| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the Boeing 737 Max aircraft grounding due to an electrical problem has happened again within the same organization (Boeing). This incident comes after the previous software-related issues with the MCAS system that led to two fatal crashes. The recent discovery of an electrical problem affecting the 737 Max aircraft led to the grounding of more than 100 planes belonging to 24 airlines worldwide [114247].
(b) The software failure incident related to the Boeing 737 Max aircraft grounding due to an electrical problem has also affected multiple organizations. The grounding of more than 100 Boeing 737 Max aircraft belonging to 24 airlines worldwide indicates that this issue has impacted various airlines operating these aircraft models [114247]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the case of the Boeing 737 Max aircraft. The article mentions that the discovery of a potential electrical problem in the aircraft was traced to poor electrical bonding during manufacturing, where panel assemblies were not effectively conducting electricity and forming part of a connection with the frame of the aircraft [114247]. This design flaw led to improper grounding of components on the plane, affecting critical systems like engine ice protection and potentially resulting in the loss of critical functions during flight.
(b) The software failure incident related to the operation phase can be observed in the case of the MCAS software issue that triggered the loss of two Boeing 737 Max aircraft in Indonesia and Ethiopia. Flawed data from a faulty sensor prompted the MCAS software to force the nose of the aircraft down repeatedly, leading to catastrophic dives when the pilots were trying to gain height [114247]. This operational failure was a result of flawed data input and the system's response during the flight operation. |
| Boundary (Internal/External) |
within_system |
(a) within_system: The software failure incident related to the Boeing 737 Max aircraft was primarily within the system. The article mentions that the potential electrical problem leading to the grounding of over 100 aircraft was traced to poor electrical bonding within the newly manufactured 737 Max 8 aircraft [114247]. The fault in the electrical power systems on the aircraft, specifically related to improper grounding of components like the pilots' main instrument panel and standby power control unit, was identified as a dangerous flaw originating from within the system itself. The FAA highlighted that this issue could affect the operation of certain systems on the aircraft, potentially leading to critical malfunctions during flight [114247]. The article also discusses how the changes in the way panels were attached on parts of the plane, which led to the electrical problem, were considered a minor change that was not notified to regulators, indicating an internal system issue [114247]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident related to the Boeing 737 Max aircraft was primarily attributed to an electrical problem caused by poor electrical bonding in the newly manufactured planes. This issue led to improper grounding of components on the aircraft, affecting critical systems like engine ice protection and potentially resulting in the loss of critical functions during flight [114247].
(b) The software failure incident occurring due to human actions:
The articles suggest that the software failure incident related to the Boeing 737 Max aircraft was not directly caused by human actions but rather by changes in the way panels were attached on parts of the plane in early 2019. These changes, considered minor and not notified to regulators, led to the electrical problem discovered in the newly manufactured aircraft. The articles also mention allegations by a whistle-blower, Ed Pierson, linking alleged production pressures at the factory to electrical anomalies and flight control system problems that occurred on the crashed aircraft prior to the accidents [114247]. |
| Dimension (Hardware/Software) |
hardware |
(a) The software failure incident related to hardware:
The article discusses a potential electrical problem discovered in Boeing's 737 Max aircraft, leading to the grounding of over 100 planes belonging to various airlines worldwide. The issue was traced to poor electrical bonding in the aircraft, where panel assemblies were not effectively conducting electricity and forming connections with the frame of the aircraft. This hardware-related fault affected critical systems like engine ice protection and could result in the loss of essential functions during flight, potentially jeopardizing safe flight and landing [114247].
(b) The software failure incident related to software:
The article mentions the flawed flight control software known as MCAS, which played a role in the two fatal crashes involving the 737 Max aircraft in Indonesia and Ethiopia. In those accidents, erroneous data from a faulty sensor triggered the MCAS software to repeatedly force the nose of the aircraft down, leading to catastrophic dives. However, the recent electrical problem discovered in the aircraft was deemed unrelated to the MCAS software issue. The software failure incident in this context was attributed to hardware-related factors rather than originating in the software itself [114247]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident related to the Boeing 737 Max aircraft was non-malicious. The incident was attributed to a potential electrical problem that led to the grounding of more than 100 aircraft. The fault was traced to poor electrical bonding in the newly manufactured 737 Max 8, where panel assemblies were not conducting electricity effectively, leading to improper grounding of components on the plane [114247]. The issue was identified during testing and was not linked to the errant flight control software (MCAS) that was responsible for the two fatal crashes involving the 737 Max aircraft [114247].
(b) The incident was not reported to be malicious, indicating that the contributing factors were not introduced with the intent to harm the system. Instead, it was described as an honest mistake related to changes in the way panels were attached on parts of the aircraft, which were not notified to regulators [114247]. The focus was on addressing the electrical issue to ensure the safety and airworthiness of the affected aircraft, rather than any intentional harm caused by human actors. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident related to the Boeing 737 Max aircraft was primarily attributed to poor decisions rather than accidental decisions. The incident was linked to alleged poor production standards at the 737 factory, which were claimed to have contributed to electrical defects on the crashed planes. A whistle-blower, Ed Pierson, suggested that defects in the wiring of the aircraft could have led to the erroneous deployment of the MCAS software, alongside sensor failures implicated in the crashes. Pierson highlighted that the factory had become "dysfunctional" and "chaotic" due to production pressures to produce new aircraft quickly, potentially leading to the identified electrical anomalies and flight control system problems [114247]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident related to the Boeing 737 Max aircraft was not directly attributed to development incompetence. The article mentions that the electrical problem discovered in the aircraft was traced to poor electrical bonding during manufacturing, where panel assemblies were not conducting electricity effectively, leading to improper grounding of components on the plane [114247].
(b) The software failure incident was described as an accidental failure. It was explained that the issue with the electrical power systems on the aircraft was not due to unethical behavior but rather an honest mistake resulting from a minor change in the way panels were attached on parts of the plane, which was not notified to regulators [114247]. |
| Duration |
temporary |
The software failure incident related to the Boeing 737 Max aircraft's electrical problem can be categorized as a temporary failure. The incident was temporary as it was caused by specific contributing factors introduced by certain circumstances, such as poor electrical bonding during the manufacturing process, which led to the grounding of the affected aircraft [114247]. The issue was identified, and modifications were required to address the specific electrical flaw, indicating that it was not a permanent failure affecting all circumstances. |
| Behaviour |
crash, other |
(a) crash: The software failure incident related to the Boeing 737 Max aircraft involved a crash scenario where flawed data from a faulty sensor prompted the MCAS software to force the nose of the aircraft down repeatedly, ultimately leading to catastrophic dives and crashes in Indonesia and Ethiopia, resulting in the loss of 346 lives [114247].
(b) omission: The software failure incident did not specifically mention an omission scenario where the system omitted to perform its intended functions at an instance(s).
(c) timing: The software failure incident did not specifically mention a timing scenario where the system performed its intended functions correctly, but too late or too early.
(d) value: The software failure incident did not specifically mention a value scenario where the system performed its intended functions incorrectly.
(e) byzantine: The software failure incident did not specifically mention a byzantine scenario where the system behaved erroneously with inconsistent responses and interactions.
(f) other: The software failure incident involved a scenario where the system experienced an electrical problem related to poor electrical bonding, leading to improper grounding of components on the aircraft, affecting critical functions and potentially preventing safe flight and landing. This flaw was considered dangerous and required modifications to affected aircraft before being permitted to fly again [114247]. |