Safety Risk Impact Analysis of an ATC Runway Incursion Alert System. Sybert Stroeve, Henk Blom, Bert Bakker

Similar documents
Operational Need Technical Challenges Technical Solution System Architecture MDS Performance Experience from Austria (A-SMGCS) Agenda

Integrated surface management Herve Drevillon (DSNA) Airport safety support tools for pilots, vehicle drivers and controllers Nicolas Leon (DSNA)

INITIAL TEST RESULTS OF PATHPROX A RUNWAY INCURSION ALERTING SYSTEM

REQUIREMENTS OF SAFETY MANAGEMENT SYSTEM

AVIATION TRAINING ACADEMY

Safety Management Challenges for Aviation Cyber Physical Systems

MODEL REGULATION SAFETY MANAGEMENT SYSTEM REGULATION. International Civil Aviation Organisation

Controlling Risks Risk Assessment

Safety Integrity Levels

WHICH AIR TRAFFIC CONTROLLER TO CONTACT

SESAR Air Traffic Management Modernization. Honeywell Aerospace Advanced Technology June 2014

ICAO Standard Phraseology A Quick Reference Guide for Commercial Air Transport Pilots

Guidance on the Conduct of Hazard Identification, Risk Assessment and the Production of Safety Cases

EUROPEAN NETWORK OPERATION SAFETY TOP 5 RISKS. HOW TO IDENTIFY, ANALYZE AND RESPOND? RUNWAY SAFETY ACTION PLANS. Joe Sultana

GUIDANCE ON HAZARDS IDENTIFICATION

Learning Objectives 04 COMMUNICATIONS (VFR)

Do you know exactly how the communication with an aerodrome controller in a foreign country should look like? No? If not, this list might help you.

How To Manage Safety Risk In Aviation

Sensitivity Analysis of Safety Measures for Railway Tunnel Fire Accident

Safety Management Systems (SMS) guidance for organisations

Integration of Drones in Civil Airspace

Operational Use of the English Language. ATM Safety around Europe

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

PF3 ATC at its best Version History

PMI Risk Management Professional (PMI-RMP ) - Practice Standard and Certification Overview

Michael Harrison Aviation Management Associates Alternative PNT Public Meeting Stanford University August Federal Aviation Administration

How To Manage A Plane With A-Cdm

AN AIRCRAFT TAXI SIMULATION MODEL FOR THE UNITED PARCEL SERVICE LOUISVILLE AIR PARK. W. Swain Ottman Angela C. Ford Gregory R.

the safety maker in aviation

Table of Contents 1. INTRODUCTION 2 2. DEFINITION 4 3. UAS CLASSIFICATION 6 4. REGULATORY PRINCIPLES INTERACTION WITH AIR TRAFFIC CONTROL 16

How To Understand The Rules Of An Aerodrome

Motivations. spm adolfo villafiorita - introduction to software project management

The CREDOS Project. Human Machine Interface Design

FLIGHT TRAINING (AEROPLANE) BASED ON JAR FCL - PPL(A) FLIGHT INSTRUCTION Syllabus

CIVIL AVIATION REQUIREMENTS SECTION 4 AERODROMES & AIR TRAFFIC SERVICES SERIES X PART IV 17 th OCTOBER 2007 EFFECTIVE : FORTHWITH

Disaster Risk Assessment:

Annex to Decision 2013/008/R

Functional Hazard Assessment (FHA) Report for Unmanned Aircraft Systems

CIVIL AVIATION REQUIREMENTS SECTION 9 AIR SPACE AND AIR TRAFFIC MANAGEMENT SERIES 'L', PART I

Chapter 15. Airports Authority of India Manual of Air Traffic Services Part EMERGENCY PROCEDURES

Project Risk Management. Presented by Stephen Smith

FUNBIO PROJECT RISK MANAGEMENT GUIDELINES

Airport Safety Management Systems and New Technologies

Rulemaking Directorate. Preliminary Regulatory Impact Assessment Explanatory Note 2012/2013

Flight Operations Briefing Notes

A Risk Management Standard

NOTICE TO AERODROME CERTIFICATE HOLDERS (NOTAC) No. 02/2013

Adaptive Cruise Control System Overview

Radio Communications in Class D Airspace by Russell Still, Master CFI

Unmanned Aircraft Systems (UAS) Integration in the National Airspace System (NAS) Project

PROJECT RISK MANAGEMENT

THE SESAR CONCEPT AND SWIM. David Bowen Head of ATM Operations & Systems SESAR Joint Undertaking

States shall establish a State safety programme, in order to achieve an acceptable level of safety in civil aviation.

Project Risk Management

Insurance industries issues: contribution to prevention and safety in the financial sector

Investigation Report

ICAO Safety Management Systems (SMS) Course Handout N 5 Cuzco International Airport operation

Project Management. [Student s Name] [Name of Institution]

12.0 SAFETY AND SECURITY

Integrated Data Management for handling hazard of change situations: a sample case of operational implementation

Risk Assessment / Risk Management Protocol

Prevention of loss of communication. Air China

Advanced Data Link Infrastructure Solution for Next Generation of Air Traffic Management

Space Applications and Technologies Expo Rome, Italy February 4 6, 2010

Tauranga, Bay of Plenty

A101 SAFETY/ADM/ORM/CRM

HOW TO RISK ASSESS USING THE NEW ARMS METHODOLOGY AND ADVANTAGES COMPARED TO OLDER METHODS BY THE ARMS WORKING GROUP MAY 2010

Setting up VRC. Getting started with the Virtual Radar Client (VRC)

LONDON SOUTHEND AIRPORT CLASS D CONTROLLED AIRSPACE GUIDE

itesla Project Innovative Tools for Electrical System Security within Large Areas

Risk Analysis and Quantification

A risk assessment procedure for the safety management of airport infrastructures

Safety Risk. Aligning perception with reality

PMI Risk Management Professional (PMI-RMP) Exam Content Outline

Clinical Risk Management: Agile Development Implementation Guidance

Safety Regulation Group SAFETY MANAGEMENT SYSTEMS GUIDANCE TO ORGANISATIONS. April

Training program for S2 (TWR) rating

Airport logistics - A case study of the turnaround

BOEING CAPACITY-INCREASING ATM CONCEPT FOR 2020

Occupational safety risk management in Australian mining

RISK MANAGEMENT FOR INFRASTRUCTURE

Reliability Analysis A Tool Set for. Aron Brall

Contents. List of Figures. List of Tables. List of Examples. Preface to Volume IV

Introduction of a More Automated Environment in En-Route ATC


FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Safety Bulletin Newsletter

Performance-based Navigation and Data Quality

Climate-friendly technology alternatives to HCFC/HFC. Safety standards and risk assessment. Tel Aviv, Israel 27 th to 28 th May 2015

Pilot Briefing for Helsinki-Vantaa Real Flight Event

8-1 Chapter 8 Radio Operations: Aviation Spoken Here

A Guide to phraseology

TRAINING PROGRAM FOR AIRPORT LIGHTING MAINTENANCE PERSONNEL

Ein einheitliches Risikoakzeptanzkriterium für Technische Systeme

Chapter 8 Subjective Probability

The need for Safety Intelligence based on European safety data analysis

NAMIBIAN RADIO LICENSE VALIDATION

Transcription:

Safety Risk Impact Analysis of an ATC Runway Incursion Alert System Sybert Stroeve, Henk Blom, Bert Bakker EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006

Contents Motivation Example application Systemic approach Risk results Conclusions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 2

Runway incursion: Recognised as important air traffic safety issue EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 3

Complexity of aerodrome operations Complexity of accident risk assessment Complexity of operations Many agents (humans/systems) Many interactions Highly dynamic Performance deviations Complexity of risk assessment Multiple agents Dependencies between agents Dynamics of agents Nominal/non-nominal conditions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 4

Three types of accident models (Hollnagel, 2004) 1. Sequential accident models Accident = sequence of events e.g. fault trees, event trees, domino theory Causes Pivotal HAZARD Event FTA S F ETA S F S Effect A Effect B Effect C F Effect D Consequences 2. Epidemiological accident models Accident = like spreading of disease (latent/environmental conditions, barriers) e.g. Reason s Swiss cheese model, Bayesian belief networks EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 5

Three types of accident models (Hollnagel, 2004) 3. Systemic accident models Accident = emergent from variability of a complex system e.g. control theory, chaos theory, stochastic resonance Compared to sequential / epidemiological accident models: No fixed cause-effect relations Dynamic / non-linear behaviour Performance beyond event probability Complex multi-agent interactions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 6

Contents Motivation Example application Systemic approach Risk results Conclusions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 7

Active runway crossing operation: Effectiveness of ATC runway incursion alerting? Human operators Pilots take-off aircraft Pilots taxiing aircraft Runway controller Ground controllers Technical systems VHF R/T communication Active stopbar Runway incursion alert Ground radar Procedures Crossing clearance by runway controller Stopbar switching Read-back EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 8

Contents Motivation Example application Systemic approach Risk results Conclusions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 9

Safety risk assessment cycle 1 Determine operation 2 Identify hazards 3 Construct scenarios 0 Operational development Identify objective Decision making 7 Identify safety bottlenecks Iterate (option) Assess risk 6 tolerability 4 Assess 5 frequency Assess severity EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 10

Risk assessment by combination of two models: Monte Carlo Simulation + Bias & Uncertainty EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 11

Monte Carlo simulation model of multi-agent runway incursion scenario Key aspects of agents, e.g. SA / task performance of operator Flight phase / aircraft performance Modes within key aspects, e.g. Task: monitoring / alert reaction Flight phase: taxi / take-off Dynamics within modes, e.g. Task performance time Take-off acceleration profile Interactions Between modes Between key aspects of an agent Between agents EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 12

Parameter values in MC simulation model Types Technical systems, e.g. accuracy, availability, update rate, aircraft thrust Human performance, e.g. task duration, decision parameter, likelihood of misunderstanding Context, e.g. taxiway layout, visibility Sources Technical system specifications Human factors literature Incident databases Interviews with operational experts Measurement data of real operations Measurement data of real-time simulations Simulation results from other relevant models EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 13

Performing Monte Carlo simulation Model implementation in dedicated Delphi / Java software MC simulation speed-up by risk decomposition MC simulation of conditional collision risks given an event, e.g. R/T system not functioning Alert system not functioning Pilots taxiing aircraft are lost Visibility condition Assess event probability Combine conditional risks and event probabilities MC simulation: about 10 5 to 10 7 simulations per condition Results Conditional collision risks at various aggregation levels Overall collision risk EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 14

Bias and uncertainty assessment Types of differences between simulation model & reality Numerical approximations Parameter values Formal model structure Non-covered hazards Operational concept differences Assessment steps Identify differences between simulation model and reality Assess size of each difference Assess risk sensitivity for parameter values Assess effect of each difference on the risk Combine the joint effect of the differences on the risk EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 15

Contents Motivation Example application Systemic approach Risk results Conclusions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 16

Monte Carlo simulation results Conditional collision risk (per take-off) SA PF taxiing aircraft 10-2 10-3 10-4 10-5 10-6 Proceed taxiway Without RIAS With RIAS Cross runway Proceed taxiway Cross runway Visibility Unrestricted 400 1500 m EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 17

Bias and uncertainty assessment: Effects of model-reality differences (examples) Significant effects (>30%) Type of manoeuvre of taking-off aircraft to avoid collision Conflict decision process by pilots of taking-off aircraft Speed of taxiing aircraft Monitoring frequency by pilots of taxiing aircraft Deceleration of taking-off and taxiing aircraft Time before braking is initiated by pilots of taking-off aircraft Small effects (<13%) Acceleration profile during the take-off run Performance of R/T communication systems Performance of surveillance systems Performance of runway incursion alert system Task scheduling of runway controller EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 18

Monte Carlo simulation + bias & uncertainty results 10-2 Without RIAS With RIAS Conditional collision risk (per take-off) 10-3 10-4 10-5 SA PF taxiing aircraft 10-6 Proceed taxiway Cross runway Proceed taxiway Cross runway Visibility Unrestricted 400 1500 m EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 19

Contents Motivation Example application Systemic approach Risk results Conclusions EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 20

Conclusions A wide scope safety assessment (including performance of relevant human operators) is needed to evaluate the effectiveness of a runway incursion alert system Systemic accident models can effectively analyse the dependent dynamics of multiple agents in aerodrome operations (which is difficult by other model types) The MC simulations indicate that the effectiveness of ATC runway incursion alerting is small in good visibility, but significant in reduced visibility conditions Bias and uncertainty assessment supports informed decision making by addressing specific aspects of aerodrome operations at a particular airport EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 21

Discussion EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 22

Step 0: Identify objective Close co-operation with decision makers Aim: safety risk assessment for decision support of implementation redevelopment certification Safety context What are the safety criteria, target levels of safety? Scope Boundaries of the operation? Absolute or relative information? What types of risks? EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 23

Step 1: Determine operation Goal Understanding of operational concept by safety assessors Freeze operational concept during assessment cycle Check for holes and inconsistencies (should be repaired by concept developers) Input Description of the operation from concept developers Output Concise, structured, consistent operational concept human operators technical systems procedures environment EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 24

Step 2: Hazard identification brainstorm Shifting the boundary between imaginable and unimaginable hazards Open-minded and experienced operational experts Pure brainstorming No analysis / solutions / mitigation open atmosphere: promotes creativity of participants seemingly unimportant hazards trigger more relevant ones analysis of one hazard may take too much time hazards outside scope are removed during later analysis EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 25

Step 3: Construct scenarios Event n Condition Hazardous situation Event m Cluster B Conflict Cluster J, ATCo resolution Cluster K, Pilot resolution Hazards' combined effects EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 26

Step 4: Identify severities How severe can the consequences of a scenario be? consequences and their severities often depend on conditions, geometry and resolution usually a spectrum of severities applies Example severity classes Minor, Major, Hazardous and Catastrophic Severity assessment usually performed by safety experts consultation of and review by operational experts EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 27

Step 5: Assess frequency Assess frequency of each possible severity per scenario First assessment cycle Interviews with operational experts Incident/accident databases Optional subsequent cycle Monte Carlo simulation EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 28

Step 6: Assess risk tolerability For each conflict scenario indicate identified severity/ frequency combinations determine associated risk tolerability classification Example Severity Frequency Catastrophic Hazardous Major Minor Probable Unacceptable Unacceptable Unacceptable Tolerable Remote Unacceptable Unacceptable Tolerable Extremely remote Unacceptable Tolerable Extremely improbable Tolerable EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 29

Step 7: Identify safety bottlenecks In case of (possibly) unacceptable risk identify which hazards/conditions contribute significantly to the large risk Bottlenecks give operational developers a clue where they might improve EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 30

Contextual Control Mode Model (Hollnagel, 1993) degree of control strategic tactical scrambled opportunistic subjectively available time EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 31

Uncertainty assessment matrix Risk uncertainty Major Parameter value uncertainty Considerable Significant Minor Small Major Major Major Major Considerable Significant Minor Risk sensitivity Considerable Significant Minor Small Major Major Considerable Significant Minor Major Considerable Significant Minor Small Considerable Significant Minor Small Significant Minor Small Minor Small Small EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 32

Bias assessment matrix Risk bias Probability assumption does not apply Typical Regular Frequent Less frequent Infrequent Unlikely Bias due to non-applicability Major Considerable Significant Minor Small Major Considerable Significant Minor Small Considerable Significant Minor Small Significant Minor Small Minor Small Small EUROCONTROL Safety R&D Seminar, Barcelona, Spain, 25-27 October 2006 33

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information