210 likes | 338 Views
By T. Sgobba IAASS. Organizing space – The big picture. Government regulations, prescriptive requirements and obsolescence risk. Prescriptive requirements not suitable for fast evolving industry.
E N D
By T. Sgobba IAASS Organizing space – The big picture
Government regulations, prescriptive requirements and obsolescence risk
Prescriptive requirements not suitable for fast evolving industry A prescriptive requirement is an explicit design requirement or technical solution solution for an implicit safety goal. Use of prescriptive requirements is an old-fashioned way to pursue safety. The modern approach revolves around building “safety cases”. In the early hours of 15 April 1912, the RMS Titanic struck an iceberg on her maiden voyage from Southampton, England, to New York, USA and sank. A total of 1,517 people died in the disaster because there were not enough lifeboats available, however the ship was fully compliant with the requirement of the time. Alexander Carlisle, one of the managing directors of the shipyard that built the Titanic, had suggested some minor modifications to give Titanic the potential of carrying 48 lifeboats, providing more than enough seats for everybody on board. But in a cost cutting exercise, the customer (White Star Line) decided that only 20 would be carried aboard thus providing lifeboat capacity for only about 50% of the passengers on the maiden voyage. This decision, was in line with the Board of Trade regulations of the time, which stated that all British vessels over 10,000 tons had to carry 16 lifeboats. The regulations were clearly out of date in an era where the size of ships had reached up to 45,000 tons.
Prescriptive requirements not suitable for fast evolving industry There are three major elements in the definition of what is a “standard”: a) being something universally and widely agreed, b) being the minimum acceptable, and c) being approved and monitored for compliance by an authoritative organization Often it is considered that universal agreement can be reached only as a result of long and successful application of a technical practice, that is then “promoted” to the level of standard. Traditionally safety (technical) standards, are not just the enunciation of generic theoretical principles or goals, but they include and often mandate specific design solutions. In other words, traditionally, safety regulations and standards tend to be detailed and prescriptive. The aim is to ensure effectiveness and prevent circumvention by avoiding any subjective interpretation in the implementation and compliance verification. The violation of a requirement can be then unequivocally determined by inspection (and prosecuted) The vast majority of standards in use in aviation, for example, are the result of accumulated experience (i.e. accidents and incidents) and steady technological evolution in the post-war period. They are detailed according to type and prescriptive In contrast there are industries in which building on experience is simply not possible, because the system is completely new, highly safety-critical and/or extremely expensive.
Prescriptive requirements not suitable for fast evolving industry
The safety-case regime The safety-case regime recognizes that the regulatory authority has the role and responsibility to define the “safety goals and objectives”, while the developer/operator must be in charge of proposing valid detailed technical solutions, due to its in-depth knowledge of the system design and operations The implementation of a safety-case based regulatory regime has a number of important consequences. One is that both the design team and the safety certification team must have a deep knowledge of how the system works in order to understand the relevant hazards and the soundness of the design controls selected to mitigate the risks. In principle the safety certification team should be even more knowledgeable and experienced than the design team As a consequence a certification team is better composed by independent experts, engineers and scientists drawn from industry than by government bureaucrats. Otherwise it would lead to extensive duplication and continuous maintenance of technical resources and means comparable to those available in industry While the self-regulatory scheme of Classification Societies in maritime business was born from the early need to provide support to insurance companies by assessing and mitigating constructional risks, the self-regulatory approach proposed by IAASS for commercial human spaceflight is justified by the unavoidable evolution of standards for a highly-advanced and fast-evolving industry, from being prescriptive and static to be instead generic, goal oriented and dynamic.
Lessons learned from deep water oil drilling Gulf of Mexico – 20 April 2010 Deep water oil drilling is a high-tech industry. “Everyone thought that exploring the deep sea would be as exciting as a trip into outer space. The reality, though, was different. Compared to conditions in the deep sea, flying to the moon looked easy” (Klaus Wallmann, head of the Marine Geosystems Research Unit, Leibniz Institute of Marine Sciences, Kiel, Germany). “The gas and oil industry must move towards developing a notion of safety as a collective responsibility. Industry should establish a “Safety Institute” …this would be an industry created, self-policing entity, aimed at developing, adopting, and enforcing standards of excellence to ensure continuous improvement in safety and operational integrity offshore” (US Presidential Commission on Deepwater Horizon Disaster)
Re-entry breakup basics • Space systems in LEO reenter naturally at very shallow angle (<1 degree). • Location of uncontrolled reentries is unpredictable • Major breakup at ~78 km • 10 to 40% of mass survives reentry and impacts the Earth’s surface posing hazard to people and property (e.g. of the ATV-1 mass of 12.3 tons about 3.5 tons in 183 fragments survived re-entry, 28.4% of mass) • Debris spread over long, thin ground footprint (e.g. for ATV ~ 817km by 30km) South Africa, 2000 Texas, 1997 Brazil, 2012 30 kg Mongolia, 2010 Saudi Arabia, 2001 250 kg 250 kg 250 kg
Risk for aviation • Casualty expectations for people in commercial aircraft exposed to the risk of falling fragments after Shuttle Columbia disintegration was 0.3 • On average >27 fragments from random re-entry exceeds specified limit for aircraft in hazard area • The core area of Europe has one of the highest air traffic density in the world • On Sunday 15 November 2011, in the middleof the Russian Phobos-Grunt uncontrolled re-entry window, the EUROCONTROL Network Management Operations Centrereceived an international NOTAM fromRussian authorities, requesting EuropeanStates to close their airspace for two hours • Closing the European airspace for 2 hours could cost up to 20 Mln of Euro
Risk for aviation • The US Federal Aviation Administration (FAA) Office of Commercial Space Transportation (AST) and the US Department of Defence co-sponsored the development of Aircraft Vulnerability Models (AVMs) to quantify the areas of aircraft susceptible to catastrophic or emergency outcome (e.g. fuselage penetration, fuel tank rupture) following impact with falling space debris. A fragment > 300gm is generally considered catastrophic.
Localizing the footprint • Length of predicted impact zone depends on observation altitude • Most accurate prediction for observation at primary breakup altitude • On average, first fragment reaches the airspace (i.e. 18km) ~10 minutes after breakup • Last fragment reaches ground ~26 minutes after breakup
Re-entry Direct Broadcasting Alert System • The Re-entry Direct Broadcasting Alert System (R-DBAS) works as a “smart fragment” which can autonomously determine its own position during re-entry, and which knows its relative location in the projected hazard area (footprint probability box), which has been pre-computed on ground. • The R-DBAS allows to directly broadcast related alerts to potential users within the time fallingfragments take to reach altitudes used by aviationor to reach Earth surface.
R-DBAS: Receiver-display unit • The Receiver-Display unit will receive in real-time the hazard area geographical coordinates and display them as a simple alphanumeric message on a computer screen or digital mobile phone, or against a map backdrop. The Receiver-Display unit may be integrated or adapted to existing computer and display systems, and include user’s GPS location to track user’s relative position with reference to hazard area. • The Receiver-Display unit can be carried or installed on airplanes, ships, boats, offshoreplatforms, ground vehicles, on personal andmobile communication devices, and oncentralized computer systems. By receivingthe alert notification, collision avoidance orescape maneuvers may be performed or the user may need to take shelter.
Classification Societies…..it all started over a cup of coffee In the second half of 18th century, marine insurers, based at Lloyd's coffee house in London, developed a system and established a committee for the independent inspection of the hull and equipment of ships presented to them for insurance cover. The condition of each ship was “classified” on an annual basis according to the excellence of its construction and its perceived continuing soundness (or otherwise). In 1828 Bureau Veritas was established as classification society, followed by the Lloyd's Register of British and Foreign Shipping as a self-standing classification society, and by other societies (RINA, ABS, DNV, ClassNK, etc.
Classification Society activities Promotion of safety of life, property and the environment Develop technical standards (rules) for design and construction of ships Approve designs against their standards Conduct surveys during construction to satisfy the ship is built in accordance with the approved design and to the requirements of the Rules Acts as a RecognisedOrganization carrying out statutory surveys & certification as delegated by maritime administrations Regulations for in-service inspection and periodic survey during operation Research and development programs Support international organizations (IMO, ISO, IACS, etc.) Involved in all stages throughout the life of a ship: design, construction and in-service. Assessment of changes resulting from modification, repair, degradation, etc.
Classification Society statutory role and interfaces Many national administrations have opted to take advantage of Classification Societies experience by signing formal delegation agreements with one or more of them (for example Canada signed with Germanischer Lloyd, American Bureau of Shipping, Bureau Veritas, Det Norske Veritas and Lloyd’s Register). The rules published by Classification Societies, together with the requirements set down in the various International Conventions of the International Maritime Organisation (IMO) and the marine legislation of the flag states, form a comprehensive and coherent set of standards for design, construction and maintenance in operation of ships
IAASS proposal to organize space Five points: • Extend the ICAO mandate to space (up to geosynchronous orbits) to cover civil/commercial space traffic control (launch/re-entry and on-orbit), space environment protection, and for integration of air/space traffic management. • The “extended ICAO” would then promote the development of a set of interoperability rules between civil/commercial and military space situational awareness and traffic control • Extend the ICAO mandate to include the issuing of safety rules for commercial spaceports and aerospaceports systems, facilities and operations • Extend the ICAO mandate to include the issuing of Safety Management System (SMS) rules for operators, and to promote an industry driven self-regulatory regime for the safety certification of commercial human spaceflight systems (similar to “Classification Societies”), and for flight personnel training and certification • Consistently with the “extended ICAO”, enlarge scope and mandate of national space licensing authorities (e.g. FAA-AST)