Upload
bebe
View
48
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Accident scenarios for an integrated aviation safety model. Alfred Roelen ([email protected]) Rombout Wever National Aerospace Laboratory Flight Safety and Aircraft Operations Department. Outline. Objective Accident types and scenarios Modelling approach Scenario development process - PowerPoint PPT Presentation
Citation preview
Accident scenarios for an integrated aviation safety model
Alfred Roelen ([email protected])
Rombout Wever
National Aerospace Laboratory
Flight Safety and Aircraft Operations Department
September 2006accident scenarios for an integrated aviation safety model 2
Outline
Objective
Accident types and scenarios
Modelling approach
Scenario development process
Example loss of control accident scenario development
Results
September 2006accident scenarios for an integrated aviation safety model 3
Objective
Development of the top layer of an Integrated Safety Model.
Provide an initial framework for staged development and integrating work by the different organisations
September 2006accident scenarios for an integrated aviation safety model 4
Integrated Safety Model (Framework)
S System 1
Human Action System 2 Initiating event
2 PROXIMATE
CAUSES
1&2
ROOT CAUSES
RISK METRICS
S
F
F DIRECT OR INDIRECT PHYSICAL / ORGANIZATIONAL / REGULATORY / ENVIRONMENTAL CAUSES
SET OF POSSIBLE SCENARIOS
Likelihood L
H M H
H M L
Severity
3
System 1 System 2
1
Human Action
3
September 2006accident scenarios for an integrated aviation safety model 5
Scenario clustering
Collision with ground Collision with object General disintegration
September 2006accident scenarios for an integrated aviation safety model 6
Accident types
Accident
Collision withground
Collision withobject
Generaldisintegration
Loss ofcontrol
(unrecovered)
Controlledflight into
terrain
Collision onground
Collision inmid-air
Explosion
Majorstructural
failure
Personal injury
Abruptmaneuver
(recovered)
Securityrelated event
September 2006accident scenarios for an integrated aviation safety model 7
Flight phases
Take-off
Climb
En-route
Descent
ApproachLanding
September 2006accident scenarios for an integrated aviation safety model 8
Fatal accidents and flight phases
Take off33%
En route11%
Landing56%
September 2006accident scenarios for an integrated aviation safety model 9
Proposed scenario matrix
Taxi Take-off Climb En-route Approach Landing
Abrupt maneuver X X X X
Uninhabitable cabin environment X X X X X X
Loss of control (unrecovered) X X X X X
Controlled flight into terrain X X X
Forced landing X
Mid-air collision X X X
Collision on ground X X X
Structural accident X X X X X
Fire/Explosion X X X X X X
September 2006accident scenarios for an integrated aviation safety model 10
Accident scenario representation
To ...
From ...
September 2006accident scenarios for an integrated aviation safety model 11
Event Sequence Diagram
Pivotal Event
Initiating Event
Comment End StatePivotal Event
September 2006accident scenarios for an integrated aviation safety model 12
Event Sequence Diagram
Initiating Event
Pivotal Event
Pivotal Event
Pivotal Event
Comment End State
End State
End State
End State
September 2006accident scenarios for an integrated aviation safety model 13
Modelling Approach: selection of Initiating event and pivotal event
Initiating Event
– Deviation from normal operation
– Active failures (triggering events)
– No latent failures (softer/deeper)
Pivotal Event
– Event with possible intervention
– Different causal pathway
– Active failures
– No latent failures (softer/deeper)
September 2006accident scenarios for an integrated aviation safety model 14
Modelling Approach: Level of detail
Transparency.
Limited complexity at the top layer of the model.
ESD need further detail by means of Fault Trees and Bayesian Belief Nets.
Minimise inter-dependencies of Fault Trees.
ESDs can be quantified with available accident- incident- and flight data.
September 2006accident scenarios for an integrated aviation safety model 15
ESD development steps
1) Individual accidents are analyzed and represented as a sequence of events.
2) Accident scenarios are generalized per type of accident, initiating event and flight phase.
3) Generalised scenarios are combined into one generic ESD so that this ESD covers a class of accidents.
Selection of accidents/incidents: ~ past 15 years, commercial air transport, ‘Western built’ aircraft, accident investigation report available
September 2006accident scenarios for an integrated aviation safety model 16
Example : Loss of control accident
Accident type: loss of control
Flight phase: en-route/approach
Multiple ways to loose control over the aircraft:different loss of control accident scenarios
September 2006accident scenarios for an integrated aviation safety model 17
Loss of control accident scenario initiators
System• e.g. flight control system failure, propulsion system failure
Environment• e.g. wind shear, turbulence, ice
Flight Crew• e.g. spatial disorientation
September 2006accident scenarios for an integrated aviation safety model 18
Accident type: Loss of control
Flight phase: En-route/approach
Initiating event: Propulsion system failure
Example
September 2006accident scenarios for an integrated aviation safety model 19
Step 1From accident report to
accident scenario
September 2006accident scenarios for an integrated aviation safety model 20
British Midlands, 737-4Y0, G-OBME, East Midlands, January 8, 1989
September 2006accident scenarios for an integrated aviation safety model 21
ESD British Midland 737 G-OBME
Crew detects failure
Powerplant failure
Total power loss
Collision with ground
Crew throttles back No 2 engine
Crew attempts to restart no 2
engine
Crew perceives inherent cues as prove of correct
diagnossis
Loss of control (loss of speed)
Crew fails to regain control
Crew shutdown no 2 engine
Crew increases power on no 1
which fails again
No 1 engine failed, causing engine surge. severe vibration. As soon as No 2 was throttled back, No 1 surging and vibration ceased and No 1 seemed to be operating normally
September 2006accident scenarios for an integrated aviation safety model 22
Atlantic Southeast Airlines, EMB 120RT,N256AS, Carrollton, Georgia, August 21, 1995
September 2006accident scenarios for an integrated aviation safety model 23
ESD ASA EMB 120RT N256AS
Damage to engine and wing (severely degraded aircraft
performance)
Crew unable to maintain altitude
Loss of control
Collision with ground
Powerplant failure
September 2006accident scenarios for an integrated aviation safety model 24
Step 2Generalising the accident
scenarios
September 2006accident scenarios for an integrated aviation safety model 25
ESD British Midland 737 G-OBME
Crew shutdown wrong engine
Powerplant failure
Crew fails to maintain control
Total power loss
Collision with groundgeneralising
added branch throughsystematic analysis andgeneralising, combining
Aircraft lands off
runway (1)
Safe landing
Aircraft able to reach airport
Crew carries out powerless approach
September 2006accident scenarios for an integrated aviation safety model 26
Step 3 From generalised specific accident scenarios to one
generic scenario
September 2006accident scenarios for an integrated aviation safety model 27
Generic ESD ‘loss of control’Flight phases: climb-cruise, landingInitiating event: propulsion system failure
September 2006accident scenarios for an integrated aviation safety model 28
Crew shutdown wrong engine
Single engine failure
Total power loss
Safe landing
Collision with
ground
Scenario type: Loss of control Phase: Initial climb - landing Initiating Event: Propulsion system failure
(1) Asymmetric thrust due to an engine shutdown, feathered propeller or engine in idle thrust(2) This event incorporates control of speed, altitude, pitch and roll. Flight crew skills related to powerless flight(3) This event incorporates control of speed, altitude, pitch and roll, and power management. Flight crew skills related to one engine inoperative flight(4) ‘Off runway’ means a forced landing in field or ditching
Asymmetric thrust
Crew fails to maintain
control (3)
Aircraft lands off
runway (4)
Safe landing
Collision with
ground
Crew fails to maintain
control (2)
Loss of control
Aircraft able to reach airport
Crew carries out powerless approach
Crew fails to restore engine
power
Aircraft continues
flight
Dual engine failure
Loss of control