Lecture 23 - The Art of Systems

Engineering

1
 The State of Systems Engineering
Education
• Most of what we teach in Systems Engineering is process
• Easy to understand why
– Engineers like process and find it easy to teach
– Can easily tell when we’ve accomplished the goal
– DOD/NASA contracts require it
• These processes are good and are an important part of engineering
systems
– All systems engineering practitioners should be knowledgeable in them
• Good Systems Engineering consists of more than process
– There is an art component to systems engineering
– But it is hard to define
• Purpose of this talk is to discuss the characteristics of the art of
systems engineering and how we might teach it
• I’m going to use a lot of aviation examples because there is more
volume in aviation than in space and so greater opportunity for
examples
– The concepts are all applicable to any kind of systems development
whether aviation, space, telecommunications, energy, etc….

2
 Example Processes We Teach
• Requirements Development Functional Decomposition
and Allocation
• Requirements Traceability and Verification
• Design Review and RID processing
• Hazard Analysis
• Risk Management
• Configuration Management and Change Control
• Mass Properties Management
• Interface Control
• Trade Studies Management and Analysis of Alternatives
• Technical Performance Metrics and Key Performance
Parameters
• Architecture definition and frameworks
• Technology Readiness Levels
• Natural and Induced Environments definition
3
 The two halves of systems
engineering
• You need to use both halves of your brain to perform
systems engineering
– There is a left half brain part that is about being
compulsive about identifying requirements,
decomposing them, tracking their verification, etc…
• The PROCESS of systems engineering
• Mike Griffin, former NASA administrator, calls this the
systems management part of systems engineering
– There is a right half brain part that is about intuitively
inquiring about and understanding how all the parts of a
complex system interact and engineering them to
interact in desirable and predictable ways
• This is the ART of systems engineering
• Griffin called this the technical leadership part of
systems engineering
4
 Hygiene
• I view the compulsive stuff as good hygiene – it will keep
a healthy project healthy, but it can’t really cure a project
that is ill with real problems
• I call it my “washing your hands after going to the
bathroom” analogy
– Washing your hands after you go to the bathroom will
help keep you healthy
– But if you have cancer, you need more serious
intervention to fix fundamental issues
• Similarly in projects, if you have a good engineering
approach keeping track of all those processes will keep
things healthy
• But if you have a bad engineering approach, you can run
processes all day long and it isn’t going to fix the
fundamental problems

5
 Joint Strike Fighter

Lift
fan

Direct
lift
nozzles

Boeing X-32 6
Process Versus Art ? Lockheed Martin X-35
 X-32 versus X-35
• Competition for the Joint Strike Fighter may represent a case study in
process versus art
• As best I can piece together, both designs met all the requirements and were
well engineered
– X-32 was optimized to meet all the requirements with the specified
margins – did not have additional potential –
• Total execution of process to deliver the minimum cost and minimum
risk vehicle to meet the requirements
• Direct lift was not the most efficient propulsion technique but it was
low cost/ low risk because it was used in a previous product – The
Harrier
• Design led in some ways to a non-traditional “look” for a fighter
– X-35 had significant additional growth capability over the required margin
but it required use of a new high risk technology (lift fan)
• To some, X-35 was a more appealing mold line (outer shape) and
represented more of a fighter configuration
• In the end, the DOD selected X-35
– I don’t know if there were other overriding factors , but I would argue that
it may have been a victory of art over process
– Lockheed went beyond the requirements and found a design that met the
requirements but included capability beyond the requirements
– Lockheed understood that the requirements were a minimum and that the
vehicle had to look like a fighter and be prepared to dela with future
unknowns
7
 How do we teach art ?
• Elements of style
• Reviewing the work of masters
• Lots of practice and critique on smaller
scale projects
– Learn to develop techniques on small scale
before going to larger scale

Remember this from high school ?

8
 Seven Elements of Style in Systems
Engineering
• Robustness
• Elegance
• Balance
• Growth Capability
• Visibility
• Reasonableness
• Complexity

9
 Robustness
• Sensitivity to the boundary conditions
• Does the system gracefully degrade or is there nonlinear
behavior at the boundary conditions
– Sensitivity analysis
– Awareness of non-linear relationships
• Characteristics that contribute to robustness
– Margin
– Fault tolerance
• We can teach robust design techniques
More robust
Less robust
Cost Cost
function function

Operating Operating 10
condition condition
 Saturn V
• Original Saturn V first and second stage
designs met all known requirements with
four engines
• Von Braun’s team at Marshall Space Flight
Center added a fifth engine to first and
second stage for margin
– Fifth engine added in center – minimum
impact as it did not have to be
gimballed (swiveled) for steering
• Apollo would not have been possible if that
performance had not been available as
mass in the command/service module and
lunar module grew
– Additional performance also enabled
more science content in the later Apollo
J missions
• Very similar to Lockheed Martin’s decision
to use lift-fan on X-35
– You’ve got to know when you need to
make the design more robust
11
 Robustness doesn’t have to cost weight,
or large money investment
• The X-38 lifting body control system design was completely computer controlled –
fly by wire
• As initially designed, the zero voltage output from the aero surface command
electronics resulted in the body flaps all the way down and the highest output
voltage resulted in them all the way up.
• We discovered that if the electronics lost power, that they would fail to a zero
output
• During the design, we asked what if we set up the actuator electronics so that the
aero surface position for trim flight would result when receiving a zero output from
the electronics
– Needed to put some resistors in the interface between the command channel and the
actuator
– This would minimize the disturbing forces from a surface if the command
electronics lost power
• In simulation, we found that the vehicle could fly on one body flap if the other was
in trim. It could not if the flap was ll the way hard down
• We then channelized the left and right body flaps into different command
electronics channels – we had to have two channels anyway because we had four
surfaces and could only put two surfaces in each command channel electronics
• We discovered that we could do the same thing with the rudders
• Result was that a single string flight control system could withstand failure of any
one of it’s command electronics channels and still maintain stable flight
– Single fault tolerance out of a non-redundant system !
12
X-38 controls

13
 Right Fails hardover
Ch 1
Rudder

Left Fails Hardover

Unit A Ch 2
Rudder

Right Operational
Ch 3
Flap
Unit B
Operational
Left Original System Response to Unit A
Ch 4
Flap Failure

Right
Ch 1 Fails to trim
Rudder
Unit A
Left
Ch 2 Fails to middle of range
Flap

Left Operational
Ch 3
Rudder
Unit B
Right Operational
Ch 4
Flap Re-channelized System 14
Response to Unit A failure
 Elegance
• Does the design reflect simple unifying
solution OR
• are there a series of special solutions
(kludges) which are required for special
conditions within the normal operating
envelope
• Awareness and avoidance of singularities

15
 Balance
• Unbalanced designs rarely are world beaters
• A balanced design is where all of the disciplines are
considered and work together
– Even in balanced design, some disciplines are more important
than others
• The nature of discipline engineering makes it a challenge
to achieve balance (see cartoon next page)
• This is why it is vitally important for systems engineers to
know what is important in a given design
– Not all elements of the design get the same attention or need the
same amount of rigor
• In a world of limited resources it is important to “sharpen your
pencil” only on the important areas of the design
– However all elements must be considered to ensure that they
are working together instead of against each other
16
 Growth Capability - Scalability , and
Extensibility
• Scalability – can the design be grown to handle larger amounts of its
current function
• Extensible – can the design be grown to provide additional
functionality
• The difficulties of delivering designs on cost and schedule results in a
tendency towards closed designs which cannot be grown or extended
• Techniques exists to help maintain scalability, extensibility and growth
capability
– Built on standards – particularly on interfaces
– Monitoring and managing margins during development
– Having growth targets
– Hooks and scars to extend capability
• Hooks – a provision in hardware to allow future growth or additional capabilities
• Scar – a provision in software to allow future growth or additional capabilities
– Awareness of the physics based limitations
• Usually through modeling

17
 Visibility
• Most systems are inherently invisible
– Especially software intensive systems
• Systems engineer must recognize this
nature and design in visibility
– Instrumentation
– Alerts and warnings, displays and controls
– Access points for viewing system internal
functioning during verification
– Models that predict system function that are
verified by test
18
 Lack of Visibility Examples
• At least two Airbus crashes have been blamed on confusion
between what the pilot thought the system was doing and what the
system was actually doing
– In one crash, the pilot thought the aircraft was in Takeoff Go
Around mode (TOGA) and the aircraft crashed
– In one crash, the pilot was attempting a landing and the system
was accidentally switched to TOGA mode
• Three Mile Island was also a case of system functioning being
invisible to the operator
– Operators thought water level high
– In fact water level was so low that core was almost exposed
• Learning how to make the system visible and building it so that its
behavior is natural and instinctive for humans is a critical part of
good systems engineering

19
 Reasonableness
• Technology moves ahead both in gradual evolution and
rapid revolution
• Evolution involves design principles and technology with
good heritage
• Revolution involves new design principles and
technologies
• When attempting both evolutionary and revolutionary
progress, it is really important to apply reasonableness
tests
– For evolution – can ask about design principles and heritage of
technology
– For revolution – have to ask about experience in smaller scale
and the theoretical-model based analysis and predictions
• The history of technological progress is littered with
ideas whose promise was so appealing that the analysis
which showed that the idea was impractical was ignored
20
 Reasonableness
The Spruce Goose
By far the biggest airplane ever
built, the H-4, also known as the
Hercules, had a wingspan of 320
feet--20 feet longer than a
football field. It had enough
R101 cargo space to carry two
railroad boxcars. It had eight
massive engines with 17-foot
propellers. It weighed 300,000
pounds. And it was made of
wood
Crew: 45
It only ever flew once at low
Capacity: 100
Length: 777 ft in (237 m) altitude for about a mile….
Diameter: 131 ft in (40 m) From www.straightdope.com
Volume: 5.5 million ft³ (160,000 m³)
Useful lift: 100,000 lb (45,000 kg)
Powerplant: 5 × Beardmore MkI
Tornado 8 cylinder diesel 585 hp (436 kW) each
Hindenburg was eventually built larger by Germany but only
after many several smaller dirigibles. The R101 was UK’s first attempt at a dirigible 21
• Nuclear powered airplane X-33
pursued in the 1950’s Idea was single stage to orbit
• Prototype built – idea was Required the structural
unending flight efficiency greater than that of a
• soda can while subjected to
Never practical – nuclear
thermal, aerodynamic, inertial
reactors are nowhere near
and internal pressure loads
the efficiency of aircraft
power plants and the
shielding weight is
prohibitive

22
 Complexity
• Managing complexity is one of the key
aspects of the ART of systems
engineering
• Understanding and avoiding overly
complex solutions is critical
• Establishing clean interfaces which
minimize interaction between components
is a critical skill
• Establishing layers in defining a system is
one of our best techniques
23
 Reviewing the work of masters
• Air Force Institute of Technology (AFIT) Center for
Systems Engineering (CSE) – excellent case studies -
http://www.afit.edu/cse/cases.cfm
– B-2, C-5A, F-111, GPS, Hubble Space Telescope, Peacekeeper,
Theatre Battle Management System
• Johnson, The Secret of Apollo, Systems Management in
the American and European Space Programs
• Bugos, Engineering the F-4 Phantom II, Parts into
Systems
• Chiles, Inviting Disaster, Lessons from the Edge of
Technology
• Mishap reports – NASA Office of Logic Design -
http://klabs.org/reports.htm#failure_reports

24
 Develop techniques on small scale
projects
• Artists don’t start out creating a great masterpiece in their first
painting or sculpture
• Why do we think that systems engineers can start out succeeding
on large scale projects
– There is only so much that you can learn as an apprentice
carrying the master’s paints
– Apprentice training is our major training technique when we
assign systems engineers to large projects
• Need to have projects where the skills and techniques can be
developed
• Big things can evolve out of this approach
– New Mission Control Center with > 250 computers in a
distributed system grew out of a core set of software developed
by a small number of young people working on 4 computers
• Only requirement is that the problem contain the real issues

25
 Conclusion
• The ART is a key part of Systems
Engineering
• We can define the elements of style,
masters to follow and teach how to
develop techniques in the small
– This briefing is an attempt to define some of
the key elements
• Learning how to teach and incorporate
ART is the key to improved systems
engineering practice
26