
This first chapter is intended to be a warning sign. In the following chapters, this warning will be developed through different aspects, showing the organizational evolution, its flaws, what should be done to include – seriously – the human side in the future and why this is a must.
Aviation: A High-Stakes Field
Organizational learning is a major issue in many fields. Some mistakes are repeated time and again, making it clear that learning does not exist or is a very slow process.
Regarding this issue, Aviation figures define it as a successful case, especially since it is a young activity, compared with many others.
Little more than a century has passed since the first powered flight, and it would be hard to imagine the world today without millions of people flying everywhere every single day.
The last available statistical report from Boeing gives us an idea about the relevance of the activity as measured by recent growth (Figure 1.1).
FIGURE 1.1
Departures, flight hours and jet airplanes in service. (From © 2018 The Boeing Company. All Rights Reserved.)
The advances in safety since the early days of Commercial Aviation are still more impressive than the amount of activity. Actually, these advances can be used as an index to measure the success of Aviation in terms of its learning ability.
Aviation comes from a situation where the ordinary retirement of a pilot was a rarity, while nowadays that is the expected outcome. Experienced passengers, even average ones, do not think more about the chances of an accident when they board a plane than when they board a train or a bus. Data on accident rates, from the same source, are shown in Figure 1.2.
FIGURE 1.2
Accident rates and on-board fatalities by year. (From © 2018 The Boeing Company. All Rights Reserved.)
The success is greater still given Aviation is a field where major dangers remain or even have grown over time: A high-level view inside a single commercial flight is enough to appreciate the real value of the current safety requirements. That view is represented in the Decalogue of Major Flight Dangers.
DECALOGUE OF MAJOR FLIGHT DANGERS
- 1. Commercial jets, at their cruise altitude, move near to the speed of sound. Any impact against another object, whether it is moving or not, means disaster, and the time available to react is very limited.
- 2. Aircraft travel about ten kilometers above the ground. The atmosphere is not breathable, and to the risk of asphyxia must be added the risk of impact due to uncontrolled loss of altitude.
- 3. The external temperature at cruise level is around −50°C. Exposure at these temperatures would not permit survival beyond a few minutes.
- 4. External atmospheric pressure is very low. To maintain a comfortable pressure inside the aircraft, the sheet metal that separates the interior from the exterior holds significant pressure, producing metal fatigue and risk of explosion.
- 5. On long-haul flights, half the take-off weight of the aircraft can be fuel. In the case of impact, this involves a risk of fire or explosion, and in the case of depletion, grave risk of accident.
- 6. Engines work under high-pressure and high-temperature conditions, with the associated risk of mechanical failure, explosion or fire.
- 7. Large aircraft, under almost any weather condition, take off at speeds close to 300 km/h and land at speeds close to 200 km/h.
- 8. Aircraft are subject to all sorts of weather that can affect visibility and cause structural impacts, electrical shocks or build-ups of ice on their external surfaces.
- 9. Aircraft cover long distances over all types of geographical zones. At some geographic points, a twin aircraft could be almost 6 flight hours away from the nearest airport.
- 10. Congestion on some flight routes or in the terminal zones of large airports increases the risk of collision.
The list could be far longer, but this is not the most important point. The really important issue here is the difference between the concepts of danger and risk.
While danger is related to severity (i.e., a list of increasingly severe dangers) risk includes probability. The difference between these two concepts, which for many lay people are synonymous, is reflected in the decreasing accident rate. In other words, while danger remains or grows, and nothing can be done about it, risk decreases and, hence, the accident rate decreases too.
A good example is the Airbus A340 model: When Airbus, after 386 units manufactured over 18 years, closed the assembly line, no one had been killed in a major accident on the millions of flights completed.
This might encapsulate the relevance of safety improvements in Aviation but, of course, there are other activities that could compete successfully, at least in terms of relevance.
Private transportation – “the machine that changed the world”, as the car was called – or the Information Technology revolution have had a larger impact still. However, Aviation has an important feature: the enormous impact of a single major accident.
Car accidents are common, and the death toll on roads is far higher than in Aviation. Actually, the death toll in the United States alone in 2017 was an estimated 40,000 people, enough to fill 100 jumbo jets. However, every single accident has a minor impact, compared with a major Aviation accident. Since every car accident has a small number of victims, acceptability is far higher for 1,000 victims in 1,000 different accidents in a year than for the same number in three accidents in the same period.
Wells (2001) calculated the public impact of an accident considering its direct relation to the number of victims, such that the loss perceived by society is proportional to the square of the number of deaths in a single accident; so, 100 deaths in one accident cause the same social impact as 10,000 deaths produced in individual accidents. Beyond the calculations of the social impact, anyone is able to imagine what would happen if 100 jumbo jets crashed in a single year in the United States (to relate car and Aviation figures to the same area).
This perception has a practical side: Aviation is always under public scrutiny. Therefore, pressure to keep or increase safety level is higher than in other activities. However, some other activities bring their own dangers and, since a good part of Aviation advancement comes from them, Aviation has imported these dangers from outside.
The best example is Information Technology: Cybersecurity is still a new issue even though, right now, it is a high-stakes activity, since basic installations depend of it. Of course, that includes Aviation-related installations.
The impact of Information Technology is such that an electromagnetic pulse (EMP) could send the affected area back to the Stone Age, but that is not the only threat: Guided-software attacks against specific installations could be very damaging and even more costly in terms of human lives than many Aviation accidents.
Cyberattacks are not the only danger: Poor design or software bugs can have important consequences. It is not a matter of comparing the relevance of Aviation and Information Technology but highlighting a single point: Information Technology is right now a key part of Aviation and, as such, Aviation has imported some dangers coming from a ubiquitous Information Technology:
avionics, control through fly-by-wire, datalink communication, air traffic control panels, onboard anti-collision systems, instrumental landing systems, onboard and ground installations, next-gen traffic control systems – it is hard nowadays to find a single system or activity in Aviation where Information Technology is absent or has a secondary role.
Planes such as the Boeing 787 or A350 use software involving millions of lines of code. The amount is far below that of a modern fighter jet, but still a good place for hidden bugs or attacks.
However, intentional damage is not yet the biggest danger coming from Information Technology. The biggest danger comes not from mistakes during the design process or from the activity of hackers, on their own or sent by an external intelligence service. The biggest and most frequent danger – that is, the biggest risk – is related to software performing its task as designed but in the wrong context.
Leveson (2004) addressed this problem, warning about the confusion between safety and reliability, pointing out that “in complex systems, accidents often result from the interaction among components that are all satisfying their individual requirements, that is, they have not failed”.
US1549 is a good example. The manufacturer, Airbus, never foresaw a full loss of power below 20,000 ft. Every procedure and every system worked perfectly – for a plane flying at 20,000 ft. or higher. Had the situation been managed by an advanced system, instead of humans, designed under the same parameters, a full hull loss and a significant loss of lives could occur, yet everyone could say that the whole system had worked properly – that is, according to the design parameters.
Information Technology has brought new facts into the fold, and both safety and efficiency have been a major issue. However, safety and efficiency don’t work well together. Different authors have shown that the safety level must balance protection and operating costs. Losing that balance can drive bankruptcy – or disaster and probable bankruptcy.
Flying implies risk, and risk must be kept within acceptable levels. Once there, the safety–efficiency tradeoff is an acceptable practice.
However, nobody can permanently define the borders of acceptability and, hence, nobody can say where these borders will be tomorrow. The borders will always be by-products of public opinion, largely influenced by how recently a major accident has occurred, and how and why.
Then, safety levels become a moving t...
