Jump to content
Join the Alien Search, login or register FREE on Aliens and Space Forum
Members Can Post Anonymously On This Site

Key Considerations When Developing Avionics for Safety-Critical Systems

NASA

By NASA
in NASA

 Share

Recommended Posts

  • Publishers
NASA Mentor

NASA

Posted
  • Publishers
Posted

This article is from the 2024 Technical Update.

Multiple human spaceflight programs are underway at NASA including Orion, Space Launch System, Gateway, Human Landing System, and EVA and Lunar Surface Mobility programs. Achieving success in these programs requires NASA to collaborate with a variety of commercial partners, including both new spaceflight companies and robotic spaceflight companies pursuing crewed spaceflight for the first time. It is not always clear to these organizations how to show their systems are safe for human spaceflight. This is particularly true for avionics systems, which are responsible for performing some of a crewed spacecraft’s most critical functions. NASA recently published guidance describing how to show the design of an avionic system meets safety requirements for crewed missions.

Background
The avionics in a crewed spacecraft perform many safety critical functions, including controlling the position and attitude of the spacecraft, activating onboard abort systems, and firing pyrotechnics. The incorrect operation of any of these functions can be catastrophic, causing loss of the crew. NASA’s human rating requirements describe the need for “additional rigor and scrutiny” when designing safety-critical systems beyond that done
for uncrewed spacecraft [2]. Unfortunately, it is not always clear how to interpret this guidance and show an avionics architecture is sufficiently safe. To address this problem, NASA recently published NASA/TM−20240009366 [1]. It outlines best practices for designing safety-critical avionics, as well as describes key artifacts or evidence NASA needs to assess the safety of an avionics architecture.

Failure Hypothesis
One of the most important steps to designing an avionics architecture for crewed spacecraft is specification of the failure hypothesis (FH). In short, the FH summarizes any assumptions the designers make about the type, number, and persistence of component failures (e.g., of onboard computers, network switches). It divides the space of all possible failures into two parts – failures the system is designed to tolerate and failures it is not.

screenshot-2024-12-12-at-9-58-01 am.png?

One key part of the FH is a description of failure modes the system can tolerate – i.e., the behavior exhibited by a failed component. Failure modes are categorized using a failure model. A typical failure model for avionics splits failures into two broad categories:

  • Value failures, where data produced by a component is missing (i.e., an omissive failure) or incorrect (i.e., a transmissive failure).
  • Timing failures, where data is produced by a component at the wrong time.

Timing failures can be further divided into many sub-categories, including:

  • Inadvertent activation, where data is produced by a component without the necessary preconditions.
  • Out-of-order failures, where data is produced by a component in an incorrect sequence.
  • Marginal timing failures, where data is produced by a component slightly too early or late.

In addition to occurring when data is produced by a component, these failure modes can also occur when data enters a component. (e.g., a faulty component can corrupt a message it receives). Moreover, all failure modes can manifest in one of two ways:

  • Symmetrically, where all observers see the same faulty behavior.
  • Asymmetrically, where some observers see different faulty behavior.

Importantly, NASA’s human-rating process requires that each of these failure modes be mitigated if it can result in catastrophic effects [2]. Any exceptions must be explicitly documented and strongly justified. In addition to specifying the failure modes a system can tolerate, the FH must specify any limiting assumptions about the relative arrival times of permanent failures and radiation-induced upsets/ errors or the ability for ground operator to intervene to safe the system or take recovery actions. For more information on specifying a FH and other artifacts needed to evaluate the safety of an avionics architecture for human spaceflight, see the full report [1].

View the full article

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Similar Topics

    • NASA
      Mechele Elliott Safeguards Agency Information Systems at Johnson
      By NASA
      As an IT security administrator at NASA’s Johnson Space Center in Houston, Mechele Elliott protects the information systems that support astronaut health and mission readiness.

      The encouragement of a family friend set her on this path, leading to a rewarding and somewhat unexpected career in human spaceflight.

      Mechele Elliott stands in front of a space shuttle cockpit mockup in the lobby of the Mission Control Center at NASA’s Johnson Space Center in Houston. Image courtesy of Mechele Elliott “While I was caring for my son during his cancer treatment—living in the hospital with him and supporting his recovery at home—a family friend who worked at NASA took notice,” Elliott said. “She quietly observed my strength, organization, and unwavering dedication to my son. One day she called and said, ‘Get your resume together.’”

      Elliott doubted she was qualified for a position at NASA, though the friend was certain she could learn and handle anything after caring for her son. “Her belief in me gave me the courage to take that first step—and it changed the course of my life.”

      The friend’s endorsement helped her land the position. Elliott was nervous at first, since she did not know much about NASA’s operations and had limited prior experience. With time and training, she grew more certain of the value she brought to the team.

      “Reflecting on the numerous personal challenges I have encountered has reinforced my confidence in my ability to overcome obstacles while maintaining a positive outlook throughout my journey,” she said. “I am proud to have successfully adapted and become a productive member of my team.” In her role today, Elliott safeguards NASA’s information systems. She develops, implements, and maintains security policies, procedures, and systems in the Human Health and Performance Directorate, ensuring compliance with federal and NASA-specific security standards. Her work includes managing access control protocols and responding  to security incidents.

      Mechele Elliott in the Neutral Buoyancy Laboratory at Johnson Space Center. Image courtesy of Mechele Elliott One of her most challenging tasks involved assessing, revitalizing, and implementing four outdated security plans through collaboration with a diverse team. “We successfully aligned the security plans with established standards and garnered commendations from NASA leadership,” she said.

      Outside of work, Elliott enjoys several hobbies that help her relax and maintain balance. She began painting at a young age and continues to find calm through her art. She is an avid gardener, in spite of the Houston summer heat, and feels fulfilled by the beauty of her flowers and sharing homegrown fruits and vegetables with her friends and family. She has also earned a reputation as an excellent baker. “I enjoy making cheesecakes for workplace celebrations and I’ve discovered that many of my coworkers enjoy this hobby of mine, as well!”

      Elliott is profoundly grateful for the opportunity to serve at NASA for over 25 years. Looking ahead to the agency’s future, she offers an important piece of advice to up-and-coming team members. “Remain authentic to yourselves, pursue your aspirations with determination, and uphold a commitment to excellence in all your endeavors.”
      Explore More
      7 min read Life After Microgravity: Astronauts Reflect on Post-Flight Recovery 
      Article 5 days ago 3 min read Jeni Morrison Continues a Family Legacy of Service at NASA 
      Article 7 days ago 3 min read NASA Seeks Industry Input on Next Phase of Commercial Space Stations
      Article 1 week ago View the full article
    • NASA
      NASA Awards Spaceflight Operations, Systems Organization Contract
      By NASA
      Credit: NASA NASA has awarded ASCEND Aerospace & Technology of Cape Canaveral, Florida, the Contract for Organizing Spaceflight Mission Operations and Systems (COSMOS), to provide services at the agency’s Johnson Space Center in Houston.
      The COSMOS is a single award, indefinite-delivery/indefinite-quantity contract valued at $1.8 billion that begins its five-year base period no earlier than Dec. 1, with two option periods that could extend until 2034. The Aerodyne Company of Cape Canaveral, Florida, and Jacobs Technology Company of Tullahoma, Tennessee, are joint venture partners.
      Work performed under the contract will support NASA’s Flight Operation Directorate including the Orion and Space Launch System Programs, the International Space Station, Commercial Crew Program, and the Artemis campaign. Services include Mission Control Center systems, training systems, mockup environments, and training for astronauts, instructors, and flight controllers.
      For more information about NASA and agency programs, visit:
      https://www.nasa.gov
      -end-
      Tiernan Doyle
      Headquarters, Washington
      202-358-1600
      tiernan.doyle@nasa.gov
      Chelsey Ballarte
      Johnson Space Center, Houston
      281-483-5111
      chelsey.n.ballarte@nasa.gov
      Share
      Details
      Last Updated Aug 28, 2025 LocationNASA Headquarters Related Terms
      Johnson Space Center Artemis Commercial Crew International Space Station (ISS) ISS Research Johnson Flight Operations Space Launch System (SLS) View the full article
    • Space Force
      Space Systems Command activates new Systems Delta
      By Space Force
      Space Systems Command activated a new Systems Delta to support the BMC3I Program Executive Office portfolio. This activation synchronizes acquisition efforts for critical space system capabilities and works together with Mission Deltas to improve mission readiness.

      View the full article
    • Space Force
      U. S. Space Force Space Systems Command, United Launch Alliance successfully launch USSF-106 mission aboard Vulcan rocket
      By Space Force
      Space Systems Command and United Launch Alliance's launch teams successfully completed the inaugural launch of a Vulcan Centaur rocket, carrying the U.S. Space Force-106 mission into geosynchronous Earth orbit.

      View the full article
    • Space Force
      Space Systems Command, United Launch Alliance launch USSF-106 mission aboard Vulcan rocket
      By Space Force
      Space Systems Command and United Launch Alliance's launch teams successfully completed the inaugural launch of a Vulcan Centaur rocket, carrying the U.S. Space Force-106 mission into geosynchronous Earth orbit.

      View the full article

  • Check out these Videos

×
×
  • Create New...