When the first 737 MAX entered service in May of 2017, it was considered a major milestone for Boeing. For nearly a decade, the aerospace giant had been working on a more fuel efficient iteration of the classic 737 that first took to the skies in 1967. Powered by cutting-edge CFM International LEAP engines, and sporting modern aerodynamic improvements such as unique split wingtips, Boeing built the new 737 to have an operating cost that was competitive with the latest designs from Airbus. With over 5,000 orders placed between the different 737 MAX variants, the aircraft was an instant success.
But now, in response to a pair of accidents which claimed 346 lives, the entire Boeing 737 MAX global fleet is grounded. While the investigations into these tragedies are still ongoing, the preliminary findings are too similar to ignore. In both cases, it appears the aircraft put itself into a dive despite the efforts of the crew to maintain altitude. While the Federal Aviation Administration initially hesitated to suspend operations of the Boeing 737 MAX, they eventually agreed with government regulatory bodies all over the world to call for a temporary ban on operating the planes until the cause of these accidents can be identified and resolved.
For their part, Boeing maintains their aircraft is safe. They say that grounding the fleet was done out of an “abundance of caution”, rather than in direct response to a particular deficiency of the aircraft:
Boeing continues to have full confidence in the safety of the 737 MAX. However, after consultation with the U.S. Federal Aviation Administration (FAA), the U.S. National Transportation Safety Board (NTSB), and aviation authorities and its customers around the world, Boeing has determined — out of an abundance of caution and in order to reassure the flying public of the aircraft’s safety — to recommend to the FAA the temporary suspension of operations of the entire global fleet of 371 737 MAX aircraft.
Until both accident investigations are completed, nobody can say with complete certainty what caused the loss of the aircraft and their passengers. But with the available information about what changes were made during the 737 redesign, along with Boeing’s own recommendations to operators, industry insiders have started to point towards a fault in the plane’s new Maneuvering Characteristics Augmentation System (MCAS) as a likely culprit in both accidents.
Despite the billions of dollars spent developing these incredibly complex aircraft, and the exceptionally stringent standards their operation is held to, there’s now a strong indication that the Boeing 737 MAX could be plagued with two common issues that we’ve likely all experienced in the past: a software glitch and poor documentation.
Unintentional Side Effects
In may be somewhat counter-intuitive, but the more efficient LEAP engines used on the 737 MAX are actually much larger than the engines used on previous versions of the aircraft. To make these significantly larger engines fit on the wing, they had to be mounted not only higher but farther forward than previous generations of the 737. Even to the untrained eye, the difference in engine size and position is clearly discernible:
It was found that this new positioning of the engines caused the 737 MAX to pitch up slightly during certain maneuvers, especially when the aircraft was already at a high angle-of-attack (AoA). In other words, when the nose of the aircraft was raised to gain altitude, the plane would start to climb higher than the pilot intended. If left unchecked, this tendency could potentially lead to a disastrous stall condition; where the aircraft has pitched up so far that it’s no longer able to produce lift. To counteract this quirk of the design, the MCAS system was introduced.
Put simply, MCAS detects when the 737 MAX is at risk of this pitch-up tendency, and compensates by using the aircraft’s rear stabilizer to bring the nose back down. When operating as intended the pilot shouldn’t even know that MCAS was engaged. It was designed to be a system that operated in the background, automatically providing the pilot with the ideal aircraft performance.
In fact, it was since been revealed that 737 MAX operators were not informed about MCAS, or trained on its operation. Documentation detailing the changes made between the two generations of aircraft didn’t mention the automatic system, as Boeing believed it wasn’t something pilots would need to be consciously aware of. As such, many pilots didn’t learn about MCAS until the first fatal accident had already occurred.
Erroneous Data
Automated systems which supersede the crew’s inputs on the controls are hardly a new development, and have been used on aircraft for decades. The McDonnell Douglas MD-11, an airliner which first flew in 1990, features a system called Longitudinal Stability Augmentation System (LSAS) that has direct parallels with MCAS in the 737 MAX. But what happens when they aren’t working correctly?
Could invalid sensor data be enough to engage MCAS while the plane is in level flight? Could this force the aircraft into an unnecessary dive, ignoring the pilot’s commands to pull up? Without training on the MCAS system, would the pilots understand what was happening and know how to disable the system to regain control of the aircraft?
These are precisely the kind of questions that investigators are currently trying to answer. Maintenance records show that the crew of the 737 MAX involved in the first fatal accident had previously reported issues with the AoA sensors. The plane had already put itself into uncommanded dives before the accident, during which the crew noted a twenty-degree difference between the readings on the left and right sensors.
Just one week after the crash, Boeing released a bulletin to 737 MAX operators explaining that “erroneous data” from the AoA sensors could potentially put the plane into an uncommanded dive, and documented the procedure to disable the system:
Critics argue that had Boeing more clearly explained the nature of the MCAS system, crews would have had the chance to familiarize themselves with the override procedure ahead of time; potentially averting the disaster altogether.
A Tragic Lesson
The investigation into the second crash has only just begun, so it’s far too early to make any definitive claims about what brought the aircraft down. But with ground radar observations confirming the plane’s altitude was fluctuating before impact, there’s a enough concern that it could be related to MCAS that continuing to fly the aircraft without a thorough investigation would be irresponsible.
Before agreeing to ground the fleet, Boeing’s position had been that crews simply need to be trained on how to disable MCAS in the event that it received invalid AoA data. But clearly that solution wasn’t good enough for the FAA and its global partners; clear deficiencies in the system must be addressed. Improvements need to be made in how the system interprets conflicting AoA data, along with safeguards that will automatically override the system in situations where it’s not operating in accordance with the pilot’s commands. MCAS is supposed to prevent the plane from pitching up higher than intended, not keep the aircraft from gaining altitude when it’s already in a nose-down position.
It’s unfortunate that it often takes the loss of human life before faults like these are discovered. In the case of MCAS, these events are a stark reminder of the importance of documentation when developing new features. A glitch that causes unintended behavior in a brand new system is hardly a surprise, or even completely unexpected. But if the user wasn’t informed of how the system is supposed to operate, much less what to do when it malfunctions, the consequences can be disastrous. Pilots need to understand how their airplanes work.
No comments:
Post a Comment