That is the theme of a 2006 Safety Board report examining the many ways hazards slip on to airplane designs when the certifiers aren't paying attention.
I've written before about the similarities between Boeing's "we'll eliminate all risks" approach to using a volatile flavor of lithium ion battery in its newest plane and the "we'll eliminate all risks" approach it took when creating volatile fuel tanks in the design of the Boeing 747 four decades ago.
So later in the day, when a few other reporters and I had Hersman on the phone again, I asked her to expound on the parallel.
|Testing in the NTSB materials lab. NTSB photo|
"You’re asking me to perform some analysis. I'm not sure we are at that stage of the investigation," she said before sending me off to track down and read the above mentioned 126 page report. (Go ahead, you'll find it here.)
TWA Flight 800 was one of the four airline crashes the report uses to illustrate what can happen when airplane manufacturers put forth "overly optimistic probability data" and philosophies that are "fundamentally flawed." That is why, in addition to the quest to find out why two Dreamliner batteries went kerflooey in the span of 10 days last month, some investigators are pouring over Boeing's risk assessment techniques and fault tree analysis.
"There were assumptions made in the certification process. We will be looking at all of those issues when we look at certification and how effective it was." Effective? Not. She's all but said that.
|Examining battery elements. NTSB photo|
For sex appeal though, crash detectives examining records and engineering data just can't compete with microscopes and smoldering electrical components. But it would be wrong to lock on to the nitty gritty details of what happened and why and skim too lightly over how the situation ever got this far.
One answer could be that it is Boeing, not the FAA that ran the tests demonstrating the safety of its battery system. "Responsibility for design, engineering and analysis is with the manufacturer" the report explains. (For more on that, read reporter Kyung M. Song's story in the Seattle Times.)
So one of Boeing's tests convinced the FAA that a short circuit or fire in one of the battery's eight cells wouldn't spread to the next. Another test proved to the regulator's satisfaction that a single cell venting would not result in smoke emissions from the battery. Both of these unlikely/improbable/won't happen events did occur. What's up with that? "The assumptions used to certify the battery must be reconsidered." That's Hersman's take anyway.
Yeah, on the surface, airplane certification review isn't sexy, but think about it this way, all the clues are smoking hot.