Read Part I here.
Almost every time a pilot flies, he or she encounters unexpected results from the aircraft and its systems. For most flights, the situation remains stable and within acceptable risk. But often events can occur that dramatically worsen the pilot’s odds of a safe return. A host of factors–including maintenance history, weather, external events, equipment age, bad design, pilot familiarity and random failure–can cause this situation and determine whether the results suddenly become dangerous.
Many times the pilot’s first indication of a serious problem occurs after the damage has taken place. An equipment flag comes into view, a breaker opens or a system fails. With avionics and electrical systems, unlike propulsion systems, there often is little in the way of progressive, clear indications of an impending failure. Of particular interest in recent accidents are electrical failures that lead to fire. Such a failure is especially dangerous, as its location or required corrective action may not be provided.
One item that might be easily designed to help prevent this situation is a modification to standard circuit breakers. The photo on this page shows typical military-standard breakers with the indicator ring exposed to show a tripped condition. The crew’s only indication of a fault is the white ring that is exposed when the breaker pops from a serious overcurrent–typically 200 percent for at least a second or two. No degradation clue exists for analysis of a failure in progress. That situation could be fixed by using the breaker’s current sensing to drive a simple indicator for the current status. A tricolor, light emitting diode (LED), illuminating the breaker face, could give an ongoing indication of circuit loading and some valuable clues to the pilot or flight engineer of a progressive failure.
I worked out some values from equipment data sheets to create this approximate range:
-
No load or less than 10 percent, dark/unlit;
-
10 to 75 percent, illuminated green;
-
75 to 90 percent, illuminated amber; and
-
More than 90 percent, illuminated red.
Making a simpler indicator (essentially the "blown fuse indicator" of years ago) also is possible by having a red LED illuminate the face when the breaker is open, for added visual indication. Even this would help in quickly spotting blown breakers, although it does not provide total circuit isolation.
The huge benefit of a progressive indication system would be a real-time display of loading, circuit by circuit, plus an indication of change created through accidental circuit modification or new installation, failure or external cable shorting. This could help prevent repeated attempts to reset a popped breaker, when in fact a dangerous short may exist in the airframe. Progressive indication would not be an expensive function to add to the breaker, and a form/fit retrofit should be feasible, with the breaker’s mounting bushing providing the ground return for the internal LED driver.
Other items to consider for reducing the "nuisance tripping" of breakers are fans that could vent the breaker compartment and prevent heat build up (an inevitable byproduct of operation), which causes early tripping of thermal breakers. This is a cheap fix that could seriously reduce pilot stress in flight.
If an electrical fire should start, especially in the cockpit, anecdotal cockpit voice recorder (CVR) evidence shows that smoke and the loss of visibility (and in some cases, breathable air) aggravate the stress among crewmen. The desire to simply punch out a window to clear the cockpit must be enormous among flight crews caught in a cockpit fire. I believe adding simple outside air scoops and seals to the cockpit could ease this situation. These would be made for one-time use–they probably could not be designed to reseal effectively at high altitudes after activation–but this is a small penalty to save the crew. The scoops and seals could work as a manual flush system, ducted so that all incoming airflow pushes the smoke back into the console and away from the flight crew.
Small pop-out scoops at each side of the cabin, behind the crew would work as ram intakes, which can suck in air (presumably low in oxygen, if at altitude) under pressure. Two "kickout," reverse scoops at the bottom of the flight deck floor, acting as exhausts, would provide the exit path for that air, below the console.
At 35,000 feet, the low oxygen should help extinguish the fire and rapidly clear the cockpit of smoke. The crew would need to use the on-board oxygen supply until they descend to below 10,000 feet–a normal procedure in any case.
Fire outside of the cockpit is more problematic to control. Still, indicating breakers may serve as early warning systems to stop fires before they become uncontrollable. Shorted loads, mechanical abrasion and insulation failure seem to be key components in triggering electrical fires in the fuselage, so some mechanical changes probably are needed to improve the likelihood of the crew’s survival.
There is a long-standing modern practice of stringing wiring without covers or tubing, to save weight. This is prevalent in military aircraft and in all aircraft areas where there is little normal human access. A review of airframes and their wire routing clearly is useful for fire control, to look for abrasion or impact zones. Covers or enclosed wireways must be added to areas with even moderate risk of damage by accidental contact.
In addition, cables to sensors, valves, local set circuits, jacks, etc., need to have abrasion-resistant jackets over the wiring, as well as careful routing and clamping, to prevent any edge wear against the bundle. Wire bundles seem to be especially prone to damage; "thin-wall" Tefzel wiring is not acceptable.
On long wire paths, the wire size and breaker may not provide adequate short/fire protection. This is a complex situation to model, but with numerous resistive losses through junctions, connectors and terminal strips, as well as from local cooling effects, the wire may burn before the breaker opens. The run may be long enough so that the breaker never trips. A worthwhile test during airframe certification would be to demonstrate that every breaker does trip when the protected wire is grounded at its farthest extension. I suspect some surprises would be found in low-current wiring, even though the component ratings are completely compliant.
Over long runs, wire gauges 22 and below (24 and 26) are likely to give trouble, as the total current loop consists of both the airframe return and the wire. Light gauge copper wire not only burns well, but also increases in resistance under heating. This can cause the wire to move the current to a point where the breaker does not trip, while it continues to burn. Again, a simple in-place test is worth hours of speculation.
It also may be possible to blow some type of fire retardant into wireways or spray it on as a coating to help prevent the spread of fire. Considerable work would be required for this application to determine what chemistry would be nonconductive and nonreactive to insulation and metalwork and still be effective. Regardless, the retardant might be added effectively and inexpensively, especially to new airframes during their production or to aircraft with wire insulation damage that cannot be economically or practically rewired.
Another area of design that is open to improvement involves what we show the pilot. Clearly, an unambiguous–and, ideally, similar, if not identical–flag technique is long overdue for every system to show it is not operational. From fuel contents to transceivers, systems should have the diagonal yellow/black stripe or orange/black flag to indicate loss of operation. The system always should be clearly self-indicating to assure it is trustworthy as a source of information and functionality. Too often, clear presentation of system status is ignored, and the pilot is forced to guess whether the data has meaning or the equipment is working. Guessing often requires experimentation of the life-threatening kind, and if the pilot guesses incorrectly, the accident will be chalked up to "pilot error," when, in truth, the cause may be "designer error."
Walter Shawlee 2 may be reached by e-mail at [email protected].