National Academies Press: OpenBook

In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System (2018)

Chapter: 2 IASMS Concept of Operations and Risk Prioritization

« Previous: 1 Introduction
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

2

IASMS Concept of Operations and Risk Prioritization

A clear CONOPS for an IASMS is needed to understand how the system will operate, to define the issues that an IASMS will address, and to identify key technical and policy issues. Trying to develop an IASMS that can address a wide range of potential risks is problematic because each additional risk that is added to the scope of an IASMS increases both the cost of development and the complexity of the system. A process for prioritizing risks is therefore needed to limit the scope of an IASMS to potential risks that are most likely to occur and potentially have the most severe consequences if they do occur. A traditional prioritizing process can be used that relies on historic data from the operation of conventional aircraft. This approach, however, would not consider the potential impact of emerging risks associated with new entrants.1 For example, new entrants will generate new issues such as a possible increase in the level of uncertainty in NAS operations, the possibility that operators will not demonstrate an appropriate level of trust in the increasingly autonomous systems; and the impact of unauthorized UAS operations and the increasing pace of commercial space operations on the safety and efficiency of the NAS.

This chapter identifies three key challenges and two high-priority research projects:

  • Challenges
    • IASMS Concept of Operations
    • Identifying and Prioritizing Risks
    • National Airspace System Evolution
  • Research Projects
    • IASMS Concept of Operations and National Airspace System Evolution
    • Identifying and Prioritizing Risks

CHALLENGES

IASMS Concept of Operations

Challenge Summary Statement: A clear concept of operations (CONOPS) for an IASMS is needed to define the scope of such a system and to understand how it would work.

___________________

1 This report identifies three classes of new entrants that are of particular interest to the development of an IASMS: unmanned aircraft systems (UAS), on-demand mobility (ODM) aircraft, and commercial space launches, all of which are discussed later in this chapter.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Image
FIGURE 2.1 Functional elements and flow of information of a suggested high-level generic CONOPS for an IASMS.

Developing a detailed CONOPS for an IASMS will be a key challenge for four reasons. First, the CONOPS establishes the framework upon which all other research projects flow. Therefore, the development of the CONOPS is foundational to all other research. Second, by its nature, an IASMS is a complex and dynamic system of systems operating on varying time scales. As such, the CONOPS establishes a blueprint for system architecture and identifies interdependencies between operating subsystems. Third, the CONOPS defines the operational parameters inherent in IASMS including system authority, time constants, scope of risk, range of operations, and technological trade-offs. Last, an IASMS CONOPS will need to accommodate an evolving NAS that includes ongoing improvements to the NAS, new entrants that are already known—such as UAS, on-demand mobility (ODM),2 and commercial space launch and reentry operations—as well as unforeseen new entrants and other issues.

The functional elements and flow of information of a suggested high-level generic IASMS CONOPS are shown in Figure 2.1. Conceptually, a monitoring system observes and characterizes the system state by collecting, fusing, and assessing data from a variety of sensors.3 The system state is continuously assessed to identify hazards and characterize associated risks, thereby detecting elevated risk states. When an elevated risk state is detected or predicted, a mitigation process is triggered to implement a safety assurance action that reduces the identified risk level.

A number of issues and requirements are clear from the generic CONOPS. First, system effectiveness will depend greatly on the extent to which the monitor, assess, and mitigate functions are tailored to address specific risks or classes of risks. It is therefore necessary to establish a process to identify and prioritize those risks that merit a corresponding investment in an IASMS. It is also necessary to develop a much more detailed CONOPS to guide the development of an IASMS. Developing a detailed CONOPS will be complex and time consuming because of the difficulty of producing accurate, quantified projections of the state of the NAS, the availability of relevant data, the capabilities of computational systems, and so on; because of the many factors to be considered; and because of the difficulty of assessing the trade-offs and interactions among them. Key factors include the following:4

___________________

2 ODM is an emerging concept for commercial aviation that would feature small aircraft providing on-demand transportation for individuals or small groups of passengers within urban areas, over relatively short intercity distances, and in some cases over longer distances for transportation to or from small and underserved airports. (Although some ODM concepts focus on ground transportation, this report refers to ODM exclusively in terms of aviation.)

3 Data fusion involves correlation and synthesis of data from heterogeneous data sources with different formats, timing, accuracy, and other characteristics. See Chapter 3 for more information on data fusion.

4 System scope is listed first because it is the most important of the factors in the list. The other factors are listed alphabetically.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
  • System scope in terms of:
    • Aircraft types, including new entrants
    • Data requirements
    • Known and emergent risks
    • Operations in different classes of airspace
    • Time scales for each functional element (monitor, assess, and mitigate) of the generic CONOPS
    • Users
  • Ability to collect required data
  • Architecture
  • Costs and benefits
  • Effectiveness
  • Growth in air traffic
  • Human performance limitations and human-machine roles
  • NAS evolution
  • System authority
  • Technical capabilities
  • Uncertainties associated with each functional element of the generic CONOPS
  • Verification, validation, and certification (VV&C)

A concept of operations that encompasses all of the above factors would be very complex, perhaps approaching the complexity of the concept of operations of the NAS itself, given that the scope of IASMS will encompass a large portion of the NAS. In addition, it is likely that the functional elements of an IASMS will need to be tailored to some degree for different aircraft types, different risks, different operations in different classes of airspace, and so on, that fall within the scope of the system.

Identifying and Prioritizing Risks

Challenge Summary Statement: Because the universe of all potential risks is large and each risk addressed adds some cost and complexity to the system, it will be important to have an approach and process to prioritize and focus on those risks that will have the most impact on system safety issues that fall within the scope of the IASMS.

Identifying and prioritizing risks that an IASMS will address will be a key challenge because of the wide variety of potential risks, the difficulty of assessing many risks, and the extent to which an IASMS can mitigate those risks. As the safety of various elements of the NAS improves, and as the probability threshold for a risk to be mitigated lowers, the number of elevated risk states that should be considered for mitigation will increase. Because any mitigation approach will introduce some cost into the system, risk prioritization is needed to facilitate development of an affordable IASMS.

There are many factors to consider when prioritizing risks. These include traditional assessments of consequence and probability, as well as relevant hazards (Have the hazards that underlie risks of interest been identified and analyzed?5); detectability (Is the risk understood? Are the data available? Are there monitoring approaches to detect elevated risk states?); mitigation effectiveness (Are there viable options for reducing the risk levels?); cost; undesirable secondary effects (e.g., the introduction of new risks); and societal risks (see below).

The traditional approach to risk assessment is based on an evaluation of the probability of occurrence and the consequence of an event. This approach is illustrated by the sample risk assessment matrix in Figure 2.2. As shown, the highest risks occur when the consequences of an event are the most severe and the probability of the event occurring is the highest over some period of time. Risks posed by a given event are reduced as action is taken to reduce the consequences of the event and/or to reduce the probability that the event will take place. For example,

___________________

5 FAA, 2012, Safety Risk Management Policy, FAA Order 8040.4, April 30, https://www.faa.gov/documentLibrary/media/Order/8040.4A%20.pdf.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Image
FIGURE 2.2 Sample risk assessment matrix, severity categories, and probability levels. SOURCE: U.S. Department of Defense, 2012, Department of Defense Standard Practice: System Safety, MIL-STD-882E, Headquarters Air Force Materiel Command, Wright-Patterson Air Force Base, Ohio, http://www.system-safety.org/Documents/MIL-STD-882E.pdf, pp. 11-12.
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Image
FIGURE 2.3 Fatalities associated with known risk areas, Worldwide Commercial Jet Fleet, 2007 through 2016. SOURCE: Boeing Corporation, 2017, Statistical Summary of Commercial Jet Airplane Accidents, Worldwide Operations, 1959-2016, Boeing Commercial Airplanes, Seattle, Washington, http://www.boeing.com/resources/boeingdotcom/company/about_bca/pdf/statsum.pdf, p. 22. Copyright 2007 Boeing.

the risks posed by in-flight failures of gas turbine engines have been greatly reduced in recent decades by design improvements that have made engine failures exceedingly rare. The higher reliability of gas turbine engines has also reduced the consequences of an engine failure by reducing the likelihood that another engine will fail before an aircraft can make an emergency landing. Investigations of accidents and incidents and the methodologies used for those investigations can also contribute to risk assessments.

Several classes of risk are relevant to the process of identifying and prioritizing risks. These include the following:

  • Known Risks. The highest-priority risks are known risks that are still present in the system, that have a relatively high probability of occurring, and that have the potential for the most severe consequences. In commercial transports this would include loss of control, controlled flight into terrain, and runway excursions, because they cause the most fatalities in commercial jet operations (see Figure 2.3).6 These categories are all widely understood to be important risks to the safety of aviation, but there are specific manifestations of risk within each of these categories that have not been well characterized and for which preventive action is not yet fully effective. Each of these three risk areas is clearly a high priority, and they have been the focus of substantial aviation safety research for many years. Investigations of past incidents and accidents are also available to provide insight into known risks and to guide relevant research. It will be essential—and perhaps difficult—to show how an IASMS can help mitigate risks in these areas.

___________________

6 Breaches in physical security have also caused many aviation fatalities, but physical security is generally addressed as a hazard apart from safety and aviation safety systems.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
  • Emerging Risks. As the NAS evolves, new risks will emerge due to changes in operations (e.g., UAS, ODM, and growth in air traffic), technological advances (e.g., increasingly autonomous systems), increased connectivity, the implementation of next-generation airspace procedures (e.g., delegation of separation), and other exogenous and internal threats (e.g., cyberattacks and instability of human operators).
  • Societal Risks. In some cases, a risk may suddenly become a high priority due to societal concerns. This most commonly occurs after a high-profile accident with severe consequences that attracts public and legislative attention to a particular risk.7

Some risk factors are common to many of the risks described above. Hazardous weather, for example, contributes to many accidents that are classified as controlled flight into terrain, loss of control in-flight, or runway excursions. For conventional aircraft, hazardous weather is a known risk. For UAS, however, hazardous weather is an unknown risk because the safety risk of UAS operations in hazardous weather has yet to be quantified, especially with regard to small UAS used in new applications. The impact of hazardous weather on the safety of UAS is of particular concern for UAS operating in densely populated areas or in the vicinity of manned aircraft. Small UAS will tend to be more susceptible than larger aircraft to hazardous weather because of their light weight and because most UAS operators have less aviation experience and training than the pilots of manned aircraft.

In some cases, an emergent risk could mimic one or more known risks. A successful cyberattack, for example, could manifest itself as an accident associated with loss of control, runway excursion, or some other known risk area. Most NAS air and ground systems are not designed to operate during sophisticated cyberattacks. A common approach to securing these systems is to limit (or eliminate) connectivity to the outside world. There are still weaknesses, however, that could enable a successful cyberattack. For example, the Aircraft Communications Addressing and Reporting System (ACARS) provides key navigation data to on-board flight management systems, but the messages are not encrypted nor do they have authentication protocols. In addition, navigation, communication, and surveillance operations in the NAS are migrating to digital and network-based operations, and this may introduce new cyber vulnerabilities that are relevant to an IASMS. Accordingly, an IASMS will need to be designed with cybersecurity in mind. The only cybersecurity issues that fall within the scope of an IASMS research program, however, are those that are unique to the operation of an IASMS. For example, there is no need for an IASMS research program to develop more secure communications protocols or firewalls, because both of these areas apply to a wide array of applications and organizations, and tremendous resources are already devoted to research in these areas. Rather, issues of particular interest to an IASMS are detection and mitigation techniques for cyber threats that could bring down or compromise the integrity of NAS communications, navigation, and surveillance networks.

Likewise, an accident caused by human instability in which a pilot commits suicide by flying a passenger aircraft into the ground could be classified as a controlled flight into terrain accident. The corrective action for preventing such accidents, however, is far different than the corrective action to prevent unintended controlled flight into terrain accidents.8 An advanced IASMS might be able to detect off-nominal physiological features associated with human instability in real time (see Chapter 3: “Collecting Data on the Performance of Human Operators” in the Challenges section and “Protecting Personally Identifiable Information” in the Research Projects section). If that is not possible, however, an effective IASMS would be able to detect and, if possible, take corrective action in response to adverse changes in the state of an aircraft or other elements of the NAS that are caused by human instability, other known or emergent safety risks, or attacks associated with a breach in physical security.

___________________

7 For example, consider the history of the Traffic Collision Avoidance System (TCAS). The FAA began development of an airborne collision avoidance system in 1978 after a midair collision over San Diego with 144 fatalities. The FAA began to mandate the installation of collision avoidance systems in 1986 after a midair collision over Cerritos, California, with 82 fatalities. Many other countries began to mandate the installation of a collision avoidance system in 1996 after a midair collision over New Delhi with 351 fatalities. See Eurocontrol, “History and Future of Airborne Collision Avoidance,” http://www.eurocontrol.int/articles/history-future-airborne-collision-avoidance, accessed December 8, 2017.

8 Bureau d’Enquêtes et d’Analyses pour la sécurité de l’aviation civile, 2016, Final Report: Accident on 24 March 2015 at Prads-Haute-Bléone (Alpes-de-Haute-Provence, France) to the Airbus A320-211 registered D-AIPX, operated by Germanwings, March, https://www.bea.aero/uploads/tx_elydbrapports/BEA2015-0125.en-LR.pdf.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

National Airspace System Evolution

Challenge Summary Statement: The capabilities of an IASMS will need to increase in sophistication as the NAS continues to evolve and improve, while also accommodating changes in conventional air traffic and new entrants, particularly with regard to the following:

  • Growth in air traffic;
  • Increased uncertainty from new entrants (e.g., UAS, on-demand mobility aircraft, and commercial space launch and reentry operations) and emergent risks;
  • Trust in increasingly autonomous UAS and associated traffic management systems;
  • Unauthorized UAS operations; and
  • Increasing pace of commercial space operations.

Evolution of the NAS includes changes in both internal factors (e.g., aircraft, the ATM system, technologies, and operational procedures) and external factors (e.g., demographics, education, media, and cultural norms). Developing an IASMS that can accommodate the ongoing evolution of the NAS will be a key challenge because of technical difficulties in supporting the development of an increasingly complex IASMS. In addition, new capabilities implemented in the NAS, such as an upgraded IASMS, will be required to meet or exceed the extremely high levels of accuracy, reliability, speed, performance, and overall safety that current systems demonstrate and that the public expects, especially with respect to airlines. Also, growth in traditional air traffic and new entrants will create a need for an IASMS with more sophisticated capabilities related to data gathering, analysis, risk detection, and risk mitigation on the time scale of interest to an IASMS.

The NAS has evolved progressively from its rudimentary beginning in the 1920s. The system’s initial focus was to deploy the best available navigation techniques to enhance efficiency, safety, accuracy, and reliability. As traffic increased, the system focused primarily on aircraft separation assurance to prevent collisions and enhance broad public acceptance of a safe and reliable air transportation network. Prior to World War II, the low density of air traffic permitted the use of procedural separation based on direction, time, and speed control. In the 1950s, however, the growth in traffic and available technology required the introduction of positive separation through the use of radar and real-time communication between pilots and air traffic controllers. As traffic density increased further and with the advent of commercial transports powered by jet engines in the late 1950s and early 1960s, the NAS was augmented with more capable radars, and defined airways or track systems were increasingly used to ensure safe separation between aircraft. NAS airspace classifications were also established to regulate operations within different regions, each of which is defined in terms of geography and altitude. Airspace classification schemes subsequently evolved to recognize and accommodate advances in the capabilities of aircraft and air traffic control systems. As growth in air traffic continued and technology evolved, satellite navigation systems were developed and deployed in the late 1980s and early 1990s, and GPS-based aircraft separation, using the Automatic Dependent Surveillance-Broadcast (ADS-B) system was deployed beginning in 2010.9 Over the past 20 years, high-precision satellite-based systems have been replacing some ground-based navigation and radars.

The Next Generation Air Transportation System (NextGen) program was formulated in 2004 as a multiagency effort led by the FAA to modernize and improve the efficiency of the NAS over a period of approximately 25 years. NextGen is and will continue to be a major driver of improvements to the NAS. The NextGen program consists of a series of initiatives, which have included the System Wide Information Management (SWIM) program (see Chapter 3), ADS-B (see above), and trajectory-based operations (see Chapter 4).

As the NAS approaches 2020, satellite-based communication, navigation, and surveillance systems are expected to predominate as an increasing number of ground-based systems are phased out. Digital, lightweight satellite systems are much more precise and have greater capacity and, therefore, will be able to accommodate

___________________

9 Automatic Dependent Surveillance-Broadcast (ADS-B) is a GPS satellite-based replacement for our current ground-based radar surveillance network. Like radar, the ADS-B sensor system provides a presentation of an aircraft’s position, direction, and speed to an air traffic controller. Unlike radar, it can also provide this information to other aircraft equipped with an ADS-B system to enhance cockpit situational awareness, aircraft separation, and safety assurance.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

an increase in traffic by both conventional aircraft and new entrants (see below). Most UAS will operate at lower altitudes than commercial transports, but some will operate in airspace shared with manned aircraft. A new traffic system referred to as UAS traffic management (UTM) will be needed to assure safe separation. Early versions of a UTM system are expected to be compatible with the ATM system. As the UTM system matures, it is expected to be interoperable with and ultimately to merge seamlessly with the existing NAS. This evolution will require preplanning of standards and technology to ensure forward compatibility and integration.

Each of the five areas listed in the preceding challenge summary statement is discussed in more detail in the following sections.

Growth in Air Traffic

Air travel provided by commercial airlines over the next 20 years is projected to increase by more than 60 percent in terms of revenue passenger miles. Over the same period air traffic in the NAS is projected to increase by 30 percent as measured by the number of aircraft handled at en route centers.10 The discrepancy between growth in revenue passenger miles and en route flight operations arises from several factors:11

  • The average size of aircraft used by airlines (especially regional airlines) is increasing.
  • The average load factor is increasing (that is, the percentage of empty seats is decreasing).
  • Air traffic by general aviation aircraft is growing more slowly than commercial transports.
  • Air traffic by air taxi services is decreasing.

When looking at the next 20 years, however, the number of flight operations handled by en route centers will tell only part of the story. There will be a corresponding increase in the number of airport operations during takeoff, approach, landing, and on the ground. In addition, the FAA projects that the number of small UAS operated by hobbyists will increase by a factor of 3 in the next 5 years and the number of small UAS engaged in commercial operations will increase by a factor of 10.12 The number of small UAS and their capabilities are increasing so quickly that it is impossible to make a reliable estimate of UAS characteristics, their range of applications, and the volume of UAS flight operations over longer periods of time. It is also difficult to reliably estimate the full scope of demands that UAS, large or small, will place on the NAS. The vast majority of small UAS will not be launched from airports, nor will they operate under the control of en route centers. Nevertheless, at some point a significant number of UAS will be operating in airspace shared with manned aircraft—and that number will surely grow over time.

In the future, ODM could also become a significant factor in terms of air traffic, and commercial space launch and reentry operations (discussed below) could increasingly interfere with the availability of airspace for normal operations. As with UAS, predicting the impact of ODM and commercial space operations on air traffic over the long term is problematic at best.

Increased Uncertainty from New Entrants and Emergent Risks

Predicting the safety risks that new entrants pose to themselves and other elements of the NAS is difficult because of uncertainties about their characteristics, missions, operational modes, and prevalence and how those factors will change over time. The safety risks of aircraft currently operating in the NAS are fairly well known based on historical data on missions, operational modes, normal operations, incidents, and accidents. Existing models and simulations provide additional insight into how these aircraft operate in the NAS, and increasingly sophisticated models are under development. Changes in the design of conventional aircraft and ATM systems

___________________

10 The FAA’s en route centers manage the flight of aircraft operating under instrument flight rules (i.e., excluding flight operations by general aviation aircraft operating under visual flight rules).

11 FAA, 2017, Aerospace Forecasts Fiscal Years 2017 to 2037, March, https://www.faa.gov/data_research/aviation/aerospace_forecasts/, pp. 1 and 27.

12 FAA, 2017, Aerospace Forecasts Fiscal Years 2017 to 2037, p. 1.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

and related operational procedures introduce some uncertainties, but safety assessments of those changes can be guided by substantial insight into the workings of the NAS as it now exists. The situation with new entrants such as UAS is obviously quite different. There is no direct historical record of their characteristics, missions, operational modes, prevalence, and other factors that influence safety risks. Neither is there a substantial historical record of accident and incident investigations. These elements can still be projected, but the basis for these projections and the results thereof will inherently have much more uncertainty than projections of existing aircraft and systems.

Another source of uncertainly derives from a potential clash of cultures between the traditional aviation community and the UAS community. For example, pilots, air traffic controllers, and airlines are justifiably very focused on preventing as many aircraft accidents as possible to prevent the loss of life and substantial economic costs. In contrast, operators of small UAS are justifiably more risk tolerant because there are no people at risk on a UAS, the risk of causing fatalities on the ground is much lower, and the cost of the vehicle is much lower. In some cases UAS are considered to be expendable, and UAS are sometimes a better choice for hazardous missions to avoid the risk that a manned aircraft could crash with attendant loss of life. These different perspectives of the traditional aviation community and the UAS community will be important to consider in developing UAS systems to prevent elevated risk states, especially with respect to the operation of UAS and manned aircraft in the same airspace.

Trust in Increasingly Autonomous UAS and Associated Traffic Management Systems

The 2014 report Autonomy Research for Civil Aviation: Toward a New Era of Flight13 documents the current and future development of increasingly autonomous systems for UAS, manned aircraft, and ATM and the many challenges associated therewith. This issue is particularly important with respect to UAS because they are rapidly advancing in capabilities, their numbers and range of applications are growing so quickly, and the regulatory and certification barriers to the introduction of new technologies on UAS are so much lower than they are for manned aircraft and ATM systems. Currently, there are no or minimal certification and operations standards for small UAS. Greater understanding is needed with respect to creating a process to certify and/or license increasingly autonomous UAS hardware, software systems, and operators. Reporting requirements for UAS operations are insufficient, and those that do exist have not been organized in coordination with efforts to inform either standards development or traffic management procedures to provide safety assurance.

The level of trust in increasingly autonomous systems is directly related to operators’ belief that these systems will perform at acceptable levels of reliability and safety. Initial efforts to enable the integration of UAS into the NAS focused on the goal that UAS demonstrate a level of safety that is equivalent to manned aircraft. It is not viable, however, to use traditional, deterministic design-based standards with advanced, increasingly autonomous systems that incorporate adaptive and/or nondeterministic systems (see Box 5.1 in Chapter 5). The need to resolve issues associated with integration of UAS has accelerated FAA’s transition to performance-based standards.14

Unauthorized UAS Operations

As noted above, the number of UAS operations is rapidly increasing. Unauthorized UAS pose a threat to other aircraft, especially in the vicinity of airports. If mitigation of this threat is included in the CONOPS, it will be a difficult requirement to satisfy, particularly for small UAS, because air traffic controllers cannot detect, identify, track, and control small UAS. There are many ways in which a UAS may be unauthorized to participate in particular airspace. UAS will likely be limited by altitude restrictions or airspace class, based on their weight. These restrictions cannot take into account the flight envelope of every UAS, and UAS operators may fly their aircraft into restricted airspace, intentionally or unintentionally. Some classes of airspace may have aircraft equipage

___________________

13 National Research Council, 2014, Autonomy Research for Civil Aviation: Toward a New Era of Flight, The National Academies Press, Washington, D.C.

14 The FAA is in the process of transitioning its regulations and guidance from prescriptive “must” statements to performance standards based on the outcome or capability of an aviation system. This methodology, when combined with a risk-based management approach to safety improvements, recognizes that there may be multiple acceptable methods and technologies that could satisfy a regulatory objective rather than a single government-specified action or design approach.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

requirements, such as ADS-B. If UAS enter such airspace without the proper equipment, this could cause significant safety risks for the manned aircraft. For example, one solution would be to mandate that UAS be equipped with ADS-B as one requirement for operations above 400 ft. Meeting this requirement would be facilitated by ongoing efforts that are reducing the cost of lightweight, low-power ADS-B systems suitable for small UAS. Development of standards related to equipage, performance, communications, and procedures would also be helpful.

Increasing Pace of Commercial Space Operations

The market for commercial space services is growing, and the pace of launches is expected to increase significantly over the next decade.15 Reducing the impact of more frequent launches will require changes in how the NAS accommodates space operations, including launch or reentry failures, which in turn will affect design of the functions of an IASMS. Due to the relatively slow pace of commercial space operations to date, simple and conservative methods are used to manage related risk. Specifically, large aircraft hazard areas are created for each launch. These areas encompass airspace that could be affected by a launch or reentry, including cases where the space vehicle fails and generates a debris field. Large hazard areas are justified given that spacecraft launch and reentry have a much higher accident rate than civil aviation. Even so, the large size of these areas interferes with many aviation operations. As the pace of commercial space operations increases, better surveillance data on space operations may become available, and debris modeling may also improve. Nevertheless, it will be challenging to develop the ability to use smaller and more dynamic aircraft hazard areas necessary to reduce the impact of commercial space operations. Specific issues involve the development of real-time decision support tools and, if desired, the capability for some types of spacecraft to operate with aircraft-like separation requirements.

Aerospace traffic management is currently a joint FAA-Air Force function, where the FAA is responsible for safe handling of aircraft traffic around a launch or reentry operation, and the Air Force is responsible for ensuring that operation does not conflict with other currently operating spacecraft. This distribution of responsibility could also change in the future.

RESEARCH PROJECTS

IASMS Concept of Operations and National Airspace System Evolution

Research Project Summary Statement: Develop a detailed concept of operations for an IASMS using a process that considers multiple possible system architectures, evaluates key trade-offs, and identifies system requirements.

This research project would help achieve the vision for an IASMS by establishing the framework upon which all other IASMS research is conducted, by identifying the near-term potential of IASMS research to enhance the safety of the NAS and to engender stakeholder support for and trust in an IASMS, and by facilitating updates to the CONOPS as the NAS evolves. Ongoing research addresses some specific elements, such as UTM, that are needed to implement an IASMS. Additional unique and specific research is needed to develop an overall strategy and CONOPS for an IASMS. Developing a detailed CONOPS will be difficult and time consuming because an IASMS will be a complex and dynamic system of systems and because of the many factors to be considered and the difficulty of assessing the tradeoffs and interactions among them (see below). This research project is urgent because of the difficulty of achieving its goals and because it is needed in the very early stages of IASMS development. A detailed IASMS CONOPS will also define timelines for infrastructure investment strategies that would most efficiently support development of an IASMS. Even so, the execution of this and many other research projects will likely proceed in an iterative fashion (1) as advances in one area support advances in other areas, (2) as more detailed information becomes available for various factors, and (3) as the ability to conduct complex

___________________

15 FAA, Office of Commercial Space Transportation, 2017, The Annual Compendium of Commercial Space Transportation, https://www.faa.gov/about/office_org/headquarters_offices/ast/media/2017_AST_Compendium.pdf.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

trade-offs involving all of the factors matures. For example, this research project will help define data requirements in terms of completeness and quality. Then, as advances are made in the ability to collect comprehensive, high-quality data in areas of particular interest, the results of trade-offs among various factors may change, which could justify modifications to the CONOPS.

Additional background information related to this research project appears in “IASMS Concept of Operations” in the Challenges section earlier in this chapter. Of particular note is the list of factors that will need to be considered in development of a detailed CONOPS:16

  • System scope in terms of:
    • Aircraft types, including new entrants
    • Data requirements
    • Known and emergent risks
    • Operations in different classes of airspace
    • Time scales for each functional element (monitor, assess, and mitigate) of the generic CONOPS
    • Users
  • Ability to collect required data
  • Architecture
  • Costs and benefits
  • Effectiveness
  • Growth in air traffic
  • Human performance limitations and human-machine roles
  • NAS evolution
  • System authority vis-à-vis human performance capabilities and limitations
  • Technical capabilities
  • Uncertainties associated with each functional element of the generic CONOPS
  • Verification, validation, and certification

The project will include elements that are specific to individual aviation domains, including ATM systems, commercial airlines, general aviation, ODM aircraft, UAS, and commercial space operations. A detailed CONOPS will articulate linkages to other domains to ensure synergies to leverage research and to prevent overlapping research efforts.

A key goal of this research project will be to understand the characteristics of an ideal IASMS and to thereby provide additional information for refining the list of key challenges and high-priority research projects. Many of the factors listed are associated with other high-priority research projects identified in this report. Accordingly, the output of many of the research projects that are under way concurrently with the development of the CONOPS will likely support the development of the CONOPS. Of all the high-priority research projects identified in this report, this research project is recommended to be of the highest priority (see Chapter 6).

Identifying and Prioritizing Risks

Research Project Summary Statement: Develop processes to identify and prioritize risks that are relevant to an IASMS and that threaten the safety of the current and evolving NAS.

This research project would help achieve the vision for an IASMS by developing approaches for identifying and prioritizing known and emerging risks that fall within the scope of the IASMS CONOPS. This research project will be difficult to complete largely because of the uncertainties associated with emerging risks. This research is urgent because it is essential to the development of an IASMS CONOPS (see above). Additional background information related to this research project appears in the discussion of the corresponding challenge earlier in this chapter.

___________________

16 System scope is listed first because it is the most important of the factors in the list. The other factors are listed alphabetically.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×

The process of identifying risks will include consideration of known risk areas, such as loss of control and controlled flight into terrain (see Figure 2.3), that have been identified through traditional accident and incident analysis. More importantly, this research project would provide the basis for identifying emergent risks as the NAS evolves (see “National Airspace System Evolution,” in the Challenges section earlier in this chapter). Toward that end, this research project would investigate the use of IASMS data and large-scale data analysis to monitor for systemic or anomalous changes to the NAS. The research project would also ensure that once changes have been identified they can be assessed for risk potential in a way that enhances the currently labor-intensive and subjective approaches that rely largely on assessments by subject matter experts. The risk assessment approach developed by this research project would explicitly or implicitly include a prioritization of risks consistent with standard risk matrix representations (see Figure 2.2). The research project would consider whether there are appropriate mitigation processes that could be enabled by an IASMS. It would also support the development of viable and effective methods for the timely detection and mitigation of elevated risk states for particular risk areas. The research project could investigate many different potential approaches, ranging from relatively simple methods based on exceedance criteria to more complex model-based methods, conformance methods, and statistical methods.

Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 17
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 18
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 19
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 20
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 21
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 22
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 23
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 24
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 25
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 26
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 27
Suggested Citation:"2 IASMS Concept of Operations and Risk Prioritization." National Academies of Sciences, Engineering, and Medicine. 2018. In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System. Washington, DC: The National Academies Press. doi: 10.17226/24962.
×
Page 28
Next: 3 System Monitoring »
In-Time Aviation Safety Management: Challenges and Research for an Evolving Aviation System Get This Book
×
Buy Paperback | $50.00 Buy Ebook | $40.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Decades of continuous efforts to address known hazards in the national airspace system (NAS) and to respond to issues illuminated by analysis of incidents and accidents have made commercial airlines the safest mode of transportation. The task of maintaining a high level of safety for commercial airlines is complicated by the dynamic nature of the NAS. The number of flights by commercial transports is increasing; air traffic control systems and procedures are being modernized to increase the capacity and efficiency of the NAS; increasingly autonomous systems are being developed for aircraft and ground systems, and small aircraft—most notably unmanned aircraft systems—are becoming much more prevalent. As the NAS evolves to accommodate these changes, aviation safety programs will also need to evolve to ensure that changes to the NAS do not inadvertently introduce new risks.

Real-time system-wide safety assurance (RSSA) is one of six focus areas for the National Aeronautics and Space Administration (NASA) aeronautics program. NASA envisions that an RSSA system would provide a continuum of information, analysis, and assessment that supports awareness and action to mitigate risks to safety. Maintaining the safety of the NAS as it evolves will require a wide range of safety systems and practices, some of which are already in place and many of which need to be developed. This report identifies challenges to establishing an RSSA system and the high-priority research that should be implemented by NASA and other interested parties in government, industry, and academia to expedite development of such a system.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!