This paper aims to show the current situation and additional requirements for the aircraft automation systems based on the lessons learned from the two 737 MAX crashes.
In this study, the Swiss cheese model was used to find the real root causes of the 737 MAX accidents. Then, the results have been compared with the actions taken by the manufacturers and authorities. Based on the comparison, the necessary improvements to prevent such accidents are defined. Regarding the faulty sensor that forms the accidents, a synthetic sensor was developed using an aerodynamic model.
It has been proven that the safety-critical automation systems should not be designed by relying on a single set of sensor data. Automation levels should be defined in a standard way. Depending on the defined automation level, the system must be designed as either fail-safe or fail-operational system. When designing backup systems, it should be decided by looking at not only whether it has power but also the accuracy of the incoming signals.
Aviation certification requirements related to automation systems need to be revised and improved. With this context, it was revealed that the certification processes for automation systems should be re-evaluated and updated by aviation authorities, especially Federal Aviation Administration and European Union Aviation Safety Agency.
Task sharing between automation system and pilot based on the classification of automation levels and determining certification requirements accordingly has been brought to the agenda. A synthetic Angle of Attack sensor was developed by using an aerodynamic model for fault detection and diagnosis.