Airliner fuel-tank inerting may be impossibly expensive, but it is not the only way of preventing fuel tank explosions.

A cost-benefit analysis cannot expect applause if its conclusion is that human lives may be lost to a known risk because reducing or eliminating that risk costs too much per life saved.

The US Federal Aviation Administration is to be faced with making such a decision over fuel tank inerting, and it is set to follow the advice of its Aviation Rulemaking Advisory Committee, which says that reducing the risk of fuel tank explosions by this method costs too much using today's technology. Try telling that to the relatives of the 230 passengers and crew aboard the Trans World Airlines TWA 800 flight, who all died when the Boeing 747's centre fuel tank exploded, probably due to an electrical fault. Try telling that to family of the Thai Airways stewardess who died when her Boeing 737 blew up on the ground at Bangkok on 3 March this year. These are not the only cases, and the National Transportation Safety Board (NTSB) predicts that there will be more unless tank inerting is implemented.

For years the NTSB has argued that tank inerting, using non-flammable nitrogen to fill the volume above the fuel before vapour fills the space, was the only way to control the explosion risk. Until the TWA 800 disaster, the FAA had remained resolute in its dogma that the best way of avoiding explosions is to ensure that there is no ignition source. The FAA's solution is unquestionably the best one if only such an aim were achievable, which the NTSB says it is not.

Evidence proves that the FAA's aim has categorically not been achieved, and the fact that TWA 800 has been followed up with about 40 airworthiness directives concerning wiring insulation, routeing and inspection regimes suggests that the agency, having rejected the NTSB's inerting idea, had not been applying its own solution.

It is axiomatic that, until recently, the evolution of aircraft design and operational practice has followed a distinctly traditional pattern: it has been reactive, learning from usually fatal mistakes and even then refusing change if the cost-benefit ratio did not work out. Injections of new technology have occasionally brought huge steps forward in safety. So the system has waited for accidents and technology to make it safer. Thinking has only recently begun to change towards being pro-active, but the old system is now completely unacceptable.

In the case of the two 737 fatal ground explosions (Thai this year and Philippine Airlines in 1990), Boeing has pointed out that fuel pumps were being run in empty tanks, which is forbidden by the operations manual. But to have an aircraft system which can result in an explosion because the crew fail to switch some pumps off is, in today's world, unsustainable. It smacks of the kind of systems and certification thinking which was understandable in the days of the Lockheed Constellation, when five people manned the flight deck and automation was unheard of. Yet today, new aircraft are continuing to roll off the production lines with electrical systems design which has not been fundamentally re-thought since those days.

Explosions may be dramatic, but they remain mercifully rare, while fire anywhere on an aircraft continues to be the aviator's greatest fear. In December last year the Transportation Safety Board of Canada issued recommendations, resulting from the investigation into the 1998 Swissair 111 crash, which slammed all the world's airline fleet for being woefully unprotected against fuselage fires, and is setting up a world congress to address the issue. Meanwhile, Airbus has begun to promote the concept of "LROPS" (long-range operations) standards, which contrasts with the existing ETOPS (extended range twin engine operations) philosophy by disregarding engine numbers and promoting the kind of design thinking which attempts to make an aircraft completely autonomous on trips over massive inhospitable regions, like the North Pole. The challenge is to design the aircraft so that any fault or mishap can be dealt with by the crew without the need to divert. This implies lateral thinking, challenges to old ways of putting aircraft together, plenty of redundancy, fail-safe design, and giving the crew complete knowledge and control of anything that happens on board. If the idea is to work, all current design practices should be challenged to see if they are the best the industry could do with today's knowledge, technology, techniques and materials.

If such a philosophy were adopted by the certification agencies and the industry, then the FAA would be right: fuel tank inerting would be unnecessary.

Source: Flight International