Air Traffic ControlSoftware System Failure
Case Study – To-be ScenarioPresented by Stanley Dam
ForSE 6361 Advanced Requirement Engineering
12/07/2013
Summary of Problem
• VCSU was shutdown on its own without warning after 49.7 days of operation
• Backup system also failed within a minute after it was turned on
• Air Traffic Controllers could not communicate with 400 airplanes they were responsible for
• About 800 airplanes and 30,000 people were impacted
• System was down for 3 ½ hours
Four Worlds of REfor Air Traffic Control System
.
builds
uses
Airplane
FAA/Air Traffic Controllers
VSCS System
Harris Corp
contracts
controls and communicates with
needs to ensure safety of
PIG
Reliability
Availibility
Rely on operatorto perform reset
++
__
Conclusion of Problem
• Inadequate Requirements• “Server is timed to shut down after 49.7 days
of use in order to prevent a data overload” workaround should NOT be acceptable
• Improper trainings for maintenance technicians
Proposed Functional Requirements
• The VCSU system shall report error to the System Manager
• The System Manager shall display category 2 (CAT2) alert upon receipt of system error
• The VCSU system shall not shutdown on CAT2 alert or below
• The VCSU system shall reset timer when it reaches zero without human intervention
Proposed Non-Functional Requirements
• VCSU system shall continue operation after reporting any errors to the System Manager
• System uptime should be equal or exceed 99.99% by a running primary redundancy backup system and a standby secondary backup system
• System level test of backup system should be done every 30 days to ensure proper functions
Concept of Operations (CONOPS)
Air Traffic Controller
VSCS VCSU (server)
System Manager
Maintenance Technician
uses displays errors
monitors / reports
monitors
Questions?
Thank YouGood luck to everyone and see you next semester
Top Related