Slashdot Mirror

← Back to Stories (view on slashdot.org)

Modern Cockpits: Harder To Invade But Easier To Lock Up

Posted by Soulskill on from the difficulty-with-edge-cases dept.

HughPickens.com writes: Jad Mouawad And Christopher Drew write in the NY Times that although airplane cockpits are supposed to be the last line of defense from outside aggressors, airlines have fewer options if the threat comes from within. One of the major safety protocols that actually made planes safer in the past 15 years was that the cockpits were turned into fortresses. Unfortunately, that exact advantage was exploited by the co-pilot of the Germanwings plane on Tuesday to crash it intentionally. "It is shocking to me that there was not a second person present in the cockpit," says Mark Rosenker, a former chairman of the National Transportation Safety Board. Access to the cockpit is strictly regulated in the United States. Passengers are not allowed to congregate near the cockpit door, and whenever the door is open, no one is allowed in the forward bathroom and flight attendants usually block aisle access, sometimes using a food cart. The Federal Aviation Administration mandates that a flight attendant must sit in the cockpit when either pilot steps into the passenger area; European regulations do not have a similar two-person rule, but they're now talking about creating one.

The Germanwings accident also points to potential shortcomings in how pilots are screened for mental problems, a recurring concern for an industry that demands focus and discipline in an increasingly technical job, often in stressful situations. In 2012, a well-regarded pilot with JetBlue, one of the airline's earliest employees, was physically restrained by passengers on a flight from New York to Las Vegas after displaying erratic behavior. In that case, the co-pilot locked the pilot out of the cabin and made an emergency landing in Amarillo, Tex. "Aircraft-assisted pilot suicides," as the Federal Aviation Administration calls them, are rare. They include the November 2013 crash of a Mozambique Airlines plane bound for Luanda, Angola, which bears an eerie resemblance to the Germanwings plane's demise. When the flight's co-pilot left to use the lavatory, the captain locked him out of the cockpit and manually steered the aircraft earthward. The crash of Egypt Airlines Flight 990 off Nantucket, Mass., in 1999, which killed all 217 people on board, was also caused by deliberate action, a National Transportation Safety Board investigation concluded. Experts on suicide say that the psychology of those who combine suicide with mass murder may differ in significant ways from those who limit themselves to taking their own lives.

32 of 385 comments (clear)

  1. Ummmm ... duh? by gstoddart · · Score: 4, Insightful

    So, after 9/11 they rushed to put door locks on the damned things.

    And, now, to the utter shock and amazement of everybody ... someone in the cockpit can lock people out of it. Exactly as they designed it.

    I'm stunned, I tell 'ya.

    Of course, now when the pilot has to take a leak there is one less cabin crew, which I'm sure you can construct a scenario in which that's not a good idea.

    --
    Lost at C:>. Found at C.
    1. Re:Ummmm ... duh? by gstoddart · · Score: 4, Insightful

      And, of course, we can construct the scenario in which the co-pilot and one of the cabin crew conspires so that when the pilot has to take a leak it's the two of them in the cockpit, and then they can do the same damned thing.

      There's really no way you can 100% prevent this kind of thing.

      --
      Lost at C:>. Found at C.
    2. Re:Ummmm ... duh? by Wescotte · · Score: 4, Funny

      Hey, leave me out of this!

    3. Re:Ummmm ... duh? by gstoddart · · Score: 4, Interesting

      Know many pilots?

      The difference between "depressed narcissistic arsehole" and "perfectly normal narcissistic arsehole" isn't as far as you'd think.

      Airline pilots are largely convinced of their own superiority to begin with.

      Hell, I suspect the C-level of executives in most large corporations gets you your "narcissistic areshole" out of the gate. All the ones I've ever met certainly are.

      --
      Lost at C:>. Found at C.
    4. Re:Ummmm ... duh? by twitnutttt · · Score: 4, Informative

      But they thought ahead...

      The Federal Aviation Administration mandates that a flight attendant must sit in the cockpit when either pilot steps into the passenger area;

      Europe didn't apparently.

    5. Re:Ummmm ... duh? by 93+Escort+Wagon · · Score: 4, Insightful

      I guess they thought narcissistic arseholes were more of a problem in the US.

      Then they'd obviously never been to Paris.

      --
      #DeleteChrome
    6. Re:Ummmm ... duh? by gstoddart · · Score: 4, Insightful

      Gee, and one wonders why people might not be forthcoming with their doctors.

      As soon as you say "fuck doctor patient confidentiality" then WTF would you expect people to tell doctors anything for?

      So then the next thing you'd say is priests and lawyers should also not have confidentiality, because that would be inconvenient.

      Essentially, you are saying "it should be illegal to have secrets from the state".

      Think hard about what you're actually saying.

      --
      Lost at C:>. Found at C.
    7. Re:Ummmm ... duh? by ScentCone · · Score: 3, Interesting

      Essentially, you are saying "it should be illegal to have secrets from the state".

      No, he's saying it should be illegal to keep things like mental instability and dangerous suicidal mindsets secret from the state when the state is what licenses you to be entrusted, day-in, day-out, with the lives of hundreds of people. If you've got mental problems, don't look for a job where that is by definition a disqualifier. It appears this German guy knew that, and was hiding his problems from his employer and the regulatory agencies that license his operation of giant passenger aircraft.

      --
      Don't disappoint your bird dog. Go to the range.
    8. Re:Ummmm ... duh? by Jason+Levine · · Score: 3, Interesting

      Actually, 1 in a million might be too high of an estimate. There were 37.4 million flights scheduled worldwide last year (Source). The summary gives 5 examples from 1999 to present. Let's double that number (and exclude 2015 since this year just started) just to be safe. So 10 incidents in 6 years for an average of 1.6 incidents per year. So the risk of any one flight having a suicidal pilot/co-pilot determined on bringing the plane down is 1 in 22.4 million.

      You likely have a greater chance of dying on a plane from a heart attack than from the pilot/co-pilot crashing the plane. It's just that "co-pilot locks out pilot and crashes plane" makes for a juicier news story than "pilot and co-pilot fly planned route with no major issues and land safely just like they did a dozen times the previous week."

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    9. Re:Ummmm ... duh? by ultranova · · Score: 4, Insightful

      It appears this German guy knew that, and was hiding his problems from his employer and the regulatory agencies that license his operation of giant passenger aircraft.

      So what happens when you remove doctor patient confidentiality? The other depressed people will not see them and will still fly, only without having received psychiatric help or medication. That makes the risk larger, not smaller.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    10. Re:Ummmm ... duh? by AlejoHausner · · Score: 4, Insightful
      I might agree with you, if mental-health diagnoses had any predictive power. But suicides are pretty much impossible to predict. Just because someone is diagnosed as clinically depressed does not tell you that they will commit suicide tomorrow. And there are perfectly well-adjusted people who kill themselves because, say, they have a terminal illness.

      You also can't, in any reliable way, predict that someone will kill others.

      Not to mention unconscious forces. The typical murderer doesn't know that he will kill tomorrow. But some violent rage may arise, triggered by some unforeseen incident. Sure, there are pre-meditated murders, but they are rare, and their very rarity makes the justice system punish them more severely.

      Doctors can't predict that you will cause harm tomorrow. You yourself can't predict it, because you don't know what's really going on in your head. So let's not make everyone's life a pain by trying to prevent the unpredictable.

      The next thing you know, they're going to make us take our shoes off at the airport because someone put a bomb in his shoe, or make us buy tiny bottles of shampoo because someone maybe planned to make explosives from liquid reagents in flight. Oh wait, such over-reactions have already taken place!

    11. Re:Ummmm ... duh? by Paul+Jakma · · Score: 3, Informative

      Gender is irrelevant. Egypt Air 990 crashed *without* locked cockpit doors. The captain was back in the cockpit within 12s of the co-pilot initiating a descent. He was making control inputs within 27s. However, he didn't start to suspect the cause of the problem might be the co-pilot until between 30s to 33s. The aircraft hit the sea at about 43s.

      Every second may be vitally precious in these situations. Locked cockpit doors, even with over-rides, will waste potentially extremely-critical time.

      --
      I use Friend/Foe + mod-point modifiers as a karma/reputation system.
    12. Re:Ummmm ... duh? by CohibaVancouver · · Score: 4, Insightful

      The very lack of them finding the plane (MH370) at all means that it more than not it did not crash

      No - They haven't found the plane because of the size of the search area.

      I'm surprised how few people seem to get this.

      The search area is choppy, stormy ocean and is the size of Australia. To put that in perspective, here's a map of Australia overlaid on the USA:

      http://keithooper.smugmug.com/...

      So imagine you're looking for a seat cushion in Nevada that's bobbing on the water in Illinois.

    13. Re:Ummmm ... duh? by Obfuscant · · Score: 3, Informative

      So what happens when you remove doctor patient confidentiality?

      In the US there is no true doctor-patient confidentiality when it comes to pilots. The medical certificate application requires a pilot to list all visits to a doctor in the last three years and the reason (item 19). Item 18 asks if you have ever in your life been diagnosed as having a plethora of conditions, including "(m) mental disorders of any sort; depression, anxiety, etc."

      Further, FAR 67.413 says:

      (a) Whenever the Administrator finds that additional medical information or history is necessary to determine whether an applicant for or the holder of a medical certificate meets the medical standards for it, the Administrator requests that person to furnish that information or to authorize any clinic, hospital, physician, or other person to release to the Administrator all available information or records concerning that history.

      In other words, if you want to be a pilot* in the US, the federal government can ask you to provide access to any and all medical records there might be on you. If you say "no", they can yank your medical certificate. That means you don't get to be a pilot anymore -- not even as a sport pilot that doesn't normally need a medical certificate. It doesn't matter that the guy you share ownership of a sport aircraft with has never tried to get a medical certificate, if YOU had one and it was yanked you don't get to fly that aircraft as PIC legally, even though he can.

      And making false statements on the medical application can also result in revocation of the medical. Simply failing to check the box for "depression" when you have been diagnosed and have not previously reported it is considered making a false statement.

      * at any level higher than "sport".

    14. Re:Ummmm ... duh? by smellsofbikes · · Score: 3, Insightful

      Would this not merely cause people to avoid psychiatric care?

      In the case of pilots, there is a legal requirement for the pilot to get checked out medically on a regular basis. For US airline pilots the maximum time between medical checkouts is six months.

      However, that statement is completely orthogonal to the other problem, which is that many people who could pass a psychiatric assessment kill themselves or others, and a large number of people who would come out of a psychiatric assessment with a big thick file of observed problems are perfectly reliable individuals in their daily lives and would likely be completely competent pilots.

      --
      Nostalgia's not what it used to be.
    15. Re:Ummmm ... duh? by magarity · · Score: 4, Funny

      The government should fund a program to encourage more girls to choose airline pilot as a career.

      I thought they were desperately needed as computer programmers.

    16. Re:Ummmm ... duh? by St.Creed · · Score: 3, Insightful

      OR for fucks sake, while this is a tragic disaster, events like this are so incredibly rare, that we should be cautious to avoid 9/11 style psychosis.

      We should have avoided that psychosis in the first place by not locking the cabin doors. If they had locked cabin doors on september 11, they would have opened them as per the then standing instructions on hijacks and even flight 93 would have ended inside a skyscraper or the Pentagon.

      Even in 9/11 the cabin wasn't rushed with grenades and explosives, but with box knifes. Suppose it happens again? How long do the pilots hold out when the hijackers slaughter the passengers one by one outside their door, on their camera? And that assumes the passengers will happily play along - how many hijackings have occurred since 9/11 where the passengers sat idly by, waiting for their fate to be sealed? I bet it's a binary number.

      And another thing: now the pilots are in control of all those people. Quite literally untouchable. If you have even the smallest inclination towards a Messiah complex, this will set it right off. Couple that with the enormous pressure on pilots who are in debt, with airlines in trouble and sacking pilots, and you have a recipe for disaster.

      The cabin door lock was not meant to protect the passengers, it's meant to protect the skyscraper. I say we should get rid of it.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
    17. Re:Ummmm ... duh? by nbauman · · Score: 3, Insightful

      Gee, and one wonders why people might not be forthcoming with their doctors.

      As soon as you say "fuck doctor patient confidentiality" then WTF would you expect people to tell doctors anything for?

      That's what happens in the military, in the special combat services. The military has a high suicide rate. They've been trying to encourage combat personnel to talk about that with doctors or therapists.

      Military personnel believe, with some justification, that if they went to a doctor or psychologist about a mental problem, it would be the end of their career.

      And there's a military culture being against psychotherapy and against acknowledging mental illness.

      (This is assuming that psychotherapy can actually prevent suicide. There was no evidence it can, last time I did a literature search.)

      So then the next thing you'd say is priests and lawyers should also not have confidentiality, because that would be inconvenient.

      One of the few ways you can have therapy that is still kept confidential is to see a clerical counselor. Kenneth Starr subpoenaed Monica Lewinsky's therapist to give his records and testify, but Starr didn't subpoena Lewinsky's rabbi. Also, unlike health professionals, the clergy aren't required to keep written records.

      I've never heard of a prosecutor subpoenaing a clergyman to testify about his congregants. They're privileging religious counselors over secular counselors, which is one more example of hypocritical favoritism towards religion, but our government always ignores the First Amendment when it's politically expedient.

  2. Pilots must remain in control by bughunter · · Score: 4, Insightful

    Unfortunately, if one of the pilots wants to take the aircraft somewhere (be it into the side of a mountain, or to Cuba, or wherever) there's little the engineers, airlines or ATC can do about it. Any security measure will have a gap.

    And also, the pilots must have control of the aircraft. It's far more likely that an exception to protocol or security will be required to save lives than to endanger them.

    --
    I can see the fnords!
    1. Re:Pilots must remain in control by Tx · · Score: 4, Interesting

      Sure, you can't remove all risk. But it's at least possible that the guy in this case did not have the kind of crazy required to be physically attacking people, or looking them in the eye while killing them. He did after all wait for the opportunity to make sure he had the cockpit to himself, and he didn't make threats, or indeed say anything to anyone during the incident, so it doesn't seem to me like he was up for any kind of face-to-face confrontation. Maybe just the fact of having someone else there would have been enough.

      --
      Oh no... it's the future.
  3. Don't make it impossible, just make it hard by halivar · · Score: 3, Insightful

    Having a flight-attendant sit in for a two-person rule may not have saved the plane, but at least the co-pilot would have to work harder for it.

    1. Re:Don't make it impossible, just make it hard by TWX · · Score: 4, Interesting

      Or you could change the way the cockpit door lock works.

      If what I've read is right, anyone in the cockpit can lock the door such that it cannot be opened from the outside even if they have the code, but only for a five minute stretch. If a two-person rule is put into place, also put into place two switches further apart than arm's reach that have to be pressed in-sync or in very close succession. If the flight attendant occupying the second position disagrees then the door does not prohibit a code from opening it. This way, even if one person in the cockpit kills the other, the door cannot be code-blocked to the cabin.

      --
      Do not look into laser with remaining eye.
  4. Re:A Bit Fishy by itzly · · Score: 5, Insightful

    Planes need to be able to do emergency landings, so it makes sense there's an override switch for landing in the terrain.

  5. There's a limit to what can be done by Cimexus · · Score: 3, Insightful

    I agree that the 'two people in cockpit at all times' rule that already exists in the US is a good idea and I'm sure this will now be introduced in Europe. Some airlines in Europe, Canada and elsewhere are already introducing it, as we speak.

    As for the argument that the tougher cockpit doors and lockout mechanisms are to blame for this incident ... that could be argued, but those changes have probably saved more lives over the last 14 years than were lost in this tragic incident, so rolling them back would be unwise. Admittedly this is somewhat like Lisa's tiger rock - we don't ~know~ how many potential hijackings or cockpit intrusions haven't occurred simply because would-be hijackers know that taking that approach is useless now. But looking at the number of hijackings per decade pre-9/11 and comparing to now, I think it's safe to say the strengthened doors and new cockpit access protocols were a net improvement.

    But all the security protocols in the world can't completely prevent incidents like this. Two people in the cockpit may make it slightly more difficult, but it just means the suicidal pilot needs to incapacitate the other person in there first. That adds an additional mental barrier (it is psychologically 'easier' to simply turn a dial and set an altitude below the terrain level, than it is to kill someone or knock them out first), so will prevent at least some of these incidents that may have otherwise occurred. But there is no complete solution because at the end of the day, those in the cockpit are in control of the machine and can do what they want with it. We put our trust in them, and in the airlines' ability to ensure their medical and psychological health.

  6. The inside threat is more potent by smooth+wombat · · Score: 3, Interesting

    airlines have fewer options if the threat comes from within.

    This shouldn't be a surprise. It's the same thing with networked systems. It's not outside threats which pose the problem, it's the people on the inside who either inadvertently or deliberately cause the problems.

    Once you've granted someone access to your data, no amount of firewalls, air gaps or anything else can prevent that person from doing damage in some form, even if only taking that data and giving it someone else on the outside.

    In this case, since the co-pilot was on the inside and had the ability to override the security code to open the door, the damage was done long before he crashed the plane.

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  7. The Jet Blue incident by Latent+Heat · · Score: 5, Insightful

    I believe it was mentioned that it was a Good Thing when a co-pilot locked out a captain who was freaking out, allowing the co-pilot to make and emergency landing and save the passengers.

  8. Re:A Bit Fishy by Cimexus · · Score: 3, Informative

    As I understand it, these systems don't actually ~prevent~ the pilot doing something that they have explicitly commanded, provided it's not something that as you say will push it outside of its stable flight envelope (and even there, you can still do that by forcing the flight control systems to revert to alternate law). In this case there wasn't really any 'programming' involved ... he simply turned a dial to tell the autopilot to descend to an altitude that was lower than the terrain level (incidentally, at the point the descent was initiated, they were near the Mediterranean coast so the local terrain level was close to 0 ... however their path then took them into much higher terrain).

    You are correct that the aircraft 'knows' about the terrain. It'll throw warnings at you if you tell it to descend below the safe altitude for the sector you're in, and when terrain is physically detected nearby you'll get GPWS alarms etc. But that's information for the pilot only - it won't physically stop you flying somewhere you've explicitly told it do go.

  9. Re:A Bit Fishy by itzly · · Score: 4, Insightful

    The computers aren't in complete control. If a pilot wants to do an emergency landing, he must have that option. The computers prevent some things, and they warn for others, but it's impossible to have a computer judge all kinds of complex situations, including various kinds of mechanical or sensor problems.

    Also, look at United 93. In some cases, it is preferable to have a plane crash into the terrain at high speed instead of having a hijacker control it into an office building.

  10. Re:TSA checks still useless by Will.Woodhull · · Score: 5, Funny

    This accident fatly underlines the point....

    I, for one, welcome the new word "fatly" into the world of English discourse...

    The word appears to follow the rules of English word-making. It is also highly visual and conveys its imagery in a succinct yet easily digested way to probably all speakers of English, no matter how weak their grasp of the language might be.

    Shakespeare would have been proud of this word. This is one he could have easily used, had he but thought of it first.

    --
    Will
  11. Re:A Bit Fishy by gman003 · · Score: 4, Informative

    Your TFH is on a bit tight, but your real problem is lack of knowledge.

    Computers are not "in control" of Airbus aircraft, any more than computers are in control of Ford cars. There is absolutely a manual - it just isn't a physical link, because we've moved beyond wires and pulleys, or even hydraulics.

    Large aircraft are designed for skilled pilots - ones who can respond to the often unusual disasters that strike when in the air. There's an override for everything, because you never know when you might need to do something unusual in response to some other failure. Want to engage the thrust reversers while in-flight? Sure - normally that would be catastrophic, but that might be the only way to prevent an overspeed in a steep dive. Want to land without lowering the gear? It'll yell at you but it won't stop you.

    In fact, very few things even require an override. The normal thing for an aircraft to do when it thinks the pilot is making a mistake is to yell at them, not stop them. And in this case, we have on the cockpit voice recording the sounds of the alarm saying "PULL UP. PULL UP. PULL UP."

    But the aircraft didn't stop him, because there are easily dozens of situations where stopping him would have been even worse. For example, an all-engines out emergency landing. Or a GPS malfunction, and there's no mountain there. Or... you get the picture.

    There are no aircraft that don't have a mode that acts like manual. There are a few military aircraft where, even in manual, the flight computers will make constant control movements to keep it stable, but even in a B-2, if you slam the stick forward, it'll dive right into the ground.

  12. Re:A Bit Fishy by 93+Escort+Wagon · · Score: 5, Insightful

    Also, look at United 93. In some cases, it is preferable to have a plane crash into the terrain at high speed instead of having a hijacker control it into an office building.

    Or with US Airways Flight 1549 (which was an Airbus A320-200) it was preferable to plop it into a river.

    Sully and the flight crew made a judgment call that they weren't going to reach any of the possible landing fields, so they turned the plane around and dropped it into the Hudson. It's unlikely the Airbus computers thought that was an appropriate action...

    --
    #DeleteChrome
  13. Re:TSA checks still useless by Celarent+Darii · · Score: 3, Interesting

    And Shakespeare came so very close to doing so:

    HAMLET [...] we fat all creatures else to fat us, and we fat ourselves for maggots. Your fat king and your lean beggar is but variable service, two dishes, but to one table; that's the end.

    POINS [Henry IV, part 1] .... there are pilgrims going to Canterbury with rich offerings and traders riding to London with fat purses.

    As a matter of fact, the Oxford English Dictionary says that Barclay wins the honor for using fatly first.

    Some beast agayne, styll leane and poore is sene Though it fatly fare, within a medowe grene.

    Magnificent thing, the English language, so fatly adorned with so many words.