Air France Flight 447 
What Happened?
Airbus A330-203
Flight from Rio De Janeiro to Paris
328 people died
Aircraft missing for 2 years
Went missing without a warning or mayday
3 Pilots
Entered intertropical convergence zone(storm only present in certain locations)
Thunderstorm interrupted equipment function (pitot froze)
Auto pilot shuts down
Co-pilot takes manual control
Less experienced pilot in control
Lost all speed information
Co-pilot pulls up on control stick and plane climbs
Plane stalls and starts losing altitude
Not enough air to fly plane on
Plane drops at 700ft per minute and crashes into ocean
Nature of System
Design Failures and System Life Cycle
click to edit
Issues and Findings
Questionable decisions by pilot to fly through storm
Equipment design failures/socio technical system failures
Pilots don't know how to handle this situation. Pilot in control pulls up on control stick, making situation worse
Had the pilots done nothing, they would not have crashed
(BEA 2012)
Pitot design not effective
Emergency notifications not effective
Not designed well in terms of cognitive ergonomics
No instructions for pilots on emergency warnings
Not designed to handle situation it was presented with
Design didnt anticipate pilot reactions
Design was big causal factor in crash
System and design faillures considered major causal factors
Speed reading failure
Pilots didnt trust the warnings and thought they were innacurate
Why it Happened?
System failures
Industry wide system failures
Standards did not account for pitot failure in cold weather
Air France was following industry best practice and standards
Not Air France issue, industry wide failure occurred
Organisational failures
Redesigned pitot rollout too slow
Training failures
Lack of similar precedent to examine during training
Not encountered issue like that before in training
Pilots unaware of what to do
Technology failures
Design Failures
Should not have been able to do that . Should have been designed out .
Both pilots pulling on control stick in opposite direction.
Failure in the design of the warning system
click to edit
Warning system caused confusion
Design failure
Cognitively diffiucult to use
Technology not taken seriously due to repetitive failures
Computer system failure
Pitot system failure
Human Factors
Pilots decided to go through storm rather than over
Questionable decisions
Inexperienced pilot given control at crucial time
Lack of experience in emergency situation
Pilot had lack of sleep due to partying
Making the wrong decisions
Not reacting appropriately to failures
Miscommunication between pilots
Poor equipment design
Poor communication
Human machine interactions
Should have been identified in the design phase
‘12 human factors’ (Nzelu et al. 2018)
Lack of communication, complacency, lack of knowledge, distraction, lack of team work, fatigue, lack of resources, pressure, lack of assertiveness, stress
Pilots did a number of these (Nzelu et al. 2018)
2009
Design failures should have been found and rectified in the desgn phase of the lifecycle (Kornecki & Zalewski ND).