During the interviews for a story on avionics interfaces, one source made a passing reference to interface failure of the Boeing 737 Max MCAS (Maneuver Characteristics Augmentation System). The significance of this observation did not resonate until I started reading FAA Advisory Circular 25.1302-1, Installed Systems and Equipment for Use by the Flightcrew, dated May 3, 2013.
The guidance in the 62-page AC “is intended to minimize the occurrence of design-related errors by the flightcrew and to enable the flightcrew to detect and manage errors that do occur.” I added the italics because the 737 Max interface certainly did not enable the crews of the two doomed 737’s to detect and deal with the MCAS errors. (And why the FAA conjoins flight and crew is beyond me, so I’ll separate them in the following sections of the AC.)
The AC addresses the design and approval on installed flight deck equipment and makes “recommendations for the design and evaluation of controls, displays, system behavior, and system integration, as well as design guidance for error management.” The complexity of the system design “from the flight crew’s perspective is an important factor that may also affect the means of compliance” with the certification requirements.
Part 25 requires manufacturers to design installed equipment whose behavior is “operationally relevant to the flight crew tasks…predictable and unambiguous.”
Operational relevance is the combined effect of the system’s operational logic, control function and placement, displayed information, and the crew’s perception and awareness of the system’s operation.
Complex controls that are inconsistent with each other or other systems are a source of errors. The family of controls includes buttons, switches, knobs, keyboards, keypads, cursor control devices, and touch screens.
After reading the guidance on “system behavior,” one wonders what obtuse rationalization laid the foundation for this aspect of MCAS certification.
Chapter 5 of the AC says a predictable and unambiguous system “enables qualified flight crews to know what the system is doing, and why. This means a flight crew should have enough information about what the system will do under foreseeable circumstances as a result of their action or a changing situation that they can operate the system safely.”
Clearly, this guidance did not lead to the desired safe outcome on two occasions. — Scott Spangler, Editor
Rivegauche610 says
“MCAS Certification a Boeing Executive Greed and Negligent Incompetence Failure”
Corporate executives ought to be held criminally liable when their rapacious greed and self-centeredness causes them to direct actions that knowingly can and will result in people dying. Although the Talmud teaches that “an eye for an eye” doesn’t mean poking out an eye as retribution, rather, it implies a financial penalty, I still favor the idea of Boeing executive filth being capitally charged, tried and punished.
Justin says
Very interesting. I never know that AC existed and assumed the companies simply did as they saw fit. I wonder how the single pilot design folks at Citation (with all of their single pilot history) feel about the Max’s system designs…