Why aerospace software is decades behind
On October 29, 2018, Lion Air Flight 610 was en route from Jakarta, Indonesia to Pangkal Pinang, Indonesia when the disaster occurred. The flight carried 189 passengers and crew members, all of whom were killed in the crash. The cause of the crash was initially unknown, but later investigations revealed that a malfunctioning sensor on the plane caused the aircraft's flight control system to activate, causing the plane to rapidly dive.
Boeing 737 Max crashes were more than just a deficient software issue
“These crashes are demonstrable evidence that our current system of aircraft design and certification failed us...the accidents should never have happened. [The MCAS system] was fatally flawed and should never have been approved.”
Captain Chester “Sully” Sullenberger, testifying before congress
On October 29, 2018, Lion Air Flight 610 was en route from Jakarta, Indonesia to Pangkal Pinang, Indonesia when disaster occurred. The flight carried 189 passengers and crew members, all of whom were killed in the crash. It was a heartbreaking tragedy that shook the soul of the industry. The cause of the crash was initially unknown, but later investigations revealed that a malfunctioning sensor on the plane caused the aircraft's flight control system to activate, causing the plane to rapidly dive.
The report states that the crash of Lion Air Flight 610 was caused by a malfunctioning Angle of Attack (AOA) sensor on the plane, which resulted in incorrect information being fed into the aircraft's flight control system. The system then activated the plane's maneuvering characteristics augmentation system (MCAS), causing the aircraft to rapidly dive. The crew was unable to regain control of the aircraft, and the plane crashed into the Java Sea just 13 minutes after takeoff. Perhaps a lot of readers have heard of TCAS, and just assume MCAS is equally ubiquitous. It is not. It was a Band-Aid stuck on an aerodynamic issue unique to the 737 Max...
So why was it approved?
The part of the story that is oft omitted is that the 737 Max was primarily motivated by Boeing’s perceived need to match the fuel efficiency of the Airbus A320 neo. The 737 and the A320 are direct competitors. Airbus offered a new A320 with more efficient larger diameter high-bypass engines. The 10- 15% improvement in fuel efficiency made the Airbus more attractive to airlines. Boeing had to match this offering to remain competitive. These two aircraft are real workhorses for airlines. Their passenger capacity, range, and modest runway length requirements make them the best choice on many routes. A 10-15% advantage in fuel efficiency is huge...
However, there was a problem. The 737 had less ground clearance that the A320. Boeing could not simply install the new engine on the old mounting. They had to redesign the engine mounting pylons to locate the engines more forward and higher. This gave the aircraft a tendency to pitch up in certain flight regimes. The MCAS was the ill-fated attempt to stick a software bandaid on the problem. The software was flawed, but there were clearly other factors at work here. It is interesting to speculate what decision an intelligent bot with AIOps, machine learning, access to big data, and self-monitoring would have made.
The crash of Lion Air Flight 610 was the first in a series of incidents involving the Boeing 737 MAX 8, which led to widespread scrutiny of the aircraft's design and safety features. After the crash, the 737 MAX 8 was grounded globally in March 2019, with several countries including the United States and the European Union banning the aircraft from their airspace. The grounding of the 737 MAX 8 had a major impact on the global aviation industry, with airlines around the world having to cancel thousands of flights and replace their aircraft with other models.
‘Seat-mile costs’
Boeing changed the engines on the 737 aircraft in 2011 as part of the development of the 737 MAX, an updated and more fuel-efficient version of the popular single-aisle passenger jet. The first 737 MAX aircraft was delivered to customers in 2017 and it quickly became one of the most widely used aircraft in the world, with thousands of aircraft in operation. Boeing appeared to have successfully kept up with the Airbus with just a little bit of jury-rigging and a lot of finger-crossing...
The change to larger engines was part of a larger effort by Boeing to modernize the 737 aircraft and improve its fuel efficiency and competitiveness in the global market for air travel. The larger engines were designed to provide the 737 MAX with increased thrust and better fuel efficiency, which allowed the aircraft to operate more efficiently and effectively than earlier models of the 737. However, the larger engines had to be shifted up and forward due to the clearance issue. This changed the centerline of the engine’s thrust. That thrust caused the aircraft to ‘pitch up’ or raise its nose in certain flight regimes.
The solution to this hardware issue was created in software, known as MCAS.
MCAS
“The MCAS system was just unbelievably deficient, but it was the culture at Boeing that allowed this to happen…”
-Gergory Travis
Source: fierceelectronics
The Maneuvering Characteristics Augmentation System (MCAS) was added to the Boeing 737 MAX 8 aircraft to address a potential issue with the aircraft's handling characteristics during certain high-stress flight conditions. Specifically, the MCAS system was designed to counteract the tendency of the 737 MAX 8 to pitch up during certain high-angle-of-attack scenarios, such as those that can occur during takeoff or during certain manual flight maneuvers.
The MCAS system was designed to be triggered automatically by data from the aircraft's Angle of Attack (AOA) sensors, which measure the angle between the aircraft's wings and the oncoming airflow. In the event of an AOA sensor indicating a high angle of attack, the MCAS system would automatically adjust the plane's horizontal stabilizer to bring the aircraft's nose down and reduce the risk of a stall.
However, as we saw in the crashes of Lion Air Flight 610 and Ethiopian Airlines Flight 302, the MCAS system was prone to underdampening and could cause the aircraft to rapidly dive. When the pilot responded (understandably) by raising the nose, a battle was underway between the pilot and the MCAS. Many 737 Max pilots got a taste of this porpoising; a few ended up with a real rodeo flight. One sad thing is that since there was not sufficient information disseminated about the MCAS, pilots had no idea what was happening. Nor did they know that right on the center console was the off switch for the MCAS...
The horrible crashes that ensued led to the grounding of the 737 MAX 8 globally and prompted a comprehensive review of the aircraft's design and safety features by Boeing and regulatory agencies around the world.
The failure of the Maneuvering Characteristics Augmentation System (MCAS) in the crashes of Lion Air Flight 610 and Ethiopian Airlines Flight 302 was primarily due to incorrect data being fed into the system. In both cases, a malfunctioning Angle of Attack (AOA) sensor provided incorrect information to the MCAS, causing the system to activate and adjust the plane's horizontal stabilizer in a way that caused the aircraft to rapidly dive.
Additionally, there were several other factors that contributed to the failure of the MCAS system. For example, the MCAS system was designed to rely on a single AOA sensor, which meant that if that sensor failed or provided incorrect data, the system would activate without any additional checks or validation. The MCAS system also lacked adequate safeguards to prevent the crew from being able to override the system, which made it more difficult for the crew to regain control of the aircraft once the system had been activated.
Finally, the MCAS system was not fully disclosed to pilots or included in their initial training, which made it more difficult for them to understand and respond to the system's behavior during an emergency. As a result of these issues, the MCAS system was modified by Boeing and regulatory agencies around the world to reduce the risk of incorrect activation and ensure that the crew had the information and training they needed to respond to the system in an emergency.
Fixes
Since the crashes of Lion Air Flight 610 and Ethiopian Airlines Flight 302, the Maneuvering Characteristics Augmentation System (MCAS) in the Boeing 737 MAX 8 aircraft has been modified to reduce the risk of incorrect activation and improve the safety of the aircraft.
Some of the changes that have been made to the MCAS system include:
- Multiple AOA sensors
The MCAS system now relies on data from multiple AOA sensors, rather than just one, which reduces the risk of the system activating in response to incorrect data from a single malfunctioning sensor. - Safeguards and limitations
The MCAS system now includes additional safeguards and limitations to prevent incorrect activation and ensure that the crew is able to regain control of the aircraft if the system activates. - Pilot training
Pilots now receive comprehensive training on the MCAS system and how to respond to emergency situations, including those that may involve the system. - Improved software
The software that powers the MCAS system has been revised to improve its reliability and reduce the risk of incorrect activation. - Increased oversight
Regulatory agencies around the world have increased their oversight of the 737 MAX 8 and the MCAS system, including conducting more rigorous safety assessments and flight tests, to ensure that the aircraft meets the highest standards for safety and reliability.
In conclusion, the MCAS system has undergone significant changes since the crashes of Lion Air Flight 610 and Ethiopian Airlines Flight 302 to reduce the risk of incorrect activation and improve the safety of the aircraft. These changes were made in response to the lessons learned from the crashes and were aimed at ensuring that the 737 MAX 8 is one of the safest and most reliable aircraft in the world.
Software-related challenges in the aerospace sector
The aerospace industry must prioritize safety and reliability over speed and efficiency, which can slow down the process of software development, and worse, lead to significant bottlenecks at times.
Developing software for aerospace applications can be more challenging than in other industries, because:
- Safety and reliability are critical
The consequences of a software failure in an aerospace application can be grave. Thus, aerospace software must be rigorously tested and validated to ensure that it meets the highest safety and reliability standards. This process can be time-consuming and expensive, but it is essential to ensure the safety of passengers, crew, and the public. - Aerospace systems are incredibly complex
They often involve multiple subsystems that need to work together seamlessly. Developing software that can operate in such an environment requires a significant amount of expertise and experience. It can also be challenging to incorporate new technologies into existing systems without disrupting their performance or safety. - The aerospace industry is heavily regulated
Software development in aerospace is no exception to this. There are stringent guidelines and standards that must be followed, which can add to the time and cost of software development. - They have outdated legacy systems
Many aerospace systems were developed decades ago, and their software may have been designed using outdated programming languages or techniques. Updating or replacing this software can be a significant challenge, particularly when trying to maintain compatibility with existing systems. - There are high costs
Developing software for aerospace applications can be expensive due to the rigorous testing and validation required. The high cost of development can sometimes make it difficult for smaller companies or startups to enter the industry.
New-aged technology to revolutionize the aerospace software landscape
Robust strategies can help streamline the software development process in the aerospace industry, reduce costs, and improve the performance and reliability of aerospace software. Here are some of the examples where technology is making in-roads:
- Model-Based Design (MBD)
MBD is a software development approach that uses mathematical models to design and simulate aerospace systems before physical implementation. This technique can help reduce development time and cost while improving system performance and reliability. - Agile development
Agile software development is an iterative approach that emphasizes collaboration, flexibility, and customer feedback. This approach can help streamline the software development process, increase productivity, and reduce the time to market. - DevOps
DevOps is a software development methodology that emphasizes collaboration and communication between development teams and operations teams. DevOps can help improve the efficiency of the software development process by reducing the time between development and deployment. - Open-source software
Open-source software is software that is freely available and can be modified and distributed by anyone. The use of open-source software can help reduce development costs and increase the speed of software development. - Cloud computing
Cloud computing is a technology that allows software developers to access rand share computing resources over the internet. This technology can help reduce the cost of software development by eliminating the need for expensive hardware and software infrastructure. - Artificial intelligence and machine learning
Artificial intelligence (AI) and machine learning (ML) are technologies that can help improve the performance and reliability of aerospace software. For example, AI and ML can be used to optimize flight paths, predict maintenance needs, and improve safety.
Looking forward
Foolproof aerospace software can help avoid failures in aerospace systems. The problem is, nothing is foolproof. The software is an essential component of aerospace systems and is used to control and monitor critical functions such as navigation, communication, and flight control. By ensuring that the software is designed, developed, and tested to the highest standards, aerospace companies can significantly reduce the risk of system failures. While the 737 Max debacle understandably rocked the world in terms of confidence in aviation technology, it is clear that a lot of the problem happened due to poor prioritization in decisions that pitted conservatism versus competitive business needs. Technological advances in aviation such as ADS-B positioning systems and Next-Gen weather radar greatly augment aviation safety. In case of the 737 Max, Boeing executives took a gamble. Hundreds of people were killed. The aviation industry is not one in which software systems that control an aircraft whose aerodynamics and thrust line have been changed can be released without adequate testing and without adequate pilot training. Hopefully, this lesson will be learned, and we do not have to reinvent the square wheel, as it were...
Takeaways
Overall, the challenges associated with developing software for aerospace applications require a high level of expertise, experience, and attention to detail. While safety and reliability must always be the top priorities, efforts are also being made to streamline the development process without sacrificing quality or safety. These include:
- Regulatory requirements
The aerospace industry is heavily regulated, and software development must comply with a variety of standards and guidelines. These regulations can be complex, and compliance can add an additional layer of difficulty to the software development process. - Hardware limitations
Aerospace software must operate on hardware with specific characteristics and limitations, which can impact software design and development. Hardware limitations can make it challenging to implement certain features or optimizations that may be possible in other industries. - Long development cycles
Due to the rigorous testing and validation processes required for aerospace software, development cycles can be lengthy. This can be frustrating for developers who are used to rapid prototyping and iteration cycles, but it is necessary to ensure that the software is safe and reliable.