Beagle’s view at #527 is a dated and unhelpful view of safety. Even during training and within limits, it might be possible to weed out the less capable pilots, but the process should be based on a deeper understanding of an individual’s capabilities and reasons for poor performance, and not just on a the outcome of a single event.
Humans learn (or should learn) from their variable behaviour; the source of our success is the same as for the ‘failures’. Throwing out the ‘failures’ does little to help others avoid similar situations.
A key issue throughout this event is human performance - situation assessment; similarly the technical aspects of the flight system and human interaction, but another contributing area, the regulatory process is generally overlooked.
With hindsight, why was the aircraft allowed to fly with ‘suspect’ pitots, or if, with reasoned argument, flight was allowed, why into conditions which might result in problems.
These judgements are typical of airworthiness processes, similar to MEL approval, arguing that flight with ‘suspect’ pitots would be safe – the reasonable containment of risk, and based on previous events, knowledge of the environment, technical system behaviour, and human performance. All of these involve assumptions and thus ‘expert judgement’.
However we should not conclude that the regulators ‘failed’, as this too would be the same as blaming the pilots; each group experienced variable performance, which with hindsight was insufficient for the conditions encountered.
Thus the industry might learn from this and manage to turn some of this hindsight into foresight. In this event, a primary assumption was that the human would manage an ice crystal encounter, recognise the ‘system failure’, and fly the aircraft until conditions improved.
We can reflect that a better strategy would have been to avoid the weather situation and only use the human resource in the event of misjudgement of this first step; there would be greater depth in the safety defences. Obviously fixing the pitots would be better, but this alleviation is similar to the balance of risks taken every day and necessary for operation, and which regulators and crews managed very successfully.
In the view above there are also similarities with other recent accidents. In the 737 AMS approach accident and the Madrid MD-80 take-off, the human was relied on as the first line of defence where existing technical solutions were available. The 737 with grandfather rights used a lower (unmonitored) standard of rad alt, and similarly the MD-80 had an unmonitored TOCWS, where other aircraft have improved systems.
Therefore we might review the process of design and certification, and of continued airworthiness (MEL), and enquire if in modern, complex operations, the industry relies too much on the human as the first line of defence.
Also, we might consider that human performance may not be as assumed due to different training standards, fewer opportunities for experience, and different social attitudes to flying modern aircraft – automation dependency, instant gratification (information) Wiki-Google-geeks, and reliance on SOPs.
Has the industry drifted too close to a safe boundary, or have we identified a new boundary involving a complex interaction of the many factors in modern operations?
Alternatively, in our ‘very’ safe industry, the rare and unusual accidents stand out and our natural human bias focusses on the most salient aspects or easier ‘blame’ option; this might be the public perception, but it should not be that of the industry if we are to learn from this event.