Common design fault and unsafety in Boeing 737; backup system fails when primary system fails

Almost two decades ago, the Boeing 737 was in commercial use by various airplane lines where at least at the time this type of plane suffered from a common fault, and it is even speculated that this would be the cause the failure of the pressurization control system of the catastrophic fatality crash of the Helios 522 in 2005. The incident of the Boeing 737 was a result of a complete pressurization failure, where multiple factors seemed to go wrong. One of the speculated reasons was an unsafe design of the wiring that is contrary to safe design methodologies of highly essential (high risk when failed) components. One of the reported incidents, but still before the fatal accident in 2005, was an exactly relating pressurization problem in May 2003, where the aircraft was flying between Marseille and London [1]. At 34,000 feet (10.36 kilometres), the airplane suddenly lost pressure. In this case, the problem was detected in time by the pilots and the aircraft was safely landed. It emerged that a loss of pressure was caused by a burned wire. This particular wire was crucial as it connects the pressure switch in the cockpit with the outflow valve. This outflow valve regulates the cabin pressure (Figure 1).

Figure 1: Cabin pressure regulating components and their orientation on the plane [2]

In the investigation executed by the Aircraft Accident Investigation Board (AAIB), it was discovered that wiring had shorted and a particular bundle of wires, called a loom, was actually seriously damaged. This loom (Figure 2) was important for the control of the pressurization, hence a hazard that can be deemed as high risk. Furthermore, the investigators established that the main wire and the backup wire run through the same channel. In other words, if the one (main) wire fails, the other (backup) wire fails as well.

Figure 2: Loom damage [1]

This is totally contrary to safe design methodologies. Backup systems, especially backups of primary systems that are deemed high risk (catastrophic consequences when failed), should be designed and placed in a location independent from the failure of where the primary system is located. Days before the crash of flight 522, employees reported a burning smell. It seemed that no further investigation was made at the time, and therefore this wiring problem was highlighted in the Air Accidents Investigation Branch (AAIB).

Although airplanes generally are equipped with independent warning systems and visual cues to report pressurization loss and have fixed as well as portable oxygen supplies on board so the pilot can choose to quickly lower altitude when pressure loss is detected, the hazard of a burned loop is relatively easy to control by designing it wisely. The design adaptations and recommendation to control the hazard are:

  • Reinforce the main and backup wire
  • Separate the main and backup wire orientations across the Boeing 737
  • Implement an accurate sensing system to communicate failure and the location of the loom damage to pilots and maintainers

References:

[1] Aircrafttechnic.com

[2] Boeing 737-436, G-DOCE: Aircraft Accident Investigation Board (AAIB)