Redundancy – a Life Saver in Diving and Aviation

Photo taken from the author’s aircraft one stormy Florida Panhandle morning. (click to enlarge)

I was recently flying a private aircraft down the Florida Peninsula to Ft. Lauderdale to give a presentation on diving safety. As I continually checked the cockpit instruments, radios and navigation devices, it occurred to me that the redundancy that I insist upon in my aircraft could benefit divers as well.

In technical and saturation diving, making a free ascent to the surface is just as dangerous as making a free descent to the ground in an airplane, at night, in the clouds. In both aviation and diving, adequate redundancy in equipment and procedures just might make life-threatening emergencies a thing of the past.


As I took inventory of the redundancy in my simple single engine, retractable gear Piper, I found the following power plant redundancies: dual ignitions systems, including dual magnetos each feeding their own set of spark plug wires and redundant spark plugs (two per cylinder). There are two sources of air for the fuel-injected 200 hp engine.

There are two ways to lower the landing gear, and both alarms and automatic systems for minimizing the odds of pilot error — landing with wheels up instead of down. (I’ve already posted about how concerning that prospect can be.)

I also counted three independent sources of weather information, including lightning detection, and two powerful communication  radios and one handheld backup radio. For navigation there is a compass and four electronic navigation devices: one instrument approach (in the clouds) approved panel mount GPS with separate panel-mounted indicator, an independent panel mounted approach certified navigation radio, plus two portable GPS with moving map displays and superimposed weather. Even the portable radio has the ability to perform simple navigation.

photo (17) - no Exif
There’s two of just about everything in this Arrow panel.

The primary aircraft control gyro, the artificial horizon or attitude indicator, also has a fully independent backup. One gyro operates off the engine-powered vacuum pump, and the second gyro horizon is electrically driven. Although by no means ideal, the portable GPS devices also provide attitude indicators based upon GPS signals. In a pinch in the clouds, it’s far better than nothing. Of course, even if all else fails, the plane can still be flown by primary instruments like rate of climb, altimeter, and compass.

There is only one sensitive altimeter, but two GPS devices also provide approximate altitude based on GPS satellite information.


But what about divers? How are we set for redundancy?

Starting with scuba (self-contained underwater breathing apparatus), gas supplies are like the fuel tanks in an aircraft. I typically dive with one gas bottle, but diving with two or more bottles is common, especially in technical diving. In a similar fashion, most small general aviation aircraft have at least two independent fuel tanks, one in each wing.

The scuba’s engine is the first stage regulator, the machine that converts high pressure air into lower pressure air. Most scuba operations depend on one of those “engines”, but in extreme diving, such as low temperature diving, redundant engines can be a life saver. While most divers carry dual second stage regulators attached to a single first stage, for better redundancy polar divers carry two independent first stages and second stages. Two first stage regulators can be placed on a single tank.

An H-valve for a single scuba bottle. Two independent regulators can be attached.
Two Regs
A Y-valve for Antarctic diving with two independent scuba regulators attached.













Even then, I’ve witnessed dual regulator failures under thick Antarctic ice. The only thing saving that very experienced diver was a nearby buddy diver with his own redundant system.

There is a lot to be gained by protecting the face in cold water by using a full face mask. But should the primary first or second stage regulator freeze or free flow, the diver would normally have to remove the full face mask to place the second regulator in his mouth.

Two regulators, one full face mask. Photo courtesy of Michael Lang and Scuba Pro.

Reportedly, sudden exposure of the face to cold water can cause abnormal heart rhythms, an exceedingly rare but potentially dangerous event in diving. If the backup or bail out regulator could be incorporated into the full face mask, that problem would be eliminated. The photo on the right shows one such implementation of that idea.


Inner Space 2014_Divetech _Nikki Smith_Rosemary E Lunn__Roz Lunn_The Underwater Marketing Company_Nancy Easterbrook_rebreather diving_2014-05-27 22.30.47
Nikki Smith, rebreather diver with open circuit bailout in her right hand. Photo courtesy of Rosemary E Lunn (Roz), The Underwater Marketing Company.

Rebreathers are a different matter. Most rebreather divers carry a bailout system in case their primary rebreather fails or floods. For most technical divers, that redundancy is an open circuit regulator and bailout bottle. However, there are options for the bail-out to be an independent, and perhaps small rebreather. (One option for a bail-out semiclosed rebreather is found here.) Such a bail-out plan should provide greater duration than open-circuit bailout, especially if the divers are deep when they go “off the loop”.

U.S. Navy photo by Bernie Campoli.

For some military rebreather divers, there is at least one complete closed-circuit rebreather available where a diver can reach it in case of a rebreather flood-out.

A commercial saturation diver with semi-closed rebreather backpack as emergency bail-out gas.

For deep sea helmet diving, the bail-out rebreather is on their back and a simple valve twist will remove the diver from umbilical-supplied helmet gas to fresh rebreather gas.

The most common worry for electronically controlled rebreather divers is failure of the rig’s oxygen sensors. For that reason it is common for rebreathers to carry three oxygen sensors. Unfortunately, as the Navy and others have noted, triple redundancy really isn’t. Electronic rebreathers are largely computer controlled, and computer algorithms can allow the oxygen controller to become confused, resulting in oxygen control using bad sensors, and ignoring a correctly functioning oxygen sensor.

The U.S. Navy has performed more than one diving accident investigation where that occurred. Safety in this case can be improved by adding an independent, redundant sensor, by improving sensor voting algorithms, by better maintenance, or by methods for testing all oxygen sensors throughout a dive.

In summary, safe divers and safe pilots are always asking themselves, “What would I do if something bad happens right now?” Unfortunately, private pilots and divers quickly discover that redundancy is not cheap. However, long ago I decided that if something unexpected happened during a flight or a dive, I wouldn’t want my last thoughts to be, “If only I’d spent a little more money on redundant systems, I wouldn’t be running out of time.”

Time, like fuel and breathing air, is a commodity you can only buy before you run out of it.

Separator smallDisclaimer: This blog post is not an endorsement of any diving product. Diving products shown or mentioned merely serve as examples of redundancy, and are mentioned only to further diver safety. A search of the internet by interested readers will reveal a panoply of alternative and equally capable products to enhance diver safety.