Episode II – What are the odds?

This is Opacity Zero, a show about challenging the unknown with curiosity. I am Melanie Heymans and I am really excited that you are back for episode II. . . What are the odds?

38, 73, 12, 641. . .these are the numbers that sum up commercial aviation safety for 2014:

  • 38 million flights
  • 73 accidents
  • 12 of those fatal
  • killing a total of 641 people

Over the past 20 years aviation accidents have become a rare occurrence. Thanks to major advances in technology and training the fatal aircraft accident rate has been reduced from 0.6 accidents per million flights to 0.2, while the hull loss accident rate — which is accidents in which an aircraft is destroyed or damaged beyond economical repair — has been cut in half from 1 accident per million flights to 0.5.

In 2014 more than 3.3 billion people flew safely on more than 38 million flights. The odds of being killed in a single airline flight are 1 in 4.7 million – compared to 1 in 220 of writing a New York Times Bestseller, or 1 in 563 of catching a ball at a major league baseball game, the odds are definitely in your favor. And yes, you should totally write that book.

Even though these numbers are impressive 2014 won’t be remembered for 38 million safe flights, but for two extraordinary and deeply tragic events – the destruction of Malaysia Airlines Flight 17 by anti-aircraft weaponry and the disappearance of Malaysia Airlines Flight 370.

We know the story of MH370: A Boeing 777 with 239 passengers and crew on board departs Kuala Lumpur, in the early hours of March 8th 2014, headed for Beijing. About 40 minutes into the flight the plane goes silent and disappears from civilian air traffic control radars. Military radar and satellites track the aircraft flying on for a few more hours before it disappears completely sometime between 8:19 and 9:15am.

In the absence of answers, in the 16 months since then, speculation about what happened on board MH370 has been vigorous – from an accident to a secret landing to pilot suicide, it has all been discussed by amateurs and professionals alike.

But which theories hold up and which don’t? Which ones are likely and which ones are easy to dispel? To find some answers let’s quickly shift our focus from what we don’t know to something we know – why do planes crash in general:

More than 60% of all aircraft accidents fall into one of three categories:

  • The first one is called “Loss of Control in Flight” and accounts for 27% of all aircraft accidents. It is defined as a situation in which an aircraft enters a state outside of its designed capabilities regarding speed, altitude or load and therefore becomes uncontrollable.
  • The second category is “Controlled Flight into terrain” which accounts for 22% of all aircraft accidents and is defined as a collision with terrain, water, or an obstacle without indication of loss of control, in other words when a perfectly functioning aircraft is flown into the ground, an obstacle or water under complete control of the pilot.
  • The third category is “Runway Excursions” which accounts for 11% of all aircraft accidents and is defined as a situation in which an aircraft veers off or overruns the runway.

Now these three categories tell us the different types of aviation accidents but they don’t tell us a lot about the cause. What causes a plane to reach its design limits, veer off a runway or collide with terrain?

If you are thinking “human error” you are on the right track – more than half of all fatal aviation accidents in the past 50 years have been directly or indirectly caused by pilot error, followed by 20% caused by catastrophic failure, 12% by weather, and 8% by sabotage.

Human error is a broad and quite complex concept and we will spend episode three diving deep into it but for today’s episode we are going to explore catastrophic failure as the possible cause of the disappearance of MH370.

Let’s start out by taking a look at what exactly catastrophic failure is:
Catastrophic failure describes all events that affect one or more critical aircraft structures or systems making it difficult or impossible for the crew to safely fly or land the aircraft.

Today’s aircraft are built extremely well, checked regularly and maintained according to strict guidelines and maintenance schedules. All critical systems on modern airplanes have several backup systems or procedures so it generally takes multiple malfunctions of redundant systems to create a potentially catastrophic failure.

Still there are certain parts and systems within an aircraft that are more susceptible to failure than others and we generally distinguish between two types of catastrophic failure:

  • The first one is Structural or Mechanical Failure and
  • The second one is Electrical failure

Let’s take a closer look at these two categories.

Structural or mechanical failure describes any failure that involves:

  • the airframe, which includes the fuselage, the doors, the tail and the wings OR
  • the flight surfaces, which include:
    • the flaps – those are these movable parts on the back of the wings that you can see extending and retracting at take-off and landing,
    • the horizontal stabilizer – that’s the two small horizontal surfaces that you can see on the tail of an aircraft,
    • the elevators – those are the movable parts on the horizontal stabilizers which control if the nose of the airplane points up or down and,
    •  the rudder, which is the movable part of the vertical surface on the tail, the one that sticks out like a shark fin and
  • the undercarriage – which is the gear, the brakes, the tires and the wheels.

Structural failure generally occurs when one of these components or structures is no longer able to withstand the stress imposed on it during operation. This lack of stress tolerance can be caused by:

  • design errors,
  • metallic corrosion,
  • structural fatigue,
  • overload,
  • sabotage, or
  • maintenance errors.

One of the most tragic aviation accidents caused by structural failure was Japan Airlines Flight 123 the deadliest single-aircraft accident in history. On August 12th 1985 Japan Airlines Flight 123, a scheduled domestic passenger flight from Tokyo to Osaka, suffered an explosive decompression 12 minutes after take-off and crashed into two mountain ridges 32 minutes later, killing all 15 crew members and 505 of the 509 passengers on board.

The explosive decompression was caused by a faulty repair of the rear pressure bulkhead — an airtight bulkhead located between the cabin and the tail of the aircraft, responsible for maintaining cabin pressure — 7 years earlier. The incorrect repair reduced the bulkheads resistance to metal fatigue drastically and when the bulkhead finally gave way it ruptured the lines of all four hydraulic systems and ejected the vertical stabilizer leaving the pilots with the desperate and impossible task of flying an uncontrollable aircraft.

But it’s not only structural damage that can lead to a catastrophic scenario like the one Flight 123 experienced, a serious electrical problem can constitute a high-risk scenario as well.

Electrical failure is extremely unlikely in modern aircraft due to many redundancies but unlikely doesn’t mean impossible – who would have thought that a 250-ton Boeing 777 with 239 people on board could just vanish.

Electrical systems on an aircraft can be broken down into several basic elements:

  • The primary source of electrical power within an aircraft is typically engine-driven alternators or generators – modern aircraft are equipped with at least three of these generators of equivalent capacity, one of which will be powered by an Auxiliary Power Unit, which can be started and operated during flight to allow for backup power in case one or both of the main generators fail.
  • In addition to these primary sources there are other methods of generating power such as hydraulically powered generators or small turbines and the ultimate backup of power from at least one main battery. In case of failure of multiple main generators the hydraulic emergency generator or turbine will automatically be activated. Only if these emergency generators would fail too and the main battery would be depleted an aircraft would become electrically unpowered.

All of these systems and backups are responsible to provide electrical power to essential flight instruments and controls like the navigation instruments, the communication equipment and the electrical components of the aircraft like the flaps, the landing gear, the fuel pump and other motors and subsystems.

Electrical failure to these systems can generally be caused by one of four reasons:

  • Generator failure
  • Component failure
  • Bus failure – a bus is a metallic strip or bar that conducts electricity within an electrical device, or
  • An electrical system fire

Fatal aviation accidents due to electrical failure are extremely rare, in most cases the pilots complete a challenging but uneventful landing with no injuries to passengers and crew.

An impressive example of a complete electrical failure was Air Transat Flight 236, a transatlantic flight from Toronto to Lisbon with 293 passengers and 13 crew on board. On August 24th 2001 the Airbus A330 operating the flight suffered a complete power loss more than 4 hours into the flight in the middle of the Atlantic Ocean.

Both engines flamed out due to improper maintenance and even though the ram air turbine was deployed automatically to provide power for critical sensors and instruments the aircraft lost its main hydraulic power which operates the flaps, alternate brakes and spoilers. 30 grueling minutes after the power loss the pilots completed a successful emergency landing in the Azores saving all 306 people on board.

Could something similar have happened to MH370? Did catastrophic electrical or structural failure strike the aircraft?

Let’s quickly recall some key facts about the flight before we take a closer look at these questions:
MH370 departed Kuala Lumpur at 12:41am on March 8th 2014. After 40 minutes of routine flight and standard communication with the ground the flight crew failed to check in with Vietnamese air traffic control and the aircraft suddenly disappeared from civilian radar screens. Military radar continued to track the plane as it deviated from its planned flight route making a sharp 180 degree left turn flying back over the Malay Peninsula. About 30 minutes later military radar showed MH370 flying over the Island of Penang and turning right into the Strait of Malacca. Even though military radar contact was lost shortly after, we know, due to satellite handshakes, that the plane was flying on for another 6 hours before it vanished.

Now keeping these details in mind how does catastrophic structural failure fit into the picture?

As we already talked about a little earlier, structural failure describes any failure that involves the airframe, the flight surfaces or the undercarriage of an aircraft. What kind of scenarios could cause catastrophic damage to those parts?

  • Major reasons for catastrophic structural failure are collisions with other aircraft, birds or other foreign Objects (like debris on the runway for example) – on the ground or in-flight
    Looking at what we know about MH370, a mid-air collision with another aircraft is highly unlikely, so is a bird strike or a collision with another object. In all of these cases we would either find evidence of an accident along the planned flight route (if the aircraft would have disintegrated in flight due to the collision), or the pilots should have had enough time to contact the ground to declare an emergency, especially as the aircraft stayed airborne for several more hours, which in itself discredits any mid-air collision theories.
  • Another major cause for catastrophic structural failure could be a cargo overload, shift or fire.
    The cargo manifest of MH370 shows that the aircraft carried 31517 pounds of cargo – passenger luggage, books, fruits, documents, electronic parts, and Lithium Ion batteries.
    Cargo can become a thread for the structural integrity of a plane in several ways:

    • The first one would be an overload – according to the final loadsheet the take-off weight of MH370 was well within limits on March 8th 2014.
    • The second issue could be a shift of cargo or of the center of gravity of the aircraft outside the maximum horizontal and vertical limits. According to the official investigation report all documents, calculations, and logs show that the weight and balance of the aircraft were well within the assigned limits and that all cargo was stored and secured safely and according to guidelines.
    • The last and most discussed safety issue that cargo can cause is a cargo fire. Lithium Ion Batteries have been a safety concern in aviation for many years and it wouldn’t be the first cargo fire or even fatal plane crash these potentially dangerous goods would have caused. MH370 carried 487 pounds of Lithium Ion batteries from Motorola Solution Penang. 
      They were assembled, packed and placed on wooden pallets on March 7th 2014. The shipment was physically inspected by Malaysia Airlines Cargo personnel, sealed and loaded in the rear of the aircraft, next to the mangosteens and the cabin crew bags. The batteries were not regulated as dangerous goods because the packaging adhered to the guidelines set by the International Civil Aviation Organization.
      Both the forward and rear cargo compartments of the Boeing 777 have smoke detectors that analyze the air for smoke particles and warn the pilots in the cockpit if smoke is detected. The cargo compartment has an extinguishing system comprised of five fire extinguisher bottles which can be discharged directly from the cockpit with the push of a button.
      The International Air Transport Association estimates that more than one billion lithium ion batteries are transported by air as mail, cargo, or in passenger or crew baggage each year. Very stringent international requirements apply to the manufacturing, testing and transport of Lithium Ion Batteries and providing these standards are complied with, the batteries and their transport are very safe.
      According to the official investigation report, Malaysia Airlines completed 99 shipments of Lithium Ion Batteries from January to March 2014 on its flights from Kuala Lumpur to Beijing. The Lithium Ion Batteries on MH370 were packaged, sealed and stored according to international safety guidelines and regulations, and there were no obvious reasons that the 487 pounds of batteries in the cargo hold of MH370 would have started a fire.

      Let’s still for the sake of the argument assume that something happened that caused the Lithium Ion Batteries to explode or start a fire.

      In case of a heavy an explosion and a mid-air break-up of the aircraft we should again have found some sign of an accident along the flight route. In case the batteries started a fire, the pilots should have been warned by the smoke detection system and might have engaged the fire extinguishers. Maybe the deviation from the flight path and the turnaround they completed was an emergency maneuver? Plausible, right?
      But why didn’t they contact ground control to inform them of what was going on and request an emergency landing?
      In case of an emergency all pilots follow a specific axiom “ANC – Aviate, Navigate, Communicate”. This phrase is used as a guide and a reminder for the pilots during an emergency situation that they should maintain control of the airplane first, know where they are and where they are going second, and let someone know what is going on, what they need, and what they plan to do third.
      Now let’s assume a cargo fire started, the pilots were informed, engaged the fire extinguishers and turned the plane around – aviate first.
      Next they would have had to find the nearest airport where they can complete an emergency landing – commercial pilots are trained to know the nearest airports along the routes they fly so in case of an emergency they don’t have to spend time finding the nearest airport – that would be our navigate portion of ANC.
      Now last but not least would be the “Communicate” part, the part where the pilots would inform Air traffic control about what’s going on aboard and what their plans are – like an emergency landing at the nearest airport.

      Even if Aviate and Navigate happened aboard MH370, communicate never did. Now you might say maybe the fire was really catastrophic and wiped out all communication devices – remember the radar signals disappeared and no verbal communication was ever established with MH370 after 1:21am.
      Well that’s pretty unlikely, most communication systems have several backup systems that are powered and connected through completely independent sources, so for all these systems to fail at the same time would be quite a coincidence. And second, if a cargo fire would have been so catastrophic to wipe out all means of communication, maybe even incapacitate the passengers and crew, it wouldn’t leave the plane in a state where it would be able to fly on for six more hours.

    • In addition to collisions and cargo hazards severe turbulence could cause structural damage to an aircraft causing a potentially catastrophic scenario.
      The meteorological aerodrome report issued at 12, 1, and 2am on March 8th 2014 did not report any significant weather phenomena for the flight route of MH370. Also the Significant Weather Chart issued by the World Area Forecast Center expected no significant adverse weather phenomena along the whole planned flight route for MH370 that day, so catastrophic structural failure caused by severe turbulence is not really a viable theory.
    • Another major reason for catastrophic structural failure are maintenance errors like substandard practices, wrong installation of parts or faulty repairs of previous damage.
      The triple seven that operated MH370 in the early hours of March 8th, 2014, was delivered to Malaysia Airlines in early 2002. Since then the aircraft had completed more than 53000 hours of flight and outside the general maintenance schedule experienced only one major repair – its right wing tip was damaged during taxi in August 2012 and was repaired shortly after by the Boeing Aircraft On Ground Team. The last maintenance check of the plane was carried out on February 23rd 2014 – just 12 days earlier in accordance with the Boeing maintenance schedule. From what we know there are no obvious indications that MH370 suffered structural failure due to a maintenance error but even if, a scenario like this encounters the same inconsistencies as others we already talked about. If the aircraft would have disintegrated in flight due to improper maintenance we should have found evidence of an accident along its planned flight path. And if it didn’t disintegrate but suffered substantial damage the pilots should have followed Aviate, Navigate, Communicate and if that wasn’t possible the plane would most likely not have been in a state where it could fly on for 6 more hours.
    • As our last structural failure scenario let’s take a look at pressurization failure and explosive devices.
      In order to get a better understanding of aircraft pressurization and its potential risks let’s take a quick look at atmospheric pressure.

      Atmospheric pressure is the pressure exerted by the weight of air in the atmosphere of the Earth. This pressure decreases smoothly from the Earth’s surface to the top of the mesosphere – approximately 31 miles above the Earth’s surface. In other words as altitude increases, atmospheric pressure decreases smoothly.

      As atmospheric pressure decreases the partial pressure of oxygen decreases as well. The human body requires a certain partial pressure of oxygen to be able to provide enough oxygen for the brain and function efficiently , so when the pressure drops, the body responds with altitude acclimatization till a certain height. Above 26000 feet no human body can acclimatize anymore which can lead to acute mountain sickness and eventually to death due to insufficient oxygen.

      As the cruising altitude of most commercial aircraft lies way beyond 26000 feet it is vital for the passengers and the crew to pressurize the cabin and create a safe and comfortable environment at high altitudes. Cabin pressurization is achieved through an airtight fuselage designed to be pressurized with conditioned, compressed air.

      The pressure inside the cabin is programmed to rise gradually from the airport of origin to around a maximum of 8000 feet and then reduce gently during descent till it reaches the air pressure of the destination airport.

      So what happens if the pressurization system of an aircraft fails? Well, an alarm would sound in the cockpit and the oxygen masks, providing oxygen for the passengers would automatically drop from the cabin ceiling.

      In addition to the automatically deployed masks the cabin crew has access to oxygen bottles that allow them to move around the aircraft and assist passengers. The flight crew has their own oxygen masks and oxygen system that would deploy automatically as well.

      Now after the alarm sounds and the passengers and crew put on their oxygen masks the flight crew needs to immediately initiate an emergency descent to 8000 feet – or the closest to that while maintaining terrain clearance – where passengers and crew can breathe without supplemental oxygen. If the passengers and crew are deprived of adequate oxygen supply for too long, they will lose consciousness and eventually die from oxygen starvation.

    Is that what could have happened to MH370? A pressurization failure that knocked out everyone on board and kept the plane flying till it ran out of fuel?

    On August 14th 2005 Helios Airways Flight 522 from Cyprus to Athens with 115 passengers and 6 crew on board crashed into a mountain north of Varnavas after running out of fuel.

    A lack of oxygen, caused by a failure to reset the pressurization system from manual to auto after a pressurization leak check earlier that day, incapacitated the passengers and crew, leading to the aircraft’s eventual crash. Unfortunately the flight crew misinterpreted warning lights and sounds issued by the aircraft system and even though the passenger oxygen masks were deployed and the pilot and the first officer were in contact with the Helios operations center they did not realize that they experienced a pressurization issue until it was too late. After the last contact with the flight crew at 9:20am the plane flew on on autopilot for almost three hours before it crashed due to fuel starvation.

    Could a similar scenario be possible for MH370?

    Pressurization failure can happen from a sudden loss of airframe integrity, like an explosive decompression, due to a fire or an explosive device on board – as with earlier scenarios, that’s highly unlikely in the case of MH370 as we haven’t found any indications of an accident along the planned flight route and the plane flew on for hours after it deviated from its course.

    Another scenario, like the one Flight 522 experienced, where the cabin pressure drops slowly and possibly undetected seems plausible at first.

    What speaks against it is that MH370 took at least three turns that could not have been completed by the autopilot. In the case of Helios Airways Flight 522, the autopilot was engaged all the time and flew straight to Athens where it circled in a holding pattern till it ran out of fuel. MH370 deviated from its flight plan shortly after passing over IGARI around 1:21am by making a 180 degree turn back towards the Malay Peninsula, this maneuver must have been completed by someone on board the aircraft. The second turn, remember at the base of your pinkie, happened about 40 minutes later, again this turn could not have been completed without human input.

    Now the third turn, a sharp left turn, must have happened sometime after 2:22am. We don’t know when or where it happened but according to Inmarsat, who analyzed the handshake pings, the plane ended up flying south, so it must have taken another turn with human intervention.

    Looking at what we know, catastrophic structural failure did not cause the disappearance of MH370.

    So let’s move on and take a look at electrical failure.

    Depending on the severity of electrical failure the consequences could be various ranging from isolated system malfunctions and navigational problems to failures having negative effects on the aircraft’s handling and performance. What kind of events could cause a catastrophic scenario?

    • One of the major reasons for electrical failure is an in-Flight fire either caused by the electrical system or causing electrical failure itself. Generally circuit breakers prevent faulty electrical components from overheating and causing a fire.

      In the case of a fire, the first priority of the flight crew is to land which, in the case of MH370 could explain the sharp left turn shortly after IGARI – but there was no call to the ground. Again, pilots follow the “Aviate, Navigate, Communicate” axiom so they might not have the time to send a distress call, still in that case it would be highly unlikely that the plane flew on for 6 more hours after that.

    • Another major reason for electrical failure could be an engine failure. In the worst case engine failure and failure of all backup systems could lead to a complete loss of power.

      Now for a long time I thought a complete loss of power would send an aircraft falling out of the sky like a stone but that’s not the case. Most aircraft are equipped with navigation instruments which can still be used in case of a complete loss of power and while all communication systems might be lost or highly limited it is possible to control and land a plane after a complete power failure. But also this scenario brings us back to the following conclusion:

    For all communication to suddenly cease without a distress signal usually indicates a catastrophic failure of the aircraft, not allowing time for the crew to communicate with the ground. But in case of such a catastrophic failure the aircraft DOES NOT fly on for several hours making multiple controlled turns.

    Catastrophic failure is not what made MH370 and its 239 passengers and crew on board disappear. More than 50% of all aviation accidents are caused by human error – did a human cause the greatest aviation mystery of all time?

    Next time on Opacity Zero.