On Sunday an
Ethiopian Airlines flight crashed, killing all on board. Five month earlier an
Indonesian Lion Air jet crashed near Jakarta. All crew and passengers died.
Both airplanes were Boeing 737-8 MAX. Both incidents happened shortly after
take off.
Boeing 737
MAX aircraft are now grounded about everywhere except in the United
States. That this move follows only now is sad. After the first crash it was
already obvious that the plane is not safe to fly.
The Boeing 737 and the Airbus 320 types are single
aisle planes with some 150 seats. Both are bread and butter planes sold by the
hundreds with a good profit. In 2010 Airbus decided to offer its A-320 with a
New Engine Option (NEO) which uses less fuel. To counter the Airbus move Boeing
had to follow up. The 737 would also get new engines for a more efficient
flight and longer range. The new engines on the 737 MAX are bigger and needed
to be placed a bit different than on the older version. That again changed the
flight characteristics of the plane by giving it a nose up attitude.
The new flight characteristic of the 737 MAX would
have require a retraining of the pilots. But Boeing's marketing people
had told their customers all along that the
737 MAX would not require extensive new training. Instead of expensive
simulator training for the new type experienced 737 pilots would only have to
read some documentation about the changes between the old and the new versions.
To make that
viable Boeing's engineers had to use a little trick. They added a 'maneuver
characteristics augmentation system' (MCAS) that pitches the nose of the plane
down if a sensor detects a too high angle of attack (AoA) that might lead to a
stall. That made the flight characteristic of the new 737 version similar to
the old one.
But the
engineers screwed up.
The 737 MAX
has two flight control computers. Each is connected to only one of the two
angle of attack sensors. During a flight only one of two computer runs the MCAS
control. If it detects a too high angle of attack it trims the horizontal
stabilizer down for some 10 seconds. It then waits for 5 seconds and reads the
sensor again. If the sensor continues to show a too high angle of attack it
again trims the stabilizer to pitch the plane's nose done.
MCSA is
independent of the autopilot. It is even active in manual flight. There is a
procedure to deactivate it but it takes some time.
One of the
angle of attack sensors on the Indonesian flight was faulty. Unfortunately it
was the one connected to the computer that ran the MCAS on that flight. Shortly
after take off the sensor signaled a too high angle of attack even as the plane
was flying in a normal climb. The MCAS engaged and put the planes nose down.
The pilots reacted by disabling the autopilot and pulling the control stick
back. The MCAS engaged again pitching the plane further down. The pilots again
pulled the stick. This happened some 12 times in a row before the plane crashed
into the sea.
To implement a security relevant automatism that
depends on only one sensor is extremely bad design. To have a flight control
automatism engaged even when the pilot flies manually is also a bad choice. But
the real criminality was that Boeing hid the feature.
Neither the airlines that bought the planes nor the
pilots who flew it were told about MCAS. They did not know that it exists. They
were not aware of an automatic system that controlled the stabilizer even when
the autopilot was off. They had no idea how it could be deactivated.
Nine days
after the Indonesian Lion Air Flight 610 ended in a deadly crash, the Federal
Aviation Administration (FAA) issued an Emergency Airworthiness
Directive.
The 737 MAX
pilots were aghast. The APA pilot union sent a letter to its members:
“This is the first description you, as 737 pilots, have seen. It
is not in the AA 737 Flight Manual Part 2, nor is there a description in the
Boeing FCOM (flight crew operations manual),” says the letter from the pilots’
union safety committee. “Awareness is the key with all safety issues.”
The
Ethiopian Airlines plane that crashed went down in a similar flight profile as
the Indonesian plane. It is highly likely that MCAS is the cause of both
incidents. While the pilots of the Ethiopian plane were aware of the MCAS
system they might have had too little time to turn it off. The flight recorders
have been recovered and will tell the full story.
Boeing has
sold nearly 5,000 of the 737 MAX. So far some 380 have been delivered. Most of
these are now grounded. Some family members of people who died on the
Indonesian flight are suing Boeing. Others will follow. But Boeing is not the
only one who is at fault.
The FAA
certifies all new planes and their documentation. I was for some time
marginally involved in Airbus certification issues. It is an extremely detailed
process that has to be followed by the letter. Hundreds of people are full time
engaged for years to certify a modern jet. Every tiny screw and even the
smallest design details of the hardware and software have to be documented and
certified.
How or why did the FAA agree to accept the 737 MAX
with the badly designed MCAS? How could the FAA allow that MCAS was left out of
the documentation? What steps were taken after the Indonesian flight crashed
into the sea?
Up to now
the FAA was a highly regarded certification agency. Other countries followed
its judgment and accepted the certifications the FAA issued. That most of the
world now grounded the 737 MAX while it still flies in the States is a sign
that this view is changing. The FAA's certifications of Boeing airplanes are
now in doubt.
Today
Boeing's share price dropped some 7.5%. I doubt that it is enough to reflect
the liability issues at hand. Every airline that now had to ground its planes
will ask for compensation. More than 330 people died and their families deserve
redress. Orders for 737 MAX will be canceled as passengers will avoid that type.
Boeing will
fix the MCAS problem by using more sensors or by otherwise changing the
procedures. But the bigger
issue for the U.S. aircraft industry might be the damage done to the FAA's
reputation. If the FAA is internationally seen as a lobbying agency for the
U.S. airline industry it will no longer be trusted and the industry will suffer
from it. It will have to run future certification processes through a jungle of
foreign agencies.
Congress
should take up the FAA issue and ask why it failed.
https://www.moonofalabama.org/2019/03/boeing-the-faa-and-why-two-737-max-planes-crashed.html#more
