NTSB Accident and Incident Investigations

From Triple-sevens to Quad-copters

Bill English

NTSB Investigator in Charge

SUSB Expo, April 28, 2015

San Francisco Last time I was here… The drone will fly

in from right over there…

Introduction

3

• Participants in pending commercial segment

• Professionals, aviation industry

• Must deal with accidents/incidents/events

What is the NTSB?

• Investigative agency

• “Determine Probable Cause, and make recommendations to prevent recurrence.”

• Independent – not FAA, DoT etc.

• Board – 5 Presidential Appointees

• Modes and Support

• Aviation, Rail/Pipeline/Hazmat, Marine, Highway

• Laboratory: Recorders, Materials, Vehicle Perf.

• Safety Rec’s, Family Assist, Public Affairs, Legal

• Wait, isn’t there another function of the Board?

Board also hears appeals

• FAA certificate/civil penalty

• Also Coast Guard penalties

• Administrative Law Judge

• First level

• Full Board

• Pirker case

• Did NOT redefine the term aircraft:

• “49 USC 40102(a)(6) [and] 14 CFR 1.1…are clear on their face.”

• Decided a narrow issue:

• “the prohibition on careless and reckless operation in 14 CFR §91.13(a)”

• Mooted by PL 112-95

• No applicability to commercial operation

How does NTSB work?

• Investigate accidents and incidents, by statute

• History of UAS involvement

• Not isolation – party system

• International treaties/protocols

• Scope

• Incidents (Events) – 830.5 notifications, options. Hobby? Sightings? “Safety issues”

• Thorough - appropriate

• Limits - Pt103, Enforcement, Security, Privacy (White House guy)

• Media relations

What defines a UAS accident?

• Civil aircraft

• Or non-military Public (Fed/State/Local)

• Sec 333, COAs, Exp, Part 107 (pending)

• Substantial Damage and/or Serious Injury or Fatality

• “from the time the system is activated”

• Excludes <300 lbs if no injuries

• Required Notifications

• In-flight fire, flight control malfunction (define?), crew member

incapacitation, midair collision, $25000 ground damage, rotor

blade damage (!!) etc.

• Other Significant Safety Events

Sightings

• FAA developing a

taxonomy/procedure for

handling – multiple

functions

• Safety, Enforcement,

Security, Privacy

• Possibly like Runway

Incursion index,and/or

Laser events.

• LEA guidance

8

sUAS stakeholder roles

• Party system

• Direct role in investigation

• Safety/Technical participants

• Work under NTSB

investigator/groups

• Provide all relevant info

• Access to all factual info

sUAS stakeholder roles

• Operator

• Commercial company

• Public Agency

• Individual (General Aviation)

• Manufacturer

• Assembler?

• Software?

• Regulator

• FAA, by law

• Public Agency – if PAO

• Foreign entities - ICAO Annex 13

• Others - as appropriate

Preparation for events

• Staff for safety

• Company response structure

• Checklists – what to lock down

• Response – what to bring along

• Know your hardware/software/documentation

• Safety/SMS

• Your internal assessment

• Operational and Airworthiness records

• What to report

• NTSB form 6120

• FAA

• Others (AAIB-UK)

Investigations in practice

• A major civil UAS accident

• No way to predict scenario

• Avoid the “Three Mile Island Event”

• Safety investigation principles

• Causes and recommendations• Not enforcement

For illustration only – not an actual event

Press and Pressures

Investigator

Board

Member

Investigations in practice

• Determine safety issues in context

• Man/Machine/Environment

• (Management, Method)

• Sequence of Events – “What”

• Empirical, documented

• Active Failures/Factors

• “How” did each event occur

• Root Cause(s) – “Why”

Investigations in practice

• Move from Direct/Proximate Causes…

• Sequence of events

• Identify gaps

• Iterate sequence

• To Root Causes/Latent Conditions

• Often organizational/cultural

Investigations in practice

MAN-MACHINE

INTERFACEPROCEDURES

TRAINING

MANUFACTURING /

INSTALLATIONMAINTENANCE DESIGNMISUSE

SUPERVISION &

STAFFING

PERSONAL

CONDITIONCOMMUNICATION

PLANNING &

RECORDS

VERIFICATION /

VALIDATION

REQUIREMENTS

SPECIFICATION

SAFETY /

RELIABILITY

ASSESSMENT

QUALITY & SAFETY

ASSURANCE

HUMAN ERROR

(OPERATIONAL)

KEY EVENT

EQUIPMENT

FAILURE

FAILED/MISSING

SAFETY

CONTROL

REQUIREMENTS

IMPLEMENTATION

Regulator

RO

OT

CA

US

E

Manufacturer

Operator

Direct Causes

Investigations and Issues

• Real life lessons learned

• “How drones crash” – common scenarios

• Military history

• Factors/Causes:

• Carb ice

• Mission Pressure

• Ditching

• No divert capability

• Loss of Control

• No battery monitoring

• Mode Confusion

• New function test engaged

• Case Studies – Police Helo, Multi-rotor battery

Investigations and Issues

• Similarities and difference to manned?

• Commonality with technically advanced aircraft

– large and small

• Mode Confusion: “What’s it doing now?”

• Common features to investigating ATC

• Recorded data – no standards

• Frequency spectrum aspect

• Plan your flight, fly your plan

Four Principles of Drone Safety(inspired by Jeff Cooper and Isaac Asimov)

• Treat all drones as if they are always powered up

• Ground injuries, hazardous materials or components

• Never fly over anything or into airspace you have

not considered

• Your specifc mission and capabilities – 107? LE?

• Crowds? Controlled Airspace? Terrain and weather!

• Ensure your drone is ready for and capable of your

planned mission

• Right platform for this job? Modifications? Mission pressure,

Terrain and weather!!

• Be sure of your flight mode and what it will do next.

• “Ahead of the aircraft”

Case Study

• Mishap scenario - Lake Conroe

• Police Dep’t received grant

• Local manufacturer – “military grade”

• Aircraft lost after main rotor blade delamination

• Blade manufacture of hobby-grade

• Previous maintenance/mishap events

• Inappropriate platform for mission

• Lack of awareness of airworthiness responsibility

20

21

Case Study

• Mishap scenario - Lake Conroe

• Police Dep’t received grant

• Local manufacturer – “military grade”

• Aircraft lost after main rotor blade delamination

• Blade manufacture of hobby-grade

• Previous maintenance/mishap events

• Inappropriate platform for mission

• Lack of awareness of airworthiness responsibility

22

Determine Cause - event redacted for discussion

• Mishap scenario – Individual Videographer • Prep flight for filming job, COTS multi-rotor

• Flew mission, low battery, lost aircraft

• Pilot statement – had flown length before, was “sure” battery was fully charged

• Telemetry data:• Long period powered on ground

• Took off with low voltage

• Failsafe returned to launch

• Pilot switched modes, returned to mission

• Failsafe again triggered – too late

23

FCC Critical Set

24

Sequence of Events – Gaps?

Takes off with low

voltage

Battery failsafe –

RTL overridden

Executes moderate

length mission

Top Level Event

Low voltage,

motors fail

Pilot: Battery fully charged

Ground delay

Pilot switches modes

Mission continues over

residential area

What is history

of battery -

cycles?

Does pilot understand

GCS battery monitor?

Documentation?

Pilot monitor

battery voltage

at GCS? Pressure to

complete?

Significance of mode

switching – training,

documentation?

NPRM/Part 107

• NTSB has commented

• [TBD when notation finalized]

• Expands the universe of civil aircraft operations

• Some unknown territory

• Operational – Test or Flight Training vendors and prep?

• Airworthiness/Maintenance – Manufacturer/vendor

support?

• Part 830 will apply – scoped appropriately

• Will we modify 830?

Summary

• Events will happen, robust investigations, you are part of this – before/during/after

Bill English

bill.english@ntsb.gov

202-297-8875

NTSB Comm Center

cc@ntsb.gov

202-314-6290

Questions and War Stories

“There I was…flat on my back at 20,000 feet...”