Analysis of Loss of Control Parameters for Aircraft Maneuvering in General Aviation

Ud-Din, Sameer; Yoon, Yoonjin

doi:https://doi.org/10.1155/2018/7865362

Journal of Advanced Transportation

On this page

Abstract Introduction Conclusion Abbreviations Disclosure Conflicts of Interest Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2018 | Article ID 7865362 | https://doi.org/10.1155/2018/7865362

Analysis of Loss of Control Parameters for Aircraft Maneuvering in General Aviation

Sameer Ud-Din¹and Yoonjin Yoon¹

Academic Editor: Zhi-Chun Li

Received09 Oct 2017

Accepted25 Dec 2017

Published18 Feb 2018

Abstract

A rapid increase in the occurrence of loss of control in general aviation has raised concern in recent years. Loss of control (LOC) pertains to unique characteristics in which external and internal events act in conjunction. The Federal Aviation Administration (FAA) has approved an Integrated Safety Assessment Model (ISAM) for evaluating safety in the National Airspace System (NAS). ISAM consists of an event sequence diagram (ESD) with fault trees containing numerous parameters, which is recognized as casual risk model. In this paper, we outline an integrated risk assessment framework to model maneuvering through cross-examining external and internal events. The maneuvering is in the critical flight phase with a high number of LOC occurrences in general aviation, where highly trained and qualified pilots failed to maintain aircraft control irrespective of the preventive nature of the events. Various metrics have been presented for evaluating the significance of these parameters to identify the most important ones. The proposed sensitivity analysis considers the accident, fatality, and risk reduction frequencies that assist in the decision-making process and foresees future risks from a general aviation perspective.

1. Introduction

Aviation accidents are recognized as the most tragic accidents among all modes of transportation because of their serious nature and high number of injuries and deaths. Nevertheless, the increase in air travel over the past decades reflects consumers’ recognition of air travel as the safest and fastest mode of transportation. An accident can happen any time in aviation due to various factors: aircraft types, flight crew skills and experience, environmental changes, and so forth. A flight is categorized on basis of its purpose (e.g., commercial, private, or military) and operation (agriculture, sightseeing, herding, air ambulance/emergency medical services (EMS), and border surveillance).

Traditionally, commercial aviation has been given much importance because it involves a high number of operations and consumers. It has been favored in the development of advanced and sophisticated safety measures, which has resulted in a decline in air accidents. On the other hand, operations in general aviation (GA) have increased over the past decades, resulting in an increase in accident rate: “six times higher than for small commuter operations and 40 times higher than for transport category operations” [1]. Increases in the occurrence of GA accidents have raised concerns [2]. The Federal Aviation Administration (FAA) has established a General Aviation Joint Steering Committee (GAJSC) to investigate [3, 4] and provide suggestions and recommendations for mitigating accident rates [5].

Different aviation communities have worked on upgrading safety parameters by categorizing flight phases as follows: takeoffs, landings, traffic patterns, stalls, altitude recovery, controlled flights into terrain, and. [6]. The GAJSC has identified that loss of control (LOC) accidents usually occur due to poor practices of the flight crew and account for 70 percent of fatal accidents [7]. The Joint Safety Analysis Team (JSAT) has defined LOC as “significant, unintended departure of the aircraft from controlled flight, the operational flight envelope, or usual flight attitudes, including ground events. The term ‘significant’ applies an event that results in an accident or incident. This definition excluded catastrophic explosions, CFIT, runway collision, complete loss of thrust that did not involve loss of control, and any other accident scenarios in which the crew retained control. This does include loss of control due to aircraft design, aircraft malfunctions, human performance, and other similar cases” [8].

The FAA has approved an Integrated Safety Assessment Model (ISAM) tool for evaluating safety in the National Airspace System (NAS) for current and NextGen proposals. It consists of a set of an event sequence diagram (ESD) and a fault tree (FT) for capturing specific scenarios. Factors quantified in a probabilistic model consist of organizational, human, technical, and environmental factors. It has achieved safety improvements without undermining the benefits of efficiency and capacity. The baseline risk assessment evaluates the system impact on the basis of historical data that provides an opportunity to value its impact with or without systems integration, for example, air traffic, airport, vehicles/aircraft, and operations [9]. The work of developing ESDs for different accident scenarios was accomplished by the Fault Tree Working Group (FTWG) under supervision of Safety System Management Transformation (SSMT). They played a critical role in formatting the European effort into US-based standards and filling gaps with events that were missed [10, 11].

The LOC has accounted for high casualties and death rates for decades but gained prominence recently [12]. Half of aviation accidents have been estimated to occur in conjunction with loss of control [13]. Currently, the LOC is considered as a top category because its occurrence has escalated nearly twice [14], which means that the factors involved in such occurrences have widened over time [15]. Loss of control (LOC) accidents occur due to integrating multiple parameters of various scenarios. The flight phase in which loss of control commonly governs includes approach, landing, initial climb, and maneuvering. The GAJSC has decided to focus on approach and landing flight phases in order to serve three main communities of GA: Reciprocating (Recip), Turbine, and Experimental Amateur-Built (E-AB) [7]. In light of this, many studies have been carried out recently covering the single engine [16–18], multiengine [19, 20], pilot error [16, 19, 21], and pilot-related (instrument-certified and noncertified private pilots) [20, 22] topics. The human behavior traps related issues have been discussed in the studies [23–32] covering factors such as age, certification level, and effect of total flight hours on pilot’s performance. It can state that a confusion and ambiguity exist among various researchers for getting consensus on behavioral traps findings. The limitation of previous studies reflects a postimpact event or risk factors instead of dealing with the initiating event that led to a fatal accident. The second limitation is that the previous studies cited general (e.g., pilot error, pilot-related, engine, and multiengine) but did not cover specific causes. It is most important to know specific causes rather than general aspects because it is necessary to focus on mitigation measures that indicate the need for training or evaluating standard operating procedures and or equipment.

The maneuvering flight phase is the most vulnerable to loss of control, where a highly trained pilot failed to main aircraft control irrespective of the preventable nature of an event. The study in [24] has recommended including external factors for evaluating flight crew performance. The objective is to extract the most important parameters within a system. We outline an integrated risk assessment framework to model the maneuvering phase through cross-examining external and internal events. This probabilistic safety model is followed by the importance measure and sensitivity analysis and finally the conclusion.

2. Probabilistic Safety Assessment

Probabilistic Safety Assessment (PSA) is a tool to assess the event risk in the system design. It was adopted and previously used to investigate the most sensitive parameters in mechanical and nuclear facilities [33]. A scenario is a representation of specific chain of events where certain parameters are structured in the form of a tree. The sequence starts with an initiating event, followed by pivoting events, and finally concludes in the end state. The tree branches are scattered on the basis of success or failure of the parent event. It leads the tree traces into a highly valuable casual path that continues until its end with no more consequences left (e.g., system okay, partially damaged, or destroyed). The FTWG has developed a list of 35 ESDs for ISAM based on accident scenarios of which 33 concerned the Casual Model for Air Transport Safety (CATS) [10].

The fault tree branches represent components in a system (e.g., may or may not function). The details are extracted from fault trees by tracking them down to the main root cause (e.g., system failed to respond, activated, and operate). Each node at which the branch divides is governed by gates “OR” and “AND” based on eliciting status that is linked with the top fault tree event. The probabilities are assigned on the basis of events that contribute to upper event probability and continue to the top main event. We used the ESD of controlled flight into terrain (CFIT) to model the maneuvering phase. The pivoting event categories of CFIT remained the same for the aircraft maneuvering phase, that is, loss of situational awareness (LSA) and crew resource management (CRM). We populated events under pivoting event trees representing event scenarios (externally and internally) for aircraft LOC. In Figure 1, we detail a mapping approach for aircraft maneuvering in LOC-I.

This study used the mapping approach to reflect maneuvering parameters in internal and external events for safety risk assessment. The external and internal events influence each other and are calibrated into event tree and fault tree to reflect accident progressions in sequence scenarios within a system. Thus, external events map the internal events on the basis of accident progression. In case of similarity in accident progression, the same ET would be used to represent the scenario as an internal event. While having different accident progressions, the initiator of the ET is replaced with an external event by mapping internal initiators into them. In addition, the failure of several components by external events may invoke system effects that reflect an external FT and an internal event FT. This is explained using a simple example with the Boolean algebra equation of Figure 2.

The two risks in a PSA model are described by a failure’s sequences represented as “System A failure” and “System B failure.” The triangles in Figure 1 represent the lower fault tree for particular event nodes as elaborated in Figure 3.

In continuation of the main PSA model, the two systems of ET and FT resulted in a one-top FT event which presents all accident sequences and the system failure model, reflecting a wide angle under a single identity. The calculation of Boolean’s operation would give a minimal cut-set for the entire system as shown in Figure 4. Mathematically,Let us assume external events as GC-UA and FC-LSA-EAC and internal events as FC-UA and FC-LSA-ICC. The system is modelled as follows:In aviation, many events can be recognized as external events, for example, bird strike, electrical surge, high frequency wind, typhoons, obstacles, and tides. In continuation of simple mapping method, a routine iterative process was adopted to model the external event forming a framework [34, 35]. In this way, we achieved a transformation of initiating events into different components. Equation (3) will give minimal cut-set value as follows.In this study, we adopted the above method, where external events are modelled as a single identity in order to apply fault tree principles.

3. Common Cause Failure-Alpha Model

The events are modelled as explicit (independent) in the above approach. However, this approach did not represent a true picture because the events showed dependency and shared causes in component failure [36]. Ignoring the contribution of an event under the same label within multiple components may fail to reflect true system sensitivity and in consequence result in underestimation of the risk calculation [37]. The limitation of conditional probability is that it assigns the same impact value to both situations. However, the event carries the ability to respond differently in various situations under the same label. The CCF quantification used in determining model complexity, system reliability, and risk estimation have certain components that have a shared failure. Different methods are used to quantify CCF: alpha factor, beta factor, and Multi-Greek Letter (MGL). The alpha factor model is probabilistically complex due to its explicit modelling nature. It is considered to be more accurate than others because it allows suballocation to several end states, while the beta factor model did not allow intermediate events failure criteria and assigning the same baseline probability value to common label events. This provides a background for giving preference to using the alpha model for this study over the beta model.

We went further by applying a nonstaggered testing method. In continuation of the above example, a component group size “” and a maximum likelihood estimator , the alpha factor for total number of nonstaggered testing episode is calculated asLet us assume that, for a common cause group of four , the individual failure combinations are calculated as follows:Alpha () can determine nature of component failure. Let us assume lambda () as the failure rate; then the failure rate and α = 0 represent the component as independent, whereas failure rate and α = 1 represent components that are correlated. A total system probability failure is calculated asThese four components comprise fifteen failure combinations. For explanation, let us assume that A, B, C, and D represent four components as shown in Figure 5:(i)All four components failing independently (i.e., , , , and )(ii)Two independent failures in six combinations and two CCF components (i.e., , , and combination)(iii)Two CCF failures in three combinations and two other CCF components (i.e., and combination)(iv)One independent failure in four combinations and three CCF components (i.e., and combination)(v)All four CCF component failures in one combination (i.e., combination)

The PSA model supports an independent occurrence of a basic event, which is where it differs from the CCF model. The CCF failure effect on the fault tree model negates some of the benefits of redundancy, where redundant elements or components provide extra protection against failures. Thus, CCF assists in estimating intermediate failure and defining the common cause failure to multiple end states. The cut-set method is used to rank the top even probability which is derived from basic event sets. The system unreliability is obtained by calculating the probability of every minimal cut-set as . This is a challenging task, where it computes probability from the union of two events. Each minimal cut-set has a representing upper bound on the system unreliability. This gap is filled by introducing a binary decision diagram (BDD) that resulted in the top fault tree event probability.

4. Binary Decision Diagram (BDD) Model

BDD method graphically represents data in the form of binary tree and is proposed for the reliability analysis [38]. It investigates various logic models [39–42]. It calculates exact probability of top event because it does not rely on approximations (e.g., truncation, rare-event approximation, and delete-term operation of negations) [43]. We used BDD application to phase missing reliability analysis, as explained in [44–47], which serves for system evaluation. The BDD process is explained with the help of a simple example as shown in Figure 6. The BDD consists of technical nodes in the form of 0-1, where 0 represents the system success and 1 represents the system failure, and it follows nontechnical basic nodes. Each nontechnical node is further converted into 0-1 braches, where 0-branch states the working condition (event did not occur) and 1-branch states the nonworking condition (event did occur-fail).

The conversion process from the fault tree to the BDD is completed in two steps. First, the fault tree is converted into a binary decision, for example, an if than else structure with Boolean operator “”; if true then consider “” function; else consider “.” The first step is the assignment process of each basic event into “if than else.” In the second phase, a bottom-up approach () is considered to incorporate gates and the top event as shown in Figure 7.

The equation for pivoting event 1 will be It can be understood with help of an example by rewriting the gates and top events used in Figure 7 in the form of an “ite” structure using operations as follows.

LetFor event ,If event ,, , , .

Apply the above rules on the gates, where the above equation will beIn this example, the top event is caused by event and CCF. The probability of top event is calculated through tracking down all disjoint paths (e.g., () and (non-CCF, , , )) leading to terminal nodes indicated as “1.” However, each disjoint path probability is calculated by multiplying probabilities of the base event, either failure or success in a path, for example, CCF and . Moreover, the top event probability is the sum of all disjoint paths on the BDD [48] as shown in Figure 8. To apply this system on a multiple fault tree, we adopted the following steps as suggested in [48]:(i)First, conversion of every fault tree to a BDD(ii)Second, BDDs to DBDDs conversion for a nonoccurrence case(iii)Third, paths to each end state and integrate BDD with BDDs and/or DBDDs(iv)Fourth, evaluating these combined BDDs

5. Event Sequence Diagram

We developed a list of parameters for the maneuvering phase based on NTSB investigation reports of accident occurrences. These parameters were used in developing fault trees for event scenarios that have outcomes in successful and failure/partially successful situations. Various initiating events are modelled as a component node under an integrated framework forming an event tree as discussed earlier. For example, ice/snow, inadequate wind compensation, and so forth can create problems in crew performance, engine seize, malfunction, and others. Each node in a tree represents a component with a breach of its system safety, which determines the flow chain on each node. The baseline events nodes for the maneuvering phase are listed in “Possible Baseline Fault Tree of Maneuvering Phase Nodes for GA Inflight LOC” in Abbreviations. However, a complete list of fault tree events representing all nodes is enclosed in “Possible Fault Tree of Maneuvering Scenario Nodes for GA Inflight LOC” in Abbreviations.

The assignment of risk and risk reduction measures in the fault tree requires a supplementary step, wherein failure modes are processed with hazard identification. The list of hazards is categorized into four groups: technical, environmental, organizational, and human factors. The mapping of categories in an event serves the purpose of ISAM integration and validation. The assignment of hazards to the base event/parameter can be understood by a communication failure example as shown in Figure 9.

In next phase, this study will proceed further by assigning probability in order to quantify the maneuvering ESD and fault trees based on a historical dataset. The data used is from 2008 to 2015. The accident data and investigation reports for GA flights in the United States were extracted from National Transportation Safety Board (NTSB) investigations [49], which is one of the recommended and authentic sources for US aviation accidents historic database pertaining to general aviation. The other sources of aviation accident data collection for US territory have been shared and integrated under a system named FAA’s Aviation Safety Information Analysis and Sharing (ASIAS). The data has been shared by the members of airlines in collaboration with the Aviation Safety Reporting System (ASRS, voluntary reports), the Flight Operational Quality Assurance (FOQA, recorded data), other data sources like NTSB investigations, and so forth [50, 51].

6. Integration Safety Assessment Model

The ISAM is one of the recommended toolsets and methods to evaluate risk parameters for air transportation [52]. Basically, ISAM includes two models, the casual model and the influence model, where the casual model consists of a historical dataset. The structure of the casual model is based on the casual mode for Air Transportation Safety and the Integrated Risk Picture for Air Traffic Management [53–55]. The influence model is oriented to forecast future risk, where parameters are processed with hazards to obtain the probability of an event consequence, which shows the fatality probability of an event for a certain accident. For any event, the hazard values cover technical, environmental, organizational, and human factors. In this study, we adopted ESD for “controlled flight into terrain” scenario in [56] to present maneuvering parameters using an integrated framework.

An advantage of using a casual model is its hybrid nature, where ESD and FT express event scenarios working side by side as shown in Figure 10. The triangles in Figures 1 and 10 indicate a presence of FT underneath a pivoting event. Generally, initiating and end states of ESDs are populated with frequencies, while pivoting parameters rely on conditional probabilities, as explained in Figure 11. The frequencies are derived from historical accident and incident data.

7. Importance Measure Matrices

There are many methods to estimate importance measures to identify top significant events in a system [57–60]. In this study, we used three renowned importance measures as shown in Table 1. The measures are considered as the most frequently used [61–63]. Additionally, they are commonly used for risk achievement indicator. represents basic risk: the frequency of accidents in the baseline case. risk is when the th event value is 0 (e.g., the frequency of accidents when the probability of a single event “i” is changed from its baseline value to 0). And risk is when the th event value is 1.

The probabilities representing the event significance are conditional to baseline event probabilities that are derived from historical dataset. Some events are assigned a zero value based on their nonoccurrence, which did not mean that they have a true probability value to be zero, because it may occur in future.

The factorial design approach is considered to be less sensitive to baseline values. It analyzes the effects of several parameters for dependent variables. Each factor consists of a high level and a low level value. The full factorial design is helpful in understanding relations between parameters through reflecting variations in parameters. We applied the factorial design model to each fault tree event in order to obtain events with a high effect on the maneuvering scenario. In this regard, recent studies on the aviation safety model have used a factorial design on parameters to evaluate sensitivity [64, 65]. The steps to adopt factorial design are the following:(i)First, identify low and high probabilities for each event, where 0 represents low value and 1 represents high value.(ii)Second, work out all combinations of event probabilities for accident frequencies.(iii)Third, an event effect on accident scenario is computed by calculating the difference in the average accident frequency of low probability from the average accident frequency of high probability.(iv)Fourth, rank each event’s effects.

The advantage of factorial design over others is that the results are based on the high and low values of each factor (i.e., 0 and 1 probability) rather than being dependent on baseline values. In the following section, we discuss the results of accident frequency, fatality frequency, and risk reduction frequency, based on aforesaid importance measures.

7.1. Accident Based Frequency Results

We applied importance measures in the model to identify significant parameters. A similarity is observed in results of RRW and factorial design, which are quite different from FV as shown in Figure 12. The results identified top ranked events as “aircraft inability to avoid stall,” “obstruction, fatigue operations, and ostentatious display,” “poor manual flight control,” and “inadequate flight procedure.”

The reason for the difference in FV results from others is FV’s criteria for the closeness to zero. It indicates a limitation where it coincides with the base value, for example, the accident frequency when the probability of a single event “” changes to zero (i.e., ). It can marginalize those events that may happen in the future. Due to this limitation, we did not pursue it further in analysis. The less significant events are found to be the “maintenance failure component,” “without supplement oxygen at high altitude flight,” and “inadequate construction of component by factory.”

7.2. Fatality Based Frequency Results

It is understood that event frequency is not the same as consequences. The accident consequences can distinguish from frequency by determining the probability of an accident fatality. The fatality probability shows the probability of an accident event to occur. The fatality probability data is comprised of hazard estimation values for parameters. For maneuvering phase parameters, we used a checklist to estimate fatality risk that was published in the Flight Safety Foundation (FSF) handbook on risk management [66]. The risk values are estimated on the basis of warrant distribution (e.g., aircraft type operation, altitude/location, crew, and weather/night) offered by parameters of a flight-sector or leg (e.g., surrounding approach/departure controlled capabilities, lighting, and pilot skills). They are enclosed as Table 2. The fatality frequency is the product of fatality probability and accident frequency. The logic and other data remain the same for computing the importance measure based on fatality frequency, using a nonzero value instead of a zero probability.

We noted events with high risk, “CCF (unable to avoid stall, inadequate speed),” “poor manual flight control,” “certification/inadequate remedial action/lack of experience,” and “inadequate flight procedure,” to be significant as shown in Figure 13. We also determined that many of the events were computed as having the same importance measure because of the baseline probabilities and fault tree structure. Therefore, an explicit ranking of events was not deemed to be fruitful. The findings are as follows:(i)Mostly used gates in a fault tree are “OR” gates. In case of “AND” gates, the events become less significant because they only occur with a condition of failure of both underneath events, which makes a subevent less important.(ii)Under a fault tree structure, the importance measures are the same for events of “0” probability.(iii)In order to determine significance of component, one risk importance measure could be sufficient. Based on the above-mentioned discussion, we will proceed with factorial design in the following analysis work as it relies on high and low value rather than being dependent on the baseline value.

8. Overall System Analysis

The objective of this study would not be complete without considering the combined impact of events. An event pertains to a tendency to interact with others in various order forming groups. For example, “health and drugs” can influence performance of other parameters: “inadequate flight procedure,” “inadequate wind compensation and prefight weather planning,” “inadequate control speed,” “communication failure,” and so forth. In this way we formed various groups of events based on influencing the nature of each event, which are called “combined influence events.” Based on the results, we have listed in Table 3 the ten most frequently occurring events.

The result parameters and logic change due to a shift in event behavior from individual to a combined influence. It is based on amplifying the frequency of events to multiple times. We used the sensitivity analysis tool to calculate the relative change in frequency, assuming a simultaneous increase in a probability of 1 percent across all relevant events mathematically.We assigned the probability of each event to that in combination by incrementing its value to 1%, and this continued to cover all events across matrices. An example of such calculations is shown in Table 4.

The events are combined in a various order based on their compatibility and interaction. An event having the same feature may be represented under different scenarios. However, a relative change in the baseline value of event influences the group of parameters without affecting the baseline value of the same label events under different groups of parameters. We incorporated a relative change of 1 percent in an event to model an impact under considered parameters by assuming that an improvement in one event would produce the same impact on other events within the same group of parameters. However, we realized that an event cannot be totally either dependent or independent but the truth lies somewhere in between and requires further research.

8.1. Accident Frequency Results

The “health and drugs” event is ranked as a top sensitive event as shown in Table 5, where an increment of 1 percent in probabilities of the events could increase the overall accident frequency by 85%. “Poor manual control” and “inadequate flight procedures” are the next important events. Among various types of drugs, the most common are sedating antihistamines and diphenhydramine, where the proportion of usage has increased over time [67]. Drugs include various forms, for example, prescription medications, potentially impairing drugs, controlled substances, and illegitimate drugs.

However, some events have gained significance irrespective of low accidental frequency, for example, “communication failure b/w cockpit and ATC.” It is shown that the event is highly active in combining various groups. Therefore, we can state that event relative frequency determines whether an event is significant or not.

In Figure 15, we modelled the effect of CCF in our results. “Inadequate control, speed per aircraft type” appears to be the top significant event. It reflects how a CCF model could affect the increasing overall accident frequency from 0.87 to 0.99. In addition to that, we noticed the rearrangement of events in significance ranking as shown on Table 6. This shows that we are not able to present a true picture without considering the CCF effect. In the rest of the analysis, the results are presented by integrating the CCF model. The next significant events are observed as “certification/lack of experience” and “encountering microburst and air turbulence.”

The result indicates top significant event as “health and drugs” for pilot pitfalls resulting in CRM events (i.e., “poor manual flight control” and “inadequate flight procedures,” as shown in Figure 14). However, incorporating CCF model indicates that the significant event governing for LOC-I during maneuvering phase of flight is “certification/lack of experience” as shown in Figure 15, which is responsible for expediting CRM events (e.g., inadequate control, speed, encountering microburst, and turbulence and improper installation of component).

8.2. Fatality Frequency Results

In continuation of the above logic and baselines values, the results indicate the top significant event as “inadequate control, speed, and aircraft type” as shown in Figure 16. The other significant events are “certification/inadequate remedial action/lack of experience” and “improper installation of component.” These events are highly sensitive to change. Any change in a system is subjected to safety risk assessment because it may introduce a new risk. This provides a background to do analysis on risk reduction measures. It assists in identifying those weaknesses, where risk reduction measures are not able to respond to hazards.

Based on the above-mentioned discussion, we can state that certification/lack of experience and health and drugs are most significant pitfalls that influence pilot’s behavior in neglecting or violating standard operating procedures (SOPs) related to aircraft control and speed and operational procedures. Additionally, the events of improper installation and maintenance problem can play their role in triggering aforesaid events, irrespective of their rare occurrence. Overall, we concluded that there is a need to adopt mitigation measures in handling events of certification/lack of experience and health and drugs.

9. Risk Reduction Frequency

In most cases, events with high frequency are given importance for adopting mitigation measures, which is not always the right approach. The risk reduction assignment would help in investigating weaknesses in current practices. The loopholes in a system could be comprised of any one factor from the following:(i)They failed to address the hazard.(ii)They did not exist because of new system improvements.

We applied risk reduction measures based on current practices. They will help in differentiating events with risks which are either manageable or unmanageable. Manageable events are those events that are less significant after risk reduction is applied and vice versa. The current practices are comprised of flight standards, hazards awareness and training, company culture, and aircraft equipment as shown in Table 7. These are published in Flight Safety Foundation (FSF) handbook on risk management [66]. Table 7 assists in calculating the probability of reduced risk for an event. We determined from our earlier discussion that the explicit ranking was not fruitful. Therefore, we proceeded with results considering the overall system approach.

9.1. Risk Reduction Frequency Results

The top significant events are obstacles, fatigue operation, and ostentatious display at low altitude as shown in Figure 17. These are followed by “low visible flight and IMC,” “improper weight and balance,” “health and drugs,” “noninstrument rated pilot enter IMC,” and “incorrect situational guidance.” Certain events were found to have a drop in their significance value compared to their earlier results. These events are “inadequate wind compensation and preflight weather planning,” “inadequate control, speed, and aircraft type,” “certification/lack of experience,” and “encountering microburst and air turbulence.” Some events are recorded with negative and zero sensitivity, which indicates that those events would play a negligible role in the occurrence of a LOC during a maneuver. From these results, we concluded that there is a need to develop operating procedures specifically for maneuvering phase of flight addressing obstacles, fatigue operations, and ostentatious distraction.

10. Conclusion

The fault tree has a limitation where it uses binary characters (occur or not occur) for quantification. It is unable to differentiate an event that almost happened but did not happen from those events that almost never happened. The event nodes can be made complex by enhancing binary to mixed double algorithms, which could make the system structurally complex. To avoid this complexity in a fault tree, it can be suggested to accommodate it in ESDs for simplicity. We have concluded that the individual handling of events may not reflect efficiency, productivity, and consistency in a model. It requires a holistic risk-informed approach to achieve accuracy, as mentioned earlier.

As per our understanding, this study is the first to evaluate loss of control parameters pertaining to the maneuvering phase in GA, where an integrated framework was adopted to cover various internal and external events having different scenarios. This logic reduces the likelihood of an event being ignored. We have presented matrices reflecting significant parameters. These parameters were further studied by sensitivity analysis by considering accident frequency, fatality frequency, and risk reduction frequency. Among different importance measures, factorial design was given preference because it was based on the high and low value of an event, rather than relying on baseline values. The overall system impact approach was used to calculate the combined influence event approach in order to counter the limitation of the fault tree structure. Based on the results, we concluded that events sensitivity is not an absolute term that varies with event interpretations in different groups and scenarios. However, we did not cover the relationship of event counts with their importance, which is beyond the scope of this study.

We identified that the most significant events that contribute to maneuvering accidents are obstacles, fatigue operations, insufficient situational guidance, and low visible terrain. These events have a catalyst effect in triggering other events, especially at low altitude fight operations. Without considering these parameters, it is difficult to manage loss of control in the maneuvering phase. The risk reduction approach indicated that the current procedural practices are good enough to counter certain risks associated with flight crew performance and equipment operations. It reflects a need to enhance crew training to counter incapacitation and distractions. However, it is difficult to justify risk reduction measures related to changes in environment and weather due to uncertainty, while event pertaining to flight crew negligence (e.g., health and drugs and license/certification) requires policy-based initiatives to enforce risk reduction measures by either a carrot or a stick, for example, policy initiative to stop the availability of over-the-counter drugs and establish a mechanism for routine tests for all types of drugs. In addition to that, studies on equipment performance have suggested autonomous equipment measures to handle loss of control [68]. There are two schools of thought within aviation stakeholders. One favors improving safety through autonomous system measures and the other supports controlling the authority remaining to the aircraft crew [69].

Currently, many ideas are floating around regarding unmanned air vehicles (UAVs)/drones and flying vehicles that operate at low altitude. These ideas are considered as the future mode of transportation, where many GA operations will be replaced with drone technology for various applications, for example, border control, surveillance, logistics, agriculture, fire management, and relief work. For these reasons, we can foresee the aforesaid highlighted parameters could be responsible for loss of control during maneuvering of drones. However, many additional parameters will be required in studying the drone perspective, for example, malfunction of batteries, irregular traffic patterns, incorrect path planning, safety and security measures against virus or hacking, flashing effects on sensors, sensor malfunction, and electromagnetic surge effects from weather and environment.

This study provides foundation for future research, where we utilized these results in developing system strategies and subsequently changes in current policies in order to deal with events like health and drugs and certification or lack of experience factors. Currently, the development of such interventions is beyond the scope of this study. The advantage of addressing interventions would be beneficial in reminding pilot or crew about forgotten things that will ultimately reduce skill based errors.

Abbreviations

Possible Baseline Fault Tree of Maneuvering Phase Nodes for GA Inflight LOC

IBW:	Improper balancing weight
IIC:	Improper installation of component
MFC:	Maintenance failure component
ICCF:	Inadequate construction of component by factory
ISFG:	Incorrect situational flight guidance
IFP:	Inadequate flight procedure
PMFC:	Poor manual flight control
EMAT:	Encountering microburst and air turbulence
ICSA:	Inadequate control, speed, and aircraft type
IWC-WP:	Inadequate wind compensation and weather planning
NRP-IMC:	Noninstrument rated pilot enter IMC
LVT-IMC:	Low visible terrain and IMC
WSO-HAF:	Without supplemental oxygen at high altitude flight
OFOD-LAF:	Obstacles, fatigue ops, and ostentatious display
H&D:	Health and drugs
CIA-LOE:	Certification/lack of experience
AIAS:	Aircraft inability to avoid stall
COMMF:	Communication failure.

Possible Fault Tree of Maneuvering Scenario Nodes for GA Inflight LOC

IBW:	Improper balancing weight
IC:	Incapacitation crew
GC-UA:	Ground crew unstable approach
IA:	Incorrect actions
IIC:	Improper installation of component
MFC:	Maintenance failure of component
ICCF:	Inadequate construction of component by factory
ISFG:	Incorrect situational flight guidance
IFP:	Inadequate flight procedure
PMFC:	Poor manual flight control
EMAT:	Encountering microburst and air turbulence
FMWS:	Failing to manage wind-shear
ICSA:	Inadequate control, speed, and aircraft type
IWC-WP:	Inadequate wind compensation and weather planning
NRP-IMC:	Noninstrument rated pilot enter IMC
LVT-IMC:	Low visible terrain and IMC
WSO-HAF:	Without supplemental oxygen at high altitude flight
OFOD-LAF:	Obstacles, fatigue ops, and ostentatious display
H&D:	Health and drugs
CIA-LOE:	Certification/lack of experience
DA:	Distracted attention
LVO:	Lack of visual orientation
FC-UA:	Flight crew unstable approach
AIAS:	Aircraft inability to avoid stall
AWS:	Adverse weather situation
EAC:	External aircraft circumstances
ICC:	Internal cabin circumstances
SD:	Spatially disoriented
CRM:	Crew resource management
LSA:	Loss of situational awareness
COMMF:	Communication failure
DC:	Defective component.

Disclosure

Dr. Sameer Ud-Din has a Ph.D. degree from Civil and Environmental Engineering Department, Korea Advanced Institute of Science and Technology, Republic of Korea.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Acknowledgments

This work was supported by the Brain Korea 21 Plus project (Center for Creative SOC Infrastructure System Technology, 21A2013200003) through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning. Korea Ministry of Land, Infrastructure and Transport (MOLIT) as “U-City Master and Doctor Course Grant Program” financially supports this work. The authors would like to thank Dr. Hyun Gook Kang, Associate Professor of Nuclear Engineering Program at Rensselaer Polytechnic Institute (RPI), NY, USA, for providing logistic support.

References

National Transportation Safety Board, Review of U.S. Civil Aviation Accidents, 2007-2009 Annual Review NTSB/ARA-11/01, 2011.
D. D. Boyd and A. Stolzer, “Accident-precipitating factors for crashes in turbine-powered general aviation aircraft,” Accident Analysis & Prevention, vol. 86, pp. 209–216, 2016.
View at: Publisher Site | Google Scholar
National Transportation Safety Board, Improve General Aviation safety: NTSB most wanted list, 2012.
Federal Aviation Administration, General Aviation Joint Steering Committee: GAJSC charter, 2006, GAJSC accident dataset, 2011.
Y. Fattah and C. Stephens, “Commercial Aviation Safety Team (CAST),” in Proceedings of the International Civil Aviation Organization (ICAO) Common Taxonomy Team (CICTT): Overview/outreach briefing, 2012.
View at: Google Scholar
US. Department of Transport (DoT), Federal Aviation Administration (FAA), 2002.
Federal Aviation Administration, Fact Sheet-general aviation safety, 2012.
Commercial Aviation Safety Team (CAST), “JSAT Loss of Control,” CAST Approved Final Report, 2000.
View at: Google Scholar
S. Borener, S. Trajkov, and P. Balakrishna, “Design and Development of an Integrated Safety Assessment Model for NextGen,” in Proceedings of the Management, Proceedings of the 33rd International Annual Conference, Virginia Beach, 2012.
View at: Google Scholar
B. Ale, L. Bellamy, and R. Cooke, “Causal Model for Air Transport Safety, Final Report,” Tech. Rep., 2009.
View at: Google Scholar
Eurocontrol, SESAR Top-down Systematic Risk Assessment Version 1.01, D2.4.3-02, URL http, //, 2013, http://www.episode3.aero/public-documents.
International Air Transport Association (IATA), Loss of control In–flight Accident Analysis Report, Geneva, Switzerland, 2015.
National Aeronautics and Space Administration (NASA), Casual Factors and Adverse Conditions of Aviation Accidents and Incidents Related to Integrated Resilient Aircraft Control, NASA/TM-2010-216261, 2010.
S. Jacobson, “NASA LOC Study Team,” NASA Dryden Flight Research Center, 2010.
View at: Google Scholar
Chandler. J. G., “Limiting Loss of Control,” Air Transport World, vol. 48, no. 4, pp. 37–39, 2011.
View at: Google Scholar
M. Dambier and J. Hinkelbein, “Analysis of 2004 German general aviation aircraft accidents according to the HFACS model,” Air Medical Journal, vol. 25, no. 6, pp. 265–269, 2006.
View at: Publisher Site | Google Scholar
J. G. Grabowski, F. C. Curriero, S. P. Baker, and G. Li, “Exploratory spatial analysis of pilot fatality rates in general aviation crashes using geographic information systems,” American Journal of Epidemiology, vol. 155, no. 5, pp. 398–405, 2002.
View at: Publisher Site | Google Scholar
G. Li and S. P. Baker, “Crash risk in general aviation,” Journal of the American Medical Association, vol. 297, no. 14, pp. 1596–1598, 2007.
View at: Publisher Site | Google Scholar
G. Li, S. P. Baker, J. G. Grabowski, and G. W. Rebok, “Factors associated with pilot error in aviation crashes,” Aviation, Space, and Environmental Medicine, vol. 72, no. 1, pp. 52–58, 2001.
View at: Google Scholar
D. Kenny, “22nd Joseph T, Nall Report,” Air Safety Institute, pp. 1–51, 2012.
View at: Google Scholar
M. J. Shkrum, D. J. Hurlbut, and J. G. Young, “Fatal light aircraft accidents in Ontario: A five year study,” Journal of Forensic Sciences, vol. 41, no. 2, pp. 252–263, 1996.
View at: Google Scholar
L. S. Groff and J. M. Price, “General aviation accidents in degraded visibility: A case control study of 72 accidents,” Aviation, Space, and Environmental Medicine, vol. 77, no. 10, pp. 1062–1067, 2006.
View at: Google Scholar
G. Li, S. P. Baker, Y. Qiang, J. G. Grabowski, and M. L. McCarthy, “Driving-while-intoxicated history as a risk marker for general aviation pilots,” Accident Analysis & Prevention, vol. 37, no. 1, pp. 179–184, 2005.
View at: Publisher Site | Google Scholar
M. Bazargan and V. S. Guzhva, “Impact of gender, age and experience of pilots on general aviation accidents,” Accident Analysis & Prevention, vol. 43, no. 3, pp. 962–970, 2011.
View at: Publisher Site | Google Scholar
J. L. Taylor, Q. Kennedy, A. Noda, and J. A. Yesavage, “Pilot age and expertise predict flight simulator performance: A 3-year longitudinal study,” Neurology, vol. 68, no. 9, pp. 648–654, 2007.
View at: Publisher Site | Google Scholar
E. Coffey, C. M. Herdman, M. Brown, and J. Wade, “Age-Related Changes in Detecting Unexpected Air Traffic and Instrument Malfunction,” in Proceedings of the 14th International Symposium on Aviation Psychology, pp. 139–142, Columbus, OH, USA, 2007.
View at: Google Scholar
G. W. Rebok, Y. Qiang, S. P. Baker, M. L. McCarthy, and G. Li, “Age, flight experience, and violation risk in mature commuter and air taxi pilots,” International Journal of Aviation Psychology, vol. 15, no. 4, pp. 363–374, 2005.
View at: Publisher Site | Google Scholar
M. Wetmore and C.-T. Lu, “The effects of hazardous attitudes on crew resource management skills,” International Journal of Applied Aviation Studies, vol. 6, no. 1, pp. 165–182, 2006.
View at: Google Scholar
M. Wetmore and C. Lu, The Effects of Pilot Age on Aeronautical Decision Making and Crew Resource Management Skills, White paper, Central Missouri State University, 2005.
M. Wetmore and C. Lu, Reducing Hazardous Attitudes: The Effects of Pilot Certification and Flight Experience, White paper, Central Missouri State University, 2005.
J. L. Drinkwater and B. R. C. Molesworth, “Pilot see, pilot do: Examining the predictors of pilots' risk management behaviour,” Safety Science, vol. 48, no. 10, pp. 1445–1451, 2010.
View at: Publisher Site | Google Scholar
K. Pauley, D. O'Hare, and M. Wiggins, “Risk tolerance and pilot involvement in hazardous events and flight into adverse weather,” Journal of Safety Research, vol. 39, no. 4, pp. 403–411, 2008.
View at: Publisher Site | Google Scholar
Nuclear Energy Agenc, Committee on the Safety of Nuclear Installations, NEA/CSNI/R, 2007.
D. I. Kang, S. H. Han, and K. Kim, “An approach to the construction of a one top fire event PSA model,” Nuclear Engineering and Design, vol. 239, no. 11, pp. 2514–2520, 2009.
View at: Publisher Site | Google Scholar
W. S. Jung, Y.-H. Lee, and J.-E. Yang, “Development of a new quantification method for a fire PSA,” Reliability Engineering & System Safety, vol. 94, no. 10, pp. 1650–1657, 2009.
View at: Publisher Site | Google Scholar
A. Mosleh et al., “Procedures for treating common cause failures in safety and reliability studies,” in Nuclear Regulatory Commission and Electric Power Research Institute, NUREG/CR-4780, and EPRI NP-5613, vol. 1 and 2, 1988.
View at: Google Scholar
M. Stamatelatos, W. Vesely, J. Dugan, J. Fragola, J. Minarick J, and J. Minarick III, “Fault Tree Handbook with Aerospace Applications, prepared for NASA Office of Safety and Mission Assurance,” NASA Headquarters, 2002.
View at: Google Scholar
A. Rauzy, “New algorithms for fault trees analysis,” Reliability Engineering & System Safety, vol. 40, no. 3, pp. 203–211, 1993.
View at: Publisher Site | Google Scholar
W. S. Jung, S. H. Han, and J.-E. Yang, “Fast BDD truncation method for efficient top event probability calculation,” Nuclear Engineering and Technology, vol. 40, no. 7, pp. 571–580, 2008.
View at: Publisher Site | Google Scholar
A. Rauzy and Y. Dutuit, “Exact and truncated computations of prime implicants of coherent and non-coherent fault trees within Aralia,” Reliability Engineering & System Safety, vol. 58, no. 2, pp. 127–144, 1997.
View at: Publisher Site | Google Scholar
Y. Dutuit and A. Rauzy, “Efficient algorithms to assess component and gate importance in fault tree analysis,” Reliability Engineering & System Safety, vol. 72, no. 2, pp. 213–222, 2001.
View at: Publisher Site | Google Scholar
EPRI, Investigation of Binary Decision Diagram Quantification of Linked Fault Trees, 2005, ProductID#1010062.
S. J. Woo, “A method to improve cutset probability calculation in probabilistic safety assessment of nuclear power plants,” Reliability Engineering & System Safety, vol. 134, pp. 134–142, 2015.
View at: Publisher Site | Google Scholar
C. Wang, L. Xing, and G. Levitin, “Competing failure analysis in phased-mission systems with functional dependence in one of phases,” Reliability Engineering & System Safety, vol. 108, pp. 90–99, 2012.
View at: Publisher Site | Google Scholar
L. Xing and G. Levitin, “BDD-based reliability evaluation of phased-mission systems with internal/external common-cause failures,” Reliability Engineering & System Safety, vol. 112, pp. 145–153, 2013.
View at: Publisher Site | Google Scholar
G. Levitin, L. Xing, S. V. Amari, and Y. Dai, “Reliability of non-repairable phased-mission systems with propagated failures,” Reliability Engineering & System Safety, vol. 119, pp. 218–228, 2013.
View at: Publisher Site | Google Scholar
J. D. Andrews, J. Poole, and W. H. Chen, “Fast mission reliability prediction for Unmanned Aerial Vehicles,” Reliability Engineering & System Safety, vol. 120, pp. 3–9, 2013.
View at: Publisher Site | Google Scholar
J. D. Andrews and S. J. Dunnett, “Event-tree analysis using binary decision diagrams,” IEEE Transactions on Reliability, vol. 49, no. 2, pp. 230–238, 2000.
View at: Publisher Site | Google Scholar
National Transportation Safety Board, General Aviation Safety, Fatal GA Accidents Occurring Dataset, 2016.
R. L. Dillon-Merrilla, V. Bierb, S. S. Borenerc et al., “Quantifying Risk in Commercial Aviation with Fault Trees and Event Sequence Diagrams, Probabilistic Safety Assessment and Management,” PSAM 12, 2014.
View at: Google Scholar
ASIAS, FAA Aviation Safety Information Analysis and Sharing System, http://www.asias.faa.gov/pls/apex/f.
M. H. C. Everdij and J. J. Scholte, “Unified framework for FAA risk assessment and risk management, NLR Air Transport Safety Institute,” NLR-CR-2012-582, pp. 2012–582, 2013.
View at: Google Scholar
A. L. C. Roelen, B. A. van Doorn, J. W. Smeltink, M. J. Verbeek, and R. Wever, “Quantification of event sequence diagrams for a causal risk model of commercial air transport,” in NLR-CR-2008-646, pp. 2008–646, National Aerospace Laboratory NLR, The Netherlands, 2008.
View at: Google Scholar
B. J. M. Ale, L. J. Bellamy, R. van der Boom et al., “Further development of a Causal model for Air Transport Safety (CATS): Building the mathematical heart,” Reliability Engineering & System Safety, vol. 94, no. 9, pp. 1433–1441, 2009.
View at: Publisher Site | Google Scholar
J. E. Spouge and Perrin, “Main report for the 2005/2012 integrated risk picture for air traffic management,” Eurocontrol, EEC Note No. 05/06, 2006.
View at: Google Scholar
A. L. C. Roelen and R. Wever, “Accident scenarios for an integrated aviation safety model, National Aerospace Laboratory NLR,” The Netherlands, pp. 2005–560, 2005.
View at: Google Scholar
R. E. Barlow and F. Proschan, “Importance of system components and fault tree events,” Stochastic Processes and Their Applications, vol. 3, pp. 153–173, 1975.
View at: Publisher Site | Google Scholar | MathSciNet
B. Natvig, “A suggestion of a new measure of importance of system components,” Stochastic Processes and Their Applications, vol. 9, no. 3, pp. 319–330, 1979.
View at: Publisher Site | Google Scholar | MathSciNet
W. E. Vesely, T. C. Davis, R. S. Denning, and N. Saltos, Measures of risk importance and their applications, Battelle Columbus Laboratories,.
M. Van Der Borst and H. Schoonakker, “An overview of PSA importance measures,” Reliability Engineering & System Safety, vol. 72, no. 3, pp. 241–245, 2001.
View at: Publisher Site | Google Scholar
D. True et al., “PSA Application Guide,” EPRI Report TR-105396, 1995.
View at: Google Scholar
H. E. Lambert, “Measures of importance of events and cut sets in fault trees,” Reliability and fault tree analysis (Conf., Univ. CALifornia, Berkeley, CALif., 1974), Soc. Indust. Appl. Math., Philadelphia, Pa., pp. 77–100, 1975.
View at: Google Scholar | MathSciNet
W. E. Vesely, “Measures of Risk Importance and Their Application, NUREG/CR-3385,” NUREG/CR-3385, 1983.
View at: Google Scholar
Z. Wang and J. Shortle, “Sensitivity Analysis of potential wake encounters to stochastic flight-track parameters,” in Proceedings of the International Conference on Research in Air Transportation, pp. 1–8, Berkeley, CA, USA, 2012.
View at: Google Scholar
J. Shortle, L. Sherry, A. Yousefi, and R. Xie, “Safety and sensitivity analysis of the advanced airspace concept for nextgen,” in Proceedings of the 2012 12th Integrated Communications, Navigation and Surveillance Conference: Bridging CNS and ATM, ICNS 2012, pp. O21–O210, USA, April 2012.
View at: Publisher Site | Google Scholar
US. Department of Transportation, “Federal Aviation Administration,” Federal Aviation Administration, Risk Management Handbook FAA-H-8083-2, 2009, http://www.faa.gov/library/manuals/aviation/.
View at: Google Scholar
M. P. McKay and L. Groff, “23 years of toxicology testing fatally injured pilots: Implications for aviation and other modes of transportation,” Accident Analysis & Prevention, vol. 90, pp. 108–117, 2016.
View at: Publisher Site | Google Scholar
A. Noriega, M. J. Balas, and R. P. Anderson, “Robust Adaptive Control of a Weakly Minimum Phase General Aviation Aircraft,” in Proceedings of the Complex Adaptive Systems, 2016, pp. 497–506, USA, November 2016.
View at: Publisher Site | Google Scholar
S. R. Jacobson, “Aircraft loss of control causal factors and mitigation challenges,” in Proceedings of the AIAA Guidance, Navigation, and Control Conference, Canada, August 2010.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2018 Sameer Ud-Din and Yoonjin Yoon. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

3764

Downloads

1346

Citations