These are multi redundant and generally hospital patient monitoring systems have additional batteries of their own to make sure people don't die, and in the case of a major clusterfuck there are emergency procedures in which it's specified how power will be restored assuming a grid and backup generator failure (usually it involves the fire department shuttling a generator pack to the hospital site).
With engine failures in aircraft however, the consequences can be way more dire - particularly in GA where it's (at least in the US) even being allowed to fly without a license at all (Part 103 ultralights), and forget about regular legit simulator training on what to do in that case.
There certainly are examples of sensors failing or providing conflicting data, and pilots using prescribed backup systems to rely on in order to get home safe.
The technology is pretty much there, but currently there's still a requirement for human supervision/control in case of mechanical or electronic failures.
Like a need to land the plane in Hudson River when the plane hits a flock of geese, or emergencies when vital system monitoring tools become inaccessible.
Things “go wrong” fairly “frequently” on airplanes but they are hardened for this with redundant systems and manual (as well as computer) overrides. You don’t hear about most of them but they are all logged and used for improvements.
The main difference is when a car has a catastrophic failure there’s a good chance the people involved survive.
Modern aircraft have very good warning systems that warn when configuration of the aircraft or systems necessary for life are in incorrect states, and the way they're used generally afford a decent chunk of time if something goes wrong.
All systems on board an aircraft can be shut off for a number of reasons. In case of a power failure, the pilot must choose what functions are the most essential to the continued operation of the aircraft on the limited battery power remaining. A transponder may then become nonessential. Similarly, if it is faulty and is the cause of an electrical fire, power to the transponder must be able to be shut off.
It's truly unexpected failures,in the context of flying the plane. Basically every failure state in flying has a procedure, and as a pilot you're expected to memorize some, and know how to find and follow the checklist or red page for all emergency situations. Beyond that, you have to know how to assess and evaluate any emergency because that's your job.
That's generally not how redundant systems work. They'll usually implement some form of a Kalman filter or whatever cool kids use these days to filter out bad readings, while alerting the pilot that one of the sensors seems to be faulty.
Usually things that can kill people are triple redundant, where one goes bad, you can trust the other two readings for this reason.
I'm surprised there is a single point of failure like this in the design. But after I've read a bit about how Boeing released this product, maybe I'm not surprised.
Most incidents start with the systems failing and the pilots being the fallback. It’s not clear how, 1. A remote system would not be immune to this, and 2. How a remote system would be good if the systems are failing and probably producing bad readings
Modern fly-by-wire systems often don’t have a mechanic backup, and even for mechanically controlled ones (like the B737) I wouldn’t be too sure if they’d fare that well without any electronic controls.
But it’s not a given that an event of this type would even disrupt electronics not connected to the power grid. Even the longest possible line in an airplane is only on the order of a couple of meters, compared to thousands of kilometers for power and communication lines.
You´ll be amazed how fast you can start screwing things at a cockpit once you have an unknown emergency or even worst a known emergency that you have misunderstood. Just deselecting the wrong button (for example disconnecting a generator and a cross tie connector), will put you in manual control, with all the cockpit lights and half the instruments off, several alarms ringing... not a desirable situation even for an experienced pilot. You are able to forget to communicate, to navigate, you are able to crash to a mountain because you are looking at a flashing light, I can´t find a good example outside of aviation to make you understand the feeling to look at a panel and not knowing what the hell is going on.
At simulators we practice all the normal emergencies, that will cover you 99,5 of the times. Most emergencies are simple, but some times something that is not known even to Boeing happens. Or it´s a simple emergency but you take the wrong steps. This happens more frequently to pilots who passed a lacking instruction method (like the one I describe that´s happening at china), but can happen to anyone.
The Air France crash was due to a no emergency situation (they just needed to keep altitude, and engine thrust selection to keep a normal flight and recover the instruments) that was converted in to a crash due to a misinterpretation and wrong piloting skills.
Don't modern passenger jets have some kind of failsafe way they could still be controlled and landed safely if the electronics fail? I would assume they do. But then I know nothing whatsoever about aircraft safety and am only speculating.
Fixed wing pilot here. Handheld radio checklist item before I head out for flight. Even though my plane has redundant comms. Comms don’t work in a failed power scenario!
I suspect that the with the current electrical system on airbuses, the emergency electrical configuration wouldn't have enough power to run all those image processing computers at the very least (dual engine failure would cause this). However that could be resolved with additional battery capacity.
A more likely cause of automation failure would be failure or disagreement in the various sensors on the plane. These are typically triple redundant, but there have been cases where, for example, all the pitot tubes ice over and airspeed indications are lost. There are ways to deal with this but they're not currently programmed into the autopilot.
Other possible causes include failure of major flight controls requiring workarounds - eg, dealing with a stuck rudder with deliberate asymmetric thrust.
That being said flight control issues can probably be dealt with, if necessary. The real problem is with dealing with ambiguous situations where you have to weigh risks.
Consider: your radios are out. Per standard procedure you should proceed on your flight plan to the final fix and hold until your scheduled arrival time. However, fuel consumption is high - you're not sure, but you might have a slow fuel leak, and your destination has dicey weather. Do you divert without clearance or risk that you might be marginal on fuel at your scheduled arrival time?
Not totally. They have two redundant computers in the control loop. But they worked out this was a shitty idea if there was a failure so there are mechanical and electrical backup systems. Whilst "fly by wire" technically speaking they don't involve a computer in the loop.
I'd still rather have a totally mechanical backup.
They are, even with autopilots in general-aviation airplanes that commonly have a disable button on the control yoke, a button on the panel, and a circuit breaker to cut George's power.
I'd love for someone who's in the industry or an actual pilot to comment on this because I'm frankly not sure about what common scope AFBs have on commercial airliners, and what the backup procedures are if they fail. For private pilots, I know bringing an iPad up is common these days, but I think (and sure hope) commercial flight is a lot more risk averse and slow to adopt these things without thorough procedure.
With engine failures in aircraft however, the consequences can be way more dire - particularly in GA where it's (at least in the US) even being allowed to fly without a license at all (Part 103 ultralights), and forget about regular legit simulator training on what to do in that case.
reply