Skip to main content

A Review of the Next Generation Air Transportation System Implications and Importance of System Architecture (2015) / Chapter Skim
Currently Skimming:

3 Cope with Change
Pages 49-63

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 49...
... , Interim Report of a Review of the Next Generation Air Transportation System Enterprise Architecture, Software, Safety, and Human Factors, The National Academies Press, Washington, D.C., 2014. 2 Here the committee refers to what some call cybersecurity (system, data, and commu nications security)
Read the entire page →
From page 50...
... FAA staff stated that the enterprise-level programs address specific information threats; however, they also state that there are no current NASlevel threat models. Furthermore, from what the committee has learned, information security is not currently a consideration during safety analysis.
Read the entire page →
From page 51...
... Individual threat analyses of programs need to be "rolled up" to an architectural threat model, and that threat model also needs to be potentially checked on each program. In the committee's view, as systems are increasingly digital and dependent on communications and networks, and as the threat landscape for the nation as a whole continues to evolve, cybersecurity will need to be an important and integral part of safety activities and is an ongoing operational matter (not only a question of design and architecture)
Read the entire page →
From page 52...
... Until FAA effectively implements security controls, establishes stronger agency-wide information security risk management processes, fully implements its NAS information security program, and ensures that remedial actions are addressed in a timely manner, the weaknesses GAO identified are likely to continue, placing the safe and uninter rupted operation of the nation's air traffic control system at increased and ­ nnecessary risk. u The system architecture for the NAS and its future goals need to embrace comprehensive, system-wide measures to ensure cybersecurity.
Read the entire page →
From page 53...
... , control links, support equipment, payloads, flight termination systems, and launch/recovery equipment."7 The FAA Reauthorization Act of 2012 calls for the safe integration of UAS in the NAS by 2015. Several interim steps have been taken, including the establishment of six UAS test sites and the first roadmap for the integration of 7 FAA, Integration of Civil Unmanned Aircraft Systems (UAS)
Read the entire page →
From page 54...
... When additional guidance is in place, higher-altitude operations that fly above 500 feet, are beyond line of sight, or that need civil airspace infrastructure will presumably need to be equipped with applicable technologies to interact with current and future air traffic services. Several NextGen technologies are essential to the safe integration of UAS: the NAS voice system, which will allow UAS pilots to communicate with air traffic control (ATC)
Read the entire page →
From page 55...
... in response to the new usage model presented by UAS. Are the data requirements alone -- content and update rate -- for ADS-B Out and ADS-B In sufficient to provide safe operations absent a pilot in the cockpit?
Read the entire page →
From page 56...
... Moreover, if the FAA is going to be held accountable for an extremely conservative safety culture -- which has historically been the case -- then it should be recognized that such conservatism will understandably bias the agency away from innovation. Thus, there are risks associated with a safety culture as well, not least of which are opportunity costs due to not deploying improved (and potentially even safer)
Read the entire page →
From page 57...
... Is it understood and 14 A recent Chicago Center fire took down the whole center by cutting certain communications. The fact that this occurred is made worse by a previous example of single fiber optic cable cut that did the same thing.
Read the entire page →
From page 58...
... This section offers a brief overview of the challenges to traditional engineering project management of software-intensive systems. It then focuses briefly on management of software risk in particular, in response to the statement of task, and describes the committee's views on risks to NextGen.
Read the entire page →
From page 59...
... The iron law of traditional software engineering is this: the later you are in the life cycle, the more expensive things are to fix.19 In the committee's experience, project managers who are experienced and trained in traditional project management disciplines such as detailed planning, critical-path analysis, and earned value management may have a particularly rough transition to dealing with these types of projects. They must move from a world of managing certainty and precision to a world of resolving uncertainty based on imprecise probabilistic judgments.
Read the entire page →
From page 60...
... :61-72, 1988; B Boehm, Software Engineering Economics, Prentice Hall, 1981; and Boehm et al., The Incremental Commitment Spiral Model, 2014.
Read the entire page →
From page 61...
... could be specified. New, iterative development methods have emerged organically from diverse software development communities to improve navigation through uncertainty.
Read the entire page →
From page 62...
... With regard to specific risk drivers, the committee observed that some important choices and considerations are driven by what appear to be hardware fixed-points, rather than being driven by a systems architecture. In some ways, the engineering agenda seems to be set by assumptions about hardware procurement (e.g., the hardware selected for ADS and Data Comm)
Read the entire page →
From page 63...
... , causing risks of many kinds, including schedule risks. A conventional cost and schedule risk analysis would need to assess the program variance in reaching particular objectives, but NextGen functional and performance objectives are not really defined, or worse, they are inconsistently understood from stakeholder to stakeholder.
Read the entire page →

Key Terms

  • information security
  • air transportation
  • air traffic
  • unmanned aircraft
  • federal aviation

  • aviation administration
  • software engineering
  • software development
  • residual risk
  • safety culture

  • cyber security
  • project management
  • national airspace
  • traffic control
  • threat model

  • spiral model
  • safety engineering
  • software project
  • schedule risk
  • management life

  • engineering project
  • engineering economics
  • physical security
  • acquisition management
  • security program

  • safety analysis
  • faa staff
  • effective architecture
  • uas operations
  • threat models


    • This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
    More information on Chapter Skim is available.