Boeing 737 Max – The illustrated example of technical debt

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

(An automation ) Mindset could have saved all those lives

Aviation is mostly based on science. Aerodynamics, fluid mechanics, engine performance, etc. But there’s one topic were it all comes down to religion: automation.

The most striking difference between an Airbus and Boeing is inside the cockpit. The most visible of all: the sidestick on the Airbus, versus the Boeing’s control column. Ever since the first Airbus A320 left the factory, Airbus’ motto has been “have automation help protecting the aircraft”. This goal Airbus developed and deployed a number of systems which nowadays are pretty much standard: Fly-by-wire, Flight Envelope Protection, Auto Throttle, etc. As such, a brand new Airbus is able to perform an autonomous flight, apron to apron, without human interaction, if programmed to. Not that this is done, often, it is is technically possible.

Now, this doesn’t mean that Airbus got it right the very first time, it didn’t, painfully (see Air France Flight 296). Time and again some inferior apes at the cockpit did manage to bring such fully automated machines down (see Germanwings Flight 9525) or even worse is the possibility of having poorly trained apes on the cockpit (see Air France Flight 447), for those cases where the automation is blind and kindly asks the ape to earn is money.

However, when it does automation meets a superior, well trained ape, amazing things are achieved and lives would have been lost otherwise (see US Airways Flight 1549). Automation takes a role on most important tasks on an modern Airbus aircraft:

  • Ensures the smoothest flight possible;
  • Lowest possible cost
  • Lowest mechanical wear (see Flex Temp), and lower take off noise
  • Ensures the pilots are not able to crash an aircraft, or by any means endangering it
  • Leaves the pilots free from the most boring and receptive tasks, the ones more prone to human error, allowing humans to excel on the complex and not often creative tasks: taking over the machine in case of failure.

As a consequence, flight training for an Airbus airplane takes a huge amount of time on making sure the human understands what the machine is doing, at all times, and how to react in case of malfunction. The Airbus side stick is the demonstration of this principle. The side stick is the interface to that the human intends the machine to do, not how the machine shall do it. This also means that the pilot is not normally able to override the computers during normal operations. However, pilots are specifically instructed on how and when to override the computers.



Boeing aircrafts have since ever been designed around a totally different principle: making sure the human is in charge. Automation arrived far latter, and to a far lesser extent, and kept to the bare minimum. This bare minimum however doesn’t include preventing the apes on the cockpit from crashing a perfectly working aircraft (see Asiana Airlines Flight 214), a fact infamously covered by US’s NTSB, which failed to answer a simple question: would that accident happen if the aircraft would have been an Airbus A330?

However, the “bare minimum” was different for the 373 MAX. The “bare minimum” now including taking over the plane’s pitch, otherwise the aircraft could simply pitch up uncontrollably. However, Boeing couldn’t simply implement a fully computerised flight control system, as it would require to completely redo the entire list of the 373 flight systems, with a huge cost for Boeing, and retraining the entire force of 737 pilots, again with a huge cost to the airlines. It would, however, have allowed Boeing to cut and pay the accumulated technical debt.

Instead, Boeing decided to take more technical debt. Boeing decided to implement the pitch control system by piggy backing on an already existing system, which was already being used on most 737 aircrafts out there: the automatic trim tab. This system allows the aircraft to automatically adapt to the local atmospheric, engine power setting and the aircraft’s centre of gravity, my making constant and very small adjustments to the aircraft’s pitch, thus improving performance and fuel savings. It doesn’t however take a critical role on the survivability of an aircraft, until the 737 Max. So, instead of making the pitch adjustment, a part of the central aircraft control, Boeing just took a non critical system, and made it critical.

Aircraft critical systems are bound to much stricter rules than non-critical systems. Few people would be concerned that the flight’s entertainment system fails due to lack of redundancy, but aircrafts have two engines for a very good reason. The problem is, the trim tab system wasn’t considered critical albeit it seems to be the case. Accordingly the to latest accident investigation reports, pilots performed exactly what was expected from then in case the MCAS system failed, by disabling the trim tab system. However, disabling the trim tab system was no longer an option, as the 737 Max really needs it to maintain airborne, and that was exactly what accident investigation reports seem to prove: after the pilots disabled the trim tab system, the aircraft became uncontrollable, and crashed. How FAA allowed that obvious flaw to reach a certified aircraft model is currently subject of heavy investigation.

 



  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Leave a Reply