20

In July 1989, the United Flight 232 crashed in Sioux City, Iowa, while the pilots were trying to land on the runway without any yoke control. Today, I was reading the PHAK and found this phrase: "In the event of complete (hydraulic or electrical) power unit failure, movement of the control surface can be effected by manually controlling the control tabs" (4-46).

Why didn't the pilots of the United Flight 232 have a backup manual control when their hydraulic system failed? Is it because the aircraft (DC-10) was equipped with three independent hydraulic systems, which were considered to provide adequate redundancy for emergencies? Then, what about other modern passenger jets like Boeing and Airbus models? Do they have a backup manual control system in case of such a hydraulic or electrical control system failure?

lemonincider
  • 7,567
  • 6
  • 51
  • 110
  • 2
    Boeing 737 has manual backup. After UA 232, hydraulic fuses were installed in most aircraft types, not in DC-10s though. – Koyovis Aug 06 '17 at 00:49
  • 1
    @Koyovis Yes I found that out later while studying the role of control tabs on the wings, which function as servo tabs in case the pilots have to fly manually. Thanks – lemonincider Aug 06 '17 at 04:20

1 Answers1

42

On any large jet (the DC-10 was a wide-bodied plane, seating around 300 people), the control surfaces are simply too large to move without hydraulics. Manual control is impossible, and multiple redundant hydraulic systems are provided. This applies to any large plane.

It's considered unlikely that all the hydraulic systems will fail independently. The specific problem on United flight 232 was that the failures weren't independent: all three hydraulic systems were severed by the engine in the tailplane failing and spewing lumps of metal into the narrow conduit that carried the hydraulic lines.

David Richerby
  • 11,875
  • 4
  • 46
  • 86
  • 9
    If a system fails catastrophically enough, it doesn't really matter how many redundancies are installed. – hBy2Py Mar 06 '17 at 05:03
  • 7
    @hBy2Py That statement carries almost no information: it's a definition of "catastrophically enough" and it doesn't say anything about whether "catastrophically enough" is even possible. For example, the third engine of UA232 failed catastrophically enough to take out all three hydraulic systems, but it didn't fail catastrophically enough to take out the other two engines. – David Richerby Mar 06 '17 at 08:45
  • 2
    In one comment @DavidRicherby sums up a large part of engineering. – Chris H Mar 06 '17 at 09:31
  • 1
    It's probably worth noting that the exact same damage that severed the three hydraulic systems would also have severed any backup manual control system if one was installed there. – Peteris Mar 06 '17 at 09:36
  • 4
    @Peteris Honestly, I don't think that is worth noting. First, it's not necessarily true: a punctured hydraulic system is busted, whereas a partially cut cable is still a cable. But, most importantly, the lack of a mechanical backup had absolutely nothing to do with the possible failure modes of such a system. There was no mechanical backup because, even when in perfect working order, it wouldn't enable the pilots to move the control surfaces. – David Richerby Mar 06 '17 at 09:56
  • @DavidRicherby Adding to your comment... Encased cables can easily fail stuck, especially when partially cut, meaning it won't matter how many redundant controls you have if that cable is jamming the system. And cables sticking is actually the most common failure mode for them, and is vastly more common than hydraulic faults. If you're adding backup controls, the very last thing you want is for your backup to be less reliable! – Graham Mar 06 '17 at 11:17
  • 2
    @DavidRicherby Some jokes are pretty information-free, yes. If you want to flag that comment as too chatty, please do. – hBy2Py Mar 06 '17 at 11:35
  • 2
    In response to the accident, they added "fuses" to the hydraulic lines to stop them from bleeding dry and manufacturers did a better job to route hydraulic lines along different runs so that one failure doesn't take them all out. – Gray Mar 06 '17 at 15:44
  • 1
    @Gray That's reassuring. This accidnet was not wasted. Thank you. – lemonincider Mar 07 '17 at 09:50
  • 3
    @lemonincider - very, very few are. The entire airline industry does its best to learn from every accident, especially the fatal ones. – FreeMan Mar 07 '17 at 21:37
  • @FreeMan: And almost all of the ones they don't learn from are ones where they never found out what caused the accident in the first place, so they don't have any way of knowing how to keep it from happening again. – Vikki May 25 '18 at 01:05
  • @Peteris: Even if all the cables to the tail were severed, the aileron/spoileron part of our hypothetical DC-10 manual-reversion system would still have been left fully intact (which would have greatly eased control of the aircraft, by allowing mechanical aileron/spoileron control and allowing the pilots to dedicate the throttles to controlling altitude instead of also having to simultaneously throttle-steer the aircraft), unlike the hydraulic situation. – Vikki Apr 30 '20 at 00:26