140 likes | 152 Views
This document outlines the progress, guidelines, and future plans discussed during the AIAA RLV Safety-Critical Systems Working Group meeting in Washington, D.C. on May 19, 2004.
E N D
AIAA RLV Safety-Critical Systems Working GroupCOMSTAC RLV Working Group MeetingWashington D.C.19 May 2004
Outline • Project Overview • Organizations Involved • Progress to Date • Guidelines for Identification of Potentially Safety-Critical Items • Future Plans • Observations • Summary • Q & A COMSTAC RLV Working Group Meeting - Washington D.C.
Project Overview • Tasked by FAA/AST-300 to form RLV industry working group • The working group was formed to: • define criteria for identifying potentially safety-critical systems for RLVs • develop a list of potentially safety-critical RLV items COMSTAC RLV Working Group Meeting - Washington D.C.
Industry Participants • The following companies have actively participated in the project: • Andrews Space • The Boeing Company • Kistler Aerospace • Lockheed Martin • Northrop Grumman Space Technology • TGV Rockets • XCOR Aerospace COMSTAC RLV Working Group Meeting - Washington D.C.
Industry Participants • The following other organizations are represented on the working group: • SpaceDev • LunaCorp/AirLaunch LLC • SpaceX Corporation • COMSTAC RLV Working Group COMSTAC RLV Working Group Meeting - Washington D.C.
Progress to Date • Twelve (12) working group meetings held since September (1 Face-to-Face, 11 teleconferences) • Initial discussions focused on project goals and intent • A number of methodologies for identifying safety-critical systems brought forward by participants • X-15 analysis performed based on MIL-STD-882 • Consensus reached on core set of “guidelines” for identifying potentially safety-critical systems • Agreement made to focus on only hardware items for this iteration • Initiated development of a list of potentially safety-critical items COMSTAC RLV Working Group Meeting - Washington D.C.
Draft Guidelines for Identification of Potentially Safety-Critical Items In general, if BOTH of the following conditions are true for a particular item, the item is potentially safety-critical and may require further analysis. (1) If the vehicle is over/in a populated area, or may reach a populated area as a result of failure, and (2) the item could credibly fail, with the failure resulting in one or more of the five described hazard conditions then the item is potentially safety-critical. COMSTAC RLV Working Group Meeting - Washington D.C.
Draft Guidelines for Identification of Potentially Safety-Critical Items List of Hazard Conditions Failure causes vehicle breakupThe vehicle is broken into fragments. Failure causes vehicle loss of control:The vehicle can no longer be controlled by the crew (may be onboard crew or ground crew). Failure causes uncontrolled debris:The failure leaves the vehicle intact and controllable, but debris is ejected, without any means of controlling where the debris will impact. For example, an engine failure leaves the vehicle intact and in control, but may cause a fan blade to be ejected from the vehicle; or a structural failure may lead to the separation of a aerodynamic control surface. The intentional jettison of a component (e.g. drop tank) during normal or emergency operations in a designated area is not considered a failure. COMSTAC RLV Working Group Meeting - Washington D.C.
Draft Guidelines for Identification of Potentially Safety-Critical Items List of Hazard Conditions (continued) Failure causes uncontrolled discharge of hazardous material:The failure leaves the vehicle intact and controllable, but leads to the discharge of hazardous material (toxic, flammable, cryogenic, etc.). The controlled dumping of propellants in a designated area during an abort scenario is not considered a failure. Failure prohibits safe landingThe failure leaves the vehicle intact and controllable in flight, but prohibits the vehicle from either reaching a designated landing location where the public is not endangered (e.g. a missile range), or prevents the vehicle from performing a controlled emergency landing without endangering the uninvolved public (e.g. at a public airport). COMSTAC RLV Working Group Meeting - Washington D.C.
Future Plans This Year: • Complete table of potentially safety-critical hardware items and the associated hazard condition • Present completed guidelines to RLV community prior to submission to AST • Publish guidelines and list of potentially safety-critical items by 1 September Possible Follow-On Activities: • Incorporate risk mitigation strategies for each of the items in the table • Expand guidelines to cover more than hardware items (ref. slide #11) COMSTAC RLV Working Group Meeting - Washington D.C.
Future Plans Hazard Contributors Slide courtesy of The Boeing Company • Seven Categories force hazard analyst to look beyond hardware failures for risk components • Begins defining Fault Module Tree COMSTAC RLV Working Group Meeting - Washington D.C.
Observations • Cooperation between industry and AST has been strong • A considerable effort has been made to ensure that these guidelines will not place any undue regulatory burden on developers • Challenge has been to develop set of guidelines that would be relevant to different types of RLVs • Greater industry participation would be welcomed COMSTAC RLV Working Group Meeting - Washington D.C.
Summary • RLV industry working closely with AST to reach consensus on a set of guidelines for identifying potentially safety-critical hardware items • Guidelines and a list of potentially safety-critical items will be published by 1 September • Additional work will be done in the future and industry is invited to participate COMSTAC RLV Working Group Meeting - Washington D.C.
Contact Information Craig Day AIAA Standards Program Manager American Institute of Aeronautics and Astronautics 1801 Alexander Bell Drive, Suite 500 Reston, VA 20191-4344 Phone: 703-264-3849 Email: craigd@aiaa.org COMSTAC RLV Working Group Meeting - Washington D.C.