By Vance Hilderman, CEO, AFuzion Inc.
“Google's huge wing fell off and it crashed. But it wasn't unsafe and no one was hurt," said the voice on the phone. Really...
Technology and aviation are replete with experimentation and failures intermixed with successes. Two steps forward and one step backward. We get it; we need it.
Google, Musk, Bezos: solid visionaries pushing boundaries and making the world a better place. The entire world, not just fellow Americans, should be excited and proud: The aviation accomplishments of Google, Amazon, and SpaceX are truly advancing aviation at a pace not seen for over 50 years. When Bloomberg reported the official post-crash diagnosis, it confirmed everything we'd heard (Bloomberg's Jan 29, 2016 article on Google's crash-diagnosis).
"It wasn't unsafe.” “No one was hurt." I was doing AFuzion safety business in Europe and tried to return to sleep after hearing those words in the chilling, middle-of-the-night call. But sleep was elusive. My passion is my profession is my life: helping our company's clients develop and advance the state-of-the-art for safety-critical systems development. However, crashing planes should not elicit statements that "it wasn't unsafe" because "no one was hurt."
Imagine forgetting to put your car in gear and forgetting to set the hand break on a hill: the empty car rolls down and crashes into another empty car. That wasn't unsafe because no one was hurt? Nonsense: You and the public were merely lucky. Therein lies the truth: Safety is not luck and luck is not safety.
Today's excessive rate of safety-critical system failures is both unnecessary and unnecessarily risky; proven science exists which is being bypassed at the risk of safety and credibility.
Few doubt that formal aviation safety standards are the most advanced and strict in the known universe. Commercial aviation has almost conquered the laws of physics and probabilities: Passengers and earthbound citizens are vastly safer today than via any other form of transportation. So what's the Issue?
The issue is that excessive failures yields public skepticism which will slow not just excessive egos but will actually slow technological advances. Yes, all systems are subject to failure and there will never be a mechanical, hydraulic, or electrical system whose failure rate is zero. Zero is impossible. But wings should not fall off in relatively benign conditions.
When an unmanned rocket or drone fails, can we guarantee it will not endanger the public or public property? Probably not. But most assuredly it damages public credibility, confidence, budgets, and adoption.
Why are government regulators in dozens of countries enacting new safety rules in response to the perceived risks which are slowing down adoption? Because the failures are real, not perceived. That means the risks are real, not merely perceived.
What can be done about this new quandary? Fortunately there is a solution – a solution which is both simple and cost-effective. Apply existing safety standards to the new generation of cargo rocket launches. Apply them to deployments of drones above a large threshold weight of 100 kilograms (Kg). Do not mandate FAA approvals as is done for commercial aircraft: that would adversely slow progress. Instead, make aircraft integrators self-certify adherence to aviation safety and system standards ARP-4761A and ARP-4754A.
This is exactly what automotive makers are recently required to do via self-certification to the new 2012 automotive standard ISO 26262. Have we heard automotive manufacturers complain of schedule and cost overruns due to ISO 26262 adoption?
Quite the contrary: proven use actually improves quality and reusability which drives down subsequent procurement costs. Why? Products with improved reliability have improved sales and improved profit margins. The measurable added safety is beneficial though almost ancillary.
The growing emphasis on formal safety protocols such as ARP-4761A, 4754A, ISO 26262, and even DO-178C for software, is testament to three simple facts: They are science-based, they are cost-effective, and they work.
Why don't Boeing, Airbus, or even Cessna have wings fall off during flight testing like Google? Because crashing aircraft are unsafe and make for bad public perceptions and even greater regulation. Instead professional airframers follow simple scientific wing stress design frameworks followed upon in-factory wing stress testing where the wing load is increased until it fails.
Yes, the wing falls off, but it's in a hangar and stresses are scientifically measured. The wing is simply proven to be made twice as strong as the worst-case expected flight loads.
Cost-effective? Vastly more so than losing entire aircraft even without considering the potential safety and ensuing liability issues.
What do formal safety standards -- including ARP-4761A, 4754A, and ISO 26262 -- bring to the table? Proven science-based approaches to define safety cases, performing fault tree analysis (FTA), and failure mode effect analysis (FMEA). Scientifically identify potential failures BEFORE they happen. Then determine the impact of that fault upon safety and define prevention, detection, and mitigation strategies commensurate to the safety impact.
These standards all have strong commercial pragmatism because they all strongly consider cost versus benefits. Yes, safety is important but so is cost. These standards all identify different levels of safety impact and lesser levels have less rigor which means less safety but also less cost.
If safety itself were the sole focus, all systems and all components would simply bear the highest, most rigorous, safety designation for maximum safety. But that would also equate to maximum cost.
Why are these commercial aviation and automotive standards so successful? Because they recognize that safety must be pragmatic: size matters and by this we mean budget size. A safer system doesn't help safety one iota if it is too expensive to be commercially used. These commercial safety standards promote safety, reuse, reliability, and overall cost-effectiveness. Period.
"Safety: ARP-4754A – Is it cost-effective?" at https://www.linkedin.com/pulse/huge-wing-fell-off-wasnt-unsafe-really-vance-hilderman
Continue reading online:
Vance Hilderman is the CEO of AFuzion Inc., whose engineers have helped deploy safety-critical systems in 300+ companies onsite in 35+ countries. Visit http://www.afuzion.com for more.
About the author
You might also like:
Subscribe today to receive all the latest aerospace technology and engineering news, delivered directly to your e-mail inbox twice a week (Tuesdays and Thursdays). Sign upfor your free subscription to the Intelligent Inbox e-newsletter at http://www.intelligent-aerospace.com/subscribe.html.