Active System Control for Safety, Maintenance, Efficiency

K Goebel (NASA), I Schagaev (Londonmet)

FLIGHT SAFETY SYMPOSIUM 2015

Active System Control for Safety, Maintenance, Efficiency

London Heathrow, UK 15th-16th Sept

1

active system control: why? Aviation safety…? OR? WHY? - is safety not enough? WHAT else? WHERE is maintenance, efficiency? Can we combine it?

NEXT: ABBAT, ASTI… tbc

HOW to achieve: new theory, technologies, infrastructures, policies

WHERE: aircrafts manufacturers, regulatory bodies, avia-, insurancecompanies,maintenance companies

2

safety accident aspect - I

https://www.academia.edu/8637255/Active_System_Control_-_Ch1-2 3

safety accident aspect - Ia Flight data recording (on ground) Leak visual manifestation Accident

Leak

FLIGHT (blast off) Flight able to continue in a safe state after recovery operation

Time for possible emergency reconfiguration and recovery of Challenger to safe state

10 seconds

72 seconds

4

safety accident aspect - II x9

Total pressure probe 1 x1 x2

Full pressure air-line x3

Airspeed Indicator

Static Head 1

x6

x4

Altimeter

x8

Total pressure probe 2

Static pressure air-line Air Data System

x5

x7

Variometer

Static Head 2 x10

In case of icing the pressure sensors TPP1 and TPP2 may be blocked. Then required pressure in the full pressure pipe is not available, devices AI and ADS show wrong values. “Correctness” of variables x1-x10 becomes questionable and Air pressure system goes to uncertain state. Resolving of this situation is possible: https://www.academia.edu/7124307/Analytical_Synthesis_of_Aircraft_Control_Laws Ignoring leads to: http://www.bea.aero/fr/enquetes/vol.af.447/note29juillet2011.en.pdf 5

Safety, what is it ? There is a difference in approach to aviation safety between the various parties involved:   §  Insurance companies §  Airline operators §  Airport operators §  Operational regulators §  Standards regulators §  Aircraft and equipment manufacturers §  Flight crew and ground maintenance staff §  Passengers Importance of safety for them is financial, political or vital. 6

erning’ laws is shown in Table 1 below:

Safety and governing laws

Table 1 Features of system design using various laws and regulations Features

Laws physical

biological

social

aviation safety

Duration

forever

20-30 years

50-100 years

25 years

Avoidability

impossible

rare, but possible

rare but possible

possible

Application Rate

always

high

medium

medium

Ask yourself : Physical effect this is continuous and every system and material object is Whatlaws amareI unavoidable, doing totheir make shift?: governed by them absolutely. However, the effect of such physical laws often depends on context, e.g. less gravitational effect at very high speed and high altitude, greater heat accelerating chemical reactions. Source: https://www.academia.edu/8637255/Active_System_Control_-_Ch1-2

7

Systems which rely or similar in behaviour to biological laws in their design and operation have a

Classification of aircrafts? For what? …classification aims a formation of technical portrait of a typical aircraft including design, technological and management features… they altogether have substantial impact on aircraft reliability, maintainability, and, therefore, safety: https://www.academia.edu/8637255/Active_System_Control_-_Ch1-2

...existing schemes of aircraft (not air traffic) safety management are mostly conservative, oriented on after flight (and accident) analysis (CA, military) or exist at rudimental level (GA). …all these schemes are easily avoidable by aircraft owners and users, as they depend upon ‘human’ factor (the weakest link in the chain can’t be relied on to fix the chain)… https://www.academia.edu/7119860/The_Concept_of_Dynamic_Safety 8

Existing scheme of safety management

monitoring of hardware

data recording and archiving

control registration checking of pilot analysis control decision

transporting of hardware, instruments, and data

data processing and analysis

9

ASC definition Active System Control is an approach to: continuously evaluate and process the state of an aircraft in real time of flight; define when necessary and implement best possible RT recovery action or the scheme of graceful degradation Implementation of ASC for aviation assumes: - Process-oriented Information model of aircraft; - Flight data object and predicates; - Modeling of main elements; - Creation of dependency and recovery matrices Dependency matrix cortege includes matrixes of: input data; state and element dependency (more next slides) https://www.academia.edu/7110728/ PRINCIPLE_OF_ACTIVE_SYSTEM_SAFETY_FOR_AVIATION_CHALLENGES_SUPPORTIVE_THEORY_IMPLEMENTATION_APPLICATION_AND_FUTURE 10

ACS, arguments for: Practice speaks:

Symptoms of deviations from expected scheme, behaviour or rules should ignite search of “guilty” element(s) Known solutions for the localisation of problem are based on assumptions about analysed system and fault models, including fault tree analysis Regretfully, multiple faults are real, and fault tree analysis is… Also: probabilistic models of location of faulty element are not always adequate Real time detection and recovery and/or graceful degradation needs monitoring, thus…

New model of active system control is required 11

Active System Control vs. FTA FAULT TREE ANALYSIS

COMMENTS/REQUIREMENTS

The class of all faults is known before operation of the application

The class of faults changes during the life cycle of a system due to ageing, maintenance errors, incompleteness or poor quality or external reasons.

Fault tree analysis is static, developed during design of the objects and subsystems Fault trees are known from design time; are applied after events/accidents to detect and understand the cause(s) using expert opinion Number of fault trees, and their interactions, is growing quickly with complexity of a system

Dependence between elements of the system is reflected in dynamic changes of structure and significance.

Markov Processes are used to analyze outcome of the flow of events

A realistic model of the system might not be Markovian: the rate of transitions is changing, as well as importance of consequences and the possibilities for recovery and or repair before harm is inflicted.

Structure of dependence is becoming variable and must be updated during life cycle using existing, historical and new flight information; otherwise the predictive power of prognosis is not sufficient. New system needs to identify, keep and manage of possible scenarios of system behaviour in changing environment before unpleasant sequence of event takes place.

Mutual exclusion of possibilities are appliedThe consequences of many common events ARE NOT MUTUALLY EXCLUSIVE. New, more realistic model should for event analysis address that

There is no possibility to use FTA in real time of system operation

A model for control of the system behaviour MUST be used in real-time to take account the operational state of the system 12

Active System Control: Model + Flight data This is what we model…

tn t0

t1

t2

This is what we record…

13

Flight data

Flight mode

Aircraft elements

Flight data selfdependencies

Flight data margins per flight mode

Flight data affiliation to aircraft elements

Flight mode selfdependencies

Dependencies aircraft elements upon flight mode

Aircraft elements

Flight mode

Flight data

Active System Control: dependency matrixes

Aircraft’s element dependencies

! http://it-acs.co.uk/files/Grant_for_a_patent.PDF

14

ASC vs.conditional and preventive maintenance

(Conditional maintenance)

(Preventive maintenance)

“profit” is here and here… active system control is doable… for more see:

https://www.academia.edu/7119690/Applied_Cyber-Physical_Systems

15

ASC; further steps?: Principle of active system control: §  introduced in 1986; §  prototype for military tested 91-94 §  In 2004 -09 developed for GA; GA prototype model tested using BA & SwissAir expertise + Complexity of system analysis grows linearly, RT What is next? §  Framework of dependency matrixes using prognostic of system state in real time; §  Population of dependency matrixes (System health management); §  Active Black Box for Aviation (ABBA) 16

System Health Management Raw Sensor Data Sensor Validation

Validated Data Faulted Sensors Flagged

Feature Extraction

Time-stamped Features, Event Messages &/or Parametric Data

Anomaly Detection/Id

Warnings & Alerts Coarse Granularity Id (subsystem level)

Diagnostic Analysis

Subsystem Failure Modes

Prognostic Analysis

Remaining Useful Life Estimation

Fault Accommodation

Operational Corrective Action Identification/Reconfiguration/ Impact Contingency Assessment Management

ACS next step in hardware: ABBA? This? Or that?

http://www.nasa.gov/centers/ames/multimedia/images/2005/ blackbox.html

18

Conclusions: §  Active system control theory works and … in real time §  Using NASA prognostics special system software for proposed framework active system control: -  increases safety of aircrafts at order of magnitude; -  reduces cost of maintenance substantially - 1.8-2.9; -  increases and guarantee maintenance quality; -  reduces insurance premium in general. If we want it done… -  Widening of cooperation/collaboration between research EU, USA, China, Russia, integration of effort of leading centres, regulatory bodies (Eurocontrol, EASA,NTSB) industries EADS/ Airbus, ESA, Boeing, etc) is required. contact: [email protected],, [email protected], [email protected]

19