[SystemSafety] a public beta phase ???

Driscoll, Kevin R kevin.driscoll at honeywell.com
Wed Aug 10 16:36:37 CEST 2016

Yes, there is a continuation of the evolution that eliminated the flight engineer.  The goal is to reduce crew workload.  However, when you get down to a single airborne crew member (SPO or RCO) for the commercial air transport category of service, the possibility of incapacitated crew would require full authority.  There are other categories of flight that already allow single pilots and new such categories could be created (e.g., large cargo carriers with restricted routes and airfields).

Sent from my iPhone

On Aug 10, 2016, at 2:44 AM, Matthew Squair <mattsquair at gmail.com<mailto:mattsquair at gmail.com>> wrote:

Are people thinking about a transitional capability rather than making a jump to full authority?

On Wed, Aug 10, 2016 at 12:50 PM, Driscoll, Kevin R <kevin.driscoll at honeywell.com<mailto:kevin.driscoll at honeywell.com>> wrote:
> Is that presentation (or any variation) available anywhere?
It will be posted to someplace on the AOW web (hsi.arc.nasa.gov/workshop/aow<http://hsi.arc.nasa.gov/workshop/aow>).

> Could you give a summary?
I stayed away from the argument about whether software programmers at design time would make more or less mistakes than pilots in situ.  I didn't think I had anything significant to add to previous discussions.  Instead, I looked at the cost of implementing a dependable architecture for full-authority pilot assistance (PA) that would be "one subsystem to rule them all" (apology to Tolkien).  Such PA would have access to almost every control in the cockpit (few exceptions, e.g., possibly nose-wheel steering and anything not required for safe flight) and that would make it multi-chapter "Level A++".  This level of authority would be needed for single pilot operations (SPO) and reduced crew operations (RCO) where a single crew person incapacitation would be the whole crew.  Additional points:  crew incapacitation isn't that rare (about 30/yr in UK) and don't necessarily fail benignly (e.g., seizure kicks rudder hard-over).  Some simple cockpit devices (e.g. circuit breakers and
 switches) which have no universally safe state would have to be replaced by quad actuators.  There are a lot of such circuit breakers and switches in the cockpit.  The PA computations would need four fault containment zones and at least triplex intercommunication (to tolerate just one Byzantine fault).  The degree of PA invasiveness into existing systems would require a complete redesign of the cockpit; prohibitively expensive for retrofit and dubious for forward fit.  Then, there's the control hand-back problem (aircrew not ready to accept control when it's thrown back to them in the event of a PA failure) and cryptography issues for the RCO case (latency and international legality).

> -----Original Message-----
> From: GRAZEBROOK, Alvery N [mailto:alvery.grazebrook at airbus.com<mailto:alvery.grazebrook at airbus.com>]
> Sent: Monday, August 08, 2016 05:20
> To: Driscoll, Kevin R; systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>
> Subject: RE: [SystemSafety] a public beta phase ???
> Hi Kevin,
> [] ...  The reason I was at Ames was to give a presentation titled
> "Cyber Safety and Security for Pilot Assistance".  Yes, that's semi-
> autonomous air crew replacement (reduced crew operations, single pilot
> operations, etc).  Synopsis:  I don't think it's viable in the
> foreseeable future.
> []
> I'd be really interested to know what you think are the key hurdles
> that make the various reduced-crew operations not viable yet. Is that
> presentation (or any variation) available anywhere? Could you give a
> summary?
> Cheers,
>       Alvery
> This email and its attachments may contain confidential and/or
> privileged information.  If you have received them in error you must
> not use, copy or disclose their content to any person.  Please notify
> the sender immediately and then delete this email from your system.
> This e-mail has been scanned for viruses, but it is the responsibility
> of the recipient to conduct their own security measures. Airbus
> Operations Limited is not liable for any loss or damage arising from
> the receipt or use of this e-mail.
> Airbus Operations Limited, a company registered in England and Wales,
> registration number, 3468788.  Registered office:  Pegasus House,
> Aerospace Avenue, Filton, Bristol, BS34 7PA, UK.

The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>

Matthew Squair
BEng (Mech) MSysEng

Mob: +61 488770655
Email: MattSquair at gmail.com<mailto:MattSquair at gmail.com>
Website: www.criticaluncertainties.com<http://criticaluncertainties.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160810/90169606/attachment.html>

More information about the systemsafety mailing list