“Spock’s Brain & the Singularity”:(Asiana flight 214- Key Learnings)

Brian Landberg

September-2013

Note• This discussion is about a recent, serious accident.

Despite the title, I am not intending to treat this accident lightly. No intent to disrespect those affected.

• Intention is for organizational and systemic learning.

Overview0. Prelude

1. What happened

2. Societal Trends

3. Lessons for Quality Assurance/ Supplier Management

“Spock’s Brain”

• Old Star Trek TV episode– One of the worst ones?

• Spock’s brain is stolen.– To control systems on an alien planet; collective intelligence

put into central computer.

– Citizens became stupid over time, since they rely on big brain to do all the thinking for them.

• McCoy downloads knowledge, operates, reconnects Spock’s brain.

Q: What happens if automation makes thinking obsolete?

As for the “singularity”… we will get to that part shortly.

1. What Happened

July 6, 2013, ~11:26am, Asiana 214 (Boeing 777-200ER) arriving to San Francisco (SFO), from Incheon, Korea

Asiana 214 – Accident Simulations

Animation source: Eyewitness Animationshttp://www.youtube.com/channel/UCsvKUhNY1Z8b7jEJP59X3Zghttp://www.youtube.com/watch?v=eXCwI6a1DqI&feature=youtu.be

Click to view animations.

What went wrong?

Landing sequence • 2 pilots misjudged airspeed, no corrective action until too late (-7s). • Sink-rate warnings from 3rd pilot in jumpseat not heeded (-54sec). • Pilots “experienced”, but new on 777.• Airport runway guidance systems down for construction (pre-notified)

Evacuation• Evacuation delayed 90sec due to poor pilot judgment.• Inflatable chutes for evacuation opened inside rather than outside the

plane.

Response/Rescue• 1 victim had been “rescued” only to be placed in harms way (see p10).

Root Cause FactorsHypothesis Category Evidence Conclusion

SYS: Airplane Design Failures None (except escape chutes) No

SYS: Airplane Malfunction None (black box, tower data) No

SYS: Airstrip Guidance trouble ILS offline (pre-notified), but not necessary for good visibility cond.

No

ENV: Weather/Visibility Clear conditions/visibility No

SOP: Unanticipated Problems None revealed No

HE: Miscommunication Not w/ control tower; Possibly in cockpit (among pilots?)

TBD

HE: Poor Training Slow/no response to flight data Yes

HE: Pilot Fatigue Chief pilots were relieved during flight and were rested

No

HE: Cockpit Culture Jumpseat pilot warnings of “sinkrate” not heeded due to age/status?; Also evacuation delay.

Yes

Additional Tragedy

• A 16-year old girl with Chinese passport was pulled from the aircraft and left near the plane's wing, where she was run over by an airport crash tender while covered in fire-fighting foam. Autopsy confirmed that the girl was still alive prior to being run over by a rescue vehicle.

• Rescue driver involved was experienced, but had just returned from an errand to find that emergency occurred and all colleagues were out at the scene. She drove a truck by herself to the crash site. (Allowed only for emergency situation).

• “Another firefighter had carried the girl from the back of the plane and left her near the left wing, a hazardous place as the huge ARFF rigs jockeyed to fight the fire. There was in the area where the victim was found a blanket of foam that was applied to suppress the fire on the aircraft.” the truck did not have Forward Looking Infrared (FLIR). Similar system is installed on other trucks. This truck was a reserve truck, and was not retrofitted, due to rare use in the field(?)

• Videos show victim in a fetal position on the ground before the truck rolled over her -- several firefighters walk by, perhaps not realizing she needed help.

What went well?Survival rate• Few deaths (3 out of 291 passengers, 16 crew on board)

– One analysis: “Lucky”… would have been worse if fuselage had flipped over.– Attendants ejected from the tail also very lucky!

Cabin Crew and Airport Staff• Good response from control tower• Flight attendants acted quickly to initiate and expedite evacuation• Fast response from airport on-site fire team• Excellent support to passengers from partner airline UA.

Airplane Equipment• Airplane structural integrity mostly intact, except for tail zone (direct strike

area), allowing high survival rate. • Nose/cockpit perfectly intact• Flight data recorders provided key data to analyze the accident details

Background of Good News

Decreasing trend of airline crashes and fatalities among US airlines.Only 1 fatal accident involving a U.S. airline in past 6 years: 2009 crash near Buffalo, New York.

Similar Historical Cases• 2008, crash landing of a (777) plane British Airways flight 38 landed short of

runway at Heathrow Airport , London. (no deaths, mechanical failure, ice in fuel).– Only other recent 777 accident; 1100+ airplanes flying, 18yrs since first flights.

• 2009 Air France 447 (Airbus 330) crashed over Atlantic Ocean after Autopilot failed and pilots reacted incorrectly. Brazil to Paris route. All 220 passengers & crew died.

• 1993 Air France (747-400) to Tahiti landed long and crashed. Human error due to improper usage of Autothrottle control was central factor. Many procedural and technological improvements were made.

• 1968, Japan Airlines plane bound for SFO had problem similar to Asiana 214's. The crew guided it through a properly stabilised approach—but "landed" two miles short of the runway, right in San Francisco Bay. The circumstances were worse than in the Asiana case—bad weather, and cloud ceiling of only 300 feet. The outcome was better, in that no one was killed. ( ‘Famous’ in aviation lore for the "Asohdefense," explanation by captain Kohei Asoh: “As you Americans say, I f*ked up.”)

2. Societal Trends

1. Automation (and singularity)

2. Cutting Corners

3. Organizational Bias

Social Challenges: Quality & Safety in 21st Century

1. Automation (avoinics example)

• Autothrottle - presetting of speed/thrust (cf. car “cruise control”)

• Flight director – altitude guidance display vs. trajectory plan

• ILS - landing guidance (from airstrip)

• GPS - precise control tower guidance, not stair-step descent.

“Pilots sometimes "abdicate too much responsibility to automated systems." (2011 FAA study, data/info from 9000+ flights).

“A typical mistake was not recognizing that either the autopilot or the auto-throttle – which controls power to the engines – had disconnected. “

Airline Cockpit Automation (Avionics)

Function CommercialAdoption

747(1970~90s)

777 (1995~)

787 (2011~)

Autopilot/AFS 1930 Yes Yes Yes

Flight recorder (black box) 1965 Yes Yes Yes

Autothrottle/ FMS 1980s? Primitive Yes Yes

“Glass Cockpit”LCD monitor

1970s Primitive Yes Yes

Head-up display (HUD) 2011 No No Yes

Auto-landing with HUD+GPS

2011 No No Yes

Airstrip ILS 1970s Yes Yes Yes

Airstrip GPS WAAS /LPV 2003 No Yes Yes

Ground-proximity warning system (EGPWS)/TAWS

1990s Primitive Yes Yes

Collision Avoidance (TCAS) 1993 No Yes? Yes

What is the Matrix Singularity ?

“Within thirty years, we will have the technological means to create superhuman intelligence. Shortly after, the human era will be ended.” --Vernor Vinge, 1993

Boeing 787Cockpit image(simulator).

The Singularity (technological)

Examples in recent news:• Deep Blue (chess)• IBM Watson (Jeopardy champion)• Self-driving cars (Google)• Global-Hawk Drones (US military)• Autopilot landing systems (Boeing 787)

• Baxter

Definition: The point at which artificial intelligence surpasses human intelligence. Human’s will not be able to keep pace with exponential technology change.

Computers/robots go from helping to commanding. They may replace humans in every respect, except creative arts, human-centric services.

“2nd Half of the Chess Board”

1st half:We understand this; (in fact we have achieved it.)

2nd half: We probably do not understand the implications…

Haswell transistor Count: 1.6G (109)~50yrs, counted in secs.

This is 1019 ….30x more than age of the universe in secs…

“We won’t experience 100 years of progress in the 21st century—it will be more like 20,000 years of progress (at today’s rate)...” –Ray Kurzweil

How can we avoid losing Spock’s brain despite increasing automation?

– Rapid Growth (new equipment, new workers)• E.g. SE Asia airline industry growing rapidly

– Global Competition (short-term thinking)• E.g. Training, outsourced maintenance, crew fatigue from multiple flights…• LCC airlines, pressure for reducing “gate turn-around”

2. Cutting Corners on Quality/Safety

[Asiana] about 0.5 percent of SFO’s 600 daily landings. Its go-around total, however, is well above that… One such aborted landing happened July 19, just days after SFO reopened the runway where Flight 214 crashed. The Asiana jet pulled out of its landing just 14 seconds from touchdown. (source link)

How to maintain a balance between economics and quality/safety?

• Departure from Meritocracy, ‘Qualitocracy’

– Cultural norms

• Deference to age, position/rank

– Economic interests

• Please the backers/investors/lobbyists

3. Organizational Bias

http://www.sfgate.com/default/article/S-F-plane-crash-pilot-says-he-was-briefly-blinded-4658043.php

“The crew ordered the passengers to remain seated once the plane came to a stop, delaying the evacuation for 90 seconds… Pilots were consulting with flight control. An announcement was made over the intercom telling passengers to "stay in your seats."

How can we ensureorg. culture of quality & safety?

3. Lessons for Quality Assurance

Lessons – Human Error Avoidance

1. Checklist (SOP) is key to ensure right actions.– Error types: Forgetting vs. Complacency (Have right

knowledge & apply it correctly)– Read-Do vs. Do-Check checklists– Normal vs. Emergency response checksheets

2. Flexible thinking & emergency response training– SOP, but also empowered decision making for

dealing with problems.– Frontline ready to make decisions, rather than

wait for orders from overwhelmed leaders.

3. Communication within a team– Checking for omissions, conflicts– Checklist contains “pause points” for team review– Communication tasks, as well as to-do items

Checklist Manifesto: Human Error

Knowledge Exists Unknown Notes

1. Knowledge Applied Best result n/a -

2. Not Applied Ineptitude IgnoranceIgnorance – we can never fully eliminate all unknowns; Ineptitude – preventable.

2a. Forgot to apply

Memory lapse(unintentional)

n/a

Distracted/overwhelmed by complex or rushed situation.

2b. Misjudged or overconfident

Complacency (skipping steps intentionally)

“Never been a problembefore”; Underestimation of risks/consequences.

2c. Alignment failure

MiscommunicationNo cross-check, or lack of trust, etc.

Checklists should include“pause points” (before, during,after critical actions/changes).

A checksheet may prevent all 3 types of ineptitude : forgetting, complacency, and miscommunication. It can provide verification as well as discipline and cross-checks. Though seemingly boring and simple, checklists can be extremely effective.

Lessons - Auditing• Specific excursion drills

– “Let’s say we have an excursion on SLI#x; show me your RFC, containment area, lot hold in db, etc.

– “Show me data and charts on all metrology for SLI#y”

• Communications for improvement(‘Who watches the watchmen?’)– DRB signoff responsible?

– PM handoff confirmation?

– Internal audits records?

– Trainers and SV are re-certified?

Lessons – Business Continuity Plans

• “Expect the best; Plan for the Worst” – Zig Ziglar

– Emergency response systems

– Training and drills

– Backup systems

– Early warning indicators

– Learning from near-misses and minor incidents

Planning with awareness/consideration for: • Failures of automation, • Pressures of market/economics, • Organizational bias

Conclusion

• “It would be illogical to assume that all conditions remain stable.”

–Mr. Spock (Star Trek TV series)

Back-Up Foils

Additional References

• http://abclocal.go.com/kgo/gallery?section=news/local/peninsula&id=9164096&photo=1&pid=9185603 (photos)

• http://www.patmarlins.com/Asiana.pdf (more photos)

• http://en.wikipedia.org/wiki/Asiana_214 (Wikipedia link)

• https://www.youtube.com/watch?v=eXCwI6a1DqI (animations)

• http://www.cbsnews.com/8301-201_162-57593510/teenage-girl-killed-in-asiana-crash-was-hit-by-fire-truck-s.f-police-say/ (overall news summary)

• http://abclocal.go.com/kgo/story?section=news/local/peninsula&id=9185603 (Additional tragic death)

• http://www.forbes.com/sites/brighammccown/2013/07/07/asiana-214-crashes-at-san-francisco-what-happened/ (analysis of cockpit errors)

Asiana 214 – Accident Details

• Boeing 777-200ER (first fatal accident in this airplane type)• RC is determined to be human error by the pilot. (Not mechanical or weather related)

• Pilot experienced (though not for flying a 777). Co-pilot was experienced instructor but did not catch the error.• The instrument landing system's ground-based guidance on runway 28L was out of service, as scheduled & pre-notified.• Autothrottle was set for the correct reference speed, but until the runway's precision approach path indicator (PAPI) showed

them significantly below the glide path, the pilots were unaware the autothrottle was failing to maintain that speed. • Approach at 103 knots, vs. 137 knots airspeed target; If even 1~2 knots below, co-pilot should provide warning, quick correction.• Both pilots at the controls had ample rest before they left South Korea and during flight, they were relieved by the backup crew• 3 pilots + 1 First officer said “they were relying on the 777's automated devices for speed control during final descent”• NTSB investigators that he had called out "sink rate" to call attention to the rate at which the plane was descending during the

final approach. This "sink rate" warning was repeated several times during the last minute of the descent• Autothrottle control was found to be in the "armed" position during documentation of cockpit levers and switches, differing from

both the "on" and "off" positions. The main pilot’s flight director was deactivated whereas the instructor pilot's was activated.• Final 2.5 minutes, from flight data recorder, multiple autopilot modes and multiple autothrottle modes activated • Evacuation delayed for 90sec, as pilot thought they should wait for further instruction from control tower.• Upon evacuation, 2 of the inflatable chutes expanded into the cabin rather than outwards. The first chute, which blocked the

forward right exit, nearly suffocated a flight attendant and was deflated by a pilot with a fire axe from the cockpit

Some Background Trends1) Increasing automation of the operator’s (pilot’s) tasks… As a matter of course, we increasingly rely upon the technology to do complex tasks. Automation is graduating from “robotic” (supplementary) to “artificial intelligence” (command) functions. It makes emergency response (and emergency planning) all the more important when those systems fail. http://blog.sfgate.com/stew/2013/07/11/animation-re-creates-saturdays-sfo-crash/“Asiana’s number of aborted landings, or “go-arounds,” is six to eight times greater than would be expected given the airline’s total number of flights into SFO.”“The pilot at the controls of Flight 214 had never flown a Boeing 777 into SFO before and was being supervised by a trainer pilot, federal investigators say.”

2) Growing pains of new companies and industries (especially in Asia nowadays). Organizational experience and pilot experience cannot simply be acquired like buying a new fleet of planes. http://blog.sfgate.com/matierandross/2013/07/28/sfo-worries-over-asianas-landing-record/

3) Cutting corners on safety…economic strain of competition, conflicting with safety requirements (notable in transport industry for long hours of work to meet a schedule or deadline… and many accidents occurring at hours of greatest fatigue.)http://www.pbs.org/newshour/bb/nation/july-dec13/plane2_07-08.html

The Safety Board has looked at fatigue for decades. It's been on our most wanted list of transportation safety improvements many times. This was a transpacific flight, more than 10 hours. We have got actually two crews on this flight. One is a relief crew, because as you look at flight and duty time and you look at fatigue, it is a concern.

http://www.theatlantic.com/technology/archive/2013/07/today-in-asiana-214-news/278068/

Slow reactions and obvious misperception, with degraded awareness, imply fatigue.

A: failing to correct for the low approach angleB: failing to notice the slow airspeed (137 kt normal, about 105 knots actual) - Normally the pilot continually checks the airspeed. Failing to glance repeatedly at this indicates degraded attention, vigilance, and perception. There was not a cockpit call for more speed until 7 seconds before hitting the seawall.

4) Organizational bias …departure from meritocracy, in favor of respect to those with higher age/experience, or those with powerful political connections, etc. Includes a relative departure from proven safety culture in favor of certain culturally accepted norms (like waiting for instructions from a superior, even during an emergency! …referring to the pilots delayed decision)

http://www.sfgate.com/default/article/S-F-plane-crash-pilot-says-he-was-briefly-blinded-4658043.php“Hersman said the crew ordered the passengers to remain seated once the plane came to a stop, delaying the evacuation for 90 seconds. Aflight attendant had initially asked the pilots whether she should begin an evacuation, but Hersman said she was told not to, as the pilots were apparently still consulting with flight control. An announcement was then made over the intercom telling passengers to "stay in your seats."

ILS – Instrument Landing System; VASI - Visual Approach Slope Indicator

Visual descent guidance information during the approach to a runway. These lights are visible from 3-5 miles during the day and up to 20 miles or more at night.