Scrutiny has shifted to the 737 MAX autopilot that enabled rapid software updates.
In the tumultuous year since the second fatal crash of a Boeing 737 MAX aircraft, the engineering community has looked on with puzzlement and — in some quarters — disdain as the aircraft manufacturer struggles mightily to get its MAX fleet back in the air.
The last several months have seen the ouster of Boeing CEO Dennis Muilenburg, indecision at the U.S. Federal Aviation Administration, outrage among the families of victims and enough huffing and puffing by lawmakers to keep the MAX grounded.
Within the engineering fraternity, there is much consternation and debate over the MAX design and its fatal lack of redundancy. In defending its solution to airframe instability — the now notorious Maneuvering Characteristics Augmentation System, or MCAS — Boeing executives have told lawmakers that pilots were the backup system for MCAS.
The problem, of course, is the pilots of Lion Air Flight 610 (189 killed in an October 2018 crash) and Ethiopian Airlines Flight 302 (157 perished in a March 2019 crash) did not know of the existence of MCAS because Boeing chose not to inform its customers.
As Boeing and its new CEO, David Calhoun, continue to press regulators to release the 737 MAX from aviation purgatory, scrutiny has shifted to the troubled aircraft’s autopilot, designated by its manufacturer Rockwell Collins as the EDFCS-730.
Gregory Travis, a software engineer, experienced pilot, and among Boeing’s fiercest critics, calls the autopilot “Patient Zero” in the MCAS saga. The EDFCS “offered Boeing an enormous set of opportunities,” Travis noted in a recent commentary that asserts Boeing will not recover from the 737 MAX mess.
“First, [the autopilot] was far cheaper on a lifecycle basis than the old units it replaced. Second, it was trivial to re-configure the autopilot when new functionality was needed — such as a new model of 737,” Travis notes.
EDFCS autopilot software can be updated via a USB port in the 737 MAX cockpit, Travis notes. That’s especially troubling because aviation software development practices and standards are far less stringent than aircraft hardware.
Which highlights the redundancy problem: “The redundancy architecture of the 737 conforms to human-centric industry norms established in the 1950s,” Travis added in an e-mail. “At that time there was little consideration regarding the integration of automatic digital processing. The architecture imposes severe constraints with regard to automated flight control, constraints which cannot be overcome.”
Travis concludes that 737 MAX mess has placed Boeing in a death spiral.
Boeing CEO Calhoun counters that the aircraft maker will pull through despite reporting a yearly net loss of $636 million and projected losses associated with the 737 MAX estimated at a whopping $18.4 billion, according to the Seattle Times.
Calhoun was contrite but stoic in a January interview with the newspaper. Of MCAS, Calhoun stated: “That is a very discrete, very specific engineering decision that ultimately was flawed. We all wish it wasn’t.”
As for Boeing’s current culture of cost-cutting and outsourcing tasks like software development, Calhoun added: The engineers who designed MCAS “thought they were doing exactly the right thing, based on the experience they’ve had.”
Boeing’s engineering prowess took another hit in December when an unmanned Starliner spacecraft failed to reach the International Space Station. NASA said this week that investigators uncovered “fundamental” problems with the company’s software. The agency further acknowledged lack of oversight during spacecraft software development.
NASA also said it discovered other, more serious thruster problems during Starliner’s maiden flight that could have resulted in a “catastrophic” failure. Starliner returned safely to Earth.
“Industry is very bad at doing software,” Doug Loverro, NASA’s head of human exploration, told the Washington Post.
That assessment supports the assertions of Boeing critics like Gregory Travis. His commentary outlining the technical and cultural reasons for Boeing’s downfall is here.
We have sought Boeing’s comment on Gregory Travis’s analysis. We’ll update our story when the company replies.
— George Leopold is the former executive editor of EE Times and the author of Calculated Risk: The Supersonic Life and Times of Gus Grissom (Purdue University Press, Updated, 2018).