In light of two recent fatal crashes of its 737 MAX jet that killed 346 people and eventually grounded the line of planes worldwide, Boeing developed a software patch and pilot training program to address issues in the plane’s software.
Following the crash of Ethiopian Airlines Flight 302 earlier this month, the Federal Aviation Administration (FAA) and other airplane regulators worldwide grounded the 737 MAX due to similarities between the two recent crashes. But in an attempt to convince airlines, pilots, regulators and the flying public that they are still safe — and to get the planes back in the air — the aircraft manufacturer unveiled a software patch to ameliorate problems initially identified after the October Lion Air crash.
Following the Lion Air crash preliminary report published by Indonesian investigators revealed issues with the plane’s anti-stall system. The investigations also pointed to serious flight control problems that traumatized passengers and crew on the aircraft's previous flight, as well as signs of angle-of-attack (AoA) sensor and other instrument failures on that and previous flights, tied to a potential design flaw involving the maneuvering characteristics augmentation system (MCAS) of the 737 MAX series.
Lion Air Flight 610’s pilots struggled to override an automatic safety system installed in the Boeing 737 MAX 8 plane, which pulled the plane's nose down more than two dozen times during the fatal 12-minute flight. Taking off from Jakarta, the co-pilot asked air traffic control to confirm air speed and altitude before reporting they had experienced a "flight control problem,” just two minutes into the flight. Additionally, the flight crew requested clearance to return to the Jakarta airport just 22 miles into the flight.
According to the investigation, the plane’s software system was responding to unreliable data, which suggested its nose was tilted at a higher angle than it was, indicating the plane was at risk of stalling. The report also noted that pilots first manually corrected an "automatic aircraft nose down" two minutes after takeoff and repeatedly performed the same procedure before the plane plunged nose-first into the Java Sea.
While CNN’s aviation analyst David Soucie said that the circumstances created by the plane's automatic correction would have made pilot intervention “impossible,” investigators are curious why the pilots didn't follow the same procedure another flight crew performed the previous day after encountering a similar issue. A different flight crew had experienced the same issue on a flight from Denpasar to Jakarta the previous day, but had turned off the MCAS and took manual control of the plane.
In the case of Ethiopian Airlines Flight 302, the pilot reported a “flight control” problem just one minute into the flight but decided to continue regardless. Just two minutes later, as the aircraft accelerated to abnormal speed, the captain requested permission to return “in a panicky voice.” Flight controllers witnessed that the aircraft was oscillating up and down by hundreds of feet — a dangerous sign that something was defective.
The similarities in flight patterns between the two fatal crashes ultimately prompted regulatory authorities to ground the best-selling Boeing aircraft worldwide.
How the Patch Helps
The FAA said the updates will address the MCAS as investigators look into whether faulty data coming into those systems drove the planes into steep dives that the pilots were unable to overcome. Because data and physical evidence shows similarities between the Lion Air and Ethiopian Airlines crashes, Boeing is working to specify the installation of new flight control computer operational program software across the 737 MAX 8 line.
Earlier this week, the airplane company previewed its software fix, saying the changes improve the safety of the aircraft, preventing erroneous information from triggering the anti-stall system. The new patch means the system will force the nose lower just once per event after sensing a problem, giving the pilots improved control.
Among the changes Boeing detailed to reporters, the airlines, regulators and pilots Wednesday, according to NPR:
The MCAS system relies on data from two sensors instead of just one to determine whether the plane is in danger of aerodynamic stall.
If MCAS is activated, the system will act only once instead of repeatedly forcing the nose of the plane down.
Pilots will be able to override the automated system by pulling back on the control column.
Warning lights alerting pilots to a problem with the sensors will become standard instead of a more expensive option.
Boeing will enhance training for pilots on MCAS, incorporating all of the changes it makes, once approved by regulators.
Boeing plans to send the software updates and plan for enhanced pilot training to the Federal Aviation Administration for certification approval. After the FAA approves the fix, Boeing said it will send the software update to customers. It takes a few days install and more time for training and testing, the company said. Analysts believe that will take a minimum of six weeks and up to 12 weeks before the grounded jets are airborne again.
In the End
Unfortunately, while automating the management of this patch would not have prevented the two crashes from happening, these incidents do underscore the crucial importance of ensuring your IT infrastructure has the right software, is patched and is configured correctly — regardless of operating system (OS), software or geographic location.
Just as Boeing’s MCAS software update aims to provide additional layers of protection if the AOA sensors provide erroneous data, software providers also provide updates aimed at enhancing the security of your critical IT infrastructure. While not the human life-and-death situation illustrated with the software of the 737 MAX jets, most data breaches are the result of unpatched vulnerabilities. Don’t let a software patch lead to the data breach that spells life or death for your organization.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.