Flying on a MAX8 for the 1st time
Over the years, I have been a crew member or passenger on every single airliner model you can think of, excluding the B737 MAX. Until now. And I have to admit, as a former B737 chief engineer, I was a bit uneasy about the prospect.
Background
If you are not familiar with the ongoing travails of the B737 MAX program, let me sum it up very briefly:
-
On 29 Oct 2018, a MAX8 operated by Lion Air crashed into the Java Sea shortly after takeoff, killing all crew and passengers on board the flight.
-
In less than five months, on 10 Mar 2019, a MAX8 operated by Ethiopian Airlines crashed into the ground near Bishoftu (a town in central Ethiopia) only 6 minutes after takeoff. Tragically, all passengers and crew members lost their lives.
The two fatal crashes were the result of altering the original B737 flight control design by introducing the Maneuvering Characteristics Augmentation System (MCAS). MCAS depended on angle-of-attack (AOA) data from a single AOA sensor that had no backup. The critical AOA sensor failed during both accident flights, giving false AOA input data to the MCAS system which, in turn, commanded a series of forceful nose-down inputs. The accident pilots were fighting MCAS but could not recover their airplane.
Designing a safety-critical system on a Part 25 transport category airplane - with a known catastrophic failure scenario and no built-in redundancy - is unheard of in modern aerospace engineering. This approach violates fundamental system safety principles. To make matters worse, Boeing management decided to remove the relevant sections from the Flight Crew Training Manuals, essentially hiding the existence of MCAS from airline pilots. As a former Boeing principal engineer, it is hard to imagine how on earth this idea could even be considered, let alone approved and certified with a critical single point-of-failure.
Is the MAX safe now?
After those two crashes, Boeing initially blamed the airline pilots who operated the accident flights. Needless to say, I was less than impressed. Five years later, Boeing promised to reinvent itself as a company that values it’s engineering excellence, having lost two CEOs in the meantime. In line with industry standard practices, design changes were rolled out by Boeing and the FAA made them mandatory for all B737 MAX models. It is beyond the scope of this blog entry to go into the details of the relevant design changes. Let me provide a link instead, for your reference:
➜ Bjorn Fehrm (Leeham News) released a series of MCAS-related articles, here is a good summary from 2020: Why is the 737 MAX safe now
Based on what information is available in the public domain, I agree with Bjorn’s assessment that the MCAS fix is effective, supported by a basic B737 flight control system that has a relatively good in-service record. 1
Footnotes
-
The original flight control system and it’s architecture was designed in the mid-60s, with the B737-100 model receiving the initial type certificate in 1969. ↩
Related posts
Workplace Safety v System Safety
It is a common misconception that workplace safety and system safety have the same objectives. In short, wrong. With few exceptions, mixing up workplace and system safety management is not only counterproductive, it can also lead to serious consequences.
5 min readThe Tiger That Mauled Itself
In aviation circles, the Grumman F-11 Tiger is known as a capable carrier-based fighter aircraft, the second operational jet in US Navy service that could fly faster than the speed of sound. In popular culture, it is better known as one of the first types flown by the Blue Angels and, most regrettably, it can also claim the title as the first fighter jet that managed to shoot itself down.
6 min readPathological Organisations Do Not Learn
Learning from experience is a critical element in system safety. In this blog post, I will revisit the impact of safety culture on what response can be expected from an organisation when a major accident happens. More specifically, I will explain the main reasons why a *pathological organisation* is not supportive of public inquiry and, as a result, unable to learn from a tragic safety loss.
3 min read