On Sunday, Ethiopia's transport minister announced that information recovered from flight data recorders aboard the ill-fated Ethiopian Airlines Flight 302 revealed "clear similarities" to the data from the crash of Lion Air Flight 610 off Indonesia last October. And analysis of the wreckage indicated that the aircraft's control surfaces had put the Ethiopian Airlines Boeing 737 MAX 8 into a dive just before it crashed, killing all aboard.
While the investigation is still underway, the flight data increases the focus on Boeing's Maneuvering Characteristics Augmentation System (MCAS) flight software—software developed to help manage the shifted handling characteristics of the 737 MAX aircraft from other 737s. And that software, it turns out, was originally presented to the Federal Aviation Administration as much less risky than it actually was, which limited FAA oversight.
Now the Transportation Department and Justice Department have launched a new investigation into how Boeing got the initial safety certification for the 737 MAX from the FAA two years ago.
The Seattle Times reports that Boeing may have undersold the safety impact of the MCAS system during its 2015 safety certification review. Engineers who worked on the program told the Times' Dominic Gates that the safety analysis of MCAS presented to the FAA understated the magnitude of control adjustments the software could make. It also failed to take into account that, unlike previous automatic stabilizer trim systems, MCAS would reset itself each time a pilot corrected against it—in other 737s, overriding an anti-stall correction would disable the software's changes.
Additionally, the MCAS system was designed to work based on input from only one sensor—despite the fact that Boeing rated a failure of the system as "hazardous." That level of risk—which in itself was understated, according to engineers—should have been enough to require redundant sensors.
All of these understated analyses gave the FAA a false picture of the impact of the MCAS system, which was presented as a simple modification of systems aboard existing 737s. But the changes were enough that Brazilian authorities cited a need for additional pilot training on the 737 MAX even while the FAA allowed the system to go essentially unmentioned in US operation manuals.
Safety efficiency
Boeing has had wide latitude over a number of safety checks for years, despite warnings from Department of Transportation auditors in 2012 that the FAA was not doing enough to "hold Boeing accountable." That's because the FAA and Congress have given increasing power to aircraft designers over safety certifications in the name of government efficiency.
The FAA has outsourced safety certification for some parts of new aircraft to their manufacturers for decades, but the agency used to have approval authority over which engineers were selected for the job. In 2005, the FAA started to loosen regulations over Organization Designation Authorization (ODA), giving the companies more leeway over who was selected to do the work. While they were technically employees under FAA's authority, the engineers were still managed by the companies.
The changes were completely in place by 2009, and according to investigators, they gave Boeing a lot of leverage over safety-certification engineers. As Bloomberg reports, the 2012 Department of Transportation audit found that Boeing had created a "negative work environment" for engineers reviewing new designs—to the degree that many interviewed by auditors said that they'd faced retaliation for bringing up concerns.
Additional concerns were raised over Boeing's safety-certification practices in 2015 after fires aboard 787 "Dreamliners" were caused by lithium batteries used in auxiliary power. But under the Trump administration, things have been loosened up even more. In October of 2017—six months after the 737 MAX was certified—President Donald Trump signed a law that allows aircraft manufacturers to press the FAA to give them authority over how they certify components considered to be low- or medium-risk items. And if the manufacturers can convince the FAA that something falls into one of those two categories, they could essentially have free rein over how they certify their craft as safe.
Listing image by Boeing
reader comments
537