March 2020 – Article by AL.com – There are approximately 70,000 airline flights in North America on any given day. We put our faith in the commercial airline system for good reason; the FAA requires rigorous testing for airworthiness that covers design and manufacturing processes of new aircraft models. Still, malfunctions due occur, making headlines.
- 1997 Korean Air flight crashed three miles short of the intended runway because of a fault in the Ground Proximity Warning System, killing 228
- In 2008 Qantas Flight 72 from Singapore to Perth experienced sudden loss of altitude when the flight control software malfunctioned. Due to the quick thinking and expert pilotage of Captain Kevin Sullivan, a former Top Gun pilot, all 300 passengers survived after an emergency landing, with 100 seriously injured.
- In 2016 a West Air Sweden cargo jet’s flight computer disengaged its autopilot and erroneously indicated that the nose was drifting too high. The pilot forced the nose down and entered a dive from which the plane did not recover. Neither pilot survived.
- The well-publicized crashes of Ethiopian Airlines Flight 302 in October 2018 and Lion Air Flight 610 in March 2019 were caused by unexpected behavior of the flight control system on the Boeing 737 Max. Underlying software issues have been found as recently as last month, and the fleet remains grounded.
These accidents were not caused by design flaws or broken components. They involve the complex interaction between hardware and software. Nearly every function in a modern aircraft relies on software.
Testing a new commercial aircraft design for airworthiness certification can take years. The software systems are an increasing focus of that testing, and military aircraft have the added complexity of sophisticated sensors, weapons, and security encryption. Can you imagine what it takes for the Army or Air Force to achieve their own stringent airworthiness standards? Airworthiness is a pressing national security matter—and in our high stakes technological race with near-peer super-powers, there is increasing pressure to develop software that coordinates more aircraft functions than ever before.
Achieving airworthiness involves interdisciplinary teams of military experts and civilian contractors. It takes an especially thorough team of software and systems engineers to make sure a safe, reliable and formidable aircraft makes it to the battlefield. This is a field for the most analytical problem solvers, but also requires clear communicators.
Doug Taylor is a Software Quality & Mission Assurance Engineer at Intuitive Research and Technology (INTUITIVE), a Huntsville aerospace and defense company that offers (among other capabilities) airworthiness software analysis.
“Safety and airworthiness analysis require attention to detail. The standards, guidelines, and industry-best practices contain a wealth of knowledge obtained from a long history of good and bad examples. The history of case studies is fascinating to those in our field of expertise,” says Taylor.
Taylor says that “Fly-by-Wire” (FBW) technology, meaning a flight control system managed electronically, has been an aviation standard since the ‘70s. In the early days of FBW, software was simple; however, today’s 5th generation jet fighters (and upcoming 6th generation fighters) have millions of lines of code controlling all aspects of flight. As software complexity increases, so does the risk of an undetected failure.
How to Become an Airworthiness Expert
Taylor has been involved with engineering solutions for over 30 years. He graduated with a degree in Electrical Engineering with an emphasis in computer electronics and began his career writing microcode for a custom-designed chip set and writing C and C++. His first experiences with DoD applications was writing modeling and simulation software used for training by the Air Force. By 2011, he was writing software that met the rigorous demands of software safety and airworthiness:
“At that time, we were writing aircraft Flight Performance Modules (FPMs) which, in simple terms, are computer models to quickly determine an aircraft’s performance constraints, answering such questions as how high, how fast, how far, how much weight, how long of runway for takeoff, etc. These FPMs were used during flight planning but were also embedded in the cockpit to react to real-time mission changes.”
Because mission success and soldiers’ lives depended on the calculations to be correct, the software had to be carefully created and exhaustively tested. He became familiar with landmark military software safety standards such as DO-178C and MIL-STD-882E. In 2013, he was hired by INTUITIVE to lead their team of contractors supporting software safety and airworthiness tasks at the Software Engineering Directorate (SED) on Redstone Arsenal. As software and integration of existing weapons became necessary, so did mastery of standards and guidelines, such as the Joint Software Systems Safety Engineering Handbook, Army Regulation 385-10, and AMCOM Regulation 385-17.
The Work
According to Taylor, an airworthiness assessment requires that his team interact with the government customer and the developers of the system or software (often larger entities like Lockheed, Boeing, etc.). In a role that is by nature probing and detail-oriented, he said it is best to assume a peacemaker personality. “Amidst the stress of timelines and complex system testing, it’s always important to default to an attitude of collaboration to produce the best product for the warfighter’ versus ‘I’m here to find everything you did wrong,’” said Taylor. At the same time, finding software mistakes will save time, money, reputations, and lives.
“Software safety analysis done right is involved at the very concept phase of a new aircraft, contemplating every potential impact that the software will have on the system,” he said. To use the recent 737 Max issues as an example, additional software issues have been created in the process of rectifying its original defects. According to Taylor, “If software safety analysis is reactive, it’s happening too late.”
INTUITIVE’s airworthiness analysis involves all stages of software development: requirements, design, architecture, interfaces with hardware, redundancy, low level testing, integration testing, and system testing. Every new aircraft project, and other weapons systems for that matter, have an impact on one another as well as on older legacy systems still in operation. INTUITIVE often guides these safety-critical software updates through a recertification process.
Team-Workers
The demands for airworthiness software safety for the military has only increased with multi-domain operations. Electrical, systems, aerospace and software engineers thrive in this niche with the properly cultivated interests. Taylor’s advice:
“Read up on various case studies of software failures in mission critical applications—classic examples exist in the medical field, in commercial and military aviation, and in space exploration. Get familiar with the various standards and guidelines; understand how they are similar and different; ask about expected updates to them. Finally, get involved in online discussion forums.”
Getting technical is half the battle. INTUITIVE looks for recruits with an investigative mind, but also good communication skills. “As a company and as a prime contractor, INTUITIVE has always been very intentional to build teams that have strong skills with low drama. We work well together, enhancing the team by utilizing the unique strengths of the individual contributors,” said Taylor.
The bigger picture is that software will ultimately make automation and integration in aircraft so good that Warfighters can fully devote themselves to the kind of decisions and operations only they can perform—and do so out of harm’s way.
If you have an interest in joining the team that tackles the challenges of the future, please click here today.