Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 53
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals 4 Air Transportation System Technology PARADIGM SHIFT IN THE AIR TRANSPORTATION SYSTEM Meeting, or even approaching, the aggressive NASA goals for increasing capacity, improving safety, and reducing noise and emissions will certainly require technological improvements to air vehicles like the ones described in Chapter 3. However, breakthroughs in the design and manufacture of airframes and propulsion systems will not be enough. Revolutionary technological changes and the development of new operating procedures, in other words a paradigm shift, will also be necessary in the air transportation system. The consensus of the committee is that this paradigm shift will be enabled by improvements related to advances in information technology. The six sections that follow describe potential improvements to information-related technologies, such as complex models of the entire air transportation system, robust and upgradable computer software and hardware, communications, navigation, and surveillance systems for ATM and aircraft operations, and externally focused aircraft sensors. New processes and procedures for incorporating these technologies into the system are discussed, as well as the integration of humans and computers in highly automated systems. The effect of these technologies and new procedures on the eight NASA goals associated with air transportation are shown in matrix form in Table 4-1. MODELS TO PREDICT THE IMPACT OF NEW TECHNOLOGIES AND PROCEDURES Many of the information-based technologies that could enable major changes to the air transportation system, such as the Global Positioning System (GPS), air-ground datalinks, automatic dependent surveillance (ADS), synthetic vision, and pilot and controller decision aids, have already been developed. However, because of the complex interactions between economic, political, sociological, and technological forces in the air transportation system, it has been extremely difficult to predict the impact of new technologies or changes in operational procedures on operations and safety. Consequently, there is a strong tendency within the system to maintain the status quo, and new technologies or operating procedures have been limited to incremental improvements.
OCR for page 54
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals TABLE 4-1 The Six Air Transportation System Technology Areas and NASA's Eight Air Transportation-Related Goals Models to predict the impact of new technologies and procedures Upwardly compatible aerospace information systems Methodologies for the development of high integrity software Advanced human-automation systems Precision air traffic management/aircraft operations Mitigating constraints in terminal areas Emissions H/M L L L L L Noise H/M M L M H/M M Safety H H H H H M Throughput H H H H H H Travel Cost H M M M M M Design Time M M H/M — — — General Aviation M/L M/L H H H M Travel Time L L M/L L M L L = Low impact on achieving the goal. M = Moderate impact. H = High impact. Some new technologies and procedures have been mandated to improve the safety of the overall air transportation system. The adoption of the Traffic Alert/Collision Avoidance system by all U.S. commercial transport aircraft is a prominent example. However, regulations intended to promote safety can sometimes become barriers to technological and procedural changes.1 Predicting the impact of technical or operational/procedural changes on a comprehensive basis will require improved methods and models for evaluating the safety of potential changes to the air transportation system. As a basis for the development of methods and models that encompass the technical, procedural, and socioeconomic complexity and dynamism of the system, NASA, industry, and the FAA should prepare a formal representation of existing rules and procedures that govern system operations. The representation should include the rationale for the current rules, how they relate to safety objectives, and how they interact with each other. 1 For example, many commuter aircraft were designed as 19 passenger aircraft simply because FAA safety regulations require a flight attendant on aircraft designed for 20 or more passengers. This factor impacted aircraft design decisions more than performance or economic improvements that may have been possible from the development of slightly larger aircraft.
OCR for page 55
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Improved models of the air transportation system can further many of NASA's goals. Improved models could lead to more efficient flight routes, for example, which could reduce noise, engine emissions, and operating costs. Improved models of the air transportation system could also shorten design time because they would provide a more accurate representation of existing conditions. Increasing the number of general aviation aircraft would be facilitated by better information about their impact on system capacity, economics, and other parameters. The development of economically viable and environmentally compatible high-speed aircraft also would benefit from a better representation of the current system. The requirements for the development of improved models of the air transportation system are discussed below. Documentation of the Current System The current air transportation system, which has evolved over the past eight decades, is now one of the most complex operating systems in the world. The major components are listed below: aircraft operated by air carriers, specialized service providers, general aviation enthusiasts, and the military public and private airports and intermodal transportation connections aviation regulations and procedures aircraft and avionics certification air traffic control personnel, procedures, and technical infrastructure Many existing practices have been strongly influenced by human abilities and human interactions with technology-based systems. In order to define technological needs or identify where safety and capacity benefits could be obtained, a comprehensive and well documented understanding of the current air transportation system is necessary. This would provide a baseline for evaluating the effects of changes and developing a comprehensive model. Some documentation of various components of the present system is already available. Statistics are kept on some parameters, such as passenger seat miles, accidents, operational errors, and air traffic delays. However, these data are not comprehensive or detailed enough for a diagnosis of the dynamics of the entire system or for the identification of indicators of safety problems. Fortunately, several new sources of information are now available to support the documentation of the system. Movement times of airline aircraft (in and out of gates, off of and onto runways) are regularly transmitted by satellite-based datalinks. Flight progress and flight planning data are recorded by the FAA's enhanced traffic management system. Weather data are routinely archived and can be compared with aircraft track data. Programs to monitor flight data routinely (quick access recorders) are beginning to be implemented. Air traffic control (ATC) track and communications data can be recovered
OCR for page 56
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals and played back by diagnostic systems. The FAA is developing tools, such as the consolidated delay and analysis system, that can merge these data into a single picture of the air transportation system, which could document how the current system performs and responds to change. A complete picture of the current air transportation system will also include economic and sociopolitical data. For example, the acceptance of a new display screen for air traffic controllers may be influenced by the perceived impact of this new technology on the overall size of their workforce. Technology upgrades to air transports that would improve the overall efficiency of the air traffic control system will only be voluntarily adopted if the economic benefits are apparent to the airlines. Technology that increases throughput in a congested terminal area may not be enthusiastically received by residents in the area who are already concerned about aircraft noise. This kind of information may be difficult to obtain, but it must be included in the comprehensive documentation of the current system. Evaluation of Current Assumptions The basis, goals, and assumptions that underlie current operational regulations, procedures, and certification criteria should be carefully evaluated. For example, one of the fundamental limitations of current operational capacity is runway occupancy time because existing procedures at commercial airports allow only one aircraft to be on a runway at a time. However, joint runway occupancy is common for military aircraft, which often land in formation, and is also allowed in some cases for general aviation aircraft.2 These examples are not sufficient reason to allow joint runway occupancy or formation landings for commercial air carriers, but they do call current assumptions into question. A thorough review of the key assumptions underlying all aviation regulations and operating procedures should be undertaken in close collaboration with the FAA and industry. Tolerable Risk Levels for Component Technologies The lack of consistent, comprehensive, usable safety assessment methodologies has led to nonuniform, sometimes irrational, allocations of risk. For example, if the base level of risk in a safety-critical system is not known and the impact of the failure of a specific component is unclear, very high levels of integrity, such as one failure in 109 operations, are often assigned as a conservative strategy. In many cases, these levels cannot be definitively demonstrated, which makes it difficult to estimate the actual risk or to incorporate new technologies. Conversely, much higher levels of risk may be tacitly accepted for nontechnological components (human or procedural) of the system or for existing technological components. This approach to the risk management of component technologies can have undesirable consequences because it can deter improvements, such 2 Modified air traffic control procedures that allow more than one aircraft on a runway at a time are used at the annual Experimental Aircraft Association meeting in Oshkosh, Wisconsin.
OCR for page 57
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals as the incorporation of new technologies, that might improve the safety of the overall system. Fundamental research that focuses on estimates of infrequent events should be conducted to improve risk assessments and estimates of the safety impacts of proposed improvements or changes in elements of the system. In addition, new methods for subcomponent risk assessment, including computer-aided design tools, would support consistent risk allocation decisions. Development of Fundamental and Integrated Models Once better documentation, an evaluation of current procedural assumptions, and a better assessment of tolerable risk are available, fundamental models of the air transportation system should be developed to simulate key system elements and their interdependencies. Once these fundamental models are in place, they can be integrated into total system-level models and simulations. Proposed technological and procedural changes can then be evaluated in the context of the entire air transportation system. These integrated models and simulations should include an explicit understanding of, and accounting for, the uncertainties in each fundamental model. They should also include human-in-the-loop and fast-time simulation techniques. The development of comprehensive models on this scale will require research on the capabilities and limitations of highly complex interacting models. For example, all models include some assumptions and approximations, which are typically valid for the initial use of the model. Successful models are often subsequently modified for a new purpose or integrated with other models. After several evolutionary cycles, the original underlying assumptions often become obscured, creating a risk that the model may be misapplied. Error propagation and uncertainty management in highly complex models are important areas for additional research. In many cases, uncertainties in the elements of a high resolution model combine to make it less accurate than a relatively simple model that captures only the essential behavior of a system. Perhaps the most challenging issue for modeling the air transportation system is the simulation of human behavior in this complex system. Currently, human-in-the-loop simulations are only used for exploration and validation because of high costs and the variability of human responses. Cost-effective methods of modeling the full range of human responses have yet to be developed. Finally, methods of validating complex models with hundreds, or even thousands, of internal parameters and only a finite amount of observable data must also be developed. Finding. The development of models to predict the impact of technological and procedural changes on the air transportation system will be critical to the long-term future of aeronautics and to meeting NASA's goals relevant to system capacity, environmental compatibility, safety, and cost. These models could be used to identify and address barriers to the incorporation of existing and new technologies into the air transportation system.
OCR for page 58
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals The development of these models would require cooperation among NASA, the FAA, and the aviation industry. UPWARDLY COMPATIBLE AEROSPACE INFORMATION SYSTEMS Upwardly compatible aerospace information systems will be crucial to meeting many NASA goals because information technology is increasingly being used for flight control systems, propulsion control systems, and in the control of many other aircraft systems and subsystems. Better control can lead to reductions in aircraft engine emissions and aircraft noise. Upgradable information technology-based control systems could be instrumental in improving safety, reducing operating costs, and possibly increasing system throughput. Finally, new general aviation aircraft to meet NASA's goals for revitalization of this industry sector will be information-technology intensive. Therefore, they too would benefit from upwardly compatible aerospace information systems. Current Upgrade Limitations and Difficulties Upgrading existing air vehicles and ATM systems with new technology is usually complicated and costly because all changes must meet physical, logical, and operational redesign and recertification specifications. Because of the high cost of designing and manufacturing new air vehicles, individual aircraft in the existing air transport fleet may have service lifetimes of 40 years or longer. For information-based aircraft subsystems, 40 years represents many hardware/software obsolescence cycles and imposes severe opportunity costs in the functionality of these systems. Equipping the existing fleet of commercial transport aircraft with GPS receivers is an excellent example of the difficulties of replacing older information-based systems with newer ones. In older narrow-body jets, such as the Boeing 727 and the Douglas-designed DC-9, a lack of physical space on the flight deck makes the installation of GPS hardware difficult or impossible. In newer wide-body aircraft where "glass flight decks" offer greater flexibility (such as the Boeing 767), software issues, interoperability with other existing systems, and the lack of well defined requirements have slowed the installation of GPS receivers. In addition, airline concerns over training costs and investment recovery have slowed the upgrade process. These difficulties are not limited to the information systems used on aircraft. In ATM systems, the rate of technology upgrades has been even slower. The incorporation of new functionality has been limited by the very high cost of rewriting software, by the limitations of existing hardware platforms, and by the unwillingness of operators to change operating procedures.
OCR for page 59
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Designing for Evolutionary Upgrades in Information Technology Given the expected long lifetimes of both new aircraft and supporting ground systems, new approaches to software design should be created that could help minimize the cost and certification burden of inevitable software upgrades and improvements. A flexible development environment, in which the impact of new changes can be accurately assessed before production, will require new approaches and tools for designing upgrades with only the intended functionality. In the face of the increasing importance of software, perhaps the most important goal is the control of complexity. Although modular design and software architectures may seem commonplace in software development, they are essential to evolutionary changes in avionics software. Modular Design Modularity, which is common to most software development today, is essential to upgrading complex systems. While the basis for modularization can have several expressions, as in object clustering or methods clustering in an object-oriented design, it is important that modules be aligned with critical system and subsystem functionality. This alignment helps limit unintended interactions (the bane of system upgrading) and makes interfaces more constant. Functional modularity, then, is an appropriate feature of air vehicle avionics systems. In general, modularity is important to software and information system design for several reasons. First, modular software is usually easier to specify and certify than nonmodular software. Second, modules are easier to change or upgrade, especially if interfaces with the overall system do not change. Third, a modular system designed for expansion can be much more receptive to new functionality, provided that modules have been well defined along functional lines. This alignment, or functional partitioning, is critical for ensuring that modular systems or their upgrades work as intended. Ignoring this alignment will not decrease unintended interactions and may even increase complexity. Abstraction is another important benefit of functional partitioning. In applications such as avionics, well-defined abstractions based on good functional partitioning, can be used to manage system complexity. However, complex systems interactions are sometimes hidden. Therefore, new tools are needed to measure and improve complex systems interactions. Hardware and software interfaces are closely related to modularity. Explicit interfaces that have a high likelihood of being invariant to evolutionary change is an attribute of well-defined modularity. Good examples can be found in digital networking, where scores of improvements have been made over the past 15 years without material changes to the underlying protocols. Interfaces should be designed to occur at points where changes are likely to be minimal, rather than at points that offer programming convenience. Tools to help identify these invariant points and to reveal inconsistencies introduced into software systems through changes in underlying hardware need to be developed.
OCR for page 60
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals The Defense Advanced Research Projects Agency's existing research project on the evolutionary design of complex systems is a recent attempt to build evolvable software. The approaches under investigation in this program for ground-based information systems and a small number of military air vehicles might also be applicable to the development of software used on board commercial transport aircraft, general aviation aircraft, and the ground-based portions of ATM and communications/navigation/surveillance (CNS) systems. Platform independence is another software characteristic that helps information systems evolve. Although UNIXTM has demonstrated a good deal of versatility, the notion of a Java virtual machine is perhaps the most well known, current example of software that will run on almost any machine.3 Java is a language that is just emerging, however, and still lacks many of the required attributes for safety-critical applications. Software Architectures Software architectures have emerged as the leading conceptual framework for organizing software development processes and products.4 Because they can employ multiple levels of abstraction to help manage complexity, they are well suited for the design and evolution of large or complex systems. Though very flexible in its inherent elements, an architecture may have many of the same attributes of modularity mentioned above. Well formulated architectures permit a high level of functionality such as a flight control command like ''maintain present altitude" to first be defined and then mapped to lower, more detailed implementation levels using rigorous methods. These methods can be based on mathematical logic and, therefore, lend themselves to digitally defined systems. However, their extension to nonlogic-based systems, such as the analog components found in aircraft control systems, are just now being investigated. Software architectures can facilitate the design of upwardly compatible systems in two ways. First, the high level of abstraction helps bridge the gap between requirements and implementations, thus linking models and systems. Second, future changes can be made at any level of abstraction and, if they are architecturally consistent, changes can be shown to be functionally compatible; in other words, they perform the specified function and do not perform other specified functions. Unfortunately, unintended or unanticipated effects cannot yet be ruled out. Finding. The expected long lifetimes of current and future aircraft and ATM systems will necessitate a number of upgrades to their information-based components. To reduce the 3 UNIX is a computer operating system that can be used by almost any computer architecture. The UNIX operating system was the basis for most of the initial hosts and servers on the Internet. JAVA, a computer language widely used by internet programmers, allows programs, commands, and functions on a web site to be executed on any computer that accesses the site. 4 Software architecture, in its simplest terms, is the structure of components and their interrelationships. As an approach to system design, it is usually considered structural rather than functional, but in avionics, structure and function should be aligned.
OCR for page 61
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals cost of upgrades that involve new technology or additional functionality, aerospace information systems must be designed to be upwardly compatible. This can be accomplished by developing software that is adaptable, functionally modular, employs an open architecture, and uses well defined interfaces that are unlikely to change. The ability to upgrade information technology-based control systems can contribute to achieving NASA's goals for general aviation, improved safety, reduced operating costs, and increased system throughput. METHODOLOGIES FOR THE DEVELOPMENT OF HIGH INTEGRITY SOFTWARE The functionality of nearly all future aerospace systems will be governed by software. In fact, aircraft flight control systems, engine combustion control systems, landing systems, CNS systems, and ATC systems are already heavily dependent on software. Despite this, the process by which aircraft manufacturers and the airline industry develop software, and the FAA's procedures for certification, are still evolving, as evidenced by a recent call from the FAA administrator for a review of aircraft and avionics software certification processes by the RTCA.5 Improvements in methods to develop and certify software used in aircraft and ATM systems will have an impact on meeting many of NASA's goals. Improved software development methods are expected to improve safety (as well as the ability to demonstrate levels of safety) and increase system throughput. Improved software certification will also reduce aircraft costs and the time it takes to deploy new or modified aircraft. Because many of the new general aviation aircraft designed to meet NASA's goal for revitalization of the industry will be software dependent, breakthroughs in software development will be key. Developing, Ensuring, and Maintaining High Integrity Software Most aerospace systems are safety critical, operate in near real time, respond to constantly changing environments, and involve significant human interaction. As a consequence, aerospace software has higher V&V requirements than software used for many other applications. Thus, the costs of software development, maintenance, and upgrading have been high. As aerospace software becomes even more complex and the number of lines of code for a given system exceeds one million,6 present development techniques and V&V practices that rely on structured programming techniques, on well defined data structures and typing of variables, and on exhaustive testing will not be adequate to ensure safety-critical 5 Personal communication from FAA Administrator Jane Garvey to David S. Watrous, President, RTCA, February 11, 1998. This letter can be viewed on the RTCA World Wide Web site: http://www.rtca.org/CTF/faatasking.htm. 6 For example, the 1,300 embedded computers onboard the Boeing 777 contain a total of 4 million lines of code (Deyst, 1997).
OCR for page 62
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals operation. Validation of software through these techniques is generally limited by the amount that developers are willing to spend, and result in reliability estimates on the order of 10-4 failures per hour of operation (Littlewood and Strigini, 1993). Though likely unverifiable, values on the order of 10-9 are mandated for civil aviation (Deyst, 1997). Therefore, breakthrough software engineering methodologies are needed to enable the development, validation, verification, assessment, and maintenance of high integrity software used for aerospace systems. One potential approach is the use of mathematically-based formal methods that enable software designers to predict the behavior of a software system by building mathematical models, just as civil engineers construct mathematical models of bridges. Formal logic provides rules that enable valid conclusions to be drawn from explicit, valid premises or statements about the world. Manipulations of the rules are called proofs. Formal methods, then, consist of specifications about the world, the requirements of a system, and the verification methods that can be used to produce the proof. Once the operating environment for a given software application is well known and important failure modes have been identified, the necessary requirements can be stated. Formal methods can then help ensure the development of a system that meets functional and safety requirements, identify holes in a software system's design, and avoid, remove, and tolerate faults. Areas where formal methods can make a contribution include: validation of requirements—model building and model checking to determine the validity of system components, including consistency with the stated expectations of human operators software specification—capturing and describing well designed and functionally accurate abstractions to control complexity software derivation—methodologies and tools that can produce code automatically from a specification language software analysis and verification—validating specifications and verifying that implemented software meets requirements software safety certification—demonstrating that software will operate safely and as intended when embedded in the aircraft A key issue in the development of formal methods and other sophisticated V&V techniques is the requirement that they be usable by designated engineering representatives of the FAA or other certification authority. If the tools and artifacts of formal methods are too complex or esoteric, they will not be fully understood and will not accomplish the safety or certification objectives.
OCR for page 63
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Though formal methods have held the potential for building critical software systems for some time, their utility for large systems is still elusive. The functionality of software must be specified so that it faithfully represents a model that itself must have been validated by some means. As mentioned above, new affordable methods must be found that both verify intended functions and reveal the unintended relationships in an avionics system, modularly designed or not. These software development methods could significantly reduce the software-related design and maintenance costs of aerospace systems and should improve safety through better system definition. Reduced software development costs could also facilitate the migration of advanced information systems into the general aviation fleet. Appropriate methodologies may emerge from nonaerospace applications, but commercially available tools will probably not be applicable to aerospace software given its size and complexity, and potential liability issues. Thus, NASA, the FAA, aerospace manufacturers, and the airline industry will have to pursue formal methods for software development aggressively. Software Certification For a number of years, software certification standards and processes have addressed certification at the system level rather than the software level. This mitigates the unfeasibility of showing that the software is ultra reliable. Dependability assessment techniques that can arrive at overall quantified judgments about the trustworthiness of software by combining disparate sources of evidence (such as formal proof, test data, and engineering judgment) are urgently needed. Safety arguments, systematically presented in the form of a safety case document, are also needed. These techniques would provide the aircraft industry with an approach to certification that is rapid, repeatable, and accurate. Finding. New software engineering methodologies could facilitate the development, validation, verification, and maintenance of high integrity software. These methodologies include: formal specification methods, including verifiable high-level languages; formal methods of validating specifications and consequent software; techniques for building and checking models to determine the validity of system components, methods of combining disparate sources of software certification evidence; documentation of safety arguments in the form of safety cases; and models of human operators and their roles and expectations. These approaches to software development address NASA's air transportation goals related to improved safety, increased throughput, and a revitalized general aviation industry. Improved software certification would also reduce aircraft costs and design time. ADVANCED HUMAN-AUTOMATION SYSTEMS Despite the fact that information technology and automation have improved the safety and efficiency of both aircraft and the ground systems that support them, human operators are still occasionally placed in difficult and stressful situations that lead to mistakes. For example, crew error has been the leading cause of aircraft accidents for a number of years,
OCR for page 66
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals The evaluation of new or proposed systems will be especially important. Because of the complex and apparently stochastic nature of human performance, it is extremely difficult to evaluate human-machine system performance in realistic operational settings. Traditional evaluation methods based on human-factors and experimental psychology have been limited to a few experimental variables so that direct causal effects could be identified. However, realistic operational environments (such as an aircraft flight deck or an ATC station) are extremely complex, and experimental variables are often confused with secondary causal factors. Therefore, advanced methodologies for evaluating complex human-automation systems will have to be based on advanced simulation systems, as well as sophisticated, multi-attribute methods of collecting and analyzing field data. Improving Pilot Situation Awareness Many of the human errors in flight operations can be attributed to the loss of situation awareness.8 For example a pilot or controller's failure to recognize and take proper corrective action when a mechanical failure or flight hazard occurs is usually attributable to a lack of perception or an inability to recognize the consequences of an action. Lack of situation awareness can result from too little information (i.e., a lack of critical information), too much information (i.e., clutter or simple overload which can prevent a pilot or controller from internalizing critical information), or a misinterpretation of available information. In the future, the information potentially useful to pilot's situation awareness will probably be provided from the following sources: ground proximity warning systems and digital terrain maps; wind shear and clear air turbulence sensors; collision avoidance systems; onboard weather radar; high precision guidance and navigation systems; an air-to-ground datalink; real-time satellite-based weather forecasts; air traffic control data; maintenance data; mission or company management data; onboard synthetic vision sensors; and onboard aircraft performance and status sensors. Because the cognitive capability of human beings is limited, these data will have to be presented in a way that supports the pilot or controller's situation awareness. Therefore, the integrated-systems approach to the allocation of human and machine tasks should also be used for the development of pilot and controller interfaces. For pilots, these will include integrated alerting systems where multiple hazard sensors are integrated to provide the pilot with a coherent threat picture. Other information management tools, flight displays, and new operational procedures should also be developed to support pilot situation awareness. For controllers, the integrated human-systems approach will facilitate the development of decision aids that can help maintain situation awareness while managing the increased traffic allowed under the reduced aircraft separation standards that will be necessary to realize the NASA goal of increased throughput. 8 Situation awareness is defined as the perception of the elements in the environment within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future (Endsley and Rodgers, 1994). Situation awareness for a pilot or aircrew involves awareness of flight conditions, such as airspeed, altitude, and geographic location, and knowledge of the status of the aircraft, such as fuel level and the existence of or absence of mechanical malfunctions.
OCR for page 67
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Unpiloted Commercial Transports, an Extreme Solution to Pilot Task Allocation At the extreme end of the human-automation spectrum, the committee considered the challenges (both technical and political) and advantages of fully automated commercial transport aircraft operations. Although at first glance this might seem unrealistic, consider that the military has already identified uninhabited air vehicles (UAVs) as a key technological system for improving performance, reducing human exposure to risk, and reducing the cost of air operations. One might even consider if any of the 70 percent of air carrier accidents attributed to crew error could be avoided by autonomous operation. Conversely, one might also ask how many accidents have been avoided by human intervention. The technology to operate air carriers automatically is already available. Most modern transport aircraft have the capability to perform fully automatic flight from takeoff to landing along a preprogrammed course. The only manual operation required by the pilots is taxiing away from the gate and rolling out after landing. However, fully unpiloted operation is not practical today because disturbances in the external operating environment, such as turbulence, winds, severe weather, traffic, and air traffic control maneuvers, often require changes to the preplanned trajectory. The main role of the pilot in today's commercial air carrier operations is to adapt to changing environments or respond to mechanical failures.9 The key technologies that would enable unpiloted transport operations are highly reliable, goal-level guidance and control systems and advanced flight planning algorithms. Goal-level guidance and control systems are much more automated than most current flight management systems, in which automation is instructed or programmed at the specific instruction level. Goal-level systems must be able to select a specific course of action to accomplish a high-level goal, such as the safe arrival of an aircraft at a given point in a route. System reliability and interaircraft coordination must also be addressed for highly automated flight control systems before unpiloted commercial transports will be feasible. Although unpiloted commercial transport aircraft may never be used because of a lack of public acceptance, research and technology development focused on unpiloted operations could identify critical guidance, control, and pilot decision-making elements that should be considered in the design of flight management control systems for either piloted or unpiloted air vehicles. Since the development of unpiloted air vehicles does not truly eliminate the possibility of human error, but shifts the potential for error from the operator to the designer, the increased rigor necessary during design would also benefit both piloted or unpiloted air vehicles. Therefore, to further the goals related to air transportation safety and efficiency, NASA should consider developing prototype unpiloted civil/commercial air vehicles that leverage the results of related DOD UAV research. 9 It should be noted that a great deal of skill and training is required to accomplish these tasks.
OCR for page 68
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Finding. Although automation has already improved the safety and increased the efficiency of air travel, additional progress can be made through improvements in aviation-related human-automation systems, such as aircraft flight decks. Key issues that require NASA research support include human-machine task allocation and pilot situation awareness. Advances in technology for UAVs (unpiloted air vehicles) may also contribute to the fulfillment of NASA's safety and capacity goals for air transportation operations involving piloted aircraft. PRECISION AIR TRAFFIC MANAGEMENT/AIRCRAFT OPERATIONS Increasing capacity will be a key driver for future high performance ATM systems. An order of magnitude improvement in the precision of ATM and aircraft operations, such as a reduction in airway widths from 4 miles to 0.4 miles, could increase capacity, while simultaneously maintaining or improving safety, for oceanic, en route domestic, and terminal airspace flight operations and could lead to reductions in the cost of air travel. Technology designed to make commercial transport aircraft operations more precise could also be applied to general aviation, provided costs can be kept low. More precise operations would enable more privately owned aircraft to operate in adverse weather conditions and high traffic areas, thus contributing to a revitalization of this aircraft market sector. Supersonic air vehicle operations could also benefit from improved ATM that would allow for shorter overland flight distances, reduced aircraft separations for transoceanic flights, and the avoidance of noise sensitive areas. Improvements in ATM may be possible through enhanced CNS and ATM decision support tools that would enable new ATM separation standards and reduce "intervention buffers."10 Improvements could also be enabled by building on emerging technologies used for weather detection, precise aircraft navigation and surveillance, and air-to-ground data transfer. Critical issues that must be addressed with new or existing technologies include better integration of information from a number of different algorithms, sensors, and systems; and a better understanding of human-automation issues. Air-to-Ground Datalinks for Precise Controller-to-Pilot Communications The fast pace and high pressure of a busy airport or air traffic control center necessitates abbreviated interchanges on the voice channels used to control aircraft movements. Very often these commands are safety critical, that is, if they are misinterpreted or missed altogether, serious consequences can result. Although no breakthrough would be necessary to make communications more reliable, the introduction of more modern, verifiable digital technology is imperative. The challenge is to provide reliable communications with the 10 An intervention buffer is the normal minimum spacing between aircraft that, if not maintained, will compel an air traffic controller to direct course corrections.
OCR for page 69
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals pilot without obscuring the normal voice interactions that must continue, if for no other reason than to handle unanticipated occurrences. Although datalink communications to aircraft have been technically feasible for a number of years, their use has been limited mostly to private intra-airline communications providers, such as ARINC, which transmit airline operational information, weather, air terminal information system (ATIS) and some ATC clearances in text format. Broader implementation of digital data communications and graphical datalinks have been limited primarily by difficulties in developing ATC automation tools. Datalinks could allow direct exchanges of data between onboard computers, as well as between aircraft and ground computers, which would improve coordination of aircraft, especially closely spaced parallel approaches, minimal noise approaches and departure procedures, and very close (i.e., near formation) operations, which would be necessary to achieve the NASA capacity goal of increased capacity. Improved Weather Detection Sensors Sensors that could "see" adverse weather conditions, including clear air turbulence and icing regions, and provide early warning to the pilot would permit the planning and execution of avoidance maneuvers better than present radar systems. Current airborne weather radars only sense precipitation (some systems can also detect turbulence in the precipitation) through Doppler velocity measurements. Other sensors, such as lightning detectors, also indicate regions of high convective activity and hence the potential for convective turbulence. Clear air turbulence and icing are the key weather hazards for which there are no reliable methods of remote detection. Currently, the most commonly available indicators of these hazards are pilot reports from other aircraft. In addition to sensors, pilots need methods and systems that can integrate all available weather information (from sensors, pilot reports, forecasts, and numerical models). Precision Navigation and Surveillance The precise determination of the flight trajectory of one's own aircraft and all other aircraft in proximity to it could have an impact on meeting several of NASA's air transportation goals. For example, more precise flight tracks could potentially lead to reduced flight times because aircraft could operate in closer proximity to each other without conflict. Small reductions in flight time could reduce overall fuel consumption enough to create large cost savings for large air carriers. Less flight time for numerous individual aircraft could also lead to large aggregate reductions in overall aircraft noise and emissions. These capabilities are consistent with the FAA's concept of "free flight," an attempt to move the U.S. national airspace system from a centralized command-and-control system between pilots and air traffic controllers to a distributed system that allows pilots, whenever practical, to choose their own routes and file flight plans that follow the most efficient and economical routes.
OCR for page 70
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals The technology to determine precise flight trajectories and distribute these trajectories to all nearby aircraft is already in hand. Satellite navigation based on GPS and combined with other sensors, such as inertial navigation units, can provide very precise three-dimensional positioning, velocity, and time. ADS can be used to broadcast this information for one aircraft to all other ADS-equipped aircraft. Although these systems have not been widely adopted due to inertia in the air transportation system as discussed early in the chapter, long-term NASA research and technology development focused on precise navigation and surveillance is not likely to speed their implementation. Fully Autonomous Air Traffic Operations ''Free flight" promises to further NASA's safety and efficiency goals, but the concept does not completely free aircraft from reliance on ground-based air traffic control infrastructures, especially in terminal areas. Free flight would actually limit pilot flexibility in certain situations, for example, to ensure aircraft separation at high-traffic airports and in congested airspace (Free Flight, 1998), to prevent unauthorized entry into special use airspace, and for other safety reasons. However, if pilot task allocation and situation awareness could be optimized, and the precise location of everything that might concern a pilot, including the location of the ground, could be made available in all weather and flight conditions, the safe operation of fully autonomous aircraft might be possible. Imagine a flight deck "heads-up display" that shows an outline of the terrain ahead consistent with the altitude and orientation of the aircraft, the location of all aircraft ahead—as well as above, below, and beside—and their predicted trajectories, and a "rearview mirror" analog view behind the aircraft, all in their correct locations relative to the aircraft. This type of display would require that precise navigation and surveillance technologies be combined with enhanced weather sensors, sensors that provide visual imagery in all light and weather conditions, and databases on digital terrain and man-made obstacles. Many of these component technologies already exist or are close to realization, but integrating them into a system optimized for human-machine task allocation and pilot situation awareness would represent a major breakthrough. Fully autonomous air traffic control capability that is independent of ground-based infrastructure offers many possibilities for changes in the way the air transportation system operates that would have a positive impact on meeting NASA's goals related to air transportation cost, safety, noise and emissions, and possibly throughput. In addition to free flight during the enroute phase of a flight, all airports, both high and low density, public and private, could have defined approach glide paths that are direction-of-arrival dependent and weather-dependent. These approaches could be flown in any light and visibility conditions without interactions with control towers. These capabilities would have obvious benefits for less-developed countries and for operations in remote or austere environments, where the existence of ground-based infrastructures other than a safe landing area would no longer be required.
OCR for page 71
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals In order to ensure the widespread use of aircraft-based ATC systems by commercial, military, and general aviation aircraft, cost must be carefully considered during their development. Total autonomy from all ground-based infrastructure in a given region would be impossible unless all aircraft use aircraft-based ATC systems. Finding. Precision ATM and aircraft operations will be important to meeting NASA's goals related to air transportation cost, safety, noise and emissions, throughput, high-speed air travel, and general aviation. In the near term, precision ATM will probably be based on emerging technologies now used for weather detection, precise navigation and surveillance, and air-to-ground data transfer and communications. However, achieving NASA's goals in the long term will require the development and implementation of an aircraft-based ATC capability that is totally independent of ground-based infrastructures. MITIGATING CONSTRAINTS IN TERMINAL AREAS New technologies and procedures that increase throughput in terminal environments will be essential to growth in the air transportation system and to achieving NASA's goal to triple the aviation system throughout. The economics of airline operations create a demand for increased frequency of service because this is highly valued by consumers. The national air transportation system throughput is fundamentally limited in terminal environments by two major barriers: (1) runaway occupancy time, the primary constraint under visual flight rules, and (2) wake vortex limitations on aircraft separation under instrument flight rules. Because these barriers are not likely to be mitigated through the construction of new airports, a wide range of candidate improvements in aircraft, airport and/or ATM technology, as well as the integration of new vehicle types into the scheduled passenger transportation system at the most congested airports, should be evaluated. New technologies and procedures would maximize the productivity of existing infrastructure while maintaining the high level of safety associated with scheduled passenger transportation. Mitigating the constraints in terminal environments would also lessen the pressure to expand existing airports. Reducing terminal-area constraints would also further several of NASA's goals in addition to throughput. By allowing aircraft to operate more freely and with less delay in terminal areas, engine emissions and aircraft noise would be reduced. Costly takeoff and landing delays would also be reduced for commercial air carriers, enabling a potential reduction in air travel costs. Technology developments focused on reducing terminal constraints, such as methods to mitigate wake vortices, could also contribute to improved safety and an improved operating environment for general aviation.
OCR for page 72
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Reduced Runway Occupancy Time Current FAA/NASA programs are attempting to increase throughput at airports through a range of initiatives including simultaneous independent operations on more closely spaced parallel runways and more efficient use of terminal airspace. For operation under visual flight rules, the throughput (the number of operations that can be accommodated) for a single runway is regulated by the amount of time it takes an aircraft to proceed from threshold crossing to a runway exit. Present ATC operating rules do not permit two aircraft to be on the same runway at the same time, which suggests that strategies that could reduce runway occupancy time could increase capacity and throughput. If more than one aircraft could safely occupy the same runway, runway occupancy time would be effectively reduced. Reduction in Aircraft Velocity on Roll out Once an aircraft touches down, its landing speed, combined with braking and thrust reversers, determines how long it takes for the aircraft to slow down enough to turn off the runway. Deceleration rates also depend on runway surface conditions, such as wet or dry pavement. New runway materials that reduce the time required to slow the aircraft would shorten runway occupancy time. Onboard technologies, such as actively controlled braking systems or braking guidance systems, may increase deceleration profiles and enable high-speed exits. Finally, vertical/short takeoff and landing (V/STOL) aircraft land at relatively slow speeds (or even zero forward velocity) and have lower runway occupancy times than conventional aircraft. If V/STOL aircraft could be sequenced onto existing airport runways very precisely, and apart from the arrival stream of other air traffic, runway occupancy time per operation would be reduced. Wide Runways/Formation Landings Today, aircraft operate simultaneously on intersecting runways under the "land-and hold-short" concept.11 In theory, two aircraft could land at different touchdown points on the same runway, either in parallel operations on wide runways or in-trail operations on long runways. This formation landing, enabled by advanced flight control systems, aircraft-to-aircraft surveillance systems, and pilot-controller decision aids, would effectively increase the capacity of existing runways (or runways with relatively modest modifications).12 Ideally, this capability would be available for visual flight and instrument flight operations. 11 Land-and-hold-short procedures allow an aircraft to approach an intersecting runway with active traffic as long as the pilot accepts the responsibility for ensuring sufficient stopping distance before the aircraft reaches the intersection point. 12 These proposed formation procedures would not place aircraft in wingtip-to-wingtip proximity, as is the case for formation procedures used by military fighters. The aircraft separation envisioned would be similar to the landing spacing used for military transports.
OCR for page 73
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals The required technologies entail very precise control of aircraft positions in all four dimensions, including velocity, by precise position tracking by air traffic control with very rapid updates for aircraft position and intent. Flight crews would require rapid updates of position and intent for all nearby aircraft. Onboard collision-avoidance systems would also have to be more highly automated than current systems so pilots could take rapid evasive action, if necessary. Mitigation of Wake Vortices Wake turbulence created by vortices emanating from aircraft wings is one of the major constraints on the overall throughput capacity of the air transportation system. Wake turbulence limits enroute in-trail spacing, takeoff and landing spacing, and airport runway spacing. Airports that do have closely-spaced parallel runways (less than 4,300 feet apart) cannot use them for simultaneous, independent operations because of the safety implications of wakes drifting across the runways. Recent increases in separation requirements to compensate for wake turbulence from the heaviest commercial transports has limited capacity at some airports even more. Efforts are being made to develop sensor systems to detect and measure wing vortices. Other approaches to mitigating the effects of wake turbulence include source alleviation and encounter management techniques. Source alleviation methods, which reduce or control vortices, would also allow closer spacing of aircraft on approach. Either the energy created by the vortices would be extracted or the wing would be redesigned to reduce or eliminate vortices at the source. The development of techniques to safely "manage" wake vortices may involve changes in procedural approaches, such as displaced thresholds, variable glide path approaches, precision approach paths for all-weather operations, and dynamic encounter aids associated with advanced sensors. Progress in any of these areas could have significant benefits in terms of safety and throughput. Vertical/Short Takeoff and Landing Aircraft to Enhance Capacity Another approach to increasing the capacity of terminal areas is use of V/STOL aircraft, including advanced civil tilt-rotor designs. NASA studied the economic viability of V/STOL aircraft in the late 1970s, and their use appeared to be feasible even though new air vehicles and the associated infrastructure, such as vertiports, would have to be developed. V/STOL aircraft could serve the shorter-distance markets cost effectively if they could operate out of existing airports. If they did not affect the capacity available for conventional runway operations, they would represent new net capacity.13 13 High-speed rail is often suggested as a substitute for short-haul air transport. However, the economic viability of high speed rail does not make it an attractive alternative in most U.S. intercity travel markets.
OCR for page 74
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals A concept known as simultaneous noninterfering operations, currently being investigated by Boeing Helicopters and NASA Ames Research Center, could potentially allow V/STOL aircraft to operate out of existing airports without interfering with existing commercial jet traffic. Improvements in ATC and aircraft operations could make this concept operationally viable. Technology development for V/STOL aircraft, such as tilt-rotors, would have to be increased and accelerated to develop economical, reliable, and safe V/STOL aircraft. The variable-diameter tilt-rotor concept has an extended prop-rotor diameter during hover and low-speed flight and a retracted prop-rotor diameter during high-speed cruise operation (Rosen, 1997). This capability would dramatically improve vertical takeoff payload fractions and propulsive cruise efficiencies in forward flight. Other important technological improvements applicable to all air vehicles, such as improved propulsion systems and improved structures and materials, are discussed in Chapter 3. Personal Air Travel A potential area of breakthrough technology that could meet NASA's throughput goal in the long term without extensive technology upgrades to existing airports or the construction of new public airports would be the design and deployment of personal air transportation vehicles that could offer "door-to-door" transportation under all weather conditions. If personal vehicles could be operated safely without extensive pilot training, they could revolutionize the mobility of the population. The performance level of a personal air transportation system vehicle would have to be much higher than the performance level of existing general aviation vehicles. Personal transportation aircraft will need to have V/STOL capability and will need to operate using the existing ground-transportation infrastructure (i.e., roads and highways). This could make on-demand, door-to-door transportation possible, which would avoid the time and cost of accessing existing airports and accommodating scheduled airline flights.14 In addition to V/STOL vehicle technology, a number of advances in information technology would be necessary for safe and efficient personal air transportation systems. Many of these technologies have been described in this chapter, including advances in vehicle guidance and control systems, weather sensors, onboard precise navigation and surveillance systems, and collision avoidance and flight management systems that are affordable for small aircraft. The research and technology development for unpiloted commercial air transports, based on advances in UAV development, and fully autonomous aircraft-based ATC would have to be applied to personal air vehicles with built-in system redundancy, simplicity, and low cost. In addition, the impact of large numbers of private vehicles on the safety of the existing air transportation system would have to be determined, which would depend on the improved modeling capabilities described earlier. 14 For more details about one concept to enable these capabilities, known as the VTOL-Converticar, see Bushnell, 1998.
OCR for page 75
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals In the most extreme and optimistic scenario, personal aircraft that are virtually unconstrained in terminal areas could support long-distance commuting, provide access to rural and "inaccessible" areas, and could even "unclog" some densely populated areas in the United States and abroad. Finding. Increasing air transportation system throughput depends directly on reducing constraints in terminal areas. Technology developments in this area should focus on reducing runway occupancy time, mitigating the effects of aircraft wake vortices, and enabling V/STOL aircraft to operate from existing airports and runways without reducing capacity available for other air traffic. To the extent that these improvements can provide more precise control of aircraft operations or can reduce the potentially harmful effects of wake vortices, they could also improve aviation safety and operating conditions for general aviation aircraft. In the long term, personal air transportation vehicles could be a breakthrough that would achieve NASA's throughput goal by allowing millions of air travelers to bypass existing airports and air travel infrastructures. If these vehicles were produced and sold by general aviation manufacturers, NASA's goal of revitalizing this industry could also be met. REFERENCES Bushnell, D.M. 1998. Frontiers of the "Responsibly Imaginable" in (Civilian) Aeronautics, AIAA paper 98-0001. Reston, Virginia: American Institute of Aeronautics and Astronautics. Deyst, J.J. 1997. Aerospace Information Systems. Presentation to the Committee to Identify Potential Breakthrough Technologies and Assess Long-term R&D Goals in Aeronautics and Space Transportation Technology, Cambridge, Massachusetts, November 18, 1997. Endsley, M.R. and M.D. Rodgers. 1994. Situation Awareness Information Requirements for En Route Air Traffic Control, Final Report. DOT/FAA/AM-94/27. Washington, D.C.: Federal Aviation Administration. Fitts, P.M. 1951. Human Engineering for an Effective Air Navigation and Traffic Control System. Washington, D.C.: National Research Council. Free Flight. 1998. FAA Free Flight World Wide Web site, www.faa.gov/freeflight Littlewood, B. and L. Strigini. 1993. Validation of Ultrahigh Dependability for Software-Based Systems. Communications of the ACM, 36(11).
OCR for page 76
Maintaining U.S. Leadership in Aeronautics: Breakthrough Technologies to Meet Future Air and Space Transportation Needs and Goals Rosen, K. M. 1997. Memo to the Committee to Identify Potential Breakthrough Technologies and Assess Long-term R&D Goals in Aeronautics and Space Transportation Technology, United Technologies, Sikorsky Aircraft, November 5, 1997.
Representative terms from entire chapter: