A tiny piece of data needed to run the West's largest turboprop engines is said to be at the centre of a complex chain of events under scrutiny following an Airbus A400M military plane crash last month.
The troop and cargo carrier crashed outside Seville, Spain, on May 9th after three of its huge turboprop engines froze just minutes into a routine pre-delivery test flight, killing four of its six crew members.
At the heart of the investigation are crucial computer files that tell the military carrier, developed at a cost of €20 billion, how to control its four engines, sources have reported.
Computers operating each engine cannot work if this data, which is unique to each of the turboprops, is missing.
Investigations are at an early stage, but the key scenario being examined is that the data - known as “torque calibration parameters” - was accidentally wiped on three engines as the engine software was being installed at Airbus facilities.
An Airbus spokeswoman said the investigation was continuing and that it was too early to draw conclusions.
“Safety is our first priority and we will do all that is necessary to get the full picture of what could have led to this tragic accident, and take the necessary action,” she said.
European Nato owners of the aircraft have now been instructed not to use the Airbus computer system that was used to conduct the software installation on the A400M.
Investigators are poring over maintenance records to see how safety procedures failed to notice the erased parameters.
But the combination of lost data and incomplete checks may also have exposed a vulnerability in the amount of information provided to the pilots as they prepared for the maiden flight of the plane, which had been sold to Turkey.
Under the A400M’s design, the first warning pilots would receive of the engine data problem would be when the plane was 120m in the air, according to a safety document.
On the ground, there is no cockpit alert.
That system has been in place since the A400M first flew in 2009. It was reviewed last year as the latest engine software was being released, but regulators approved it on the basis that the chances of failure were small and the installation procedure included extra checks.
The European Aviation Safety Agency (EASA), which is responsible for A400M certification, declined to comment.
Risk management
It is not unusual for engineers, facing finite resources, to focus on known risks and manage remote ones by putting extra checks in place, like the ones that appeared to fail the A400M.
However, as the pilots took off, another safety feature came into play only to turn against the crew, according to industry experts.
Without the vital data parameters, information from the engines is effectively meaningless to the computers controlling them.
The automatic response is to hunker down and prevent what would usually be a single engine problem from causing more damage.
This is what the computers apparently did on the fatal flight, just as they were designed to do.
“Nobody imagined a problem like this could happen to three engines,” a person familiar with the 12-year-old project said.
EASA has since issued an emergency warning of “reduced control of an aeroplane” if two or more engines are affected in this way.
A spokesman for EASA confirmed it had sent an unpublished directive to A400M buyers, but declined further comment.
Reuters