The role of safety in surveillance procurement


Published on

Presentation at ESAV'11, in Capri (Italy), September 2011
Presenter: James Hanson of Helios
Follow Helios via Linkedin, and

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

The role of safety in surveillance procurement

  1. 1. Assessing the safety of WAM over a non-radar surveillance area James Hanson Ben Stanley Airports Air Traffic Management Space Telecoms Maritime Rail
  2. 2. The approach to a surveillance safety case is strongly tied to cost-efficiency • Surveillance procurement is more complex than ever • • • • long-term investment choice & competition pressure to reduce costs regulatory pressure • Safety must not be compromised • safer = increased cost • avoid over-engineering • a difficult dilemma…
  3. 3. There are several commercial and regulatory drivers that influence surveillance infrastructure decisions ANSPS Airlines GA Commercial De-commission or replace old radars Better mix of OpEx/CapEx Reduce maintenance/engineering costs Enhanced data Offer new services Date enhancements for ATCO tools New operational requirements Greater autonomy (airborne surveillance) Lower unit rate increase access to airspace improved services Regulatory Draft SPI IR: Art 12 Para 5 “the most cost efficient means” Draft ACID IR (eg through Mode S, CCAMS etc) Performance scheme De-fragmentation, FABs etc
  4. 4. A surveillance safety case will be needed which must consider both theoretical and practical performance • A safety case will be needed prior to operation • Sets safety-related requirements to proactively control risk as per Reg 2096/2005 • Avoids unnecessary costs post-procurement attempting to “back-engineer” • Safety cases should be • Proactive, ie safe by design ° ° when working during failures • Reactive / predictive ° ° ° Important due to inexperience with WAM validate theoretical performance in design refine the system based on actual performance
  5. 5. Under normal conditions, proof of safe design can be made in comparison to the reference system Normal conditions Determine Requirements (eg accuracy) • • Justify compliance of reference system Demonstrate Equivalence/ improvement We can show that safe separations can be maintained if we have similar 95% values to the reference system (eg SSR) but… WAM behaves differently • dependent on geometry of sensors not range • we must trust manufacturer’s models on accuracy • supported by validation of accuracy through flight trials (at minimum altitudes) • EUROCONTROL are developing mathematical proofs 4
  6. 6. The characterisation of WAM position accuracy is not necessarily the same as for radar If 95% of errors fall within set bounds equivalent to current 3 or 5NM separation performance, we can be reasonably assured of appropriate performance BUT… How can we be assured of the behaviour of the error curve outside the 95% bounds? Also, does the WAM error distributions curve have a Gaussian behaviour similar to radar errors? 5 probability error
  7. 7. Under failure conditions, modeling probabilities can become rather complex Failure conditions Consider hazards Identify Causal factors Model probabilities Eg loss of position Eg probability of detection Complex! • Over a large non-radar area, PoD must reflect a geometrical spread of Rx and Tx, each with its own: • • • • failure rates repair rates communications availabilities power reliabilities • Broad conservative assumptions may mean that the system is over-designed in many places unnecessarily. 6
  8. 8. Modeling failure rates accurately maximises the opportunity to design the system cost-effectively • Analysis of failure rates across the surveillance volume allows ANSPs to: • Apply appropriate levels of redundancy to across the service volume • Take advantage of operational mitigations most appropriate for a particular region • Set Service Level Agreements (SLA) with communications and power providers • Gain a better understanding of the designed systems’ ability to meet a safety objective 7 Insert diagram
  9. 9. Failure plots can look at airspace as a patchwork of differing probability of detection • Each ‘patch’ is influenced by • The number of interrogators in view • The number of receivers in view • The reliability of each receiver/interrogator Tx 0 Tx 1 Rx 0 Tx 2 Rx 0 Tx 3 Rx 1 Tx 1 Rx Other factors 1 Tx 2 Rx MTTR, failure rates, power, comms etc 1 Tx >3 Rx 2 Tx >3 Rx Rx
  10. 10. Following design and implementation, validation can help assure and improve system safety and performance • Reactive / predictive – i.e. validation • Necessity of flight trials • Integrity monitoring, can be used to provide confidence during operation Confirmation of the contributing sensors to position reports ° hazard detection to lower the hazard severity of effect ° additional receivers will provide further integrity checks ° ASTERIX Category 19 ‘status’ messages provide further insight ° • Both normal (accuracy) and failure (PoD) cases must be validated
  11. 11. Conclusions • Safety is an ANSP responsibility • The safety case has an important role in relation to cost-effective procurement • The distributed nature of WAM in an NRA environment adds complexity to the safety case • Accurate modelling of the WAM system is the key to balancing the cost and safety arguments • Validation is essential 10
  12. 12. Airports Air Traffic Management Thank you for your attention James Hanson Space Telecoms Maritime Rail