The original B737 was launched in 1965 with small turbojet engines and went on to be a very successful aircraft. As fuel efficiency and noise became priorities, the aircraft was fitted with larger CFM turbofan engines and whilst quieter and more fuel efficient the extra size only just made the under wing location viable, due to the need for adequate ground clearance; there was no chance of fitting anything bigger without major changes.
In order to compete with Airbus, especially the neo range recently launched Boeing were forced to find a solution and the 737 MAX was the end result; so how did they get around the ground clearance problem?
The even larger engines fitted to the MAX required either a major redesign of the aircraft and with it the designation as a new model or major variant. Either would have required crew training costs as well as massive cost to develop and authorise the new design. Faced with extra costs in training and engineering, airlines may have opted to go for Airbus instead.
The solution that Boeing settled on was to mount the larger engines further forward in order to raise them up to provide the clearance. This required fewer changes to the aircraft and so was cheaper to make. However, this also had consequences as the aircraft now had different handling characteristics. With engines slung under the wing there can be an upward pitch moment at high thrust settings and the new model had a much more marked reaction as a result of the new engine position, so Boeing needed to produce a solution for that in order the get the design certified; the solution was MCAS.
MCAS senses high angles of attack relative to the airflow via sensors – one on each side of the aircraft – if the aircraft pitches up too far then the MCAS system pitches it down to correct the attitude, however there were two major flaws in the plan; both shocking.
Firstly, the system relied on the one sensor that was providing information to the pilot flying. That flies in the face of basic aviation design, where redundancy is king. If a component fails there should always be another one to pick up the work. For reasons that may be revealed in the full report, the two sensors on the aircraft were not speaking to each other and so there was no cross check if one failed and gave duff data. It seems that in both the Lion Air and Ethiopian crash a sensor did fail and activate the MCAS when the aircraft was flying normally and so we now have a quality issue to add to the mix.
It would appear that in order to avoid crew training or even a new type rating status Boeing decided to omit details of the MCAS system design from the aircraft manual. Whatever the reason behind this decision I find it shocking beyond words. Pilots routinely study the systems on their aircraft during and after type training ground school and frequently go into minute details of the system designs; often parts of systems they can have to control or influence over, let alone a system that is designed to override pilot control inputs.
You may now be wondering how a manufacturer can do this without the regulator having some influence or even taking control of the design before the aircraft is certified for use; if you are, you are right to do so. The authority responsible for this in the US is the Federal Aviation Authority (FAA) and here the story develops another scandalous direction.
Boeing are authorised to have designated personnel within the company and paid by Boeing to carry out the role of inspecting and authorising designs. This is a roll that once was performed by FAA inspectors. Officially Boeing is now approved to mark its own homework.
The FAA has long been too cosy with industry in my view and already has form in this area sadly. When the McDonnell Douglas DC10 was originally certified in 1970 the design had the triple (triple for redundancy) hydraulic control lines for the tail controls running beneath the central engine that was mounted in the tail fin. The authorities in the UK – the Civil Aviation Authority (CAA) – would not accept the design and insisted that one line must route somewhere away from the tail mounted engine in case that engine had an uncontained failure. The reason was, of course, guaranteeing redundancy. If the engine exploded and cut the two hydraulic lines near it then the third would provide control as normal. US aircraft did not have this modification surprisingly.
The result was that in 1989 a United Airlines DC10 had exactly this failure of the central engine and the pilots lost control of the tail control surfaces as a result. Due to outstanding airmanship on the part of the crew, and help from a training captain who was a passenger, the pilots managed to achieve sufficient control to attempt a landing at Soux City, Iowa. Of the 296 passengers 185 survived the crash landing including the pilots. Although a tragedy, the level of skill demonstrated by the crew and rescue services clearly exceeded that of the designers and certifiers; it seems lessons were not learned.