Supersonic Business Jet Safety by Design Final Presentation July 29th, 2002

1
Supersonic Business JetSafety by Design Final
PresentationJuly 29th, 2002
Mark Birney Kit Borden Adam Krause Jieun
Ku Samson Lim Shawn Mahan
2
Overview

• System Introduction
• Certification Process
• Certification Compliance
• Functional Hazard Assessment
• Prism System Analysis
• Human Error Assessment
• Preliminary System Safety Assessment
• Uncertainty Analysis and Technology Assessment

3
Market Outlook for SBJs

• A demand for more than 10,000 business jets
  expected between 2001 and 2011 (Source
  Gulfstream)
• Gulfstream estimates market for environmentally
  friendly SBJs to be 10 of annual subsonic
  market
• DARPA has heavily prioritized projects aiming at
  solving technology challenges of supersonic
  flight, notably the Quiet Supersonic Platform
  (QSP)

4
Voice of the Customer

• Reduce Travel Time (more than 50)
• By Increasing Cruise Speed (100)
• By Reducing Airport Ground Time (70)
• Increase Versatility Efficiency
• By Using General Aviation Other Smaller
  Airports
• By Reducing Ground Transportation Time
• Improve Productivity Business Opportunities
• By Providing Doorstep-to-Destination Travel

In order to satisfy customer requirements, a
long range supersonic business jet is required.
5
Limitations Requirements
Gulfstream market research has indicated
significant design barriers to overcome

• Sonic Boom Issues
• BANG Nose Shock Overpressure (lt 0.5 psf)
• Environmental (Non Sonic Boom Related) Issues
• Takeoff/Landing Noise
• NOX CO2 Emissions
• Ozone Depletion
• Operational Issues
• Supersonic Flight Over Land
• Operable from Regional Airports
• Efficient Operations at Both Subsonic
  Supersonic Speeds
• High Availability Required

6
QFD Results

• By using the QFD as an initial screening test it
  was determined that
• Mission profile would be very important (Cruise
  Mach number weighting)
• The choice of propulsion system would have a
  large impact on the system
• Aircraft geometry (Planform shape, fuselage area
  ruling) was also significant

7
Emissions

• Current Regulations govern LTO NOx emissions
  based on standard Take-off and Approach Cycle
• Allowable emissions based on Design Thrust and
  OPR of engine
• No current regulations for CO2 or cruise NOx
  emissions, but ICAO is developing guidelines
  governing these parameters
• The future regulations may prove very important
  because of relatively high NOx emission rates at
  high mach numbers

Courtesy NASA Glenn
Courtesy NASA Glenn
8
Sideline and Fly-over Noise

• Stage IV Noise Regulations require 10dB
  cumulative reduction over Stage III
• Applies to Aircraft certified after 2006

Courtesy NASA Glenn
Courtesy NASA Glenn
Courtesy NASA Glenn
9
Mission Profile

• Mission profile based on customers desire for
  direct flights

• 4000 nautical mile design range

10
Geometry
11
Performance and Economic Metrics

• Constraint Values based on Government
  regulations as well as customer requirements

• All targets are met except for sonic boom and
  economic targets.

12
System Breakdown

• Based on B-777
• System Breakdown

13
Propulsion System Breakdown
14
Engine Configuration
Low Bypass Ratio Mixed- Flow Turbofan
15

• Certification Process
• Shawn Mahan

16
Safety and Certification Overview
17
Certification - Introduction

• The SSBJ and SBBJ engine will need to be
  certified by the FAA before it can enter revenue
  and passenger service
• The FAA has outlined the method to obtain an
  Original Design Approval on its website.
• The following slides will provide an overview of
  the Certification Program for the SSBJ Engine

18
The FAA Website
19
(No Transcript)
20
Original Design Approval Process

• As outlined on the FAA Certification Website, an
  original FAA design approval is a six phase
  process in which an applicant applies for, and
  the FAA may issue, a type certificate or design
  approval of a product or a major design change to
  a product.
• Phase I Partnership for Safety Plan
• Phase II Conceptual Design and Standards
• Phase III Refined Product Definition and Risk
  Management
• Phase IV Certification Project Planning
• Phase V Certification Project Management
• Phase VI Post Certification
• Detailed information can be found in The FAA and
  Industry Guide to Product Certification,
  available on the FAA Website.

21
Program Schedule
22
Program Schedule
23
Program Schedule
24
Key Players and Roles

• Communication and cooperation are the keys to a
  successful program.
• Key Players and Roles are defined and summarized
  in The FAA and Industry Guide to Product
  Certification

25
Certification Example

• It took DAL 3 years to complete a small
  structural modification to the B757 pylon.
• There were several factors that led to delays
• Large companies tend to divide functions across
  several groups
• Engineering
• AD Compliance
• NTSB / FAA Liaison
• Internal DERs
• The FAA organization is large and decentralized
• Which ACO will you need to coordinate through?
  ATL ACO, LA ACO, SEA ACO
• Politics
• Coordinating project status meetings and
  conformity inspections is difficult.

26
Avoid the Pitfalls

• Plan well and early, get training from the FAA if
  you need it.
• Always pad your schedule and plan for
  contingencies.
• Defeat Organizational Barriers
• Develop a good reporte with the FAA.
• Assign one person as a dedicated project manager.
• Get written commitments!
• Organize and document your progress and problems.

27
Deliverables

• The Certification process will generate several
  types of data.
• Data requirements will be required by applicable
  sections of the FAR and the FAA.
• The following list is taken from The FAA and
  Industry Guide to Product Certification

28
Data Types

• Familiarization and Board meeting minutes
• Program Specific Certification Plan
• Product Certification Team and Management status
  reviews
• Application for Type/Production Certification
• Letter of Application Acknowledgment
• Certification Project Notification
• Type Certification Basis
• Issue Papers, Special Conditions, Exemptions,
  Equivalent Level of Safety Findings
• Burden Assessments
• Issues Tracking List
• Compliance Check List
• Conformity Procedures
• Type Inspection Authorizations and Conformity
  Requests
• Delegation plan

• Compliance Data (e.g.,test plans, reports,
  analyses.)
• Type Inspection Report
• Installation and Operating instructions
• Flight Manual
• Structural Repair Manual
• Instructions for Continued Airworthiness
• Continued Airworthiness management plan
• Type Design Approvals
• Type Certificate Data Sheet
• Production Approvals
• Production Limitation Record
• Airworthiness Certifications
• Compliance Summary Document
• Project Evaluation Forms

29
Sample Data
30
Data Retention

• Both the FAA and the Applicant are responsible
  for maintaining and storing data.
• FAA Order 8110.4B provides the following
  information about data retention.

31
Data Retention
32
Certification Basis

• The Certification Basis identifies the applicable
  standards to which the Applicant must show
  compliance.
• It also includes the need for special conditions,
  exemptions, and equivalent safety findings, if
  any.
• The proposed certification basis is established
  by the FAA at the beginning of a TC program.

33
Certification Basis
34

• Certification Compliance and Functional Hazard
  Assessment
• Kit Borden

35
Certification and Testing

• FAR Part 33 covers Engines
• Includes supersonic engine regulations
• FAR Part 36 covers Noise
• Includes supersonic noise regulations for
  Concorde only
• These two parts were chosen to study in further
  detail because of the system chosen to study
  (propulsion) and because noise is important for
  any commercial aircraft and especially the
  supersonic aspect of this design.

36
Noise Requirements

• Lack of generic supersonic requirements leaves
  two main options
• Seek an exception to the existing regulations
• Seek new rule making activity for appropriate
  regulations

37
Exception to existing rules

• There could be a time savings because rule making
  is a long process.
• Obtaining an exception involves fewer people than
  new rule making.
• An exception would not be a flexible should new
  regulations come into being during the life of
  the aircraft.

38
New Rules

• Regulations for non-Concorde supersonic
  commercial aircraft will come eventually
• Asking for those rules now has two advantages
• Allows for greater shaping of the regulations as
  they are created
• Ensures continuing compliance
• Both rule making and the design will be long
  processes, so the time penalty should be minimal

39
Part 36
40
Part 36
41
Example of Noise Testing

• Basic testing techniques remain the same
  regardless of noise levels allowed.
• New rules would merely give the allowable levels.
  
• New techniques may be required for supersonic
  noise evaluation.

Courtesy NASA Glenn
Courtesy NASA Glenn
Courtesy NASA Glenn
42
Part 33
43
Functional Hazard Assessment and Certification

• The FHA is part of the processes described in
  SAE 4761.
• Certification is driven by the FARs.
• Meeting the standards derived from SAE 4761
  improves performance for the FAR requirements.

44
Appendix A Functional Hazard Assessment of SBJ
Propulsion System
45
(No Transcript)
46

• Prism System Analysis and Human Error Assessment
• Jieun Ku

47
PRISM

• Developed By Reliability Analysis Center (RAC)
• Performs system-level failure rate assessments
• Disadvantages
• No redundancy function
• No OR gate function
• Human factors are not properly considered

48
PRISM Flow Chart
49
SBJ Total Failure Rate
(11.504/M Calendar Hours)
50
Failure Rate Distribution - 1
51
Failure Rate Distribution - 2
52
Human Factors

• Human ? Information Processing System
• Ergonomics aspect
• Different failure rates in each conditions
• Human error causes 20 to 50 of equipment
  failures
• Human reliability elements have to be included in
  reliability analysis

53
Ways That Humans Cause Errors
54
Types of Human Errors

• Operating Errors
• Maintenance Errors
• Assembly Errors
• Design Errors
• Inspection Errors
• Installation Errors

55
Operating Errors

• Function-associated errors
• Operating equipment- associated errors
• - Errors of omission - situations requiring
  operator attention
• - Error of identification - misidentification of
  an object and its treatment as the correct
  object
• - Error of interpretation - misunderstanding of
  information and result in performing incorrect
  tasks

• Identifying
• Sensing
• Classifying Coding

• Decision making
• Sequencing
• Problem solving

• Estimating
• Tracking
• Detecting

56
Human Reliability Analysis (HRA) Methodologies

• Technique For Human Error Rate Prediction (THERP)
  
• Probability Tree Method
• Pontecorvos Method
• The Throughput Ratio Method
• Personnel Reliability Index
• Block Diagram Method

57
Technique For Human Error Rate Prediction (THERP)

• Predicting human error rates.
• Evaluate system probability that
• - Errors will cause system failure
• - Operations will lead to an error.
• Methods used are
• - The system and task analysis method
• - The probability tree method

58
Probability Tree Method

• Concerned with representing critical human
  actions
• The advantages
• - Useful in applying prediction of individual
  error rates
• - Useful in predicting the quantitative effects
  of errors
• - serves as a visibility tool
• - Incorporate with physical and emotional stress
• - Helps to decrease the probability of errors

59
Environmental Factors on Human Reliability

• The human is easy to be distracted by
  environmental circumstance
• Environmental factors can be detected and changed
  to the direction that can help human reliability.
• ? Discussed and applied on HRA software REHMS-D
• ? The sensitivity analysis is carried with human
  factor

60
Human Reliability Analysis

• Fault Tree Analysis
• HRA Event Tree
• REHMS-D (Advised By Ho-Seoung Lee)

61
Fault Tree Analysis
Ref. Human Reliability and Safety Analysis Data
Handbook
62
HRA Event Tree
Pilot Fails To Detects Change P(f) 0.003
Pilot Detects Changes
Co-pilot Detects Changes
Co-pilot Fails To Detects Change P(f) 0.15
63
REHMS-D - 1

• Evaluate human reliability related with machine
• Shows effects of environmental and personnel
  factors
• Does not analyze with unacceptable environmental
  factors

64
REHMS-D - 2
65
Sensitivity of Decision Making
66
Sensitivity of Duration
67
Sensitivity of Response
68
Sensitivity Analysis Using REHMS-D

• The environmental factors affects to human
  sensory reliability MOST
• Working period has to be considered to maintain
  certain reliability level
• The number of decisions need to be limited
• Response types must be selected based on tasks

69
Further Study

• Disadvantages of REHMS-D
• Not suitable for aircraft maintenance environment
• Not suitable for pilot error assessment
• Inconvenience in using
• The lack of phase level analysis
• Need alternative software for human reliability
  assessment in system design level

70
New Methodology Proposal
71

• Preliminary System Safety Assessment
• Mark Birney

72
Preliminary System Safety Assessment

• PSSA begins when FHA is completed
• Iterative with the rest of the safety and design
  process
• Objective Determine what failure conditions can
  result in the hazards described by the FHA

Safety Requirements
System Definition
PSSA
FHA
Preliminary Design
FTA Markov Analysis
Safety Performance
73
Preliminary System Safety Assessment

• Detailed safety assessment performed on
  propulsion systems
• Function of the engine and the function of the
  engine monitoring systems analyzed
• Failure sources considered for hardware, software
  and liveware

74
Fault Tree Analysis

• Fault Tree Analysis used to assess failure modes
  for the propulsion system
• Probabilities of failure set for source failures
  and calculated for the propulsion system

FTA for annunciated single engine full or partial
failure
75
Fault Tree Analysis

• Fault tree for unannunciated single engine full
  or partial failure
• Both subsystems most fail for this situation to
  occur
• Humans and software counted as part of two
  subsystems

76
FTA in Relex
77
FTA Results

• Results indicate that safety requirements set can
  be met for unannunciated full and partial engine
  failures and both engines out
• Single engine full or partial failure probability
  cannot be met

78
Criticality Matrix

• Matrix shows phases of mission and their
  criticality to mission safety
• One engine partially out during takeoff, climb,
  cruise or descent is the most critical failure
  condition

79
PSSA Results

• Safety requirements not met for single engine out
  or single engine partially out
• Criticality matrix indicates that single engine
  partially out situations will be the most
  critical in improving system safety
• There are several options for improving safety
  performance
• Markov Analysis to determine required repair
  rates
• Add technologies to improve sub-system
  reliability
• Continue to redefine system and continue to
  reevaluate

80
Sensitivity Analysis

• Bar chart created by running a simulation on a
  spreadsheet FTA
• Performed to show what engine sub-systems have
  the greatest impact on failure probabilities
• Information may be used to investigate
  technologies for improving safety
• Cooling, oil, fuel systems most critical along
  with blade failure effects for this case

81
Sensitivity Analysis

• For unannunciated failure cases, the warning and
  monitoring systems have the greatest impact
• Cooling, oil and fuel systems along with blade
  failure have the greatest impact from the engine
  hardware
• Software failure is also important for the loss
  of annunciation

82

• Uncertainty Analysis and Technology Assessment
• Adam Krause

83
Monte Carlo Simulation

• Probability distributions around individual
  propulsion subsystems
• Probabilities combined using the Fault Tree
  Analysis models to determine probability of
  failure modes

84
Sample FTA Model Used
85
Annunciated Single Engine Failure
86
Unannunciated Single Engine Failure
87
Annunciated Partial Single Eng. Failure
88
Unannunc. Partial Single Eng. Failure
89
Both Engines Out (Annunciated)
90
Must Infuse Technologies to Meet Targets for

• Annunciated Single Engine Failure
• Annunciated Partial Single Engine Failure
• Technologies Used
• Active Combustion Control
• Ceramic Matrix Composites
• Environmental Engine Technology

91
Active Combustion Control T1
Benefits
Costs

• Difficult task
• Combustion instability
• High RDTE

• NOx Reduction
• Facilitates Certification

Description Improves the effectiveness of RQL
and LPP. Controls the efficiency and the
emissions of the combustor based on information
fed back from sensors placed in the turbine
stages
Impact on Safety
92
Ceramic Matrix Composites T2
Benefits
Costs

• Engine Cost
• Stress constraint

• High T4
• Engine weight reduction
• Cooling reduction

Description CMCs used for turbine components
will increase the maximum allowable material
temperature. This allows for higher turbine inlet
temperatures or reduced cooling. This system also
eliminates the need for an afterburner and
reduces engine weight significantly.
Impact on Safety
93
Environmental Engine T3
Benefits
Costs

• Multi-million dollar investment
• High RDTE

• NOx Reduction
• Noise Reduction

Description Modifications required the engine
parameters to comply with the requirements and
predicted outcomes of programs like IHPTET or QSP
Impact on Safety
94
Annunciated Single Engine Failure
95
Annunciated Partial Single Eng. Failure
96
Conclusions

• SBJ has good potential to serve the needs of many
  businesses, but faces many certification and
  safety challenges
• Certification challenges
• Meeting noise requirements
• Working with the FAA to develop exceptions or new
  rules for supersonic flight

97
Conclusions

• Safety
• Initial study shows that the entire system has
  good safety parameters
• Detailed study of engine reveals potential issues
  with one engine-out situation
• Further refinement and definition of the engine
  system will be needed as the SBJ design moves
  forward
• Human and software reliability pose special
  issues in the safety process