Re: Flight Recorder Durability

From:         Pete Mellor <pm@csr.city.ac.uk>
Date:         10 Jan 96 02:01:44 
References:   1 2
Followups:    1
Next article
View raw article
  or MIME structure

David Lesher <wb8foz@netcom.com> asks 29 Dec 95 22:22:23 :-

> Has there even been any move toward redundant CVR/FDR's?

Not as such (that I am aware of), but see below.

> I know, short of being being cast out of pure neutronium or such
> they are pretty rugged.

Not from what I have read, they're not!

> While some are lost in the incident (I recall reading of one such
> case recently - tail section destroyed - but the details escape me)

A320 crash near Strasbourg? The DFDR was totally fried in the fire
that consumed the tail-cone. Strangely enough, the CVR which was
mounted close to it was still usable.

Regarding "redundant" recorders, the flight parameters in this crash
were recovered from the Quick Access Recorder (QAR). This is mounted
in a completely different place (the roof), and records exactly the
same information as the DFDR. It is intended for use by the operator
in checking on crew performance, fuel consumption, etc. In the
Strasbourg crash, it was damaged by fire but not totally destroyed,
and it was possible to decode it and extract most of the information
that would normally have been obtained from the DFDR.

The Aircraft Addressing and Reporting System (ACARS) could be considered
to provide another form of redundancy, in which the main parameters are
broadcast continually and recorded at a ground receiving station.

> ... other cases have had prior damage that rendered it worthless.

Well, there was the famous "kink" in the DFDR tape recovered from the
A320 that crashed at Habsheim, but whether that was prior damage or
caused while extracting the tape is a moot point.

> I've heard, for example, that the modern FDR are more
> frail so than the old "scribe on stainless foil" ones. (Anyone know
> what the MTBF really is?)

Since the DFDR is non-critical equipment I *think* its *required*
reliability is of the order of 1 - 10^-5 per flying hour.

The actual failure rate seems to be much higher, judging by comments
in recent incident reports published by the AAIB.

There are two separate problems:-

1. Resistance to fire following crash. The cases are designed to resist
   something like 300 degrees C for 30 minutes. (Don't quote me on this,
   I'm too lazy to look up the actual spec. right now!) After that, the
   tape is frazzled. (It is fairly ordinary oxide-coated plastic tape.)

   Following the report on the Strasbourg crash, the DGAC were instructed
   to look into improving the fire-resistance of the recorders.

2. Recording failure during normal use. This is due to vibration, and has
   been found to be a serious problem with the Loral-Fairchild recorders
   with which the A320 is equipped. In an incident at Heathrow to an
   A320 operated by Excalibur Airlines, the DFDR was found to yield
   virtually no useful data after take-off, since the data was corrupted,
   apparently by vibration. (The corrputed sections correlated fairly well
   with manoeuvres that would be expected to cause vibration.)

   This was raised as a specific concern by the AAIB. The problem can
   be alleviated by mounting the recorders on anti-vibration trays
   designed according to a particular RTCA standard.

   Amusingly, Airbus apparently use a more resilient make of recorder
   for test flights, but then install the bog-standard (and cheaper)
   Loral-Fairchild for operational use.

> Granted they are not cheap, as shown by the FAA foot-dragging
> on upgrading 737 FDR's; but would not dual units -- in diverse
> locations, pay off in just one incident?

I would generally agree, but we might already have just that (a QAR
in the roof) plus a completely different recording mechanism (ACARS).

One other problem which David does not mention, but which I have seen
raised as a matter for concern in just about every A320 crash report
I have read, is that modern aircraft are becoming so complex, and their
on-board systems have so many modes of operation, that it is difficult
to record everything.

For example, on the A320, the modes in which the EFCS (Electrical
Flight Control System) and FMGS (Flight Management and Guidance System)
are operating are *simply not recorded*. To take just one example, in
the Strasbourg investigation, it was *essential* to discover whether
the FMGS was in "Vertical Speed" or "Flight Path Angle" mode, but this
could only be deduced by doing simulated flights in each mode and
comparing the simulated positions of the flight control surfaces with
those from the actual flight. (The control surface positions *are*
recorded, the system modes are *not*.)

Nice detective work, but it shouldn't have been necessary!

--
Peter Mellor, Centre for Software Reliability, City University, Northampton
Square, London EC1V 0HB, UK. Tel: +44 (171) 477-8422, Fax: +44 (171) 477-8585
E-mail: p.mellor@csr.city.ac.uk