7R-A16" 016 SUBSYSTEM HZRD NLYSIS FOR THE LSI

MODELS 6216R 9 ~I C SELF-CONTAINED N.. (U) LEAR SIEGLER INC GRAND RAPIDSI NMI INSTRUMENT DIV J T REEVES 03 MAR 66 GRR-62i6-S13pUNCLASSIFIED FS9693-85-C-1224 F/G 9/5 N

7: ~ ~ ~ ~ ~ .. -77-7 7-77 -77**-7 t

Lim

. M .. 1 2 .

11111o 2..0*2

1jj.25 L-11116

IIII ,,__o

MICRnCOP' CHART *

V . ,'..

.... - -

*" ~i!.'

, 9.:::::;

9.% ", "%

• 9 . •... - . - . • . • . * . - . ° . * % . " . % . . " . ° . * ' . " t . ' " . . . " . . * " % . , % . , ,, . " ., , ,

-,W -I S

C

L

ST KET lil

DpplC 4,pb~ olwbutionVuELECTEAN

I jwSUBSYSTEM HAZARD ANALYSIS

FOR THE WE

LSI MODELS 6216A, B, & C

SELF-CONTAINED NAVIGATION SYSTEM

GROUP A

REPORT NO. 6216-013

CONTRACT NO. F09603-85-C-1224

Data Item 0103

DTIC rELECTE

p B

PREPARED BY APPROVED B -- - . -- ,

DATE ________ __ DATE 8 " -13

at PRELI[ MuNARY "

pgypMflO141 TAEMEN'lA

AP-Mp.,d 14X public telOas8 j

D~5iboam Of Unlimted

.%o$ a =

-- .. '. -. -.. "% <. %t....."

S. - r- - m&J~bCbmm>_b. ZT-7. . * :

Report No. 6216-013Revision____

TABLE OF CONTENTS

SECTION TITLE PAGE NO.,U

1.0 GENERAL . ........ .... ..................... 31.1 PURPOSE ..... ......................... 31.2 SCOPE .......................... 32.0 APPLICABLE DOCUMENTS ...... ... .............. 32.1 GOVERNMENT DOCUMENTS .............. 32.2 OTHER DOCUMENTS ........ ... ................. 43.0 SYSTEM DESCRIPTION ...... .... ............... 43.1 GENERAL DESCRIPTION ......... ............... 43.2 MAJOR COMPONENTS ....... ... ................ 43.2.1 ICDS .......... ... ...................... 43.2.2 INS ........... ... ....................... 73.2.3 DVS ........... ... ....................... 73.3 SYSTEM FUNCTIONS ....... ... ................ 73.3.1 MAJOR FUNCTIONS ........ ... ................. 73.3.2 SECONDARY FUNCTIONS ....... ... ............... 73.4 A-KITS ......... .... ..................... 84.0 SAFETY CRITERIA ............. 8 . ...-4.1 SYSTEM SAFETY PRECEDENCE ..... ... ............ 84.2 HAZARD LEVEL CATEGORIES ...... ... ............. 84.2.1 HAZARD SEVERITY ........ ... ................. 84.2.2 HAZARD PROBABILITY ...... .... ............... 95.0 HAZARD ANALYSIS .......... ................. 9

5.1 SSHA MATRIX SHEETS ... ............... ... 105.2 SUMMARY ............ ..................... 10

Accesion For

DTIC TBA I3

J t trc t.

By--Distri but ion/

Availability CodesAvailandor

'Dist Special

IS, ~-2-

. .. .. ............ .1:"-" :':--' -- --"-..... .... r., .. . .' ... .. -"" "'"i """ "-'--'""" "5 " '""." . .. -'.""""''"''"" " "".. .". .". .".".."".

Report No. 6216-013

Revision______

1.0 GENERAL - This document constitutes the Subsystem HazardAnalysis (SSHA) for the C-130 Self-Contained NavigationSystem (SCNS) installation. It provides a safety assessmentof the SCNS installation. -

1.1 PURPOSE - IAW MIL-STD-882A,-the purpose of an SSH is toevaluate the parts making up a system for items that couldadversely affect the system safety through componentfailure, performance degradation, functional failure andinadvertent operation.

1.2 SCOPE -The scope of this analysis foF Data Item 0103 islimited to the SCNS installation task A-kit €omponents-(viz. wiring harness, brackets, racks control panels, relayboxes, circuit breakers), "B-kit" components (viz. ICDUs,BICU, DVS, INU), and the physical interfaces with existingequipment (viz. CADC or Sensors, Radar, Air Data Sensors.

io These items will be analyzed in respect to safeinstallation, safe hardware, and safe usage (viz.installation, removal, in-place test, and handling). Nosystem Functional aspects are analyzed. "

2.0 APPLICABLE DOCUMENTS -

2.1 GOVERNMENT DOCUMENTS - The following documents of the exactissue shown are used in the preparation of this analysis andreport.

MIL-STD-882A System Safety ProgramRequirements (paragraph

*5.5.1.2).

D-H-7048 System Safety Hazard AnalysisReport (paragraph 10.2.2).

DHI-6 (Edition 5) System Safety Design Handbook'..---sow

84-MMSRE-004-C-130SCNS C-130 Modification Self-ContainedNavigation System (SCNS), State-

ment of Work for

84-MMSRE-009-C-130 Self-Contained Navigation System(SCNS), Integration, Fabricationand Installation and Test of,C-130 Aircraft

LamR GOW" INCNS IJIN OMON--

-. """

i_____Report No. 6216-013Revision______

2.2 OTHER DOCUMENTS - See table II and III.

3.0 SYSTEM DESCRIPTION

3.1 GENERAL DESCRIPTION - The SCNS is comprised of a DopplerVelocity Sensor (DVS), Inertial Navigation System (INS),

LIntegration Computation and Display System (ICDS), and theassociated installation Group A kit to provide doppler aidedINS navigation, INS only, Doppler only and TAS/HDG navigationmodes, and control of the various C-130 communication/naviga-tion (comm/nav) systems. The SCNS ICDS consists of threeIntegrated Control Display Units (ICDU) and one Bus Integra-tion Computer Unit (BICU) for all C-130 aircraft except thatthe HC-130H will have an additional ICDU for the radiocontrol. A block diagram is shown in figure 1. -.

In conjunction with the SCNS installation, the followingsystem/components will be removed from the various C-130configurations.

AN/APN-147 DopplerAN/ASN-35 Doppler ComputerARN-131 Omegap AN/ASN-24 OR PINS (C-130E AWADS only)

Radio controls for

AN/ARC-164 UHF (one control retained) .

AN/ARC-186 VHFAN/ARC-190 HF

* AN/ARN-118 TACANAN/ARN-127 VOR/ILSUSAF Standard VOR/ILS

The communication and navigation radio control functionswill be assumed by the ICDUs except during an emergency useof a UHF backup manual control head.

3.2 MAJOR COMPONENTS - A list of major components is providedin table I.

3.2.1 ICDS - The ICS consists of two major components: the IntegratedControl Display Unit (ICDU) and the Bus Integration ComputerUnit (BICU). All aircraft configurations utilize fullyinterchangeable ICDUs: pilot's, co-pilot's, navigator's and

~-4-""'"

" ............................................. "" " " " " " ".... " " "" " ..... " " ""......... . ". . . .. .... ... .- ;i:;:i. . . . . . . . . . .. . . . . . . . . . . . . .... . ... .. . I

_________________________________________ Report No. 6216-013Revision_______'

To

MUUP j

Owt-4

wJ

1. 1 saw" 9

migur ft" LC~ lc iga

0ar& afSfAAI

=- l

'0*'*EEPY%

0** . . . . .. . . . . . . . . . .0*. . . . . . . .* ... . . .

Figur 1. .SBok iga

m__Report No. 6216-013

Revision_ _

,

Table I. Major Component List* I

GROUPMODEL NO. DESCRIPTION LOCATION

A B

LSI-2580F 4 Integrated Control Left side forward onDisplay Unit center console for

pilot. Right side for-ward for co-pilot. Navpanel for navigator.Radio operator's panelfor HC-130.

LSI-2905A 4 Bus Interface Computer New equipment rack.Unit

LSI-2905B 4 Bus Interface Computer New equipment rack.Unit with Added RadarInterface Card (AWADS)

LSI-2590A 4 Doppler Velocity Sensor Belly of aircraftAPN-218

SNU 84-1 GFE Inertial Navigation Aircraft floor belowSensor new equipment rack

- 4.Electrical A-Kit Several variations

Mechanical A-Kit Several variations

- 4 Flight Director Mode Instrument Panel (alsoSelect panel modifica- a panel on the pedestaltions for C-130B)

- 4SCNS Control Panel Nay Station

- INU Battery Battery Compartment,

S.

-6-

IF

Report No. 6216-013Revision_______

radio operator's (HC-130H). Jumper wires in the the aircraftinstallation indicate its particular station location to eachICDU. One basic BICU design is utilized in all SCNS configu-rations with the exception of the BICU for the AWADS aircraft.It adds a third circular connector and SRUs for the radarinterface. Connector jumper wires indicate to the BICU intowhich aircraft model it is installed.

3.2.2 INS - The Inertial Navigation System (INS) consists of threemajor components: the Inertial Navigation Unit (INU), the INUmount, and the SCNS battery subsystem. The SCNS INU conformsto requirements of of the F3 SNU 84-1 and SNU 84-3specifications.

3.2.3 DVS - Doppler Velocity Sensor (DVS) consists of the APN-218Air Force Standard Doppler. The DVS provides basic navigationinputs for SCNS independent doppler navigation capability andfor integrated INS/Doppler capability.

3.3 SYSTEM FUNCTIONS - The SCNS primary function is to providehighly accurate and reliable self-contained navigationcapability for the MAC C-130 Tactical Airlift Operations.These missions and operations are defined in MACR 55-130,Military Airlift Command Regulation.

3.3.1 MAJOR FUNCTIONS - The SCNS provides the following majorfunctions.

0 Navigation modes and position update capability.

0 Integrated control and display of navigation,communications, guidance, and steering functions.

o Aircraft guidance and steering - including flight plan,time of arrival, CARP, SAR, and rendezvous.

3.3.2 SECONDARY FUNCTIONS - Additional features are provided toimprove performance, reduce crew workload, and minimizeaircraft maintenance time. Specifically, these are:

o TACAN mixing to improve navigation accuracy.

O CARP capability that will reduce crew workload andincrease mission flexibility.

O Simple, accurate, and quick magnetic compass calibrationprocedures.

. -7- " .

-,.+. .*.- ...- -.. °-...- ... .-.... . ... . ... . ......... ...- V .. . .... .* ... -*

y~W w w~~ ~ TV. -- Fr-wN.~% ~. u- ~Wj~'~ t. - 1- - T lqw- -., 1- -- W-' 77 ,1

Report No. 6216-013Revision_______

r2-.

3.4 A-KITS - The "A" kits consists of:

0 The interconnecting cables between added LRUs.

0 The interconnecting cables and modifications to cables %

connecting existing LRUs.

o Mounting trays and hardware.

0 Sheet metal work as required.

O Control panels

0 Blank panels

o Annunciator lights

0 Pressure sensors

o Circuit breaker changes and additions.

4.0 SAFETY CRITERIA - Certain safety criteria IAW MIL-STD-882Aare followed in the SSHA.

4.1 SYSTEM SAFETY PRECEDENCE - Any items detected as fittinginto hazardous categories are treated in the following order:

a. Redesign to eliminate the hazard, if possible.

b. Change operating procedure to eliminate or reduceoccurrence.

c. Provide training recommendations to allow personnel to

safely work in the presence of the hazard.

d. Label or placard hazards and provide inputs to manuals.

4.2 HAZARD LEVEL CATEGORIES - (Criticality definitions) For thepurpose of the hazard analysis, the hazards will be definedand categorized IAW the criticality definitions set forthbelow (ref. MIL-STD-882A, para. 5.4.3.1).

b! -,

4.2.1 HAZARD SEVERITY - Hazard severity categories are defined toprovide a qualitative measure of the worst potentialconsequences resulting from personnel error, environmentalconditions, design inadequacies, procedural deficiencies,

system, subsystem or component failure or malfunction asfollows:

if 5.r~f,.....0- U

[% <',%-..',',**e*~~* ~ . .* .

ULM UM.W

Report No. 6216-013Revision_______

%

a. CATEGORY I - Catastrophic - May cause death or system

loss.

b. CATEGORY II - Critical - May cause severe injury, severe

occupational illness, or major system damage.

C. CATEGORY III - Marginal - May cause minor injury, minoroccupational illness, or minor system damage.

d. CATEGORY IV - Negligible - Will not result in injury,occupational illness, or system damage.

4.2.2 HAZARD PROBABILITY - The probability of the defined hazardoccurring is based on a qualitative judgement for the purposeof this hazard analysis. The probability levels quoted hereare from MIL-STD-882A, Para. 5.4.3.2.

DESCRIPTION SPECIFIC INDIVIDUAL FLEET ORLEVEL

-T•WORD ITEM INVENTORY

Frequent A Likely to occur frequently Continuously experienced

Reasonably B Will occur several times in Will occur frequentlyProbable life of an item

Occasional C Likely to occur sometime in Will occur several timeslife of an item

Remote D So unlikely, it can be Unlikely to occur butassumed that this hazard possiblewill not be experienced

Extremely E Probability of occurrence So unlikely, it can beImprobable cannot be distinguished from assumed that this hazard

zero will not be experienced

Impossible F Physically impossible to Physically impossible tooccur occur

5.0 HAZARD ANALYSIS - The sources of data for the SSHA are thedrawings for the installation kits, the wiring interconnects

interface control drawings, the panel and console modifications,the "B" component outline drawings, system block diagrams,grounding and shielding diagrams, process specifications andtest procedures. At the time of preparation of this report,most of the source data was in preliminary form.

LS* IupZf INC 9

* . . . . . 55. ..-.... ,*..-... -.*..***.,.

Report No. 6216-013

Revision __

C...

Data references are given in table II and III. Any items *

found during the review of those data are listed on SSHAmatrix sheets. Where comments are applicable only to

"* specific models, they will be so annotated. Most sourceinformation is very preliminary, therefore, listed items arequite tentative and subject to change in later submittals.

" 5.1 SSHA MATRIX SHEETS - These sheets are used to list potentialhazards, effects on the system and remedial steps to be

'' taken.

5.2 SUMMARY - At this writing, two items were rated in Category II,. Critical. Both items are still in the design phase and the L-

concerns are being considered in respect to the finalsolution. These are:

(1) The method of connecting up the added INS aircraftLk. battery so that a dead battery doesn't draw full

current from the bus. It would also seem desirableto make this battery available for other emergencyaircraft use. (Non availability can not technicallybe considered a hazard since no second battery ispresently available).

* (2) Certain internal or circuit failures could causethe ICDU CRT to bloom to high brightness. If thiswere to occur to the pilot's CRT during night.. "landing or night formation flight, it could probablyhave serious consequences. The failure probabilityis low and the percent time it could occur and

Upresent a hazard is low. The possible problem isbeing analyzed and probabilities will be computed.If simple effective circuitry can be added, it willalso be considered.

No inherent safety problems are evident in the "A"Group installation. Many implementation detailsare yet to be checked as the design is approved atCDR and the final drawings are prepared. Whenthese data are firm enough to represent the finalproduct, this analysis will be updated.

NI1~iUE? mv.o ~- 10-

Report No. 6216-013Revision______

CuC

4) -4 41 u-. -.0 .0 .0 PC 00 =0 40u uu Cu 00 -4Cu

4j rn a4 4 -- ) 1. .

~ ) u u u u Cu) Cu 4) C)

-4 0 -m

0 u.uC

0C ) -, 0 A-4 4.) V C3 4> W. 0 Vj 0. .

o 4j 0 ) r-4 0 -4

WO 0 U4 0-, Cu FA -4 w S44 V

4) a. Q) U) Cuc 1 CA 4)cE3 (A.- m ) 41 c 0. 4. r. m c~ ' .

4 $4 CC m 0 1 0 0C L 0 u4 0 -4

In z0 tn u4 tn uu C) 0

CC 4 J4 Cu JA - 0V) .4q 04 -4

00 V 0C - 0 0 0 04CC CC 4'. U wu C -4) c ~ 4 W 4

0 00

-0 IT ".4 0. 1? .0 .a .4a

- 4 - - - - -

4)ASWA U) 4 4 ) ) 4INI".m" "SONC . C. C. .

Report No. 6216-013Revision_____

EI.

IP w 41 4) 4) 4) 4.

CACA

(U4

W 4j 4jC: m

ta

a 0 -

0w a2 A4 1244. ". rC

~~~ I-U ~I% CA n c %o L000 C4 0

1.6 a. C. . 1.4 1. 1.0

a a0a 0 a a

UL ".4ul 1w- ". .4 "4 .

U UU

Report No. 6216-013-. *Revision_______

IV

CA,

. 0 4 0 0 0 0. 4.4 - 0 4-d .4j '44 '44

4.1

a 4)-''. W a .h, Z*.0 W uo *0 ca 0 4)4' z 40 0 ~ 0 CZ0 0 - 4 jUz 410Q

ca aa c V W a~' tow w 4c0 .14 001 C~ Q'. C: w aO' ..4 0 m ~ 0

U4 .4 = - .,4 .4.h 4j j0 U) 4)c '4 4) en w. 4JU 0 0M '4 0.cc 0 ' toju I~ = *.CJf U*..A IIQ.4 A4 ICOl-

4. > . C ) OI -o Su -4 >. u n> -U CA4~0* m0 C. 1 0,4) n.f0U 4) 0z

0om 4 40Cj W 4000 0 140' 0 n 0 00to ) 14CV '. 4j U '.) -,44. M 4 J.414 &I ( .4 4Jn

co4 J2CJ OC. 4 M 4.QJ * - Ow 44 MJ OC 4iC.04j

m 4J O-4 4) 4., ~ J14 cn U 4 n F j r

10.lua a Q a

0..,4 .544.

$4 4.5

- CO 0.40.i0 0."4 -

4)4

If'

____ ___ ___ ___ ___ ___ ____ ___ ___ ___ ___ ___ ___ Report No. 6216-013

Revision______

o to~0 PO e%~

40

0 0 04

tl C 4 Wf04

4J4 4

-400 QC~ a M~L -

0 -40 0 1 C4 en0L 0 C.3 :3-A44I e aw L0 U0 4) m ( .4 P-.0M .4 0 O~ -0 >t.h. 3i 3tJ

IL g ,-41 1 m 4) ca P-4 W W-G.a4

0 4 Qu 604 u 4 o 0 A o $4 u o~u > *QuC3004 4) ., 44 -4L 4 4 41 0 0 0 4 4 00 *nw 0

> $4 .a cc 04 2 $4 0 4 J (' $4 0 .4. 4ij c.M

44A - $4 r4U4.0J4% Q cc 44J 00 1 0~ 44-4. V.'~~ u~0 C $4. 44 -M~ La )S us 0 0

*) a a 00 )A-00010 C70 a44 0 0C 0 ' > 0 0C'-o -a *4 04-4 --% 0 4z I u 14 C 4.1- mC)- u I: w-4 -

W 0-4 4j .0 t L 0 j0 $ o 44 aa4.1 CU V 41 CAa A 2 ' 2V0

-4 W 4j U a U j04). u4 .)4 -44C4 14 cc"* .4 M "4 ).,4 a 0 39 -4

-4 (12 w - w w U W - k - U%4$ ,-

u 1.4 4- -4)4 -JM - 4 jL nC 4-1~ 41 41 4J V

0) 5.4 -4 r-4 W V - 4 40a - 0U 0r W04 c2 04 M )> . w04 0 o0M u 4 u

'-44

'-4j

0 000

E- z~ Ix

0 ;a

an on

an.

ULM SbMM .INIM 13IS

513,

Report No. 6216-013Revision______

r. ~ ~~~~~ ~ .u0r 1$4r4ww0

(.30 .4 , 00 2@ r@.m 6j O4% V Q- i 0%

3t4 . *0 .1 0 " -. 4 W i J 31 0 14

>0 Ow 3 0 @a3 0 No -M.'4~. U O 00m u 0@3

0 @ - .14h 0 0 '"1hiMJ 0 m h r-440 w .4 0 W4 .4400u~. $w ) -4 M b u 4 u c 0

Is..3-rA 4) V3- W0 HQ 0 110 0 40@'- Ai~.. Q 44 4 W4

@3 U'44 -k 4j 0 00 U'. -V 00 9 0-V*>- w * -e.4E > ) 4)l Ab-4 lu 0 (a

@3 4) 9:6 0 @3 1m .0m 3 = 0. 0-C* n44UUZ4 en 1.4-4 cn Mi-

0i 4 0 0 ~ 0 0 (.

04 U) 0 '..4a .4 04 4%. C.444

U ~ ~M-U@LM ) .

o- E4z@ hU > 3 @33*. 3an 4-. 0 3~ O 00 cq

p ~ ~ ~ ~ .. 4~~~cc 3.~ J E4JI-~-C'.

0W "mP

. . . . . . . . . rwl -W .L-

Report No. 6216-013Revision______

SiS.

:, -0 $. C: a.N

id Wj4J 0 W q a ~ u

11' a U rQ

a5 C . V

a . u a rO ... A mo 1m 0 a a

. 1 11 ..440

w5 *

C6 a z.0 GO ad.M L

00m xS S. Z 0 qZ2 00U0 40Aa0l

-~4 0 U . 0.

245 .1 ..C N S

0 0

o.. w A0 c W W

2~ 4A ~ 0 c0~ 045 0. .. -. s.

*~~C 2iS *24 4 .* ~ ~ G00 .U U

9Ld

q) x 4 S.;%DI

* ~ ~ 0 Z5M I .AU lIU 110 6 t

9L - -C 1

I Ol"OMMM -16-Fa% - SF A F S *5**AADS A LiOa

Report No. 6216-013Revision_________

41 -. M .,, . I . ., I=

a a_: C .A -, U .U-...

0 Z 1.111, El .o.2

U u 0 . a "C a.

0~ B C *: A 0 C1 . . ..-. 0~

W~ ~ NW A ) ) a 41

am 4D1VU 0 a4 4II - U z l Q p

U . -. .

Io oA a, . + 2 <-o 4 "

- . ,4 u... a

• c -0 1.,"i

-o~~ ~ j 0'..t,' "

0 CU 2 0

~U3 0 4wCA .U U*-U ~ . A.

41 0

41 AU u C1 j U U u U .

W In 0

QV - - -"

m V 0 , M 0, - -1 7

a UC -C

. CC 'A U

-C 0 Q

Lk U x -4

1 0 au 0 a

~~I2 1- UA0 -3U

_ - . . .. .. - . .. . . .

... v., ,..

61 .UUUL

WA C A W. CC

________________________________________ Report No. 6216-013Revision______

0 a1

a. A Is 'U 6

* ~~~ .1U41 2~ 4.1

U.0 a CO

u~od a- 4W -

w - a a u*

a ~ a'A 0 Q0 6 'A"a10 aaA4a1j t

0 a0 000 Ow I.'d0 4

ta

IV C6 I ad F.

1JW4 461

A V1 W . 41Uc 0U4 1 41U a1

W3 6.

:9 114

V. a a-

412 2 Co 0

001

4.1 .0

4.x - -- ca-

- 'd

-I LN P0 -41

V a ..-A c

~1

4.

4'"I.

'-4

-4 4.--

a,4.

4.5-56 6*

44.

*4 4,4.

4

4,

.4.

4 ~..*. .4-4..--..- *-*...---4- *4.4 .-.. ~ .4 :-2. ~ '~~*4 .4 '~4 4.' 6*.***~****.';4.*.*.'4** 4