Incident: Boeing 777X Certification Delayed Due to Software Issues

Published Date: 2021-06-27

Postmortem Analysis
Timeline 1. The software failure incident involving the Boeing 777X occurred on December 8, 2020, as mentioned in Article 116254.
System 1. Software load of flight control in the Boeing 777X [116254] 2. Un-commanded pitch event software fix in the Boeing 777X [116254]
Responsible Organization 1. Boeing Co - The software failure incident was caused by issues with the software load of flight control, including an un-commanded pitch event, and delays in addressing significant problem report items related to software updates [116254].
Impacted Organization 1. Boeing Co [116254] 2. U.S. Federal Aviation Administration (FAA) [116254]
Software Causes 1. An "upcoming major software update with the software load of flight control" was mentioned as one of the issues that still need to be addressed for the Boeing 777X [116254].
Non-software Causes 1. Lack of data and preliminary safety assessment for the FAA to review [116254] 2. Upcoming major software update with the software load of flight control [116254] 3. Delays in software load dates and lack of visibility into the causes of the delays [116254] 4. Need for Boeing to implement a robust process to prevent similar issues in the future [116254]
Impacts 1. The software failure incident led to the rejection by the FAA of Boeing's request to issue a Type Inspection Authorization (TIA) Readiness for the 777X aircraft, citing concerns about lack of data and a preliminary safety assessment [116254]. 2. The certification of the 777X aircraft has been delayed, with the FAA realistically estimating that it will not be certified until mid- to late 2023, causing a significant delay in the release of the new aircraft [116254]. 3. The software failure incident has raised concerns about the safety and reliability of the 777X aircraft, especially in light of the previous software flaws in the Boeing 737 MAX planes that led to fatal crashes, resulting in extra scrutiny from European regulators [116254].
Preventions 1. Conducting a more thorough preliminary safety assessment to identify and address potential software flaws before seeking certification [116254]. 2. Implementing a robust process to ensure that corrective actions identified by root cause investigations are fully and effectively implemented to prevent similar software failures in the future [116254]. 3. Improving visibility into the causes of software delays to better manage and address issues in a timely manner [116254].
Fixes 1. Implementing a major software update with the software load of flight control, including the software fix for the un-commanded pitch event that occurred on December 8, 2020 [116254].
References 1. The U.S. Federal Aviation Administration (FAA) [116254] 2. Boeing Co [116254] 3. European regulators [116254]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to the Boeing 777X involves an "upcoming major software update with the software load of flight control" and a "software fix for the un-commanded pitch event that occurred on December 8, 2020" [116254]. This indicates that there have been software issues within Boeing itself, specifically with the 737 MAX planes in the past, which had software flaws that caused fatal crashes. (b) The article mentions that European regulators have stated they will subject the Boeing 777X to extra scrutiny after the fatal crashes of the 737 MAX planes, which were also related to software flaws [116254]. This suggests that similar incidents related to software failures have occurred in multiple organizations within the aviation industry.
Phase (Design/Operation) design (a) The software failure incident related to the development phase of design is evident in the article. The U.S. Federal Aviation Administration (FAA) cited concerns about lack of data, lack of a preliminary safety assessment, and issues with an upcoming major software update with the software load of flight control for the Boeing 777X [116254]. These issues indicate that the failure was due to contributing factors introduced during the design and development phases of the aircraft. (b) The software failure incident related to the development phase of operation is not explicitly mentioned in the provided article.
Boundary (Internal/External) within_system (a) The software failure incident related to the Boeing 777X certification process involves issues that are within the system. The article mentions concerns about an "upcoming major software update with the software load of flight control" and the need for Boeing to implement corrective actions identified by the root cause investigation to prevent similar issues in the future [116254]. These issues indicate that the failure is primarily due to factors originating from within the system itself, such as software updates and control mechanisms.
Nature (Human/Non-human) non-human_actions (a) The software failure incident related to non-human actions: The software failure incident related to the Boeing 777X certification process was primarily due to issues with the software, including an "upcoming major software update with the software load of flight control" and a "software fix for the un-commanded pitch event" that occurred on December 8, 2020. The FAA expressed concerns about the delays in software updates and the need for better visibility into the causes of these delays. The agency also emphasized the importance of Boeing implementing a robust process to prevent similar issues in the future and ensure that such failures are not systemic problems [116254]. (b) The software failure incident related to human actions: The article does not provide specific information about the software failure incident being directly caused by human actions.
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: - The article mentions an "upcoming major software update with the software load of flight control" and a "software fix for the un-commanded pitch event" that occurred on December 8, 2020, indicating a hardware-related issue [116254]. (b) The software failure incident related to software: - The article highlights concerns about software, mentioning "software load dates are continuously sliding" and the FAA needing better visibility into the causes of delays related to software updates [116254].
Objective (Malicious/Non-malicious) non-malicious (a) The articles do not mention any malicious intent or actions related to the software failure incident. The issues cited by the FAA in the letter to Boeing primarily revolve around concerns regarding lack of data, lack of a preliminary safety assessment, upcoming major software updates, delays in software load dates, and the need for Boeing to implement a robust process to prevent similar issues in the future. These factors point towards non-malicious contributing factors rather than intentional harm to the system [116254].
Intent (Poor/Accidental Decisions) unknown The articles do not provide specific information about a software failure incident related to poor decisions or accidental decisions.
Capability (Incompetence/Accidental) development_incompetence, unknown (a) The software failure incident related to development incompetence is evident in the case of the Boeing 777X development. The FAA cited concerns about lack of data, lack of a preliminary safety assessment, an upcoming major software update with flight control software load, and continuous sliding software load dates. The agency also mentioned the need for Boeing to implement a robust process to prevent similar issues in the future, indicating a lack of professional competence in the development process [116254]. (b) The software failure incident related to accidental factors is not explicitly mentioned in the provided article.
Duration unknown The articles do not provide information about a specific software failure incident being either permanent or temporary. The focus of the articles is on the certification process and delays related to the Boeing 777X aircraft, including concerns about software updates and safety issues.
Behaviour other (a) crash: The software failure incident mentioned in the articles does not specifically describe a crash where the system loses state and does not perform any of its intended functions. (b) omission: The articles do not mention a specific instance where the system omitted to perform its intended functions at an instance(s). (c) timing: The software failure incident does not relate to a timing issue where the system performed its intended functions too late or too early. (d) value: The articles do not provide information about the software failure incident being related to the system performing its intended functions incorrectly. (e) byzantine: The software failure incident does not align with a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. (f) other: The behavior of the software failure incident is related to issues with software updates, lack of data, lack of a preliminary safety assessment, delays in software load dates, un-commanded pitch events, and the need for Boeing to implement a robust process to prevent similar issues in the future. These factors point to a combination of delays, safety concerns, and the need for corrective actions rather than fitting into the specific categories mentioned above.

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence death, harm (a) death: People lost their lives due to the software failure - The article mentions that the MAX crashes in Indonesia and Ethiopia killed 346 people within five months in 2018 and 2019 [116254].
Domain transportation (a) The failed system was intended to support the transportation industry. The software failure incident was related to Boeing's 777X aircraft development, which is a significant part of the aviation industry [116254].

Sources

Back to List