1 / 28

September 23, 2008

The Rosetta Stone. A Common Language for a Generic Range Safety Tool appropriate for Manned and Unmanned Ballistic, Aerodynamic, and Buoyant Risk Generating Flying Machines. September 23, 2008. Why do we Need a FSS Rosetta Stone?. At the dawn of the first aerospace millennium

meira
Télécharger la présentation

September 23, 2008

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Rosetta Stone A Common Language for a Generic Range Safety Tool appropriate for Manned and Unmanned Ballistic, Aerodynamic, and Buoyant Risk Generating Flying Machines September 23, 2008

  2. Why do we Need a FSS Rosetta Stone? At the dawn of the first aerospace millennium We have only just begun to evolve! • The CSWG team, the RLV community, and the ranges must be communicating together to be responsive in this growing thought process • Therefore we need a common language for our mutual understanding • Perceptions are most critical! • Our requirements must address all phases of flight • Take-off - Launch, Climbout - Orbital insertion, Cruise, Re-entry - landings • Atmospheric, Exo-atmospheric, Trans-atmospheric, Near-Space • Our requirements must address all types of flying machines • Ballistic, Aerodynamic, Buoyant • Manned, Unmanned • Reliable/operational, Unreliable/experimental, and everything in between • Our requirements must be adaptable to recognize Pilots, MFCOs, RSOs, and Autonomous Types • Our requirements must effectively address the hazards and fulfill the safety concerns for all of the above • All flying machines, regardless of type, can and do fail • All flying machines generate risk, although to varying degrees depending on type and flight mode • Effective solutions vary significantly and need not be singular • Let there be no doubt - Failure to effectively mitigate risk can be highly catastrophic!!!

  3. Seeking Common Flight Safety System Terminology We come from different organizations and aerospace cultures, seeking a common set of standards, but historically have had differing terminology, requirements processes, and concerns. • Now we need such a lingual instrument for the entire Flight Safety Community • Generically applicable for launches and re-entries of ELVs and RLVs that can also be understood and used by UAS, PGM, and any other manned or unmanned flying range operation • It’s all about perception – targeting to inform the least comprehending reader

  4. My Flight Safety System Mindset I disagree with the concept that a FSS must contain FTS.  Unlike our typical ER/WR spacelift launch scenario applications of FSS with FTS, there are many situations and ways to protect public lives using FSS without using FTS as not all aerospace vehicles require flight to be terminated in order to be rendered safe. I believe all parties agree with the fact “that a vehicle returning from space has the potential to kill many people here on the earth”. The difference is on the approach of how to define broader requirements that can accommodate alternative, and likely yet to be foreseen, reentry flight safety system options and yet be fully effective for protecting public safety.  The “calming function” must be getting everyone to open their minds, establish mutually understood terms, and realize there are routine Flight Safety System alternatives in use throughout the aerospace industry – manned air flight, UAS, PGMs, manned spaceflight, small sounding rockets, re-entry payloads,… This needs to be kept simple so all of us can easily understand!

  5. A Proposed FSS General Paradigm • A Flight Safety System (FSS) is a range safety tool that may be used to: • Reduce risk to an acceptable level • Record and document event outcome • Execute emergency response protocols • FSS may include any or all of the following subsystems: • Range Tracking System (RTS) – a method to track the flight vehicle • A method to receive safety critical status data from the vehicle • A method to either manually, autonomously, or a combination of both to compare tracking and critical status data to established criteria • A method to affect change to assure safety criteria is fulfilled • FSS reliability may most likely be a critical requirement • For any or all subsystems and their components of the FSS • Scalable: Depends on the specific risks and the specific solution to mitigate these risks • Residual risks and consequences, with and without FSS successful execution, with respect to established criteria • May impact any or all phases: policy development, design, testing, analysis, documentation

  6. FSS Range Safety Tool Applications • Flight Safety System • A tool that may be used to fulfill various range requirements • Risk Management - Reduce risk to an acceptable level • Destructively terminate flight • Terminate thrust • Alter unacceptable vectors or momentum (occasional nudge or flight mode change) • No action – Let it be (Not enough risk potential to warrant a separate control function) • Liability Management - Record and document event outcome • Emergency Management - Execute emergency response protocols • Tool application may vary depending on: • Unmitigated risks involved • Particular flight phase(s) of concern • Consequence of any catastrophe that may occur • Potential for liability and defensive documentation • EPCRA – Emergency Planning and Community Right-to-know Act • Department of State related matters • Vulnerability to impede continued access to space • Requirements should accommodate diverse solutions, but fulfills the bottom line: • Operational Risk Management per Range Commander direction shall be employed • Fundamental Equivalent Level of Safety range requirements shall not be compromised • No unnecessary risk shall ever be taken

  7. FSS Components • FSS may include any or all of the following subsystems: • Range Tracking System (RTS) – a method to track the flight vehicle • A method to receive safety critical status data from the vehicle • Command - A method to either manually, autonomously, or a combination of both to compare tracking and critical status data to established criteria • Decide when and if corrective action is required to assure the criteria is not violated • Timely execute the appropriate actions based on the data received or not. • Such individuals performing such manual functions may be referred to as Mission Flight Control Officers (MFCOs), Range Safety Officers (RSOs), or Pilots • A method to affect change to assure safety criteria is fulfilled. Either: • Flight Termination System (FTS) – all components that provide the ability to terminate a launch vehicle’s flight in a controlled manner; the flight termination system consists of all command terminate subsystems, inadvertent separation destruct subsystems, or other subsystems and their components that used to terminate flight. • Contingency Management System (CMS) – a method to execute commands to either place the vehicle in a safe or recovery mode or affect realtime corrective actions to resume safer flight • Include all components of the subsystems required - • Each of the required subsystems must include all components that • are required in the solution to execute the Range Safety requirement • Ground based assets • Aboard the risk-generating flight vehicle • Aboard any other mobile or fixed relay or sensing platforms • Inertial, GPS, or any other positional or state-vector determining inputs • Software • Decision making process

  8. A More Generic FSS Definition The FAA definition in 14 CFR § 417.3: Flight safety system means the system that provides a means of control during flight for preventing a hazard from a launch vehicle, including any payload hazard, from reaching any populated or other protected area in the event of a launch vehicle failure. A flight safety system includes: All hardware and software used to protect the public in the event of a launch vehicle failure; and the functions of any flight safety crew. The AF definition in AFSPCMAN 91-710 V7 1 JULY 2004: Flight Safety System — the system consisting of the airborne and ground flight termination systems, airborne and ground tracking system, and the airborne and ground telemetry data transmission systems. A Proposed More Generic Definition: Flight Safety System is a system that provides a means of control during flight for preventing a hazard from a flight vehicle, including any payload hazard, from reaching any populated or other protected area in the event of a flight vehicle failure. A Flight Safety System includes all airborne and ground hardware, software, and any human-in-the-loop controls used to protect the public. Such human-in-the-loop controls include associated human-systems interfaces and may involve ground-based Mission Flight Control Officers or Range Safety Officers, flight vehicle-based pilots or Flight Safety Officers, or any combination of such.

  9. An RLV FSS Example Let’s hypothetically say we have a reentering vehicle crossing the California shoreline heading towards Edwards AFB. On one of the final set of energy management turns an aerodynamic control surface has apparently failed causing anomalous yaw motions.  Current vector is towards lightly populated areas but potential for continued yaw could endanger more densely populated areas.  Do you terminate now causing some potentially fewer but higher probability casualties?  Any hesitation in decision could be catastrophic, but on the other hand, any premature termination action may needlessly cause casualty. Would one much rather have an FSS that either autonomously or RSO commands the ejection of wingtip drag shoots to try to offset the yaw, yet allowing continued flight to either open desert or possibly successful touchdown? One could say we should terminate prior to getting near the shoreline and placing population at risk.  But what happens if the first anomaly indication happens after that threshold has passed?  Do we just say no landings at Edwards as risk cannot be controlled by FTS? Or do we employ a tiered approach using various forms of FSS, some with Contingency Management Systems in lieu of FTS, and specific criteria before each tier gate may be crossed?

  10. Potential Impact to AFSPCM 91-710/91-711

  11. Potential Impact to RCC-319

  12. Backup Slides

  13. The Rosetta Stone • An ancient Egyptian artifact instrumental in advancing modern understanding of hieroglyphic writing • Text is three translations of a single passage • Egyptian hieroglyphic script • Egyptian Demotic script • Classical Greek • Created in 196 BC • Discovered by the French in 1799 at Rashid (a Mediterranean harbor in Egypt then referred to as Rosetta by the French) • Contributed greatly to the decipherment of the principles of hieroglyphic writing in 1822 by Thomas Young and Jean-François Champollion • Assisted in understanding many previously undecipherable examples of hieroglyphic writing.

  14. AFSPC Terms AFSPCMAN 91-710 V7 1 JULY 2004 flight safety system — the system consisting of the airborne and ground flight termination systems, airborne and ground tracking system, and the airborne and ground telemetry data transmission systems. flight termination action - the transmission of thrust termination and/or destruct commands to a launched launch vehicle and/or payload. flight termination system - all components, onboard a launch vehicle, that provide the ability to terminate a launch vehicle’s flight in a controlled manner; the flight termination system consists of all command terminate systems, inadvertent separation destruct systems, or other systems or components that are onboard a launch vehicle and used to terminate flight.

  15. RCC Terms RCC-319 version of August 2007

  16. RCC Terms RCC-321 version of June 2007

  17. FAA FSS Terms 14 CFR§ 417.3Flight safety system means the system that provides a means of control during flight for preventing a hazard from a launch vehicle, including any payload hazard, from reaching any populated or other protected area in the event of a launch vehicle failure. A flight safety system includes: All hardware and software used to protect the public in the event of a launch vehicle failure; and The functions of any flight safety crew. Below is from the FAA Advisory Circular AC 431.35-2A July 20, 2005

  18. FAA RLV Approach

  19. Newer FAA Approach

  20. CSWG Language Tracking a vehicle during any phase of flight that can threaten public safety (e.g. ascent or re-entry) is considered a safety critical function. The following guidance information will be included as a “bordered paragraph” near Volume 2 paragraph 1.6.9.1.1 to clarify “the requirement for continuous tracking and telemetry during reentry” you alluded to. The telemetry and tracking requirements for a reentry vehicle are intended to serve at least three purposes: (1) to facilitate activation of the FSS when necessary to protect public safety, (2) to provide input to the Post-Flight Vehicle Performance Analysis required by Volume 2 paragraph 3.8, and (3) to assist in recovery of the vehicle or vehicle debris, particularly in support of a mishap or accident investigation. Therefore, continuous tracking is generally required for a reentry vehicle in any phase of flight that exhibits a capability to hazard any protected area. The need for tracking of a particular reentry vehicle during a given phase of flight can be determined with an analysis acceptable to Range Safety that is similar to the FTS Determination Analysis required by Volume 2 paragraph 3.7. This analysis may show that tracking may not be required for a vehicle in the final phase of flight that can hazard only unpopulated or sparsely populated areas. For example, telemetry and tracking may not be required for a phase of reentry vehicle flight that poses a debris hazard only to broad ocean areas that are sparsely populated or unpopulated with vessel or air traffic. Similar comments about the FTS requirements were made. The following bordered paragraph will be included near Volume 1 paragraph 3.2.3.1 to clarify the requirement for a “positive, range-approved method of controlling errant vehicle.” A FSS as defined in Volume 1 paragraph 3.2.2 is generally required during launch/reentry unless the vehicle operator demonstrates that (1) no hazard from a launch/reentry vehicle, vehicle component, or payload can reach any protected area at any time during flight; (2) no failure of the vehicle would have a high consequence to the public; and (3) the absence of a flight safety system would not significantly increase the risk posed by vehicle hazards. The need for FSS capability during a given phase of flight of a particular reentry vehicle can be determined with an analysis acceptable to Range Safety that is similar to the FTS Determination Analysis required by Volume 2 paragraph 3.7. This analysis may show that the objectives of a positive, range-approved method of controlling errant vehicle flight may be met without a FSS as defined in Volume 1. For example, command FTS capability, or at least an explosive destruct system, may not be required for a vehicle in the final phase of flight that can hazard only broad ocean areas that are sparsely populated or unpopulated with vessel or air traffic.

  21. NASA Terms

  22. NASA Terms

  23. Aerospace Industry Terms From the AIAA: ISO Standard 14620-3 • From the COMSTAC RLV Working Group: • COMSTAC – Commercial Space Transportation Advisory Committee • Provides industry input to FAA • Assessed FSS technology and applications on ELVs, RLVs, RPVs, and UAVs • Examined range containment, vehicle destruct, flight safing, thrust termination, and vehicle recovery methodologies • Found GPS Metric Tracking based methods sufficiently mature • Assessed maturities of Autonomous FSS, traditional man in the loop FSS, and hybrids • Found Integrated Vehicle Health Management (IVHM) based methods not yet mature • Pilots can be part of the risk mitigation solution • Considered that not all manned RLVs would have onboard pilots – autonomous control but carrying passengers! • ELVs have no abort strategy beyond activation of the FTS • Alternative solutions to FTS require “regulatory personnel” to have a “more thorough understanding of the design and performance aspects of a particular concept”.

  24. UAS Lingo Are you hep to the jive? Understanding and standardizing nomenclature: FTS –The Flight Termination System consists of all components, onboard a launch vehicle, that provide the ability to terminate a launch vehicle’s flight in a controlled manner; the flight termination system consists of all command terminate systems, inadvertent separation destruct systems, or other systems or components that are onboard a launch vehicle and used to terminate flight. - (UAS Lingo) A system which ends the flight of a vehicle by imposing a condition of zero lift and zero thrust when termination is effected. FSS -The Flight Safety System consists of the airborne and ground flight termination systems, airborne and ground tracking system, and the airborne and ground telemetry data transmission systems. RSS –The Range Safety System (slang?) consists of those assets and attributes in a network-centric system that are performing functions that would be equivalent to a Flight Safety System. CMS –The Contingency Management Systems is a system that may be aboard a UAV in order to fulfill risk mitigation necessary to bring risks to within acceptable thresholds. As such, it may be a key factor into the Range Safety approved risk management solution for a particular UAS operation. A CMS may use a set of elements within the vehicle, including but not limited to manual control, autonomous control, and recovery capability. Depending on the approved CMS solution, the CMS may, but not necessarily be, a Flight Termination System (FTS) involving mechanisms, such as explosive charges, to abruptly terminate flight. Activation of a CMS shall not increase the risk to people or property.

  25. Terms from Academia • Range-Centric and Vehicle-Centric FSS • Range-Centric: Most components of the decision making activity and source of decision data originates at a ground station • Vehicle-Centric: Most of these components are functioning onboard using the vehicle’s systems • FTS and Vehicle Recovery System (VRS) • FTS – Flight or thrust termination either range or vehicle centric • VRS – A type of FTS highlighting its nondestructive nature featuring soft landing options using airbags, parachutes, throttle and aerodynamic control surface settings generating hopefully only minor maintenance afterwards • Flight Safing • Do no harm if you do not know what to do • Default flight programming for lost links • Autonomous Collision Avoidance • IVHM – Integrated Vehicle Health Management

  26. Human Systems Integration The systematic Integration of nine human elements: SMC/SE Contacts: Dr Louis Huang: 310-653-1543 Chief, Space System Safety Engineering Mr Francis McDougall: 310-653-1309 Space System Safety Engineer

  27. Equivalent Level of Safety

  28. Equivalent Level of Safety

More Related