Sydney Airport problems again
From the ABC news web site.
Sydney domestic departure flights delayed reportedly due to air traffic control system Updated 5 minutes ago Some flights out of Sydney's domestic terminal are being delayed reportedly due to a problem with air traffic control systems. All airlines have been affected, including Qantas, Jetstar and Virgin. Hundreds of passengers are facing delays, including families heading out of Sydney for the start of the school holidays. Arrivals have been able to land but departures have been delayed. More to come. First posted 25 minutes ago |
Flight Planning software not aware of the change to Sydneys ICAO designator.
CC |
What is the change then ?
|
Air Services Australia said there has been a "system software failure".
Follow Sydney Airport ✈️ ✔ @SydneyAirport Flights are delayed due to an @AirservicesNews system issue. Please check with your airline for flight status. Thanks for your patience. 7:24 AM - Sep 25, 2017 The ABC understands the fault relates to the flight planning system. This feeds into the radar picture and without it, controllers cannot see which plane is which. It is also believed the data connection between Sydney and Melbourne is down. The Qantas departure board lists flights to Melbourne, Brisbane and Adelaide "delayed due ATC Radar Failure". |
Originally Posted by Checklist Charlie
(Post 9902763)
Flight Planning software not aware of the change to Sydneys ICAO designator.
CC |
IF an incident like this were to be properly investigated, a number of systemic faults would be revealed.
The whole reason for using radar is that you can "move" more aircraft in a given airspace with radar than you can do without it; you can reduce the separation standards to 3 miles because you can "see" the aircraft on the screen. BUT precisely because you are reducing the separation standards, the safety case of the use of radar must have a whole raft of safety mitigations built in so that no single failure can make aircraft less safe. Hence SYD is served by at least two different radar sensors which normally feed a common radar display processor but can also feed directly to each separate ATC console. Duplicated power supplies, duplicated communications paths etc etc exist to protect against failure. Airservices is supposed to maintain a safety case that demonstrates how safety is maintained in the event of the inevitable failures of component parts of the system. CASA are supposed to audit Airservices to ensure compliance. It follows that this "incident" demonstrates a failure of the safety system and of its oversight. But will ATSB, under the leadership of an Ex-ATC safety manager, truly get to the bottom of this foul up? |
Originally Posted by Advance
(Post 9902831)
IF an incident like this were to be properly investigated, a number of systemic faults would be revealed.
The whole reason for using radar is that you can "move" more aircraft in a given airspace with radar than you can do without it; you can reduce the separation standards to 3 miles because you can "see" the aircraft on the screen. BUT precisely because you are reducing the separation standards, the safety case of the use of radar must have a whole raft of safety mitigations built in so that no single failure can make aircraft less safe. Hence SYD is served by at least two different radar sensors which normally feed a common radar display processor but can also feed directly to each separate ATC console. Duplicated power supplies, duplicated communications paths etc etc exist to protect against failure. Airservices is supposed to maintain a safety case that demonstrates how safety is maintained in the event of the inevitable failures of component parts of the system. CASA are supposed to audit Airservices to ensure compliance. It follows that this "incident" demonstrates a failure of the safety system and of its oversight. But will ATSB, under the leadership of an Ex-ATC safety manager, truly get to the bottom of this foul up? |
Originally Posted by parishiltons
(Post 9902858)
The information provided so far does not necessarily suggest a failure of surveillance feeds, but is pointing to other factors. I can't see any safety failures here, ATC has prima facie responded to a reduction in system capability and capacity by moving traffic at rates that are safe commensurate with the status of the ATC system at any given point in time.
The safety management system and its oversight is intended to ensure that no single failure (or failure 'chain' consequent on a single failure) can prejudice the safety of any aircraft. The very fact that traffic handling is now limited is proof that whatever fault did occur, so limited traffic handling that aircraft in the airspace between the time of failure and the time at which the traffic numbers were reduced suffered a reduction in safety assurance. The safety system and its oversight is intended to preclude that situation. |
Australia, the best International Airport in a 3rd world country...White Africa.
|
Originally Posted by Advance
(Post 9902871)
Sir, you are missing the point. It does not matter in the slightest what actually failed. What matters is that a failure has occurred such the the system is so degraded that ongoing capacity is now limited - as you point out. But at the time of failure, there could have been more aircraft in the airspace around Sydney than could safely be managed without the radar. Had the failure happened at 0820 instead of 0520 for example?
The safety management system and its oversight is intended to ensure that no single failure (or failure 'chain' consequent on a single failure) can prejudice the safety of any aircraft. The very fact that traffic handling is now limited is proof that whatever fault did occur, so limited traffic handling that aircraft in the airspace between the time of failure and the time at which the traffic numbers were reduced suffered a reduction in safety assurance. The safety system and its oversight is intended to preclude that situation. Reduced traffic volumes do not mean a reduction in safety. In contrast, traffic volumes would be reduced as required to assure the maintenance of safety assurance in the absence of some element of ATC's technology. As for time of day - please bear in mind that Sydney ATC only manages the traffic in the vicinity of Sydney itself and typically only deals with traffic in the flight phase that is within 15-odd minutes from Sydney. The overlying and surrounding airspace is controlled from Melbourne and Brisbane. |
Originally Posted by 4 Holer
(Post 9902874)
Australia, the best International Airport in a 3rd world country...White Africa.
|
RodH - your question didnt get answered in the flurry of posts - sydney has not been ASSY for more than 20 years.
Australian airports are Y airports - YSSY - Sydney, YBBN - Brissie etc.. |
Perhaps I am not explaining the situation correctly.
(Another) system failure has occurred at Airservices Australia ATC to which the ATC response has been to reduce the amount of aircraft being handled so as to restore an appropriate level of safety. Consider the situation that would exist with the ATC system operating normally in the morning peak period. Then "this" (whatever) failure happens. If it is then necessary to reduce the amount of traffic in the air to restore a safe operation then by definition, in the time between failure and the actual traffic reduction, taking effect, there was more traffic in the air than could be managed with the requisite level of safety. If that statement was not true, then why reduce traffic? |
Originally Posted by Advance
(Post 9902891)
Perhaps I am not explaining the situation correctly.
(Another) system failure has occurred at Airservices Australia ATC to which the ATC response has been to reduce the amount of aircraft being handled so as to restore an appropriate level of safety. Consider the situation that would exist with the ATC system operating normally in the morning peak period. Then "this" (whatever) failure happens. If it is then necessary to reduce the amount of traffic in the air to restore a safe operation then by definition, in the time between failure and the actual traffic reduction, taking effect, there was more traffic in the air than could be managed with the requisite level of safety. If that statement was not true, then why reduce traffic? |
ParisHiltons, perhaps I have not explained my point clearly?
The Sydney ATC system has, this morning, suffered (another) failure to which the ATC response has been to reduce the volume of traffic so as to restore a level of safety. Now consider the situation that had the fault (whatever it was) happened at 0820 instead of 0520, with maximum aircraft in the airspace. By definition, in the period between failure and the reduction in traffic being achieved, there would be more traffic in the air than could be safely handled with the reduced functionality available to ATC. IF THIS STATEMENT IS NOT TRUE, WHY REDUCE TRAFFIC NUMBERS? Airervices are meant to maintain a safety management system that precludes this happening and CASA are meant to oversee the validity of that system. |
Originally Posted by Snakecharma
(Post 9902885)
RodH - your question didnt get answered in the flurry of posts - sydney has not been ASSY for more than 20 years.
Australian airports are Y airports - YSSY - Sydney, YBBN - Brissie etc.. Anyway what is the reply from checklist charlie? Or was he alluding to my typo? |
Maybe Rocket Man from North Korea hacked you..... Would not be to hard to do to White Africa ??
|
ASSY now partially corrected to YSSY
Managed to correct the typo in the post but not in the List of Aust.NZ etc.
How is that done? |
Rod -yes i think he was alluding to the typo
|
Originally Posted by Advance
(Post 9902896)
ParisHiltons, perhaps I have not explained my point clearly?
The Sydney ATC system has, this morning, suffered (another) failure to which the ATC response has been to reduce the volume of traffic so as to restore a level of safety. Now consider the situation that had the fault (whatever it was) happened at 0820 instead of 0520, with maximum aircraft in the airspace. By definition, in the period between failure and the reduction in traffic being achieved, there would be more traffic in the air than could be safely handled with the reduced functionality available to ATC. IF THIS STATEMENT IS NOT TRUE, WHY REDUCE TRAFFIC NUMBERS? Airervices are meant to maintain a safety management system that precludes this happening and CASA are meant to oversee the validity of that system. That just isn't possible to achieve without the delays you saw today. The entire point of radar and taaats is to allow more aircraft to be controlled than without... so clearly when something breaks, the capacity reduces dramatically and delays occur. |
I think what Advance is trying to convey here is that Airservices' SMS procedures should ensure that any single ATC system component failure should not result in the need for implementation of any reduction in airspace utilisation or capacity to maintain aviation safety. The fact that Airservices had to resort to implementing limits on traffic handling capacity indicates that their SMS approach had failed and that, in order, to continue to maintain adequate safety, traffic handling limits had to be imposed as a last resort. The question Advance is really asking is what was the level of safety available to in-flight pilots between the time the failure first occurred and the time that the traffic handling limits started to become effective.
|
NO mikethepomme. Rather the reverse. As I pointed out early in the chain, the whole point of having radar is to increase safe capacity beyond that available without radar. But in doing so it must be recognised that any failure may leave an unsafe, overcapacity situation. The safety case is intended to examine failure modes (FMEA) and ensure there are systemic redunancies and excess capacities so that a failure does not necessitate traffic reduction precisely because in the time it takes to actually reduce traffic there is an excess beyond safe capacity.
The FAA actually carried out an extensive study on the subject before they introduced ARTS I - what, back in the '50's. The latest info in the Sydney newspapers (they must be right??) is that the system failed to "uncombine" from night mode when called upon to do so, leaving but one console working. A software change is being blamed. So clearly the safety case justifying the change, if it was prepared at all, did not address the failure mode that eventuated. Sure, systems fail but safety is about ensuing the failure does not increase risk. |
Well if the case was an inability to decombine... then there should be no increased risk... as one controller would have been able to handle the workload on one console before the problem. Traffic would then get metered to make sure he could handle it during the problem.
Stopping departures, holding aircraft out etc. |
YSSY is really very ASSY.
|
Maybe they should have tried airplane mode instead
|
Advance, TAAATS is designed to fallback to 'degraded mode' where the existing radar picture doesn't really change that much, but the controllers lose much of the system automation. This is why one of the the first actions in the quick reference guide is to "stop departures". Sorting out existing airborne traffic, even at maximum capacity, is safely manageable. The system in 'degraded mode' isn't able to easily cope with new flights hence the severe restrictions placed on departing flights as soon as the failure becomes apparent. Consider this akin to "land at closest suitable airport". Hope this helps.
As far as causal factors I dare say that will take some time. |
Managed to correct the typo in the post but not in the List of Aust.NZ etc. How is that done? You can edit the title there. |
It does change it in the edit function but it still shows up as ASSY in the
Australia, New Zealand & the Pacific List of posts. It is corrected in the post itself but not in the master list. |
Power failure in SYD was the cause of it all.
Brilliant! |
Originally Posted by underfire
(Post 9905965)
Power failure in SYD was the cause of it all.
Brilliant! |
solar powered and shuts off at night.
|
I don't think Sydney is as bad as Brisbane. Or even Melbourne for that matter.
|
Originally Posted by Advance
(Post 9903011)
NO mikethepomme. Rather the reverse. As I pointed out early in the chain, the whole point of having radar is to increase safe capacity beyond that available without radar. But in doing so it must be recognised that any failure may leave an unsafe, overcapacity situation. The safety case is intended to examine failure modes (FMEA) and ensure there are systemic redunancies and excess capacities so that a failure does not necessitate traffic reduction precisely because in the time it takes to actually reduce traffic there is an excess beyond safe capacity.
The FAA actually carried out an extensive study on the subject before they introduced ARTS I - what, back in the '50's. The latest info in the Sydney newspapers (they must be right??) is that the system failed to "uncombine" from night mode when called upon to do so, leaving but one console working. A software change is being blamed. So clearly the safety case justifying the change, if it was prepared at all, did not address the failure mode that eventuated. Sure, systems fail but safety is about ensuing the failure does not increase risk. The issue was of the 2 LAN connectors, when one fails the other takes over, in this case, path A didnt fail gracefully, it kept sending messages, so many in fact that the Sydney partition became overloaded, then the melbourne system, then the brisbane system. It was a very unusual failure, one that hasnt happened before anywhere in the world that has run Eurocat. What this meant was that positions couldnt be moved split or whatever; resulting in curfew setup continuing beyond curfew period. Safety was never effected. Radar was never effected. The ability to process more than say 10 arrivals an hour was impacted. Literally zero of your suppositions in this thread that you have raised are even close to correct. |
Best you learn to spell "affected" correctly:
lest you make yourself look like a fool |
Well at least I am not speculating and talking out my ass pretending to know ****.
I think that what he is trying to say is, when something fails, ATC should be able to process the exact same amount of traffic as if it hadnt failed. You know like when planes lose an engine they fly exactly the same profile right? If path 1 (of 2) fails and you are now operating on your backup path, you dont use it the same as if you had redundancy, that is crazy, you dont know why it failed, and you are just going to assume its ok to keep using at max capacity, what if the same failure occurs and you are at max rate.. such a stupid position to maintain. The SMS is to reduce traffic levels until the system returns to normal so you can return to normal levels of traffic. I dont know how you have it in your head that the SMS failed. The SMS that was implemented worked, people got delayed, everyone landed safely who could get a slot, internationals got prioritized short of inconveniencing some people the failure was handled well. The radar wasnt effected, btw SY gets a mosaic of about 7 radar feeds, but if the TAR gets lost or degraded things will get slow down. Slowing the rate is a perfectly logical and safe way to implement the SMS, if you are serious that you think that regardless of fault the rate shouldnt change, you are being entirely unrealistic. Planes dont have a back up engine they can whack on the wing when one fails, you cant expect to operate like normal when dealing with a failure. If you need this explained to you any further Advance, you are just being obtuse. |
Originally Posted by josephfeatherweight
(Post 9925623)
Best you learn to spell "affected" correctly:
Perhaps you mean to correct his grammatical use of effected vs affected, not a spelling error. |
Originally Posted by josephfeatherweight
Best you learn to spell "affected" correctly:
Originally Posted by rjtjrt
(Post 9925649)
He did spell "effected" correctly.
Perhaps you mean to correct his grammatical use of effected vs affected, not a spelling error. |
Originally Posted by das Uber Soldat
(Post 9925812)
This boys and girls, is why I don't hang out with pilots.
|
Oh Dear
Duane
Was the aggressive tone of your emails really necessary? This forum is successful because, generally, it operates on mutual respect. If Advance is who I think he is, then you might be surprised as to how much he knows about ATC and Eurocat. Give respect and you will then receive respect. If you can't do that, then get off these fora |
Originally Posted by QSK?
(Post 9926224)
Duane
Was the aggressive tone of your emails really necessary? This forum is successful because, generally, it operates on mutual respect. If Advance is who I think he is, then you might be surprised as to how much he knows about ATC and Eurocat. Give respect and you will then receive respect. If you can't do that, then get off these fora |
All times are GMT. The time now is 06:02. |
Copyright © 2024 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.