Published Date: 2013-01-16
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident happened in January 2013 [Article 16216]. 2. The software failure incident happened in January 2013 [Article 16739]. 3. The software failure incident happened in January 2013 [Article 16741]. 4. The software failure incident happened in January 2013 [Article 16755]. 5. The software failure incident happened in January 2013 [Article 31474]. 6. The software failure incident happened in January 2014 [Article 36642]. |
| System | 1. Lithium ion batteries used for the auxiliary power unit on the Boeing 787 [16162, 16216, 16568, 16730, 16738, 16741, 16753, 16755, 17416, 31474, 36642] 2. Battery pack in an auxiliary power unit [16755] 3. Electrical system of the Dreamliner [16738] 4. Battery cell in the A.P.U. battery [31474] 5. Battery system design [16741] 6. Battery cell 5 or cell 6 [31474] |
| Responsible Organization | 1. Boeing's engineers failed to consider and test the worst-case assumptions linked to possible battery failures, according to the National Transportation Safety Board [31474]. 2. The Federal Aviation Administration failed to recognize the potential hazard and did not require proper tests as part of its certification process, contributing to the software failure incident [31474]. 3. The battery problem on the Boeing 787 was blamed on overheating from an electrical short circuit that may have been caused by manufacturing defects and unsatisfactory oversight of the manufacturing process by both the FAA and Boeing [36642]. |
| Impacted Organization | 1. All Nippon Airlines and Japan Airlines [Article 16216, Article 16568] 2. Boeing [Article 16730, Article 16738, Article 16741, Article 16753, Article 16755, Article 17568] 3. Federal Aviation Administration (FAA) [Article 16741, Article 17568] 4. Passengers and crew members on the affected flights [Article 16216, Article 16568] |
| Software Causes | 1. unknown |
| Non-software Causes | 1. Manufacturing flaws and defects in the lithium-ion batteries used in the aircraft [16162, 16216, 16568, 16741, 31474, 36642] 2. Problems with sourcing certain parts for the aircraft [16216, 16568] 3. Development issues with the on-board software [16216, 16568] 4. Delays in test flights due to a machinists strike [16216, 16568] 5. Struggles in the timely supply of engines by Rolls Royce [16216, 16568] 6. Overweight issues with the first three 787s [16216, 16568] 7. Valve left open causing a fuel leak [16162] 8. Electrical issues related to the large number of new technologies used on the airplane [16162] |
| Impacts | 1. The software failure incident led to a series of incidents involving lithium-ion battery failures, resulting in the release of flammable electrolytes, heat damage, and smoke on Boeing 787 Dreamliners, prompting global groundings of the aircraft [Article 16568, Article 16741]. 2. The incident caused Boeing shares to fall by 6.3%, wiping an estimated $2.7 billion off the company's stock market value [Article 16216]. 3. The software failure incident resulted in the first grounding of a U.S. commercial airplane fleet since 1979, threatening to undermine confidence in the Dreamliner and Boeing itself [Article 16730]. 4. The incident led to a safety review of the aircraft by aviation authorities around the world, with airlines ordered to stop flying their Boeing 787 Dreamliners over fire risk associated with battery failures [Article 16741]. 5. The incident highlighted flaws in manufacturing, insufficient testing, and a poor understanding of the innovative battery technology used in the Boeing 787 fleet, leading to the grounding of the aircraft [Article 31474]. |
| Preventions | 1. Proper testing and inspection of the batteries and electrical components before deployment [#31474, #17416]. 2. Incorporating design requirements to mitigate the most severe effects of an internal short circuit within the A.P.U. battery cell [#31474]. 3. Implementing a more conservative approach in safety analyses during the design phase [#31474]. 4. Ensuring proper oversight of the manufacturing process to prevent defects and flaws [#36642]. 5. Recognizing potential hazards and conducting thorough testing as part of the certification process [#31474]. 6. Addressing manufacturing flaws and defects that could lead to battery failures [#31474, #36642]. |
| Fixes | 1. Implementing a comprehensive set of solutions to minimize the potential for battery failure, including enhanced production and testing processes [Article 17416]. 2. Developing software to resolve the problem, as mandated by the FAA, which is characterized as temporary until the software fix is implemented [Article 36642]. | References | 1. National Transportation Safety Board [31474, 36642] 2. Federal Aviation Administration [31474, 36642] 3. Boeing [31474, 36642] 4. Transportation Secretary Ray LaHood [16753] 5. Aviation analyst Richard Aboulafia [16730] 6. Marc Birtel, Boeing spokesman [16216, 18003] 7. Transportation Secretary Ray LaHood [16753] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident related to lithium-ion battery failures on Boeing's 787 Dreamliner aircraft has happened again at Boeing. The incidents involved battery failures resulting in the release of flammable electrolytes, heat damage, and smoke on two aircraft [16216]. The National Transportation Safety Board (NTSB) report highlighted manufacturing flaws, insufficient testing, and a poor understanding of the innovative battery as contributing factors to the grounding of Boeing's 787 fleet after a fire in a jet at Boston's airport and another incident in Japan [31474]. (b) The software failure incident related to lithium-ion battery failures on Boeing's 787 Dreamliner aircraft has also happened at other organizations. Authorities in Europe, Japan, and India grounded the planes while the battery problem was investigated, and carriers in Chile and Ethiopia also set down their 787s until further notice [16741]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident occurring due to the development phases: - The National Transportation Safety Board report on the Boeing 787 battery problems attributed the grounding of the fleet to flaws in manufacturing, insufficient testing, and a poor understanding of an innovative battery [#31474]. - The report suggested that manufacturing flaws introduced defects that led a battery cell to fail, causing the battery to consume itself in fire and smoke [#31474]. - Boeing's engineers failed to consider and test the worst-case assumptions linked to possible battery failures, according to the report [#31474]. - The report also faulted the Federal Aviation Administration (FAA) for failing to recognize the potential hazard and not requiring proper tests as part of its certification process [#31474]. (b) The software failure incident occurring due to the operation phases: - The lithium-ion battery failures on the Boeing 787s resulted in the release of flammable electrolytes, heat damage, and smoke, leading to the grounding of the fleet [#16216]. - The FAA's emergency directive mentioned incidents involving lithium-ion battery failures that could result in damage to critical systems and structures, as well as the potential for fire in the electrical compartment [#16568]. - The battery problems were attributed to overheating from an electrical short circuit that may have been caused by manufacturing defects and unsatisfactory oversight of the manufacturing process by both the FAA and Boeing [#36642]. |
| Boundary (Internal/External) | within_system | (a) within_system: The software failure incident related to the lithium-ion battery failures on the Boeing 787 Dreamliner was primarily within the system. The incidents involved failures of the batteries themselves, the power source or charging system, and the Dreamliner's electrical system as a whole [16738]. The National Transportation Safety Board attributed the battery problems to flaws in manufacturing, insufficient testing, and a poor understanding of the innovative battery technology used on the aircraft [31474]. The safety board suggested that manufacturing flaws introduced defects that led to a battery cell failure, causing the battery to consume itself in fire and smoke [31474]. Additionally, the NTSB report blamed the battery problem on overheating from an electrical short circuit, possibly caused by manufacturing defects and unsatisfactory oversight of the manufacturing process by both the FAA and Boeing [36642]. (b) outside_system: There is no specific mention in the articles of the software failure incident being primarily due to contributing factors originating from outside the system. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incidents related to the Boeing 787 Dreamliner were primarily attributed to issues with the lithium-ion batteries used in the aircraft, such as self-heating due to temperature and pressure changes, battery failures resulting in the release of flammable electrolytes, heat damage, and smoke [Article 16216]. - The National Transportation Safety Board (NTSB) report highlighted that the battery problems on the Boeing 787 were caused by an internal short circuit in the battery cells, leading to a fire that propagated to other cells, known as a thermal runaway. The report suggested that manufacturing flaws introduced defects that led to the battery cell failure, ultimately causing the battery to consume itself in fire and smoke [Article 31474]. (b) The software failure incident occurring due to human actions: - The NTSB report also mentioned that Boeing's engineers failed to consider and test the worst-case assumptions linked to possible battery failures, and the Federal Aviation Administration (FAA) failed to recognize the potential hazard and did not require proper tests as part of its certification process, indicating human oversight and decision-making contributed to the incident [Article 31474]. - The NTSB report further blamed the battery problem on overheating from an electrical short circuit that may have been caused by manufacturing defects and allegedly unsatisfactory oversight of the manufacturing process by both the FAA and Boeing, highlighting potential human errors in the manufacturing and oversight processes [Article 36642]. |
| Dimension (Hardware/Software) | hardware | (a) The software failure incident occurring due to hardware: - The incidents involving lithium-ion battery failures on the aircraft were attributed to hardware issues such as battery failures, release of flammable electrolytes, and heat damage [Article 16216]. - The National Transportation Safety Board suggested that manufacturing flaws in the batteries introduced defects that led to a battery cell failure, causing the battery to consume itself in fire and smoke [Article 31474]. - The battery problem was blamed on overheating from an electrical short circuit that may have been caused by manufacturing defects [Article 36642]. (b) The software failure incident occurring due to software: - There is no specific mention of a software failure incident originating from software issues in the provided articles. |
| Objective (Malicious/Non-malicious) | non-malicious | (a) The software failure incident related to the Boeing 787 Dreamliner battery issues was non-malicious. The incidents were attributed to lithium ion battery failures, manufacturing flaws, insufficient testing, and a poor understanding of the innovative battery technology [16216, 16741, 31474, 36642]. (b) The software failure incidents were not reported to be malicious in nature, but rather stemmed from technical and manufacturing issues, as well as oversight shortcomings. |
| Intent (Poor/Accidental Decisions) | unknown | The articles do not mention any software failure incidents related to poor decisions or accidental decisions. |
| Capability (Incompetence/Accidental) | accidental | (a) development_incompetence: The articles do not mention any software failure incidents related to development incompetence. (b) accidental: The software failure incidents related to lithium-ion battery failures, such as fires, smoke, and heat damage on the Boeing 787 aircraft, were described as accidental. The incidents were attributed to issues with the batteries, including flammable electrolytes, and were not intentional acts of incompetence [Article 16216, Article 16568, Article 16741, Article 16753, Article 16755]. |
| Duration | permanent, temporary | The software failure incident related to the lithium-ion battery failures on the Boeing 787 Dreamliner aircraft can be categorized as both permanent and temporary. - **Permanent Aspect**: The incident involving lithium-ion battery failures on the Dreamliner aircraft was a permanent failure due to contributing factors introduced by all circumstances. The National Transportation Safety Board (NTSB) found evidence of electrical shorts within a single cell of the lithium-ion battery in the Boston airplane, indicating a fundamental issue with the battery design [17333]. The NTSB also criticized Boeing for failing to incorporate design requirements to mitigate the most severe effects of an internal short circuit within the battery cells, indicating a systemic flaw in the design process [31474]. - **Temporary Aspect**: The incident can also be considered temporary as it was triggered by certain circumstances but not all. For example, the FAA issued a directive mandating a repetitive maintenance task for the 787 model due to issues with its power supply, specifically related to potential loss of AC electrical power after continuous operation for 248 days [36642]. This temporary issue was related to a specific aspect of the power supply system rather than a fundamental flaw in the overall design. Therefore, the software failure incident involving lithium-ion battery failures on the Boeing 787 Dreamliner aircraft exhibited aspects of both permanent and temporary failures based on the contributing factors identified in the articles. |
| Behaviour | omission, value, other | (a) crash: - Article 16162 mentions incidents where the airplane performed exactly as designed in containing a fire in the electronics bay [16162]. - Article 16753 describes a software failure incident where there was "severe fire damage" to the auxiliary power unit battery, with thermal damage confined to the area near the battery rack [16753]. (b) omission: - Article 16741 discusses incidents involving battery failures that resulted in the release of flammable electrolytes, heat damage, and smoke on two aircraft, indicating a failure to perform the intended functions [16741]. (c) timing: - No specific instances related to timing failures were mentioned in the provided articles. (d) value: - Article 16738 mentions that it remains unclear whether the problem with the battery incidents is with the batteries themselves, the power source or charging system, or the Dreamliner's electrical system as a whole, indicating a failure in performing the intended functions correctly [16738]. (e) byzantine: - No specific instances related to byzantine failures were mentioned in the provided articles. (f) other: - Article 31474 discusses flaws in manufacturing, insufficient testing, and a poor understanding of an innovative battery contributing to the grounding of Boeing’s 787 fleet, which could be considered as a failure behavior not fitting into the defined categories [31474]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | harm, property, delay, non-human, theoretical_consequence | (a) death: There were no reports of people losing their lives due to the software failure incident in the provided articles. (b) harm: The software failure incidents related to lithium ion battery failures on Boeing 787 Dreamliners resulted in the release of flammable electrolytes, heat damage, and smoke, potentially causing harm to critical systems and structures [Article 16216, Article 16568, Article 16741]. (c) basic: There were no reports of people's access to food or shelter being impacted due to the software failure incident in the provided articles. (d) property: The software failure incidents on Boeing 787 Dreamliners led to damage to critical systems and structures, which could impact people's material goods, money, or data [Article 16216, Article 16568, Article 16741]. (e) delay: The incidents involving lithium ion battery failures on the Boeing 787 Dreamliners caused inconvenience to customers and passengers, impacting their operating schedules [Article 16216]. (f) non-human: The software failure incidents impacted the Boeing 787 Dreamliners, which are non-human entities [Article 16216, Article 16568, Article 16741]. (g) no_consequence: There were observed consequences of the software failure incidents on the Boeing 787 Dreamliners. (h) theoretical_consequence: The potential consequences discussed included the risk of fire in the electrical compartment, damage to critical systems and structures, and the grounding of the aircraft until the problems were resolved [Article 16216, Article 16568, Article 16741]. (i) other: There were no other consequences of the software failure incidents mentioned in the provided articles. |
| Domain | transportation | (a) The software failure incident was related to the transportation industry, specifically affecting the Boeing 787 Dreamliner aircraft [16162, 16216, 16568, 16730, 16738, 16739, 16741, 16753, 17333, 17416, 18003, 31474, 36642]. The incident involved issues with the aircraft's electrical system, including problems with lithium-ion batteries, electrical fires, and foreign object debris causing failures during flight testing and commercial operation. The grounding of the Dreamliner fleet due to these failures had significant financial implications for Boeing and its customers. |
Article ID: 36642
Article ID: 16216
Article ID: 17568
Article ID: 17333
Article ID: 16755
Article ID: 16741
Article ID: 31474
Article ID: 16753
Article ID: 16162
Article ID: 16738
Article ID: 16739
Article ID: 16730
Article ID: 18003
Article ID: 16568
Article ID: 17416