[SystemSafety] a public beta phase ???

Smith, Brian E. (ARC-TH) brian.e.smith at nasa.gov
Thu Aug 11 18:10:37 CEST 2016


Avery & Kenneth,

Even with a robust, redundant, and short-latency technology architecture, the possibility of a rogue pilot (an insider) would still exist.  While such circumstances are highly improbable, societal and regulatory pushback against a single pilot behind a locked cockpit door is not to be underestimated.  This situation is a reflection of the fact that aviation is a socio-technical system and not just a collection of technologies.

Brian

From: systemsafety <systemsafety-bounces at lists.techfak.uni-bielefeld.de<mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de>> on behalf of "GRAZEBROOK, Alvery N" <alvery.grazebrook at airbus.com<mailto:alvery.grazebrook at airbus.com>>
Date: Wednesday, August 10, 2016 at 10:06 AM
To: "Driscoll, Kevin R" <kevin.driscoll at honeywell.com<mailto:kevin.driscoll at honeywell.com>>, "systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>" <systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>>
Subject: Re: [SystemSafety] a public beta phase ???

Hi Kevin,

There is a particular “transitional capability” case that could be interesting for passenger aircraft: For long-range aircraft using crew-rest areas, there is the possibility of running the flight with two crew but a duration where the flight exceeds their normal active hours; the proposal is to alternate rest periods during flight, leaving single pilot in the cockpit.

You would still need a dependable architecture, but only to move to a transitional safe operating condition. It would not apply to takeoff / landing where both crew would be active. I would imagine there still being some need for ground support, to sustain the captain’s health / awareness and support in case of exceptional conditions.

How do your challenges apply to this scenario?


Cheers,
            Alvery

** any opinions expressed are my own, not necessarily those of my employer.

From: Driscoll, Kevin R [mailto:kevin.driscoll at honeywell.com]
Sent: 10 August 2016 3:37 PM
To: Matthew Squair
Cc: GRAZEBROOK, Alvery N; systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>
Subject: Re: [SystemSafety] a public beta phase ???

Yes, there is a continuation of the evolution that eliminated the flight engineer.  The goal is to reduce crew workload.  However, when you get down to a single airborne crew member (SPO or RCO) for the commercial air transport category of service, the possibility of incapacitated crew would require full authority.  There are other categories of flight that already allow single pilots and new such categories could be created (e.g., large cargo carriers with restricted routes and airfields).

Sent from my iPhone

On Aug 10, 2016, at 2:44 AM, Matthew Squair <mattsquair at gmail.com<mailto:mattsquair at gmail.com>> wrote:
Are people thinking about a transitional capability rather than making a jump to full authority?

On Wed, Aug 10, 2016 at 12:50 PM, Driscoll, Kevin R <kevin.driscoll at honeywell.com<mailto:kevin.driscoll at honeywell.com>> wrote:
> Is that presentation (or any variation) available anywhere?
It will be posted to someplace on the AOW web (hsi.arc.nasa.gov/workshop/aow<http://hsi.arc.nasa.gov/workshop/aow>).

> Could you give a summary?
I stayed away from the argument about whether software programmers at design time would make more or less mistakes than pilots in situ.  I didn't think I had anything significant to add to previous discussions.  Instead, I looked at the cost of implementing a dependable architecture for full-authority pilot assistance (PA) that would be "one subsystem to rule them all" (apology to Tolkien).  Such PA would have access to almost every control in the cockpit (few exceptions, e.g., possibly nose-wheel steering and anything not required for safe flight) and that would make it multi-chapter "Level A++".  This level of authority would be needed for single pilot operations (SPO) and reduced crew operations (RCO) where a single crew person incapacitation would be the whole crew.  Additional points:  crew incapacitation isn't that rare (about 30/yr in UK) and don't necessarily fail benignly (e.g., seizure kicks rudder hard-over).  Some simple cockpit devices (e.g. circuit breakers and
 switches) which have no universally safe state would have to be replaced by quad actuators.  There are a lot of such circuit breakers and switches in the cockpit.  The PA computations would need four fault containment zones and at least triplex intercommunication (to tolerate just one Byzantine fault).  The degree of PA invasiveness into existing systems would require a complete redesign of the cockpit; prohibitively expensive for retrofit and dubious for forward fit.  Then, there's the control hand-back problem (aircrew not ready to accept control when it's thrown back to them in the event of a PA failure) and cryptography issues for the RCO case (latency and international legality).

> -----Original Message-----
> From: GRAZEBROOK, Alvery N [mailto:alvery.grazebrook at airbus.com<mailto:alvery.grazebrook at airbus.com>]
> Sent: Monday, August 08, 2016 05:20
> To: Driscoll, Kevin R; systemsafety at lists.techfak.uni-bielefeld.de<mailto:systemsafety at lists.techfak.uni-bielefeld.de>
> Subject: RE: [SystemSafety] a public beta phase ???
>
> Hi Kevin,
>
> [] ...  The reason I was at Ames was to give a presentation titled
> "Cyber Safety and Security for Pilot Assistance".  Yes, that's semi-
> autonomous air crew replacement (reduced crew operations, single pilot
> operations, etc).  Synopsis:  I don't think it's viable in the
> foreseeable future.
> []
> I'd be really interested to know what you think are the key hurdles
> that make the various reduced-crew operations not viable yet. Is that
> presentation (or any variation) available anywhere? Could you give a
> summary?
>
> Cheers,
>       Alvery
>
> This email and its attachments may contain confidential and/or
> privileged information.  If you have received them in error you must
> not use, copy or disclose their content to any person.  Please notify
> the sender immediately and then delete this email from your system.
> This e-mail has been scanned for viruses, but it is the responsibility
> of the recipient to conduct their own security measures. Airbus
> Operations Limited is not liable for any loss or damage arising from
> the receipt or use of this e-mail.
>
> Airbus Operations Limited, a company registered in England and Wales,
> registration number, 3468788.  Registered office:  Pegasus House,
> Aerospace Avenue, Filton, Bristol, BS34 7PA, UK.


_______________________________________________
The System Safety Mailing List
systemsafety at TechFak.Uni-Bielefeld.DE<mailto:systemsafety at TechFak.Uni-Bielefeld.DE>



--
Matthew Squair
BEng (Mech) MSysEng
MIEAust CPEng

Mob: +61 488770655
Email: MattSquair at gmail.com<mailto:MattSquair at gmail.com>
Website: www.criticaluncertainties.com<http://criticaluncertainties.com/>



This email and its attachments may contain confidential and/or privileged information.  If you have received them in error you must not use, copy or disclose their content to any person.  Please notify the sender immediately and then delete this email from your system.  This e-mail has been scanned for viruses, but it is the responsibility of the recipient to conduct their own security measures. Airbus Operations Limited is not liable for any loss or damage arising from the receipt or use of this e-mail.

Airbus Operations Limited, a company registered in England and Wales, registration number, 3468788.  Registered office:  Pegasus House, Aerospace Avenue, Filton, Bristol, BS34 7PA, UK.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160811/c2cfb176/attachment.html>


More information about the systemsafety mailing list