Influences of communication structural complexity on operational safety in regional airspace design

Neale L. Fulton, Mark Westcott, Stephen Emery
2011 Safety Science  
As air traffic management systems have evolved and as traffic flows have increased, the communications protocols and supporting structures have become more complex. Initially, in the early 20th century, pilots flew without any interaircraft communication. Then area frequencies were introduced to cover large regions. More recently, extra frequencies have been introduced with a result that the larger "area" airspace volumes have become isolated in frequency from the smaller volumes that surround
more » ... irports. This increasing complexity has introduced engineering failure modes into the design. Within this increasingly complex environment, regardless of the relative position and geometric aspect of an aircraft pair the pilots must be able to communicate with each other. They need to be able to rely on a high dependability (a reliability and safety concept) of the various communication links operating between the aircraft at the time of proximity. This paper is concerned with assessing the physical feasibility of inter-pilot communication when their aircraft are in, or near, radio frequency boundaries. The distinctive feature of the boundaries studied is that communication occurs on different frequencies at different points in airspace. This means that pilots in relatively close spatial proximity might not be operating on a common frequency. When combined with relatively long transaction times, this has the potential to fatally inhibit timely exchange of information critical to successful avoidance of a midair collision. We show that failure modes similar to failure "modes" of operation (e.g., mode confusion within the pilotmachine interface) identified in Flight Management Systems designs and as discussed in the aerospace literature arise for the boundary structures. The paper uses a simple but revealing model of aircraft operation within a multiple radio frequency structure to study these operational modes. The model is not intended to be complete or exhaustive; its role is to demonstrate design principles and processes that should be considered in order to achieve required levels of system design confidence. One important conclusion is that circumstances in which problems can arise are not easily predictable during flight. This means that operational experience is not necessarily a good basis on which to predicate the extrapolation of system design behaviour, as aircraft might often operate close to a failure mode without the pilots realising it and so they may erroneously conclude that these modes do not exist. The model allows an exhaustive description of the failure modes once parameters such as the aircraft velocities, the radio frequency structures and the communication transaction lengths are specified. To show how the failure modes are influenced by these parameters, the paper uses a novel form of nested plot for high-dimensional data that was developed for similar displays in a large commercial contract. ______________________________________________________________________________
doi:10.1016/j.ssci.2010.12.002 fatcat:iig42xa5tnettnafjsg7feaeg4