Initial findings put Boeings software at center of Ethiopian 737 crash

Initial findings put Boeings software at center of Ethiopian 737 crash

Initial findings put Boeing’s software at center of Ethiopian 737 crash

Enlarge /
The Boeing 737 MAX’s MCAS software was officially linked by FAA investigators to the crash of an Ethiopian Airlines flight earlier this month. The software was intended to compansate for the aerodynamic differences caused by the aircraft’s larger engines.

117 with 69 posters participating
At a high-level briefing at the Federal Aviation Administration on March 28, officials revealed „black box“ data from Ethiopian Airlines Flight 302 indicated that the Boeing 737 MAX’s flight software had activated an anti-stall feature that pushed the nose of the plane down just moments after takeoff. The preliminary finding officially links Boeing’s Maneuvering Characteristics Augmentation System (MCAS) to a second crash within a five-month period. The finding was based on data provided to FAA officials by Ethiopian investigators.

The MCAS was partly blamed for the crash of a Lion Air 737 MAX off Indonesia last October. The software, intended to adjust the aircraft’s handling because of aerodynamic changes caused by the 737 MAX’s larger turbofan engines and their proximity to the wing, was designed to take input from one of two angle-of-attack (AOA) sensors on the aircraft’s nose to determine if the aircraft was in danger of stalling. Faulty sensor data caused the MCAS systems on both the Lion Air and Ethiopian Airlines flights to react as if the aircraft was entering a stall and to push the nose of the aircraft down to gain airspeed.

On March 27, acting FAA Administrator Daniel Ewell told the Senate Commerce, Science, and Transportation Committee’s aviation subcommittee that there had been no flight tests of the 737 MAX prior to its certification to determine how pilots would react in the event of an MCAS malfunction. He said that a panel of pilots had reviewed the software in a simulator and determined no additional training was required for 737-rated pilots to fly the 737 MAX.

Ewell defended the FAA’s late decision to ground the 737 MAX after the Ethiopian Airlines crash, telling senators,“We may have been, I think someone said, the last country to ground the aircraft but the United States and Canada were the first countries to ground the aircraft with data.“

While a final conclusion on the cause of the Ethiopian Airlines crash has not been reached, a Boeing spokesperson told reporters on a March 27 press conference call that the company was working with the FAA to release a new version of MCAS that would rely on additional sensor data and be less aggressive about taking control of the aircraft. But the Boeing representative emphasized that the company stood behind the overall safety of the aircraft. „We’ve conducted some thorough audits since the Lion Air accident of all aspects of the systems on the 737 MAX,” the spokesperson said, reviewing areas of potential safety concern. „We have uncovered nothing that concerns us in any of those areas…Those reviews continue and I’m sure they will continue for some time.”


via Ars Technica

March 29, 2019 at 03:35PM

Tod durch Software Kein Patch kann fatale Fehler wieder richten

Tod durch Software Kein Patch kann fatale Fehler wieder richten

Tod durch Software – Kein Patch kann fatale Fehler wieder richten

Zwei Abstürze in nur fünf Monaten, 346 Tote – das ist die tragische Bilanz, die derzeit dafür sorgt, dass mit der Boeing 737 MAX eines der modernsten Flugzeuge weltweit nicht starten darf. Eine Software zur Verbesserung der Flugsteuerung soll Schuld tragen. Wie kann so etwas heute noch passieren?


via Industry of Things – News

March 24, 2019 at 08:52AM

They didnt buy the DLC: feature that couldve prevented 737 crashes was sold as an option

They didnt buy the DLC: feature that couldve prevented 737 crashes was sold as an option

They didn’t buy the DLC: feature that could’ve prevented 737 crashes was sold as an option

135 with 81 posters participating
The crashed Lion Air 737 MAX and the Ethiopian Airlines 737 MAX aircraft had more in common than aircraft design and the apparently malfunctioning flight system that led to their demises. Both of the planes lacked optional safety features that would have alerted the pilots to problems with their angle of attack (AOA) sensors—the input suspected of causing the Maneuvering Characteristics Augmentation System (MCAS) software to put both aircraft into a fatal dive.

The New York Times reports that both vehicles lacked an „AOA disagree“ light—a warning light that indicates when the aircraft’s two AOA sensors provide different readings—and an angle of attack indicator. Since the MCAS system relied only on one of the aircraft’s AOA sensors, the disagree light and AOA indicator would have given the flight crew visible evidence of a sensor failure and prompted them to disable the MCAS. But both of these features were sold by Boeing as expensive add-ons. And many discount and smaller airlines declined to purchase them, as they were not required by regulators.

According to the Times, a „source familiar with the changes“ said that the AOA disagree light will be added to the digital flight displays as part of an update to MCAS software. That update is expected to be deployed by no later than the end of April. The AOA indicator on the digital display will remain an add-on option.

All about angles

The 737 MAX MCAS is a significant change from the avionics of previous Boeing 737s and is required because of the MAX aircrafts‘ much larger engines and the resultant change in handling. The MCAS includes a feature that determines when the aircraft is pointed upward relative to the flow of air across its surface at an angle that could lead to the loss of sufficient lift to keep the airplane flying—what’s known as a stall. To prevent a stall, MCAS (like other anti-stall systems on commercial aircraft) adjusts the aircraft’s tail stabilizers to push the nose of the aircraft down, boosting its airspeed.

The AOA sensor is what MCAS relies upon to determine whether the aircraft is close to reaching that stall condition. But even though the 737 MAX has multiple AOA sensors for redundancy, MCAS relied on only one of them at a time for input. That’s now being changed in the software update.

Boeing has been taking other measures to correct its own stall. According to a Daily Beast report, Boeing’s lobbyists made $827,000 in political contributions in February. The donations, which were reflected in a recently filed Federal Election Commission report, were the most that Boeing has ever donated in a single month to political campaigns.

As Ars reported last week, the Department of Justice and Department of Transportation are now conducting an investigation into Boeing’s original safety certification process. Engineers who worked at Boeing reported that the company’s analysis of the safety impact of the MCAS system misled Federal Aviation Administration officials about the actual risk associated with the system, and Boeing oversaw most of the aircraft’s safety certification itself.


via Ars Technica

March 21, 2019 at 09:04PM

Boeing downplayed 737 MAX software risks self-certified much of planes safety

Boeing downplayed 737 MAX software risks self-certified much of planes safety

Boeing downplayed 737 MAX software risks, self-certified much of plane’s safety

0 with 0 posters participating
On Sunday, Ethiopia’s transport minister announced that information recovered from flight data recorders aboard the ill-fated Ethiopian Airlines Flight 302 revealed „clear similarities“ to the data from the crash of Lion Air Flight 610 off Indonesia last October. And analysis of the wreckage indicated that the aircraft’s control surfaces had put the Ethiopian Airlines Boeing 737 MAX 8 into a dive just before it crashed, killing all aboard.

While the investigation is still underway, the flight data increases the focus on Boeing’s Maneuvering Characteristics Augmentation System (MCAS) flight software—software developed to help manage the shifted handling characteristics of the 737 MAX aircraft from other 737s. And that software, it turns out, was originally presented to the Federal Aviation Administration as much less risky than it actually was, which limited FAA oversight.

Now the Transportation Department and Justice Department have launched a new investigation into how Boeing got the initial safety certification for the 737 MAX from the FAA two years ago.

The Seattle Times reports that Boeing may have undersold the safety impact of the MCAS system during its 2015 safety certification review. Engineers who worked on the program told the Times‘ Dominic Gates that the safety analysis of MCAS presented to the FAA understated the magnitude of control adjustments the software could make. It also failed to take into account that, unlike previous automatic stabilizer trim systems, MCAS would reset itself each time a pilot corrected against it—in other 737s, overriding an anti-stall correction would disable the software’s changes.

Additionally, the MCAS system was designed to work based on input from only one sensor—despite the fact that Boeing rated a failure of the system as „hazardous.“ That level of risk—which in itself was understated, according to engineers—should have been enough to require redundant sensors.

All of these understated analyses gave the FAA a false picture of the impact of the MCAS system, which was presented as a simple modification of systems aboard existing 737s. But the changes were enough that Brazilian authorities cited a need for additional pilot training on the 737 MAX even while the FAA allowed the system to go essentially unmentioned in US operation manuals.

Safety efficiency

Boeing has had wide latitude over a number of safety checks for years, despite warnings from Department of Transportation auditors in 2012 that the FAA was not doing enough to „hold Boeing accountable.“ That’s because the FAA and Congress have given increasing power to aircraft designers over safety certifications in the name of government efficiency.

The FAA has outsourced safety certification for some parts of new aircraft to their manufacturers for decades, but the agency used to have approval authority over which engineers were selected for the job. In 2005, the FAA started to loosen regulations over Organization Designation Authorization (ODA), giving the companies more leeway over who was selected to do the work. While they were technically employees under FAA’s authority, the engineers were still managed by the companies.

The changes were completely in place by 2009, and according to investigators, they gave Boeing a lot of leverage over safety-certification engineers. As Bloomberg reports, the 2012 Department of Transportation audit found that Boeing had created a „negative work environment“ for engineers reviewing new designs—to the degree that many interviewed by auditors said that they’d faced retaliation for bringing up concerns.

Additional concerns were raised over Boeing’s safety-certification practices in 2015 after fires aboard 787 „Dreamliners“ were caused by lithium batteries used in auxiliary power. But under the Trump administration, things have been loosened up even more. In October of 2017—six months after the 737 MAX was certified—President Donald Trump signed a law that allows aircraft manufacturers to press the FAA to give them authority over how they certify components considered to be low- or medium-risk items. And if the manufacturers can convince the FAA that something falls into one of those two categories, they could essentially have free rein over how they certify their craft as safe.


via Ars Technica

March 19, 2019 at 12:15AM