On Engine Power SRM for US Airways Flight 1549

On the morning of January 15, 2009, shortly after the pilots had concluded the takeoff checklist post-departure from New York City’s LaGuardia Airport, US Flight 1549 collided with a flock of migratory birds, causing complete power loss. Just 5 minutes and 8 seconds after takeoff, the A320 ditched into the Hudson River. Thanks to Captain Chesley “Sully” Sullenberger’s exceptional skill and decision-making abilities, the entire crew and 150 passengers survived his emergency landing on the makeshift runway. This event provides an interesting case study into safety risk management (SRM) and fail-safe operations for commercial aircraft.

This article will cover concepts of system safety and fail-safe operations as they relate to this event, and the 5-step FAA safety risk process as if we’re designing the failed functionality/components (engine power) of the overall system (aircraft).

System Safety Risk

When Sully and his co-captain were working through the quick reference handbook, a step-by-step guide to dealing with emergencies, they likely weren’t considering the depth of safety engineering that went into the specific policies and procedures in front of them. These procedures were developed by safety engineers as a risk control strategy in the event that a hazard is realized as an event.

The objective of safety engineering is to formally identify, assess, control, document, and mitigate or eliminate system hazards at an acceptable level of risk. In the case of Flight 1549, the loss of engine power was a critical failure that put the safety of both the passengers and crew at risk.

The Airbus A320 aircraft contains two high-bypass turbofan engines mounted under the wings. The engines are designed to be reliable and environmentally friendly, with low emissions and noise levels. These are critical to the aircraft as the only thrust-producing components. The inlet through which the turbofan generates power also presents a vulnerability to birdstrikes.

Birdstrikes are a potential hazard to aircraft engines in their operating environment, in which a bird, while flying, is intercepted by the aircraft and ingested in the engine.

According to the Office of Airport Safety and Standards, globally, wildlife strikes killed more than 293 people and destroyed over 271 aircraft from 1988–2020, with most occurring during takeoff and landing. While this at first appears to be a startling statistic, considering that the FAA air traffic by the numbers in the US in 2021 accounted for 13,028,643 flights, this hazard can be recognized as an extremely improbable event.

For the sake of the argument, if we can make the assumptions that the US accounted for half of the wildlife strikes and air traffic in 2021 was average from 1988–2020, the likelihood of a wildlife strike in the US destroying an aircraft would be approximately 4.2 per year, or a 1 in 3.25M chance per flight.

Even though this occurrence is an extremely improbable event for any passenger, in terms of the overall volume of flights, this should be considered a probable event. Coupled with the fact that, at a minimum, the consequences of a birdstrike is major with physical distress or injuries to people and substantial damage to the aircraft, and an unmitigated birdstrike may be catastrophic with multiple fatalities and the loss of the aircraft, it’s safe to say that birdstrikes can be considered high risk.

Controlling Safety Risk

There are several ways to mitigate risks, such as eliminating the hazard, reducing the likelihood of the hazard occurring, or minimizing the consequences of the hazard. The mitigation strategies should be designed to reduce the risk of the hazard to an acceptable level. While it wouldn’t be feasible to eliminate the hazard of birdstrikes completely without endangering all of the large species, we can take steps to minimize the consequences of the hazard through fail-safe operations and minimize the chances the hazard occurs through prevention techniques.

On Fail-Safe Design

Fail-safe design is a critical concept in aviation safety, particularly in the design and operation of complex systems like commercial aircraft. The fail-safe design uses redundancy and other design approaches to handle single or multiple component failures such that if any one component or system fails, the overall system can still safely operate, minimizing the consequences of the hazard. In this case, the aircraft’s design had several fail-safe mechanisms including emergency procedures and systems that helped ensure the safety of the passengers and crew. Despite the complete loss of engine power, the aircraft was able to remain under control and make a controlled landing on the Hudson River.

Emergency Procedures

The aircraft’s crew were trained to follow specific emergency procedures in the event of an engine failure. These procedures included checking for other damage to the aircraft, selecting an appropriate landing site, and preparing the passengers for an emergency landing. In the case of this event, the pilot was required to mitigate the severity of hazard through a checklist of emergency procedures. Unfortunately, when investigators reviewed the procedures, what they found was a guide for an event that occurred at 20,000 ft altitude, where a crew would have plenty of time to slowly and carefully go through a 3 page checklist, at the end of which was a guide for ditching the airplane. Captain Sullenberger was only able to get through approximately 50% of this checklist in the time that they had that morning. The crew spent a lot of time going through the checklist when they could have been preparing for ditching the aircraft. Overly complicated checklists have likely played a role in deadly plane crashes in the past. Similarly, in 1998 a fire broke out aboard a Swiss Air passenger jet. The checklist the crew used would have taken up to half an hour to complete, which they didn’t have.

Captain Sullenberger deserves additional recognition for the following reasons:

1. Quick assessments of the situation: When the aircraft struck the flock of geese, both engines were disabled. Sully quickly assessed the situation and recognized that the aircraft would not be able to make it back to an airport.
2. Swift decision-making: Based on his assessment, Sully made the swift decision to land the aircraft in the Hudson River, which he deemed to be the safest available option.
3. Controlled landing: Sully expertly executed a controlled landing of the aircraft on the Hudson River, ensuring that the impact was as gentle as possible and minimizing the risk of injury to passengers.
4. Effective communication: Throughout the emergency, Sully communicated clearly and effectively with the crew and air traffic control, coordinating their efforts and ensuring that everyone was on the same page.
5. Quick evacuation: After landing the aircraft, Sully made sure that all passengers and crew members were evacuated from the aircraft as quickly as possible, taking into account the cold water temperature and the potential risks of hypothermia.

Overall, Captain Sullenberger’s quick thinking, expert skills, and effective communication were instrumental in ensuring the survival of everyone on board Flight 1549. His actions have been widely recognized as an exemplary display of aviation professionalism and have set a high standard for all pilots in the industry.

Emergency Systems

The aircraft was equipped with several emergency systems that could be activated in the event of an engine failure. For example, the auxiliary power unit (APU) provided backup power to the aircraft’s systems. Sullenberger started the APU which wasn’t on the sequence but helped maintain the flight envelope protections, which prevented the aircraft from stalling once the airspeed dropped below operational levels. The APU is an emergency generator that keeps critical electrical systems running, including the instruments and screens which Sully used in the heroic landing.

Prevention Techniques

Mitochondrial DNA (CO1) sequences from tissue samples were compared with samples in the BoLD database to obtain 99–100% species match to branta canadensis, commonly called the canadian goose. These results were similar to values from feather samples of populations that are known migrants from the Labrador region, and were significantly different from resident feathers collected in New York City, indicating that these were migratory birds. Therefore, it’s reasonable to hypothesize that these birds were undertaking a short-distance movement on their wintering grounds in response to freezing temperatures and snow cover, in an effort to find open water and food, a behavior commonly found in species of birds wintering at temperate latitudes.

In the case of US Airways Flight 1549, prevention strategies for birdstrikes may have involved installing bird detection radar, implementing bird dispersal programs, and modifying engine designs to make them more resistant to birdstrikes to help minimize the risk associated with them in the future. These mitigation strategies would need to be developed and tested to ensure their effectiveness before being implemented. Additionally, regular inspections and tests would need to be conducted to monitor the effectiveness of these mitigation strategies.

Conclusion

By the looks of it, the safety of the crew and passengers were secured not because of system safety procedures, but in spite of them, owed mostly to the fact that the ditching occurred in good visibility conditions on calm water and was executed by a very experienced and professional flight crew

The US Airways Flight 1549 incident highlights the importance of system safety and fail-safe operations in the aviation industry. The FAA safety risk process provides a structured approach to identifying, assessing, and mitigating potential hazards in complex systems, such as the engine power system of the A320. Developing and implementing mitigation strategies is a critical step in the FAA safety risk process for addressing hazards in complex systems such as aircraft. The strategies should be designed to reduce the risk of the hazard to an acceptable level and be tested and monitored regularly to ensure their effectiveness. In this case, a combination of actions by the crew helped to manage the risk associated with the birdstrike, reducing the severity of the associated outcomes and saving everyone’s lives onboard the plane on that fateful day.

For anyone reading this: All comments critical or otherwise are appreciated. How have you seen safety risk management used in your life or career? How can I improve my writing? Do you have similar stories? What can you tell me about my stories?