COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
COLLISION AVOIDANCE AND SAFETY
Johan Pellebergs, Saab Aeronautics November 2016 This doc...
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
COLLISION AVOIDANCE AND SAFETY
Johan Pellebergs, Saab Aeronautics November 2016 This document and the information contained herein is the property of Saab AB and must not be used, disclosed or altered without Saab AB prior written consent.
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
COLLISIONS – THEY DO HAPPEN!
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
FLIGHT SAFETY
4
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
MISHAPS / CRASHES • Main categories for catastrophic mishaps in military aviation have historically been: ‒ Controlled flight into terrain (CFIT) ‒ Engine ‒ Mid-Air collision
Mishap statistics for a military fighter 40% 30% 20% 10% 0%
5
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
FLIGHT SAFETY • Flight safety significantly improved over the past decades ‒ Includes both military and civil aviation
• Main contributing factors are ‒ Strong safety attention ‒ Training ‒ Incident reporting ‒ Reliability of flight critical systems ‒ Introduction of safety enhancing systems and automation
Auto-GCAS
Auto-ACAS
MIDCAS
6
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
GROUND COLLISION AVOIDANCE
7
8
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
AUTOMATIC GROUND COLLISION AVOIDANCE • Terrain profile ahead of the aircraft trajectory generated from onboard terrain data base
AFU automatic/manual deactivation: • Landing gear extended • AAR probe extended • GPW manually OFF • Pilot manual inhibation • Control stick breakout
• Automatic recovery initiated when margin from calculated recovery flight path to the terrain profile goes below a minimum value (7m)
SCAN Ground profile
NINS terrain data base
Calculated Recovery Flight Path at 5g
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
AUTO-GCAS SAVES • Auto-GCAS has saved 4 aircraft and pilots since its operational fielding 2 years ago
• Pilots reactions have gone from skeptical of having a system that can take control away from them to now not performing the most advanced training flights without the system available!
• Acceptance of the users (pilots) is crucial when introducing an automatic high authority system!
9
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
4TH AUTO-GCAS SAVE • HUD video from 4th Auto-GCAS save when the pilot becomes unconscious due to high G’s (GLOC)
Velocity vector G-load Altitude (ft)
Speed GCAS warning Mach
Radar altitude
10
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
2ND AUTO GCAS SAVE • Air Combat training mission • “Target fascination” leads one of the pilots to initiate a maneuver that would result in a non-recoverable ground collision
• Letter from one of the saved pilots expressing his gratitude of the Auto-GCAS system!
“My unexpected AGCAS recovery prompted me to aggressively recover my aircraft, directly saving both my life and the aircraft. AGCAS worked as advertised and allowed me the honor to write this letter. I will gladly shake the hands of the men and women who developed this life saving system if I ever meet them in person.”
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
MID-AIR COLLISION AVOIDANCE
12
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
MID-AIR COLLISIONS – A REAL THREAT
13
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
MAIN LAYERS OF PROTECTION AGAINS MID-AIR COLLISIONS Strategic Conflict Management
1.
Distance / Time
n Procedures and Regulations n Airspace design n Flight plans
Separation Provision
2.
n Responsibility of ATC or the Pilot depending on airspace class and flight rules (IFR/VFR) n “Don't scare others!”
Collision Avoidance
3.
n This ultimate responsibility for avoiding collisions always remains with the pilot. n Mainly performed by the pilots ability to “See & Avoid”, i.e. the pilots eyes and his/hers ability to perform the correct decision and correct action. n “Don't scrape paint”
Criticality
14
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
AIRSPACE CLASSES • Airliners ‒ Operates in class A-C ‒ Fly according to Instrument Flight Rules (IFR) ‒ Equipped with Transponder/ADS-B, i.e. are Cooperative ‒ Equipped with TCAS collision avoidance system ‒ Separated from all other traffic by ATC ‒ Pilot responsible for Collision Avoidance (aided by TCAS)
• Small GA aircraft ‒ Operates mainly in the ”lower” airspace classes incl uncontrolled ‒ Operates at lower altitudes below 10 000 ft (max speed 250 kts) ‒ Large portion of flights according to Visual Flight Rules (VFR) ‒ Many without Transponders/ADS-B, i.e. Non-cooperative ‒ Limited or no ATC separation ‒ Pilot responsible for both Separation and Collision Avoidance
15
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
REMOTELY PILOTED AIRCRAFT • Terminology ‒ Unmanned Aircraft System - UAS ‒ Remotely Piloted Aircraft System - RPAS
• Removing the pilot from the aircraft requires an equivalent system capability to detect and avoid other aircraft – Detect & Avoid system (D&A) • Main requirement is to not degrade safety when introducing RPAS into the airspace
16
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
TRAFFIC AVOIDANCE AND COLLISION AVOIDANCE • Detect and Avoid (D&A) consists of two safety barriers ‒ Traffic Avoidance (”don’t scare”) ‒ Collision Avoidance (”don’t scrape paint”)
• D&A design objective ‒ D&A Design Objective to reach the overall TLS is a Risk Ratio of 0,01 (TBC), i.e. save 99 of 100 critical encounters
Risk Ratio = P(NMAC with system) / P(NMAC without system) NMAC = Near Mid Air Collision
17
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
D&A SYSTEM OVERVIEW Detect & Avoid Sensors RPA
ADS-B Intruder
Xpdr Collision Avoidance EO IR
Data Fusion Traffic Avoidance
Radar Remote Pilot Station • The RPA pilot will get suggested maneuvers from the system C2 link • TrA maneuver needs to be manually activated by the remote pilot D&A • CA maneuver can be manually activated but will activate automatically at last instance HMI • CA protection remains even if there is a C2 link loss
18
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
D&A COLLISION AVOIDANCE CONCEPT Protected Volume
CV – Collision Volume
CV + uncertanties
Intruder
When the manoeuvre prediction indicates last chance to resolve the situation without CV breach (incl margins) the manoeuvre is activated automatically
A manoeuvre is continuously calculated and evaluated against the Collision Volume
RPAS
MIDCAS flight test HMI video (Radar + EO)
19
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
SENSOR PERFORMANCE Flight testing of D&A system in the MIDCAS project Typical Sensor tracking performance in flight • ADS-B: over 15 NM • Radar: around 5 NM (8000-9000 m) • EO: ranging from 8- 5 NM (15000-8000 m)
EO video - intruder below
EO video – CA with intruder above
EO video – loitering against sun reflex
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
REQUIREMENTS AND SAFETY
21
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
MAIN REQUIREMENTS FOR A SAFETY ENHANCING SYSTEM 3 mother requirements: • “Do good” ‒ Warn and/or engage automatic maneuver when a collision is imminent
• “No nuisance” ‒ No unnecessary warning or maneuver
• “Do no harm” ‒ Do not cause a catastrophic event when no danger was present in the first place
• The most important of these 3 is … ‒ No nuisance
22
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
DEFINITIONS AND CLASSIFICATIONS • Classification of failure conditions by severity of effect ‒ Catastrophic, Hazardous, Major, Minor, or No Safety Effect ‒ A Catastrophic Failure condition is one which would result in multiple fatalities usually with the loss of the aircraft
• Definition of Probability Terms ‒ Extremely Improbable, Extremely Remote, Remote, or Probable ‒ An Extremely Improbable failure condition is one so unlikely that it is not anticipated to occur during the entire operational life of all airplanes of one type. ‒ Quantitatively, these probability ‒ Extremely Improbable ‒ Extremely Remote ‒ Remote: ‒ Probable:
terms are defined as follows: 10−9 or less 10−7 or less 10−5 or less more than 10−5
23
COMPANY RESTRICTED | NOT EXPORT CONTROLLED | NOT CLASSIFIED
SAFETY OBJECTIVES Quantitative ‒ The acceptable safety level for equipment and systems as installed on the aircraft are established as an inverse relationship between Average Probability per Flight Hour and the severity of Failure Condition effects: ‒ Failure Conditions with No Safety Effect have no probability requirement. ‒ Minor Failure Conditions may be Probable(>10−5) ‒ Major Failure Conditions must be Remote (
