AVIATION SAFETY SERIES
Forget About the Cost, Aircraft Systems Redundancies to the Rescue.
Even the components in the waste system have a backup, not to mention other crucial systems to drive up safety to the highest level.
Have you ever wonder what makes an aircraft to be a reliable machine that takes you and millions of others flying over the vast ocean and land? It is directly because of the engineering and regulations behind it that had to be credited. Both the aircraft engineers and regulatory bodies work together to capture the trust of the general public in flying a commercial aircraft.
To gain and grasp the trust, engineers need to think and solved thousands of possibilities and different scenarios that might happen along the lifetime of the aircraft, be it on the ground or in-flight, landing, or taking off.
Every situation has got to be a safety net and margin before the worst-case scenario occurs. In this case, the aircraft systems and components have redundancy designed into them notably for those that provide essential controls and propulsion.
In this safety series, we will look into those redundant design configuration that makes air transport the safest modes of transportation so you shouldn’t probably feel fear when flying an aircraft.
Redundant System
What happens when you have a flat tire in the middle of nowhere with no other cars around? Just like every other car, there is a spare tire underneath for you to change. The tire act as a back-up, and when the situation suddenly needed it the most, it just right there waiting to be used.
Aircraft have the same concept, which is redundancy. It has components or systems that not strictly necessary but included if an emergency happened or when some systems are in a faulty condition.
The redundant system is more like a backed-up. If one fails, the other will take over or assist it. Methods usually incorporated in aircraft can be;
- Different source or sources that can supply with the same amount of unit as the main one,
- Multiple identical and independent systems that aren’t affected if the other experienced total failure,
- Two software and/or different electrical channels running on the same computer.
When a commercial aircraft flies as high as 40,000 feet, the thought of having an emergency in the sky prompted engineers to design systems that can identify themselves and alert the crews if it has a failed component or an error that could hamper the safety of the flight. The aircraft computer will isolate the faulty system itself automatically or manually from the action of the flight crews.
Pilots then assessed the scenario and take into consideration multiple factors such as fuel onboard, the weather on the diversion airport, runway length, severity of the emergency, and so much more before even consider making a final decision to land at the nearest airport.
Every system on the aircraft has redundancy built into it, from as simple as toilet flushing system to cabin pressurization system up until the most complex of it consisting of auto-throttle and flight control computers.
Changes In Mode of Operations
The back-up can be as straightforward as switching from automatic to manual mode. In other words, the flight crews will take over the operation of the system previously controlled by computer. Inputs will be coming directly from the hands of the pilot and will bypass the computer. They will monitor the parameters and maintain the aircraft attitude as well, if not better than the operation from the computer.
Rest assure because pilots are re-trained vigorously in the simulator every six months as per the ICAO.
In this case, the system should have a series of linkages or mechanisms that can receive manual inputs from the pilot itself, not from the computers or other sensors. Engineers need to come out with solutions on how to design a system that can operate electrically and mechanically. Brilliantly, they succeeded.
The autopilot system is one of the examples. Autopilot usually flying the aircraft when cruising. However, if something needs the attention and control of the pilot, the crews will disengage it and piloting back. It is illogical for aircraft engineers to design a configuration where if one component failed, then the rest of the flight will be history. Pilots still command the aircraft but with increasing workloads.
Aircraft cabin pressurization control is also among these types of redundancy. The outflow valve — which controls the pressurization rate inside the cabin to let the occupants feel comfortable and ears won’t feel stuffy or blocked — usually run automatically by a computer. Incase pilots need to control the valve manually, the input command will bypass the computer and be directly sent to the valve.
Multiple Sources
Almost every system inside an aircraft is designated to have additional sources that are identical to each other in order to increase the safety margin while simultaneously reducing the risk of catastrophic effects because of a single failure. All electrical, pneumatic, and hydraulics systems have many sources to supply more than enough to each user.
The additional components that make up the auxiliary systems are surely increasing the aircraft weight while at the same time, hate it or not, the maintenance cost as well. But the safety margin will skyrocket, as it doesn’t rely only on one system all the time.
These duplications are important to constantly supply the essential demand with positive input without degrading or deteriorating the sources themselves.
Take a look at the flight control for an example. The rudder, which is the moving part at the back of the fin, is essential in straightening an aircraft forward end, especially during crosswind. For the rudder to safely operate all the time, it has multiple sources of hydraulic pressure. It should not be left without any pressure from the hydraulic when airborne.
It is large and vital enough to have all the available hydraulic systems in the aircraft to operate it. Say an aircraft has three independent hydraulic systems, then the rudder actuators will receive all three hydraulic systems.
You must be wondering why the needs of all three? The answer lies when an engine experiences flameout during take off. Asymmetric thrust generates when one of the engines produces maximum thrust while on the other side is nothing but zero. These could create an excessive amount of yaw ( or sideway turns ) that can end up nasty.
The rudder in this situation is crucial in straightening the aircraft path back to normal. It doesn’t imply that all three hydraulic forces are needed to actuate the rudder. It is incorrect while in fact, one is enough to move it. That’s the purpose of the 3000 PSI hydraulic pressure.
Anyway, knowing the risk of a suddenly jammed actuator or one or two of the hydraulic systems failed or both, engineers need to decrease the chances of any given situation stated arises. So, by having all three sources of hydraulic supplies to the rudder, it is more than enough.
On the other note, the rudder is the only flight control surface that does not include any other augmentation mechanism when operate. The ailerons have spoiler to aid them in banking, while elevators have moveable horizontal stabilizers. The rudder stands on its own.
As you can see in this Boeing 777’s maintenance manual, it illustrated how three actuators from three different and independent hydraulic systems give the output for controlling the rudder. If one or two of the hydraulic system started to lose pressure, the one remaining actuator without a problem moves the rudder as the pilot’s desire to maneuver the aircraft. Losing multiple hydraulic pressure is a rare occasional but possible to happen.
Different Software / Electrical Channel
Because of how crucial flight computers can be, they need two software of the same type to run it yet supplied from a different manufacturer. The logic behind this is if the computers experienced software bugs, the system relied on the other for added redundancy.
Flight computers, also known as primary flight computers on Boeing aircraft, are one of the ‘brains’ consisting of electrical highways that send and receive data from multiple sensors that surrounded the aircraft externally.
Each computer has three channels, and each channel consists of different microprocessors and software produces by other manufacturers.
You can see this quote from Triple-Triple Redundant 777 Primary Flight Computer by Y.C. (Bob) Yeh that stated the different channel used on the flight computer;
‘each PFC ( primary fight computer ) channel contains three dissimilar processor lanes, and software from Ada source code using three different Ada compilers to provide triple dissimilarity’
What this means is that there are multiple layers of redundancy built into the flight computer systems alone. The percentage of chances and possibilities for failure is made lower from all of these.
To put an end to this discussion, aircraft and its passenger safety is the number one priority for both the authority and manufacturer. I cannot stress enough how important and thoroughly thought the redundancy is in enhancing the safety, alas, increasing the maintenance cost. There is much more system redundancy built into an aircraft than the example above. So, just when you are flying for a business or leisure trip, remember that aircraft are built with safety in mind thanks to the design philosophy.
