Preliminary Hazard Analysis of
EUROCONTROL Concept of Operations 2011
using the FAST method
Safety R & D seminar
25 – 27 October, Barcelona
presented by
Alexander Krastev
EUROCONTROL
Acknowledgments
Ian Ramsay, EUROCONTROL
Jacques Beaufays, EUROCONTROL
Jose Varela, EUROCONTROL
Jos Kuijper, EUROCONTROL
Randall De Garis, EUROCONTROL
Brian Smith, FAST
Michel Masson, FAST
Rudi den Hertog, FAST
Content







Safety assessment of future concepts
The FAST and the FAST methodology
Eurocontrol Concept of Operations for 2011
ConOps 2011 hazard analysis using FAST methodology
Main Findings
Safety R & D needs
Conclusions
Safety Assessment of Future Concepts
Key Questions
New operational concepts developed in response to the
forecasted traffic growth
 Are the new concepts inherently safe?
 Do the new concepts bring the required safety
improvement?
 How do concept changes impact on safety of operations?
 Will SESAR Operational Concept achieve the safety target
for 2020?
Safety Assessment of Future Concepts
Difficulties
 Concepts’ descriptions limited to the “ideal” world
 Level of detail of available description not sufficient
 Need for “out of box” thinking
 Complex task that requires:
 Integrated view of changes across all aviation domains
 Due consideration of interactions and interdependencies
 Suitable methodology
The Future Aviation Safety Team (FAST)
FAST established in 1999 by the JSSI Steering Group
 Objective: Develop and implement methods and processes to
support the systematic identification and resolution of future
hazards in the aviation system
 All major aviation stakeholder groups and organisations
represented
FAST developed a prognostic method for future hazards
identification
The FAST Method
 The global Air-Ground-Space system considered as a “system
of systems”
 Focus on the “prognostic” time domain
 Augments existing hazard identification techniques
 Concept of Areas of Change at the core
 AoC list: 192 entries grouped in 11 categories, e.g.
 AC_11 Proliferation of heterogeneous aircraft with widely-varying
equipment and capabilities
FAST handbook available at: http://fast.jrc.it/
Expert Team
Responsibility
FAST Core Team
Responsibility
Customer/
Stakeholder
Responsibility
The FAST Process
1.
Responsible Party Proposes
Change(s) to Global Aviation
System; recognizes need for
systematic prediction of
hazard(s) associated with
changes and need to design
potential hazards out of system
or avoid or mitigate hazard(s)
2.
Define Scope of
Expert Team
HazardIdentification
Study
3.
Assemble
an Expert
Team
Advocate the
FAST Philosophy
Commission
Expert Teams
Guide FAST
Facilitators
Maintain Areas
of Change
Repository
Maintain
Futures &
Watch Items
Enhance the
FAST Method
4.
Understand Customer
Requirements and
Future of Interest
5. (optional)
Identify Intrinsic
Hazards Within
Future of Interest
Enhance and/or
Modify Planned
Changes
6.
Identify Areas of
Change Pertinent to
Future of Interest
7.
Enrich Hazards by
Evaluating Interactions
with Areas of Change
8. (optional)
Identify Mitigations &
Effects of Areas of
Change on Mitigations
10.
Inform FAST &
Customers
Regarding results
9.
Formulate
Recommendations
& Identify Watch
Items
ConOps 2011
Content
Concept of Operations 2011
 Description of the ATM System in 2011 - the Main Changes
 The ATM Components, OI’s and System Enablers
 The ATM Operational Model
 The Key Enablers – SWIM, the Network Operations Plan and
Collaborative Decision Making
 The Principles of the Layered Planning Process
Air Traffic
Airspace
Organisation &
Management
Airport
Operations
Flow &
Capacity
Management
Information
Management &
Services
Separation
Assurance
Airspace
User
Operations
Synchronisation
High-Level System Capabilities
 Business Impact Statements
 Annexes
The Actors – Roles and Responsibilities
 Operational Scenarios and Use cases
ConOps 2011
The Change Directions
 The ConOps 2011 defines the main change directions for the
evolution of European ATM:
 Gate to Gate Flight Management
 Enhanced Flexibility & Efficiency
 Responsive Capacity Management to meet Demand
 Collaborative Airspace Management
 Extended Levels of Automation & Communication
 System Wide Information Management
 Collaborative Decision-Making
ConOps 2011 Hazard Analysis
Objectives
 Establish a comprehensive list of hazards that may be
generated by the implementation of ConOps 2011
 Identify hazards which may have a critical impact on ATM
safety
 Validate the applicability of FAST method to assessments of
future ATM concepts
ConOps 2011 Hazard Analysis
Approach
 All FAST process steps covered except “Formulate
recommendations and identify Watch Items
 Tailored briefing packs for more efficient preparation
 Two workshops held (6-9 June and 17-20 July 2006)
 Excellent mix of expertise in the Expert team
 Hazard identification performed by teams in break-out sessions
lead by facilitators
ConOps 2011 Hazard Analysis
WS 1 Focus
 Teams analysed ConOps 2011 from three perspectives:
 AOM / ATFCM
 ATC and Airport Operations
 Airspace Users Operations
 The three phases of the layered planning process addressed
strategic
pre-tactical
tactical
Network Operations Plan
 Nominal (G2G) Operational scenario used to enrich hazard log
 Output: ConOps/Scenario related hazard log
ConOps 2011 Hazard Analysis
WS 2 Focus
 Three non-nominal scenarios used for
hazard identification
 Scenario based team composition
 Brainstorming session for identification
of potential mitigation means
 WS output:
 Scenario related hazard logs
 List of safety issues for further study and
analysis
Oh God, please
help me see the
future!
Main Findings
 The main ConOps 2011 concept elements could bring a
significant safety benefit
 Need of a balanced and safe in terms of frequency and
complexity process of dynamic airspace changes
 Diversity of aircraft equipment and capabilities is an important
safety challenge
 Safety aspects of human tasks automation deserve particular
attention and efforts
Safety R&D Aspects (1)
Safety issues
R & D needs
Design and real time control of complex Safety related architecture and
distributed system with multiple actors functionality, integrity and security
requirements and procedures for a
G2G information management system
for ATM
Dynamic changes to ATM system
components and environment of
operation
Degree of flexibility that can be safely
accommodated by the future ATM
system
Diversity of systems and aircraft
capabilities and performances
Principles and requirements for safe
transition planning
Safety R&D Aspects (2)
Safety issues
Automation and Human machine
interaction
R & D needs
Human reliability and performance
limitations in operation of systems with
different degree of automation: ranging
from limited system support to
automated decision making.
Impact of reallocation of safety roles and
responsibilities
Assessment methods for advanced
Human computer interaction
Safety R&D Aspects (3)
Safety issues
R & D needs
Consistency of planned changes, new
concepts and supporting technologies
Develop method for integration of
safety assessments (safety cases)
performed on specific planned changes
and concept elements
Proactive safety management in early
stages of concept development.
Safety afforded highest priority in ATM
system planning and development
Develop efficient mechanism for
delivery of safety recommendations to
concept designers enabling the shift
from technology driven to safety driven
automation
Safety R&D Aspects (4)
Safety issues
R & D needs
Proactive safety management in early
stages of concept development
Improved methodologies for safety
assessment of future operational
concepts
Ensure the achievement of the overall
safety target for 2020
Assess innovative SESAR Operational
Concept components, e.g. new
separation provision techniques
Conclusions
Methodology
 Objectives largely met - benefits of safety assessment of
operational concepts demonstrated
 Involvement of all ATM actors is essential: allowing for
synergies and shared knowledge
 Use of operational scenarios considered essential
 FAST method can be used for safety analysis of future
concepts; some fine tuning still needed
Conclusions
Benefits/Limitations of Concept Assessments
 Anticipate safety issues right from the concept definition phase
 “Validation” of new concepts from safety perspective
 Source of recommendations for further analysis and research
 Enable risk informed decision making in the planning and
development phases
 BUT, there are also limitations:
 Non-linear increase of uncertainties with time
 New or modified hazards may emerge from specific implementation
 High level of abstraction
Thank you very much
for your attention!
… possibly a safe option
for the future