Moon of Alabama Brecht quote
March 12, 2019

Boeing, The FAA, And Why Two 737 MAX Planes Crashed

On Sunday an Ethiopian Airlines flight crashed, killing all on board. Five month earlier an Indonesian Lion Air jet crashed near Jakarta. All crew and passengers died. Both airplanes were Boeing 737-8 MAX. Both incidents happened shortly after take off. 

Boeing 737 MAX aircraft are now grounded about everywhere except in the United States. That this move follows only now is sad. After the first crash it was already obvious that the plane is not safe to fly.

The Boeing 737 and the Airbus 320 types are single aisle planes with some 150 seats. Both are bread and butter planes sold by the hundreds with a good profit. In 2010 Airbus decided to offer its A-320 with a New Engine Option (NEO) which uses less fuel. To counter the Airbus move Boeing had to follow up. The 737 would also get new engines for a more efficient flight and longer range. The new engines on the 737 MAX are bigger and needed to be placed a bit different than on the older version. That again changed the flight characteristics of the plane by giving it a nose up attitude.

The new flight characteristic of the 737 MAX would have require a retraining of the pilots. But Boeing's marketing people had told their customers all along that the 737 MAX would not require extensive new training. Instead of expensive simulator training for the new type experienced 737 pilots would only have to read some documentation about the changes between the old and the new versions.

To make that viable Boeing's engineers had to use a little trick. They added a 'maneuver characteristics augmentation system' (MCAS) that pitches the nose of the plane down if a sensor detects a too high angle of attack (AoA) that might lead to a stall. That made the flight characteristic of the new 737 version similar to the old one.

But the engineers screwed up.

The 737 MAX has two flight control computers. Each is connected to only one of the two angle of attack sensors. During a flight only one of two computer runs the MCAS control. If it detects a too high angle of attack it trims the horizontal stabilizer down for some 10 seconds. It then waits for 5 seconds and reads the sensor again. If the sensor continues to show a too high angle of attack it again trims the stabilizer to pitch the plane's nose done.

MCSA is independent of the autopilot. It is even active in manual flight. There is a procedure to deactivate it but it takes some time.

One of the angle of attack sensors on the Indonesian flight was faulty. Unfortunately it was the one connected to the computer that ran the MCAS on that flight. Shortly after take off the sensor signaled a too high angle of attack even as the plane was flying in a normal climb. The MCAS engaged and put the planes nose down. The pilots reacted by disabling the autopilot and pulling the control stick back. The MCAS engaged again pitching the plane further down. The pilots again pulled the stick. This happened some 12 times in a row before the plane crashed into the sea.

To implement a security relevant automatism that depends on only one sensor is extremely bad design. To have a flight control automatism engaged even when the pilot flies manually is also a bad choice. But the real criminality was that Boeing hid the feature.

Neither the airlines that bought the planes nor the pilots who flew it were told about MCAS. They did not know that it exists. They were not aware of an automatic system that controlled the stabilizer even when the autopilot was off. They had no idea how it could be deactivated.

Nine days after the Indonesian Lion Air Flight 610 ended in a deadly crash, the Federal Aviation Administration (FAA) issued an Emergency Airworthiness Directive.


bigger

The 737 MAX pilots were aghast. The APA pilot union sent a letter to its members:

“This is the first description you, as 737 pilots, have seen. It is not in the AA 737 Flight Manual Part 2, nor is there a description in the Boeing FCOM (flight crew operations manual),” says the letter from the pilots’ union safety committee. “Awareness is the key with all safety issues.”

The Ethiopian Airlines plane that crashed went down in a similar flight profile as the Indonesian plane. It is highly likely that MCAS is the cause of both incidents. While the pilots of the Ethiopian plane were aware of the MCAS system they might have had too little time to turn it off. The flight recorders have been recovered and will tell the full story.

Boeing has sold nearly 5,000 of the 737 MAX. So far some 380 have been delivered. Most of these are now grounded. Some family members of people who died on the Indonesian flight are suing Boeing. Others will follow. But Boeing is not the only one who is at fault.

The FAA certifies all new planes and their documentation. I was for some time marginally involved in Airbus certification issues. It is an extremely detailed process that has to be followed by the letter. Hundreds of people are full time engaged for years to certify a modern jet. Every tiny screw and even the smallest design details of the hardware and software have to be documented and certified.

How or why did the FAA agree to accept the 737 MAX with the badly designed MCAS? How could the FAA allow that MCAS was left out of the documentation? What steps were taken after the Indonesian flight crashed into the sea?

Up to now the FAA was a highly regarded certification agency. Other countries followed its judgment and accepted the certifications the FAA issued. That most of the world now grounded the 737 MAX while it still flies in the States is a sign that this view is changing. The FAA's certifications of Boeing airplanes are now in doubt.

Today Boeing's share price dropped some 7.5%. I doubt that it is enough to reflect the liability issues at hand. Every airline that now had to ground its planes will ask for compensation. More than 330 people died and their families deserve redress. Orders for 737 MAX will be canceled as passengers will avoid that type. 

Boeing will fix the MCAS problem by using more sensors or by otherwise changing the procedures. But the bigger issue for the U.S. aircraft industry might be the damage done to the FAA's reputation. If the FAA is internationally seen as a lobbying agency for the U.S. airline industry it will no longer be trusted and the industry will suffer from it. It will have to run future certification processes through a jungle of foreign agencies.

Congress should take up the FAA issue and ask why it failed.

Posted by b on March 12, 2019 at 20:39 UTC | Permalink

Comments
« previous page

I think that this Boeing failure will be seen historically as a tipping point in the public consciousness of the depth of the problem....it will effect the Boomers travel plans along with any business/professional person's.

Others besides b are calling out the engineers which I think will incite the professional community to stand up and get involved in the thing they hate the most, politics.

The focus is going to be zeroed in on Boeing's financialization since the move from Seattle and another geo-political plate will need to be spun to distract the public from this blatant abuse of public faith.

Another commenter mentions that it is had keeping up with all the stuff going on and I want to remind folks that it is part of the plan because it gives way more room for shit to happen behind the scenes and provides more negotiating fodder if/when the music stops.

Posted by: psychohistorian | Mar 17 2019 5:00 utc | 301

this about sums it up right here -

" Swamped with what some FAA engineers had already come to see as an unmanageable oversight role, the agency did not forcefully resist. In 2009, it delegated authority to Boeing and the first of what would become more than 80 aviation companies allowed to certify the safety of their own products.

Posted by: b | Mar 16, 2019 6:51:27 AM | 290"

Posted by: james | Mar 17 2019 5:31 utc | 302

@psychohistorian

Boeing damage conTROLL is on full force everywhere. There are so called "West pilots who never on a MAX" accusing 3rd world countries inferior pilots for the crash.

But Capt Tajer(leader representing American Airlines pilots flying 737 Max) basically said it all, SHAME ON YOU BOEING!

A stabilizer trim jackscrew found in the wreckage of Ethiopian flight 302 was set for nose-dive position. So was in Lionair case. It means the plane is on nose dive dead setting for crash. As one RT commentator said, disabling MCAS & hydrolic control of stabilizer is SOP(Boeing later emergency recommendations too), but it means a guaranteed lost control disastrous nose dive with fixed jackscrew setting.

Those pilots escape from crash could be lucky early respondents disabling MCAS before its over pitch down beyond compensation with higher throttle speed. Or the flawed MCAS somehow moderated the stabilizer pitch, which is what crashed Lionair jet earlier few encounters, seesaw swings flights.

Pilots are now advised to disable MCAS at first sign of nose dive(or simply preemptive disable), but why do such potential fatal crash feature - MCAS existed at first place(which was concealed until Lionair crash).

Simple, a cheap remedy for a cost saving flawed design(new engines too big to fit). No any amount of s/w upgrading can solve such h/w flaw. Sensors inputs are supposed for pilot & computers better control, never for potential fatal crash cause.

China aviation experts likely understand the engineering fundamental well to decide the grounding against FAA & Boeing guarantee. There is no safe solution other than stripped off MCAS & replaced the jet engines, refurbish back to old original 737 that no one will buy.

Boeing is in real deep shit likely to kill it. The loss is too prohibitive.
-scrapping of 350, dozens on assembling, 5,000 orders cancel.
-losses claimed by global airlines.
-high legal claims by crashed victims on criminal ground.
-destroyed credibility for future new model.
-more cancel order for other models.
-dry up new order for long time.

The last thing to cut Boeing final breath will be the exposing of Boeing-Honeywell patented remote drone hybrid control system. This NSA-CIA mandated feature is said to be secretly installed in all Boeing jets after 911 for hijack proof. Of couse we know it served more purposes, even responsible for MH370 disappearance, and potential missiles in war. Besides, also a very useful tool for crashing any unwanted enemies & leaders.
https://rense.com//general96/tinymicro.html

Posted by: DrTT | Mar 17 2019 12:31 utc | 303

303

This was Boeing procedure after the Lionair crash "Initially, higher control forces may be needed to overcome any stabilizer nose down trim already applied. Electric stabilizer trim can be used to neutralize control column pitch forces before moving the STAB TRIM CUTOUT switches to CUTOUT. Manual stabilizer trim can be used after the STAB TRIM CUTOUT switches are moved to CUTOUT."

I am guessing the reason they say to use electric trim to regain control is that it takes two pilots to get the elevators up to maximum deflection. The electric trim buttons are thumb buttons which they can use while trying to hold the aircrafts nose up.
to disconnect the electric trim and turn the wheel, one pilot must must lean forward any would be unable to put much backpressure on the controls. I doubt the pilots would have forgotten all about the manual electric trim which according to Boeing is the first step in getting the aircraft back under control. Electric trim is fly by wire and it is likely inputs from the thumb buttons go to a computer which then operates the electric motor. Media has it the problem is caused buy a faulty sensor, but I think it is more likely to be in the software that Boeing is replacing. Clash between lines of code under certain situations or something like that.
From what I read a few days back, the pilots knew of the Boeing procedure or fix that was put out after the lionair crash. It is quite likely the Boeing fix was not a fix and that the thumb buttons would not over ride the MCAS inputs, at least not for long enough at low altitude that one pilot could release back pressure on the controls and use the trim wheel.

https://static01.nyt.com/images/2018/11/16/us/lion-air-crash-cockpit-promo-1542393182522/lion-air-crash-cockpit-promo-1542393182522-facebookJumbo.jpg

https://airwaysmag.com/industry/lion-air-crash-boeing-warns-737-max-operators-of-potential-trim-fault/

Posted by: Peter AU 1 | Mar 17 2019 14:13 utc | 304

I liked this thread from the Airline Pilots Central forum, especially Klsytakesit's characterization of MCAS as something of an afterthought - 'strapped on' to Boeing's otherwise dumb, non-maneuver-assistive flight control computer. This has been part of the long-running debate about Airbus embracing fully-computerized flight controls while Boeing defends its computer-assisted manual approach for increasingly specious reasons. [ed:] comments added for deciphering pilotspeak

Originally Posted by Klsytakesit

It will come down to certification basis.
Boeing, at the request of SWA, Alaska Airlines and to a varying degree the big Three, rushed out a response to the A320/321 NEO.
In doing so they discovered that a big under-slung engine on a longer pylon created deleterious effect on maneuver margins near the edge of the envelope [ed: flight envelope]. Lacking any type of an intelligent maneuver-assistive FCC [ed: Flight Control Computer like on A321] they strapped one on to essentially a manual system. And broke all their own rules about critical Flight Control design. Single source, no fail-safe, no comparator, no false-input control. Nothing but a QRH [ed: Quick Reference Handbook - checklists]. Having pushed up against the limits of simple common type, they and their airline partners convinced the FAA that these changes were simple and not only did not require training but really only mechanics need know of them. No need to point it out to pilots as it would just confuse them. Nothing should happen and if it does it will be hidden under the general Runaway Stabilizer Trim QRH...

Response by Hindsight2020

"Bingo. Forget about MCAS potato and Americans waxing poetic about foreigners not being able to TP-stall recover [ed: Traffic Pattern - low/slow/turning] an airliner like they're reliving their USAF UPT [ed: Undergraduate Pilot Training - basic flying] glory days. The quoted above is the real issue, and what needs to be talked about more. Boeing wanted to get away with not incurring certification costs of a new type by frankensteining the 73 certificate [ed: 737 FAA airworthiness certificate]. It is therefore poetic justice they would get bent over questions of a sub-system allowed in under the very certification-stretching they've been mining for decades in the first place. About time their cost-cutting and 737 back alley plastic surgery clinic was finally exposed.

They got Capone under the lesser tax evasion, so frankly I couldn't care less whether the foreign case studies were 100% MCAS/sensor related or not. Win's a win. This ought to effectively wash out their gains in choosing to not design the "composite 757", to include accepting the certification costs a clean sheet design would normally incur."

https://www.airlinepilotforums.com/southwest/120572-737-max-safe-unsafe-9.html

Posted by: PavewayIV | Mar 17 2019 15:25 utc | 305

Forgot special mention for Hindsight2020's enthusiastic disdain for Boeing: (bolding mine)

"...About time their cost-cutting and 737 back alley plastic surgery clinic was finally exposed."

Posted by: PavewayIV | Mar 17 2019 15:33 utc | 306

If this is true (so far anonymous sources) Boeing also has some explaining to do.

https://www.seattletimes.com/business/boeing-aerospace/failed-certification-faa-missed-safety-issues-in-the-737-max-system-implicated-in-the-lion-air-crash/

Nevertheless, I’m stunned that the insurance companies allow a copilot with 200 hours experience into a 8 figure jet cockpit.

Posted by: Steven | Mar 17 2019 18:28 utc | 307

some people and corporations are unwilling to admit when they have made a mistake..

Posted by: james | Mar 17 2019 18:47 utc | 308

Steven is like someone kept blaming driver bad skill in a badly designed car that overturn & crash easily with auto locked steering wheel. Whether gd or bad drivers, its a rolling unstable car awaiting accidents.

Subaru wrx has shown how a well designed car driven by any randomly selected female journalist could beat the pro-racer using BMW-i. You don't hear A320 neo nose dive crash, with pilots reporting same hell experience.

But bad pilots are prevalence in cost cutting budget airlines. Many unable to pass as pilot,do get a job in Indonesia airlines. Lionair is notorious crash prone. Mix with flawed Boeing Max, its perfect formula for a crash. Good pilots do help to save a crash, but that should never be an excuse to let Boeing divert its criminal responsibility.

Posted by: DrTT | Mar 18 2019 3:05 utc | 309

> Arioch probably works for Boing or some of the alphabet agencies.

Posted by: Zico, The Musketeer | Mar 16, 2019 1:50:22 PM | 297

Still waiting Zico to prove his words by sending me all my Boeing salary for all the years.

But Zic ois well-known thief, he lives by stealing my Boeing salary so he never will do what is just and proper.

> Including Chernobyl not being human failure.

Here Zico says that Chernobyl was designed and built by martians, not by humans.

Zico obviously works for martians. He is alien spy.

40 years later and people still spread desinformation.
The reactor was safe operating properly. End of story!

Posted by: Arioch | Mar 18 2019 9:51 utc | 310

- Instead of a design overhaul, a solution was worked out to minimize/nullify the negative impact (MCAS).
- Recognition of the existence of the system would reveal the compromise in safety (Reduced or non existent specific pilot training).
- MCAS fails in operation, resulting in two lethal accidents. By aviation standards, leaving no much room for accidental coincidence.
- Mitigation factors, perceptualy stay of that nature, reinforcing failure in addressing safety critical factors, no matter the rationale advanced.

Posted by: Vasco da Gama | Mar 16, 2019 1:12:43 PM | 296

If true it grimly mirrors Chernobyl story. Including two blasts, with the first one (Leningrad NPP 1975) mostly ignored...

It ended with total ban on Chernobyl-type reactors construction, including almost complete gen.3 reactors/NPPs, where allegedly the fundamental problems were finally addressed - but no one trusted that design team any more.

Posted by: Arioch | Mar 18 2019 9:56 utc | 311

> not considering factors such as proximity to terrain

Posted by: VMREDDY | Mar 16, 2019 5:02:44 PM | 298

This specific thing was perhaps reasonable.
Getting into stall near terrain is deadly, so taking chances by speeding up is reasonable.

Relying on a single input data source and not doing sanity check on input is total madness, this goes without question.

Posted by: Arioch | Mar 18 2019 9:59 utc | 312

> Airbus embracing fully-computerized flight controls while Boeing defends its computer-assisted manual approach

Posted by: PavewayIV | Mar 17, 2019 11:25:40 AM | 305

I like it that there are two approaches competing, pushign both to evolve and supposedly get better results.

What is weird here is how MCAS system by its spirit is totally anti-Boeing. It is like it was part of Airbus crudely and half-heartedly implanted into Boeing...

Posted by: Arioch | Mar 18 2019 10:15 utc | 313

On the Seattle Times article.

"Failed to account for how the system could reset itself each time a pilot responded, thereby missing the potential impact of the system repeatedly pushing the airplane’s nose downward."

My gut feeling says it is very well possible.
May be even unavoidable in Boeing computer-only-may-aid-human-master philosophy.
And, rather obvious.
So, again, like thre misdocumentation, hints at last-time effort to devise any "ugly fix" to patch up the glaring problem, with no time left to think about quality or reliability.

Posted by: Arioch | Mar 18 2019 10:55 utc | 314

" But when ye shall see the abomination of desolation, spoken of by Daniel
the prophet, standing where it ought not, (let him that readeth understand,)
then let them that be in Judaea flee to the mountains: "

Posted by: Duke | Mar 20 2019 5:00 utc | 315

The unlimited human capacity to progress and change is astonishing. 1300 years ago Norvegians learned how to build and operate ships. Fast forward to 21st century: ocean liner Viking Sky on the sail from Tromso to Stavanger experienced failure of four of its engines (her engines?), and, alas, it has only for. About 1400 people wait for evacuation. Say what you want about Titanic, but at least engines did not fail.

Posted by: Piotr Berman | Mar 24 2019 3:31 utc | 316

@ Piotr Berman with the backstory on Viking Sky ocean liner....LOL!!!

When the details come out I am sure it will be pilot/captain error.........grin

Posted by: psychohistorian | Mar 24 2019 4:15 utc | 317

In my opinion, the computer engineers who thought that their programming, computers, sensors, etc., were perfect and would never malfunction ever, should be arrested, tried, and convicted of mass murder, and sentenced to die on a malfunctioning Boeing 737 Max 8, flown by auto robots. Those bastards are responsible for the deaths of all those passengers and crew.

Posted by: Thaddeus Hultengren | Apr 4 2019 21:49 utc | 318

« previous page

The comments to this entry are closed.