Air Traffic ControlSoftware System Failure

Case Study – To-be ScenarioPresented by Stanley Dam

ForSE 6361 Advanced Requirement Engineering

12/07/2013

Summary of Problem

• VCSU was shutdown on its own without warning after 49.7 days of operation

• Backup system also failed within a minute after it was turned on

• Air Traffic Controllers could not communicate with 400 airplanes they were responsible for

• About 800 airplanes and 30,000 people were impacted

• System was down for 3 ½ hours

Four Worlds of REfor Air Traffic Control System

.

builds

uses

Airplane

FAA/Air Traffic Controllers

VSCS System

Harris Corp

contracts

controls and communicates with

needs to ensure safety of

PIG

Reliability

Availibility

Rely on operatorto perform reset

++

__

Conclusion of Problem

• Inadequate Requirements• “Server is timed to shut down after 49.7 days

of use in order to prevent a data overload” workaround should NOT be acceptable

• Improper trainings for maintenance technicians

Proposed Functional Requirements

• The VCSU system shall report error to the System Manager

• The System Manager shall display category 2 (CAT2) alert upon receipt of system error

• The VCSU system shall not shutdown on CAT2 alert or below

• The VCSU system shall reset timer when it reaches zero without human intervention

Proposed Non-Functional Requirements

• VCSU system shall continue operation after reporting any errors to the System Manager

• System uptime should be equal or exceed 99.99% by a running primary redundancy backup system and a standby secondary backup system

• System level test of backup system should be done every 30 days to ensure proper functions

Concept of Operations (CONOPS)

Air Traffic Controller

VSCS VCSU (server)

System Manager

Maintenance Technician

uses displays errors

monitors / reports

monitors

Questions?

Thank YouGood luck to everyone and see you next semester