The automated MCAS system in the Boeing 737 Max played a role in two fatal crashes.
But today the New York Times reports that a year before they’d finished developing the plane, Boeing “made the system more aggressive and riskier,” and that “test pilots, engineers and regulators were left in the dark about a fundamental overhaul.”
While the original version relied on data from at least two types of sensors, the ultimate used just one, leaving the system without a critical safeguard. In both doomed flights, pilots struggled as a single damaged sensor sent the planes into irrecoverable nose-dives within minutes, killing 346 people and prompting regulators around the world to ground the Max. But many people involved in building, testing and approving the system, known as MCAS, said they hadn’t fully understood the changes. Current and former employees at Boeing and the Federal Aviation Administration who spoke with The New York Times said they had assumed the system relied on more sensors and would rarely, if ever, activate. Based on those misguided assumptions, many made critical decisions, affecting design, certification and training…
The company also played down the scope of the system to regulators. Boeing never disclosed the revamp of MCAS to Federal Aviation Administration officials involved in determining pilot training needs, according to three agency officials. When Boeing asked to remove the description of the system from the pilot’s manual, the F.A.A. agreed. As a result, most Max pilots did not know about the software until after the first crash, in October…. While the F.A.A. officials in charge of training didn’t know about the changes, another arm of the agency involved in certification did. But it did not conduct a safety analysis on the changes. The F.A.A. had already approved the previous version of MCAS. And the agency’s rules didn’t require it to take a second look because the changes didn’t affect how the plane operated in extreme situations…
The disasters might have been avoided, if employees and regulators had a better understanding of MCAS… Safety analysts said they would have acted differently if they had known it used just one sensor. Regulators didn’t conduct a formal safety assessment of the new version of MCAS. The current and former employees, many of whom spoke on the condition of anonymity because of the continuing investigations, said that after the first crash, they were stunned to discover MCAS relied on a single sensor.
“That’s nuts,” said an engineer who helped design MCAS.
“I’m shocked,” said a safety analyst who scrutinized it.
“To me, it seems like somebody didn’t understand what they were doing,” said an engineer who assessed the system’s sensors.
Read more of this story at Slashdot.