PPRuNe Forums - View Single Post - Ethiopian airliner down in Africa
Thread: Ethiopian airliner down in Africa
View Single Post
Old 20th Apr 2019, 11:21
  #4166 (permalink)  
Rated De
 
Join Date: Sep 2017
Location: Europe
Posts: 1,674
Likes: 0
Received 0 Likes on 0 Posts
Originally Posted by TryingToLearn
OK, first: I'm not a pilot, I'm a functional safety engineer, mostly working for automotive.
Second: I read this thread from the beginning and learned a lot, thanks!

But I think I can explain one tendency which went up:
Pilots blame the pilots, engineers blame the Boeing engineers.

From my point of view, the reason in both cases is the same:
Pilots know the processes and trained procedures for pilots and learned, that the crews didn't follow them completely and textbook-like but rather improvised. But they do not know the engineering process regarding safety-critical systems/hardware/software.
With the engineers it is exactly otherwise. They see a crew overwhelmed by alarms, shakers and informations caused by an engineering error. For them (sorry) the pilot is the last line of defense in case they did not do their job of everything goes wrong (multiple point fault).

Pilots follow procedures which e.g. minimize the risk to take off with a wrong configuration, They double-check and check again and have proven-in-use procedures which make sure that such things happen less than one in a million flights.
Engineers know proven-in-use processes which make sure that something like the current MCAS system effectively never happens.
Still it happened.

Boeing knows why they put all focus on how great they fix MCAS because if someone asks the right question, they are in much deeper trouble like, for example Volkswagen:
The big punishment for them was not fixing the cars but they had to implement a process that makes sure that this never happens again.

So far nobody asked Boeing how something so obvious and big could slip thru their safety process including document reviews, walk-thru, inspections, accessments and linked documents on several layers of detail. And, in addition, how this would not be found in all the classic safety/quality analysis methods (FMEDA, FMEA, FTA, DFA...).
Safety is not based on the genius of the one great programmer who is also a pilot and simulates every thin in his head (but makes a mistake after having too much pizza) but rather a strict process including a lot of people and a lot of documentation and testing.

Within this thread, pilots question the training and qualification of mainly all pilots regarding critical situations. But they are the last line of defense.
Following the same logic, one could question the qualification, independence and culture of Boeing safety engineers.
And yes, that would lead to the question if there are other functions like MCAS still hidden...

Maybe the pilots may have been able to safe a few lives, but the biggest mistakes happened years before driven by
-> Strange laws (Grandfather rights)
-> Commercial interest (no training)
-> inconsistent requirements / documentation (0,6 within risk analysis and 2.5 within SW)
-> Maybe bad safety culture if this was done on purpose and not by mistake
-> Mistakes within the impact analysis of a wrong MCAS activation

If I would be a member of the FAA or similar organization, I would not focus on MCAS and the bugfix, I would simply aks: What went wrong within the engineering process and how can you prove that no other hazards excaped thru the exact same hole in your process.
The deviation from established engineering rocesses I assume here in my opinion far exceeds the deviation between the trim runaway procedure and what actually happened.

But as mentioned: I'm not a pilot.
Normailisation of Deviance.

It happens an increment at a time.
Rated De is offline