Blog
Mid air collision over Brazil at 37000 feet, caused by control system updating setpoint for altitude change on screen, but operator not catching the change. *(This "advanced" system updates the setpoints, where in north america the operator does it-both of these schemes are incredibly primitive compared to industry, and ironic, that there is so much riding on it) Then the control system did not flag the command disagree between setpoint and "process variable" (actual planes altitude), and it did not create an alarm for the operator that a collision course was unway. In industry, this situation would create an emergency alarm initially, then would have overriden the operators judgement or absence with an interlock of some kind, taking action to shutdown the situation before the catastrophic incident occurred. Get the idea, take the discretion, judgement or absence of people out of the equation...if the consequence is catastrophic. To deviate in (my) business from the control system interlocks requires an approval of a safety device bypass, now called a Temporary defeat, which has escalating management sign off requirements.
I have had controls techs telling me for years, if you can think of it, we can build it, now with Dynamic Matrix Control (DMC) technology, hundreds and thousands of interrelated variables are controlled within plants to keep boilers, refineries and other critical equipment at optimum control settings.
I hope the air traffic controllers are paying attention every second on my next flight, because the tools they have kinda suck.