A word from the Editor-in-Chief.

The importance of considering the particular features of the facilities that ensure redundancy of functional units is demonstrated in the context of design for dependability. With the growth of the number of types and quantity of involved elements the process of dependability calculation becomes more complex and time-consuming. Therefore, in order to simplify the calculations, assumptions are made. For instance, in redundant systems heterogeneous elements are used. However, this approach does not allow evaluating the dependability of a system that features essentially different elements.

The paper considers systems that include a random number of essentially different elements with cold redundancy. As a possible solution to the above problem, a method was developed and mathematically justified that allows representing in matrix form an analytic expression for calculating the probability of no-failure. It is shown that in this case a numeric evaluation of dependability is possible using rough computation with integration and differentiation.

The degree of approximation of such calculations is proposed to be defined by both the accuracy of the computer itself and the complexity of the system under consideration. In the context of design for dependability, when the process of recalculation is performed repeatedly this drawback is critical. In order to reduce the time of dependability calculation of the system under consideration, as well as to increase the accuracy of the results, the paper suggests a method of analytical solution for PNF calculation. As a result, the design mechanism of cold standby systems can be simplified, while their dependability evaluation can be done more accurately.

Therefore, in order to calculate the PNF of systems with a random number of elements in general by means of the numerical method, it is proposed to perform the number of serial integrations of the product of the function and derivatives an entity less than the number of the system elements. Given the particular nature of computer calculation and algorithm recurrence, PNF calculation of a system of as much as 5 or more elements may take significant time, while cumulated calculation error is inevitable.

The practical details of the task related to ensuring spacecraft operational stability under environmental effects are characterized by the importance of the factor of prompt decision-making regarding the generation of control signal aimed at ensuring homoeostasis of the onboard systems performance. The paper mathematically substantiated a method of representing an analytic expression for PNF calculation for a system of any number of elements in cold standby. Such representation can be used for mapping data in computer memory. Under known matrix coefficients this representation will allow avoiding integration and differentiation in PNF calculation, which significantly reduces calculation time and increasing the accuracy of the results. 

Significance of the problem. The design of the activity of intense (extreme) profession members is due to the requirement to master new and previously unknown areas of industry and life. In the history of aviation, the matters of critical importance and calculation of required and sufficient properties of pilot and flight crew have been a subject of never-ending research for the purpose of regulation in the context of air transport operation. Up to the present moment, domain knowledge, theory and methods that would take into consideration the differences in the properties for standardization in flight operation management remain undefined. This problem of undefined domain knowledge and shortage of methods of calculation of the characteristics of civilian pilots and flight crew members are considered as extremely severe and still unsolved in the operation of civilian air transportation. Thus, the set of problems, the requirement for finding and developing new knowledge consists in the restriction of the available theories and methods of formalization, calculation of properties and management of human dependability. The relevance of this subject matter is reflected in fundamental and applied research conducted in Russia and abroad. This paper sets forth the primary definitions of dependability of intense profession members using the example of a commercial pilot. Definition of the problem of pilot dependability.Time scale is the universal foundation for the partition of the scope of the human operator (pilot) dependability concept. The primary property of human activity is the category of purpose. Purpose can be evaluated in structured subsumption of the concept of dependability. The technical substance of the category of purpose is structured with the definition of the nominal description of the objects: pilot (P), vehicle or aircraft (AC) and selected activity environment (E). The paper formalizes the definition of the human activity dependability problem. Axiomatics of pilot resource properties.The diverse nature of the human properties constitutes the fundamental problem of their description and standardization for the purpose of activity standards development. The properties have similarities, differences and independence. The paper sets forth axioms as the premises of the human resources theory under development. The premises are stated as axioms of equivalence, independence and completeness of properties, parameters and indicators of pilot resources. The practical significance of the axiomatics of the pilot resources properties consists in the fact that their formalized description allows obtaining algorithms for automated and expert technologies for flight operation management.Below are the formalizations of dependability definitions. Conclusion. The theoretical definitions of management efficiency and guaranteed management efficiency establish the concepts of discernibility of the space of successful activity outcomes. The axiomatics of pilot properties allow overcoming the fundamental difficulty of formalized description of the diverse nature of human properties and enables reliable consideration and calculation of the states for the purpose of flight operation management. The paper sets forth the definitions of pilot purpose, pilot dependability and dependability of three different kinds, i.e. individual, professional, operational, based on a fundamental temporal base of observation. 

Aim. The paper examines one of the possible ways of improving the reliability of professional psychological selection of air traffic controllers using diagnostic methods based on not subjective, but rather objective principles. Methods. The research used the following: Tobii REX fixed eye tracker and a specialized computer product developed by the All-Russian Scientific Research Institute of Radio Equipment and intended for the analysis of various aspects of eye movements in the process of exercise, as well as a range of psychodiagnostic methods: level of subjective control identification test, Buss-Durkee Hostility Inventory, ММ-1 socionic test, H.J. Eysenck’s intelligence test, H.J. Eysenck’s personality inventory test, ММYa-1 general mode test, K. Thomas’ conflict mode questionnaire and the Prognoz questionnaire for neuropsychicstability evaluation of experimental subjects. Statistical processing of the findings was done using the Bravais-Pearson correlation coefficient and Pearson’s chi-squared test. Results. The experiment involved 48 third year students of the Saint Petersburg State University of Civil Aviation (SPBGU GA) majoring in Organization of Airspace Management. In terms of its psychological characteristics, the group is quite typical for this major of SPBGU GA. The results of psychodiagnostics do not correlate well with the results of this experiment, while among each other, in general, they match the theoretical assumption. The lower the neurotism which characterizes the balance of the nervous system, the better is the neuropsychicstability. The better is the neuropsychicstability, the higher the internality of any kind, especially general internality and internality for failure. People with good neuropsychicstability are also less inclined to aggressive behaviour, both in general as regards all of its kinds, and especially self-aggression. As expected, subjects with high levels of general internality turned out to be positively not inclined to such type of behaviour in conflict as “avoidance” that is the quintessence of irresponsibility. Also, people with high internality turned out to be not inclined to aggressive behaviour. The experiment exposed quite contradictory patterns of eye movement in the subjects. Conclusions. All the findings are of certain interest. Therefore, despite them being somewhat contradictory, it appears to be advisable to continue the research using the Tobii REX eye tracker. The identified shortcomings in the experiment organization allowed making corrections to the plan of further research based on the use of the Tobii REX eye tracker and aimed at improving the reliability of professional psychological selection. 

Aim. Technical systems are becoming more and more complex. An increasing number of technical systems contains electronic equipment and software, thus their functional safety is of utmost importance. The safety integrity level is defined by a discrete number that characterizes the set of measures against random and systematic failures depending on the specified risk reduction requirements. The concept of safety integrity levels (SIL) was developed as part of various systems of standards. While the safety architecture of a system is considered, the main question arises: how systems with higher SIL are made out of components and subsystems with low SIL. The answer to that question will allow using existing and certified components in the development of systems with specified safety integrity levels, probably with higher SIL than the SIL of the components. Methods. The paper analyzes and compares the existing rules of system combination with safety integrity levels set forth in various functional safety standards, e.g. EN 50126/8/9, ISO 26262, IEC 61508, DEF-STAN-00-56, SIRF and the Yellow Book. Beside the tolerable failure rates, the system design requirements must make provisions for combining low SIL subsystems to make higher SIL systems. The widest set of methods is defined for SIL 4 compliance. However, this set of methods cannot be reworked for all possible systems into a simple rule for the combination of systems with lower SIL into systems with higher SIL. In general, the combination of systems into a serial structure will make a system with the safety integrity level equivalent to the lowest subsystem safety integrity level. Tentatively, we can assume that by combining two subsystems with the same safety integrity level we can create a system with a safety integrity level one step higher. Results. It is shown that the general SIL allocation rule established in the DEF-STAN-00-56, the Yellow Book or the SIRF standards cannot be recommended for all countries and any situations. Failure rate and/or observation intervals must be taken into consideration. Its is proven that general rules can only be given for subsystems connected in parallel and some SIL combinations (see e.g. the Yellow Book, SIRF). In each case common failures must be taken into consideration. The general rule may be as follows: in order to achieve system SIL one level higher than the initial level, two component subsystems with the SIL one level lower must be connected in parallel. Other system architectures must be thoroughly studied. 

Aim. Rolling stock derailment is one of the most hazardous transportation incidents. Depending on the gravity of the consequences they may also be classified as accidents or train wrecks. The consequences of a derailment may vary from routine maintenance of the track and one or two wagons to an overhaul of the track and depot repairs of three or more wagons, as well as loss of cargo and long interruption of service. It must be noted that beside the damage to infrastructure and rolling stock caused by derailments there is a risk of environmental disaster. The Russian Federation along with the US, China and India has some of the world’s longest rail networks that in places border with environmentally sensitive areas, e.g. national reserves and parks. Therefore, if a train carries hazardous cargo, e.g. gasoline or toxic gases and some of its wagons derailed, the harm related to the repair or decommissioning of rolling stock, track and possible loss of cargo may be aggravated by the damage caused by an environmental disaster that would cause great material losses to JSC RZD. In this context it appears to be of relevance to evaluate the functional dependency between the potential number of cars derailed and various factors, e.g. speed or amount of cargo carried by the train, for subsequent preparation of recommendations for the reduction of the potential number of derailed cars and, subsequently, reduction of possible harm. Methods. Probability theory and mathematical statistics methods were used, i.e. maximum likelihood method, negative binomial regression. Results. For various groups of incidents, i.e. derailment as the result of wagon or locomotive unit malfunction out of switch, derailment as the result of rail malfunction out of switch, derailment at a switch not caused by previous derailment, specific functions of the average number of derailed wagons are identified. The paper shows a formula that allows – under a defined set of various factors, e.g. train speed, plan and profile of track, length and mass of the train – identifying the distribution series of the number of derailed wagons. Conclusions. The preliminary analysis of available Russian freight train derailment records it was shown that for various groups of transportation incidents the descriptive statistics of respective samples significantly differ, which is also the case for the US records. The construction of a functional dependence between the average number of derailed wagons and various traffic factors due to malfunction of wagons or locomotive units out of switches, it was identified that the available records do not suffice to forecast the number of derailed wagons in tangents. Mathematical models with a low superdispersion parameter were constructed for derailments due to track malfunction out of switches and derailments at switches. 

Gnedenko Forum.