A review of system safety failure probability objectives for Unmanned Aircraft Systems

Unmanned Aircraft Systems (UAS) are one of a number of emerging aviation sectors. Such new aviation concepts present a significant challenge to National Aviation Authorities (NAAs) charged with ensuring the safety of their operation within the existing airspace system. There is significant heritage in the existing body of aviation safety regulations for Conventionally Piloted Aircraft (CPA). It can be argued that the promulgation of these regulations has delivered a level of safety tolerable to society, thus justifying the “default position” of applying these same standards, regulations and regulatory structures to emerging aviation concepts such as UAS. An example of this is the proposed “1309” regulation for UAS, which is based on the 1309 regulation for CPA. However, the absence of a pilot on-board an unmanned aircraft creates a fundamentally different risk paradigm to that of CPA. An appreciation of these differences is essential to the justification of the “default position” and in turn, to ensure the development of effective safety standards and regulations for UAS. This paper explores the suitability of the proposed “1309” regulation for UAS. A detailed review of the proposed regulation is provided and a number of key assumptions are identified and discussed. A high-level model characterising the expected number of third party fatalities on the ground is then used to determine the impact of these assumptions. The results clearly show that the “one size fits all” approach to the definition of 1309 regulations for UAS, which mandates equipment design and installation requirements independent of where the UAS is to be operated, will not lead to an effective management of the risks.

Transportation system safety methodology. First year final report.

Transportation Department, Office of University Research, Washington, D.C.

Empirical investigation of interactive highway safety design model accident prediction algorithm : Rural intersections

One major gap in transportation system safety management is the ability to assess the safety ramifications of design changes for both new road projects and modifications to existing roads. To fulfill this need, FHWA and its many partners are developing a safety forecasting tool, the Interactive Highway Safety Design Model (IHSDM). The tool will be used by roadway design engineers, safety analysts, and planners throughout the United States. As such, the statistical models embedded in IHSDM will need to be able to forecast safety impacts under a wide range of roadway configurations and environmental conditions for a wide range of driver populations and will need to be able to capture elements of driving risk across states. One of the IHSDM algorithms developed by FHWA and its contractors is for forecasting accidents on rural road segments and rural intersections. The methodological approach is to use predictive models for specific base conditions, with traffic volume information as the sole explanatory variable for crashes, and then to apply regional or state calibration factors and accident modification factors (AMFs) to estimate the impact on accidents of geometric characteristics that differ from the base model conditions. In the majority of past approaches, AMFs are derived from parameter estimates associated with the explanatory variables. A recent study for FHWA used a multistate database to examine in detail the use of the algorithm with the base model-AMF approach and explored alternative base model forms as well as the use of full models that included nontraffic-related variables and other approaches to estimate AMFs. That research effort is reported. The results support the IHSDM methodology.

Maintenance optimisation of a multi-state series-parallel system considering economic dependence and state-dependent inspection intervals

This paper presents a maintenance optimisation method for a multi-state series-parallel system considering economic dependence and state-dependent inspection intervals. The objective function considered in the paper is the average revenue per unit time calculated based on the semi-regenerative theory and the universal generating function (UGF). A new algorithm using the stochastic ordering is also developed in this paper to reduce the search space of maintenance strategies and to enhance the efficiency of optimisation algorithms. A numerical simulation is presented in the study to evaluate the efficiency of the proposed maintenance strategy and optimisation algorithms. The simulation result reveals that maintenance strategies with opportunistic maintenance and state-dependent inspection intervals are more cost-effective when the influence of economic dependence and inspection cost is significant. The study further demonstrates that the optimisation algorithm proposed in this paper has higher computational efficiency than the commonly employed heuristic algorithms.

Risk-management of UAS robust autonomy for its integration into civil aviation safety frameworks

This paper discusses a model of the civil aviation reg- ulation framework and shows how the current assess- ment of reliability and risk for piloted aircraft has limited applicability for Unmanned Aircraft Systems (UAS) with high levels of autonomous decision mak- ing. Then, a new framework for risk management of robust autonomy is proposed, which arises from combining quantified measures of risk with normative decision making. The term Robust Autonomy de- scribes the ability of an autonomous system to either continue or abort its operation whilst not breaching a minimum level of acceptable safety in the presence of anomalous conditions. The decision making associ- ated with risk management requires quantifying prob- abilities associated with the measures of risk and also consequences of outcomes related to the behaviour of autonomy. The probabilities are computed from an assessment under both nominal and anomalous sce- narios described by faults, which can be associated with the aircraft’s actuators, sensors, communication link, changes in dynamics, and the presence of other aircraft in the operational space. The consequences of outcomes are characterised by a loss function which rewards the certification decision

Safety and efficacy of sitaxsentan 50 and 100 mg in patients with pulmonary arterial hypertension

Objective: To assess safety and efficacy of sitaxsentan 50 and 100 mg in patients with pulmonary arterial hypertension (PAH). Background: Sitaxsentan is a highly selective endothelin-A receptor antagonist that was recently withdrawn by the manufacturer because of a pattern of idiosyncratic liver injury. Methods: Before sitaxsentan withdrawal, this 18-week double-blind, placebo-controlled study randomized patients with PAH to receive placebo or sitaxsentan 50 or 100 mg once daily. The primary efficacy endpoint was change from baseline in 6-min walk distance (6MWD) at week 18. Changes in World Health Organization (WHO) functional class and time to clinical worsening (TTCW) were secondary endpoints. The primary efficacy analysis was powered for sitaxsentan 100 mg versus placebo. Results: Of 98 randomized patients, 61% were WHO functional class II at baseline. Improvement from baseline to week 18 in 6MWD occurred with sitaxsentan 100 but not 50 mg; a strong placebo effect was observed. At week 18, WHO functional class was improved or maintained in more patients receiving sitaxsentan 100 mg than placebo (P = 0.038); 0% versus 12% of patients deteriorated, respectively. TTCW was not significantly different for 100-mg sitaxsentan patients than placebo (P = 0.090). Adverse events (AEs) occurring more frequently with sitaxsentan (50 or 100 mg) included headache, peripheral edema, dizziness, nausea, extremity pain, and fatigue; most AEs were of mild or moderate severity. Conclusion: Sitaxsentan 100 mg improved functional class but not 6MWD in PAH patients who were mostly WHO functional class II at baseline. No patient receiving sitaxsentan 100 mg experienced clinical worsening; sitaxsentan was well tolerated. (C) 2011 Elsevier Ltd. All rights reserved.

Power system stability of a small sized isolated network supplied by a combined wind-pumped storage generation system: a case study in the Canary Islands

Massive integration of renewable energy sources in electrical power systems of remote islands is a subject of current interest. The increasing cost of fossil fuels, transport costs to isolated sites and environmental concerns constitute a serious drawback to the use of conventional fossil fuel plants. In a weak electrical grid, as it is typical on an island, if a large amount of conventional generation is substituted by renewable energy sources, power system safety and stability can be compromised, in the case of large grid disturbances. In this work, a model for transient stability analysis of an isolated electrical grid exclusively fed from a combination of renewable energy sources has been studied. This new generation model will be installed in El Hierro Island, in Spain. Additionally, an operation strategy to coordinate the generation units (wind, hydro) is also established. Attention is given to the assessment of inertial energy and reactive current to guarantee power system stability against large disturbances. The effectiveness of the proposed strategy is shown by means of simulation results.

Languages for safety-certification related propertis

The Safety Certification of Software-Intensive Systems with Reusable Components project, in short SafeCer (www.safecer.eu),is targeting increased efficiency and reduced time-to-market by composable safety certification of safety- relevant embedded systems. The industrial domains targeted are within automotive and construction equipment, avionics, and rail. Some of the companies involved are: Volvo Tech- nology, Thales, TTTech, and Intecs among others. SafeCer includes more than 30 partners in six different countries and has a budget of e25.7 millions. A primary objective is to provide support for system safety arguments based on arguments and properties of system components as well as to provide support for generation of corresponding evidence in a similar compositional way. By providing support for efficient reuse of certification and stronger links between certification and development, compo- nent reuse will be facilitated, and by providing support for reuse across domains the amount of components available for reuse will increase dramatically. The resulting efficiency and reduced time to market will, together with increased quality and reduced risk, increase competitiveness and pave the way for a cross-domain market for software components qualified for certification.

STPA-SafeSec: Safety and Security Analysis for Cyber-Physical Systems

Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.

Development of lifetime warranty policies and models for estimating costs

In today's fiercely competitive products market, product warranty has started playing an important role. The warranty period offered by the manufacturer/dealer has been progressively increasing since the beginning of the 20th Century. Currently, a large number of products are being sold with long-term warranty policies in the form of extended warranty, warranty for used products, service contracts and lifetime warranty policies. Lifetime warranties are relatively a new concept. The modelling of failures during the warranty period and the costs for such policies are complex since the lifespan in these policies are not defined well and it is often difficult to tell about life measures for the longer period of coverage due to usage pattern/maintenance activities undertaken and uncertainties of costs over the period. This paper focuses on defining lifetime, developing lifetime warranty policies and models for predicting failures and estimating costs for lifetime warranty policies.