Episode 7 – The Occurrence of Failure: The Lion Air Disaster
Source: The Seattle Times
The Boeing MAX 8 story presents the unique situation of two tragic crashes, a prior close-call incident, and three earlier flights with forewarning issues, all driven by the same Context and Structure of Failure.
This episode addresses the first crash—Lion Air Flight 610—and the events immediately preceding and immediately following it, the latter of which set the stage for another disaster.
Here, we see a profound inability, or unwillingness, to recognize the seriousness of MCAS's design flaws. Instead, they are obscured to airlines, pilots, and regulators, and the focus is placed on marginal procedural changes while working in the background to modify MCAS’s design.
Please share your views, insights, and opinions through the MAX 8 Podcast Comments form. Episode 12 will be dedicated to feedback from listeners such as you.
-
EPISODE HIGHLIGHTS:
(0:45) – The notion of Occurrence of Failure and its relationship to the prior phases of failure.
(6:18) – How I've organized the Occurrence of Failure story (episodes 7 and 8).
(7:39) – Three flights immediately preceding the crash: "weak signals".
(10:57) – The first cockpit emergency: Lion Air Flight 043.
(17:11) – The second cockpit emergency leading to the tragic crash: Lion Air Flight 610.
(22:23) – What do the events of the five flights tell us?
(26:38) – The interim period following the crash of Lion 610 (setting the stage for another tragedy).
KEY POINTS:
What is the "Occurrence of Failure"?
The Occurrence of Failure is the intertwined sequence of events, decisions, and actions within a clearly defined, often brief, time frame, culminating in a specific failure, be it a disaster, accident, or crime. An occurrence commences with a triggering event and concludes with an observable and quantifiable failure.
Similar to the Structure of Failure, the Occurrence of Failure also has two spheres. The inner sphere is the precise socio-technical sequence of events, actions, and reactions between technology and people initiated by a triggering event and ending with a failure.
The outer sphere represents closely related events that influence specific outcomes. These might feel like elements of Structure, but because they are so close to the event itself, they are “of the moment.”
The outer sphere can also represent inactions that, if taken instead, might have intervened in the occurrence sequence.
Events preceding Lion Air 610:
An unknown system problem triggered error alerts on two data displays for three consecutive flights. Tests ultimately concluded that a faulty AOA sensor was a probable cause, leading to its replacement.
However, the replacement AOA sensor proved more problematic for the next flight – Flight 043. This time, the crew experienced both data alerts and a stick shaker. Also, this time, MCAS activated and pushed the airplane down. The crew handled the impact of MCAS effectively but unknowingly and failed to identify the situation as a runaway stabilizer problem until a passive observer commented that the manual trim flywheels were spinning.
There was poor communication between the flight crews and maintenance. The crew of Lion 043 grossly underreported their emergency, at least on paper.
We saw maintenance personnel take an unimaginative “follow the manual” approach to problem-solving. For Flight 043, the priority seems to have been getting the airplane ready to fly again, not troubleshooting a difficult-to-pin-down safety issue.
Key events during the Lion 610 disaster:
First, Lion 610’s pilots entered a dangerous, known situation without information on the problem.
Once MCAS activated, the pilots did not recognize a runaway stabilizer situation. They were preoccupied with the first problem—the indicator alerts and the stick shaker – not the second, a trimming system malfunction. Focused on the wrong problem, with their heads buried in the QRH, they did not observe the larger situation, including the manual trim flywheels rotating.
Therefore, MCAS was never actively disengaged as the pilots on Flight 043 had done, and the cause-and-effect mechanics were not understood. In retracting, extending, and retracting the flaps again, the pilots inadvertently shut MCAS on, off, and on without understanding the cause and effect and deducing useful insight from it.
Communication and coordination between the two pilots were abysmal—a situation related to a concept I previously mentioned called “crew (or cockpit) resource management (CRM)”. The captain never directed the first officer to retrim aggressively.
The first officer demonstrated weak piloting skills. The captain had been able to retrim successfully, but when he handed over control without explicit guidance, the co-pilot became confused and was then overwhelmed.
The Interim Period:
This set off a scramble to address the technical problem as quickly as possible while minimizing the impact on Boeing and its customers, the airlines. It also meant maintaining a thick, dark veil over others' eyes.
A series of public memos were issued by Boeing and the FAA. These documents first didn't mention MCAS. When they finally did, information was limited and instructions were focused on existing procedures for runaway trim events.
Ultimately, no action was taken to ground the MAX fleet or inspect the fleets, aside from unveiling MCAS to pilots and reinforcing the existing runaway trim procedure. From there, Boeing went on damage control.
Quietly, Boeing began to work on a fix to the MCAS design. One could speculate that if the Ethiopian crash had not occurred, the software might have been quietly deployed, partially obscured to the airlines, pilots, regulators, and the public, and the whole affair might have slipped through.
Conclusions.
The bottom line is that a faulty AoA sensor triggered two flight emergencies. However, two flight crews and one maintenance crew failed to understand and figure out the problem. They are all part of this Occurrence of Failure.
The information not disclosed would become critical elements in the setup of Ethiopian Flight 302. These responses to the Lion 610 crash became elements in the outer sphere of the Occurrence of Failure for Ethiopian 302.
THING YOU CAN DO:
Let me know your thoughts.
Please share your views, insights, and opinions. Episode 12 will be dedicated to feedback from listeners such as you.
You can contact me through the MAX8 Podcast Comments form. While I may not be able to respond to all comments, I will read each one carefully. I’m very interested in your thoughts.
Download my Framework of Failure description.
The Framework of Failure is summarized in a six-page PDF that can be downloaded. Access is at the bottom of the Home Page at BradIvie.com.
Subscribe for updates and announcements.
Please sign up to receive periodic email communications from me, primarily announcements of new podcast episodes and (in the future) blog posts. The signup form is at the bottom of all web pages on BradIvie.com.
Share this episode with friends and colleagues.
This podcast is created for many audiences: business professionals, management consultations, aeronautics industry professionals, aviation enthusiasts, policymakers, and the general public. Please share this episode.
with those who you feel would be interested in this story and benefit from the information provided and the analytic approach taken. Or perhaps the video trailer for the series.
