Aviation – Page 17 – John Vincent

Safety in numbers. Part 1

It’s a common misconception that the more you have of something the better it is. Well, I say, misconception but in simple cases it’s not a misconception. For safety’s sake, it’s common to have more than one of something. In a classic everyday aircraft that might be two engines, two flight controls, two electrical generators and two pilots, so on.

It seems the most common-sense of common-sense conclusions. That if one thing fails or doesn’t do what it should we have another one to replace it. It’s not always the case that both things work together, all the time, and when one goes the other does the whole job. That’s because, like two aircraft engines, the normal situation is both working together in parallel. There are other situations where a system can be carrying the full load and another one is sitting there keeping an eye on what’s happening ready to take over, if needed.

This week, as with many weeks, thinkers and politicians have been saying we need more people with a STEM education (Science, Technology, Engineering, and Math). Often this seems common-sense and little questioned. However, it’s not always clear that people mean the same things when talking about STEM. Most particularly it’s not always clear what they consider to be Math.

To misquote the famous author H. G. Wells: Statistical thinking may, one day be as necessary as the ability to read and write. His full quote was a bit more impenetrable, but the overall meaning is captured in my shorten version.

To understand how a combination of things work together, or not, some statistical thinking is certainly needed. Fighting against the reaction that maths associated with probabilities can scare people off. Ways to keep our reasoning simple do help.

The sums for dual aircraft systems are not so difficult. That is provided we know that the something we are talking about is reliable in the first place. If it’s not reliable then the story is a different one. For the sake of argument, and considering practical reality let say that the thing we are talking about only fails once every 1000 hours.

What’s that in human terms? It’s a lot less than a year’s worth of daylight hours. That being roughly half of 24 hours x 7 days x 52 weeks = 4368 hours (putting aside location and leap years). In a year, in good health, our bodies operate continuously for that time. For the engineered systems under discussion that may not be the case. We switch the on, and we switch them off, possibly many times in a year.

That’s why we need to consider the amount of time something is exposed to the possibility of failure. We can now use the word “probability” instead of possibility. Chance and likelihood work too. When numerically expressed, probabilities range from 0 to 1. That is zero being when something will never happen and one being when something will always happen.

So, let’s think about any one hour of operation of an engineered system, and use the reliability number from our simple argument. We can liken that, making an assumption, to a probability number of P = 1/1000 or 1 x 10^-3 per hour. That gives us a round number that represents the likelihood of failure in any one hour of operation of one system.

Now, back to the start. We have two systems. Maybe two engines. That is two systems that can work independently of each other. It’s true that there are some cases where they may not work independently of each other but let’s park those cases for the moment.

As soon as we have more than one thing we need to talk of combinations. Here the simple question is how many combinations exist for two working systems?

Let’s give them the names A and B. In our simplified world either A or B can work, or not work when needed to work. That’s failed or not failed, said another way. There are normally four combinations that can exist. Displayed in a table this looks like:

A ok	B ok
A fails	B ok
A ok	B fails
A fails	B fails

Table 1

This is all binary. We are not considering any near failure, or other anomalous behaviour that can happen in the real world. We are not considering any operator intervention that switches on or switches off our system. We are looking at the probability of a failure happening in a period of operation of both systems together.

Now, let’s say that the systems A and B each have a known probability of failure.

Thus, the last line of the table becomes: P₄ = P_A and P_B

That is in any given hour of operation the chances of both A and B failing together are the product of their probabilities. Assuming the failures to be random.

Calculating the last line of the table becomes: P₄ = P_A x P_B

In the first line of the table, we have the case of perfection. Simultaneous operation is not interrupted, even though we know both A and B have a likelihood of failure in any one hour of operation.

Thus, the first line becomes: P₁ = (1 – P_A) x (1 – P_B)

Which nicely approximates to P₁ = 1, given that 1/1000 is tiny by comparison.

The cases where either A or B fails are in the middle of the table.

P₂ = P_A x (1 – P_B) together with P₃ = (1 – P_A) x P_B

Thus, using the same logic as above the probability of A or B failing is P_A + P_B

It gets even better if we consider the two systems to be identical. Namely, that probabilities P_A and P_Bare equal.

A double failure occurs at probability P²

A single failure occurs at probability 2P

So, two systems operating in parallel there’s a decreased the likelihood of a double failure but an increase in the likelihood of a single failure. This can be taken beyond an arrangement with two systems. For an arrangement with four systems, there’s a massively decreased likelihood of a total failure but four times the increase in the likelihood of a single failure. Hence my remark at the beginning.

[Please let me know if this is in error or there’s a better way of saying it]

Identity

Britan was never part of the Schengen Agreement[1]. I get that. In the days when I was commuting backwards and forwards between the UK and Cologne, Germany, I always had to show my British passport. So, although we once had freedom of movement in the European Union (EU) that document was essential to prove identity. Afterall, we do not have Identity cards (ID) in the UK. Even inside the Schengen Area[2] it’s necessary to carry personal identification. I remember being told off by a policeman for not having ID, other than a UK driver’s licence, on a high-speed train on the trip between Cologne and Brussels. He was fine about it, but it was a friendly – don’t do it again.

Generally, British people do travel overseas. Many of us travel for holidays and business, and in Europe, Spain is one of the most popular destinations.

The number of British people holding a British passport could be well over 80%. This is way ahead of Americans, for example[3]. This doesn’t take account of British passports that may have expired or been lost or destroyed. However, the remarkably large number of British people with passports does underline our love of travel.

I came back from a week’s sunshine in Grand Canary on Monday evening. It’s the second time I’ve been through the airport on that island. Entering the spacious modern airport, the first part of the process is relatively easy. Check-in and drop bags were shared with a great number of tired travellers. Even the hand baggage security check was straightforward.

It’s not until the gate number came up, and the long walk to the far end of the terminal was needed did it appear that the British experience was different. The departure gates were in a glass box wrapped around the end of the terminal. To get into the glass box it was necessary to go through passport control.

For those, like me there were electronic passport barriers. The ques there were shorter than the manual checks. The electronic passport barriers worked. However, on the other side of the glass wall was another que and a uniformed official checking passport. After that there was a desk where each passport had to be stamped. So, that’s 3 checks and an official exit stamp.

So, what’s the value of this added bureaucracy post-Brexit? I have no idea. What’s more upon boarding the aircraft for the flight home, the gate staff check passports again. So, that’s 4 inspections of passenger identity. 5 if the check-in desk procedure is included. British passports may have thick cardboard covers, and secure bindings but their strength as an international travel document has diminished since Brexit.

[1] a treaty which led to the creation of Europe’s Schengen Area, in which internal border checks have largely been abolished.

[2] https://ec.europa.eu/home-affairs/pages/glossary/schengen-agreement_en

[3] https://www.newsweek.com/record-number-americans-traveling-abroad-1377787

Caught in the crossfire?

There’s no doubt the relative calm of the beginning of this century, yes, it seems extraordinary to say that has gone and a series of international events confront civil aviation’s way of working. It’s dramatic. In Europe, most countries, and their industries are shifting the way they operate.

Unfortunately, any reasonable observation shows that the situation for aviation is worse in the UK. Well, that is worse than the UK’s former partner States in the European Union (EU).

In times of difficulty partnerships, between counties and in industry help make the absolute most of economies of scale. It’s difficult to plan when constantly firefighting. It’s like that comic story about crocodiles and draining the swam. It’s difficult to think ahead when surrounded by crocodiles.

I agree with the article posted by David Learmount[1]. The massive efforts to achieve international harmonization in aviation regulation, over decades is of incalculable value. I have been lucky enough to work with exceptional people across the globe and played a small part in helping that move along.

In fact, I’d go further than David. I remember, quite a while ago, attending a lecture at the Brooklands Museum[2]. It was about the history of post-war UK Government involvement in aerospace manufacturing[3]. It wasn’t a happy story. It went a bit like a soap opera with technical excellence mixed with commercial incompetence and political interference. The overall lesson was that going it alone, piling on the world beating rhetoric and an inability to forge working alliances spells disaster. Whereas coming together, working cooperatively, and building multinational partnership pays dividends. Airbus being a prime example.

I joined the European Union Aviation Safety Organisation (EASA) as the start of its operation. It was a huge privilege. It was a rare opportunity. I mean, how many people get to set-up a new aviation authority, let alone one that works for so many States in Europe? I was proud that the UK took a leading role in making this venture happen. It was a progression that had been careful and thoughtfully developed and steered over decades.

What we built was a uniquely European solution. It isn’t a federal construction as we see in the United States (US). In Europe, National Aviation Authorities (NAAs) remain a key part of the system. The part that was new in September 2003 was to overcome a major deficiency of earlier cooperative working. That was the unfortunate habit nation States have for saying that’ll do the same thing but then not doing the same thing in practice.

David mentions the tricky subject of UK Additional Requirements for import. This is when the UK demanded a special difference between its aircraft and those of other countries. Often expensive and making it difficult to move aircraft around. I remember some UK Additional Requirements found their way into new European requirements and others were removed. That was a painful transition period. In aviation, technical requirements are often born of experience of accidents and incidents.

Today, the UK Civil Aviation Authority (CAA) works with a set of technical requirements that have been rolled over from the UK’s time as an EASA Member State (2003 – 2021). This presents opportunities to take a new path. Sounds tempting, if only you look at the subject superficially.

International technical standards never stand still. Big players invest resources influencing the direction that they take. Two of the biggest international players in respect of aerospace design and production are EASA and the Federal Aviation Administration (FAA).

So, UK CAA is caught on the horns of a dilemma. Unless it can significantly influence the big players the only practical way forward is to adopt what they produce (rules, regulations, standards, guidance material). Now, the UK CAA has considerable technical experience and maintains a high reputation, but it does not sit at all the tables where the major decisions are made.

This is the concern that David mentions in his article. The unnecessary ideological exit from EASA membership, that came with Brexit places the UK in a third-party arrangement. Not good.

It’s not like the world has suddenly become dull. Frantic development efforts and huge sums of money are being pumped into greening aviation. Part of this is the new Advanced Air Mobility (AAM). Part of this is known as Urban Air Mobility (UAM). Aviation folk love acronyms. It’s almost as if we are back at the beginning of the jet-age[4]. We know how that went.

Not surprisingly, the UK wants to achieve successes in this new field of “green” aviation.

Flying is a heavily regulated industry. So, national, regional, and international rulemaking processes matter. They matter a lot. Harmonisation matters a lot. That’s having common rules and regulations to maximise the size of the marketplace while ensuring levels of safety and security are high.

The bureaucratic burden of Brexit costs. It’s not free. The UK duplicates rulemaking activities because it must independently update its laws, all the secondary legislation and guidance material that comes with aviation. When there’s a significant difference between UK, Europe, US, and the rest of the world it makes business more complex. Often that added complexity comes with no discernible benefits (economic, social, safety, security, or environmental).

The UK should become an EASA Member State once again. Why not? Norway, Switzerland, Iceland, and Lichtenstein are not in the EU but are EASA Member States. Across the globe countries follow EASA rules as they are known to deliver the best results.

[1] https://davidlearmount.com/2022/06/17/uk-aviation-caught-in-the-crossfire/

[2] https://www.brooklandsmuseum.com/

[3] https://www.aerosociety.com/media/8257/government-and-british-civil-aerospace-1945-64.pdf

[4] https://www.smithsonianmag.com/history/comets-tale-63573615/

Ash Legacy

12-years have elapsed since an Icelandic volcano’s eruption led to the shutting down of airspace in Europe. Travel chaos resulted, large sums of money were lost, and confidence was shaken. Many, like me, in the aviation world, quickly learnt more about volcanic ash than we ever dreamed possible.

Strangely enough the question: can commercial airline travel disruption be fixed for the summer? Is now doing the rounds. Again, the reason for this question is the consequence of an event that goes way beyond the boundaries of any one country, namely the COVID-19 pandemic. After the troublesome events of early 2010 there was a lot of talk about increasing the resilience of aviation. Now, the subject has come around again. The hot topic is how do we bring people together in this interconnected globe after a major shock to the travel industry?

The UK’s TV Channel 5 has a strong track record of screening documentaries about volcanos. Its audience must really like the drama and scariness of these earthly monsters. Channel 5’s latest offering is the story of the volcanic ash cloud that dominated European skies in 2010[1].

Explosive volcanic eruptions eject pyroclastic fragmented materials, and this case was one of those cases. The lightest material, the volcanic ash, can be carried great distances as we all found out. Volcanic ash has the potential to impact just about every aspect of flying. Close in it’s the aerodromes that get hit. Up in the air there can be effects on aircraft structure, systems, and aircraft engines. Melting ash in the hot section of a jet engine is something to be avoided. It’s not just aircraft engines since ash can abrades and damages parts of aircraft structure, such as cockpit windows, leading edges, paint, antennas, probes and, angle of attack vanes.

Channel 5’s documentary assumed ash was bad. It didn’t explain. It focused more on the experience of travellers and those managing the airspace over the UK. However, it did go into the 1982 incident when a Boeing 747’s engines all stopped after it flew through a dense volcanic ash cloud.

The documentary was right in that Europe was unprepared for volcanic ash clouds of the scale generated by Iceland’s volcanos. One of the problems during the April/May 2010 eruption was that the London Volcanic Ash Advisory Centre (VAAC)[2] computer model was a single source of flight planning data. There was found to be an urgent need for ground and airborne measurement of the actual densities of volcanic ash. Also, the greater use and interpretation of satellite images came into play.

Overall, the 85-minute documentary was enjoyable viewing showing some of what happened. It gave a snapshot from the point of views of both travellers and a few of those trying to resolve the crisis.

I remember that this event was a genuinely high-pressure multidisciplinary problem to solve. It isn’t every day that volcanologists, meteorologists, regulators, researchers, pilots, controllers, and engineers all get around a table. Especially when politicians, industry leaders and the media are all vying for the public spotlight. The outcome, if heeded, should be a much better response to a future airspace crisis.

[1] https://www.channel5.com/show/ash-cloud-the-week-the-world-stopped

[2] https://www.metoffice.gov.uk/services/transport/aviation/regulated/vaac/index

Island chaos

Aviation is an international industry. Britain has been “No longer an Island”[1] for over 120 years. As the Wright Brothers demonstrated practical powered flight, so the importance of sea travel began a decline. Nothing in history has shaped the British more than our island status. Living on an island has moulded attitudes, character, and politics.

The illusion of absolute national autonomy and sovereignty is shattered by the interconnection and interdependencies established by flight. Aviation’s growth encouraged a lowering of impediments between nations and geographic regions. In some respects, this has been a two-edged sword. On the one hand, there’s more cooperative working across the globe than there has ever been. On the other hand, conflict crosses natural barriers with much greater ease.

Affordable rapid air travel and growing freedom of movement have been a great boom in my lifetime – the jet age. At the same time, it’s not new that nationalist politicians continue to fear the erosion of difference between the British and the nations of continental Europe, brought about by commercial aviation. Ironically, it’s now the newer digital industries that pose the greatest threat to the illusion of complete independence.

In this context the failure to tackle the critical understaffing at British airports is deep rooted. Lots of finger pointing and experts blaming each other with a catalogue of reasons misses the damage that’s being done by nationalist “conservative” politicians.

Staffing shortages, poor planning and the volume of people looking to travel have led to huge queues and many flight cancellations across UK airports.

Yes, today’s travellers have learnt to take a great deal for granted. They are no longer impressed with the ability to check their emails and watch a movie at 30,000 feet above the sea. So, when the basics go wrong, and flights are seemingly arbitrarily cancelled, queues are long and delays are frequent, the backlash is real.

A UK Minister’s[2] reluctance to restore some freedom of movement to European aviation workers to alleviate the current chaos is an example of blindness to reality. Looking at the historic context, I guess, we should not be surprised that this dogmatic UK Government is so blinkered. Any acknowledgement that the imposition of Brexit is a big factor in airport chaos is far more than their arrogant pride can take. Sadly, expect more problems.

[1] https://www.goodreads.com/book/show/4254465-no-longer-an-island

[2] https://www.independent.co.uk/news/uk/government-transport-secretary-bbc-gatwick-covid-b2092887.html

Inter-

Come on, one software control system is much like another. We don’t want to know what’s inside the box. We just want to know what it does. Well, that’s one point of view. Slowly, year by year, as what’s in the box has becomes more and more complex, or at least difficult to understand, so the opinion expressed above gets more airtime. There’s no doubt, I don’t give a lot of thought to how my iPhone does what it does in the palm of my hand. Whereas 30-years ago, I was intrigued to understand how a symbol generator created characters on an aircraft electronic display.

Levels of interconnection, integration and interoperation create independencies that become harder and harder to see and understand. I suppose we ought to coin a new “inter” word to sum up the high density of functions ticking away behind the curtain of everyday acceptance. The hidden workings of machines that we cannot live without. It’s much more than lines of software code that are transforming our lives. And transforming flying. Today, oceans of algorithmic go on data crunching with a high degree of autonomy. Some of it is transparent to a smart set of specialist technical gurus but most of us, even expert us, sit outside the advancing wave of change.

What I find intriguing is discussion about how society will react when super complex systems go badly wrong. We know something of what happens when conventional systems go wrong. A few minutes studying the recent Boeing 737 MAX saga is a good illustration of what can happen.

It’s a rule in my mind that whatever autonomy a system is given, someone somewhere cannot escape accountability for its actions. Yes, dystopia SiFi stories are full of rouge machines running amok. Society will surely not allow that to happen – will we?

Industry and regulators both have an immensely important role to work together to mange risks. Politicians have a basic responsibility to listen to the conclusions of expert findings. When the amalgam of workings inside the box has such features as machine learning we go way beyond the conversional approach to systems. Beyond what we have been doing successfully to assure safety for the last 30-years.

Demands for greater performance means that we cannot be luddite about the use of non-deterministic systems in safety related control systems. Their adaptability, agility and flexibility can help us meet many environmental and societal aims. But the classical questions of – what if? Still need to be addressed in detail to assure resilience, robustness, and basic levels of safety.

And we must do all this at the same time as updating airborne software of some flying aircraft using floppy disks.

Emerging Safety Issues 2/

There’s no stark dividing line between the criteria that I flashed up in the last few paragraphs. In fact, there will be major aviation projects that bring these all together in a new way. With the gathering pressure to address aviation’s climate impact there’s a strong desire to fly but in radically different ways. Take the blended wing body (BWB) concept[1]. It’s not new to aerodynamics but until recently the concept has remained on drawing boards[2] and in marketing brochures.

It’s likely that the next big adventure in aircraft design will be a shape that has no distinct separation between the fuselage and wings. Such blended structures may have properties that make them much more environmentally friendly. Yet, they will still be able to be operated from relatively conventional airports. If we combine a BWB with high levels of automation and systems integration and throw in hydrogen propulsion for good measure, there are going to be a myriad of emerging safety issues to consider. That’s one for the list.

Electrification is a snowball that’s rolling gathering ever greater speed. Industry has its eyes on high-power fuel cells. Hydrogen-powered fuel cells are a green alternative to combustion engines. They may have few moving parts, but exotic materials and high temperatures present a bucket load of technical challenges it they are to be used at altitude in all weathers. Promising technology may tick many boxes, but can it be made safe? That’s another one for the list.

To fly, and to do it efficiently watch the birds. They have mastered the art of formation flying to harness its advantages. Formation flying may reduce fuel use by minimizing drag. Experimentation with drones flying in formation are being done. However, the use of this way of flying for large transport aircraft is still a research subject[3]. Procedures exits for formation flying for military and general aviation aircraft (aerobatics). What safety issues need attention to make this work for passenger aircraft?

It’s possible to go further for each aircraft in-flight too. The extensive use of artificial intelligence to optimise flight paths has much potential. Since the introduction of Wi-Fi in the cabin, there’s occasions when passengers have better real-time weather information than flight crew. The ability to meet all the collision risk objectives and pick up the most advantageous winds is achievable. Aircraft innovations like tactical trajectory optimisation are great at lowering fuel consumption. Any safety issues emerging from the use of such systems will likely be linked to their level of autonomy.

Integrating autonomous aircraft into controlled airspace is a challenge of today. As we move forward the variety of autonomous aircraft will grow. An application where the commercial marketplace may drive rapid adoption is that of large autonomous cargo freighters. Emphais on the word “large” is appropriate given that it’s 3^rd parties that will be at risk in the event of accidents and incidents. The loss of cargo can be insured but how will society react to accidents that may cause fatalities on the ground, if these operations proliferate?

[1] https://www.airbus.com/en/newsroom/press-releases/2020-02-airbus-reveals-its-blended-wing-aircraft-demonstrator

[2] https://www.nasa.gov/topics/aeronautics/features/bwb_main.html

[3] https://www.flightglobal.com/safety/a350s-operate-transatlantic-formation-flight-to-test-potential-for-cutting-fuel-burn/146301.article

Emerging Safety Issues

Of the 3 approaches to aviation safety the one that depends on expert opinion the most is that of trying to anticipate what’s over the horizon. Reactive safety is strongly supported by the historic data from accidents and incidents. A pro-active approach to safety leans heavily on the data of everyday operations. When it comes to the question of what’s going to emerge as a significant safety issue in the next 10-years then past, or current data may not be the best guide.

Regrettably, several aviation safety issues are as if they were constants. Given the nature of flying, it’s difficult to imagine that the number of Controlled Flight into Terran (CFIT) events will ever reach zero. Similarly, with Loss of Control (LOC) events. These events should continue to diminish worldwide but their elimination is the stuff of dreams.

Flight is always a balance between benefit and risk. There’s no possibility of operation of an aircraft without safety risk. The benefits of flight are wide ranging but often liked to economy and utility. So, in the quest for Emerging Safety Issues (ESIs) we need to consider what new factors might tip the balance between benefit and risk in at least three cases: existing, planned or entirely new or novel aircraft flight operations.

There may be global aviation ESIs needing evaluation related to:

the use of aircraft in new ways[1];
a new understanding of known phenomena[2];
futurists speculations;[3]
shifting societal values[4];
accelerated adoptions of technology[5].

It’s possible to become overly hypothetical. That’s the point where a reasonable time horizon needs to be drawn. A decade is a good measure in terms of identifying and acting upon an issue. It’s a realistic way of keeping our feet on the ground. If we are considering the safety regulatory world, a decade is a short period of time.

With the above in mind, it’s possible to brainstorm a list of ESIs. Subjects like, urban air mobility, electric and hydrogen propulsion and new materials are good candidates. These could be called large-scale issues since they are wide ranging and self-evidently applicable to aviation. Additionally, there are more murky issues like cybersecurity, quantum computing and blockchain methods that are issues for every part of society. Take your pick.

[1] Example: Higher speeds or altitudes or greatly extended range or traffic density increases

[2] Example: Solar activity, climate change, shifting human factors

[3] Example: New materials, advanced artificial intelligence, new propulsion systems

[4] Example: Risk aversity, liability, service expectations, adventurous sports

[5] Example: Smart phones have changed far more than was envisaged

It can happen

Theories are nice. Having a way of explaining an event or failure, or both is a nice comfort blanket. It can give us a way of trying to look ahead. The common notion that; if it has happened once, it can happen again, is part of our mental hard wiring. We store up memories and are constantly ordering and re-ordering them in our minds. Looking for patterns.

What cuts across is a simple factual recollection of an event. Examples can be illustrative of a theory. Also, they can stand alone as evidence that anyone of us can fall foul of the unthinkable. One of my favourite events, which has the ingredients of the unthinkable happened in the 1990s. It’s about exploration and the space industry. That said, a story on this theme could be written about any part of the aerospace world.

Safety assessments are scoped to consider about anything that’s not extremely improbable. Let’s be clear that’s an approach that consciously asks people to discount some events as absurd or never going to happen, just beyond what we would ever do. The lesson is that when considering how things go wrong it’s as well to be open minded.

Let’s go back to December 1998. A spacecraft called the Mars Climate Orbiter (MCO) was intended to skim the upper atmosphere of the planet and return data to Earth. It had taken over 9 months to get to Mars. A journey like that one come with costs mounting in the tens of millions.

The spacecraft was about to go into orbit, it disappeared behind Mars but failed to re-emerge. Efforts to communicate with it were continued for a long-time but nothing came back. An investigation into the MCO’s loss concluded that it had crashed into the surface of the red planet. This was not the crux of the matter. Such projects have risks that can be unknown.

Investigation concluded that the MCO had been obliterated[1]. It was off course by 60 miles, so it plunged to destruction rather than entering orbit around Mars.

Now, I said that anyone of us can fall foul of the unthinkable. In this situation, that’s what happened. The managing organisation for spacecraft thruster data had been using imperial units. Thruster performance data was in “English” units. NASA’s navigation team had assumed the units used were metric. The trajectory modelers assumed the data was provided in metric units as per their requirements. Thus, the difference between miles and kilometres sealed the fate of the MCO.

Discovering that cause of the loss must have been excruciatingly embarrassing. One of the published recommendations; take steps to improve communication, seems modest. In addition to taking on-board all the investigations findings, my take on this event is two-fold.

Think the unthinkable. Not all the time, but every so often it pays dividends and
Question assumptions. Even the most cherished simple assumptions can be wrong.

These two are universally applicable.

[1] https://llis.nasa.gov/llis_lib/pdf/1009464main1_0641-mr.pdf

In praise of the Empirical

There’s a lot of people busying themselves and tying themselves up in knots trying to work out how to ensure that new aviation developments fly safely. Making possible the safe introduction of new air vehicles into an already complex system occupies meeting after meeting across the globe.

Advanced Air Mobility (AAM)[1] will mean full time aviation activities in unfamiliar places. There’s a such a complex maelstrom of interacting bits and pieces that it’s not easy to see the light at the end of the tunnel. This is driving innovation and a fresh look at how the business of safety assessment and assurance is done.

Since the first days of my working in an engineering department, I’ve been a supporter of a systematic approach. Over the decades this has paid handsome dividends. I don’t think there would ever have been a civil fly-by-wire aircraft in service if it was not for systematic engineering.

This does require a great deal of characterising and parameterising of measurable items. This is to distinguish, down to a fine level, technical attributes that can be verified and validated. In fact, the concept of verification and validation (abbreviated as V&V[2]) is upheld with almost religious passion.

The emphasis coming from the advocates of AAM is often on flexibility, openness to latest ideas and speed of working. The emphasis coming from public authorities is on maintaining or enhancing existing levels of flight safety[3]. Both are right and bridging the gap is quite doable.

What is most dangerous is to see this equation as purely binary. That is to discard a systematic approach in favour of a more try it and see, empirical approach. Innovation isn’t about throwing away the past. It’s about building on the past. All aviation activities involve safety risk. There are 3 things that can be done with risk: eliminate it, mitigate it, or live with it. To do any of these 3 things it’s first necessary to understand it.

So, I’m putting my finger on the greatest difficulty and that’s anticipating the future. To understand AAM[4] risks requires an appreciation of the combinations and permutations of different interactions that can exist in an aviation system with fast vehicles in dense environments. This is where classical V&V has limitations. It because of the vast, and I mean vast number of different live scenarios that can exist. Afterall the flight operations of AAM are supposed to be wide-ranging and unconstrained.

Hence my title. Not only do we need empirical means of proving systems, but existing means need to be improved. Going off and doing a bit of flying just doesn’t cut it.

[1] https://skybrary.aero/articles/advanced-air-mobility-aam

[2] These are critical components of a quality management system such as ISO 9000

[3]https://publicapps.caa.co.uk/docs/33/Advanced%20Air%20Mobility%20Taking%20a%20Use%20Case%20Approach.pdf

[4] https://www.faa.gov/uas/advanced_operations/urban_air_mobility/