Get extra lift from AOPA. Start your free membership trial today! Click here
News & Media When failsafes become unsafe

When fail-safes become unsafe

November 10, 2017 By Gordon Relyea

It seemed simple enough, flying through the lower tree canopy on a test flight with an unmanned multirotor. I was completely focused on maneuvering through gaps in the trees that were small enough that the rotors trimmed a few leaves. It was all going well–until I lost track of how far I had gone from the launch point.

Flying safely in obstacle-rich environments requires careful planning. Photo by Gordon Relyea.
Flying safely in obstacle-rich environments requires careful planning. Photo by Gordon Relyea.

Reaching the pre-programmed distance limit triggered the fail-safe. The unmanned aircraft executed as programmed, to my dismay. It climbed to five meters, headed straight for home, and slammed into the trees. All this took place in seconds, before I could react and override the fail-safe to regain manual control.

I was lucky. The aircraft was undamaged, and no one was hurt, but I learned a powerful lesson at a cost that could have been worse. Much worse. Had this not been a test flight, spectators might have been at risk, or obstacles that were less forgiving, making return-to-home the wrong program for the circumstances. It really got me thinking.

The current generation of small unmanned aircraft systems (sUAS) have reached a level of sophistication and complexity that would have been hard to imagine a few years ago. Features like redundant sensors and redundant flight control microprocessors have made these systems extremely reliable and capable, with software that provides flexibility and a broad range of functions to the user.

While fail-safe features are more capable than ever before, careful consideration must be given to how they are selected and set up, and what actions will be executed by fail-safe systems during flight. It is always up to the pilot to be sure those actions are appropriate for the current conditions. For example, setting up a fail-safe to land the aircraft immediately when triggered might be a disaster when flying over water. In my example above, I might have caused a serious incident and/or destroyed a new aircraft that I spent months designing and building.

Even though my examples involve multirotor unmanned aircraft, the thought process required applies to all types of sUAS aircraft in all types of flight. During pre-flight planning, the pilot in command should evaluate each segment or phase of a flight plan to determine what fail-safe settings are appropriate, and safe. This is done by going through the list of fail-safes you have available and thinking through “what if…” scenarios. What if... a battery failure happens here during this part of the flight? Should the aircraft land? Return-to-home? Which is safer? What if... the data link fails while the aircraft is at the extreme edge of visual range? If flying close to people, buildings, vehicles, or other obstacles, it might be safest to have the aircraft hover and trigger an alarm on the control station.

During complex flight operations, even the most careful fail-safe planning and settings may not always produce appropriate results during all phases of a flight. For this reason, it is extremely important for the pilot to know exactly how to quickly regain manual control of the aircraft, and how to fly the aircraft well in manual flight modes. While writing this article, I was told of another incident involving a brand-new DJI Mavic. The pilot was flying over water when the low-battery fail-safe triggered, landing the Mavic in the water. Had the pilot spent more time learning the control systems, he might have been able to regain control quickly enough to prevent losing his aircraft.

Experience flying manned aircraft does offer an advantage here. Manned aircraft pilots are already used to the concepts of aeronautical decision making, risk management, situational awareness, and anticipating what might go wrong at any given moment. Even though the fail-safe systems designed for sUAS do not exist on most manned aircraft, the decision-making process, and the importance of anticipating potential problems and planning responses to those problems in advance is exactly the same.

If you do not fly manned aircraft, I strongly encourage you to re-read the FAA publication Remote Pilot - Small Unmanned Aircraft Systems Study Guide with a focus on Chapter 10, which covers aeronautical decision making and judgment. Learn this section well, until it becomes second nature. You will be a better, safer pilot for it.

In summary:

  • Learn the details of how the fail-safe systems function on your aircraft. Know how to regain manual control of the aircraft quickly, in case the need arises, and know how to fly the aircraft well in manual mode.
  • Include a fail-safe settings review in your pre-flight planning, and make sure this is part of your pre-flight checklist.
  • Evaluate your planned flights to be sure the fail-safe settings are as appropriate as possible for all phases of flight. Remember, the flight controller in the aircraft is not a brain, and may not always do what is appropriate—always be ready to take over control.
  • If safety dictates using alarms only, evaluate your flying area for safe areas to maneuver to in case of an emergency. Plan ahead!
Gordon Relyea at the Red Rock Casino in Las Vegas.
Gordon Relyea
Gordon Relyea graduated from Northrop University in 1983 as an engineer and airframe and powerplant technician. He worked on the Space Shuttle main engines as an engineer for Rockwell International, and has also worked as a contractor for the U.S. Air Force, as well as private industry. Gordon has flown RC aircraft since the 1980s and holds FAA remote pilot and A&P mechanic certificates. He currently manages the unmanned aircraft program for Third Ivan Video Productions in Las Vegas, and designs and builds the custom multirotors used by the company for filming.
Go to Gordon Relyea's Profile

Related Articles