The Boeing 737 Max accidents: Bad design, failed regulation, and … 737 Max... · 2021. 4. 11. · without a fix to MCAS, during the lifetime of the 737 MAX fleet, there could potentially

The Boeing 737 Max accidents:Bad design, failed regulation, and

deceitfulness

Jim Thomson

May 2021

www.safetyinengineering.com

May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1May 2021 www.safetyinengineering.com 1

1st generation (-100 and -200) 1968

Max take-off weight (MTOW) 58 t,100+ passengers

P&W JT8D, each ~14500 lbf/64 kN(low bypass ratio)

Fuselage design borrowed from 707Engine nacelles borrowed from 727

2nd generation (-300 to -500) 1984

MTOW 68 t, typically 150 passengers

GE CFM56, each ~20000 lbf/89 kN,high bypass ratio, low ground clearance,engines ahead of wings

Electronic Flight Information System(EFIS) optional (as used on 757)

3rd generation (NG) (-600 to -900) 1997

MTOW 85 t, typically 150 passengers

GE CFM56, up to ~27000 lbf/120kN,high bypass ratio, low ground clearance,engines ahead of wings

‘Glass cockpit’ but retains hydro-mechanical flight controls

May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2May 2021 www.safetyinengineering.com 2

4th Generation MAX (7,8,9,10), 2017

MTOW 88 t, 138-230 passengers

GE CFM LEAP, each up to 28000 lbf/130kN(LEAP=Leading Edge Aviation Propulsion)

‘Glass cockpit’ but retains hydro-mechanical flight controls(unlike 777 and 787 which are fly-by-wire).Look and feel remain similar to NG.

May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3

Boeing Commercial Airplanes CEO Jim Albaugh said in 2011 that adding more fly-by-wire control systems would be "very minimal". Most of the systems are carried from the 737NG for a short differences-training course to upgrade flight crews.

May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3

LEAP engines are positioned forward of wings to achievesufficient ground clearance. This introduced a pitch-up

torque on throttle-up.

May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3May 2021 www.safetyinengineering.com 3

Grounded March 2019, return to

service Dec 2020

May 2021 www.safetyinengineering.com 3

Angle of Attack (AOA) vs Pitch Angle

The pilot cannot readily sense the Angle of Attack.

May 2021 www.safetyinengineering.com 4May 2021 www.safetyinengineering.com 4May 2021 www.safetyinengineering.com 4May 2021 www.safetyinengineering.com 4May 2021 www.safetyinengineering.com 4May 2021 www.safetyinengineering.com 4

The elevators are

controlled by the pilot

or autopilot and

primarily serve to

change the aircraft's

attitude, while the

whole assembly (i.e.

the stabilizer) is used

to trim (maintaining

horizontal static

equilibrium) and

stabilize the aircraft in

the pitch axis.

May 2021 www.safetyinengineering.com 5

http://www.b737.org.uk/mcas.htm#background

May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6May 2021 www.safetyinengineering.com 6

MCAS is an automatic override of normal manual control.

The pilots did not know MCAS existed or when MCAS was active.

The pilots did not know how to disable MCAS.

In both accidents, MCAS pushed the aircraft into a dive due to a signal from a faulty angle-of-attack sensor.

May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7

Manoeuvring Characteristics Augmentation System (MCAS)

May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7May 2021 www.safetyinengineering.com 7

MCAS LOGICIF[(Flaps up) + (High Angle of Attack from RH AoA sensor) + (Autopilot disengaged)]

THENtrim the stabilizer down for up to 9.26 seconds (2.5 degrees nose down) then pause for 5 seconds and repeat if the conditions are still met

May 2021 www.safetyinengineering.com 8

If the single AoA sensor connected to MCAS is faulty during climb after take-off, MCAS will be triggered – and the aircraft will crash unless the pilot knows how to de-activate MCAS.

If the pilots used electric pitch trim, it paused MCAS for 5s and reset MCAS; to deactivate MCAS, the STAB TRIM CUTOUT switches had to be switched off.

May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8

The AoA sensors don’t produce a

meaningful signal until the aircraft is

moving.

May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8May 2021 www.safetyinengineering.com 8

May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9

…..unintended MCAS-controlled stabilizer movement was considered to be “Major” (on a scale of Minor/Major/Catastrophic) which prevented further analysis of its failure conditions

…..(Boeing engineers reasoned that) uncommanded MCAS functionality could be countered by stabilizer trim and stabilizer cutout.

https://www.aviationtoday.com/2019/10/28/lion-air-737-max-final-accident-report-cites-aoa-sensor-mcas-as-contributing-factors/

May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9May 2021 www.safetyinengineering.com 9

MCAS safety classification

May 2021 www.safetyinengineering.com 9

Pre-accidents, there was an option for airlines to have an AoA indicator displayed on the control panels - for a fee.

This option was only taken by Southwest and American Airlines before the accidents.

Post-accidents, AoA indicator is now to be available free of charge.AoA DISAGREE alert is now standard on all MAX aircraft.

May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10May 2021 www.safetyinengineering.com 10

AoA cockpit indication

May 2021 www.safetyinengineering.com 10

PK-LQP, Jakarta, 29 Oct 2018, 189 dead.

Flight duration: about 12 minutes

This aircraft experienced a similar

malfunction on its previous flight but an

extra pilot sitting in the cockpit jumpseat

correctly diagnosed the problem and told

the crew how to disable MCAS.

May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11May 2021 www.safetyinengineering.com 11

ET-AVJ, Addis Ababa, 10 March 2019, 157 dead

Flight duration: about 7 minutesEthiopian transport minister Dagmawit Moges

stated that the crew "performed all the

procedures repeatedly provided by the

manufacturer but was not able to control

the aircraft"

The Accidents

May 2021 www.safetyinengineering.com 11

May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12May 2021 www.safetyinengineering.com 12

PK-LQP, Jakarta, 29 Oct 2018, 189 dead.

Flight duration: about 12 minutes

May 2021 www.safetyinengineering.com 12

2018-23-51 - SUMMARY: We are adopting a new airworthiness directive (AD) for all The Boeing Company Model 737-8 and -9 airplanes. This emergency AD was sent previously to all known U.S. owners and operators of these airplanes. This AD requires revising certificate limitations and operating procedures of the airplane flight manual (AFM) to provide the flight crew with runaway horizontal stabilizer trim procedures to follow under certain conditions. This AD was prompted by analysis performed by the manufacturer showing that if an erroneously high single angle of attack (AOA) sensor input is received by the flight control system, there is a potential for repeated nose-down trim commands of the horizontal stabilizer. We are issuing this AD to address the unsafe condition on these products.

After the Lion Air accident, on 7 Nov 2018 the FAA issued Airworthiness Directive (AD) 2018-23-51:

May 2021 www.safetyinengineering.com 13

On 11 Dec 2019 House Transportation Committee Chairman Peter DeFazio referred to this AD and procedure by saying that “The FAA issued an emergency airworthiness directive that purported to inform pilots on how to respond to an erroneous activation of MCAS while actually never mentioning the system by name. In fact, during the certification of the 737 MAX, Boeing actively pushed the FAA to remove references to the MCAS from the flight crew operating manual.”

May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13

Ethiopian Airlines interim accident report, March 2020:One of the AD’s listed on the AD compliance report was AD-2018-23-51, Titled “To Address this potential resulting nose down trim”. The compliance report indicates that compliance was through AFM revision on 11/08/2018.

May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13May 2021 www.safetyinengineering.com 13

In December 2018, the FAA conducted a risk assessment and estimated that without a fix to MCAS, during the lifetime of the 737 MAX fleet, there could potentially be 15 additional fatal crashes resulting in over 2,900 deaths.

May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14

Despite that assessment, the FAA permitted the 737 MAX to continue flying. During the period between the crashes, the FAA repeatedly justified its decision not to ground the 737 MAX saying that it did not have appropriate data to make that determination.

May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14May 2021 www.safetyinengineering.com 14

In October 2017, the right-side AOA sensor was repaired by Florida-based Xtra Aerospace. It was not installed until 28 October 2018.

“…….a [21-degree] difference between left and right AOA sensors was recorded, commencing shortly after the take-off roll was initiated, (indicating) that the AOA sensor was most likely improperly calibrated at Xtra Aerospace.”

Several hours after KNKT published its report, the FAA issued a statement (https://www.faa.gov/news/press_

releases/news_story.cfm?newsId=24314 ) revoking the Part 145 repair station certification of Xtra Aerospace.

AOA sensor maintenance QA issues

https://www.aviationtoday.com/2019/10/28/lion-air-737-max-final-accident-report-cites-aoa-sensor-mcas-as-contributing-factors/ from Final Lion Air accident report.

May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15May 2021 www.safetyinengineering.com 15

• As soon as the flaps were retracted the first automatic nose-down trim activated…….. The pilot flying pulled to pitch up the airplane with a force greater than 90lbs. • At 05:40:22, the second automatic nose-down trim activated. • At 05:40:43, a third automatic trim nose-down activated. • At 05:43:21, a fourth automatic nose-down trim activated for about 5 s.

• Despite recorded force of up to 180 lbs, the pitch continued decreasing.• At 05:43:44, end of flight record.

At the end of the flight, computed airspeed values reached 500kt, pitch values were greater than 40° nose down and descent rate values were greater than 33,000 ft/min.

The final moments of ET-AVJ, 10 March 2019

May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16May 2021 www.safetyinengineering.com 16

On 11 March 2019, the FAA issued a Continued Airworthiness

Notification to the International Community (CANIC).

“…. External reports are drawing similarities between this

accident and the Lion Air Flight 610 accident on October 29,

2018. However, this investigation has just begun and to date

we have not been provided data to draw any conclusions or

take any actions…..”

Meanwhile, China and most other aviation authorities preceded the

U.S. Federal Aviation Administration (FAA) in grounding the

airliner over perceived safety risks…..

On 13 March 2019, the FAA issued an Emergency Order of

Prohibition, prohibiting the operation of any MAX in the US.

May 2021 www.safetyinengineering.com 17

JUST SAYING: Does this sound like the FAA is trying to claim‘fake news’?

May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17May 2021 www.safetyinengineering.com 17

May 2021 www.safetyinengineering.com 18

JUST SAYING:

The Secretary for Transportation at the time, Elaine Chao, was a Trump appointee.

Her husband is Senator Mitch McConnell, Senate Majority Leader under Trump.

The FAA reports to the Secretaryfor Transportation.

May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18May 2021 www.safetyinengineering.com 18

“To make the claim that these accidents would not happen to U.S.-trained pilots is presumptuous and not supported by fact. Vilifyingnon-U.S. pilots is disrespectful and not solution-based…..Simply put, Boeing does not produce aircraft for U.S. pilots vs. pilots from the rest of the world.”

Captain Dan Carey, president of the Allied Pilots Association

“Pilots must be able to handle an unexpected emergency and still keep their passengers and crew safe, but we should first design aircraft for them to fly that do not have inadvertent traps set for them.”

Retired airline captain Chesley B. “Sully” Sullenberger

May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19May 2021 www.safetyinengineering.com 19

May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20

During a reassessment of the aircraft in February 2020, both FAA and EASA determined that the stability and stall characteristics of the plane would have been acceptable with or without MCAS. (!!!)

May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20May 2021 www.safetyinengineering.com 20

Key Findings of House Committee report:

1. Financial pressure on Boeing• Loss of market share to Airbus• Southwest Airlines (launch customer in US) negotiated $1M per plane if simulator training was necessary

2. Incorrect safety classification of MCAS• This was also a lesson from Qantas 72 (previous ETWG)

3. Concealment of information• Existence of MCAS; inoperable AoA disagree alert; test data regarding pilot response in simulators

to MCAS activation; failure to act after first crash

4. Ineffective oversight and regulation• Boeing employees were ‘authorised representatives’ of FAA • Inherent conflicts of interest

5. FAA management overruled their own technical experts at the behest of Boeing• Multiple career FAA officials have documented examples where FAA management overruled a

determination of the FAA’s own technical experts at the behest of Boeing

May 2021 www.safetyinengineering.com 21May 2021 www.safetyinengineering.com 21May 2021 www.safetyinengineering.com 21May 2021 www.safetyinengineering.com 21

“The MAX crashes ……were the horrific culmination of a series of faulty technical assumptions by Boeing’s engineers, a lack of transparency on the part of Boeing’s management, and grossly insufficient oversight by the FAA—the pernicious result of regulatory capture on the part of the FAA…….”

House Committee on Transportation and Infrastructure Report, September 2020

May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22

Regulatory Capture

May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22May 2021 www.safetyinengineering.com 22

“Amid a cacophony of confusing warnings and alerts on the flight deck, the horizontal stabilizer ultimately forced the airplane into a nose-down attitude from which the pilots were unable to recover.”

House Committee on Transportation and Infrastructure Report, September 2020

May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23

Alarm overload

May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23

“Task saturation” John Cox, Safety Operating Systems

May 2021 www.safetyinengineering.com 23May 2021 www.safetyinengineering.com 23

• Boeing merged with McDonnell Douglas 1997

https://qz.com/1776080/how-the-mcdonnell-douglas-boeing-merger-led-to-the-737-max-crisis/

“In a clash of corporate cultures, where Boeing’s engineers and McDonnell Douglas’s bean-counters went head-

to-head, the smaller company (MD) won out.”

• Boeing Corporate HQ moved from Seattle to Chicago in 2001. Half Boeing’s workforce are in Seattle.

• Boeing is currently moving 787 production from Seattle (Everett) to South Carolina. (SC plant is non-union.)

• 787 manufacturing QC issues: (carbon composite construction like Airbus A350)

https://www.youtube.com/watch?v=usqFiL5l2Dk

https://www.youtube.com/watch?v=R1zm_BEYFiU “Shoddy work in Charleston”.

https://www.youtube.com/watch?v=adwkO_BU7mQ FAA fines and production difficulties.

• Boeing’s Space Launch System (SLS): massively over budget and behind programme.

• Boeing CST-100 Starliner (a competitor for Space X’s Dragon):

Delayed for one year while software verification takes place. Cost-per-seat will be 60% higher than Space X.

https://arstechnica.com/science/2019/11/nasa-report-finds-boeing-seat-prices-are-60-higher-than-spacex/

May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24

On December 23, 2019, Boeing announced that Dennis Muilenburg resigned as CEO and board director.

Some general observations on Boeing

May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24May 2021 www.safetyinengineering.com 24

May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25May 2021 www.safetyinengineering.com 25

Year Budget request $

2008 14.9M

2009 16.8M

2010 16.0M

2011 16.5M

2012 18.7M

2013 15.2M

2014 18.6M

2015 15.4M

2016 15.8M

2017 15.9M

2018 16.1M

2019 16.1M

FAA Budget, 2008-2019Year

Revenue in million US$

Net income in mil. US$

Price per Share in US$

Employees

2005 53,621 2,572 45.42

2006 61,530 2,215 59.20

2007 66,387 4,074 71.05

2008 60,909 2,672 50.76

2009 68,281 1,312 35.73

2010 64,306 3,298 53.89

2011 68,735 4,009 58.20

2012 81,698 3,900 62.65

2013 86,623 4,578 90.39 168,400

2014 90,762 5,440 114.72 165,500

2015 96,114 5,172 131.43 161,400

2016 94,571 4,892 125.66 150,500

2017 93,392 8,191 209.85 140,800

2018 101,127 10,460 319.05 153,000

2019 76,559 (636) 325.76

Boeing revenue, 2005-2019

May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26

FAA budget has been flat for 10 years. Boeing revenue almost doubled 2005-2018.Share price x6 2005-2018

May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26May 2021 www.safetyinengineering.com 26

Remedial actions for 737 MAX return to serviceFrom Preliminary Summary of the FAA’s Review of the Boeing 737 MAX, FAA, 3rd August 2020

1. Eliminate MCAS reliance on a single AOA sensor

2. MCAS will not command repeated movements

3. Maximum stabiliser limit for MCAS commands

4. Additional training material

5. AOA DISAGREE alert message to be standard on all 737 MAX aircraft

6. FCC cross monitors to effectively detect and shut down erroneous stabilizer commands from the FCCs

7. Maintenance Manual for the AOA sensor was revised to include a final independent check

8. Operators must perform AOA Sensor System Tests on each airplane prior to return to service

May 2021 www.safetyinengineering.com 27

TL;DRThey fixed it.

May 2021 www.safetyinengineering.com 27

May 2021 www.safetyinengineering.com 28

Selected abridged recommendations for Boeing management systemsFrom Preliminary Summary of the FAA’s Review of the Boeing 737 MAX, FAA, 3rd August 2020

• System safety assessments

• Validating assumptions about pilot response

• Certification of changed products.

• Sufficient number of experienced specialists to perform certification and oversight duties.

• Promote a safety culture that drives a primary focus on the creation of safe products.

• FAA emphasize HF and human system integration throughout its certification process.

• Alarm overload.

• Use of systematic Human Performance and Error Assessments to complement SSAs.

May 2021 www.safetyinengineering.com 28

May 2021 www.safetyinengineering.com 29

Impact on regulators of some previous major accidents

1. After Deepwater Horizon, a new regulator for offshore safety regulation was created (BSEE).

2. After the 2006 RAF Nimrod accident, airworthiness was taken from the tri-service SHEF function and a Military Aviation Authority was established.

FAA reorganisation likely?

May 2021 www.safetyinengineering.com 29

1. Operators (pilots) and maintenance staff do not know

the detail of software logic in control systems.

2. Information buried in manuals is no good to

operators facing a crisis that requires immediate action.

3. Where prompt operator action is required in response

to a failure, this must be addressed in training.

4. Prompt incident reporting and circulation to operators.

5. Importance of instrument calibration.

CONCLUSIONS: OPERATIONS & MAINTENANCE

May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30May 2021 www.safetyinengineering.com 30

1. Design changes require at least as careful attention

as original designs.

2. Alarm overload in emergency situations is

counter-productive.

3. System safety classification must be done properly.

4. The single failure criterion should always apply to

safety-critical systems.

5. QA control of subcontractors and suppliers.

CONCLUSIONS: DESIGN & MANUFACTURE

May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31May 2021 www.safetyinengineering.com 31

1. Regulators need to be independent from designers and

operators, and also independent from politicians.

2. Regulations need to be clear, unambiguous, pragmatic,

and address the issues that matter.

3. Regulators need to be well-informed and fully engaged.

4. Regulators need to have brains, spine, and teeth.

CONCLUSIONS: REGULATION

May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32May 2021 www.safetyinengineering.com 32

May 2021 www.safetyinengineering.com 33

https://transportation.house.gov/committee-activity/boeing-737-max-investigationLion Air PK-LQP.Accident date 29-10-18.189 dead.Preliminary Report, Nov 2018.Final Report, October 2019.

Ethiopian Airlines ET-AVJ.Accident date 10-3-19.157 dead.Preliminary Report, March 2019.Interim Report, March 2020.

May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33

ESSENTIAL READING

May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33May 2021 www.safetyinengineering.com 33

“….numerous systemic deficiencies in FAA oversight”

“…..unnecessary risk to the flying public”

“FAA management appears to be aware, and in some cases complicit in thwarting the very oversight they are charged with directing and supervising.”

“In the most alarming cases, whistleblowers have warned of tragedies before they occur only to be retaliated against by managers.”

“FAA policies appear to have reduced effective oversight by abdicating responsibilities to the carriers. These actions within the administration have not gone unnoticed.”

In hazardous industries, independentregulators must be knowledgeable and suspicious.

May 2021 www.safetyinengineering.com 34May 2021 www.safetyinengineering.com 34May 2021 www.safetyinengineering.com 34May 2021 www.safetyinengineering.com 34

Thank you for your attention

May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35May 2021 www.safetyinengineering.com 35