Designing for Failure
Reliability modeling, as well as an analysis of the failure modes of a design and their effects, is an integral part of every unmanned aircraft design process and they form the backbone of the certification audit trail. However, most of this takes place later in the design process; what decisions can be made at the layout design stage?
- • “Belts and braces”: should the aircraft be equipped with a ballistic recovery system? Should an expensive payload be designed to be jettisoned with its own parachute in case of a malfunction leading to a likely loss of the aircraft?
- • How to protect human operators? Can the layout be designed to prevent people on the ground from walking/reaching into rotating propellers? For example, could the propeller be ducted or surrounded by a “scaffolding” (booms, lifting surfaces, etc.) that forms a barrier? This may be a particularly important question in the case of UAVs designed to operate in close proximity of people, such as delivery drones or emergency response platforms.
• “Safe life” and “fail safe.” The well-documented failure of the design of the de Havilland Comet airliner in the 1950s constituted a turning point in aircraft design philosophy. A crack originating in the dense pattern of rivets in the part of the skin of the aircraft near an antenna cover led to catastrophic decompression and explosion of the pressurized cabin. The misjudgment of the safe life of the structure was compounded by the criticality of the failure; modern engineering practice seeks to design for graceful (noncritical) failure to cover for potentially inadequate factors of safety. Are there any concept-level topology design decisions that may guard against “unknown unknowns” in the sense that they reduce the criticality of a failure or operational mishap? For example, can the undercarriage be designed to prevent loss of a wing in case of excessive roll on landing? Can the layout of the aircraft prevent a prop strike in case a belly landing becomes necessary?