cliffy Posted November 5, 2020 Report Posted November 5, 2020 Here's a question for the group Why wouldn't the TT A/P qualify as NORSEE equipment ? Here's a cut from the enabling legislation (Policy No: PS-AIR-21.8- 1602) Most NORSEE categories fall under the avionics, electronic instrument, and display categories. However, mechanical and other NORSEE categories can use the same methodology and evaluation approach, as outlined in this policy statement. The types of equipment that may be considered NORSEE include, but are not limited to the following: Traffic advisory system, Terrain advisory (such as a terrain awareness and warning system (TAWS)), Attitude indicator, Weather advisory, Crashworthiness improvement, Configuration advisory (such as gear advisory for floats and takeoff/landing configuration), Supplemental indication (such as a fuel flow or fuel quantity indicator), Monitoring/detection system (such as a smoke, carbon monoxide, or fire detector), Extinguishing system (such as a fire extinguisher), and Stability and control (such as an autopilot or stability augmentation system). Why go all the way to full certification? How about the Experimental model with the certified servos (as I know the feds would require that, they decouple the drive gears with power loss)? Gets around the full cert log jam Accomplishes the same end point ( no approach capability yet in the certified one either or by choice cancel the approach capability for the NORSEE install) Maybe BK should look at this? 4 Quote
PT20J Posted November 5, 2020 Report Posted November 5, 2020 1 hour ago, cliffy said: Here's a question for the group Why wouldn't the TT A/P qualify as NORSEE equipment ? Here's a cut from the enabling legislation (Policy No: PS-AIR-21.8- 1602) Most NORSEE categories fall under the avionics, electronic instrument, and display categories. However, mechanical and other NORSEE categories can use the same methodology and evaluation approach, as outlined in this policy statement. The types of equipment that may be considered NORSEE include, but are not limited to the following: Traffic advisory system, Terrain advisory (such as a terrain awareness and warning system (TAWS)), Attitude indicator, Weather advisory, Crashworthiness improvement, Configuration advisory (such as gear advisory for floats and takeoff/landing configuration), Supplemental indication (such as a fuel flow or fuel quantity indicator), Monitoring/detection system (such as a smoke, carbon monoxide, or fire detector), Extinguishing system (such as a fire extinguisher), and Stability and control (such as an autopilot or stability augmentation system). Why go all the way to full certification? How about the Experimental model with the certified servos (as I know the feds would require that, they decouple the drive gears with power loss)? Gets around the full cert log jam Accomplishes the same end point ( no approach capability yet in the certified one either or by choice cancel the approach capability for the NORSEE install) Maybe BK should look at this? Sounds like a good question for Ron @Blue on Top Quote
ZuluZulu Posted November 5, 2020 Report Posted November 5, 2020 Because an autopilot is integrated with other systems and if it fails, the results could be catastrophic. NORSEE is intended only for equipment whose failure condition is minor: "1.4 Safety Evaluation. The overall safety evaluation for non-required equipment assumes the equipment will fail, regardless of the system or subsystem and the probability of such a failure. The safety evaluation must show evidence that such failures do not reduce the capability of the aircraft or the ability of the pilot/flightcrew to cope with a failure condition worse than minor. "For integrated systems, the evaluation process also should take into account any additional interdependencies that may arise because of integration. In all cases involving integrated systems, the safety evaluation process is of fundamental importance in meeting the safety objective for the system. Design considerations may include, but are not limited to— "Separation from those systems that are considered primary (required by airworthiness standards or operating rules, or critical to the operation of the aircraft); "Independence in operation that does not require input, signal, or information acquired from a primary system to operate; and "Protection from adverse effects on the rest of the system during normal operating conditions or when failure occurs. "A more robust safety evaluation may be necessary if it concerns complex systems with a high degree of integration, unproven new technology, or systems that can directly control the aircraft. There are appropriate safety assessment tools (such as failure modes and effects analyses or functional hazard analyses) tailored specifically to evaluate these types of systems. The overall safety evaluation process should consider a system’s architecture, functionality, operational capabilities and limitations, human factors, and whether the system requires pilot training. Once the evaluation is completed, it should provide the necessary assurance that all foreseeable failure conditions (such as loss of function or misleading information) have been identified and assessed." If the failure mode is more than minor, a pretty robust evaluation process is contemplated, but the FAA says so little about above-minor failures in the March 31, 2016 Policy Statement (seriously, it's barely a page) that I think it's fair to assume they would push an applicant into full certification: "2 NORSEE APPROVAL WITH FAILURE CONDITIONS ABOVE MINOR. "2.1 The regulations applicable to NORSEE include 14 CFR xx.1301 and xx.1309 for parts 23, 27, and 29. NORSEE can improve safety when installed in aircraft, even though it is not required for certification or the rules under which the aircraft operates (such as 14 CFR parts 91, 133, 135, 136, and 137). The premise of these rules is that systems and equipment in aircraft must be appropriately designed, manufactured, and installed so each performs its intended function and does not present an unacceptable hazard to the aircraft because of malfunction or failure. "2.2 To show compliance with the requirements pursuant to § xx.1309, it is necessary to show that NORSEE installation will not cause unacceptable adverse effects and to verify that the aircraft is adequately protected against any hazards that could result from malfunctions or failures caused by NORSEE. If it is determined that failure or malfunction could result in a hazard to the aircraft, that hazard must be minimized through mitigating means to an acceptable level, or prevented altogether depending on the severity of the failure and its effect on the aircraft. Design features should be taken into account to prevent hazards either by ensuring the failure condition will not occur or by having redundancy or annunciation with acceptable corrective action by the associated flightcrew." Source (emphases added). That process would have to be so involved that you might as well pursue full certification. And I bet BK's lawyers wouldn't be thrilled by the lawsuits that will result if their NORSEE-approved equipment kills people, especially once the jury is told that BK cut corners and cheaped out, when all of their competitors (Garmin, Genesys, Dynon, etc.) obtained full certification, so that they could start selling units faster. 2 Quote
tmo Posted November 5, 2020 Report Posted November 5, 2020 5 minutes ago, ZuluZulu said: especially once the jury is told that BK cut corners and cheaped out to start selling units faster Yeah, we all know how it worked out for Boeing... Quote
CharlesHuddleston Posted November 6, 2020 Report Posted November 6, 2020 So only asking because I'm not 100% sure, but would it have to be certified to be installed if operating under Part 91 rules? I mean, the equipment and avionics installed in in experimental aircraft are not certified, but are used under Part 91 regs. I would think that if you had an installer that would be willing to install it, and/or could get it signed off by the FSDO, you could use it as you please or see fit. Now when it came to having someone sign of on an annual inspection or airworthiness, you could have problems. Like wise, if you tried to sell it with non-TSO or non-STC approved equipment, I suspect you could have some problems! Again, I'm not sure how all the rules would apply and be able to make it work out. Quote
Hank Posted November 7, 2020 Report Posted November 7, 2020 @CharlesHuddleston, that's the beauty of the NORSEE regulations. Get it signed off once, then it's always legal. Quote
Blue on Top Posted November 7, 2020 Report Posted November 7, 2020 On 11/4/2020 at 9:29 PM, cliffy said: Here's a question for the group Why wouldn't the TT A/P qualify as NORSEE equipment ? @cliffy Your background search is fantastic! It's the little details that get projects hung up. This topic has people who are very hard-over (pun NOT intended) on both sides. The problem is that there is a ton of grey area in the middle. NORSEE items are still required to address the system safety analysis. To show compliance with the new regulations, it might be an analysis of amount of good it does times the percentage of time it does it versus what bad things can happen times how often they can happen. If the system is shown to do great good the majority of time, that's a positive. If the same system is shown to be catastrophic in a few cases, that's not so good. For example, if an autopilot is relying on an ADAHRS for input and the pitot or static is lost (or giving it bad data), the attitude and/or altitude will soon be degraded. The autopilot is now following this bad data - with possible catastrophic results. VFR, one is probably okay. IFR, not so much. On an approach, really bad. 1 Quote
cliffy Posted November 7, 2020 Author Report Posted November 7, 2020 B on T- My postulation was specific to the TT A/P The TT is not approach certified AFAIK (Just like many of the old Brittains.) +1 for that item (min altitude for engagement can be high like 700 ft AGL) Doesn't have to be as most legacy airplanes and pilots would never use it. I'm sure there is data right now enough to qualify it for ADAHRS issues Autopilot hard overs are always something to consider. In the TT system they have a disable switch (as do ALL A/P on the control wheel) that cuts all power to the system (no more driven hard overs). Servo malfunction was addressed in the first certification with the design of a new drive for the servos in that they completely disengage the drive/gear system from the actuator segment so a frozen servo would not hang up the control system. Lastly the servos are designed to be able to be "overriden" by control force input (IIRC) in the event of a hardover. The electronics are already certified for Pt 23 so they know all the MTBFS and failure modes. NORSEE only calls for "some agency" capitulation on design (SAE for example). All of the work that has been done before for certification can transfer right over to a NORSEE approval for all other airframes. The "fine points" you mentioned I think would be easier to overcome due to the limited exposure if it was "certified" for only climb decent and cruise and NO approach capability (might even electronically remove that nav function once the IAF was passed) I'm still thinking they could sell thousands of them (in that condition) to the vast majority of legacy airplanes out there as most do not ever venture into IFR approach territory. They wouldn't have to invest the millions it will take in certification on all the other airframes out there. They've got the hard work done already. I'm not even going to consider "resale" value being better with a fully certified approach capable A/P as most older legacy airplanes will not ever reach that point if they have a basic A/P like described. Might be a factor in 1/10 at most. Installation kits of course would have to be designed for each different airplane (a revenue stream in itself) but a much easier path for everyone than a full certification for each airframe out there. The profit margin just might be wider (the price should come down some but the margin just might be wider overall) this way as less effort by far is needed to be able to sell the units and the installation kits can go into that. Once the A/P and servos are passed as NORSEE then they can go in any airframe Only the installation kit is needed to be designed and that wouldn't need separate certification only compliance with proper aircraft quality pieces and design. I don't see anything in the NORSEE regs that is too daunting. Certainly not as daunting a full certification for all the other airplanes out there that could use a basic A/P Just thinking outside the box 2 Quote
Blue on Top Posted November 7, 2020 Report Posted November 7, 2020 16 hours ago, cliffy said: Just thinking outside the box Great thinking! My guess is that they may have more internal information and past dealings with their local FAA office(s). I talk to the certification manager at Genesys (STEC) every week. I am often surprised at some of the stories he tells me. It could also be liability insurance. Only guessing. Quote
Blue on Top Posted November 8, 2020 Report Posted November 8, 2020 Sorry for this blurb, @cliffy, on your topic, but I'll get back to your topic by the end. It's Saturday night, and I'm in a talkative mood Being on the ASTM F44 Committees (Flight, Crew Interface and others), I get to listen to the FAA/EASA/TC/OEM/User/etc. reasoning. It's a seriously hard position and not straightforward as it may seem at times. I am developing a new stall warning system. The Committee is looking at systems that warn the pilot via at least 2 different human sensory paths (ironically, which was assumed by a couple on the Committee to be 2 different sensor paths ... more on that soon). A stick shaker (in most jets - both Part 23 and 25) is both tactile (the control shakes in your hands) and audible (you can hear the control system shaking if your hands are not on the controls ... a requirement for a shaker). Now, it has been brought up that this is a single-point failure. If the motor (shaker) doesn't turn, both tactile and audible warnings will be lost. Almost all Part 23 airplanes have at least one single-point failure mode (Mooney aircraft have the Safe Flight, wing-mounted flip switch, wiring and stall horn). OEMs are scared this is going to have to be made redundant. This will add significant cost. To get back on topic, it has also been brought up about autopilots and if they should be required to turn off at stall warning (leaving the pilot with an out of trim, about to stall airplane) or if they should be required to protect the airplane from ever stalling. The answers aren't easy or straightforward. Quote
cliffy Posted November 8, 2020 Author Report Posted November 8, 2020 Solve the stall warning redundancy issue by installing 2 identical but separate systems One on each wing ??????????? Don't most all 23 airplanes also have a tactile buffet at stall? Even the 727 did. We flew through the shaker to the buffet and held it there in sim training. Its quite strong. 95 kts IAS IIRC at our weight. But then again, a 727 was a pilot's airplane. My take? You can have all the stall warnings you want but most accidents pass through the boundary so quickly that no warning would stop the action. I tend to think that most accidents on stalls and terrain (dead people) occur as a stall/spin as the bank angle steepens quickly at low speed in a turn. One may not have enough time to react to any stall warning system in that situation. Now if the system had predictive quality to it???? They tried to make big jets safe (Airbus) by having everything in auto from 300' going up to roll out Even take away the pilots ability to over ride the airplane computers and now what do they have ? They lose one jet in the Atlantic because no one could understand they were in a stall and now many are having hand flying skill set problems because of the automation. How is making the autopilot command no stall any different than the Airbus crash? First item on our 1st AB sim ride was pull the stick aft and hold it there. "See the airplane won't stall" Where did that get them? A mind set from training that was dangerous especially to the low experienced pilot. The exact target they were trying to protect from. Everyone seems to forget that the one big design thought at the time of the 1st Airbus was to protect the airplane from low time 2nd and 3rd world ab initio co pilots. Hence- the autopilot computer knows more than you do so we won't let you do that. I hear echoes of a movie from long ago 'I can't let you do that" ! Hal 2001 Space Odyssey Lunacy comes in all colors. Are there any REAL pilots on any of these boards that make the rules? Maybe I'm just frustrated at the 'everything automation" outlook. Flying is not just a computer game app. All the training in the world can't and won't replace experience. And, not everyone is cut out to be a pilot. It ain't for everyone. 3 Quote
EricJ Posted November 8, 2020 Report Posted November 8, 2020 (edited) 34 minutes ago, cliffy said: Solve the stall warning redundancy issue by installing 2 identical but separate systems One on each wing ??????????? When there are two of something it does not necessarily provide redundancy, just failure detection when they don't agree (since you don't know which one isn't correct). Properly engineered systems with multiple sensors, i.e., there are redundant systems with redundant sensors, so if the sensors on one don't agree, it can detect the fault and indicate that it's the broken one, make this much more reliable. This isn't new. Proper engineering practices for this sort of thing have been known for many decades for high reliability or safety-critical systems. The same is true with software: how to make highly reliable software is a known thing, but it's more expensive. When companies knowingly depart from the recognized best practices in order to save money to increase profit it will have a predictable effect. So low-cost and reliable auto-pilot for safety-critical stuff don't necessarily go together. Edited November 8, 2020 by EricJ 1 Quote
Blue on Top Posted November 8, 2020 Report Posted November 8, 2020 2 hours ago, cliffy said: 1. Solve the stall warning redundancy issue by installing 2 identical but separate systems. One on each wing ??????????? 2. Don't most all 23 airplanes also have a tactile buffet at stall? Even the 727 did. We flew through the shaker to the buffet and held it there in sim training. Its quite strong. 95 kts IAS IIRC at our weight. But then again, a 727 was a pilot's airplane. 3. Are there any REAL pilots on any of these boards that make the rules? 4. Maybe I'm just frustrated at the 'everything automation" outlook. Flying is not just a computer game app. 5. All the training in the world can't and won't replace experience. @cliffy I agree with you. 1. Yes, but it will add at least $5K-$10K to each airplane. It will also increase maintenance costs and down time if a system is not functioning. 2. Yes, most older airplanes have natural buffet in most configurations. Most newer airplanes do not. The regulation states that stall warning must come from the same source for all aircraft configurations, weights and CGs. So, if some configuration or CG results in too little or no stall warning, the stall warning must be artificial. 3. Yes, the vast majority of us committee members are "real" with thousands of hours each, both military and civilian. 4. I agree with you on the automation, but fully-autonomous airplanes are coming ... soon. Mooney is/was even looking at it. The part that is humorous to me is that most of the companies looking at this think that they can hand the airplane back to a pilot if something goes wrong. We have already proven the more autonomous a vehicle is, the more the pilot is out of the look and the less the pilot is capable of controlling the vehicle. 5. I, personally, don't believe that training is the answer to the fatal LOC rate. I would venture to say that most if not all of the pilots that are no longer with us passed their last Review and would pass their next one if they were still with us. BTW, the vast majority of LOC fatal accidents are on takeoff, go-around and the moose turn (looking at something on the ground). As you eluted to, we are not getting the pilot's attention soon enough. @EricJ You're correct with respect to redundancy. In this area it is all about the numbers. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.