Customer

The Future Flight Challenge (FFC) is a UK Research and Innovation (UKRI) programme that supports the UK development of new aviation technologies such as freight-carrying drones, urban air passenger vehicles and hybrid-electric regional aircraft that will transform the way that people and goods fly. The FFC also supports the development of the ground infrastructure, regulation and control systems required to use these new aircraft safely.
UKRI is a non-departmental public body that brings together the seven disciplinary research councils, Research England, which is responsible for supporting research and knowledge exchange at higher education institutions in England, and the UK’s innovation agency, Innovate UK. It is sponsored by the Department for Business, Energy and Industrial Strategy (BEIS).

Context

The FFC identified that, as new aircraft and systems are introduced, the aviation safety risk landscape could change fundamentally. Autonomous aircraft will mix with electrically powered vertical take-off and landing (eVTOL) air taxis and drones in a myriad of applications. Not only will the types of risk change but the way they are assessed and managed may have to change to maintain or enhance the required level of safety. The FFC therefore contracted us to investigate this issue and to determine how safety can be assured in the future environment.
Our work for UKRI analyses and documents the potential developments in Future Flight (FF) that will influence safety and identifies the activities required to address the safety impacts – especially those activities that will have a significant impact on the development of the future aviation system. It was jointly produced by Egis and the University of York.

Role of Egis

The nature of the FFC is such that an extremely broad range of topics could potentially be included within the scope of this work. This study focused on the areas considered to be most relevant to future aviation safety. In particular, areas that match the objectives of the FFC in promoting the UK’s role in building, using and exporting greener and more efficient modes of air transport through advances in electric and autonomous flight technology.

To structure the analysis, a set of future scenarios was defined representing the evolution of the (future) aviation system over different time horizons. These scenarios represent a realistic progression of the technological, operational and regulatory aspects of the aviation system as it seeks to address the future transport needs of society in a cost-effective manner.

A novel approach

We used a novel approach of defining the scenarios with actor-interface diagrams permitting a complex system to be presented in a simple-to-understand style. An extract from one of the diagrams is shown in Figure 1.

Illustrates the approach taken to map the different actors in the aviation system
Figure 1 – Example Actor Diagram

Within the future scenarios, we defined use cases centred on drones, Urban Air Mobility (UAM) and Regional Air Mobility (RAM). The use cases describe the primary applications of new flight technology which are relevant to the scope of the FFC. In addition, we identified a set of transversal themes which are relevant across all scenarios and use-cases. The transversal themes are topics which have a particularly significant impact on future aviation safety and are shown below:

  • Safety management of complex systems
  • Integrated risk and safety management
  • Role of the human and autonomy
  • Supporting infrastructure.

This approach allows for different categories of use case to be represented whilst also recognising that certain core themes related to technology development and risk management will also evolve across time horizons.
The analysis was based on two approaches: the application of the complex systems framework developed by the University of York and the use of bowtie analysis. This twin approach recognised that the aviation system already now, and certainly in the future, is complex. The term “complex” in this context means that the system exhibits behaviours and characteristics that cannot be adequately predicted using traditional linear analysis methods. It requires the adoption of a different approach, analysing the system at several hierarchical levels, as embodied in the safer complex systems framework.

The bowtie analysis complements the more strategic complex systems framework approach by analysing specific hazards at a detailed technical level. The bowtie approach uses a notation that is widely adopted across many industries and is therefore familiar to safety and non-safety professionals.

First application of a Safer Complex Systems Framework

This project was the first practical application of the complex systems framework1 which enabled a systematic analysis of the impact of complexity on the future aviation system through consideration of the following layers:
Governance – specifically regulatory and policy roles.
Management – organisational activities and processes that contribute to the safety performance of systems (eg. safety culture and contracting).
Task and Technical – the operation and use of systems.

The framework has six major elements as shown in Figure 2:

Flow diagram showing the elements of the Safer Complex Systems Framework
Figure 2 – Safer Complex Systems Framework Elements

The FF analysis identified the key constituent factors within each element of the framework that are relevant to the FFC. Priority was placed on design-time controls and operation-time controls as these were used as a basis to identify the key recommendations and activities which FFC stakeholders should consider in order to manage the safety challenges of complex systems. Recommendations and activities are focussed on actions that could start in the short term and can be applied to a range of different aviation stakeholder groups including:

  • Governance organisations (policy and regulation).
  • Standards/professional bodies, industry organisations (current aviation and other industries on which aviation depends – eg. communications industry organisations).
  • New entrants.
  • Current aviation industry.
Bowtie Analysis

We also used the bowtie modelling concept2, a method adopted across many safety-critical industries to convey risk information to a variety of stakeholders. It is a flexible approach that can be applied at different levels of detail and does not require a detailed system or concept knowledge to bring value and insight. It is therefore ideal as a tool for understanding risk at a conceptual level for programmes early in the development lifecycle and hence is well suited to the FF programme.

The bowtie approach was used here to achieve the following objectives:

  • Understand the impact of FF on the risk of existing UK aviation operations in the short term.
  • Understand the new hazards and risks associated with FF in the longer term.

The team examined the impact of risk on existing UK aviation operations starting from the CAA’s Significant 73 bowtie models. The expected changes in the short-term scenario associated with an increase in drones and initial UAM activity were added to the Significant 7 in the form of new threats and new controls to understand potential changes in hazard and consequence frequencies.

Figure 3 shows how the bowtie diagram was updated (shown in turquoise) to account for increases in drone activity with two new threat lines and the associated controls (risk mitigations).

Updated bowtie diagram accounts for increases in drone activity with two new threat lines and the associated controls
Figure 3 – Extract of example bowtie diagram showing drone impacts

Our analysis of new hazards and risks used a combination of the Significant 7 hazards and new hazards that reflected the significant changes associated with the long-term future of the UK’s aviation system. The intention here was to identify, for each hazard, the key controls from a preventive and mitigative perspective that can reduce the risk associated with the consequences of each hazard. Examples of new hazards analysed include:

  • Landing Area Excursion – VTOL Aircraft Operations
  • Loss of Control due to Malicious Takeover of Flight Control System

A full bowtie model created to assess one of the new hazards is shown in Figure 4 and illustrates the full range of threats (blue boxes) and consequences (red boxes) linked to the hazard (in the centre).

Full bowtie diagram illustrating new long-term scenario hazard
Figure 4 – Full bowtie diagram for new long-term scenario hazard

The controls (preventive or mitigative actions) that reduce risk within each of the hazards were then subject to a detailed assessment against a range of key characteristics predicted to change significantly with FF; things such as traffic density, pilot autonomy, aircraft mix, air traffic management autonomy etc. From this assessment we derived requirements for the technical capabilities of the systems needed to deliver those risk-reducing controls.

The study was supported by a working group comprising experts from across the aviation industry who validated the outputs through a series of interactive workshops. This helped ensure that study conclusions were realistic, practical and addressed the key issues.

Results

The output of this ground-breaking project was an initial safety framework, with a particular focus on the top layers of the argument and constructed in the goal structuring notation (GSN) language that is familiar to many safety professionals. The framework identified a set of goals relating to the required safety outcomes of the future aviation system.

Figure 5 – Top level argument for the FF Aviation Safety Framework


These goals were based on and informed by current aviation safety performance and FF activities. The framework also comprised a set of arguments and evidence with the potential to satisfy those goals. Further evidence will result from activities or tasks to be progressed as part of future work.

The framework was supplemented by recommendations aimed at developing the necessary controls and risk mitigations within the overall aviation system design, to enable the UK’s aviation system to achieve an acceptable safety performance. The recommendations are traceable to the detailed analysis provided as part of our study.

This study provided UKRI with an initial safety framework and a series of recommendations that address all aspects of the UK’s future aviation system. This has been an important first step in defining the key priorities and actions for future work programmes to enable the UK to safely realise the benefits of the future aviation system.
The study was unique in that it identified key safety issues across the full breadth of the future aviation system, including all relevant regulatory, operational and technical elements. It provided guidance across multiple levels of industry, including governance organisations, existing aviation organisations as well as new entrants to the aviation industry. It required an in-depth understanding of the aviation industry and the (safety) challenges associated with future developments, as well as detailed technical and operational knowledge.


1 Safer Complex Systems: An Initial Framework, S Burton, J A McDermid OBE FREng, P Garnett, R Weaver, University of York, July 8, 2020.

2 CAA Introduction to Bowtie

3 CAA Significant 7 Bowtie Templates Library

Share on

Richard Derrett-Smith

Richard Derrett-Smith

Principal Consultant

+44 1252 451 651