Evaluation of air traffic management procedures—safety assessment in an experimental environment

https://doi.org/10.1016/j.ress.2004.08.009Get rights and content

Abstract

This paper presents and discusses the application of safety assessment methodologies to a pre-operational project in the Air Traffic Control field. In the case analysed in the present paper a peculiar aspect was the necessity to effectively assess new operational procedures and tools. In particular we exploited an integrated methodology to evaluate computer-based applications and their interactions with the operational environment. Current ATC safety practices, methodologies, guidelines and standards were critically revised, in order to identify how they could be applied to the project under consideration. Thus specific problematic areas for the safety assessment in a pre-operational experimental project are highlighted and, on the basis of theoretical principles, some possible solutions taken into consideration. The latter are described highlighting the rationale of most relevant decisions, in order to provide guidance for generalisation or re-use.

Introduction

Air Traffic Control is an interesting example of the successful use of safety practices and methodologies. A considerable safety record has been achieved, since European Air Traffic Control currently contributes as a major cause in approximately 2% of aircraft accidents, with only two air collisions between civil aircraft over the last 50 years. However if the accident rate remains unchanged but the traffic volume increases, the total number of negative events will probably become unacceptable. Combining a static accident rate and increasing traffic ICAO1 estimated an accident per week (see also EUROCONTROL [1, p. 16]). Hence considerable efforts are constantly put in designing and experimenting with technological or process innovation. The object is two-fold: increase safety in current conditions, and assure appropriate safety levels in future operational environments.

The present paper describes the safety assessment of an experimental project in the Air Traffic Management (ATM) domain. Safety activities were thus conducted to explore future concepts and procedures for Air Traffic Management. This paper is divided in two main parts:

  • the first part presents basic information about the ATM domain characteristics (Section 2), the safety assessment methodologies adopted therein (Section 3), the role of computer systems (Section 4), and the experimental project where the safety assessment activity took place (Section 5). This part is intended to provide the reader with a basic understanding of the main factors and problems that should be managed in safety assessment activities in an ATM experimental project;

  • the second part describes the practical solutions adopted in our safety assessment activity to solve some of the above problems. In particular compliance to safety standards is addressed in 6.1 Compliance with international standards, 6.2 Providing safety feedback, 6.3 Coordination and integration of different evaluation exercises. Accommodation to the peculiarities of an experimental project are considered in 6.2 Providing safety feedback, 6.4 Assessing the tool–procedure integration. The assessment of the specific integration between computer systems and human actors is dealt in 6.3 Coordination and integration of different evaluation exercises, 6.4 Assessing the tool–procedure integration.

Section snippets

The air traffic management system

The whole set of ATM services can be seen as a single system: there is a large number of elements (human and organizational actors, but also hardware components) and multiple interactions are taking place between them, with feedback loops and complex causal dependencies. What we deem relevant in this definition is the parallel with natural systems (as opposed to mechanical ones). A natural system is largely unpredictable (non-deterministic) and self-producing the causes of its own development.

Safety assessment in ATM

Safety issues have always played a primary role in ATM and continuous efforts and resources are being put in making the system safer. The travelling public acceptance of risks is relatively low compared to other transportation systems, thus safety represents a primary concern within the ATM community. Different general approaches were adopted in the ATM history, in order to cope with the main safety problems present at that stage of development. During the pioneering years, when the aircraft

Role of computer systems

The concepts and principles steering ATM have evolved slowly, despite the traffic growth and the technological evolution. The result is a gap between technological possibilities and their exploitation by ATM. The increasing integration of computerised support systems have thus generated several debates and studies to clarify technologies’ impact on ATM practices and procedures [12]. Nevertheless nowadays the ATM system certainly presents high density of computer systems. Computer support

The Mediterranean Free Flight project

As mentioned in the previous paragraph the ATM domain has long been characterised by a gap between technological possibilities and their exploitation. Currently ATM is based on ground-controlled traffic, airspace structured in fixed airways, ground controller responsibility for maintaining separation minima between aircraft, aircraft dependence on controllers’ instructions and ground-based sources of information. To achieve the required targets in terms of safety, efficiency and

Solutions for the MFF safety assessment

In the previous paragraphs we identified and illustrated some major open issues to be taken into account in designing an effective safety case for a ATM project. During the MFF project some solutions that proved to be effective were considered. Thus it was possible to cope with the particular requirements of the ATM field and to the actual needs of the project.. In particular safety standards compliance is addressed in 6.1 Compliance with international standards, 6.2 Providing safety feedback,

Conclusions

The present paper intends to present the major open issues we faced in conducting the safety assessment of an experimental project. Some relevant characteristics of the ATM domain were taken into account, reflecting on strong and weak points of current safety practices. To identify effective solutions, we tried to take advantage of a sound theoretical framework. Some proposals are thus explained at the light of abstract theoretical principles, in order to provide a broader scope to the MFF

Acknowledgements

The MFF project is partially funded by the EU under the TEN-T program. We would like to thank all the colleagues of the MFF project and especially those of the WA7 and WA4 for the fruitful collaboration on the activity. In particular we would like to mention Petra Scrivani (Deep Blue-University of Siena) for scenarios preparation. Valentina Barsotti (Deep Blue) deserves a special thank for providing the graphical templates used to draw Fig. 3, Fig. 4, Fig. 5, Fig. 8.

References (24)

  • EUROCONTROL. ECAC Air traffic management strategy for the years 2000+, Brussels

    (2000)
  • Bentley R, Hughes JA, Randall D, Rodden T, Sawyer P, Shapiro D, Sommerville I. Ethnographically-informed system design...
  • Hughes JA, Randall D, Shapiro D. Faltering from ethnography to design. In: Proceedings of the ACM conference on...
  • N.G. Leveson

    Safeware

    (1995)
  • ICAO Accident Prevention Manual. doc 1984 9422...
  • Edwards E. Man and machine: systems for safety. In: Proceedings of British airlines pilots association technical...
  • EUROCONTROL. Eurocontrol safety regulatory requirements (ESARR) 4. Risk assessment and mitigation in ATM, Brussels;...
  • EUROCONTROL. ESARR2 Guidance to ATM safety regulators. severity classification scheme for safety occurrences in ATM,...
  • EUROCAE ED-78A/RTCA DO-264. Guidelines for approval of the provision and use of air traffic services supported by data...
  • SAE ARP 4754. Certification consideration for highly integrated or complex aircraft...
  • SAE ARP 4761. Guidelines and Methods for conducting the safety assessment process on civil airborne systems and...
  • Mackay W. Is Paper Safer?. The role of paper flight strips in air traffic control. In: ACM transactions on...
  • Cited by (0)

    View full text