Netflix Releases Documentary on the Boeing MCAS Failures

[Bell206]

Is this accurate?

Partly. Per the reports, after disabling the trim and attempting other tasks with no success (mainly due to the engine thrust setting) they reactivated the trim system which at that air speed prevented any recovery. A secondary issue that led to the "task saturation" reports was the SIC only had about 360 hours of total flight experience.

Were there other events where MCAS went haywire and the pilots *did* disable the auto-trim feature AND recover safely?

The Lion flight before their accident flight had a MCAS activation which a jump seat pilot reminded the PIC to turn off the trim and they landed. On the subsequent accident flight that PIC did not turn off the trim system but was countering the MCAS activations with the yoke trim switch successfully until he handed control off to the SIC who couldn't and it crashed.

 

[Larry in TN]

is it not true that this MCAS failure mode is just a special case of runaway trim?

That is true and it is why the failure risk analysis, performed during initial MAX certification, rated the risk from an unscheduled MCAS activation low and didn't required the added complexity of combining AoA inputs from both the left and right ADIRUs and FCCs. The risk assessment was based on the assumption that the pilots would respond to a runaway stabilizer by applying the runaway stabilizer non-normal procedure. The complexity of adding that comparison, without introducing new, unanticipated failure modes, is a big part of why re-certification took so long. After three flight where the crews did not (initially) respond as expected, the risk analysis was revised to a higher level that required the upgrade.

The part that is news to me is that the Ethiopian pilots *did* actually disable the electronic trim system, but still crashed (?). Is this accurate?

That is accurate, to a point. They did eventually take the STAB CUTOUT switches to CUTOUT but they didn't do it until the stabilizer trim had already been run to nearly full nose-down trim.

What they needed to do was follow the procedure which would have included disengaging auto-throttle and auto-pilot (instead of repeatedly trying to engage it), flying the airplane manual with pitch and power settings, limiting airspeed to something reasonable, all while using the primary electric trim (thumb switches) to keep the airplane in-trim by stopping and removing all of the MCAS nose-down trim input.

People seem to interpret my comments as me saying that it is easy. It isn't easy. V1 cuts aren't easy. Unexpected failures are not easy. It requires discipline, training, and experience to ignore the distractions and to fly the airplane first. That isn't easy, but it is necessary if you are going to transport hundreds of paying passengers at this level. Both of the accident airplanes were very flyable. This was proven by the second-to-last crew to fly the Lion Air accident airplane. Not only did they, after prompting from the jumpseater, successfully stop the MCAS activations but they continued to fly the airplane to its intended destination in it's system degraded condition. (Something that never would be accepted at a western airline). (The airplane was degraded as it had lost its stall warning system, autopilot system, half of it's primary flight data, electric trim, speed-trim system, and its high-AoA pitch-feel protection)

 

[AKiss20]

but they continued to fly the airplane to its intended destination in it's system degraded condition. (Something that never would be accepted at a western airline).

oh really?

https://en.m.wikipedia.org/wiki/British_Airways_Flight_268

 

[Larry in TN]

oh really?

https://en.m.wikipedia.org/wiki/British_Airways_Flight_268

That was a four-engine jet. A single engine loss on a four-engine jet isn't, on its own, an emergency. Under US regulations, which BA wasn't governed by, the Captain can choose to continue to his destination if he determines that doing so it at least as safe as diverting to a nearer alternate.

I have had one engine shutdown in my career. It was in a DC8-72 at 3am over the Indian Ocean. After consideration of our options, the Captain elected to continue ~4-1/2 hours to Singapore, our destination. We arrived on-time and under fuel burn. Other than filling out the required report, the Captain was never questioned on his decision.

The Lion Air incident flight has lost it's stall warning system (it was going off continuously and could not be silenced, had invalid airspeed and altitude data on the Captain's flight instruments, had lost the ability to use the normal electric stabilizer trim, had lost the ability to use the autopilot, had lost the high-AoA pitch feel protection provided by MCAS, and had lost the speed-trim system's speed stability system. The decision to continue to their destination would not be supported by any countries regulations.

 

[Albany Tom]

People from both 1st and 3rd world countries do goofy things. Continuing on 3/4 engines over the middle of the ocean, when continuing isn't that much more distance than returning is one thing. But flying an aircraft across the entirety of North America, then crossing the Atlantic, with an exploded engine just to save some passengers some time is, in my view, reckless. It's not like it was the 1780s, and not safe for a British crew to be walking around. Plenty of safe places to land a plane, get some chow, and find another plane.

As was Lion Air. Part of whatever your job is, is following regulations. But common sense needs to figure into it, too.

 

[nauga]

Part of whatever your job is, is following regulations. But common sense needs to figure into it, too.

IME "common sense" is often used to describe something that seems obvious to an outside observer but is counter to training, experience, and possibly even regs to those with experience.

Nauga,
uncommon

 

[Larry in TN]

Continuing on 3/4 engines over the middle of the ocean, when continuing isn't that much more distance than returning is one thing.

On my flight, I was about 20 minutes past top-of-climb out of Diego Garcia. It would have been about 30 to 40 minutes to return or 4-1/2 hours to continue. We continued.

But flying an aircraft across the entirety of North America, then crossing the Atlantic, with an exploded engine

The engine on BA268 did not explode. It had an engine surge, or compressor stall, which is when the air coming into the compressor section is at a speed or angle that is incompatible with the speed the compressor wheels are turning. The compressor blades stall, temporarily disrupting the flow of air through the core of the engine. With insufficient air, the combustions momentarily stops and the fuel that should have burned travels, unburned, through the turbine section of the engine and out into the exhaust. The surge is typically short-lived and combustion resumes, often causing the previously unburned fuel to ignite as it exits the engine. Common causes are a fault in the fuel-air control unit or a stuck high-pressure bleed valve that doesn't relieve pressure in the combustion section when it should. The engine itself is not usually damaged.

The crossing from LAX to London is not a route that takes it far from suitable alternate airports. Their situation was stable and they had suitable alternate airports along their route. When they got behind of their fuel plan they diverted to an alternate airport. Actual fuel burn is tracked throughout the flight and compared to the planned burn. When you get behind, you change the plan. That's what they did.

There's a big different between that and continuing a flight with compromised control and safety systems.

 

[Sluggo63]

That was a four-engine jet. A single engine loss on a four-engine jet isn't, on its own, an emergency. Under US regulations, which BA wasn't governed by, the Captain can choose to continue to his destination if he determines that doing so it at least as safe as diverting to a nearer alternate.

This isn't what you asserted, though. The statement you made was:

...they continued to fly the airplane to its intended destination in it's system degraded condition. (Something that never would be accepted at a western airline). (The airplane was degraded as it had lost its stall warning system, autopilot system, half of it's primary flight data, electric trim, speed-trim system, and its high-AoA pitch-feel protection)

@AKiss20 correctly pointed out that BA268 flew half way across the world with one engine shut down. Although you and I know that's all legal (and possibly even safe), it is still a degraded condition.

 

[Larry in TN]

@AKiss20 correctly pointed out that BA268 flew half way across the world with one engine shut down. Although you and I know that's all legal (and possibly even safe), it is still a degraded condition.

It's degraded in a very different way, primarily in climb performance, and a way that the regulations, and decades of past practice, recognizes can safety support continued flight.

None of the flight control systems were compromised. All three autopilots were all fully functional. Stall warning systems were functional. Speed and stability protection systems were fully functional. Primary trim functions were fully functional. Continuing with any of these failures, except the autopilots, is not supported by either regulation or decades of past practice.

 

[Cap'n Jack]

Didn't BA268's problem start with an engine fire?
Was it wise to continue the flight as (I think) the crew shut off the engine to stop the fire?

 

[Larry in TN]

Didn't BA268's problem start with an engine fire?

Compressor stalls.

If you have a fire, you are going to divert due to the possibility of damage as well as the loss if fire-fighting capability due to having expended at least one fire bottle into the engine or cargo compartment.

The United Kingdom's Civil Aviation Authority (their "FAA") investigated the incident and determined that the aircraft was not unairworthy. The FAA accepted the CAA findings.

The US regulation which establishes the requirement to land, and when you can continue, after the loss of an engine is 14 CFR 121.565.

 

[Albany Tom]

IME "common sense" is often used to describe something that seems obvious to an outside observer but is counter to training, experience, and possibly even regs to those with experience.

Nauga,
uncommon

"Common sense" is going to be different, depending on the training and experience of the person. In any field, even experts run into new situations. They base their decisions on experience and training. But in the end, if things go sideways badly enough, they're going to be judged by people that aren't experts, and don't have training. If the regulations are grey, and there's a way to blame it on the individual pilot, engineer, doctor, whatever - the regulatory agencies and the companies are going to do just that.

I don't care what the regs are, I wouldn't have flown a 4 engine aircraft on 3 engines with passengers in it over the Atlantic. Maybe I'm not risk tolerant enough to do that job. I don't know what the chances of a 2nd engine failure are. I have a pretty good idea of what the performance of the plane with only engines on one side are, though...and I know that no amount of math is going to explain away that situation going sideways.