A literature review conducted as part of a research project named “Measuring Safety in Aviation – Developing Metrics for Safety Management Systems” revealed several challenges regarding the safety metrics used in aviation. One of the conclusions was that there is limited empirical evidence about the relationship between Safety Management System (SMS) processes and safety outcomes. In order to explore such a relationship, respective data from 7 European airlines was analyzed to explore whether there is a monotonic relation between safety outcome metrics and SMS processes, operational activity and demographic data widely used by the industry. Few, diverse, and occasionally contradictory associations were found, indicating that (1) there is a limited value of linear thinking followed by the industry, i.e., “the more you do with an SMS the higher the safety performance”, (2) the diversity in SMS implementation across companies renders the sole use of output metrics not sufficient for assessing the impact of SMS processes on safety levels, and (3) only flight hours seem as a valid denominator in safety performance indicators. At the next phase of the research project, we are going to explore what alternative metrics can reflect SMS/safety processes and safety performance in a more valid manner
DOCUMENT
As part of their SMS, aviation service providers are required to develop and maintain the means to verify the safety performance of their organisation and to validate the effectiveness of safety risk controls. Furthermore, service providers must verify the safety performance of their organisation with reference to the safety performance indicators and safety performance targets of the SMS in support of their organisation’s safety objectives. However, SMEs lack sufficient data to set appropriate safety alerts and targets, or to monitor their performance, and no other objective criteria currently exist to measure the safety of their operations. The Aviation Academy of the Amsterdam University of Applied Sciences therefore took the initiative to develop alternative safety performance metrics. Based on a review of the scientific literature and a survey of existing safety metrics, we proposed several alternative safety metrics. After a review by industry and academia, we developed two alternative metrics into tools to help aviation organisations verify the safety performance of their organisations.The AVAV-SMS tool measures three areas within an organisation’s Safety Management System:• Institutionalisation (design and implementation along with time and internal/external process dependencies).• Capability (the extent to which managers have the capability to implement the SMS).• Effectiveness (the extent to which the SMS deliverables add value to the daily tasks of employees).The tool is scalable to the size and complexity of the organisation, which also makes it useful for small and medium-sized enterprises (SMEs). The AVAS-SCP tool also measures three areas in the organisation’s safety culture prerequisites to foster a positive safety culture:• Organisational plans (whether the company has designed/documented each of the safety cultureprerequisites).• Implementation (the extent to which the prerequisites are realised by the managers/supervisors acrossvarious organisational levels).• Perception (the degree to which frontline employees perceive the effects of managers’ actions relatedto safety culture).We field-tested these tools, demonstrating that they have adequate sensitivity to capture gaps between Work-as-Imagined (WaI) and Work-as-Done (WaD) across organisations. Both tools are therefore useful to organisations that want to self-assess their SMS and safety culture prerequisite levels and proceed to comparisons among various functions and levels and/or over time. Our field testing and observations during the turn-around processes of a regional airline confirm that significant differences exist between WaI and WaD. Although these differences may not automatically be detrimental to safety, gaining insight into them is clearly necessary to manage safety. We conceptually developed safety metrics based on the effectiveness of risk controls. However, these could not be fully field-tested within the scope of this research project. We recommend a continuation of research in this direction. We also explored safety metrics based on the scarcity of resources and system complexity. Again, more research is required here to determine whether these provide viable solutions.
DOCUMENT
In the frame of an on-going 4-years research project, the Aviation Academy Safety Management Systems (AVAC-SMS) metric for the self-assessment of aviation Safety Management Systems (SMS) was designed based on the Safety Management Manual of the International Civil Aviation Organization and in cooperation with knowledge experts and aviation companies. The particularmetric evaluates three areas, namely (1) the degree of institutionalisation of SMS (design and implementation of processes), (2) the extent of managers’ capability to deliver the SMS processes, and (3) the employees’ perceived effectiveness of the SMS-related deliverables. The metric concludes with a score per area and per SMS component/element assessed, and it is scalable to the size and complexity of each organisation. Results of a survey at 18 aviation companies did not show statistically significant differences in their SMS scores across all three assessment areas but revealed a distance between the area of Institutionalization and the areas of Capability and Effectiveness. Also, differences were detected regarding the scores per SMS component and element within and across companies and assessment areas. The various assessment options offered for the AVAC-SMS metric accommodates the resources each SME and large company can invest in the application of the metric. Even the lowest level of resolution of the SMS metric can trigger companies to investigate further their weaker areas and foster their SMS-related activities. Therefore, the AVAC-SMS metric is deemed useful to organisations that want to self-assess their SMS and proceed to comparisons amongst various functions and levels and/or over time.
DOCUMENT
Restoring rivers with an integrated approach that combines water safety, nature development and gravel mining remains a challenge. Also for the Grensmaas, the most southern trajectory of the Dutch main river Maas, that crosses the border with Belgium in the south of Limburg. The first plans (“Plan Ooievaar”) were already developed in the 1980s and were highly innovative and controversial, as they were based on the idea of using nature-based solutions combined with social-economic development. Severe floodings in 1993 and 1995 came as a shock and accelerated the process to implement the associated measures. To address the multifunctionality of the river, the Grensmaas consortium was set up by public and private parties (the largest public-private partnership ever formed in the Netherlands) to have an effective, scalable and socially accepted project. However, despite the shared long term vision and the further development of plans during the process it was hard to satisfy all the goals in the long run. While stakeholders agreed on the long-term goal, the path towards that goal remains disputed and depends on the perceived status quo and urgency of the problem. Moreover, internal and external pressures and disturbances like climate change or the economic crisis influenced perception and economic conditions of stakeholders differently. In this research we will identify relevant system-processes connected to the implementation of nature-based solutions through the lens of social-ecological resilience. This knowledge will be used to co-create management plans that effectively improve the long-term resilience of the Dutch main water systems.
‘Dieren in de dijk’ aims to address the issue of animal burrows in earthen levees, which compromise the integrity of flood protection systems in low-lying areas. Earthen levees attract animals that dig tunnels and cause damages, yet there is limited scientific knowledge on the extent of the problem and effective approaches to mitigate the risk. Recent experimental research has demonstrated the severe impact of animal burrows on levee safety, raising concerns among levee management authorities. The consortium's ambition is to provide levee managers with validated action perspectives for managing animal burrows, transitioning from a reactive to a proactive risk-based management approach. The objectives of the project include improving failure probability estimation in levee sections with animal burrows and enhancing risk mitigation capacity. This involves understanding animal behavior and failure processes, reviewing existing and testing new deterrence, detection, and monitoring approaches, and offering action perspectives for levee managers. Results will be integrated into an open-access wiki-platform for guidance of professionals and in education of the next generation. The project's methodology involves focus groups to review the state-of-the-art and set the scene for subsequent steps, fact-finding fieldwork to develop and evaluate risk reduction measures, modeling failure processes, and processing diverse quantitative and qualitative data. Progress workshops and collaboration with stakeholders will ensure relevant and supported solutions. By addressing the knowledge gaps and providing practical guidance, the project aims to enable levee managers to effectively manage animal burrows in levees, both during routine maintenance and high-water emergencies. With the increasing frequency of high river discharges and storm surges due to climate change, early detection and repair of animal burrows become even more crucial. The project's outcomes will contribute to a long-term vision of proactive risk-based management for levees, safeguarding the Netherlands and Belgium against flood risks.
The integration of renewable energy resources, controllable devices and energy storage into electricity distribution grids requires Decentralized Energy Management to ensure a stable distribution process. This demands the full integration of information and communication technology into the control of distribution grids. Supervisory Control and Data Acquisition (SCADA) is used to communicate measurements and commands between individual components and the control server. In the future this control is especially needed at medium voltage and probably also at the low voltage. This leads to an increased connectivity and thereby makes the system more vulnerable to cyber-attacks. According to the research agenda NCSRA III, the energy domain is becoming a prime target for cyber-attacks, e.g., abusing control protocol vulnerabilities. Detection of such attacks in SCADA networks is challenging when only relying on existing network Intrusion Detection Systems (IDSs). Although these systems were designed specifically for SCADA, they do not necessarily detect malicious control commands sent in legitimate format. However, analyzing each command in the context of the physical system has the potential to reveal certain inconsistencies. We propose to use dedicated intrusion detection mechanisms, which are fundamentally different from existing techniques used in the Internet. Up to now distribution grids are monitored and controlled centrally, whereby measurements are taken at field stations and send to the control room, which then issues commands back to actuators. In future smart grids, communication with and remote control of field stations is required. Attackers, who gain access to the corresponding communication links to substations can intercept and even exchange commands, which would not be detected by central security mechanisms. We argue that centralized SCADA systems should be enhanced by a distributed intrusion-detection approach to meet the new security challenges. Recently, as a first step a process-aware monitoring approach has been proposed as an additional layer that can be applied directly at Remote Terminal Units (RTUs). However, this allows purely local consistency checks. Instead, we propose a distributed and integrated approach for process-aware monitoring, which includes knowledge about the grid topology and measurements from neighboring RTUs to detect malicious incoming commands. The proposed approach requires a near real-time model of the relevant physical process, direct and secure communication between adjacent RTUs, and synchronized sensor measurements in trustable real-time, labeled with accurate global time-stamps. We investigate, to which extend the grid topology can be integrated into the IDS, while maintaining near real-time performance. Based on topology information and efficient solving of power flow equation we aim to detect e.g. non-consistent voltage drops or the occurrence of over/under-voltage and -current. By this, centrally requested switching commands and transformer tap change commands can be checked on consistency and safety based on the current state of the physical system. The developed concepts are not only relevant to increase the security of the distribution grids but are also crucial to deal with future developments like e.g. the safe integration of microgrids in the distribution networks or the operation of decentralized heat or biogas networks.
