The law of delegating control of a system to its supersystem
(or how the crash of the Germanwings Airbus A320 could have been prevented)

Y. B. Karasik,
Thoughts Guiding Systems Corp.,
Ottawa, Canada.
e-mail:karasik@sympatico.ca

On March 24, 2015 the airbus A320 of Germanwings airline en route from Barcelona to Dusseldorf crashed in Alps. Analysis of voice recorder from the black box revealed that after the pilot left the cockpit the co-pilot refused to let him back in and deliberately crashed the plane. The pilot was banging on the door to the cockpit and even tried to smash it down to no avail.

Such sturdy doors were introduced after 9/11 to prevent the terrorists from breaking into the cockpit. The post 9/11 regulations also require that cockpit door can be opened from the outside with a code. However, the code system can be blocked from inside the cockpit. This is again done to prevent the terrorists from entering cockpit if they somehow learned the code (for example by capturing and torturing a pilot that ventured outside the cockpit).

The solution to this quandary is to duplicate the function of opening the door with a supersystem, e.g. with an emergency team of the airline on the ground, if distress call is received or traffic controllers lost communications with the plane. There should be a mechanism of opening the door on a signal from the supersystem.

Also on the planes that fly by wire (i.e. on all modern planes) there should be a way of taking control of airplane in the mid air by an emergency team of the supersystem on the ground. This would allow an emergency team to neutralize the actions of people at controls in the cockpit when these actions raise suspicion or the communications with the plane are lost. This would make such disasters as with the Boeing-777 of Malaysia Airlines Flight 370 (MH370/MAS370) impossible.

Taking control of airplane from the ground against the will of pilots may require installation of a computer on the plane, which is unaccessible by the crew. Also the control links from such a computer to actuators have to be made secure from tampering by somebody on the plane.

The critics may object that if it was possible to fly planes by commands from the ground it would have been done already. I don't think that it is not done because it is completely impossible but because it is still not safe enough1. Flying planes by pilots is still much safer that flying them by operators from the ground, although the role of pilots is rapidly diminishing. Even landing is now done by computer. But in critical situations when actions of pilots raise suspicion flying a plane by commands from the ground might be safer. At least it could be the last resort to avoid a tragedy.

Duplicating control with a supersystem (in emergency situations or otherwise) is a good solution in many circumstances. Complete delegating is even better when it is feasible.

Measures, of course, have to be taken to prevent unwanted elements from highjacking emergency team. But it is a manageable problem, solutions to which are already known.

The proposition of this article is in line with the law of increased control by supersystem over its systems.


1 see, for instance, the New York Times article "Why pilots still matter".
(added on April 10, 2015)