failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system

[Dave-W]

As Boeing hustled in 2015 to catch up to Airbus and certify its new 737 MAX, Federal Aviation Administration (FAA) managers pushed the agency’s safety engineers to delegate safety assessments to Boeing itself, and to speedily approve the resulting analysis.

But the original safety analysis that Boeing delivered to the FAA for a new flight control system on the MAX — a report used to certify the plane as safe to fly — had several crucial flaws.

That flight control system, called MCAS (Maneuvering Characteristics Augmentation System), is now under scrutiny after two crashes of the jet in less than five months resulted in Wednesday’s FAA order to ground the plane.

Current and former engineers directly involved with the evaluations or familiar with the document shared details of Boeing’s “System Safety Analysis” of MCAS, which The Seattle Times confirmed.

Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system

 

[Dave-W]

NPR interview with Seattle Times reporter;

'Seattle Times' Questions Certification Process Of Boeing's 737 Max

 

[timewerx]

They rushed it into production is one of the main culprits.

Rushing the development of something very very complex is never a good idea. You're doomed to miss things and make big mistakes.

Airbus also have something very similar to MCAS on their planes and they've been using for couple decades already. But Airbus version seem more advanced as it is capable of disengaging and transferring full controls back to the pilot if detects faulty or non-sensible flight data from the sensors (for example, during a sensor malfunction).

An example of this flight control logic is when Boeing's "Angle of Attack" (AoA) sensor malfunctioned but I assume the airspeed sensor remained functioning normally. I would also assume the plane would also have an accelerometer (g-force sensor).

So even with a AoA sensor malfunctioning, stall condition can still be deduced by the airspeed and g-force. A jet airliner is usually not stalling at indicated airspeeds above 250 mph at around 1.0 G-force (normal acceleration). That is high enough speed and not enough load to break a plane's ability to remain airborne. But if the AoA sensor is indicating otherwise, the software should be able to notice conflicting sensor readings, display warnings to the screen indicating a sensor malfunction and transfer control back to the pilots.

Similar thing happened to Airbus before, the airspeed sensor froze, but good for them, the software detected conflicting sensor data and transferred full control to the pilots. One incident did lead to a fatal crash, all aboard died. Although the software worked as intended and transferred full control to the pilots but the pilots failed to recognize the situation. In this case, the fault was still Airbus for not clearly communicating these type of situation in their flight manuals and pilot training. Although Airbus' problem is much less severe than Boeing's - more like a documentation and training flaw than inherent design flaw.

 

[usexpat97]

So... face-to-face CF get-together, anyone?

 

[timewerx]

So... face-to-face CF get-together, anyone?

Absolutely, Cancun, Fiji, w/e but you're paying for everything!

 

[usexpat97]

I'm paying for all those little umbrellas you put in your drinks. Could be non-alcoholic. But in order to be living the good life, all your drinks have to have those little umbrellas in them.

 

[Romans 8]

Boeing took a golden goose, the near flawless 737, and attempted to make it more fuel efficient. All in the name of catering to environmental restrictions. The problem wasn't just the new software, but the engines were made larger and moved up and forward on the wings, shifting the center point of gravity, requiring their genius software to figure out how to counterbalance the plane's new angle as the nose was now pointing higher at regular cruising and causing a potential stall. All this to save a few bucks on gas.
What's worse is they did not even train the pilots on this new design, only made reference to it in the plane's manual.

 

[Dave-W]

What's worse is they did not even train the pilots on this new design, only made reference to it in the plane's manual.

That falls to the airlines to train their own pilots.

But as an engineer - I can say that messing with the center of gravity (balance point) is a very serious thing to do.

IMO relying on a computer program to control trim surfaces is inherently dangerous and inefficient.

 

[usexpat97]

It is absolutely dangerous, but people are beginning to believe it's okay. Look at autonomous vehicles.

 

[Romans 8]

It is absolutely dangerous, but people are beginning to believe it's okay. Look at autonomous vehicles.

Agreed. This is what the NWO planners have for our cities. Say goodbye to your driver's license. Instead we get electric bikes with milk crates.

 

[timewerx]

That falls to the airlines to train their own pilots.

But as an engineer - I can say that messing with the center of gravity (balance point) is a very serious thing to do.

I assume Boeing already knew they'll be taking a bigger engine during the design stage.

Something the engineers could have easily accounted for during design and make the optimum design changes....Unless they're being pressured to keep the changes minimal (compared to their last model) so the assembly lines can be rapidly setup for 737 MAX production which will save time and cost.

I read in the article you posted that the development is rushed, so it might be possible, Boeing used the same template of the previous model and made as little changes as possible (against better engineering wisdom) so they can get the model out to the market asap.

IMO relying on a computer program to control trim surfaces is inherently dangerous and inefficient.

Not really dangerous. Concorde actually pioneered computerized control system many decades ago, although using an analog computer. If well designed, it's incredibly reliable, safe, and even helped improve fuel economy.

Airbus also began using computerized control system since the late 80's, couple of decades ago. Today, the system proves to be incredibly reliable and actually contributes to fuel economy.

The Airbus system also have anti-stall programmed in the flight control logic, similar in that fashion to Boeing's MCAS. It's nothing new and proven safe, effective, and even improves fuel economy.

It's not the technology's fault but purely the design department's fault. They made pretty bad mistakes in the attempt to rush development.

 

[jkjk]

As Boeing hustled in 2015 to catch up to Airbus and certify its new 737 MAX, Federal Aviation Administration (FAA) managers pushed the agency’s safety engineers to delegate safety assessments to Boeing itself, and to speedily approve the resulting analysis.

But the original safety analysis that Boeing delivered to the FAA for a new flight control system on the MAX — a report used to certify the plane as safe to fly — had several crucial flaws.

That flight control system, called MCAS (Maneuvering Characteristics Augmentation System), is now under scrutiny after two crashes of the jet in less than five months resulted in Wednesday’s FAA order to ground the plane.

Current and former engineers directly involved with the evaluations or familiar with the document shared details of Boeing’s “System Safety Analysis” of MCAS, which The Seattle Times confirmed.

Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system

The amount of "self oversight" isn't surprising. It reminds me of the BP Deepwater Horizon incident, where the Minerals Management Service exercised lax oversight over oil companies due to culture and resource constraints, and there was a lot of crossover of people between MMS and industry. It led to a reorg of the Dept of Interior. There's a similar argument to be made that the FAA is also in need of change.

 

[Dave-W]

Not really dangerous. Concorde actually pioneered computerized control system many decades ago, although using an analog computer. If well designed, it's incredibly reliable, safe, and even helped improve fuel economy.

The Concorde did not use the computer to keep the plane balanced. It was inherently balanced by the design of the plane; as was the earlier 737. But upsizing and moving the engines made that plane back heavy which pitched the nose up. What happens when that computer hits a glitch and needs to reboot? Everything goes out of whack.

Using a computer for better fuel efficiency - GREAT!
Using a computer to keep an unbalanced machine flyable - not good at all.

 

[Dave-W]

There's a similar argument to be made that the FAA is also in need of change.

Unfortunately I think it is rather wide spread across almost every regulatory agency in the government.

 

[jkjk]

Unfortunately I think it is rather wide spread across almost every regulatory agency in the government.

As evidenced by the fact that a Boeing exec is currently heading DoD

 

[timewerx]

The Concorde did not use the computer to keep the plane balanced. It was inherently balanced by the design of the plane; as was the earlier 737. But upsizing and moving the engines made that plane back heavy which pitched the nose up.

737 MAX's Center of Gravity and Center of Pressure positions still gave it positive stability.

According to Boeing, the MCAS is inactive in most flight conditions and with option to revert to full pilot control. Of course, Boeing wouldn't program such option if the 737 MAX is unstable.

If you ever flew a plane that's deliberately destabilized in a flight simulator, it's nearly impossible to "hand fly" and any mistake would lead to unrecoverable stall-preceded spin. However, if you crash this way, the wreck would still be in large pieces....In the Ethiopia crash, the plane disintegrated into tiny bits, creating a large crater which is evidence of diving into the ground at high speed.

What happens when that computer hits a glitch and needs to reboot? Everything goes out of whack.

Using a computer for better fuel efficiency - GREAT!
Using a computer to keep an unbalanced machine flyable - not good at all.

There have been many planes that were deliberaly designed to have the least bit of stability and have the computer mix the controls full time.

Most of these planes were military planes though, most being jet fighters. A plane with little stability is "eager" to initiate manuevers, thus makes them more agile (great for fighter planes). Their "eagerness" to maneuver also requires less control effort, and less drag to keep in trim - better fuel economy and improved take off and landing performance.

Reliability is achieved by triple or even quadruple system redundance. Essentially four computers running in parallel. Up to three computers can glitch without problem. And when more than two computers are working, they can "vote" on decisions in case of emergencies (these all happens behind the scenes).

The technology is pretty advanced now and we've been using and developing it for decades already. So why Boeing's MCAS is not good? Rushed development is the culprit...A symptom of mismanagement. Nothing good can come out of rushed work especially when dealing with very complex product.