Error caused a UK air traffic control failure with a ‘1 in 15 million’ chance. System failure resulted in the cancellation of 1,500 flights, stranding thousands of travelers abroad. According to NATS, the technical glitch that triggered last week’s aircraft disruption in the UK was a “one in 15 million” occurrence.
Thousands of travellers were stuck on August 28 after 1,500 flights were cancelled during one of the busiest times of the summer season.
According to the service, the turmoil was triggered by a single flight plan that was not correctly processed by a component of its system, causing it to shut down immediately within seconds.
A new study issued by NATs on Wednesday (6 September) details how this highly rare incident occurred.
In a preliminary investigation released today, the UK’s National Air Traffic Services (NATS) identified the core cause of the failure.
Every flight that travels through a country’s airspace must be reported to the country’s national control center. These should be automatically shared with NATS controllers in the UK, who monitor the country’s sky.
According to the NATS assessment, the technical error was caused by a single flight plan with two identically titled but different waypoint markers outside of UK airspace.
A set of letters and numbers identify these waypoints, which indicate sites along an aircraft’s itinerary. The two identical sites in the faulty flight plan were separated by 4,000 nautical miles (7,408 km) but had the same name, leading the system to stop working for safety concerns.
“In these circumstances, the system could not reject the flight plan without a clear understanding of what possible impact it may have had. Nor could it be allowed through and risk presenting air traffic controllers with incorrect safety-critical information.”
NATS
A backup system also failed, resulting in no accurate information being given to air traffic controllers. This sequence of events occurred in less than 20 seconds.
Because of this, the service was unable to process flight plans automatically for several hours and had to resort to a slower, manual method. The number of plans NATS could manage per hour fell from 400 to 60, resulting in the cancellation of more than a fifth of flights.
The interruption affected around 250,000 people, and delays and cancellations continued for two more days when planes and crews were left stranded.
When asked what the chances of something like this happening were, NATS chief executive Martin Rolfe told the BBC it was “one in 15 million.” The malfunctioning system had processed 15 million flight plans in its five years of operation, and this was the first time this set of conditions had occurred.
This is also why engineers needed many hours to figure out how to remedy the problem.
Rolfe went on to say that the system did “what it was designed to do” by failing safely when it received data that it couldn’t process.
NATS says it has taken precautions to guarantee that the same error does not occur again, and it emphasizes that safety was never jeopardized during the occurrence.
Computer software testing 101: Test with good data. Test boundary conditions. Test with bad data. Sometimes, two out of three ain’t bad, but in this case, it just wasn’t good enough!