Cockpit security used to be about keeping the baddies out of them. From today, it is also going to be about preventing a rogue pilot from being alone in them.
This terrible new reality has become apparent because the public prosecutor in Marseille has confirmed that the young and comparatively inexperienced co-pilot of the Germanwings A320 that crashed in the southern French Alps on Tuesday took control of the jet after the captain left the cockpit and then flew it into a mountain, killing all 150 people on board.
The prosecutor, Brice Robin, named the junior pilot as Andreas Lubitz, 27, a German national.
He said Lubitz had taken manual control of the A320 by disengaging the autopilot and initiating the descent from its cruise altitude of 38,000 feet immediately after the captain was heard leaving the cockpit on the cockpit voice recorder.
Robin said the co-pilot had manipulated the controls to speed up the A320 as it made its descent, ignored all calls to the aircraft from air-traffic control, and said nothing from the moment the captain left the cockpit until impact.
He said the aircraft had skidded briefly in a glancing contact with the rock face, but then disintegrated in making full contact at high speed with the terrain. Most of the debris settled within an area of several hectares on steep ground.
The prosecutor reiterated that the co-pilot had ignored all attempts by the captain to regain entry to the cockpit and had not uttered a single word in response to calls from the captain and air-traffic control. Close to the moment of impact, the captain could be heard attempting to break the door open to no avail.
Terrorist-proofed cockpit doors use a lock, intercom and video-screen system to secure entry, and they can be overridden by pilots or cabin crew on the outside by the use of a special code. However, the pilot inside the cockpit can delay access in such situations for minutes simply by pressing a single button, or by setting a deadlock.
Airlines have known about such risks for a long time but have chosen to look away from them, as if the possibility is too horrible to contemplate.
Past incidents include the SilkAir 737 disaster near Palembang in Indonesia in 1997, in which one pilot apparently murdered another with a safety axe and then flew the jet steeply and at a high mach number into a shallow tidal river.
There is an appalling record of such incidents down the years, and no doubt lists of such atrocities will be in tomorrow’s or even tonight’s newspapers and news sites.
Overwhelmingly, such dreadful events have been brushed aside by airlines and the authorities, and reporters are often “encouraged” not to dwell on them.
But things have changed. There are numerous YouTube videos circulating showing, in detail, how various airlines manage their cockpit security measures, including where the key panel is.
There are already social-media discussions as to how the well-intentioned protocols for keeping A320 cockpits secure could be gamed to prevent a locked-out pilot regaining his seat. A licensed aircraft engineers’ union even boasted recently that a Paddle Pop stick could be used to thwart the locking system on a BAe146 jet.
In July last year, Air New Zealand stood down two 777 pilots after one locked the other out of the cockpit because he didn’t like him. That was an act of madness on the flight deck, considering that in-flight emergencies can happen without notice and require two pilots.
Seen in hindsight, Air NZ actually told the world how what is now claimed to have happened on the Germanwings jet could have happened on its 777.
Qantas, understandably, isn’t prepared to go into any details about its cockpit security protocols, other than to say “The Qantas Group has multi-layered systems in place to protect the flight deck. Understandably, the detail of these systems is confidential.”
That includes, of course, Jetstar.
However commendable those policies are, as well as those of other groups like Lufthansa, and its Germanwings subsidiary, they will, from today, have to be reviewed in the light of the crash in the French Alps.
The threat isn’t just external but internal. It is a horrifying development.
Regular flyers will have noticed that many airlines already have a procedure that aims to block unauthorised access to a cockpit when one of the pilots uses the forward toilet.
This is usually done by either blocking access from the cabin, or putting a trolley in the rather tight space leading to the cockpit door, or both.
All this achieves in the situation said to have occurred on the Germanwings flight is to allow the rogue pilot to prevent the other pilot from regaining his place at the controls, putting aside the issues as to what might then ensue.
Will there be a regulatory overreaction? Can the airlines act to restore any damage to passenger confidence?
Lufthansa CEO Carsten Spohr said he had to accept, as a starting point, all of the conclusions and observations of the French public prosecutor, that the co-pilot had deliberately initiated the fatal descent and knowingly crashed the plane. But he said Lufthansa retained its absolute confidence in the selection, training and standards of its pilots and those of Germanwings.
“My confidence has not been touched by this one incident,” he said. “No security in the world could protect an airline from the kind of action taken by the co-pilot.”
Spohr said Lufthansa would not consider adopting the US practice of requiring a cabin attendant to occupy the seat of any pilot while the pilot was out of the cockpit. “I don’t see any need to change our procedures at this stage,” he said.
However, it is understood that this hard-line stance against such changes has been overruled by the German government, which has directed Lufthansa to change its procedures with immediate effect.
The US rule was designed to deal with a situation where the remaining pilot might become incapacitated by a heart attack or other medical condition and not be capable of admitting the other pilot back into the cockpit.
Australia’s airlines are likely to adopt that US cockpit-management practice soon, or have it imposed on them by regulation at home or, more likely, abroad, although there is no statement to that effect from Qantas or Virgin Australia at this hour.
The US rules have also been adopted since the Germanwings disaster by Air Canada and Emirates, among other non-European carriers.
There are enormous risks inherent in any procedure to allow remote overriding of controls in an airliner, including that of similar criminal interference.
This incident will cause immense heartache all around, as well as inflame the very strong suspicions of criminal acts on board missing Malaysia Airlines flight MH370.
It’s been some time that we’ve had global tracking systems to track aircraft, computerised control systems to fly them from takeoff to landing, and yet airlines refuse to get with it on either of these items. How many more crashes do we have until airlines act on the need to know where their aircraft are, what they are doing and make sure the real danger to them is recognised: human beings!
If strange behaviour of an aircraft were automatically brought to the attention of a remote-piloting team that could override the cockpit controls, the aircraft might be landed safely regardless of its pilots.
A public justification would be that a hijacker could not coerce the pilots to change the flight path. Among the industry, growth in remote piloting in heavy traffic would be seen as a transition into better safety, or alternatively, heavier traffic.
>had not uttered a single word in response to calls from the captain and air-traffic control.
So perhaps was not fully functional
Reportedly breathing normally after having completed complex task of reprogramming flight control to steep descent down to new but dangerous cruise altitude, all within the control envelope which would not trigger override. So sounds like he was functional but no longer humane
Just for now assuming that the theory of the co-pilot deiberately crashing the plane is correct, why didn’t the selfish b….. just quietly go off somewhere and top himself.