| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the Boeing 737 Max MCAS system activating erroneously due to a faulty sensor causing a fatal crash has happened again within the same organization. The incident occurred in both the Ethiopian Airlines flight and an Indonesian disaster involving the same jet [81854].
(b) The software failure incident related to the Boeing 737 Max MCAS system activating erroneously due to a faulty sensor causing a fatal crash has also happened at multiple organizations. The incident in Ethiopia was similar to the one in Indonesia, indicating a potential systemic problem with the aircraft [81854]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the case of the Boeing 737 Max crashes. The incidents were caused by a faulty sensor that erroneously activated the MCAS (Maneuvering Characteristics Augmentation System) due to data from a single angle-of-attack sensor, leading to an irrecoverable nose-dive [81854]. This design flaw allowed a single sensor to activate a crucial system that pushed the aircraft toward the ground, highlighting a systemic problem with the aircraft's design [81854].
(b) The software failure incident related to the operation phase is seen in the pilots' attempts to override the MCAS system during the Indonesian flight. The pilots tried repeatedly to counteract the system, but after about 12 minutes, they lost their battle, ultimately leading to the crash [81854]. Additionally, in the Ethiopian Airlines crash, the pilots experienced trouble controlling the aircraft as it exhibited a bouncing, bobbing trajectory before crashing, indicating operational challenges in managing the system [81854]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident related to the Boeing 737 Max crashes was primarily within the system. The incident was caused by a faulty sensor, specifically the angle-of-attack sensor, that erroneously activated the MCAS (Maneuvering Characteristics Augmentation System) on the aircraft, leading to the fatal crashes [81854].
(b) outside_system: While the primary cause of the software failure incident was within the system, there were contributing factors from outside the system as well. For example, the article mentions that the angle-of-attack sensors can fail due to various external factors such as bird strikes, jetway impacts, or freezing at high altitudes [81854]. Additionally, there were concerns raised about the design of the system and the reliance on data from a single sensor, indicating potential oversight in the certification process and regulatory oversight by external entities like the Federal Aviation Administration [81854]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the Boeing 737 Max crashes was primarily due to non-human actions. The incidents were caused by a faulty sensor, specifically the angle-of-attack sensor, which erroneously activated the MCAS automated system on the aircraft, leading to a series of events that resulted in the crashes [81854].
(b) However, human actions also played a role in the software failure incident. Boeing faced scrutiny for its role in the design and certification of the plane, with concerns raised about the initial design flaws in the MCAS system and the reliance on data from a single sensor. Boeing later unveiled a software update to address these concerns, indicating a recognition of the need for human intervention to rectify the issues [81854]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article mentions that the crash of the Ethiopian Airlines flight was caused by a faulty sensor, specifically the angle-of-attack sensor, which erroneously activated the MCAS automated system on the Boeing 737 Max [81854].
- The angle-of-attack sensor, a hardware component, incorrectly activated the computer-controlled system, leading to an irrecoverable nose-dive that resulted in the crash [81854].
- The article also discusses how the angle-of-attack sensors, which are hardware components, can fail due to various reasons such as bird strikes, jetway impacts, freezing at high altitudes, or malfunctions [81854].
(b) The software failure incident occurring due to software:
- The article mentions that Boeing unveiled a software update to address concerns about the MCAS system and the sensors, indicating that there were software issues contributing to the failure incident [81854].
- The software update specifically aims to address the suspected problems that may have led to the two deadly crashes involving the Boeing 737 Max jets [81854].
- The update will make the system rely on two sensors instead of one and limit the engagement of MCAS in most cases, showing that software modifications are being implemented to prevent similar incidents in the future [81854]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident related to the Boeing 737 Max crashes was non-malicious. The incidents were caused by a faulty sensor (angle-of-attack sensor) that erroneously activated the MCAS (Maneuvering Characteristics Augmentation System) on the aircraft, leading to a series of events that resulted in the crashes. The system was designed to activate based on data from a single angle-of-attack sensor, which was identified as a flaw in the system design. Boeing has since acknowledged the design flaw and unveiled a software update to address the concerns about MCAS and the sensors [81854].
(b) The software failure incident was non-malicious as it was attributed to a design flaw in the system rather than any intentional actions to harm the system. The reliance on data from a single sensor, the angle-of-attack sensor, was identified as a critical flaw in the system design, leading to the activation of the MCAS system and subsequent crashes. Boeing has taken steps to address the design flaw through a software update that aims to make the system more robust and prevent similar incidents in the future [81854]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
The software failure incident related to the Boeing 737 Max crashes can be attributed to both poor decisions and accidental decisions:
(a) poor_decisions: The incident involved poor decisions such as the initial design flaw of the MCAS system that relied on data from a single angle-of-attack sensor, which was considered a systemic problem with the aircraft [81854]. Boeing faced scrutiny for its role in the design and certification of the plane, with concerns raised by air-safety experts and former employees about the single point of failure in the system [81854].
(b) accidental_decisions: The incident also involved accidental decisions or unintended consequences, such as the erroneous activation of the MCAS system by a faulty sensor, leading to an irrecoverable nose-dive that caused the crashes [81854]. The activation of MCAS based on bad data from a sensor in the Indonesia crash was an unintended consequence that led to the tragic outcome [81854]. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the case of the Boeing 737 Max crashes. The incidents were caused by a faulty sensor that erroneously activated an automated system known as MCAS, which pushed the front of the plane down, leading to irrecoverable nose-dives and resulting in the loss of all passengers on board [81854]. The system was originally designed to activate based on data from a single angle-of-attack sensor, which experts criticized as a flawed engineering system with a single point of failure [81854]. Boeing has faced scrutiny for its role in the design and certification of the plane, with investigations ongoing to determine what went wrong, indicating potential systemic problems with the aircraft [81854].
(b) The software failure incident related to accidental factors includes the sensor malfunctions that occurred due to various reasons such as bird strikes, jetway interactions, water pooling and freezing, and sensor failures in the past [81854]. These accidental factors contributed to the erroneous activation of the MCAS system, leading to the tragic crashes of the Boeing 737 Max planes [81854]. |
| Duration |
temporary |
The software failure incident related to the Boeing 737 Max crashes can be categorized as a temporary failure. The incident was caused by a faulty sensor (angle-of-attack sensor) that erroneously activated the MCAS system, leading to the crashes in Ethiopia and Indonesia. Boeing has acknowledged the initial design flaw and has unveiled a software update to address the concerns about MCAS and the sensors. The update will make the system rely on two sensors instead of one and limit MCAS from engaging more than once in most cases. This indicates that the failure was due to contributing factors introduced by certain circumstances (faulty sensor design and activation) but not all circumstances, as Boeing is taking specific steps to rectify the issue and prevent similar incidents in the future [81854]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident in the Boeing 737 Max crashes was due to the system erroneously activating an automated system (MCAS) that pushed the front of the plane down, leading to an irrecoverable nose-dive that resulted in the crashes in both Ethiopia and Indonesia [81854].
(b) omission: The system failed to perform its intended function of stabilizing the aircraft by activating the MCAS system based on erroneous data from a single angle-of-attack sensor, which led to the fatal crashes [81854].
(c) timing: There is no specific mention of the software failure incident being related to timing issues in the articles.
(d) value: The software failure incident falls under this category as the system performed its intended functions incorrectly by activating the MCAS system based on faulty sensor data, causing the crashes [81854].
(e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure in the articles.
(f) other: The software failure incident could also be categorized as a flaw in the system design, as experts and former employees expressed concerns about the system having a single point of failure with the angle-of-attack sensor, which is considered a flaw in aviation engineering [81854]. |