Managing Validation in a Safety Critical System Regarding Automation of Air Traffic Control

Abstract: The aviation industry is under increasing pressure to reduce cost and manage the increased number of passengers. One area under pressure is the Air Traffic Control. The Air Traffic Control will in a foreseeable future manage the introduction of drones also known as Unmanned Aerial Vehicles by integrating them into civil airspace with manned aircraft. Drones are lacking consensus from authorities with regards to standards due to their rapid expansion. Given their size, shape and speed, they can also pose threats to manned aircrafts and there is a need to address them in an Air Traffic Management system interoperating with manned aircrafts. The purpose in this study is to identify what considerations to make when automating complex system elements with respect to safety. Safety involves all the different stakeholders in the air transportation system, which is a Safety critical System. Furthermore, the aim is also to identify areas in which European Operational Concept Validation Methodology (E-OCVM) can be complemented with. Standard E-OCVM is missing specific assessment criteria with regards to safety and how it can interact with other standards. The approach is thereby to use various standards with focus on Systems Engineering to complement E-OCVM since it is lacking with regards to how it is used to validate Air Traffic Control systems. To capture the complexity of automating elements of an industry involving many stakeholders, a qualitative analysis was conducted in this project, using a System Engineering approach with four standards A-SLP, A-RLP, A-DAS and A-SAS. A-SLP and A-RLP are two general standards while A-DAS and A-SAS are focusing on the contexts of aircrafts and software development. Empirical data was gathered by semi-structured interviews of seven experts within the relevant areas in the field. From the review of the four standards, it was found that they can for instance complement E-OCVM in how software errors can lead to a failure condition among other ways. The main identified considerations faced with an integration of drones into civil airspace, is to manage the human interaction with the introduced Air Traffic Management systems. More specifically, the human element must be involved from the training phase in the development of systems in a Safety Critical System to minimize risk. Furthermore, redundancies that are built into the system has to, not only be able to put the system into a safe state, but also be carefully analyzed in how they interact with other systems to avoid misjudgement for the Air Traffic Controllers. Lastly, to obtain specific details on how interoperability could occur using standards, the standards used in this study refer to usage of other documents and standards. Standards specifically tailored for the operational context of drones would facilitate further testing and implementation of their integration into civil airspace. Given that different standards were used to complement the EOCVM standard, a set of unified standards are required that are proportional with the type of drones, the type of operations and in the environment that they are operating in. This will be needed to fulfill the European vision of safe integration of drones and needs thereby to be carried out in a global manner, thus also share experience with other actors to advance the new technology adaptation.