Kegworth Air disaster
Example of multiple levels of analysis
What causes a plane to crash? [1 min.]
What causes a plane to
crash?
• A laundry list is required, or, a swiss
cheese loaf lined up
• A lot, in safety critical systems
Kegworth Air Disaster
• Why?
– Near Ritter, Baxter
& Churchill
– A lovely example
– Often used
Storyline
• Flight, jan 1989, Heathrow to Belfast, Midland 192
• Experienced pilots, new plane (737)
• Part of one of the safest systems in the world
• Upon take-off, no problems
• Shuddering, fire in an engine at ~10 min.
• Shut off #2 engine, RHS (the good one!)
• This is the pilot error
Hardware and Mischance
badly designed new engine, failure at 3 months,
approx. t=300 h, should be t=500,000 h, not tested
at altitude
/unlucky choice of diversion airport [BMI hub]
Auto throttle problem
poor mental model of plane [system]
(turned off good engine, which disengaged
autothrottled, solving the judder problem)
lack of engine feedback [interface design]
Vibration Dial 1
vibration dial harder to read [design]
vibration dial not required to fly [regulation]
dial and plane not trained with simulator
technology updated but not announced
Vibration Dial 2
• vibration dial
small [design]
• Without range
marking
[design]
During descent
lots of interruptions
pilots can’t see the engines
no protocol: no checking/confirmation
visually from cabin
• Passengers could see fire but explained it
away, perhaps also flight attendants
diffusion of social responsibilities
Social distance between aircrew and pilots
crash
• 900 m short
• 43+4 out of 118+8 die
At crash
• Not documented: noise abatement hillocks
Afterwards
• If any 13or 3 missing, no loss of life
• What was the pilot error?
• Thus, systems require understanding
people, technology, and systems and
environment
References
• Wikipedia on kegworth
• BBC. (1991). Fatal error: Taking liberties
[television series].
• Youtube has videos as well