Learning from failure (to learn)

Mahabubul AlamCS/SE 6361, Fall 2014 Final Term Paper Presentation The

University of Texas at Dallas

Asiana Airlines #214

Recap

On July 6, 2013 Asiana Airlines Flight 214, crashed short of runway 28L’s threshold while attempting to land at

SFO. There were 3 Fatalities & 187 Injured.

1

NTSB Report:

Confused Flight Crew over relied on Automation

Flew too slow and too low, hit seawall

Through the eyes of the Reference Model

2

W R S P M

Environment System

R - Requirements

D - Domain PropertiesS - Specification

C - Computer

P - Program

Failure really happened in the Environment, long

before July 6, 2013

Failure appeared to happen at the Human-

Machine Interface

S, D ⊭ R but P, C ⊨ S

Machine Performed per Specification

Domain failed to collaborate

Requirements were not met

Let’s look at the domain

3

Asiana#214Boeing SFO-R#28L

AsianaAirlines

AirCrewFAA NTSB

AirTrafficController

Crash

needs-to-land-at

fliesregulates

owns-and-operates

regulates

employs-and-trains

monitors-and-guides-flight-of

investigates

Happens-at

Root Cause Analysis – P.I.G.

4

A Convergence of Circumstances

5

Inadequate Domain Assumptions lead to poor design

Aircraft failed to maintain speedDid not provide adequate low speed warning

Conflict of Design philosophy and Business Practice

Over reliance on Automation without Training

Nurturing Requirements Errors for Decades

It has happened 4 times before!*

Boeing is non-compliant with FAA

SFO ILS Offline – Forced Visual ApproachLack of practice leads to confusion

* 09/23/2007 – UK B737, 1/27/2009 – TX, ATR-42, 2/12/2009 – NY, DHC-8, 3/25/2009 – Netherlands – B737

Goal is to avoid crash

6

Recommendations

7

Comply with FAA AC 25.1329 & AC 25.1322-1Low Speed Protection, Adequate Warning

Improve Transition training, encourage manual flightsBetter mental model of automation, more prepared

Human error cannot be prevented, so improve designImproved safety, saves lives

Fill in the gaps in RequirementsInadequate requirements can spell disaster!

One probable solution

8

:MonitorUnit :CommandUnit:ControlUnit:Pilot

opt

LandingZone

wrongInput

sendCorrectInput

transferControl

performGoAround

notifyPilot

notifyControlTower

Introduce multiple channels in the flight system.In landing zones, it can take over before its too late.

58% of fatalities happen during descend to approach to landing

Follow Pareto Principle.Minor changes in design philosophycan have Major impact on outcome

For Tacit knowledgeapply Ethnomethodology

9

Ethnographic Research

Analyze

Observe Record

Inteview

Apparent Truth

What did we learn?

10

The only way to have a perfect system is to have perfect humans design and

operate the systems. That is not possible. So failures will happen.- Dr. Lawrence Chung. November 11, 2014

We need to keep asking questions, and the answers will help us design and build the system-to-be and the

system-next and so on…But Boeing seems to claim their system is perfect…….

References

Asiana Airlines Flight 214http://en.wikipedia.org/wiki/Asiana_Airlines_Flight_214

Crash of Asiana Flight 214 Accident Report Summaryhttp://www.ntsb.gov/news/events/2014/asiana214/abstract.html

NTSB: Asiana crew 'over-relied' on automated systemshttp://www.usatoday.com/story/travel/news/2014/06/24/ntsb-asiana-fatal-crash-san-francisco/11302347/

Pilot in deadly plane crash had no experience landing 777 in San Franciscohttp://www.cnn.com/2013/07/07/us/plane-crash-main/

Asiana Flight 214 Investigation Focuses on Airspeed in Final Secondshttp://www.wired.com/2013/07/ntsb-wraps-up-asiana-214/

Asiana cites crew failures and autothrottle design in flight 214 crashhttp://www.flightglobal.com/news/articles/asiana-cites-crew-failures-and-autothrottle-design-in-flight-214-397632/

Retired Senior Boeing Flight Instructor blames on the Auto-throttle Systemhttp://www.cockpitchatter.com/retired-senior-boeing-flight-instructor-blames-on-the-auto-throttle-system/

Statistical Summary of Commercial Jet Airplane Accidentshttp://www.boeing.com/news/techissues/pdf/statsum.pdf

Descent Below Visual Glidepath and Impact With Seawall - Asiana Airlines Flight 214http://www.ntsb.gov/doclib/reports/2014/AAR1401.pdf

11

Questions?