Published Date: 2010-11-05
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident happened in November 2010. [3535] |
| System | unknown |
| Responsible Organization | 1. Rolls-Royce - The software failure incident was caused by a design fault in the British-built Rolls-Royce engine, specifically the Trent 900 engine, which led to a mid-air explosion during a superjumbo flight [3535]. |
| Impacted Organization | 1. Rolls-Royce - The software failure incident involving the mid-air explosion on the Qantas superjumbo flight was attributed to a design fault in the Rolls-Royce engine [3535]. |
| Software Causes | unknown |
| Non-software Causes | 1. Design fault in the Rolls-Royce engine, specifically the Trent 900 model, as blamed by the Qantas boss [Article 3535]. 2. Potential wear beyond engine manual limits as highlighted in the airworthiness directive issued by the European Aviation Safety Authority (EASA) [Article 3535]. 3. Speculation about causes such as a bird strike, a design flaw, a one-off manufacturing defect, or volcanic ash from an erupting volcano near the incident location [Article 3535]. |
| Impacts | 1. The software failure incident led to a mid-air explosion during a superjumbo flight from London to Sydney, caused by a design fault in the Rolls-Royce engine, resulting in the pilot making an emergency landing [3535]. 2. The incident caused Qantas to ground its fleet of six A380s for safety checks, affecting the airline's operations [3535]. 3. Aviation safety officials issued warnings about potential problems in Rolls-Royce jet engines, leading to concerns about the safety of the Trent 900 engine model [3535]. 4. Airbus asked all owners of A380 aircraft with Rolls-Royce engines to conduct engine checks to ensure continuous safe operations of the fleet, impacting airlines like Singapore Airlines and Lufthansa [3535]. 5. Passengers on the affected flight experienced anxiety and fear due to the mid-air explosion, with some describing the engine disintegrating and flames coming out, leading to a nerve-wracking experience [3535]. |
| Preventions | 1. Implementing more rigorous testing procedures during the design and manufacturing phase of the Rolls-Royce Trent 900 engine to detect any potential flaws or defects before they lead to mid-air explosions [3535]. 2. Conducting regular maintenance checks and inspections on the Trent 900 engines to ensure they are within manual limits and to prevent wear beyond acceptable levels that could lead to engine performance loss or in-flight shutdowns [3535]. 3. Enhancing communication and collaboration between Rolls-Royce, Airbus, and airlines like Qantas to promptly address any identified issues or warnings related to the Trent 900 engines to prevent incidents like mid-air explosions [3535]. |
| Fixes | 1. Conducting thorough investigations to identify the root cause of the design fault in the Rolls-Royce Trent 900 engine [3535] 2. Implementing necessary maintenance and checks on Rolls-Royce engines to address potential wear beyond manual limits and prevent in-flight shutdowns [3535] 3. Collaborating with aviation safety officials and authorities to ensure continuous safe operations of the fleet by conducting engine checks on all A380 aircraft with Rolls-Royce engines [3535] | References | 1. Qantas boss Alan Joyce 2. Aviation safety officials 3. European Aviation Safety Authority (EASA) 4. Rolls-Royce spokesperson 5. Airbus 6. Australian Transport Safety Bureau 7. Passengers on the Qantas flight 8. Passenger Lars Sandberg 9. Passenger Mike Tooke 10. Passenger Rosemary Hegardy 11. Passenger Ulf Waschbusch 12. Geoff Reay, an Australian living on Batam Island 13. Mr. Tatang Kurnia, head of Indonesia's Transport Safety Board 14. Professor Jeff Jupp, former technical director of Airbus UK 15. Various witnesses and officials mentioned in the articles [3535] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: The incident involving the mid-air explosion during a superjumbo flight from London to Sydney was attributed to a design fault in the Rolls-Royce engine, specifically the Trent 900 model. This engine had been at the center of two previous scares, including an incident where a Lufthansa flight had to shut down an engine shortly before landing and a Singapore Airlines A380 had to return to Paris due to an engine malfunction [3535]. (b) The software failure incident having happened again at multiple_organization: The Rolls-Royce Trent 900 engine, which was involved in the mid-air explosion incident, was used by multiple airlines operating the A380 superjumbo. Specifically, out of the 37 A380s in use, 20 of them, including those of Qantas, Singapore Airways, and Lufthansa, were equipped with the Trent 900 engine. This indicates that the software failure incident was not limited to a single organization but affected multiple airlines operating the A380 [3535]. |
| Phase (Design/Operation) | design | The software failure incident reported in the news articles is related to a design issue rather than an operation issue. The incident was attributed to a design fault in the British-built Rolls-Royce engine, specifically the Trent 900 engine, which was constructed in Rolls Royce's Derby factory [3535]. The Qantas boss blamed the mid-air explosion on an issue with the Rolls Royce engine design, not on maintenance of the A380 aircraft [3535]. Additionally, aviation safety officials had previously issued warnings about potential problems in Rolls-Royce jet engines, indicating a design-related concern [3535]. |
| Boundary (Internal/External) | within_system | The software failure incident reported in the articles is related to an engine failure on a Qantas superjumbo flight from London to Sydney. The incident was attributed to a design fault in the Rolls-Royce Trent 900 engine [3535]. The failure was within the system, specifically originating from a potential design issue within the Rolls-Royce engine itself. The incident was not caused by external factors such as a hack, bug, or external interference with the software system. |
| Nature (Human/Non-human) | non-human_actions | (a) The software failure incident occurring due to non-human actions: The incident involving the mid-air explosion of the Qantas superjumbo was attributed to a design fault in the Rolls-Royce Trent 900 engine, specifically a 'design issue' at Rolls-Royce [3535]. This failure was not related to maintenance but rather to an issue with the engine itself, indicating a non-human factor leading to the software failure. (b) The software failure incident occurring due to human actions: There is no indication in the provided articles that the software failure incident was caused by contributing factors introduced by human actions. The focus of the incident was on the design fault in the Rolls-Royce engine rather than any human actions leading to the failure. |
| Dimension (Hardware/Software) | unknown | The articles do not mention any software failure incident related to either hardware or software issues. Therefore, the information about the software or hardware failure incident is unknown. |
| Objective (Malicious/Non-malicious) | non-malicious | The software failure incident reported in the articles is non-malicious. The incident was related to a design fault in the Rolls-Royce engine, specifically the Trent 900, which led to a mid-air explosion during a superjumbo flight from London to Sydney [3535]. The failure was attributed to an issue with the engine design and not maintenance, indicating a non-malicious cause. The incident resulted in an emergency landing and grounding of the fleet for safety checks, with authorities and airlines conducting investigations and precautionary measures to ensure the safety of the aircraft [3535]. |
| Intent (Poor/Accidental Decisions) | unknown | The articles do not mention any software failure incident related to poor decisions or accidental decisions. Therefore, the intent of the software failure incident in this case is unknown. |
| Capability (Incompetence/Accidental) | unknown | The articles do not mention any software failure incident related to development incompetence or accidental factors. Therefore, the information regarding these specific types of software failure incidents is unknown based on the provided articles. |
| Duration | temporary | The software failure incident related to the Rolls-Royce engine issue on the Qantas A380 flight was temporary. The incident was attributed to a design fault in the Rolls-Royce engine, specifically the Trent 900 model, which led to a mid-air explosion during the flight from London to Sydney. The failure was not due to maintenance issues on the aircraft but rather a specific issue with the engine itself [3535]. The incident prompted Airbus to order checks on all A380 superjumbos with Rolls-Royce engines to ensure continuous safe operations of the fleet [3535]. The temporary nature of the failure is evident from the fact that Qantas grounded its fleet of A380s for safety checks, and once these checks were completed without adverse findings, the aircraft were set to resume operations [3535]. |
| Behaviour | crash | (a) crash: The incident described in the articles can be categorized as a crash behavior. The Rolls-Royce Trent 900 engine experienced a mid-air explosion during a Qantas superjumbo flight, which led to the engine blowing up, parts flying off, and the pilot having to make an emergency landing [3535]. (b) omission: There is no specific instance of omission behavior mentioned in the articles. (c) timing: The incident does not align with a timing failure as the system did not perform its intended functions too late or too early. (d) value: The software failure incident is not related to a value failure. (e) byzantine: The incident does not exhibit byzantine behavior. (f) other: The behavior of the software failure incident can be categorized as a crash due to the sudden and catastrophic failure of the Rolls-Royce Trent 900 engine during the flight, resulting in the system losing its state and not performing its intended functions [3535]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | None | None |
| Communication | None | None |
| Application | None | None |
| Category | Option | Rationale |
|---|---|---|
| Consequence | delay, theoretical_consequence | (a) death: People lost their lives due to the software failure - No information in the provided article indicates that people lost their lives due to the software failure incident. [3535] (b) harm: People were physically harmed due to the software failure - The article mentions that passengers on the Qantas flight experienced anxiety and fear during the mid-air explosion, but there is no specific mention of physical harm caused by the software failure incident. [3535] (c) basic: People's access to food or shelter was impacted because of the software failure - There is no information in the article suggesting that people's access to food or shelter was impacted by the software failure incident. [3535] (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident primarily affected the aircraft engine and the operation of the flight, but there is no mention of people's material goods, money, or data being directly impacted. [3535] (e) delay: People had to postpone an activity due to the software failure - Passengers on the Qantas flight had to make an emergency landing in Singapore due to the mid-air explosion caused by the software failure incident, resulting in a delay in reaching their destination. [3535] (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident primarily impacted the aircraft engine, causing an emergency landing and engine malfunction, but there is no specific mention of non-human entities being impacted. [3535] (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident had significant consequences, including an emergency landing, engine malfunction, and grounding of the A380 fleet for safety checks. [3535] (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses potential consequences such as the risk of engine performance loss, in-flight shutdown, and unsafe conditions due to engine wear beyond manual limits. However, these potential consequences did not materialize as the incident was contained with no fatalities. [3535] (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - There is no other consequence mentioned in the article that falls outside the provided options. [3535] |
| Domain | transportation | The software failure incident reported in the news article [3535] is related to the transportation industry. Specifically, the incident involved a mid-air explosion on a Qantas superjumbo flight from London to Sydney due to a design fault in the Rolls-Royce engine. This incident led to an emergency landing and subsequent grounding of the fleet for safety checks on the A380 aircraft using the Trent 900 engine. The failure impacted the transportation of passengers and goods, highlighting the critical role of software systems in ensuring the safety and reliability of air travel within the transportation industry. |
Article ID: 3535