AMSJ » Software, Sensors and Safety Add-Ons | The cost of remaining safe
Incident Prevention/Mitigation LATEST NEWS Mine Design and Safety Engineering Risk Management Vehicle Safety

Software, Sensors and Safety Add-Ons | The cost of remaining safe

safety critical technology 737 Max disasters
Should safety critical technology be included as part of the purchase price?

The safety revelations surrounding the recent Boeing 737 Max crashes should make us stop and take a good hard look at whether available safety critical technology should be an option on many pieces of equipment used across the mining industry. Why shouldn’t the best safety technology be included in the manufacturer’s price? Why do we have to pay extra to keep people safe?

Most of us wouldn’t buy a car without airbags and ABS and we certainly wouldn’t consider a vehicle without seat belts to protect our family. But it seems that if you wanted to buy a Boeing 737 Max, you have to pay extra for a range of critical safety features that mitigate the risk of a critical failure…which could mean the death of hundreds of passengers.

In the US, investigators are still examining whether a new software system that was added to avoid stalls in Boeing’s 737 Max may have contributed to the recent crashes…but it looks probable.

It has been widely reported that faulty data from the angle of attack (AoA) sensors on the Lion Air 737 Max (Flight 610) aircraft may have resulted in incorrect information being delivered to the Artificial Intelligence (AI) based MCAS (Maneuvering Characteristics Augmentation System).  It is believed that the incorrect data may have been one of the leading contributors to the crash.

Apparently, a faulty sensor reported that the aeroplane was stalling. The sensor data triggered input to the MCAS. MCAS tried to point the aircraft’s nose down so that it could avert the stall and gain enough speed to fly safely.

The incident investigators have concluded that the flight characteristics of the Ethiopian Air and Lion Air 737 MAX8 aircraft were similar before both aircraft crashed and they say that the flight characteristics were consistent with pilots ‘fighting’ the aircraft’s MCAS to pull the nose of the aircraft up to a safe level.

So you are probably asking what’s all this got to do with mining equipment safety technology?

Well as we know all too well the range of automation on mining equipment is growing at a rapid rate and so is the rate of sensors used to operate the equipment. These sensors will inevitably fail at some point in their life span and, while redundant systems are designed to immobilise the machine at the point of failure, it is possible that sensor data can look ok when it’s not… resulting in variable machine behaviours which may result in increased risk.

But it’s not only automation…some safety-critical features like seatbelts and interlocks are still considered optional on some mining equipment…more on that later.

In Boeing’s problem, some safety-critical features/systems were considered as an add-on to increase the overall sale cost of the aircraft. Investigators say that if some of the ‘safety add ons’ were included then they could have helped the pilots easily detect any erroneous information and subsequently immobilised the system failure.

Boeing’s optional safety upgrades included an angle of attack indicator which displays the data received from the angle of attack sensors. Another was called a disagree light that when activated indicates that there is some disparity in sensor data.

The NY Times has reported that Boeing knew of this issue (and was working on a fix to include the disagree light) for some time and will now update the MCAS software, and will also make the disagree light standard on all new 737 Max aircraft.

But the safety critical angle of attack indicator may still remain a ‘safety add-on’ that aircraft operators can choose to purchase or not. They are not mandatory because regulatory authorities haven’t legislated their use.  

An analyst for Aviation Consultancy Leeham recently told the NY Times that “They’re critical, and cost almost nothing for the airlines to install. Boeing charges for them because it can. But they’re vital for safety.”

Boeing’s ‘safety add-on’ list is somewhat thought-provoking from a safety perspective.

From backup fire protection systems in aircraft holds (which mitigate the effects of a hold fire if the first system fails), extra oxygen masks to cover crew, advanced weather radar systems. All of these ‘safety technology add-ons’ can apparently increase the overall sale value of an aircraft by 5-7% (of which is a high margin for the seller). So for a 737 Max 10, it could potentially add around $6.75 million at the lower % end. It’s like the $5K option that you have to pay for the leather interior in your luxury car…worth about $1K to the manufacturer at the most.

One has to wonder if many of these systems should be included. We all assume that each and every aircraft is fitted with the best safety technology and equipment that money can buy…but that may not be the case because the airline operator may not be obliged (under regulation) to fit the best safety equipment.

Coming back to mining, we all recognise that many leading manufacturers see the benefits of safety technology and the value they add to the overall the sale process for their equipment, however, some manufacturers build to a customers spec which is often as ‘cost-effective’ as possible.

While regulators do provide guidance around specifications, they seldom would push the envelope in respect of critical safety equipment installations. The onus on the designer carrying out a design hazard analysis (design risk assessment) to identify all reasonably foreseeable hazards associated with plant and to provide fit-for-purpose means to control risk to health or safety seems to be the mantra.

Mining regulators require designers to ensure that the plant they supply is designed to be without risks to the health and safety to persons when used for a purpose for which it was designed.

Of course, this all goes horribly pear-shaped following an incident when regulators and manufacturers scramble to examine applicable standards to which a piece of equipment did or did not comply. There becomes a sense of urgency on both the manufacturer and the regulator to justify their respective positions.

Like the Boeing scenario, the issue can become highly contentious (even amongst experts). Should have Boeing installed the indicator light as standard equipment? We now believe most probably it should have been a core piece of safety-critical equipment but… prior to the incident, Boeing clearly thought that it was a nice to have rather than a must-have and subsequently included it on the options list.

Regulators say that potential failure modes should be identified and control measures implemented to result in fit for purpose plant in which the potential for safety-critical systems to fail is eliminated or minimised.

But is this just too ‘wishy-washy’ when it comes to safety-critical equipment? Could an aviation regulator who had the competence to review and approve Boeing’s systems averted the disasters? Time will tell but you must wonder what contributory negligence the aviation regulator will have in these two disasters.

AMSJ recently heard of a newly delivered underground piece of mining equipment that was involved in a serious collision incident that was not fitted with interlocking doors and seat restraints let alone key safety equipment like proximity detection. When we asked the mining company operating the equipment they replied “We just bought it that way. The manufacturer should have known what the standard was.” Of course, when we asked the mine operator “So what was your responsibility in the chain of events?” a significant moment of silence prevailed.

We were also informed of another piece of locally engineered mining equipment that was involved in a recent fatal accident where the design characteristics placed operators at significant risk multiple times a day….of course until the fatal incident occurred.

Imagine that you’re in the market for a new Caterpillar 797F Haul Truck today you can choose a variety of safety options. Cat lists for consideration by purchasers such as the Cat Detect System, cabin air pre-cleaner, road analysis Control (RAC), portable fire extinguisher, torque converter guard, brake wear indicator gauge, rim guards just to name a few. Of course, we recognise that not every operator would require Cat to install their portable fire extinguishers because they’d have their won preferred supplier…but you’d have to think there are some subtle safety benefits in the brake wear indicator and the torque converter guard.

There are lessons from the Boeing 737 Max disasters for the mining industry. No doubt, many lessons will become evident as the investigation process progresses, but there are some simple takeaways right now.

  • Software-based systems rely on sensor inputs and those inputs can fail (even on the best systems);
  • Programmable software systems also have limitations. Knowing those limitations is important in the safety value chain;
  • Safety-critical systems should be integrated and tested by manufacturers, not just bolted on after the event;
  • Governments and Regulators have a critical role to play in proactively managing and assessing safety-critical systems. Funds need to be allocated by Governments and recruitment of competent professionals in a range of new and emerging disciplines must be considered part of the regulator’s role.

As the mining industry, like the aviation industry, relies more and more on autonomous systems for the safety of equipment and personnel, we should not forget that without rigorous safety-critical assessment processes from designers, regulators and operators, a future disastrous event may be looming in the background. For now, our fingers are crossed!

Read more Mining Safety News

Autonomous mining trucks collide at Jimblebar

Add Comment

Click here to post a comment

AMSJ Summer Emag