| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to the AirAsia Flight 8501 crash involved a mechanical failure with the rudder system that had occurred on the same airplane multiple times before the fatal crash. The faulty component, a crack in the electrical soldering, had caused issues at least 23 times prior to the accident [53726, 53156].
(b) The incident also highlighted that the rudder limiter system on the aircraft had problems on 23 occasions in 2014, indicating that similar issues had been experienced by other airlines or aircraft as well, not just limited to AirAsia [53156]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident in the AirAsia Flight 8501 crash was primarily attributed to a technical fault related to a cracked solder joint on a circuit board, which led to a loss of electrical continuity in the rudder travel limiter system [53156]. This fault was a result of a design flaw or a manufacturing defect in the system. Additionally, the crew's response to the technical fault, specifically the action of resetting the system by removing and replacing a circuit breaker, exacerbated the situation and led to the disengagement of critical systems like the autopilot and autothrust, ultimately causing the loss of control of the aircraft [53156].
(b) The operation of the system, in this case, refers to the crew's actions in response to the technical fault. The crew's decision to reset the system in-flight by pulling and pushing back in a circuit breaker, a procedure sometimes used on the ground to clear software problems, had fatal consequences in the air. This operation error resulted in the disengagement of critical flight control systems, making it impossible for the pilots to maintain control of the aircraft [53156]. |
| Boundary (Internal/External) |
within_system |
(a) The software failure incident related to the crash of AirAsia Flight 8501 can be categorized as within_system. The incident was caused by a technical fault in the rudder travel limiter system, specifically a cracked solder joint on a circuit board, which led to a loss of electrical continuity [53156]. This fault originated from within the system of the aircraft and was not directly caused by external factors such as weather conditions. The failure of the rudder travel limiter system, which restricted rudder movement at high speeds and altitudes, was a critical contributing factor to the crash [53156]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in the AirAsia Flight 8501 crash was primarily due to non-human actions. The incident was caused by a technical fault related to a faulty component, specifically a cracked solder joint on a circuit board in the rudder travel limiter system [53156]. This fault led to a loss of electrical continuity, which contributed to the failure of the system and ultimately the crash of the aircraft into the Java Sea. The maintenance records showed that the rudder limiter system had experienced problems on 23 occasions in 2014, indicating a recurring issue with the system [53156].
(b) However, human actions also played a role in the software failure incident. The crew's response to the technical fault exacerbated the situation. An attempt to reset the system by removing and replacing a circuit breaker, a procedure sometimes used on the ground, had fatal consequences in flight as it disengaged the plane's autopilot and autothrust systems, leading to the pilots' inability to control the aircraft [53156]. Additionally, subsequent flight crew actions after the circuit breaker reset resulted in the aircraft entering a prolonged stall and upset condition beyond the capability of the crew to recover [53156]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The crash of AirAsia Flight 8501 was caused by a technical fault related to a cracked solder joint on a circuit board, which led to a loss of electrical continuity in the rudder travel limiter system [53156].
- The failure of the plane's rudder travel limiter system, which restricts rudder movement, was traced back to a cracked solder joint on a circuit board, indicating a hardware-related issue [53156].
(b) The software failure incident occurring due to software:
- The incident involved a failed attempt by the crew to deal with the technical fault, which led to the disengagement of the plane's autopilot and autothrust systems, causing the pilots to lose control of the aircraft [53156].
- The crew's actions after the circuit breaker reset resulted in the inability to control the aircraft, indicating a software-related issue in terms of the response to the hardware failure [53156]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident related to the crash of AirAsia Flight 8501 was non-malicious. The incident was caused by a technical fault in the rudder control system and a failed attempt by the crew to deal with it, not by malicious intent. The failure involved a faulty component coupled with the crew's response, which led to the aircraft entering a prolonged stall condition that the crew could not recover from [53156]. The incident was attributed to a cracked solder joint on a circuit board, which caused a loss of electrical continuity in the rudder travel limiter system [53156]. The crew's actions, including pulling and pushing a circuit breaker to reset the system, disengaged critical systems like the autopilot and autothrust, leading to the loss of control of the aircraft [53156]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident was poor_decisions. The incident involving the crash of AirAsia Flight 8501 was primarily caused by a technical fault related to a faulty component in the rudder system and a failed attempt by the crew to deal with it. The crew's decision to reset the system by removing and replacing a circuit breaker in-flight had fatal consequences as it disengaged the plane's autopilot and autothrust systems, leading to the pilots being unable to control the aircraft [53156]. Additionally, the crew's response to the mechanical failure, including pulling the circuit breaker, induced the failure of a portion of the rudder control system, ultimately causing the airplane to crash into the Java Sea [53726]. |
| Capability (Incompetence/Accidental) |
accidental |
(a) The software failure incident in the AirAsia Flight 8501 crash was not attributed to development incompetence but rather to a technical fault and a failed attempt by the crew to deal with it. The crash was caused by a faulty component coupled with the crew's response, specifically the disengagement of the plane's autopilot and autothrust systems after a circuit breaker was pulled out and pushed in again, leading to electrical distraction and the pilots being unable to keep the aircraft under control [53156].
(b) The software failure incident in the AirAsia Flight 8501 crash was accidental, as it was caused by a technical fault in the rudder travel limiter system, specifically a cracked solder joint on a circuit board, which led to a loss of electrical continuity. The crew's attempt to reset the system by removing and replacing a circuit breaker in response to an alarm warning also contributed to the accident, with fatal consequences of disengaging the autopilot and autothrust systems [53156]. |
| Duration |
permanent, temporary |
From the provided articles, the software failure incident related to the crash of AirAsia Flight 8501 can be categorized as both permanent and temporary:
(a) Permanent Failure:
The incident involved a permanent failure due to contributing factors introduced by all circumstances. The failure of the rudder travel limiter system, which restricts rudder movement, was a contributing factor that led to the crash. The investigators found a cracked solder joint on a circuit board, which caused a loss of electrical continuity, ultimately leading to the inability to control the aircraft [53156].
(b) Temporary Failure:
The incident also involved a temporary failure due to contributing factors introduced by certain circumstances but not all. The crew's response to the technical fault, specifically the attempt to reset the system by removing and replacing a circuit breaker, led to disengaging the plane's autopilot and autothrust systems. This temporary action had fatal consequences as it caused electrical distraction and the pilots were unable to keep the aircraft under control [53156]. |
| Behaviour |
crash, omission, other |
(a) crash: The software failure incident in the AirAsia Flight 8501 crash was a crash-type failure. The incident led to the system losing its state and not performing its intended functions, ultimately resulting in the airplane crashing into the Java Sea [53726, 53156].
(b) omission: The software failure incident also involved an omission-type failure. After the circuit breaker was removed and reinserted, the aircraft rolled hard to the left before leveling out. The aircraft then climbed at a steep angle and stalled, leading to a loss of control. The report mentioned that subsequent flight crew actions resulted in an inability to control the aircraft, indicating an omission in performing the intended functions [53156].
(c) timing: The timing of the software failure incident was not explicitly mentioned in the articles.
(d) value: The software failure incident did not involve a value-type failure.
(e) byzantine: The software failure incident did not exhibit a byzantine-type failure.
(f) other: The other behavior observed in the software failure incident was the system behaving erroneously with inconsistent responses and interactions. For example, the crew's response to the technical fault led to the system disengaging the plane's autopilot and autothrust systems, causing confusion and an inability to keep the aircraft under control [53156]. |