The Engineering Process (or Of Course We Know What We Are Doing! Except That, We Have No Clue About That…)
A few months ago I saw this video on Facebook (if you can’t see the video, it’s a proposal to have the passenger cabin of a commercial aircraft detach in an emergency and parachute to the ground)..
The reason I saw it is because far too many of my friends and family know I’m an engineer, and that I’ve worked for Boeing, and that I do a lot of work currently with aerospace companies. So of course the question on everyone’s mind was, “Why don’t we do this?”
I suppressed the urge to sigh in exasperation, because while the answer to the question was obvious to me, it’s a valid question, and is a class of question that probably doesn’t get answered often enough. So I will take this opportunity to answer this question in something of a roundabout way, and hopefully help the reader understand why certain engineering decisions are made.
Standing On The Shoulders Of Giants
One of my absolutely favorite things to do is find and read engineering case studies. Whenever I run across an archive of them, it’s worse than getting stuck in a WikiHole. I can read these for hours. Even the ones written by the most boring people on earth have interesting bits to learn. Depending on the source, they can be a stark and unfiltered view into the engineering process. Case studies are the necessary result of a product failure that has it’s root in the engineering process. A lot of those annoying warning labels on things began as case studies, as did many of our modern best practices. I tend to categorize case studies into two groups: Engineering Failure and Business Failure. The label indicates where there decision was made that led to the failure.
Engineering failures consist of either known unknowns, or unknown unknowns. Unknown unknowns are just that, the failure came out of the blue, and represents a situation where no one had a clue that X was going to happen, or even possible. Such situations are perfectly described by one of my favorite quips:
Structural engineering is the art of molding materials we don’t wholly understand, into shapes we can’t fully analyze, so as to withstand forces we can’t really assess, in such a way that the community at large has no reason to suspect the extent of our ignorance.
You can modify that for pretty much every engineering discipline. Engineers usually know when they are at the limit of knowledge & experience, and in general they like to design things such that they aren’t at the limit (e.g. engineering in a margin of safety), but, we are human, and sometimes something sneaks past. Metal fatigue was a great example, especially in the aerospace industry. Engineers didn’t realize that the compression-decompression cycle of a passenger cabin could result in fatigue. Another good example of this is the Tacoma-Narrows bridge collapse.
Of course, the known unknowns are a whole different thing. The Hyatt Regency case is one of these, where the initial design engineering was good, but an onsite modification that was not fully analyzed caused a disaster. Or the loss of the USS Thresher. Likewise the L’Ambiance Plazza, where key design considerations were left up to the onsite contractors. There are also elements of this in the I-35 bridge collapse in Minneapolis and the B.F Goodrich brake scandal. Anytime when an engineering concern is not fully explored, or a change is not given due diligence, you might have a situation where engineering knew something might be up (engineers are always watching for failure modes), but didn’t/couldn’t take the time to figure out what. Known unknowns often coincide with Business failures, especially when engineering fails to make its concerns heard.
A Business Failure is any engineering failure that was driven primarily by business concerns. The Challenger disaster was a pure Business Failure. Engineering was quite clear that launching the space craft in those conditions was courting disaster. Sure, NASA isn’t a business per se, but for organizational reasons not related to engineering, the concerns of engineering were over-ruled. This kind of failure is, sadly, common, and examples abound. The B.F. Goodrich brake scandal, the Ford Pinto, and the Kolkata overpass collapse in India appear to fit this bill. If business leaders discount warnings, or refuse to give engineers time to explore a concern, or if production lines or contractors cut corners in direct violation of engineering plans and directives, you risk having a business failure.
Almost all case studies have an associated legal aspect, usually through a lawsuit, of sometimes through political action. Three recent cases are the lawsuits against Toyota, General Motors, and the makers of table saws.
Overall, the Engineering and Business Failure cases not only give insight into the engineering process and critical engineering failures, they also highlight critical ethical failings to watch out for.
Back To The Original Question
So why don’t we have parachuting passenger cabins on commercial aircraft? We have aircraft with parachutes, why is this different? My, where to begin…? The reason is in three parts. One is structural, one is operational, and the other is actuarial. Also, tradeoffs happen.
Let me take a moment to talk about tradeoffs in design, because engineering is full of them, and 90% of the time, the tradeoffs are not obvious1. Every equation we work has multiple variables, and engineers have to decide which of those variables are more important to a given design. You can not maximize for all variables. Every single decision has a tradeoff in there somewhere.
First, understand that aircraft and passenger survivability is a top consideration in passenger aircraft design. Engineers are always looking for ways to protect passengers & crew and improve the ability to land safely. Any new idea is balanced against costs, performance, and efficacy; they need to be doable, impose a minimum cost (in design, materials, and regulatory compliance), and have a real potential to save lives.
As for this idea, it helps to first understand how wing and tube aircraft are constructed. Notice in the video that the example aircraft is a high wing (the wing is mounted to the top of the fuselage)? Now think about all the commercial planes you see at the airport? How many have low wings (the wings mounted to the bottom of the fuselage)? Damn near all of them are low wing. Certain cargo planes tend to be high wing, and smaller commuter aircraft have high wings, but 737’s and up are all low wing. Why is that? Good question, actually, and the answer is a little known fact that has to do with the aircraft empennage (the rudder, tail, and horizontal stabilizer (or H-stab) ). It’s a detail that escapes notice, but next time you are at the airport, pay attention to the size of the rudder of commercial aircraft, and notice how big they get as the aircraft gets bigger. I mean, really big. Rudder size goes up a bit faster than aircraft size. It doesn’t have to, but keeping the scaling consistent requires altering other design elements. Tradeoffs happen. We’ll come back to this in a minute.
Anyway, the empennage has two common configurations, the common tail, where the H-stab is mounted to the fuselage, and the T-Tail, where it’s mounted to the top of the rudder. All the aircraft in the video have T-tails. Again, if you look at aircraft at the airport, you’ll notice the T-tail isn’t nearly as common as the common tail. This is primarily because it’s structurally expensive. You really have to beef up the spars in the rudder if you want to mount a small wing at the top. And the taller the rudder, the beefier the structure; a 747 with a T-tail would cost a lot more to build. The T-Tail is something of a specialty configuration, useful for amphibious aircraft that land on their hulls, or large cargo aircraft with rear ramps. Or aircraft with high wings and wing mounted engines.
That last one is pretty important, because you really do not want your engine wake to impact your horizontal stabilizer. It’s one thing if you have a nose mounted prop, because the fuselage will smooth out the prop wash, but wing mounted is different, that wake is going to hit the H-stab if they are anywhere close to being at the same level2. So in order to have a high wing with a common tail, the engines would have to be mounted well above the wing, which involves all sorts of other tradeoffs, particularly in the realm of maintenance (I can get into the engine of a 747 with a good ladder; having to do engine work at the top of a tall scissors lift or cherry picker would not be fun).
Finally, notice how the cabin deploys. It drops away moving aft. How do I do that with a low wing and a common tail? Explosive bolts to sever wing and tail structural members? That sounds fun, where do they keep the fuel on aircraft again?
So the first design hurdle is the fact that we’d have to redesign how we build commercial aircraft. But what about a retrofit?
Without getting too deep into it, the big problem is that the entirety of the fuselage is carrying load. If the cabin is to detach, the airframe has to be designed to carry load in a massive beam running across the top of the airframe (kind of like a helicopter crane), or I have to have some kind of load carrying connectors, which makes for some very interesting load paths that have to be analyzed, especially if we want to make sure the connectors won’t bind during flight (airframes bend quite a bit during flight, it’s why aircraft doors are next to impossible to open during flight). So no, not something that can be retrofit, at least not without sacrificing carrying capacity.
Speaking of carrying capacity, let’s talk about weight. How much do you think the additional structure, parachutes, deployment mechanisms, flotation devices, and compressed air bottles are going to weigh? Weight equals money, so plane tickets just went up in price. Hold on to this bit, we’ll get back to it.
Let’s look at the parachutes. This is entering the operational part of the answer. Deploying parachutes is a trick. Can’t be going too fast or the chute will rip, or a line will, or the mount will, so we need a way to slow down before opening the chute (luckily we have such a system, but it adds weight). Can’t be tumbling or the chute will tangle, and the cabin didn’t have a lot of control surfaces on it, so if the cabin is released from the aircraft, the aircraft had better be relatively stable, and hopefully not in a storm or high winds.
Starting to rack up a lot of ifs here. Let’s add some more.
Does the pilot realize s/he’s in trouble? It’s not uncommon for the pilots to know something is wrong, but to not recognize the danger in time to take any kind of action. How much time will the pilot need to detach the cabin? How much effort? How much altitude does it need to safely detach, deploy chutes, and land? What happens if it does it over a city? Or mountains. Most accidents happen at take off and landing, very close to the ground (altitude is life, as they say). I can’t imagine those kinds of accidents would offer sufficient time or altitude for the system to save many lives.
Also, notice in the video how only one engine is on fire? Commercial aircraft have to be designed with ETOPS3 in mind. Basically, the aircraft has to be able to fly and land safely with only one engine. Take-off requires all engines, but you can do a limited cruise and landing on just one. So no pilot is going to ditch the cabin and/or plane just because an engine went out. They’ll declare an emergency and divert for a landing.
Let’s recap: Here we have a system that would require a fundamental shift in the design of commercial aircraft, that can not be readily retrofit to existing aircraft, would add significant weight to an aircraft, and would require that the aircraft have sufficient altitude and operational stability to effect a safe deployment, all in the hope of saving some lives? Here’s a fun actuarial exercise: How many airliner hull losses would have actually been able to benefit from such a system? I can think of maybe half a dozen, and most of those involved a hijacking. I’d bet money that the actual number would be very low, probably around 20. How much money would be spent doing this? Millions? Billions? Perhaps we should be building planes out of the stuff they build the flight recorders out of, it’s indestructible, right?
Here the crux of all this: I’m not just being a Negative Nelly. Engineers can usually dream up a solution to deal with whatever problem worries you, but that solution will involve tradeoffs. Perhaps you are fine with the tradeoffs, but the person next to you isn’t, or the required tradeoffs would make the product next to useless, and they want to use the product too. Every single one of those ifs up above can be addressed. If the design moved forward, a minimum safe altitude and max safe speed would be determined, the airframe would get redesigned, etc. But the cost benefit analysis would still be very poor, sub optimal. The only people who would want to fly on such a plane would people with a serious fear of flying, and I doubt many of them could afford it.
Design will flow toward the best solution that reaches some kind of optimum. You are not necessarily part of the optimum the design is reaching for.
PS When I offered an abbreviated version of this explanation to my Facebook cohort, I had a disturbing number of them reply along the lines of “We should do it anyway, I’d feel so much better flying if I knew it was there.” And they wonder why I don’t talk to them…
Image by SergeyRod