safety, a system state or property?
TRANSCRIPT
John Stoop
Safety, a system state or property?
John StoopUniversity of Applied Sciences
Aviation Academy
Safer by design: an engineering perspective
Socio-technical systems:
• Specific category of high energy density systems
• Deliberate, disruptive, innovative interventions
• Proaction imperative to prevent unacceptable emergent behaviour
• Relative and absolute safety performance
Traditional safety indicators in aviation :
• Air services: fatality rate per pax km
• Airworthiness: accident rate per aircraft hour of flight
Relation between air services and airworthiness
Dimension analysis:Number of passengers km P
Aircraft flying hours U
Aircraft flying kilometres S
K passenger fatalities in R fatal accidents K
fatality rate per passenger km K/P
fatal accident rate per flight hour R/U
Combining the two dimensions introduces: K/P=R/U*k/p*1/VB
In which k = K/R = average number of fatalities per fatal accident
p = P/S = average number of passengers per aircraft
VB = S/U = average block speed
In words:Introduction of long haul flights, increased survivability rate per accident, increase in blockspeed and larger aircraft contributed to decrease of the fatality rate per passenger km
Selecting a rational approach
In aviation exposure rates are no longer viable proof
due to non-plus ultra-safe performance: beyond the 10-7
Towards an overall systems safety assessment:
• system safety approach for overall safety performance
• understanding of higher systems levels and life cycle phases
Three case studies identifying safety as:
• Emergent property: HSL multi-actor optimization
• Inherent property: SESAR business model
• Intrinsic value: Stall recovery
HSL South railway designAn innovative concept: 250 km/h, 25kV, ERTMS• Initiating a High Speed Trans European Network• Cooperation between Dutch and Belgain railways• Multiple partners and contracts: DC, DBMF consessions• Technology was assumed conventional engineering • Optimization on costs and lead time
Findings• Assumptions flawed: no self regulation by actors• A 17 year project, lasting only 40 days operational• Frequent interventions by Parliament om each of the
main components: infra, signalling and rolling stock
Emergent properties in practice• Unexpected couplings between processes• Temporal, legal and technological assumptions flawed• System oversight not organized• System architect, overall problem owner indispensable• Safe, but neither available nor reliable
Single European Sky
Inherent properties desinged into the system:
• Increase in air space capacity: accommodating growth
• Controlling traffic volume management rather than individual flights
• Changes in business models: flight costs in the value chain
• Shift from operators to Air Navigation Service Providers
• Intermediate solutions: Functional Airspace Blocks
• Software and design driven automation, no operator feedback
Safety : restricted to uncertainty and conflict handling
Courtesy Ben Pirard, CC BY-SA 3.0
Congestion and traffic flow density
Functional Airspace Blocks
Reality
Only 8% potential improvements applied by operators:
• Routes choices based on fuel economy/tariff reasons
• Five countries cover 54% of traffic
• Traffic density in congested areas
• Dominant role for tariffs in National State business model
• Optimization based on individual interests of operators
• Interferences with open architecture cockpits and UAS:
not yet incorporated
Safety: no safety targets, assessment based on PRA and SMS,
no performance indicators
Aerodynamic stall, an intrinsic hazard
Stall recovery
Stall: an intrinsic hazard
Recurrent phenomenon, due to intrinsic propertiesTurkish Airlines TK1951, Colgan Air 3407, Air France AF447, Air Asia 8501,
Air Algerie 5017
Many solutions on either man or machine level, but:• No systemic analysis• No redundancy in air data information• No redundancy in pitch control • No direct alpha indicator• Performance envelope protection not fail safe• Human performance models inadequate
Innovative design: the stall shield
Characteristics:
• New, correcting aerodynamic forces
• Uncorrupted air flow
• Small forces combined with long momentum arms
• Redundant control over the pitch moment
• In case of emergency and non-normal situations
• Involvement of operator experiences
Stalll recovery shield
Safety: value or property?
Identify system states:
• Stable or unstable, safe or unsafe
Safety as a critical design and operational value
• To be optimized in the value chain as an intrinsic value
Safety as a system inherent property
• To be assessed as a critical design load: the accident scenario
Safety as an emergent property in reality
• To be controlled and managed during operations
From causal factor to system vector
Value engineering:
• Realisation of the intrinsic value in operations
• In a multi-dimensional decision making environment
• Represented by event vectors and system state vectors
• To be optimized in preferential states
Balancing KPI’s:
ΔV = αC(C1/C0)+ αU(U1/U0) + αM(M1/M0) + αE(E1/E0) + αP(P1/P0) + αS(S1/S0) + ε
Regarding
Costs, Utilization, Maintenance, Environment, Passenger satisfaction and Safety
Navigating through design solution spaces:
synchronizing vectors
Event
micro
meso
macro
Systems level
Design interventions
Operational interventions
© 2010
Johan van der Vorm
John Stoop
Contentsdimension
Contextualdimension
Culturaldimension
Structuraldimension
Safety occurrence vector
Vector specific description:
- magnitude
- direction
Safety occurrence vector
linear
complex
concept
Systems state vector
System state vector- system states
- state transitions
- system stability
- Target Safety Levels
- KPI’s
Conclusions
Safety is:
An intrinsic system value• Defined by the technological hazard and system architecture
and may manifest itself as:
An inherent property by design• Throughout all system states
An emergent property in reality• To be controlled by operational constraints
Integration in the optimization process by safety vectoring• Closes the gap between design and operations
• Provides new perspectives for high energy density socio-technical systems
Questions, any questions?