Contingency: In light of the Chicago centre fire, what lessons should the industry learn and what developments or improvements, if any, are needed in providing service contingency?

In light of the Chicago centre fire, what lessons should the industry learn and what developments or improvements, if any, are needed in providing service contingency?

José Ángel HiguerasHigueras, Ineco By focusing on ATM and not on human resources practices, the main lesson learnt should be the fact that primary and backup systems should not be placed at the same location.

If not, a second measure may be that one centre may take over the flights controlled by another. In this case, the use of a distributed architecture network would indeed improve the service in the event of any contingency.

Those kinds of solutions are currently under assessment in different R&D initiatives such as SESAR or NextGen.

Clinch, SITAThe fire set at the FAA’s Chicago ARTCC took out the sole telecommunications room cutting off access to CNS and adjacent centres. One lesson is that ATC centre systems should be connected to a ‘ring’ that connects to at least two physically separated hot standby telecoms rooms with separate access security making it impossible for any one person to get into both rooms.

Jean-Philippe RamuRamu, NetJets Without commenting on the circumstances that caused this accident, the lack of redundancy of a control tower in a large airport is a known problem.

The virtual contingency tower, which is the ability to provide airport traffic services from a remote location, is being developed to provide back-up solutions and maybe in the future minimise the impact of such events.

Nevertheless, business aviation is less impacted by such contingencies as our business model enables it to propose flexible departure and destination airports, for instance with the use of small proximate airports. That said, virtual control towers are also a promising technology for small airports struggling with the cost of infrastructure.

Alvaro GammicchiaGammicchia, ECA We are entering in a new, technology-intensive era which offers a lot of possibilities to cope with foreseeable situations, like the sudden impossibility to continue providing a service from a certain location for whatever reason.

We have already seen the use of remote piloting or controlling, in the case of RPAS and remote towers. One of the goals of the remote tower concept is the contingency aspect, having a backup installation that supports the main centre.

As always, planning for the unforeseen is the trickiest part, so a big effort has to be made, especially the protocols regarding when to change to the back-up mode, who should be in charge and how this new configuration should be integrated in the surrounding system. It is also crucial to convey this information to the crews in a timely manner so that the level of service is secured, but always trying to keep it as simple as possible.

Paul RavenhillRavenhill, Helios Reflection on Chicago should focus on two issues. Firstly are contingency plans in place to restore an air traffic service? The FAA was able to provide a contingency service from neighbouring centres during the two weeks it took to restore Chicago to operations.

All ANSPs should have clear plans to handle major system outages that can be deployed within hours of a disruption. Chicago is a good reminder of the need to review and test those plans regularly. The level of service available from a contingency plan is a policy issue that should be well understood by the airspace user community – after all they pay for the extra capacity when it is not being used.

Secondly, the fire appears to have been started by a contractor inside the centre – insider sabotage is a key concern from a security perspective. Technical measures can help protect ATM assets from cyber-attack but vigilance is also required to ensure that systems are not compromised from the inside.

Cyber-security could become the new bête noire for service continuity as the century progresses. The Chicago incident should cause all operational stakeholders to review their business continuity plans against the changing geo-political climate.

Sascha PuetzStejskal, ERA The lessons learned should be more on the side of service providers. Any system even perfectly secured can be hacked by any means. The question should rather be, in light of Chicago centre fire how can we achieve decentralisation to eliminate a single point of failure? We should start working on the sensor side and go further, distributing data to multiple nodes and creating natural redundancy in the form of decentralised data management points.

There are more and more complex ATM system designs mitigating single point of failure. Such ATM systems focussing on surveillance sensors redundancy as well as contingency centres including data fusion, processing as well as control working positions. The concept of the remote tower is definitely one of the things to be pursued and discussions should take place between ANSPs to share experience and best practice, when implementing such systems.

Posted in Euro Survey 2015, Security Tagged with: , , ,

Comments are closed.