Poor Pilot Training Blamed For Virgin Galactic Crash

astroengine writes: SpaceShipTwo co-pilot Michael Alsbury was not properly trained to realize the consequences of unlocking the vehicle's hinged tail section too soon, a mistake that led to his death and the destruction of the ship during a test flight in California last year. Responsibility for the accident falls to SpaceShipTwo manufacturer Scaled Composites, a Mojave, Calif., company owned by Northrop Grumman Corp, the National Transportation Safety Board (NTSB) determined at a webcast hearing on Tuesday (PDF). Poor oversight by the Federal Aviation Administration, which oversees commercial spaceflights in the United States, was also a factor in the accident, the NTSB said.

If there was a criteria for safe unlocking

[thegarbz]

If there was a criteria for safe unlocking of the hinged tail section then why wasn't it interlocked until the criteria was satisfied?

A bigger error here is reliance on operator training. It's the least reliable form of ensuring a certain outcome.

Re:If there was a criteria for safe unlocking

[decep]

Because in rocket ships and other experimental craft, as much control as possible should be deferred to the human pilot. Even to the possible detriment of the pilot.

If the pilot needs to purposefully destroy the craft to prevent greater harm or damage, even if it kills him, you do not want the equipment to respond with "I'm sorry, Dave. I can't let you do that."

Re:If there was a criteria for safe unlocking

[Dutch+Gun]

I can't imagine the engineers who designed this wouldn't be aware of those consequences. In fact, I'd go so far as to call this a partial failure of the engineering department as well - specifically, the ones who created the cockpit controls. I mean, the spacecraft basically had a single lever in the cockpit which if pulled at the wrong time would result in the fiery destruction of the spacecraft and death to all aboard. That's a hell of a consequence for a single mistake in the cockpit.

Granted, clarity in hindsight and all that, but it just seems surprising to me that this possibility wasn't given more thought, given that this was a major feature of the spacecraft. You can imagine they're probably taking a second look at other systems and trying to figure out what the potential outcomes of human error might be and ways to mitigate those errors. At least, I hope they're doing that.

Re:If there was a criteria for safe unlocking

[rmdingler]

The cold, hard reality of many a tragedy is that outcomes not foreseen by developers wind up relevant, and thus, engineered out of the realm of probability.

I can guaranfuckingtee you the engineers considered this event. Their take at the time? " Nobody is going to pull the feather actuator prematurely!"

Re:If there was a criteria for safe unlocking

[DerekLyons]

If there was a criteria for safe unlocking of the hinged tail section then why wasn't it interlocked until the criteria was satisfied?

There are problems with interlocks that aren't often appreciated by the armchair engineer. They add weight and complexity to a system. They themselves can fail. They add to the maintenance burden. They add to training, Etc... etc... TANSTAAFL.
 

A bigger error here is reliance on operator training. It's the least reliable form of ensuring a certain outcome.

Yet, for being the least reliable, it's a method that works very well - presuming the operator is properly trained.

Re:If there was a criteria for safe unlocking

[Ol+Olsoc]

If there was a criteria for safe unlocking of the hinged tail section then why wasn't it interlocked until the criteria was satisfied?

A bigger error here is reliance on operator training. It's the least reliable form of ensuring a certain outcome.

From TFA:

Those ships will include an extra mechanical device to prevent pilots from inadvertently unlocking the tail sections, known as “the feather” early, Virgin Galactic wrote in a report obtained by Discovery News.

Which by the way, might be able to fail itself, and keep the pilot from unlocking the tail section when it needs to be unlocked. Killing the pilot and co-pilot.Hellova world, eh?

Re:If there was a criteria for safe unlocking

[metlin]

As a pilot, I cannot agree more. Some of the cockpit controls out there are downright obnoxious, especially for rotary wing.

I have a friend who is a Harrier jet pilot, and I have heard some horror stories on landing those on aircraft carriers.

Usually, we are told what *not* to do, and so unless explicitly forbidden (e.g., do not do X before this time), we will assume it will be alright. This is clearly an engineering and a documentation/training failure.

It's easy to blame the pilot, but if anything, he's a tragic victim of poor design.

Re:If there was a criteria for safe unlocking

[thegarbz]

Nice try mate, but as a protection systems engineer I have more clue than most, especially about the cost and reliability of various factors. The airline industry is a model upon which many other industries are shaping their systems, precisely due to the careful control taken away from pilots.

Specifically you may want to look up the accident statistics and the current trend in which it is moving. Most notable was the introduction of better control systems for airplanes in the 70s which has led to a steady decline in the number of aircraft accidents. None the less there are still 5-10 fatal accidents per year and many 100s of near misses (My favourite from last year was the pilot who overshot the airport because he was playing on an iPad)

While you're looking up the statistics check out the cause of failure. Pilot error accounts for more than double the number of the sum total of all other failures. Even when you take out weather and adverse conditions, unforced pilot errors are still larger than all other factors put together.

But why stop there. Why not read about classic disasters in history, in the oil industry, construction industry, or general transport industry. Read up a bit about psychology and then readup the standards on harzard and operability studies. The best thing about the internet age is that you don't need to take my word for it anymore.

Fortunately I get paid a lot of money to have a clue because people like you think "training" can solve a problem. In my line of work there's no such thing as operator error. There's only the errors in the system and organisation that allowed the operator to have an accident in the first place.

Maybe he thought that "Unlock" would only unlock

[perlwannabe]

From the report:
The unlocking of the feather during the transonic region resulted in uncommanded feather operation because the external aerodynamic loads on the feather flap
assembly were greater than the capability of the feather actuators to hold the assembly in the unfeathered position with the locks disengaged.

So maybe the copilot thought that he was preparing for the future feathering operation by unlocking it, and he did not think he was initiating the feathering. Usually an "unlock" switch is only a permissive, and it does not initiate the actual operation.

A "safety feature"

[Dutch+Gun]

It's interesting as the unique tail section was actually touted as a "safety feature" by the company. I'm not necessarily saying it can't be the case, but like any feature, even a safety feature (see: exploding airbags), defects or improper use can cause more harm than in it's absence.

The moveable booms are intended to provide a fail-safe mechanism for positioning SpaceShipTwo during the fiery re-entry into the atmosphere. Scaled pilots were well aware of what could happen if they unlocked the feather too late, but training about its early release were ignored, accident investigations found.

It's a bit strange, as it seems like such a fundamental error - not some obscure feature that could be overlooked. What pilot would say to himself "Hey, I know I'm supposed to unlock the tail at time X, but what the hell, why not just do it now?" It seems really strange that they wouldn't have precise procedures for this, since it's such a critical part of the entire design.

It's a hard way to learn a lesson like this.

Re:What will kill me next?

[Whiternoise]

That's pretty standard for all aviation training. Flying is easy, much easier than driving in a lot of ways. Not killing yourself is a lot harder. That's why pilots have reams and reams of checklists covering pretty much every conceivable problem that can happen. Similarly when training in a simulator, the operators can pretty much throw the book at you to see how you react to losing all your instruments and a wing while flying through a thunderstorm.

NASA's generic rulebook is over 2000 pages long and is well worth a flick through if you're a space geek http://www.jsc.nasa.gov/news/c...

Re:Maybe he thought that "Unlock" would only unloc

[JustAnotherOldGuy]

It appears that unlocking it just allowed dynamic forces outside the craft to move the feather without being commanded to. The external forces simply overcame the mechanical system that was holding it retracted. A transonic slipstream exerts a hell of a force.

In my view this is a dual failure- a failure by the pilot who (apparently) wasn't trained on when not to unlock the system, and an engineering failure as well- it seems a common-sense thing to lockout potentially (or positively) fatal mis-operations. I'm sure that one or more existing sensors could have been used to prevent unlocking the feather if current conditions could/would cause a catastrophe.

And yes, I'm playing Monday-morning quarterback, and yes, I have the benefit of hindsight, but still- foreseeing the "what could go wrong" possibilities is what good engineering is all about.

Re:Experienced test pilot?

[0123456]

You're an experienced test pilot of a rocket powered ship and you have to be specifically trained to anticipate the effects of slamming on the brakes while traveling at supersonic speed?

As touched on in a comment above, he didn't deploy them, he unlocked them. As I understand it, he unlocked them too early, so the deployment mechanism was unable to prevent them from deploying under the stress of supersonic flight at relatively low altitude.

You want to unlock them early, because, if you can't unlock them, you can still cut the engine and glide back. You don't want to unlock them too early, because this happens.

Re:NTSB fines? penalties?

[zamboni1138]

No laws were broken. There is no way to levy a fine. The NTSB is not in the business of fining individuals or organizations for violating rules or laws. That's the job of the FAA and other various agencies that oversee road vehicles, trains, and boats.

The NTSB does their best to identify the probable cause(s) of the incident, what factors led up to that incident, and, most importantly, what measures to take to prevent any future incidents. It's up to agencies, like the FAA in this case, to implement suggestions from the NTSB.

In this case, most of the blame appears to fall on the FAA.

Re:Maybe he thought that "Unlock" would only unloc

It appears that deploying the feather was a multi-step operation. The flap covering the feather is unlocked, then the flap is opened, then the feather is deployed. The pilot probably knew that the feather could not be deployed at the speed they were going, but did not know/understand that the flap could not stay closed if unlocked at the speed they were going. Thus, the pilot unlocked the flap, and from there, whatever other latch that made step 2 work broke, the flap opened and the feather deployed on its own.

If the unlock switch had some god-awful name describing exactly what it did

Maybe the button will be renamed "Remove Restraints Holding Feather Flap Closed During Transonic Region".

I call BS (pending the full report)

[tipo159]

I have read the NTSB Executive Summary. As far as I have seen, the full report has not yet been made available.

The claim made by the report is the accident was the result of human error because one of the pilots unlocked the feather prematurely and that the actuators that control movement of the feather were overcome by aerodynamic forces (while going through trans-sonic speeds) and the feather moved. Deploying the feather is a two-step process, unlocking, which one pilot can do, and commanding it to move, which require both pilots to take action.

What I didn't see in the Executive Summary was whether Scaled Composites expected the actuators to be able to control movement of the feather while the vehicle was going trans-sonic.

Just after the accident, there were statements attributed to Scaled that the actuators should have been able to hold the feather in position after it was unlocked. If the people working on and with the vehicle thought this, how could it be human error for the feather to be unlocked when it was?

If it turns out that those earlier statements were incorrect and Scaled knew that it was a bad idea to, say, unlock while going through trans-sonic, then the Executive Summary should have indicated that. I just find it odd that it doesn't say anything about what Scaled had communicated to its pilots about the capabilities of the actuators for the feather once it was unlocked.

Re:NTSB fines? penalties?

[Jane+Q.+Public]

In this case, most of the blame appears to fall on the FAA.

I would expect that it's classified as some sort of "Experimental" vehicle at this point, for which the usual rules do not apply. So I doubt the FAA has much to do with it either.

Even so: given the known design of the craft, how could he possibly NOT know that unlocking the tail section prematurely was dangerous? I mean, seriously. "Oh, sure, let's just let it flap in the breeze at a few thousand miles per hour. No big deal."

Sheesh.

Re:NTSB fines? penalties?

[sh00z]

I would expect that it's classified as some sort of "Experimental" vehicle at this point, for which the usual rules do not apply. So I doubt the FAA has much to do with it either.

No, TFS has it correct. It's classified as "Commercial Spaceflight," and the Federal Government deliberately moved jurisdiction from NASA to the FAA.