If I understand correctly, the module that controls the MCAS system was designed, manufactured and programmed by Rockwell Collins, a reputable company in the aerospace industry.
Right. The NTSB report detail all of the Rockwell Collins work into the "E.1.1 Requirements Generation and Traceability":
"An NTSB review of a December 09, 2016 Rockwell Collins document titled
“EDFCS FCC-730 P10.0 Requirement Verification Matrix” was conducted. This
document included a “traceability matrix” table that identified the incremental
requirements that were changed/added/deleted for the EDFCS FCC-730 P10.0
software development. The document indicated that the traceability matrix had
been reviewed by Rockwell and their review found that the requirements affected
by the EDFCS FCC-730 P10.0 software development have been correctly allocated,
implemented, and verified. The NTSB review of the “traceability matrix” table
found that it included all of the safety requirements that were added to the SCD per
Boeing document “B-1740, including the MCAS safety requirement 184.108.40.206.3.1.1-
A. According to Boeing, the safety requirement would be covered in the EDFCS
system safety assessment. A review on the Boeing EDFCS system safety
assessment found that the MCAS safety requirement 220.127.116.11.3.1.1-A was addressed."
I think it is fair to say design flaws within the MCAS system contributed to the Lion Air accident, but with the caveat being there were systemic maintenance, pilot training and operational procedural inadequacies that were significant factors in the chain of events that led to the demise of the aircraft.
The MCAS was not safe enough. Of course an unsafe design will first hit the less experimented pilots. As the EASA have emphasis:
"Pilot training requirements are not meant to compensate for non-acceptable design on the compliance and safety standpoint."
As such, I am not convinced we can place blame solely on MCAS or Boeing. At a guess Boeing and their supporting contractors would have designed, programmed and certified 1000's of Flight Control Systems. The Accident report states certification of the system was in accordance to current regulations and as a consequence acceptable industry practice.
This is not exactly what is on the JT610 report:
"During the design and certification of the Boeing 737-8 (MAX),
assumptions were made about flight crew response to malfunctions which,
even though consistent with current industry guidelines, turned out to be
And if you read the details, it's clear that the 737-8/9 MAX was not "in accordance to current regulations" due to a flawed Functional Hazard Analysis (FHA).
As can be seen in the news articles relating to the design and certification of MCAS, there were mitigating circumstances that resulted in the design of MCAS not being ideal. A fair assessment would not place blame on Boeing for these circumstances.
The report did not blame, and did not limit the contributing factors only on Boeing.
From where I sit a global view of the lion air and ET accidents will add more value to the discussion. Aircraft are extremely complex pieces of equipment designed by extremely talented people. Every day these talented people have passengers lives in their hand. Let's not unfairly load these people up with blame.
Ultimately, the ET crash investigation report will give us a greater understanding of the role of MCAS. I suspect we will have a different set of circumstances which will broaden the scope of the discussion.
I don't see how the ET302 final report will change anything substantial to the already existing NTSB report and JATR review.
It could be the case that there is mismatch in the ability of airlines to adapt to the rate of change in aircraft designs from the OEM's where even small subtle changes to an aircraft design are not being properly understood in an operational environment.
Boeing was selling the 737-8/9 MAX with the big marketing point "MAX == NG, no pilots training required". This was obviously a very strong requirement to the 737-8/9 MAX design.