Officials are still struggling to understand how the Boeing 737 Max — a plane model built with the latest, most advanced technology, one that has been flying commercially for less than two years — could have failed so catastrophically so early in its career. Two of these airliners crashed in the span of five months, killing 346 people in total. But while much of the focus has fallen on a faulty sensor, the underlying cause appears to involve the way complex subsystems on the plane interacted with one another, a dynamic that has played out in other recent catastrophes, ranging from Deepwater Horizon to Air France 447.
While complexity’s hazards have become all the more apparent with the 737 Max crashes and the difficult development of self-driving cars, they have long been an object of intense interest for MIT aeronautics professor Nancy Leveson, who nearly 40 years ago began studying what she calls “software-intensive, complex, tightly coupled systems.”
Back then, Leveson was a newly minted computer science PhD trying to figure out how to fix a torpedo for the U.S. Navy. The Mark 48 Advanced Capability (ADCAP) simply wasn’t working — a major problem given that the weapon was intended to defend the United States against Russian subs and the nuclear missiles they carried.
Things can go catastrophically wrong even when every individual component is working as designed.
“[Navy officials] were just tearing their hair out,” Leveson says today. “They’d never used so many computers in these weapons systems before.”
Leveson realized that technology had advanced to such a point that the routine problem-solving methods engineers had long employed would no longer suffice. A new methodology needed to be developed.
To avoid disasters, engineers have traditionally identified which individual components in a system might fail and how. The most minor parts can make a huge difference. A classic example is the space shuttle Challenger, which blew up in 1986 during liftoff because a single O-ring failed to provide an adequate seal due to unusually low…
