MILITARY AIRWORTHINESS ACCEPTABLE LEVEL of SAFETY
advertisement
MILITARY AIRWORTHINESS ACCEPTABLE LEVEL of SAFETY Bob Wojcik Air and Naval Technology General Dynamics Canada Ottawa, Ontario, Canada Email bob.wojcik@gdcanada.com 26-29 September 2005 1 “If you are looking for perfect safety, you will do well to sit on a fence and watch the birds; but if you really wish to learn, you must mount a machine and become acquainted with its tricks by actual trial.” -Wilbur Wright, 18 September 1901 2 “There are two critical points in every aerial flight – its beginning and its end.” -Alexander Graham Bell, 1906 3 Outline Background Safety Definitions What is an Acceptable Level of Safety? How Safe is Safe? Acceptable Level of Safety – Civil Aircraft Acceptable Level of Safety – Military Aircraft Conclusion/Recommendation 4 Background Military authorities have always been interested in aviation safety Many military authorities are introducing formal Airworthiness Programs International Military Aviation Authority Conference 22-23 June 2004 Common theme – need for military airworthiness regulatory authority Many programs are modeled on civil aviation safety programs Lack of military airworthiness standards has led to reliance on civil airworthiness standards 5 Safety Definitions Concise Oxford Dictionary - Being safe, freedom from danger MIL-STD 882 – Freedom from those conditions that can cause death, injury, occupational illness, damage to or loss of equipment or property, or damage to the environment FAA System Safety Handbook – Freedom from all forms of harm. British Standard 4778 – The freedom from unacceptable risks of personal harm 6 What is an Acceptable Level of Safety? A relative concept based on freedom from danger or risk Involves consideration of: Severity of the effect Certainty of the occurrence Reversibility of the effect Knowledge or familiarity of the risks Voluntary acceptance of the risk Compensation for the risk Advantages of the activity Risks and advantages of the alternatives 7 Safety Targets - Determination Consider all consequences including both risks and benefits Acceptance by both individuals and societies in general Precedent of other regulatory organizations What is reasonable and practical An acceptable level of safety could be defined as the point when the benefits outweigh the risks from either an individual or a society perspective. 8 Regulatory Authorities Airworthiness Regulatory Authorities conduct risk-benefit tradeoffs and decide what level would be acceptable considering: Requirements Impact on industry Technology available Input from stakeholders including public interest organizations Action by other regulatory agencies 9 What Is Safety? From a technical perspective Safety is a design attribute which is part of the overall development process. Safety properties: Safety has no absolutes Safety is non deterministic Accident rates are generally very small 10 How Safe Is Safe? Probability of Deaths per year 1 in 100 Activity five hours of solo rock climbing every weekend 1 in 5,000 work in the UK coal mining industry 1 in 50,000 taking the contraceptive pill 1 in 500,000 passenger in a scheduled airline 1 in 1 million electrocution in the home 1 in 10 million Lightning in the UK Source: UK MOD “What is safety” 11 How Safe Is Safe? -Transport Mode of Transport Accident rate per 100,000 hours 0.7 Fatality Rate 3.7 0.4 Rail Travel2 0.06 0.02 Marine2 1.9 0.53 0.08 0.01 Civil aircraft – airline1 Civil aircraft commuter1 Motor Vehicles2 0.1 Source: 1 – Transport Canada 5 year average (1993 – 1997) 2 – DND/DGAEPM Airworthiness Risk Assessment Report (1996) 12 Aircraft Accident Cause Factors Technical Causes Airframe structural failure Landing gear failure Fire Engine failure System failure Operational Causes Weather Controlled Flight Into Terrain Undershoot Overshoot 13 Prevention – Technical Causes Structural Failure (including landing gear) – safe life, fail safe, damage tolerance Fire – fire prevention and control technology Engine Failure - safe life, fail safe, damage tolerance, health monitoring System Failure – fail safe, system safety assessment process 14 Prevention – System Failures Largest technical cause of aircraft accidents Prevention of accidents due to system failures is one of the primary concerns of civil airworthiness regulatory authorities (FARs 23.1309, 25.1309 & 29.1309) Severity Categories Catastrophic Hazardous Major Minor No Effect 15 Acceptable Level of Safety – Civil The accident rate for large civil transport aircraft has been steadily declining since the early 60’s Generally an accident rate of 1 per million flight hours has been considered acceptable for large civil passenger transport aircraft Therefore the probability of a serious accident should be not greater than one per million flight hours (1 x 10-6) 16 Acceptable Level of Safety – Civil System failures account for 10% of accidents (probability of occurrence of 1 x 10-7) 100 potential failure conditions that could have a Catastrophic effect Target average probability of occurrence established as 1 x 10-9 for each failure condition with a Catastrophic effect General principle - inverse relationship should exist between a failure condition probability of occurrence and severity 17 Acceptable Level of Safety – Civil Note: Civil Transport Category Individual System 10-9 10-8 Acceptable 10-7 10-6 10-5 Unacceptable 10-4 10-3 10-2 10-1 1 Catastrophic Negligible Severity 18 Acceptable Level of Safety – Military Most military airworthiness authorities have not published military airworthiness design standards Reliance on civil regulatory material for military type certification and design change certification programs Airworthiness design standards (FARs, CARs, JARs, etc) Associated advisory material (FAA Advisory Circulars, RTCA DO-178B, RTCA DO-254, SAE ARP4754, SAE ARP4761, etc) 19 Acceptable Level of Safety – Military Civil processes provides an excellent basis for military aircraft programs Civil target levels may be problematic for military aircraft, equipment or missions Military/Civil Gaps Handling qualities Weapons and stores Self defence suites Wartime operations Military role/mission/task - operational necessity Operational and usage environment Rapid advances of military technology 20 Handling Qualities Civil aircraft handling quality requirements do not adequately address military tactical role/mission/task requirements in the intended operating environment 21 Weapons and Stores Civil airworthiness standards have no equivalent to military weapons and stores 22 Self Defence Suites Military aircraft operate in a hostile environment requiring the use of chaff, flares and other self defence technology 23 Wartime Operations Military wartime operations include extremely hazardous missions under conditions of operational necessity 24 Military Roles/Missions/Tasks Many military roles/missions/tasks are unique and have no civil equivalent 25 Environment and Usage Military aircraft often operate in a harsh environment which is more severe than equivalent civil aircraft types 26 Military Technology Military performance requirements demand rapid advances in technology which may often be implemented before they are mature 27 Acceptable Level of Safety – Military Application of civil standards must be done with judgment, care and forethought Difficult to separate military mission and airworthiness requirements Traditionally military equipment qualified to performance requirements rather than certified to minimum essential safety requirements No equivalent civil standards exist for military unique equipment 28 Acceptable Level of Safety – Military Civil airworthiness design standards are generally based on a specific aircraft category intended for use within a defined operational environment A higher accident rate should be considered acceptable for military aircraft Factor of 10 is often used in comparing a military aircraft type with an equivalent civil aircraft type 29 Acceptable Level of Safety – Military 10-9 Military Transports 10-7 10-5 Note: Transport Category Individual System Acceptable Civil Transports Unacceptable 10-3 10-1 Catastrophic Negligible Severity 30 Acceptable Level of Safety – Military 10-9 Note: Military Aircraft Types Individual System Military Transports Acceptable Military Helicopters 10-7 Military Jets 10-5 10-3 10-1 Unacceptable Catastrophic Negligible Severity 31 Acceptable Level of Safety – Military More flexibility required for military aviation than just defining level of safety as acceptable / unacceptable UK MOD - As Low As Reasonably Possible (ALARP) MIL-STD 882 - Risk Index (defined as a function of severity and probability of occurrence) DND/CF TAM Risk definitions Extremely High Risk - Normally unacceptable High Risk - May be acceptable Medium Risk - Should be acceptable Low Risk - Acceptable 32 Acceptable Level of Safety – Military 10-8 Low Risk (acceptable) Medium Risk 10-6 (should be acceptable) High Risk 10-4 10-2 (may be acceptable) Extremely High Risk (normally unacceptable) 1 Catastrophic Severity Negligible 33 Conclusion Acceptable Level of Safety is generally based on an acceptable accident rate The associated probability of occurrence for military aircraft types should be higher than the equivalent civil aircraft type Acceptable Level of Safety for military aircraft types may be based on a risk assessment process 34 Recommendation Need a forum for military aviation authorities to discuss airworthiness for military aircraft types Defence industries need to present the problems associated with the application of civil standards on military aircraft programs Closer cooperation/liaison between civil and military airworthiness authorities 35 “If we die, we want people to accept it. We are in a risky business, and we hope that if anything happens to us it will not delay the program. The conquest of space is worth the risk of life.” -Astronaut Virgil I. Grissom, 27 January 1967 Paraphrased: If we die, we want people to accept it. We are in a risky business, and we hope that if anything happens to us it will not delay the program. The need for military aviation is worth the risk of life. 36 37
