“…We take a flight believing that our aircraft’s design and construction are based on sound foundations. It’s not a leap of faith. Safe flight can only be made with rock solid aircraft design certification. An integral part of that aircraft design certification is system safety assessment. The experience of use, accidents and incidents have guided the refinement of aircraft system safety assessment. Briefly we’ll go on a journey through the last 70 years of civil aviation, visiting the basis for the probabilistic approach to system safety assessment that is now shaping development of a new generation of eVTOL aircraft. Next, we’ll look at applying safety objectives and finally, we’ll consider the case for the use of a performance-based approach to aviation systems safety.
Looking back through the history of civil aviation, rules were found necessary to drive down the numbers of fatal accidents. Civil airworthiness codes (e.g., FAR/CS 25, 23, 29 and 27) have evolved from their original empirical and prescriptive nature.
To quote an early airworthiness code: “Chain sprockets shall be guarded, so that it is impossible for the chain to jam or override the sprocket.” Empirical and prescriptive regulation leaves an aircraft designer with little scope. It’s limiting even when there may be a better alternative solution at hand.
Before the 1950s, civil aircraft used comparatively simple systems. They were self-contained so, most often, the failure of one aircraft system did not influence the continued safe operation of another. One exception to this condition was that of an aircraft’s electrical system, where the effects of combinations of failures swiftly became evident. Electrical systems were used to power several systems upon which an aircraft’s safe flight was dependent.
In the U.S., the Code CAR 4b started to recognize interdependences in its text, e.g., “The system should not be rendered inoperative by any probable malfunction, if operation of this system is necessary to maintain controlled flight or effect a safe landing for any authorized flight operation.”
Thus, the terms of risk and probability started to become a key part of aircraft certification.
In the early 1960s, it was the advent of automatic landing systems that changed the game. These aircraft systems were significantly more complex, and not obviously safe when compared to what had gone before because of the number of interfaces, connections, and dependencies…”