On the afternoon of 23 June 2015, the domestic air traffic control services for New Zealand were suddenly and unexpectedly interrupted for about four minutes. During this outage, air traffic sector controllers in the national air traffic management centre at Christchurch lost radar and radio contact with the aircraft under their control.
Although the sector controllers had alternative radio frequencies and standby radios to contact aircraft, not all of these systems worked as expected.
The telephone system was also disrupted by the outage, which prevented normal communication between the sector controllers and the airport control towers around New Zealand.
The radar, radio and telephone services of the national air traffic control system were integrated in a digital data network. The interruption of services occurred when activities during an upgrade program to migrate remaining services on another part of the digital data network inadvertently caused a 'broadcast storm'. The storm prevented normal digital data traffic from reaching the control centre and thereby interrupted radar surveillance and communication systems.
The Transport Accident Investigation Commission (the Commission) found that the broadcast storm was initiated by a software code error in a device. The broadcast storm subsided and the systems returned to normal when the device was removed. The national air traffic services were brought back to full service in a controlled manner over the next few hours.
The Commission found that Civil Aviation Rules Part 171, which defines how an aeronautical telecommunications network is to be managed, was not contemporary for the digital network technology used by Airways Corporation of New Zealand Ltd (Airways).
The Commission identified the following safety issues:
- Airways' digital data network did not have the resilience necessary to support an air traffic control service
- the Civil Aviation Authority of New Zealand did not have the appropriate capability to determine independently if the Airways' aeronautical telecommunications network would perform as the rules required.
Airways engaged an external specialist organisation to critically review the architecture of its digital data network and how it was managed. Airways has since implemented many of the recommendations made by the external reviewer.
The Commission made the following recommendation:
- that the Secretary for Transport update and restructure Civil Aviation Rules Part 171.
The key lessons arising from this inquiry are:
- the incident was a reminder that effective risk management is a continuous process that applies to all aspects of an organisation's activities. From major projects to minor tasks, consideration must be given to the context of the activity within the organisation’s purpose
- it is important that well-defined processes that are critical to the efficient and safe operation of a system are followed.
