737 MAX safety tests covering increasingly remote failure risks

As Boeing Co. and safety regulators push to complete long-awaited fixes for 737 MAX jets, testing has expanded to cover increasingly unlikely emergencies including potential computer failures pinpointed by overseas authorities, according to U.S. government officials briefed on the details.

The broader risk analyses and simulator scenarios, some details of which haven’t been reported before, show the lengths to which leaders of the Federal Aviation Administration, in coordination with their foreign counterparts, are going to verify the safety of the MAX fleet before allowing the planes to fly again.

Misfires of an automated flight-control system called MCAS led to two fatal crashes in less than five months, taking 346 lives. A package of fixes and training enhancements specifically targeting MCAS was assembled and tested months ago. But since then, according to the officials, 737 MAX reviews are delving into potential hazards beyond the specific software that controls the MAX feature.

The upshot, according to one person familiar with the details, is that Boeing has opted to make the plane’s overall flight-control computer functions more redundant. Going forward, both of those critical computers will be functioning on each MAX flight, versus the original design that had them alternating between flights, according to this person. The change was first reported by the Seattle Times.

As part of the new focus, regulators also have shifted their attention to the likelihood of pilots reacting as quickly as anticipated to a range of extreme emergencies involving various flight-control features. A portion of the ongoing testing and analysis is delving into extremely remote but potentially catastrophic problems that have a probability of less than one in 100 million flights. For initial certification of safety-critical systems, regulators typically use a far tighter standard of roughly one in a billion.

Specifically, the results of one sequence of tests requested by European regulators and performed in a Boeing flight simulator weeks ago, has extended the certification process by approximately three more months, according to the government officials and others familiar with the testing. The revised timetable means the jet, which has been idled since March, likely won’t resume commercial service until at least early 2020, industry and government officials have said.

A trio of FAA pilots climbed into Boeing’s most advanced simulator in a Seattle suburb in late June to replicate a computer-chip failure that had never occurred in flight but could result in strong, automated commands pushing down a plane’s nose. The failure mode that resulted in erroneous computer output was similar, but not directly related, to MCAS misfires, according to the government officials.

CLICK HERE TO GET THE FOX BUSINESS APP

It took one of the pilots 16 seconds to identify and react to the malfunction, significantly longer than current FAA certification rules and safety guidelines permit, some of the agency officials said. The upshot, they added, was a determination that if an airline crew confronted such a problem—even though chances of it happening are extremely small—the consequences could be catastrophic.

Earlier this week, Ali Bahrami, the FAA’s top safety official, told a Senate subcommittee during a hearing that the June tests “identified a very remote failure case,” adding that FAA pilots decided “the level of proficiency that is required to recover from this event was exceptional” and could overwhelm average airline crews.