A literature review conducted as part of a research project named “Measuring Safety in Aviation – Developing Metrics for Safety Management Systems” revealed several challenges regarding the safety metrics used in aviation. One of the conclusions was that there is limited empirical evidence about the relationship between Safety Management System (SMS) processes and safety outcomes. In order to explore such a relationship, respective data from 7 European airlines was analyzed to explore whether there is a monotonic relation between safety outcome metrics and SMS processes, operational activity and demographic data widely used by the industry. Few, diverse, and occasionally contradictory associations were found, indicating that (1) there is a limited value of linear thinking followed by the industry, i.e., “the more you do with an SMS the higher the safety performance”, (2) the diversity in SMS implementation across companies renders the sole use of output metrics not sufficient for assessing the impact of SMS processes on safety levels, and (3) only flight hours seem as a valid denominator in safety performance indicators. At the next phase of the research project, we are going to explore what alternative metrics can reflect SMS/safety processes and safety performance in a more valid manner
This paper presents an alternative way to use records from safety investigations as a means to support the evaluation of safety management (SM) aspects. Datasets from safety investigation reports and progress records of an aviation organization were analyzed with the scope of assessing safety management’s role, speed of safety communication, timeliness of safety investigation processes and realization of safety recommendations, and the extent of convergence among SM and investigation teams. The results suggested an interfering role of the safety department, severe delays in safety investigations, timely implementation of recommendations, quick dissemination of investigation reports to the end-users, and a low ratio of investigation team recommendations included in the final safety investigation reports. The results were attributed to non-scalable safety investigation procedures, ineffective resource management, lack of consistent bidirectional communication, lack of investigators’ awareness about the overall organizational context, and a weak commitment of other departments to the realization of safety recommendations. The set of metrics and the combination of quantitative and qualitative methods presented in this paper can support organizations to the transition towards a performance-based evaluation of safety management.
As part of their SMS, aviation service providers are required to develop and maintain the means to verify the safety performance of their organisation and to validate the effectiveness of safety risk controls. Furthermore, service providers must verify the safety performance of their organisation with reference to the safety performance indicators and safety performance targets of the SMS in support of their organisation’s safety objectives. However, SMEs lack sufficient data to set appropriate safety alerts and targets, or to monitor their performance, and no other objective criteria currently exist to measure the safety of their operations. The Aviation Academy of the Amsterdam University of Applied Sciences therefore took the initiative to develop alternative safety performance metrics. Based on a review of the scientific literature and a survey of existing safety metrics, we proposed several alternative safety metrics. After a review by industry and academia, we developed two alternative metrics into tools to help aviation organisations verify the safety performance of their organisations.The AVAV-SMS tool measures three areas within an organisation’s Safety Management System:• Institutionalisation (design and implementation along with time and internal/external process dependencies).• Capability (the extent to which managers have the capability to implement the SMS).• Effectiveness (the extent to which the SMS deliverables add value to the daily tasks of employees).The tool is scalable to the size and complexity of the organisation, which also makes it useful for small and medium-sized enterprises (SMEs). The AVAS-SCP tool also measures three areas in the organisation’s safety culture prerequisites to foster a positive safety culture:• Organisational plans (whether the company has designed/documented each of the safety cultureprerequisites).• Implementation (the extent to which the prerequisites are realised by the managers/supervisors acrossvarious organisational levels).• Perception (the degree to which frontline employees perceive the effects of managers’ actions relatedto safety culture).We field-tested these tools, demonstrating that they have adequate sensitivity to capture gaps between Work-as-Imagined (WaI) and Work-as-Done (WaD) across organisations. Both tools are therefore useful to organisations that want to self-assess their SMS and safety culture prerequisite levels and proceed to comparisons among various functions and levels and/or over time. Our field testing and observations during the turn-around processes of a regional airline confirm that significant differences exist between WaI and WaD. Although these differences may not automatically be detrimental to safety, gaining insight into them is clearly necessary to manage safety. We conceptually developed safety metrics based on the effectiveness of risk controls. However, these could not be fully field-tested within the scope of this research project. We recommend a continuation of research in this direction. We also explored safety metrics based on the scarcity of resources and system complexity. Again, more research is required here to determine whether these provide viable solutions.
The integration of renewable energy resources, controllable devices and energy storage into electricity distribution grids requires Decentralized Energy Management to ensure a stable distribution process. This demands the full integration of information and communication technology into the control of distribution grids. Supervisory Control and Data Acquisition (SCADA) is used to communicate measurements and commands between individual components and the control server. In the future this control is especially needed at medium voltage and probably also at the low voltage. This leads to an increased connectivity and thereby makes the system more vulnerable to cyber-attacks. According to the research agenda NCSRA III, the energy domain is becoming a prime target for cyber-attacks, e.g., abusing control protocol vulnerabilities. Detection of such attacks in SCADA networks is challenging when only relying on existing network Intrusion Detection Systems (IDSs). Although these systems were designed specifically for SCADA, they do not necessarily detect malicious control commands sent in legitimate format. However, analyzing each command in the context of the physical system has the potential to reveal certain inconsistencies. We propose to use dedicated intrusion detection mechanisms, which are fundamentally different from existing techniques used in the Internet. Up to now distribution grids are monitored and controlled centrally, whereby measurements are taken at field stations and send to the control room, which then issues commands back to actuators. In future smart grids, communication with and remote control of field stations is required. Attackers, who gain access to the corresponding communication links to substations can intercept and even exchange commands, which would not be detected by central security mechanisms. We argue that centralized SCADA systems should be enhanced by a distributed intrusion-detection approach to meet the new security challenges. Recently, as a first step a process-aware monitoring approach has been proposed as an additional layer that can be applied directly at Remote Terminal Units (RTUs). However, this allows purely local consistency checks. Instead, we propose a distributed and integrated approach for process-aware monitoring, which includes knowledge about the grid topology and measurements from neighboring RTUs to detect malicious incoming commands. The proposed approach requires a near real-time model of the relevant physical process, direct and secure communication between adjacent RTUs, and synchronized sensor measurements in trustable real-time, labeled with accurate global time-stamps. We investigate, to which extend the grid topology can be integrated into the IDS, while maintaining near real-time performance. Based on topology information and efficient solving of power flow equation we aim to detect e.g. non-consistent voltage drops or the occurrence of over/under-voltage and -current. By this, centrally requested switching commands and transformer tap change commands can be checked on consistency and safety based on the current state of the physical system. The developed concepts are not only relevant to increase the security of the distribution grids but are also crucial to deal with future developments like e.g. the safe integration of microgrids in the distribution networks or the operation of decentralized heat or biogas networks.
Aanleiding De luchtvaart wordt steeds veiliger. Toch zijn er alleen al in Nederland jaarlijks zo'n 11.000 issues met luchtvaartveiligheid. Wereldwijd vinden er elke dag ongelukken plaats die leiden tot schade aan vliegtuigen. Om de veiligheid verder te verbeteren is er nieuwe internationale regelgeving opgesteld. Onder deze regels moeten de maatschappijen alle incidenten en ongelukken analyseren en zo veiligheidsrisico's identificeren nog voordat deze zich voordoen. Het probleem is dat kleine en middelgrote luchtvaartmaatschappijen onvoldoende vliegbewegingen maken om genoeg goede data hiervoor te hebben. Doelstelling De centrale vraag die de onderzoekers in dit RAAK-project willen beantwoorden: Wat is de relatie tussen veiligheidsmanagement en veiligheidsperformance van luchtvaartmaatschappijen? Het onderzoek wil kleine en middelgrote luchtvaartmaatschappijen helpen bij het meten van de veiligheid van hun bedrijf, zonder dat ze grote hoeveelheden veiligheidsdata tot hun beschikking hebben. Het onderzoek zal geschikte veiligheidsindicatoren identificeren, een longlist ontwikkelen met meetwaarden voor safetymanagement, en een shortlist genereren en valideren van bruikbare meetwaarden. Deze kennis wordt vertaald in een online dashboard voor de industrie, zodat de veiligheid objectiever beoordeeld kan worden. Beoogde resultaten Een concreet resultaat van dit project is een online dashboard waarmee kleine en middelgrote luchtvaartmaatschappijen hun veiligheid kunnen beoordelen, inclusief handleiding. Er zullen masterclasses veiligheid worden georganiseerd voor de luchtvaartindustrie. Het projectteam zal de opgedane kennis verspreiden via wetenschappelijke artikelen in relevante peer-reviewed tijdschriften, een website, presentaties bij bedrijven en tijdens bijeenkomsten, en een afsluitende conferentie.
In September 2018 a gaming dashboard is implemented and reviewed on effect at Jan de Rijk, Gebroeders Versteijnen and Merba. The dash board should give insight in the individual and team performance of employees in the their work processes through a gamesome modern visualisation‘In what way is it possible to design and apply ‘game design techniques’ and ‘game elements’ in performance dashboards, so that employees are constantly motivated to improve productivity, quality and safety of their individual proceedings and learning, so that the investment in gamification is profitable?’
