FAA and Boeing 737 MAX Certification Story

The Seattle Times: Managers of the Federal Aviation Administration (FAA) have put pressure on their engineers to delegate broad responsibility for Boeing 737 MAX safety assessment to Boeing itself. Security engineers who are familiar with the documents have pointed out the details that show that the safety assessment analyzes contain major weaknesses.

Picture: Boeing 737 MAX9 on Boeing production line in Renton. The circular body at the bottom right is the Angle of Attack (AOA) sensor. The sensor measures (in simplified terms) the angle between the wing and the airflow. The angle of attack sensor together with the MCAS system is the most likely cause of the recent two fatal crashes of the Boeing 737 MAX. The MCAS monitors the angle of attack of the airplane and, if the angle of attack appears to be too large for the system, will command the elevator to force the airplane to direct the bow more down. During the fatal crashes, the MCAS system repeatedly directed both aircraft down until the aircraft hit the ground. Pilots of the first crashed (Indonesian) aircraft did not even know that there was an MCAS in the airplane. Boeing failed to provide these details in the airplane manual.

During the development of B737 MAX, development was delayed 9 months behind its competitor: the new Airbus A320neo. The FAA used the lack of funds and lack of (human) resources as pretext for such uncommon manoeuver: FAA delegated critical certification tasks to the manufacturer itself – to Boeing. Thus, Boeing assessed himself, the security of the MCAS (Maneuvering Characteristics Augmentation System), the control system software, and so on.

The MCAS is the most suspicious cause of the fatal crashes because it contains serious flaws:

  • Understated the power of the new flight control system, which was designed to swivel the horizontal tail to push the nose of the plane down to avert a stall. When the planes later entered service, MCAS was capable of moving the tail more than four times farther than was stated in the initial safety analysis document.
  • Failed to account for how the system could reset itself each time a pilot responded, thereby missing the potential impact of the system repeatedly pushing the airplane’s nose downward.
  • Assessed a failure of the system as one level below “catastrophic.” But even that “hazardous” danger level should have precluded activation of the system based on input from a single sensor — and yet that’s how it was designed.

 

Both FAA and Boeing were notified of the above critical safety deficiencies 13 days ago, i.e. before the second fatal accident. The FAA replied that it had a hectic week and was unable to delve into detail. Boeing responded by saying that the FAA had evaluated everything and that Boeing had met all certification and regulatory requirements.

For decades, the FAA has been a “gold standard”, the most rigorous and honest authority among the air authorities. Therefore, it is a great surprise to see how deep his management could have fallen.

 

Want to fly Boeing 737 MAX? You need good luck, lucky airline and you need to know in advance if your B737 MAX is equipped with an “optional package” with one “extra AoA vane” and an “AoA disagree light”. The package is only on request at an additional cost and not every airline has chosen it. Your survival chances will increase significantly.