Germanwings flight 4U9525: a victim of the deadlock between safety and security demands

With the ultimate goal of protecting the lives of those on board, the processes by which the cockpit door is open and closed is crucial. Closing the door is not always right, even though the flight may be threatened by potential terrorists. That a pilot on the flight deck must open the door to his fellow officer outside the door is not beneficial if the crew remaining on the deck inside are incapacitated or unwilling to do so.

Timing and context is key
Feature interaction manifests itself in the way hardware and software interacts, such as in the design of lifts, vehicles or even smart homes. In order to avoid problematic interactions priority needs to be assigned to those features that are paramount — on aircraft, this is protecting the lives of passengers. The key to this is context and timing.

How can the electronic, robotic controller of the cockpit doors collaborate with the human crew member desperately looking for ways to gain entry to the flight deck? Knocking, or even smashing down the door is not enough — because potential terrorists may do the same, and so these eventualities will have been catered for in the initial design.

In this case, an adaptive user interface mechanism, which has been used to simplify complicated software systems, could enhance the usability of an otherwise complex security system. Mobile payment systems, such as Apple Pay, have demonstrated it’s possible to simplify the interface to otherwise complex security systems. For example, users do not need to carry credit cards yet can still properly certify their transactions. Such time-saving elements to verify security could be, in such a contingency as this, a life-saving feature.

Control of the cockpit door must be adaptive to context of the situation, providing a means to bypass the risk of a situation where flight crew is locked out of the cockpit. Had the robotic door controller understood there was a reason the pilot at the controls could not confirm the entrance of the pilot outside — by registering a malfunctioning ejection seat, for example, or reading dying vital signs from a heart monitor — it could override the security requirements and allow the pilot to reenter the cockpit.

We need to reassess the risks and arguments around safety and security in the context of aviation, and find ways of bringing together hardware, software, and the flight crew themselves — perhaps through health monitoring devices — in order to ensure that both these demands work together, and do not become a threat in themselves.

Yijun Yu is Senior Lecturer, Department of Computing and Communications at The Open University. This story is published courtesy of The Conversation (under Creative Commons-Attribution/No derivatives.