There is much concern right now about the Boeing Max. I have seen also quite a few comments from people saying that they would refuse to fly on it, even after it is approved again. While a typical response, it is a misinformed one.
I will first state that, based on my knowledge of the changes, the issues with the Max as they relate to MCAS and the flight control system in general, will be solved. These problems were, as far as I can see, not due to direct negligence on the part of Boeing, nor the part of FAA. They were an indirect result of the drive to place profit and cost first. An unanticipated consequence of the design and motivations of corporate structure in America. They also were not due to the FAA allowing “self certification” (the Designated Engineering Representative – DER) program either. Unfortunately, these aircraft are so complex the government has little chance of fully vetting every aspect (perhaps that will change now?). As a side note, all pilots in the U.S. have been familiar with the use of designated pilot examiners for decades. The FAA has designated checking of pilots and airplanes for many, many years, and that has not led to any degradation of safety that anyone can point to. That program is, simply, not “the problem”.
So what is “the problem”? It is that our standards for how we design systems and do safety analysis have simply not kept up with the changes in the industry. The assumptions under which they were created are no longer valid. Those standards were designed for a time before computer systems, and they are simply not up to the task. The answer is to update the standards and train engineers and regulators to work with them. MIT’s System Theoretic Process Analysis (STPA) is the best method that I know of to manage this problem. While no system is perfect, STPA would capture most of these types of problems, as well as the traditional ones.
I suspect Boeing is already using this in the redesign of MCAS – I hope they are. However, we have a larger aspect going for us now. We now hove multiple government agencies from all over the world also scrutinizing the Max to a fine detail. The level of attention to this single airplane is, frankly, unprecedented. I am sure that they will look at every nuance in the entire design, and not just at the MCAS aspect. They ALL need to agree before the airplane flies again, and none of them will want their name on the approval without being sure. No aircraft in history has passed such a level of scrutiny.
So, once it is certified (assuming it is) by all the premiere aircraft certification agencies on the planet, then, yes, it will be safe to fly. The one additional feature (that I have not seen discussed) I would still like to see is an aural alert when MCAS is activated. A “MCAS..MCAS..MCAS..” would be a great aid to the pilots in sorting out what the issue might be.
For some additional thoughts on advanced systems in general, please see my previous article Know your aircraft – System Training.
