Summary

Section 212 of the Federal Aviation Administration (FAA) Modernization and Reform Act of 2012, Public Law 112-95 (see Box P-1), calls for an examination by the National Research Council (NRC) of the Next Generation Air Transportation System’s (NextGen’s) enterprise software development approach and safety and human factor design. This interim report of the Committee to Review the Enterprise Architecture, Software Development Approach, and Safety and Human Factor Design of the Next Generation Air Transportation System briefly describes issues that have surfaced so far in the study.

NextGen aims to overhaul the nation’s air transportation by introducing technological improvements—including use of the Global Positioning System and digital communications—and procedural changes that exploit those technologies. Its goals include improved monitoring and management of aircraft, shortened routes, better navigation around weather, time and fuel savings, reduced delays, and increased system capacity.

This endeavor is constrained by operational and capacity factors as well as political, economic, cultural, and technical factors. These reflect the diverse interests of stakeholders as well as the FAA’s own history and organizational culture. The FAA and the United States rightly pride themselves on an excellent safety record. But organizational culture can affect how quickly process and technological change can happen. The technical realities and constraints to which NextGen programs are subject include the particular capabilities of legacy hardware, legacy software, costs of certification, and the challenges of human-systems integration and aligning operational procedures with revised or enhanced technological capabilities.

Several key issues that have emerged from the committee’s work thus far are discussed below. Because the committee’s data gathering and analysis is still incomplete, the observations and emphases in this report may not be mirrored in the committee’s final report.

•    Understanding and managing benefit and cost expectations. The committee is concerned about the alignment among (1) the overarching vision for NextGen, (2) the expected benefits and the risks to achieving those benefits, and (3) the estimated costs (and who bears those costs).



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 1
Summary Section 212 of the Federal Aviation Administration (FAA) Modernization and Reform Act of 2012, Public Law 112-95 (see Box P-1), calls for an examination by the National Research Council (NRC) of the Next Generation Air Transportation System’s (NextGen’s) enterprise software devel- opment approach and safety and human factor design. This interim report of the Committee to Review the Enterprise Architecture, Software Development Approach, and Safety and Human Factor Design of the Next Generation Air Transportation System briefly describes issues that have surfaced so far in the study. NextGen aims to overhaul the nation’s air transportation by introducing technological improvements—including use of the Global Positioning System and digital communications—and procedural changes that exploit those technologies. Its goals include improved monitoring and management of aircraft, shortened routes, better navigation around weather, time and fuel savings, reduced delays, and increased system capacity. This endeavor is constrained by operational and capacity factors as well as political, economic, cultural, and technical factors. These reflect the diverse interests of stakeholders as well as the FAA’s own history and organizational culture. The FAA and the United States rightly pride themselves on an excellent safety record. But organizational culture can affect how quickly process and techno- logical change can happen. The technical realities and constraints to which NextGen programs are subject include the particular capabilities of legacy hardware, legacy software, costs of certification, and the challenges of human-systems integration and aligning operational procedures with revised or enhanced technological capabilities. Several key issues that have emerged from the committee’s work thus far are discussed below. Because the committee’s data gathering and analysis is still incomplete, the observations and emphases in this report may not be mirrored in the committee’s final report. • Understanding and managing benefit and cost expectations. The committee is concerned about the alignment among (1) the overarching vision for NextGen, (2) the expected benefits and the risks to achieving those benefits, and (3) the estimated costs (and who bears those costs). 1

OCR for page 1
2 INTERIM REPORT OF A REVIEW OF NEXTGEN Because all three are subject to change as the context and underlying assumptions change, and it is to be expected that all three would have changed since the launch of NextGen. But the committee is concerned that these changes were not fully reflected in the briefings it has received or the documents it has reviewed and that there are not clear mechanisms to track these changes over time or to make them known to stakeholders. Also, risks to achieving the anticipated benefits on the expected schedule are not clear to the committee, because the sources of uncertainty in the value framework delivered to the users and the development risks confronted by the developers are not well prioritized or well quanti- fied, and the evolutionary commitments for the short, medium, and long term are not well articulated. In an effort to understand these and related issues better, the committee will explore further the vision for NextGen and how it has changed over time and the risks and benefits analysis for NextGen. • Architecture. In the federal government, an “enterprise architecture” is a “management best practice” designed to “promote mission success by serving as an authoritative reference, and by promoting functional integration and resource optimization with both internal and external service partners.”1 (The term is also used sometimes in industry, with a similar meaning.) The enterprise architecture defined for NextGen addresses these matters, but does not, in the committee’s view, address key technical and performance parameters and relationships (including organizational and human factors considerations) that are essential for managing system development. Thus, the committee has expanded its focus to also explicitly encompass system architecture. A system architecture specifies how all of the parts of a large-scale software-intensive system fit together and interact and provides a framework in which incremental changes can be made while maintaining overall system integrity. The committee intends to examine NextGen system architecture efforts and their implications for program success. • System integration and software development approaches. The committee is focused on the existing and anticipated processes for integrating new capabilities into the U.S. National Airspace System (NAS) and NextGen over time. Regarding system integration, the commit- tee has been seeking information about the incremental build plan for NextGen and how new capabilities will be integrated, the existing and anticipated NextGen architecture, and the primary desired behaviors and attributes that drove efforts toward this architecture. The development of a software-intensive system includes requirements elicitation and analysis, specification, architecture definition, design, coding, testing and analysis, and evolution. Historically, the trade-offs captured in requirements elicitation, specification, and architecture have proven to be strong indicators of success in reducing risks and uncertain- ties, especially in larger, more complex software systems such as those being developed for NextGen. The committee is particularly interested in the quantified measures and expert engineering judgments of software change costs that have been encountered so far as well as trends—how these change costs are increasing or decreasing over time. • System safety. In considering the system safety aspects of NextGen, two factors are key: (1) the development of NextGen provides an opportunity to introduce new air traffic control (ATC) safety capabilities, and (2) the development of NextGen requires that historic safety performance of ATC systems be maintained or improved. The committee is seeking to 1  Office of Management and Budget, The Common Approach to Federal Enterprise Architecture, Washington, D.C., available at http://www.whitehouse.gov/sites/default/files/omb/assets/egov_docs/common_approach_to_federal_ea.pdf, May 2012.

OCR for page 1
SUMMARY 3 understand the FAA’s safety management system process and implications for the develop- ment and deployment of anticipated NextGen capabilities. • Human factors, automation, and decision support tools. The scale, heterogeneity, and complexity of NextGen mean that there will be many upgraded or new systems, all being developed under different programs, at different stages of implementation, being tested at different airports, and coming online at different times. This is understandable given the complexity and scale of the NextGen effort. However, experience has shown that human factors and human-system integration challenges arise when different systems and different people interact. The committee is interested in current and anticipated automation and decision- support capabilities, along with plans for managing their integration and the transitions from existing tools and processes to NextGen. • System security. The designers and developers of any software- and communications-intensive system deployed today must grapple with questions of system security. 2 Understanding the security risks and threats and developing appropriate threat models and mitigations are challenges endemic across government and industry. NextGen is no exception—indeed, the safety-of-life implications and the vital economic importance of air travel make security of NextGen and the NAS critically important. As various programs and components of the national airspace are modernized, upgraded, and transformed, the security implications of the changes will need to be taken into account. The committee is concerned about the plans, processes, and mechanisms for managing cybersecurity in NextGen and the national airspace, including impacts of security on safety. • Unmanned aircraft system integration. Unmanned aircraft systems (UAS) pose numerous procedural and technical challenges and introduce new requirements; they also will involve both safety and security challenges. NextGen will need to be designed and operated to manage, accommodate, and integrate this new class of aircraft. The committee is concerned about current and anticipated plans for safe integration of UAS into the NAS, recognizing that planning for UAS implementation has just begun. • Spectrum management. The committee is interested in current and anticipated plans with regard to spectrum management for the NAS and NextGen. The long-term vision for NextGen is ambitious. Some aspects of NextGen are anticipated to be transformational. Other, no less critical, short- and medium-term initiatives provide a foundation for implementing the longer-term vision and enable critically needed modernization of aging ele- ments of the NAS. In the committee’s view, both of these elements are critically important. The study committee will receive additional briefings about these and other aspects of NextGen in order to fulfill its task. A final report, with the committee’s findings and recommendations, is anticipated in 2014. In that report, although it may not address each of the questions raised in this interim report, the committee expects to say more about each of the above topics. 2  Here the committee refers to what some call cybersecurity—system, data, and communications security—which is distinct from the physical security required for airport and aircraft operation, provided in part by the Transportation Security Administration.