Categoría: Seguridad aérea

WHEN THE WORLD IS FASTER THAN ITS RULES

Anyone in touch with dynamic fields can find this phenomenon: Things are faster than the rules intending to control them. Hence, if the capacity to be enforced is very strong, old rules can stop the advancement. By the same token, if that capacity is weak, rules are simply ignored, and the world evolves following different paths.

The same fact can be observed in many different fields:

Three months ago, an article was titled “POR QUÉ ALBERT EINSTEIN NO PODRÍA SER PROFESOR EN ESPAÑA” (Why Albert Einstein could not be a professor in Spain) and, basically, the reason was in a bureaucratic model tailored for the “average” teacher. This average teacher, just after becoming a Bachelor, starts with the doctorate entering a career path that will finish with the retirement in the University. External experience is not required and, very often, is not welcome.

The age, the publications and the length of the doctoral dissertation (17 pages) could have made impossible for Einstein to teach in Spain. The war for talent means in some environments fighting it wherever it can be found.

If we go to specific and fast evolving fields, things can be worse:

Cybersecurity can be a good example. There is a clear shortage of professionals in the field and it is worsening. The slowness to accept an official curriculum means that, once the curriculum is accepted, is already out-of-date. Then, a diploma is not worth and, instead, certification agencies are taking its place, enforcing up-to-date knowledge for both, getting and keeping the certification.

Financial regulators? Companies are faster than regulators and a single practice can appear as a savings plan, as an insurance product or many other options. If we go to derivative markets, the speed introduces different parameters or practices like high-frequency trading hard to follow.

What about cryptocurrencies? They are sidestepping control by the Governments and, still worse, they can break one of the easiest ways for the States to get funds. Governments would like to break them and, in a few weeks, EU will have a new rule to “protect privacy” that could affect the blockchain process, key for the security of cryptocurrencies and…many Banks operations.

Aviation? The best-selling airplane in the Aviation history -Boeing 737- was designed in 1964 and it started to fly in 1968. The last versions of this plane don’t have some features that could be judged as basic modifications because the process is so long and expensive (more and more long and expensive) that Boeing prefers to keep attached to some features designed more than 50 years ago.

In any of these fields or many others that could be mentioned, the rules are not meeting its intended function, that is, to keep functionality and, in the fields where it is required, safety as a part of the functionality. Whatever the rule can be ignored or can be a heavy load to be dragged in the development, it does not work.

We can laugh at the old “1865 Locomotive Act” with delicious rules such as this: The most draconic restrictions and speed limits were imposed by the 1865 act (the “Red Flag Act”), which required all road locomotives, which included automobiles, to travel at a maximum of 4 mph (6.4 km/h) in the country and 2 mph (3.2 km/h) in the city, as well as requiring a man carrying a red flag to walk in front of road vehicles hauling multiple wagons (Wikipedia).

However, things were evolving in 1865 far slower than now. Non-functional rules like that could be easily identified and removed before becoming a serious problem. That does not happen anymore. We try to get more efficient organizations and more efficient technology, but the architecture of the rules should be re-engineered too.

Perhaps the next revolution is not technologic despite it can be fueled by technology. It could be in the Law: The governing rules -not the specific rules but the process to create, modify, change or cancel rules- should be modified. Rules valid for a world already gone are so useful as a weather forecast for the past week.

Useless diplomas, lost talent, uncontrolled or under-controlled new activities or product design where the adaptation to the rules are a major part of the development cost and time are pointing to a single fact: The rules governing the world are unable to keep the pace of the world itself.

Anuncios

Big Aviation is still a game of two players

And one of them, Airbus,  is celebrating its birthday.

Years ago, three major players were sharing the market but, once McDonnell Douglas disappeared, big planes were made by one of them. Of course, we should not forget Antonov, whose 225 model is still the biggest plane in the world, some huge Tupolev and Lockheed Tristar but the first ones never went out of their home markets while Lockheed Tristar could be seen as a failed experiment from the manufacturer.

Airbus emphasizes its milestones in the timeline but, behind these, there is a flow marked by efficiency through I.T. use.

Airbus was the first civilian planes manufacturer having a big plane with a cockpit for only two people (A-310) and Airbus was the first civilian plane manufacturer to introduce widely fly-by-wire technology (the only previous exception was the Concorde). Finally, Airbus introduced the commonality concept allowing pilots from a model to switch very fast to a different model keeping the rating for both.

Boeing had a more conservative position: B757 and B767 appeared with only two people in the cockpit after being redesigned to compete with A-310. Despite the higher experience of Boeing in military aviation and, hence, in fly-by-wire technology, Boeing deferred for a long time the decision to include it in civilian planes and, finally, where Boeing lost the efficiency battle was when it appeared with a portfolio whose products were mainly unrelated while Airbus was immerse in its commonality model.

The only point where Boeing arrived before was in the use of twin planes for transoceanic flights through the ETOPS policy. Paradoxically the ones in the worst position were the two American companies that were manufacturing three engine planes, McDonnell Douglas and Lockheed instead of Airbus. That was the exception because, usually, Boeing was behind in the efficiency field.

Probably -and this is my personal bet- they try to build a family starting with B787. This plane should be for Boeing the A320 equivalent, that is, the starter of a new generation sharing many features.

As a proof of that more conservative position, Boeing kept some feedbacks that Airbus simply removed like, for instance, the feeling of the flight controls or the feedback from autopilot to throttle levers. Nobody questionned if this should be made and it was offered as a commercial advantage instead of a safety feature since it was not compulsory…actually, the differences among both manufacturers -accepted by the regulators as features independent of safety-  have been in the root of some events

Little-size Aviation is much more crowded and, right now, we have two new incomers from Russia and China (Sukhoi and Comac) including the possibility of an agreement among them to fight for the big planes market.

Anyway, that is still in the future. Big Aviation is still a game of two contenders and every single step in that game has been driven by efficiency. Some of us would like understability -in normal and abnormal conditions- to be among the priorities in future designs, whatever they come from the present contenders or from any newcomer.

Published in my Linkedin profile

A comment about a good reading: Air Safety Investigators by Alan E. Diehl

Some books can be considered as a privilege since they are an opportunity to have a look at an interesting mind. In this case it’s the mind of someone who was professionally involved in many of the air accidents considered as HF milestones.

The author, Alan Diehl, has worked with NTSB, FAA and U.S. Air Force. Everywhere, he tried to show that Human Factors had something important to say in the investigations. Actually, I borrowed for my first sentence something that he repeats once and again: The idea of trying to get into the mind of the pilot to know why a decision was made.

Probably, we should establish a working hypothesis about people involved in an accident: They were not dumb, nor crazy and they were not trying to kill themselves. It would work fine almost always.

Very often, as the author shows, major design and organization flaws are under a bad decision driving to an accident. He suffered some of these organization flaws in his own career by being vetoed in places where he challenged the statu quo.

One of the key cases representing a turning point for his activity but, regretfully, not for Aviation Safety in military environments happened in Gulf war: Two F15 planes shooted two American helicopters. Before that, he tried to implement CRM principles in U.S. Air Force. It was rejected by a high rank officer and, after the accident, they tried to avoid any mention of CRM issues.

 Diehl suffered the consequences of disobeying the orders about it as well as whistle-blowing some bad Safety related practices in the Air Force. Even though those practices represented a big death toll that did not make a change.

As an interesting tip, almost at the end of the book, there is a short analysis of different reporting systems, how they were created and the relationship among them. Even though, it does not pretend to be an important part in the book, it can be very clarifying for many people who can get lost in the acronyms soup.

However, the main and more important piece of the book is CRM related: Diehl fought hardly to get CRM established after a very well-known accident. It involved a United DC-8 in Portland, who crashed because it ran out of fuel while the pilot was worried about the landing gear. That made him delay the landing beyond any reasonable expectation.

It’s true that Portland case was important as well as Los Rodeos and Staines cases were also very important as major events to be used as inputs for the definition of CRM practice. However, and that is a personal opinion, something could be lost related with CRM: When Diehl had problems with Air Force, he defended CRM from a functional point of view. His point, in short, was that we cannot admit the death toll that its absence was provoking but…is CRM absence the real problem or does it have much deeper roots?

CRM principles can be hard to apply in an environment where power distance is very high. Once there, you can decide if a plane is a kind of bubble where this high power distance does not exist or there is not such a bubble and, as someone told me, as a pilot I’m in charge of the flight but the real fact is that a plane is a barracks extension and the higher rank officer inside the plane is the real captain. Nothing to be surprised if we attend to the facts under the air accident that beheaded the State in Poland. “Suggestions” by the Air Force chief are hard to be ignored by a military pilot.

Diehl points out how in many situations pilots seem to be inclined to play with their lives instead of keeping safety principles.  Again, he is right but it can be easily explained: Suppose that the pilot, in the flight that crashed with all the Polish Government onboard, rejects the “suggestion” and goes to the alternate airport. Nothing should have happened except…the outcome for the other option is not visible and everyone should find reasons to explain why the pilot should have landed in the place where he tried to do it. His career should be simply ruined because nobody would admit the real danger under the other option.

Once you decide, it’s impossible to know the outcome of the alternate decision and that makes pressure especially hard to resist. Then, even if restricted to the cockpit or a full plane, CRM principles can be hard to apply in some organizations. Furthermore, as Diehl suggests in the book, you can extend CRM concepts well beyond the cockpit trying to make of it a change management program.

CRM, in civilian and military organizations, means a way to work but we can find incompatibilities between CRM principles and organizational culture principles. Management have to deal with these contradictions but, if the organizational culture is very strong, it will prevail and management will not deal with the contradictions. They will simply decide for the statu quo ignoring any other option.

Should have CRM saved the many lost lives because of its absence? Perhaps not. There is a paradox in approaches like CRM or, more recently, SMS: They work fine in places where they should be less required and they don’t work in places where its implementation should be a matter of urgency. I’m not trying to play with words but establish a single fact and I would like to do so with an example:

Qantas, the Australian airline, has a highly regarded CRM program and many people, inside and outside that Company, should agree that CRM principles meant a real safety improvement for the Company. Nothing to oppose but let me show it in a different light:

Suppose for a moment that someone decides removing all the CRM programs in the world because of…whatever. Once done, we can ask which companies should be the most affected because of that. Should be Qantas among them? Hard to answer but probably not. Why?

CRM principles work precisely in the places where these principles were already working in the background. Then, CRM brings order and procedures to a previous situation that we could call “CRM without CRM program”, for instance, a low power distance where the subordinate is willing to voice any safety concern. In this case, the improvement is clear. If we suddenly suppress the activity, the culture should keep alive these principles because they fitted with that culture from the very first moment and before.

What happens when CRM principles are against organization culture? Let me put it in short: Make-up. They will accept CRM as well as they accept SMS since they both are mandatory but everyone will know the truth inside the organization. Will CRM save lives in this organizations, even if they are enforced to implement it?

A recent event can answer that: Asiana accident in San Francisco happened because a first officer did not dare to tell his captain that he was unable to land the plane manually (of course, as usual, many more factors were present but this was one of them and extremely important).

Diehl clearly advocates for CRM and I believe he is right and with statistical information who speaks about safety improvement. My point is that improvement is not homogeneous and it happens mainly in places that were already willing to accept CRM principles and, in a non-structured way, they were already working with them.

CRM by itself does not have the power to change the organizational culture in places that reject its principles and the approach should be different. A very good old book, Critical Path Renewal by Beer, Eisenstat and Spector explains clearly why change programs don’t work and they show a different way to get the change in organizations who reject it.

Anyone trying to make a real change should flee from change programs even if we agree with the goals but one-size-fits-all does not work. Some principles, like the ones under CRM or SMS, are valid from safety point of view but, even though everyone will pay lip service to the goals, many organizations won’t accept the changes required to get there. That is still a hard challenge to be completed.

Published originally in my Linkedin profile

Air Safety and Hacker Frame of Mind

If we ask anyone what a hacker is, we could get answers going from cyberpiracy, cyberdelincuency, cybersecurity…and any other cyberthing. However, it’s much more than that.

Hackers are classified depending of the “color of their hats”. White hat hacker means individual devoted to security, black hat hacker means cybercriminal and grey hat hacker means something in the middle. That can be interesting as a matter of curiosity but…what do they have in common? Furthermore, what do they have in common that can be relevant for Air Safety?

Simonyi, the creator of WYSIWYG, warned long ago about an abstraction scale that was adding more and more steps. Speaking about Information Technology, that means that programmers don’t program a machine. They instruct a program to make a program to be run by a machine. Higher programming levels mean longer distance from the real thing and more steps between the human action and the machine action.

Of course, Simonyi warned of this as a potential problem while he was speaking about Information Technology but…Information Technology is now ubiquitous and this problem can be found anywhere including, of course, Aviation.

We could say that any IT-intensive system has different layers and the number of layers defines how advanced the system is. So far so good, if we assume that there is a perfect correspondance between layers, that is, every layer is a symbolic representation of the former one and that representation should be perfect. That should be all…but it isn’t.

Every information layer that we put over the real thing is not a perfect copy -it should be nonsense- but, instead, it tries to improve something in safety, efficiency or, very often, it claims to be improving both. However, avoiding flaws in that process is something that is almost impossible. That is the point where problems start and when hacker-type knowledge and frame of mind should be highly desirable for a pilot.

The symbolic nature of IT-based systems makes its flaws to be hard to diagnose since their behavior can be very different to mechanic or electric systems. Hackers, good or bad, try to identify these flaws, that is, they are very conscious of this symbolic layer approach instead of assuming an enhanced but perfect representation of the reality below.

What means a hacker frame of mind as a way to improve safety? Let me show two examples:

  • From cinema: The movie “A beautiful mind”, devoted to John Nash and showing his mental health problems shows at a moment how and why he was able to control these problems: He was confusing reality and fiction until a moment where he found something that did not fit. It happened to be a little girl that, after many years, continued being a little girl instead of an adult woman. That gave him the clue to know which part of his life was created by his own brain.
  • From Air Safety: A reflection taken from the book “QF32” by Richard de Crespigny: Engine 4 was mounted to our extreme right. The fuselage separated Engine 4 from Engines 1 and 2. So how could shrapnel pass over or under the fuselage, then travel all that way and damage Engine 4? The answer is clear. It can’t. However, once arrived there, a finding appears crystal-clear: Information coming from the plane is not trustable because in any of the IT-layers the correspondance reality-representation has been lost.

Detecting these problems is not easy. It implies much more than operating knowledge and, at the same time, we know that nobody has full knowledge about the whole system but only partial knowledge. That partial knowledge should be enough to define key indicators -as it happens in the mentioned examples- to know when we work with information that should not be trusted.

The hard part of this: The indicators should not be permanent but adapted to every situation, that is, the pilot should decide about which indicator should be used in situations that are not covered by procedures. That should bring us to other issue: If a hacker frame of mind is positive for Air Safety, how to create, nurture and train it? Let’s use again the process followed by a hacker to become such a hacker:

First, hackers look actively for information. They don’t go to formal courses expecting the information to be given. Instead, they look for resources allowing them to increase their knowledge level. Then, applying this model to Aviation should suppose a wide access to information sources beyond the information provided in formal courses.

Second, hackers training is more similar to military training than academic training, that is, they fight to intrude or to defend a system and they show their skills by opposing an active enemy. To replay a model such as this, simulators should include situations that trainers can imagine. Then, the design should be much more flexible and, instead of simulators behaving as a plane is supposed to do, they should have room to include potential situations coming from information misrepresentation or from situations coming from automatic answers to defective sensors.

Asking for a full knowledge of all the information layers and their potential pitfalls can be utopic since nobody has that kind of knowledge, including designers and engineers. Everybody has a partial knowledge. Then, how can we do our best with this partial knowledge? Looking for a different frame of mind in involved people -mainly pilots- and providing the information and training resources that allow that frame of mind to be created and developed. That could mean a fully new training model.

Published originally in my Linkedin profile

GermanWings revisited: A call for honesty

Perhaps it’s worth analyzing what happened after GermanWings crash. Some things happened immediatly and some others required some time to appear:

It was very surprising that, after a few hours, NYT was able to question the A320 safety and a pilot was able to tell that the possible problem could be in the A320 system. All of these happened a few hours after the crash when nobody knew absolutely anything about what and why happened.

Only a few days ago, I found another version: The problem was that Lubitz held a MPL license, license type that has been heavily critiziced from some sides.

I would like to make clear that I am among the people that criticized the Airbus approach to Automation and the MPL license. I still hold that position in both issues but these facts  -personal positions, who pays your salary or the compromises of your organization- should never be an easy excuse to forfait an honest behavior.

Obviously, the Airbus approach to Automation did not have any relationship with the crash. If someone wanted to speak about that a few hours after the event, it seems clear that the crash was used an and excuse to get an audience for their merchandise, related or not with the event.

Something similar happens with MPL license. Some of us believe that, as an abstract idea, it could be good but the implementation has some dark faces like the development of a real stick-and-rudder ability and the capacity to decide when nobody else is there to do it.

Lubick held a MPL license but…he also was a very seasoned glider pilot. MPL syllabus can be very centered in plane systems and Lubick, unfortunately, was able to show that he knew how to use them. At the same time, the usual criticism of MPL license would not apply since stick-and-rudder skills are hard to discuss if we speak about someone who used to glide in Alps.

Moreover…Had Lubick not been a real pilot -that he was- but a “system operator”, it still should not have any kind of relation with GermanWings crash.

We can speak about organizational failures since a lot of unprocessed information had always been available and it could have been used to avoid the crash but using it to raise unrelated issues -Airbus automation policy, MPLs or many others- is basically dishonest and a lack of respect for both, the people who died and the people who made their best in the subsequent research process.

Concerns about some issues can be very legitimate. Using anything, including a crash with many casualties, as an excuse to raise them is not. That’s why a call for honesty should be required regarding this case and, probably, many others.

Navigating Safety: Necessary Compromises and Trade-Offs: Theory and Practice by René Amalberti

Amalberti explains very clearly safety related concepts and, whatever the reader agrees with 100% of contents or not, it is worth to be read and discussed. He goes against some sacred cows in the safety field and his book should be analyzed very carefully. Especially, these three points should deserve a special analysis:

• People learn by doing instead of observing. Asking for a full Situational Awareness before doing anything could drive to serious accidents while the operator tries to get a full Situational Awareness.

• There are different safety models. Many markets and companies try to imitate ultra-safe models like the ones coming from Aviation and Nuclear Energy when, actually, these models should not work in other activities more expert-based than procedure-based.

• Trying to train someone for every single exceptional situation is not the safest option. People can try to explore limits instead of remaining in the safe environment.

People learn by doing instead of observing. True, and perhaps that is one of the motives that people are so bad at monitoring while some automation designs still insist precisely on that. However, Amalberti reaches a conclusión related with Situational Awareness that, in my opinion, could be wrong: For Amalberti, we should not ask for a full Situational Awareness before trying a solution because we could get paralyzed under critical situations with serious time constraints. Explained like that, it’s true and that should be the phenomenon known as paralysis because of analysis but something is missing:

Situational Awareness cannot be understood as a condition to be met in critical situations but as a flowing process. In high risk environments, design should guarantee that flow at a level that, once the emergency appears, getting a full picture of the situation is easy. If we put together this single principle with the first one by Amalberti, that is, that people learn by doing instead of observing, we could reach different conclusions:

1. Top level automation should be used only under exceptional situations, using as default levels others where human operators should learn and develop Situational Awareness by doing instead of observing.

2. Information Technology used in critical systems should be under-optimized, that is, instead of using the most efficient design in terms of technology use, the alternative option should be using the most efficient design in terms of keeping Situational Awareness. Some new planes keep Intel processors that are out of the market many years ago –for instance, B777 using Intel 486- and nothing happens. Why then should we try to extract all the juice from every programming line building systems impossible to be understood by users?

Different safety models with an out-of-context imitation of ultra-safe systems as Aviation or Nuclear Plants. This is another excellent point but, again, something could be missing: Evolution. I have to confess on this point that my Ph.D. thesis was precisely trying to do what Amalberti rejects, that is, applying the Air Safety model to Business Management field. Some years later, Ashgate published it under the name Improving Air Safety through Organizational Learning but “forgetting” the chapter where learning from Air Safety was applied to Business Management.

The first thing to be said is that, in general terms, Amalberti is right. We cannot bring –unless if we want it to work- all the procedural weight of a field like Air Safety to many other fields like, for instance, Surgery, where the individual can be much more important than the operating rules. However, the issue that could be lost here is Organizational Evolution. Some fields have evolved through ultra-safe models and they did so because of their own constraints without anyone trying to imitate an external model. Different activities, while looking for efficiency improvement, evolved towards tightly coupled organizations as Charles Perrow called them and that produced an unintended effect: Errors in efficient organizations are also efficient because they spread their effects by using the same organizational channels that normal operation. Otherwise, how could we explain cases like Baring Brothers where an unfaithful employee was enough to take the whole Bank down?

Summarizing, it’s true that we should not make an out-of-context imitation of ultra-safe models but, at the same time, we should analyze if the field whose safety we are analyzing should evolve to an ultra-safe model because it already became a tightly coupled organization.

Trying to train someone for every single exceptional situation is not the safest option: Again, we can agree in general terms. For instance, we know that, as a part of their job, pilots practice in simulators events that are not expect to appear in their whole professional life. Perhaps, asking them to practice recovery from upside down positions or from spins should be an invitation to get closer to these situations since they should feel themselves able to recover. The “hero pilot” time is over long ago but…

We have known in the past of wrong risk-assessments where the supposedly low-probability event that should not require training since it should not happen…happened. A well-known example is United 232 where three supposedly independent hydraulic systems failed at the same time showing that they were not so independent as pretended. The pilot had practiced before in a flight simulator the skills that converted a full crash into a crash landing decreasing substantially the number of casualties. A similar case is the Hudson river landing where a double stop engine was supposed to happen only above 20.000 feet…and procedures developed for that scenario made the pilots lose a precious time when the full loss of power happened far lower than this height.

Even though, instead of focusing in different events showing a wrong risk assessment that could invite us to take with care the Amalberti idea -even when he clearly raises an important point there- is a different kind of problem that has already been under major accidents: Faulty sensors feeding wrong information to computers and occupants planes getting killed without the pilots getting the faintest idea about what was going on. “Stamping” this kind of events with a “lack of training” should be a way of telling us something that, at the same time, is true and useless and, by the way, it’s opposed to the Amalberti’s principle.
Daniel Dennett used a comparison that can be relevant here: The comparison between commands and information agencies: Commands are expected to react under unforeseen situations and that means redundancy in the resources and a very important cross training. By the other side, information agencies work under the principle of “need-to-know”. Should we consider as an accident that this same “need-to-know” idea has been used by some Aviation manufacturers in their rating courses? Should we really limit the training to the foreseen events or should we really recognize that some events are very hard to foresee and different approaches should be taken in design as well as in training?

Summarizing, this is an excellent book. Even if some of us could not agree with every single point, they deserve a discussion, especially when it’s clear that the points raised in the book come from a strong safety-related concept instead of politics or convenience inside regulators, operators or manufacturers.

I would not like finishing without a big Thank you to my friend Jesús Villena, editor of this book in Spanish under the name “Construir la seguridad: Compromisos individuales y colectivos para afrontar los grandes riesgos” because he made me know this book.

#GermanWingsCrash Solución: Dos personas en cabina

Una regla básica en investigación de accidentes consiste en no tratar de buscar una solución al que acaba de ocurrir. La razón para ello es que suele tratarse de una combinación excepcional de circunstancias que es improbable que vuelvan a aparecer juntas. Por ello, habitualmente se prefiere prevenir esas circunstancias individuales, es decir, se ataca a los componentes más que a una improbable combinación.

Esto no quita para que, si un accidente se repite -como ocurrió en el caso Spanair, repetido exactamente 21 años después de otro idéntico y con el mismo tipo de avión ocurrido en Detroit- nos preguntemos legítimamente qué se hizo en ese ataque a las circunstancias individuales para permitir que el mismo resultado se produzca de nuevo.

Tras el caso de German Wings, nos encontramos atacados por los tiempos y los miedos que introducen los medios de comunicación: ¿Puede enloquecer un piloto? Por supuesto; como cualquier otro. ¿Debemos empezar a tratar de prevenir tal posibilidad con reglas como la de dos personas en cabina? Veamos:

  • ¿Podría un miembro de la tripulación auxiliar colocar un veneno de gran potencia en la bebida o la comida de los pasajeros o en la de los pilotos? Y si también vigilamos a éstos…¿podría hacer lo mismo alguien encargado de la preparación del catering?…
  • ¿Podría un técnico de mantenimiento provocar una avería difícil de detectar pero que llevase a un avión a estrellarse?
  • ¿Podría alguien encargado de la carga de equipajes introducir algún elemento explosivo, incendiario o corrosivo junto con las maletas?

Éstas y muchas más posibilidades -algunas se me ocurren y no las voy a incluir para no dar ideas- se pueden dar y no parece que la política más acertada sea dejarse guiar por el impacto del último caso para tomar decisiones. De hecho, no deberíamos olvidar que un caso como el de German Wings ha sido posible gracias a la introducción de una puerta blindada -otra respuesta rápida a una situación de pánico provocada por medios de comunicación- que separa a la cabina del resto del avión.

Cuando subimos a un avión, y prácticamente cuando hacemos cualquier otra cosa, existe un elemento de riesgo. Tenemos dos posibilidades: Aceptar ese simple hecho y tratar de limitar al máximo lo que podríamos considerar riesgos razonables o tratar de controlar absolutamente todo…carrera estéril que no conduce a ninguna parte salvo a que el siguiente problema sea provocado por la última solución.

Quizás sería bueno para los que optan por la idea de control total revisar el caso EgyptAir 990. Ocurrió antes del 11S y aún no había puertas blindadas. De hecho, el comandante del avión entró a la cabina y trató de recuperar el avión. El piloto suicida se limitó a cortar el flujo del combustible a los motores…es decir, si alguien tiene la intención siempre puede encontrar una acción para la que el tiempo disponible no sea suficiente o jugar con el factor sorpresa para neutralizar al que se supone que le controla. En ese vuelo había dos pilotos más que, de haber sospechado qué estaba ocurriendo, podrían haber reducido al suicida…cosa que, evidentemente, nunca podrían haber hecho con una puerta blindada entre ellos, incluso con la regla de dos personas en cabina.

¿Qué tal si este tipo de situaciones se analizan en frío y sin dejarse llevar por la presión, el pánico y los tiempos que establecen los medios de comunicación? ¿Aporta algo el que le hagamos saber al piloto, por el simple procedimiento de que nunca esté solo en cabina, que es sospechoso? ¿Soluciona algo si tenemos en cuenta que otros puestos, como los mencionados más arriba, pueden ser también utilizados para un asesinato masivo?

Un poco de sentido común sería de agradecer algunas veces. Tratar de limitar los riesgos es correcto. Dejar que el terror y la paranoia decidan por nosotros, no.

A %d blogueros les gusta esto: