CSC 379:Week 5, Group 1: Difference between revisions
No edit summary |
(Improve on the study guide some more.) |
||
(7 intermediate revisions by one other user not shown) | |||
Line 30: | Line 30: | ||
==Overview== | ==Overview== | ||
Joseph Mangan, a former employee of TTTech Computertechnik, blew the whistle on Airbus and TTTech regarding the safety of the cabin pressure system on the Airbus A380 aircraft in September 2004 by contacting the European Aviation Safety Agency (EASA). TTTech supplies some components to Airbus for the A380, and has been accused by Mangan of "intentional non-compliance" with aviation safety rules. | ====History==== | ||
Joseph Mangan, a former employee of TTTech Computertechnik, blew the whistle on Airbus and TTTech regarding the safety of the cabin pressure system on the Airbus A380 aircraft in September 2004 by contacting the European Aviation Safety Agency (EASA). TTTech supplies some components to Airbus for the A380, and has been accused by Mangan of "intentional non-compliance" with aviation safety rules, at least partially because they were under great pressure from Airbus to meet deadlines. | |||
Mangan claimed that a flaw existed in the outflow valve control system, which uses TTTech controllers, that could result in a sudden loss of air pressure in the cabin. Such a loss of air pressure would result in passengers quickly losing consciousness, with other possible health consequences. One of the primary concerns generated by this claim was the lack of different backup systems to prevent the same problem from affecting all the valves at the same time. | Mangan claimed that a flaw existed in the outflow valve control system, which uses TTTech controllers, that could result in a sudden loss of air pressure in the cabin. Such a loss of air pressure would result in passengers quickly losing consciousness, with other possible health consequences. One of the primary concerns generated by this claim was the lack of different backup systems to prevent the same problem from affecting all the valves at the same time. | ||
====Results of the Whistleblowing==== | |||
Airbus and TTTech both denied there was a problem - TTTech went further by accusing Mangan of being a disgruntled ex-employee trying to get revenge. The EASA found that TTTech was not in compliance with safety rules and was not conducting appropriate tests, and the microchip at the heart of the controversy was deemed unacceptable: in the end EASA told Airbus to resolve the problem before the A380's final certification. | |||
Within a few days of reporting the suspected violations at TTTech, Mangan was fired and sued for defamation. TTTech also obtained a gag order, which Mangan then violated. Many of Mangan's difficulties stem from the lack of Austrian laws protecting whistle-blowers from retribution by their employers. Mangan has tried to get a new job, but has not been able to get a response from companies in the aerospace industry. | |||
==Table of Contents== | ==Table of Contents== | ||
<h3>General</h3> | <h3>General</h3> | ||
<ul> | <ul> | ||
<li> | <li>[http://www.csl.sri.com/users/neumann/air.html Computer Security in Aviation: Vulnerabilities, Threats, and Risks] | ||
Peter G. Neumann <em>SRI Computer Science Laboratory</em> </li> | Peter G. Neumann <em>SRI Computer Science Laboratory</em> </li> | ||
<li> | <li>[http://sunnyday.mit.edu/papers/smcit.doc Fault Protection in a Component-Based Spacecraft Architecture] | ||
Elwin C. Ong and Nancy G. Leveson <em>MIT</em> <img src="new.gif"></li> | Elwin C. Ong and Nancy G. Leveson <em>MIT</em> <img src="new.gif"></li> | ||
Line 51: | Line 55: | ||
<h3>Conflicting Views</h3> | <h3>Conflicting Views</h3> | ||
<ul> | <ul> | ||
<li> | <li>[http://www.newyorker.com/archive/2006/07/31/060731ta_talk_surowiecki The Fatal-Flaw Myth] | ||
The Financial Page by James Surowiecki, The New Yorker</li> | The Financial Page by James Surowiecki, The New Yorker</li> | ||
<li> | <li>[http://www.nytimes.com/2006/10/13/business/worldbusiness/13airbus.html?ei=5088&en=9c624e9920538fcd&ex=1318392000&partner=rssnyt&pagewanted=print Airbus Moves to Rewire Its Management First] | ||
By MARK LANDLER, The New York Times</li> | By MARK LANDLER, The New York Times</li> | ||
</ul> | </ul> | ||
Line 61: | Line 63: | ||
<h3>New uses of software</h3> | <h3>New uses of software</h3> | ||
<ul> | <ul> | ||
<li> | <li>[http://www.csmonitor.com/2006/0711/p03s04-usgn.html On space station, droids get a workout] | ||
Peter N. Spotts <em>Christian Science Monitor</em> <img src="new.gif"></li> | Peter N. Spotts <em>Christian Science Monitor</em> <img src="new.gif"></li> | ||
<li> | <li>[http://www.mobilemag.com/content/100/103/C8827/ Anti-hijack software controls planes from the ground] | ||
T.O. Whenham <em>Mobile Magazine</em> <img src="Aviation%20safety.php_files/new.gif"></li> | T.O. Whenham <em>Mobile Magazine</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
</ul> | </ul> | ||
Line 72: | Line 72: | ||
<h3>Software Malfunctions</h3> | <h3>Software Malfunctions</h3> | ||
<ul> | <ul> | ||
<li> | <li>[http://www.avweb.com/eletter/archives/avflash/465-full.html#190603 Pilots Battle Computer For Control Of 777] | ||
The AVweb Editorial Staff <em>AVweb</em> <img src="Aviation%20safety.php_files/new.gif"></li> | The AVweb Editorial Staff <em>AVweb</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
<li> | <li>[http://catless.ncl.ac.uk/Risks/23.12.html#subj2.1 B747-400 Electronic flight displays rendered inoperative] | ||
Peter B. Ladkin <em>The RISKS Digest</em> <img src="Aviation%20safety.php_files/new.gif"></li> | Peter B. Ladkin <em>The RISKS Digest</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
<li> | <li>[http://catless.ncl.ac.uk/Risks/24.03.html#subj3.1 Flight Control System Software Anomalies] | ||
Peter B. Ladkin <em>The RISKS Digest</em> <img src="Aviation%20safety.php_files/new.gif"></li> | Peter B. Ladkin <em>The RISKS Digest</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
Line 87: | Line 84: | ||
<h3>Effects of portable electronic devices</h3> | <h3>Effects of portable electronic devices</h3> | ||
<ul> | <ul> | ||
<li> | <li>[http://www.cmu.edu/PR/releases06/060228_cellphone.html Carnegie Mellon Researchers Find Cell Phones Pose Greater Risk to Airplane Navigation Than Previously Believed] | ||
<em>Carnegie Mellon University</em> <img src="Aviation%20safety.php_files/new.gif"></li> | <em>Carnegie Mellon University</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
<li> | <li>[http://www.spectrum.ieee.org/print/3069 Unsafe At Any Airspeed?] | ||
<em>IEEE</em> <img src="Aviation%20safety.php_files/new.gif"></li> | <em>IEEE</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
<li> | <li>[http://catless.ncl.ac.uk/Risks/23.54.html#subj2.1 Tests show cell phones don't disrupt navigation systems] | ||
NewsScan <em>The RISKS Digest</em> <img src="Aviation%20safety.php_files/new.gif"></li> | NewsScan <em>The RISKS Digest</em> <img src="Aviation%20safety.php_files/new.gif"></li> | ||
</ul> | </ul> | ||
Line 101: | Line 95: | ||
<h3>Aviation standards</h3> | <h3>Aviation standards</h3> | ||
<ul> | <ul> | ||
<li> | <li>[http://www.airweb.faa.gov/Regulatory_and_Guidance_Library/rgAD.nsf/0/94171A756992D0408625708300551865?OpenDocument&Highlight=software Airworthiness Directive] | ||
<em>FAA</em> <img src="Aviation_safety_files/new.gif"></li> | <em>FAA</em> <img src="Aviation_safety_files/new.gif"></li> | ||
<li> | <li>[http://catless.ncl.ac.uk/Risks/9.01.html#subj2.1 UK Defense software standard] | ||
Sean Matthews <em>The RISKS Digest</em> </li> | Sean Matthews <em>The RISKS Digest</em> </li> | ||
<li> | <li>[http://catless.ncl.ac.uk/Risks/16.16.html#subj3 Summary of safety-critical computers in transport aircraft] | ||
Peter B. Lankin <em>The RISKS Digest</em> </li> | Peter B. Lankin <em>The RISKS Digest</em> </li> | ||
<li> | <li>[http://satc.gsfc.nasa.gov/assure/nss8719_13.html SOFTWARE SAFETY NASA TECHNICAL STANDARD] | ||
<em>NASA</em> </li> | <em>NASA</em> </li> | ||
</ul> | </ul> | ||
==Study Guide== | |||
===Code requirements/standards=== | |||
To what kinds of requirements should aviation software be held? The United Kingdom Department of Defense has a set of requirements for software used in military aircraft. The Federal Aviation Administration has many guidelines for writing and reviewing code, while NASA has recommended metrics to ensure adherence to specifications. | |||
* There are controversial code requirements from various government agencies, such as this standard from the UK Department of Defense. | |||
* The FAA has quite a few documents with suggested practices on writing and reviewing code for airborne systems. | |||
* NASA recommends using metrics during software development, but especially during the requirements phase. The report claims that the cost benefits of finding and correcting problems in the requirements phase is 14 times better than not doing so. | |||
* The adoption of accepted software development standards like [http://www.sei.cmu.edu/cmm/ CMM] and [http://www.managementhelp.org/quality/iso9000/iso9000.htm ISO9000] could help the aviation companies achieve better quality procedures and checkpoints. | |||
* Training could help developers to analyze and research quality issues with a plane early in the development phase. | |||
* Regular 3rd party audits on the products, maintenance, and operations can be conducted in a regular basis to assure the customers that the company and management are doing all they can to maintain the best level of quality as efficient as possible. | |||
===Analyzing/Testing Code=== | |||
What kinds of analyzing and testing should be done on aviation software? The United Kingdom military believes that static code analysis is the answer. There are groups that are trying to standardize the software safety procedures. | |||
* A study of static code analysis to evaluate UK military avionics software. This involves studying the source code in the editor, which will hold true under all conditions. | |||
* The Certification Authorities Software Team (CAST) is an international group promoting standardization of certification and regulatory positions on software and complex electronic hardware aspects of safety. | |||
* A study and analysis of currently used software industry quality practices should be periodically conducted and improved upon by the individuals and the company. | |||
===Organizations and Standards=== | |||
What kinds of laws and enforcement should be available to the company, employee, industry, and government to assure that the safety of the passengers is always first? It is important that secondary oversight is present to maintain a certain level of quality and safety within the industry. What other types of oversights would help maintain quality and safety standards? | |||
* An Industry standard and committee should be formed consisting of different companies and individuals to organize and study audits, incidents, and new safety operating procedures. | |||
* Election of outside professionals and involved company representatives work together to improve safety in the industry. | |||
* Laws to police and enforce safety of products should be developed and suggested to the government to protect the unfair treatment of individuals when communicating quality issues are ignored by the company, and most importantly management. | |||
===Portable electronic devices=== | |||
Are passengers' electronic devices dangerous on planes? The prevailing studies show that the amount of radiation from these devices is potentially, and many incidents of aviation software malfunction demonstrate this. No plane crashes have been attributed to onboard electronic devices yet. | |||
* This report by the House shows incidents of interference and details some restrictions put in place. | |||
* A study shows that portable electronic devices can disrupt normal operation of key cockpit instruments, especially Global Positioning System (GPS) receivers. Private studies show that people are illicitly using cellphones on planes and that current levels of in-flight radio frequency emissions can be dangerous. On the other hand, this post cites a study claiming cell phones don't disrupt flight systems. |
Latest revision as of 10:01, 6 August 2007
Airbus 380 Software Flaw
Provide an overview of this ethical controversy and links to information relevant for each set of ethical concerns cited.
Cover information contained in both articles:
Included below are two excerpts that give an overview of the content of this topic:
"Mr Mangan claims a defect in the outflow valve control system could lead to an abrupt loss of cabin pressure, leaving passengers unconscious in as little as 20 seconds. "Normal oxygen masks don't work properly above 33,000 feet. Anybody over forty or over-weight is at a high risk of embolisms," he said."
"Airbus dismissed fears about the A380 as baseless. "We have examined this internally and found absolutely no reason to be concerned. The scenario made up by Mr Mangan does not exist," said spokesman David Voskuhl."
"TTTech falsely classified its micro-chip as a simple "off-the-shelf" product already used in car valves in order to except it from elaborate testing rules, he claimed. This would breach both EU and US law on aircraft regulation. "I refused to sign off on the test results, but TTTech went ahead anyway," he claimed."
"TTTech denies the allegations, calling him a disgruntled ex-employee who never fitted into the team, and is now bent on revenge."
Source: Telegraph.co.uk
"Most passenger jets have two cabin-pressure valves, with separate motors operating each. But because aircraft makers want redundancy on safety systems the planes have three motors for each valve, with different chips controlling each motor. [...] Most jetliners also have a manual override so that the pilot can take control in an emergency. [...] The company elected to go with four outflow valves on the A380, with only one motor on each valve, which are slightly larger than a cabin window. Each motor uses a TTTech controller chip, and there is no backup manual-override system."
"Mangan says the European aerospace establishment is whitewashing his claims because of enormous cost savings that will be realized if TTTech's chips are approved for the A380. TTTech's chip originally was designed for use in autos and the company is trying to get it certified as an existing, "commercial off-the-shelf" product that is acceptable for the A380, according to court records. Mangan, however, alleges that the chip is being customized for aviation purposes, and thus must undergo stringent testing before being approved by regulators. If regulators decide that TTTech's chip is a simple commercial device and can be used in the A380, it would then be available for other new aircraft without having to pass costly safety reviews."
Source: Seattle Times
Overview
History
Joseph Mangan, a former employee of TTTech Computertechnik, blew the whistle on Airbus and TTTech regarding the safety of the cabin pressure system on the Airbus A380 aircraft in September 2004 by contacting the European Aviation Safety Agency (EASA). TTTech supplies some components to Airbus for the A380, and has been accused by Mangan of "intentional non-compliance" with aviation safety rules, at least partially because they were under great pressure from Airbus to meet deadlines.
Mangan claimed that a flaw existed in the outflow valve control system, which uses TTTech controllers, that could result in a sudden loss of air pressure in the cabin. Such a loss of air pressure would result in passengers quickly losing consciousness, with other possible health consequences. One of the primary concerns generated by this claim was the lack of different backup systems to prevent the same problem from affecting all the valves at the same time.
Results of the Whistleblowing
Airbus and TTTech both denied there was a problem - TTTech went further by accusing Mangan of being a disgruntled ex-employee trying to get revenge. The EASA found that TTTech was not in compliance with safety rules and was not conducting appropriate tests, and the microchip at the heart of the controversy was deemed unacceptable: in the end EASA told Airbus to resolve the problem before the A380's final certification.
Within a few days of reporting the suspected violations at TTTech, Mangan was fired and sued for defamation. TTTech also obtained a gag order, which Mangan then violated. Many of Mangan's difficulties stem from the lack of Austrian laws protecting whistle-blowers from retribution by their employers. Mangan has tried to get a new job, but has not been able to get a response from companies in the aerospace industry.
Table of Contents
General
- Computer Security in Aviation: Vulnerabilities, Threats, and Risks Peter G. Neumann SRI Computer Science Laboratory
- Fault Protection in a Component-Based Spacecraft Architecture Elwin C. Ong and Nancy G. Leveson MIT <img src="new.gif">
Conflicting Views
- The Fatal-Flaw Myth The Financial Page by James Surowiecki, The New Yorker
- Airbus Moves to Rewire Its Management First By MARK LANDLER, The New York Times
New uses of software
- On space station, droids get a workout Peter N. Spotts Christian Science Monitor <img src="new.gif">
- Anti-hijack software controls planes from the ground T.O. Whenham Mobile Magazine <img src="Aviation%20safety.php_files/new.gif">
Software Malfunctions
- Pilots Battle Computer For Control Of 777 The AVweb Editorial Staff AVweb <img src="Aviation%20safety.php_files/new.gif">
- B747-400 Electronic flight displays rendered inoperative Peter B. Ladkin The RISKS Digest <img src="Aviation%20safety.php_files/new.gif">
- Flight Control System Software Anomalies Peter B. Ladkin The RISKS Digest <img src="Aviation%20safety.php_files/new.gif">
Effects of portable electronic devices
- Carnegie Mellon Researchers Find Cell Phones Pose Greater Risk to Airplane Navigation Than Previously Believed Carnegie Mellon University <img src="Aviation%20safety.php_files/new.gif">
- Unsafe At Any Airspeed? IEEE <img src="Aviation%20safety.php_files/new.gif">
- Tests show cell phones don't disrupt navigation systems NewsScan The RISKS Digest <img src="Aviation%20safety.php_files/new.gif">
Aviation standards
- Airworthiness Directive FAA <img src="Aviation_safety_files/new.gif">
- UK Defense software standard Sean Matthews The RISKS Digest
- Summary of safety-critical computers in transport aircraft Peter B. Lankin The RISKS Digest
- SOFTWARE SAFETY NASA TECHNICAL STANDARD NASA
Study Guide
Code requirements/standards
To what kinds of requirements should aviation software be held? The United Kingdom Department of Defense has a set of requirements for software used in military aircraft. The Federal Aviation Administration has many guidelines for writing and reviewing code, while NASA has recommended metrics to ensure adherence to specifications.
- There are controversial code requirements from various government agencies, such as this standard from the UK Department of Defense.
- The FAA has quite a few documents with suggested practices on writing and reviewing code for airborne systems.
- NASA recommends using metrics during software development, but especially during the requirements phase. The report claims that the cost benefits of finding and correcting problems in the requirements phase is 14 times better than not doing so.
- The adoption of accepted software development standards like CMM and ISO9000 could help the aviation companies achieve better quality procedures and checkpoints.
- Training could help developers to analyze and research quality issues with a plane early in the development phase.
- Regular 3rd party audits on the products, maintenance, and operations can be conducted in a regular basis to assure the customers that the company and management are doing all they can to maintain the best level of quality as efficient as possible.
Analyzing/Testing Code
What kinds of analyzing and testing should be done on aviation software? The United Kingdom military believes that static code analysis is the answer. There are groups that are trying to standardize the software safety procedures.
- A study of static code analysis to evaluate UK military avionics software. This involves studying the source code in the editor, which will hold true under all conditions.
- The Certification Authorities Software Team (CAST) is an international group promoting standardization of certification and regulatory positions on software and complex electronic hardware aspects of safety.
- A study and analysis of currently used software industry quality practices should be periodically conducted and improved upon by the individuals and the company.
Organizations and Standards
What kinds of laws and enforcement should be available to the company, employee, industry, and government to assure that the safety of the passengers is always first? It is important that secondary oversight is present to maintain a certain level of quality and safety within the industry. What other types of oversights would help maintain quality and safety standards?
- An Industry standard and committee should be formed consisting of different companies and individuals to organize and study audits, incidents, and new safety operating procedures.
- Election of outside professionals and involved company representatives work together to improve safety in the industry.
- Laws to police and enforce safety of products should be developed and suggested to the government to protect the unfair treatment of individuals when communicating quality issues are ignored by the company, and most importantly management.
Portable electronic devices
Are passengers' electronic devices dangerous on planes? The prevailing studies show that the amount of radiation from these devices is potentially, and many incidents of aviation software malfunction demonstrate this. No plane crashes have been attributed to onboard electronic devices yet.
- This report by the House shows incidents of interference and details some restrictions put in place.
- A study shows that portable electronic devices can disrupt normal operation of key cockpit instruments, especially Global Positioning System (GPS) receivers. Private studies show that people are illicitly using cellphones on planes and that current levels of in-flight radio frequency emissions can be dangerous. On the other hand, this post cites a study claiming cell phones don't disrupt flight systems.