The Boeing 737 Max 8 Disasters

Case Analysis of MIT Case study by John Sterman and James Quinn

Hi Friends,

It’s been a few months since my last Essay. Although I have been writing a lot for School, I just haven’t been able to get to any regular publishing rhythm. so I decided to rework the essays from some case studies into these emails.

I do intend to continue to publish some of these. This post is on a Boeing case as Boeing has been in the news recently. But others I intend to write posts on are in Formula One, Tesla’s burst to the forefront of US Auto Industry, and interestingly, Salt.

But first, Here’s the Boeing case.

—

Boeing 737 Max 8 Disasters

The entire fleet of Boeing 737 Max 8 aircraft was grounded for 2 years after the Lion Air and Ethiopian air crashes of  October 2018 and March 2019 respectively. In the aftermath, it was learned that both crashes were due to a malfunctioning safety feature – MCAS (Maneuvering Characteristics Augmentation System) - on the planes that would push its nose down whenever the Angle of Attack (AOA) sensors measure the AOA was high. This MCAS feature was automatically activated, and pilots were unable to control and stabilize the planes resulting in the fatal crashes that claimed 319 lives. 

Much has been said and discovered since then, and the MIT case Study by John Sterman and James Quinn went into detail on the processes behind the creation of this aircraft, the malfunctioning components, the negligence of Boeing’s engineers and leadership, and the misses of the FAA.

This Case Study analysis focuses on key questions from MIT that highlight some of the main issues. For more in-depth information, I highly recommend reading the case.

What role did company engineers play in causing the two catastrophes? What about their managers? Their test pilots?

The role of the engineers in the Boeing 737 Max 8 disasters start with their acceptance of the “extremely compressed” timeline that meant engineering standards were bypassed to “go, go, go” on their march towards completing the project. Deliberations that should have been had were sidestepped despite their awareness of quality and safety being undermined. In an email exchange, one employee was referencing the “covering up” they had done.

A more specific role they played was in making redundancy optional in the aircraft. Redundancy in engineering increases reliability whenever a function or part fails.  In making redundancy optional, they created a “Single point of failure (SPOF) hazard” which is a situation where one malfunction or fault could derail the entire system. A SPOF is counterbalanced with redundancies.

 

 In the case of the Boeing 737 Max 8, Knowing that there was a high likelihood of a single sensor failing, they created an AOA (Angle of Attack) DISAGREE cockpit display that would have shown any discrepancies between the readings of two sensors. This cockpit display could have alerted the pilots, allowing them to act whenever MCAS activates automatically – pushing the nose of the plane down. Despite being the only one that warns pilots about malfunctioning sensors, this feature was made an optional “add-on” at extra cost. Expectedly, most airlines did not want to pay extra for it. Allowing this to be made optional turned out to be a fatal mistake.

 

MCAS was a new software created to correct a “dangerous” pitch-up condition, but it was advertised to the regulators and airlines as an “analogous function” which was nothing but an addition to Speed Trim (a system that tries to maintain speed stability). Even after new potential problems were discovered about MCAS, the stance was still that it was nothing but a “minor modification”. This posture by Boeing engineers meant MCAS was not thoroughly scrutinized by both airlines and regulators. 

 

And again, on the issue of pilot training, knowing that there was a difference between the 737 max 8 and 737 NG, they repeatedly insisted that pilots didn’t need any simulator training to learn to fly this aircraft. Limiting training required to hour-long CBT programs. In one instance, the Chief Technical Pilot referred to his use of  “Jedi-Mind tricks” to convince “fools” that only CBT training is required.

                                           

 

What role did Boeing’s CEO, board, and other senior leaders play in shaping the processes, procedures, and corporate culture that may have set the stage for disasters?

 

The failures of Boeing’s leadership start with nurturing a “business first” culture in a company whose fulcrum should be sound engineering. This culture was reflected in the reporting structure which was “primarily to business units and secondarily to engineering units”. And even in cases where employees noticed the use of subpar materials which are potential hazards, they were overruled in favor of the “business decision.”

 

Secondly, In the scramble to prevent Airbus from “stealing market share”, they abandoned what may have been a more sound development process for a new aircraft in favor of the mad dash toward the 737 Max. The max project was hurriedly launched, the development cycle was significantly compressed, and “sloppy designs” were accepted. This process had “management undermining quality and safety.” Perhaps scrapping plans for a new aircraft was a good business decision, but that decision and the processes that followed proved to be deadly and costly.

 

Next was the “business decision” to present MCAS as a minor modification to fast-track FAA approval. The discussions that could have ensued from a careful review of MCAS would have meant airlines and pilots are required to learn about this critical safety feature. With proper training, Pilots would have been more cognizant of processes to follow once it is automatically, but erroneously, activated. 

They also made the business decision to have the cockpit alert system be a “minor add-on” despite it being pivotal to overriding MCAS. Knowing the importance of this feature, why would they let it be an optional add-on?

 

Again, in their sales pitches, so they could complete orders without having pilots go through costly simulation training, they insisted to the FAA, and to airlines that only a CBT training was required. This turned out to be catastrophic as not only did pilots not know about the MCAS feature or have the cockpit alert systems to know something was wrong, they were also not properly trained on how to respond to the nose-down effects of MCAS activation.

 

Why were the problems with MCAS covered up?

 

After Boeing learned about the desire of their largest customer, American Airlines,  to buy the Airbus A320, they tried to get their version of those planes out as soon as possible. This not only meant compressed timelines for production, but they also needed the certification process fast-tracked. Given that FAA certification only needed to focus on differences between the 737 Max 8 and the already certified previous models; they could have shaved off significant deliberation time by positioning MCAS as a minor addition.

 

Otherwise, it would have led to “additional work due to training impact and maintenance manual expansions”

 

Covering up problems with MCAS was a business decision to ensure that there is no extra work required to go through this new feature and have them demand training to use it. Doing this would mean FAA certification arrives quicker and deliveries can commence.

 

Why didn’t the FAA detect the flaws in the design before allowing the 737 Max 8 to ensure service?

As Chief Technical pilot, Mark Forkner, remarked in internal exchanges, “I basically lied to the regulators” regarding MCAS. In a situation where information is being withheld and the FAA is being outright misled, it does make it more challenging to realize or deliberate risk.

 

But it could rightly be argued that in a situation where businesses are likely putting their interests above others, then the regulatory system, in this case administered by the FAA, should be able to see beyond the façade. Perhaps there was a preset inclination to take Boeing at its word. If they say MCAS is a minor addition to speed trim, then it must be.

 

Then there is the fact that perhaps the regulatory administration bent to the powerful industry pressure. Difficulty always prevails in regulation whenever there is no resistance to external pressure. The pressure, perhaps, also meant that statements and directives from Boeing were taken at face value. Proper deliberations were sidestepped, and the decisions ended up being fast-tracked.

 

How could future disasters be prevented?

 

The first and best way to prevent future disasters is to retrace steps back through the engineering decisions that had been made through the fast-tracked development process. This is to ensure that MCAS isn’t the only failure. A competent review of the processes leading up to the first deliveries will help in ensuring the systems are safe.

 

Then revamp MCAS, and ensure that the cockpit display is an addition to every single cockpit to make sure pilots are alerted to any inconsistencies.

 

And then update pilot training. Get some feedback from pilots on what their experience is and ensure that they are familiar enough with flying this aircraft. Update manuals to include extensive information on any changes between this aircraft and prior models.

 

These are targeted adjustments to this line of aircraft that try to undo some of the prior mistakes, but to the business of Boeing, there is also need for an extensive review of internal processes. This is to ensure that the business does not always overrule engineering, and cost efficiency doesn’t supplant product integrity.

 

And on the part of the FAA, there have to be systems in place that ensure the regulatory process is more resistant to external pressure.

 

And what of the families of the 346 victims?

 

It is a sad reality but the families have lost loved ones amongst whom are parents, siblings, and children who cannot be brought back. They cannot be made whole.  This is loss and grief that will forever. Although some clarity on the circumstances of their loss yields some closure, it does nothing to bring them back.

 

The one positive outcome is that this informs decision-makers in boardrooms that their decisions can have a profound impact on the lives and livelihoods of people. Their decisions are not made in a vacuum. There could be real human costs on the other side.

—

Let me know what you think about this case. I’m happy to hear any thoughts you have.

Until next time.

Comments

[Opeyimika Aremu]

Thank you for sharing, Kelvin.

I enjoyed reading this.