Friends have been asking me about TransAsia 235, an ATR 72-600 turboprop that crashed in Taiwan.
First, why a turboprop, where jet (turbine) engines drive propellers? A pure turbojet, such as a Boeing 737, burns more fuel at lower altitudes and needs more runway. So turboprops are ideal for short flights and/or flights to small airports.
Managing an engine failure in a twin-engine turbojet is pretty easy. You push the two thrust levers full forward, which gives you max thrust from whichever engine is still running. Then you use the ailerons and rudder to keep the airplane flying more or less wings level. This compensates for the torque of just one engine spinning out on one wing and prevents the plane from rolling. If the engine occurs right around takeoff, which it always does in the sim(!), you make sure that the gear and flaps are retracted so that drag is reduced. After you’ve climbed to a safe altitude you start running checklists. At high altitude airports or in very high temperatures your climb performance will be reduced but it will always be sufficient if pre-flight planning is done correctly (mostly not loading up the plane with people, bags, and fuel).
Managing a real-world engine failure in a twin-engine piston-powered airplane is beyond the skills of most pilots, leading to the adage “the second engine takes you to the scene of the accident.” There are six power levers in a piston twin. If an engine fails near the ground there is an emergency situation created by the drag of the windmilling propeller. The pilot must figure out which engine has failed and pull the propeller control lever back on that side of the plane, turning the blades of the prop into knife edges relative to the slipstream. This is called “feathering” the propeller. If this is not done, the airplane will sink because the second engine is not powerful enough to fight both gravity and the windmilling prop’s drag. If the still-running engine is feathered by mistake then a single-engine scenario is turned into a zero-engine scenario. I wrote about this in 2006 during my own multi training (“Unsafe at any speed… Philip and a piston twin”):
When an engine quits, the pilot is supposed to push up the two mixture controls, the two prop speed controls, the two throttles and then make sure that the gear and flaps are up. After that it is identify and verify the dead engine by pulling back the throttle and seeing that there isn’t any yaw. Finally one is supposed to pick the correct prop speed control from among the six power levers and pull it back to feather. I thought I’d done just this and was a bit surprised by the fact that the airplane was yawing as I pulled the lever back. I kept pulling. My instructor, Jim Henry, is normally the soul of cool and calm. He jumped out of his seat and pushed my hand out of the way. “Maybe you shouldn’t pull back the mixture on the good engine.”
Are there piston-powered twins in airline service today? Yes, Cape Air is a notable example and they have an excellent safety record due to careful hiring and an excellent training program. However for bigger planes that need more horsepower it is impractical to make piston engines that meet modern reliability standards. There were plenty of heavy powerful piston-driven airplanes during World War II, e.g., the B-17 and B-29 bombers (example engine) but a turbine engine spinning a prop is a much more practical way of generating anything more than 500 horsepower.
Turboprops are bigger, more complicated, and more expensive than piston twins so generally they include an auto-feather capability. If an engine isn’t producing power the propeller associated with that engine will automatically be twisted to a low-drag knife-edge position. The historically popular Beech King Air, for example, has this feature, which has contributed to its excellent safety record relative to similar-size twins that don’t auto-feather. The “engine failure after lift-off” procedure (online checklist) for the King Air is pretty similar to what one would do on a turbojet (max power both engines, flaps/gear up, clean-up after reaching a safe altitude).
The Guardian says that a dead engine on the ATR 72-600 will auto-feather (but then the article gives an incorrect explanation of feathering as “reduced thrust to the propeller”) and this is confirmed by some information for flight simulator enthusiasts that I found online. So it is unclear at this point why the pilots were doing anything with the engine controls other than pushing them full forward so that could concentrate on flying the airplane.
A friend asked about the pilots’ thousands of hours of experience and recurrent training. Depending on the carrier and their agreement with the FAA or local equivalent, airline pilots get recurrent training every 9-12 months. For an airliner this means simulator training. The New York Times said that the pilots had 5000 hours and 7000 hours of experience. An airline pilot typically flies about 1000 hours per year. Initial sim training on single engine procedures might last for 15 hours. Recurrent training might be just 5 hours of single engine work. So a pilot with 7000 hours of total time potentially would have only about 50 hours of experience in flying the ATR 72 on one engine.
Too soon to say definitively what caused this accident, but as background for understanding the news, keep in mind the best thing that a pilot can do in the event of a single-engine flame-out in an otherwise properly functioning ATR 72 is basically nothing. Contrary to Hollywood portrayals doing nothing is the best course of action for a lot of in-flight issues (for example, everyone on Air France 447 would be alive today if the pilots had sat in their seats with arms folded for a minute or two).
Related: the crash of Atlantic Southeast Airlines Flight 529, in 2001. The propeller itself failed and could not be feathered. The achievements of the crew, pilots Ed Gannaway and Matt Warmerdam and flight attendant Robin Fech, were chronicled in a superb book: Nine Minutes, Twenty Seconds
Yes, you SHOULD do nothing, but in your terror you might haul back on the yoke to get away from the houses that you think you are going to crash into.
Of course, this will go badly for you, because below a certain speed the plane will roll over. Now we have dashcam footage to show what that looks like.
With all these recent crashes, I think I’n going to stick with US flagged carriers.
Phil – grateful for your insight, and sad that you keep having occasion to use it.
re: “Depending on the carrier and their agreement with the FAA or local equivalent, airline pilots get recurrent training every 9-12 months.” I don’t like the sound of this.
Compare – Licensed reactor operators (control room crew) at commercial nuclear power plants spend 40 hours in requalification training every 6th week. Each requal day is 4 hours classroom and 4 hours full scope simulator as a crew. That’s 20 hours of simulator every 6 weeks. 160 hours classroom + 160 hours simulator per year. Written exams are given at the end of each requal week. Both, test questions and scores go into your training record for NRC review.
Reaction time for essential corrective actions are on the order of minutes. About half the steps in nuclear plant emergency procedures are to ensure automatic actions occur at the proper set points. If the control room crew at Three Mile Island did nothing but walk out of the control room and go home, there would be no fuel damage. Only a wet containment and a messy mop up.
I stopped flying after I retired. My reasons (not your reasons): 1) flying today is humiliating, 2) I’ve already seen most of the world I want to see, 3) Captain Chesley Sullenberger is the exception, not the rule, 4) driving is more fun, flexible, and fits my “took the road less traveled by” wonder lust.
Interesting discussion of the flight data recorder here: http://fearoflanding.com/accidents/transasia-flight-235-inexplicably-with-no-engines/
Seems they pulled power on the good engine? We’ll see what the investigation says …
It seems to me that humans are too fallible to be fully trusted with dangerous machinery. People are worried about self-driving cars and pilots abdicating too much responsibility to autopilots, etc. but it seems what is needed is even more automation to prevent people from doing idiotic things. People are their own worst enemies, esp. in crisis situations. For every Capt. Sullenberger who beats the sim and salvages the unsalvageable, there are ten who panic and make a bad situation worse. It wouldn’t take a huge amount of logic for the computer to override a command to shut down the only working engine. I’m sorry Dave, I can’t do that.
Recently in NY a woman drove into a railroad crossing and killed not only herself, but more aboard the train. Again, the computer needed to tell her, I’m sorry Mary, I can’t do that. There’s a train coming soon and I’m not allowed to let you drive into its path.
One way to fix cars hitting trains is to eliminate all grade crossings. Unfortunately, anything the government in the US does is incredibly expensive, probably 10x or more what it should really cost, so it would cost trillions to eliminate every grade crossing, trillions that we don’t have.
The next alternative is to install better gates that can’t be driven around and sensors to stop the train if someone has driven into the danger zone. Unfortunately, it takes forever to stop a speeding train, so the gates would have to come down a full two minutes before the train arrives. People would go nuts waiting for two minutes for nothing (and rightly so, when someone who is not an idiot could safely cross ten times in those 2 minutes).
The last possibility, which I think we will have to go for, is to take away control of the car from the driver so that she cannot kill herself along with innocents. Instead of just warning lights, the crossing will speak directly to your car and command it not to drive into danger (the same system will prevent many other type of “accidents” at drawbridges, intersections, etc.) I suspect that our descendants will (rightly) come to regard the era when humans were allowed to fly/drive themselves without computer assistance to be a primitive and dangerous time, just as we now think of the era where no one wore seat belts. Already, whether you are aware of it or not, auto traction control systems do not allow all inputs from the driver, and Airbus fly by wire system operating under normal law also do not permit control inputs that fall outside the “laws” of the system (AF447 was operating under “alternate law” where the pilots still have the ability to fly the plane into a stall, spin, etc. because of a disagreement among the air speed sensors – since the computer no longer knew which sensor was right, it threw the ball back into the pilots court, whereupon they proceeded to make a bad situation much worse. Probably the Airbus programmers should have not given up on normal law so easily – maybe they needed a 3rd sensor to arbitrate between the other two or maybe they should have just made their best guess based upon other readings (GPS ground speed and wind information) – anything would have been better than throwing control to the humans in this case. But this way, you can’t blame the programmers for flying the plane into the sea.
@paul,
These nearly endless re-qual training sessions you describe made me think this may be the finest example of government overkill and squandering of resources, ever.
Is it possible that a person needs to be refreshed in his job once every month and a half?
Or is this a sign that our reactor employees may need to find another job?
Mark,
I think it’s mainly to keep the reactor employees from being bored to death. In the 3 Mile Island reactor incident, they found out that the people on duty had only high school educations. They couldn’t keep trained engineers in the job because it was mind numbingly boring – you sat all day, every day, looking at dials that never moved as long as everything was working , which was 99% of the time. You could go nuts from boredom.
My understanding is that many if not most of our commercial reactor workers come out of the Navy since the Navy has paid to train the reactor workers, screened them, and given them clearances.
My guess is that a lot of the day to day ops, the training and requals come from Navy procedures as well. and are probably a good thing overall as well as keeping a submarine running and keeping sailors from being bored.
And that’s probably true at commercial reactors as well. Probably a lot of sitting around, getting bored, may as well have them train than watch the Simpsons.
Is there a reason why piston aircraft don’t have auto-feathering props? Is it just a question of cost?
Has anyone ever done a twin with one engine pushing and the other pulling or with two contra rotating propellers on the same shaft, each driven by a different engine? Or put two 4 cylinder boxer engines one behind the other on the same shaft? This way you would have the redundancy of two engines without the danger of asymmetrical thrust. Although mounting the engines out on the wings makes a lot of sense in terms of noise, space utilization, etc. it is just about the worst place if one fails.
Izzie L.: yes
http://en.wikipedia.org/wiki/Category:Twin-engined_single-prop_pusher_aircraft
http://en.wikipedia.org/wiki/Push-pull_configuration
@Mark
Commercial nuclear plants are not designed to change power rapidly. It usually takes 8+ hours to go from 1% to 100% power. And once they’re up to full power they may stay there for a year or more. In other words, there is not much power maneuvering if everything goes as planned. So much like long haul pilots, there is very little manipulation of the controls during normal ops.
[Nuke plants provide what’s called “base-load” power. Natural gas fired boilers and nat-gas-turbines “load follow” and provide peaking power on top of the base-load.]
Prior to TMI there were 3 full scope simulators* in the country where licensed operators could get hands-on training for unusual events and accidents. Each operator went to one of the simulators once a year for annual requal. After TMI each reactor site in the country was required to have their own simulator and training requirements were significantly upgraded. (Simulator )
There is no question that regular use of simulators have improved operator proficiency by several orders of magnitude. (I was a simulator instructor for more than 10 years.) Which does not mean the United States won’t have a core melt accident tomorrow. But the post-TMI enhanced training requirements have surely reduced the likelihood of a severe accident. The cost of high quality training is money well spent.
*A full scope simulator is essentially a duplication of the control room. Software models drive the indications and performance must be representative of the actual plant design. (Not easy in real time.) Each plant’s simulator goes through a non-trivial validation process before in can be used for training.
Fascinating disaster (esp. as I was in Taiwan at the time it occurred). This discussion got me thinking about safety and certification of new aircraft architectures with hybrid/electric powerplants, like the Airbus E-Fan prototype. Would the future hybrid version of this be classed as a multi-engine (two fans; either could take e.g. a birdstrike and the other should be able to produce enough thrust to at least maintain altitude), or single-engine (one gas-burning engine running the generator; even though the batteries could sustain flight for at least a full 30 minutes after engine failure. I would imagine, in time, the overall system reliability and safety after partial failure for this sort of an architecture could be better than any existing single or multi-engine architecture. Even more so in future multi-prop versions (e.g. http://www.jobyaviation.com/LEAPTech/).