Title: ADS-B Safety Analysis (ASA
1ADS-B Safety Analysis (ASA GSA)
ASAS Thematic Network Second Workshop 6-8 October
2003
- Bob Darby
- EUROCONTROL ADS Programme
2OUTLINE
- Background
- Current work
- analysis processes
- comments on the methods, not the results
- Wider context Conclusions
- Safety is only part of SPR / IA
- Requirements Focus Group
- Longer term
- Points of Contact
3BACKGROUND
4Safety Work History
- 1999-2000 Stage 0
- Initial Safety Study - brief look high level
workshops - 2000-2001 Stage 1
- Operational Hazard Analysis (OHA) based on Case
Studies - Difficulty - not detailed enough definition of
the applications
5Safety Work History
- 2002
- Package I proposed at Rome
- CARE-ASAS / EUROCONTROL development of Package I
- EUROCAE WG51 RTCA SC-186
- Common applications review proposal
- Common methodology proposal - ED78A / DO-264
- Guidelines for Approval of the Provision and Use
of Air Traffic Services supported by Data
Communications - In parallel
- Stage 2A Safety Contract launched
- At the time (Jan 2002) the aim was to
- Use EUROCONTROL Safety Assessment Methods (SAM)
- Use ED78A as a means of compliance with the SAM
- Aim has changed as ESARR4 developed and use of
ED78A has proceeded, to establish an effective
methodology. Differences/complementarity handled
as an outcome.
6CURRENT WORK
7Stage 2A Safety Contract
- Coordinated with CBA and Architecture work
- Assessment of some ADS-enabled ASA and GSA
applications defined in the Package I OSED -
including ADS-B in a mixed surveillance
environment - For each Package I application
- OHA building on the results of the ADS Programme
Stage 1 OHA - ASOR allocation to elements / domains within the
architecture - from ASOR options safety requirements for the
ADS-B element based on the specific enabling
infrastructure. - PSSA for one application, using a specific
architecture - Issues
- Methodology and Software tools equally important
as the results
8Logical Flow
9Applications assessed
- Ground Surveillance Applications (GSA)
- ATC surveillance in en-route airspace
- ATC surveillance in terminal areas
- ATC Surveillance in non-radar area
- Airport Surface Surveillance
- Surface Traffic Awareness application
- Runway Incursion application
- Airborne Surveillance Applications (ASA)
- Enhanced traffic situational awareness on the
airport surface - Surface Traffic Awareness application
- Runway Incursion application
- Enhanced successive visual approaches
- Sequencing and merging applications
10OHA process
11OHA output (example)
From Enhanced Successive Visual Approach
- OHA is summarised in a diagram.
- Details in several tables
- OH summary table, that refers to
- Candidate safety requirements lists
- environmental
- procedural
- technical
- Recommendations list
- Causes list
- Supported by detailed OH tables
12OHA - comments on process
- Exhaustive detailed ...
- time-consuming to develop and to review
- Mature process, used (with slight variations) by
many European projects, NUP, MFF, - Needs tool support to ensure
- consistency between diagrams and tables
- traceability and accurate cross-referencing
between all tables - database is being developed
- Derived from application model in OSED
- Changes to OSED may mean complete rework of OHA
13ASOR process
- Follows on from OHA
- traceability essential
- Objective identify
- responsible domains/elements (ATC, aircraft,
crew,) - system failure relationships
- mitigation means strategy
- Key processes
- Building the fault tree
- stop when the safety requirement can be
exclusively met in a domain - Allocation of safety requirements
- several options
14ASOR - comments on process
- Relatively new process - learning as we proceed
- More complex for surveillance than for
communications - No single correct answer - tradeoffs will occur
- Trees give the understanding - tables give the
detail - Tools for traceability and consistency essential
15PSSA
- Specific to a particular implementation
- Assess if the proposed architecture is safe for
its intended purpose - ASOR has already mapped safety requirements to
the domain - Now look at the architecture within the domain
i.e. main functional (and physical) components - EUROCONTROL study example Toulouse airport
- Package I applications
- Airport Surface Surveillance
- Enhanced traffic situational awareness on the
airport surface - Surface Traffic Awareness application
- Runway Incursion application
- Just starting this phase of the study
16Overall Comments
- Learning about the processes as we use themgoing
from the generic to the specific - Status
- OHA mature but effort intensive
- ASOR developing well
- PSSA just started but relatively straightforward
- Overall large effort
- Tool support essential, especially when iterating
and reworking - Complementary approach to identify critical areas
would pay dividends - OSED is critical - clarity and accuracy of
application modelling is vital
17WIDER CONTEXT CONCLUSIONS
18Safety is only part of the process
OSED Operational Service Environment Definition
OSA Operational Safety Assessment OHA ASOR
OPA Operational Performance Assessment Identify
allocate performance requirements
IA Interoperability Assessment
SPR Safety Performance Requirements
Interop Document
19Preparation for RFG/3
- Joint EUROCONTROL, FAA, EUROCAE, RTCA
Requirements Focus Group - 1st-4th December 2003, Washington DC
- OSEDs OSED Harmonisation Group
- First complete PI OSED due out soon
- Safety EUROCONTROL, NUP, MFF,
- Convergence on the methods
- More coordination and consensus needed - EC can
help? - SPR IA as a whole
- ad-hoc SPR/IA group working since July
- aiming at common approach for Europe and USA
extend world-wide?
20Longer term considerations
- Operational expertise to validate the analysis
conclusions - Complementary methods could be of value
- for greater efficiency overall
- for confirming results
- Coordination with Safety Unit, SRC and EASA
21POINTS OF CONTACT
- EUROCONTROL ADS Programme
- visit the ADS Programme website
- http//www.eurocontrol.int/ads
- STNA Sofréavia
- who have carried out the detailed work and
developed in a practical form the processes
described today - RFG colleagues
- discussions in preparation of material for RFG/3