Whatever happened to the Chinook HC 3s?
Join Date: Oct 2000
Location: South Central UK
Posts: 254
Likes: 0
Received 0 Likes
on
0 Posts
Jacko,
I make no pretensions to being an expert but I suspect an 'N of one' would not cut the mustard statistically. Moreover, it would be interesting to hear knowledgeable estimates of how many hours would need to be flown to provide credible evidence that all was OK - risk wise.
lm
I make no pretensions to being an expert but I suspect an 'N of one' would not cut the mustard statistically. Moreover, it would be interesting to hear knowledgeable estimates of how many hours would need to be flown to provide credible evidence that all was OK - risk wise.
lm
Join Date: Mar 2005
Location: On the outside looking in
Posts: 542
Likes: 0
Received 0 Likes
on
0 Posts
Some thought on bits from above:
“The Chinook software risk is hypothetical, the TPs were happy with the aircraft.”
1. Risks aren’t hypothetical, they are real. You identify a consequence, and figure out its probability – there’s your risk. Just because a tp is happy, doesn’t make it safe.
“would not have happened under previous clearance standards (eg before the current Class 1 safety critical software assessment requirements WHEN WERE THESE INTRODUCED?), and would not be viewed as a problem by other operators”
2. So what happened to ‘current best practice’, UK law, etc etc? Just because someone else thinks its ok for them doesn’t have to mean it’s ok for us. If you are talking Def Stan 00-55 Iss 2, Aug 1997.
“(Boscombe merely identify the risks - the IPT then assess them and get the MAR signed”
3. Not quite right, Boscombe identify the risks, we assess the risks and advise the IPTL on how to mitigate the risks. The IPTL considers whether or not he is prepared to accept that level of risk.
“As to Risk Assessments - bit like statistics, you can prove anything”
4. You can prove anything with a nasty outcome has some probability. The skill is in showing that a credible hazard has an acceptable (or unacceptable) level of risk. Not quite the same.
“Moreover, it would be interesting to hear knowledgeable estimates of how many hours would need to be flown to provide credible evidence that all was OK - risk wise.”
Lots of hours, and for complex systems more time than has existed in the universe so far. If you have lots of inputs in lots of combinations it takes lots of time to work through them all. So, for software it is better to show that the way you have identified and mitigated the risks is sound AND that you have developed the software correctly. 2 quotes from learned people in the /sw business:
If you try and tell me that the probability of a software failure occurring in a system is one in a million, I’m very unlikely to believe you. If you tell me that there is no way that the software can fail, I’m much more likely to believe you because in the first case, you can’t have tested sufficiently to get that level of confidence, in the second you must have done something to be so sure that this is the case.
There are 2 ways of developing software. The first is to make it so simple, there are obviously no errors, the second is to make it so complicated that there are no obvious errors.
Unfortunately there is much more of the latter around than the former.
“There are a number of platforms with MARs carrying more real, more quantifiable risk.”
5. Firstly see 1 above. Secondly, if the risk is quantifiable, then a reasoned argument as to its acceptability can be made. The problem comes when you can’t quantify the risk. That’s when you are on thin ice.
sw
“The Chinook software risk is hypothetical, the TPs were happy with the aircraft.”
1. Risks aren’t hypothetical, they are real. You identify a consequence, and figure out its probability – there’s your risk. Just because a tp is happy, doesn’t make it safe.
“would not have happened under previous clearance standards (eg before the current Class 1 safety critical software assessment requirements WHEN WERE THESE INTRODUCED?), and would not be viewed as a problem by other operators”
2. So what happened to ‘current best practice’, UK law, etc etc? Just because someone else thinks its ok for them doesn’t have to mean it’s ok for us. If you are talking Def Stan 00-55 Iss 2, Aug 1997.
“(Boscombe merely identify the risks - the IPT then assess them and get the MAR signed”
3. Not quite right, Boscombe identify the risks, we assess the risks and advise the IPTL on how to mitigate the risks. The IPTL considers whether or not he is prepared to accept that level of risk.
“As to Risk Assessments - bit like statistics, you can prove anything”
4. You can prove anything with a nasty outcome has some probability. The skill is in showing that a credible hazard has an acceptable (or unacceptable) level of risk. Not quite the same.
“Moreover, it would be interesting to hear knowledgeable estimates of how many hours would need to be flown to provide credible evidence that all was OK - risk wise.”
Lots of hours, and for complex systems more time than has existed in the universe so far. If you have lots of inputs in lots of combinations it takes lots of time to work through them all. So, for software it is better to show that the way you have identified and mitigated the risks is sound AND that you have developed the software correctly. 2 quotes from learned people in the /sw business:
If you try and tell me that the probability of a software failure occurring in a system is one in a million, I’m very unlikely to believe you. If you tell me that there is no way that the software can fail, I’m much more likely to believe you because in the first case, you can’t have tested sufficiently to get that level of confidence, in the second you must have done something to be so sure that this is the case.
There are 2 ways of developing software. The first is to make it so simple, there are obviously no errors, the second is to make it so complicated that there are no obvious errors.
Unfortunately there is much more of the latter around than the former.
“There are a number of platforms with MARs carrying more real, more quantifiable risk.”
5. Firstly see 1 above. Secondly, if the risk is quantifiable, then a reasoned argument as to its acceptability can be made. The problem comes when you can’t quantify the risk. That’s when you are on thin ice.
sw
Last edited by Safeware; 13th Oct 2006 at 18:42. Reason: spool chick
Thread Starter
SW,
If it met (or would have met) previous standards, then the inference must be that while it's not good enough, it would have been good enough then.
And if it was good enough then, it must be within the "let the IPT decide if they're willing to accept the risk" basket now, surely?
Especially when as supporting evidence you have the bullishness of the TPs.
And an urgent operational need.
If it met (or would have met) previous standards, then the inference must be that while it's not good enough, it would have been good enough then.
And if it was good enough then, it must be within the "let the IPT decide if they're willing to accept the risk" basket now, surely?
Especially when as supporting evidence you have the bullishness of the TPs.
And an urgent operational need.
Join Date: Mar 2005
Location: On the outside looking in
Posts: 542
Likes: 0
Received 0 Likes
on
0 Posts
Jacko,
So, at the subsequent Board of Inquiry, the evidence supporting the RTS was the "bullishness of the tps"
No, can't see that one lasting long as a defence.
Mind you, not far behind would be the claim that
Like it or not, objective evidence is what is required. Counter evidence is very strong.
And stop calling me Shirley.
sw
Especially when as supporting evidence you have the bullishness of the TPs
No, can't see that one lasting long as a defence.
Mind you, not far behind would be the claim that
And if it was good enough then, it must be within the "let the IPT decide if they're willing to accept the risk"
And stop calling me Shirley.
sw
“Ah, but are those the criteria applied to every other type?”
The simple answer is, NO. The main reasons, in my experience, are political imperative and poor leadership permitting widespread inconsistency in the application of process and procedure in DPA and DLO (and Mod(PE) and ASML/AMSO before them). The two, politics and inconsistency, are related.
I would say however that Safeware (whom I don’t know) and his colleagues at Boscombe ARE and always have been extremely consistent with their advice – but as we know, they only advise and recommend, it is for the IPT to decide. I have always believed that if the IPT reject BD advice, they should give their reasons in writing and have the decision endorsed at XD level. That would force a degree of consistency. Others disagree.
As it stands, and I quote a real example, BD can declare a system unsafe, the IPT reject their advice, sign and pay off the contract, and offer an aircraft to the Service which is not airworthy or otherwise fit for purpose. And walk away. Then, another IPT, under the same XD, can be instructed to make the aircraft/system safe, paying the same company again to do what they should have done in the first place, using funds from their own programmes which must, if necessary, be chopped to pay for it. What were the politics? Don’t make waves on certain individuals’ projects, as they have been earmarked for greater things. Or, typically, don’t mess with me, I’m on the fast track scheme and could soon be writing your report.
Now that I’ve moved on to Mk3 (!), what was the political imperative of the day? In my opinion it was (a) Mull of Kintyre and (b) COTS. The Mull thread is full of verifiable facts which demonstrate the airworthiness process was flawed, perhaps due to political imperative. COTS and MAR are, in many ways, mutually exclusive concepts. Same people involved, so is it possible they were overly cautious and risk-averse on Mk3? They would be bricking it in case something they signed for went wrong. I’ve asked people to consider this question before, “Why were far more complex concurrent programmes delivered ahead of schedule, under cost and to a better performance by the same Directorate?” Answer that, learn from the lessons, apply that learning consistently (vitally important – MoD is full of lessons learnt papers, but few are implemented), and many of MoD’s procurement problems would disappear. However, the lessons are politically unacceptable. The main one was, do the proper thing, not what the bosses say. If we’d followed their instructions the aircraft wouldn’t be flying yet, at 3 times the cost. Kind of like Mk3 really.
The simple answer is, NO. The main reasons, in my experience, are political imperative and poor leadership permitting widespread inconsistency in the application of process and procedure in DPA and DLO (and Mod(PE) and ASML/AMSO before them). The two, politics and inconsistency, are related.
I would say however that Safeware (whom I don’t know) and his colleagues at Boscombe ARE and always have been extremely consistent with their advice – but as we know, they only advise and recommend, it is for the IPT to decide. I have always believed that if the IPT reject BD advice, they should give their reasons in writing and have the decision endorsed at XD level. That would force a degree of consistency. Others disagree.
As it stands, and I quote a real example, BD can declare a system unsafe, the IPT reject their advice, sign and pay off the contract, and offer an aircraft to the Service which is not airworthy or otherwise fit for purpose. And walk away. Then, another IPT, under the same XD, can be instructed to make the aircraft/system safe, paying the same company again to do what they should have done in the first place, using funds from their own programmes which must, if necessary, be chopped to pay for it. What were the politics? Don’t make waves on certain individuals’ projects, as they have been earmarked for greater things. Or, typically, don’t mess with me, I’m on the fast track scheme and could soon be writing your report.
Now that I’ve moved on to Mk3 (!), what was the political imperative of the day? In my opinion it was (a) Mull of Kintyre and (b) COTS. The Mull thread is full of verifiable facts which demonstrate the airworthiness process was flawed, perhaps due to political imperative. COTS and MAR are, in many ways, mutually exclusive concepts. Same people involved, so is it possible they were overly cautious and risk-averse on Mk3? They would be bricking it in case something they signed for went wrong. I’ve asked people to consider this question before, “Why were far more complex concurrent programmes delivered ahead of schedule, under cost and to a better performance by the same Directorate?” Answer that, learn from the lessons, apply that learning consistently (vitally important – MoD is full of lessons learnt papers, but few are implemented), and many of MoD’s procurement problems would disappear. However, the lessons are politically unacceptable. The main one was, do the proper thing, not what the bosses say. If we’d followed their instructions the aircraft wouldn’t be flying yet, at 3 times the cost. Kind of like Mk3 really.
Join Date: May 2006
Location: Gloucestershire
Posts: 403
Likes: 0
Received 0 Likes
on
0 Posts
Thread Starter
Can anyone confirm that fix-to-field is now signed?
Can anyone explain how Thales Top Deck will be validateable when the original software wasn't?
And in view of the VERY mixed reports about this, can anyone say which aircraft wasn't at Boscombe, and positively confirm where the eight are as of now?
Is there definitely not one in the US?
Is there no longer an aircraft at Odiham?
Have any HC2s flown with the big tanks?
Can anyone explain how Thales Top Deck will be validateable when the original software wasn't?
And in view of the VERY mixed reports about this, can anyone say which aircraft wasn't at Boscombe, and positively confirm where the eight are as of now?
Is there definitely not one in the US?
Is there no longer an aircraft at Odiham?
Have any HC2s flown with the big tanks?
Join Date: Oct 2006
Location: UK
Age: 52
Posts: 31
Likes: 0
Received 0 Likes
on
0 Posts
firstly, there is NO Hc3 at odiham. Secondly, it will be some time before we see an operational MK3. Of the 8 that were bought, most of the 'unused' ones were sent back to the us, very early after the initial afghan conflict, to fill a stopgap in the us army. This was a deal signed by the government, in a part exchange deal, as the US re desparate for them. Part of the deal, is the RAF was to be supplied with upgraded MK2's which had the larger tanks, and glass cockpit. As where this deal is currently at, no one knows, but seing has we had to 'rob' the Chinny from the falklands to meet other tasks, it shows how desparate we are for airframes at present. Overcommited?
Thread Starter
It's my understanding that Main Building fluffed the deal to PX the HC.Mk 3s, which was to have been a no-cost transfer of the HC3s to the US Army, with a subsequent no-cost transfer of new build MH-47Gs to replace them.
ukmil, I couldn't comment on the first and last two sentences of your post - but the rest of it is wrong!
The deal you mention was discussed some while ago, but as JN says it came to naught.
The deal you mention was discussed some while ago, but as JN says it came to naught.
Join Date: Feb 2001
Location: England
Posts: 27
Likes: 0
Received 0 Likes
on
0 Posts
Agreeing with the above i am afraid UKMil. The (face-saving?) 'deal' to get rid of the aircraft in 2002 was just water-testing by the USA and came of nothing. All 8 were still at BD in late 2005, the last flight having taken place in January of that year. There were even attempts to sell them to Middle East countries which fell through.