acm-header
Sign In

Communications of the ACM

Technology strategy and management

Boeing's 737 MAX: A Failure of Management, Not Just Technology


Boeing 747 MAX in flight

Credit: Boeing

On November 18, 2020, the U.S. Federal Aviation Administration cleared the Boeing 737 MAX for flight, but the history of how Boeing got to this point remains disturbing.1 Back in September 2020, the U.S. House of Representatives released a 238-page report on the 737 MAX debacle, concluding an 18-month investigation.5 The report blamed the two crashes in October 2018 (Lion Air, in Indonesia) and January 2019 (Ethiopian Airlines, in Ethiopia) on the computerized flight-control system called Maneuvering Characteristics Augmentation System (MCAS). The 737 MAX had been Boeing's fastest-selling plane in history before government authorities worldwide grounded the fleet of nearly 400 aircraft—but only after the second crash. A technical system failure was the proximate cause of the disasters, which cost billions of dollars in losses to Boeing and the airlines, and, much more tragically, the lives of 346 passengers and crew.

Founded in 1916, Boeing remains one of the world's most renowned engineering companies. Were the 737 MAX crashes truly a failure of technology, an advanced aircraft-control system? Or was it a failure of management? Of course, at many levels, technology and management are inseparable. Nonetheless, executives, managers, and engineers at Boeing were not stumped by the complexity or unpredictability of a new technology. In a series of decisions, they put profits before safety, did not think through the consequences of their actions, or did not speak out loudly enough when they knew something was wrong. Let's look at the evidence.


Comments


Chris Hobbs

At the Safety Critical Systems Symposium in York in February 2020, Dewi Daniels made the point that, in part, the Boeing 737 Max 8 crashes were due to incorrectly classified requirements.

Because the MCAS system was initially only expected to be needed in cruise flight, its limit was set at 0.6 degrees and its DO-178C criticality was set at DAL-C (Major), rather than DAL-B (Hazardous) or DAL-A (Catastrophic).

When it was realised that the MCAS would also be needed in slow-speed flight and its limit was increased to 2.5 degrees, no change was made to the DAL. Engineers and assessors will spend more time examining DAL-A subsystems, than DAL-C ones (or, for automotive systems, will spend more time on ASIL-D subsystems than on ASIL-A subsystems).

I think that there is an argument that incorrect classification of a requirement played a role in the crashes that occurred.


CACM Administrator

[The following comment/response was submitted by Michael A. Cusumano. --CACM Administrator]

Yes, I am sure there were lots of problems with how Boeing managed the MCAS requirements process and changes, especially as engineers and test pilots learned more about what the system needed to do in slow-speed flight after takeoff.


Displaying all 2 comments

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.
  

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.
Sign In for Full Access
» Forgot Password? » Create an ACM Web Account