The collaboration between aviation stakeholders to manage safety risk must continue even if the stakeholders will change. Aviation is safety critical but some of today’s aviation sectors like En-Route Air Navigation Service Provision are not, they are safety-related and provide one, albeit important, form of mitigation in the progression of different accident scenarios. Will this change in the future? Possibly. So, it’s important to explore the responsibility of actors, and their contributions, in the current system versus the future. For example, will the role of autonomous traffic management make it safety critical? It could be, for those airspace environments where the opportunity for “see and avoid” or “sense and avoid” in the new parlance is limited or ineffective. Will technologies such as over-the-air (OTA) software updates of aircraft systems used by MRO organisations change their risk contribution? Will this introduce new threats to safety?
To help us understand how to make these judgements we will need to define a common set of operational scenarios that all actors can connect with. In addition, we need to understand the set of desired states that the industry must work together on to achieve. This will be based on a combination of today’s safety events as well as potential new events based on the future scenarios. Whether it is recognised items like maintaining cleared aircraft trajectory or emerging events like protecting the airborne vehicles from malicious take-over from a 3rd party – we need to understand how all actors contribute to the delivery of these desired states.
Towards a total aviation safety case.
It was the UK’s Industrial Strategy Future Flight challenge, delivered by UK Research and Innovation that provided an opportunity for focused thinking on this topic. They are exploring how to safely integrate future flight vehicles as well as new entrants to aviation; and they are analysing the basis for the safety case, supported by Egis and the University of York. The objective of this type of work must be to support communication of the safety requirements to the aviation community and especially those new entrants who do not have experience of designing, operating and maintaining aircraft in the highly regulated aviation sector. The focus is not just new entrants however, because existing actors must also understand the safety requirements of the future aviation system, especially as we move away from a human-oriented traffic management system to a more autonomous system.
Let’s look at what might be involved in creating a Future Aviation Safety Case. Here is an initial framework – but what is missing?
STEP ONE: Describe a set of operational scenarios that we envisage in 2050; the new entrants in all airspace environments. For example, unmanned aerial vehicles transporting people from one location to another in urban environments.
STEP TWO: Describe the desired state(s) that we wish to see for each of the operational scenarios; in a positive context rather than negative one. For example, drone does not enter into any controlled airspace without permission.
STEP THREE: Describe the actors (human, machine, environment, organisations) that we understand will deliver or contribute to the delivery of the operational scenarios to support achieving the desired states. For example, autonomous drone vehicle, drone manufacturer, drone designer/engineer, drone operator, drone port operator, traffic management provider, regulator etc.
STEP FOUR: Analyse the tasks and information flows between each of the actors to ensure the desired states are delivered. For example, flight plan information from operator uploaded to drone vehicle, drone engineer design autonomous functionality, drone port GPS take-off / landing GPS co-ordinates distributed to drone operator.
STEP FIVE: Analyse the tasks and information flows to identify failure modes and new actors, tasks and information that is required to mitigate these failure modes. For example, the registry of all drone ports and their GPS co-ordinates is managed by aeronautical information publications.
I asked what is missing – one area that may seem trivial, but is incredibly important in any new or heavily modified system where there is significant interdependency, is the need to define a language or set of terminology that stakeholders understand and can relate to. This ensures consistent and accurate communication of important concepts across stakeholder groups and minimises the opportunity for misinterpretation and misidentification. In a safety context, one person’s hazard can be another person’s causal factor for example. It is key that a common language is defined and communicated as early as possible as part of the development of the safety case framework.
Wider benefits today.
Following this kind of framework will help us identify new ‘safety requirements’ for the Future Aviation Safety Case. Identifying them early allows us to channel effort into trialling any particular arrangements to support the analysis findings, and to fine tuning them. It also helps to ensure appropriate engagement with the aviation community.
This framework could have other benefits for aviation too; namely, a systematic approach for industry stakeholders to understand and analyse proposed changes. The benefits could include:
- Understanding the key safety requirements that must be met for different actor types.
- Assessing the impact of any future actors that are proposed.
- Evaluating the opportunity and risk associated with any changes to how actors interact.
- Gauging the potential governance required (e.g. through regulators) beyond current arrangements
- Identifying the potential management and organisational requirements involved in the design, operation and maintenance of systems
We have a strong safety foundation in our aviation system today, but we can and must learn more: building on those foundations but approaching safety differently; keeping in mind the regulatory environment, the safety management approach and the culture of the people working in and using aviation.
We cannot foresee with any accuracy what the aviation system will look like in 2050. New entrants and technology providers will continue to provide massive innovation and we must ensure our safety case framework is flexible and scalable to achieve this. Whatever the approach we choose to take, we must start as soon as possible. The journey will be interesting, challenging but ultimately rewarding, as we ensure the safety case framework is fit for purpose for the new aviation system. It is what society expects, and rightfully so.
