Who watches the watchers?

The Civil Aviation Authority must come clean about how it has policed Nats' computer systems

The Civil Aviation Authority must come clean about how it has policed Nats' computer systems

For the third time since National Air Traffic Services' (Nats) New En Route Centre went live at Swanwick in January, the handling of air traffic in UK airspace was last week brought to its knees by a software glitch.

Teething problems are inevitable with any new system, and in defence of Nats, problems with the workstations at Swanwick were compounded by the unforeseeable crash of the European air traffic control system in Brussels on the same day.

Nevertheless, a strong suspicion remains that the new Swanwick system was rolled out prematurely, in the face of considerable political pressure. The failure of a single workstation should never have been able to spark a 50% systems capacity loss, as was the case at Swanwick last Friday.

At the same time, a dialogue continues between Nats and the Health and Safety Executive (HSE) over whether the HSE was provided with inaccurate information relating to the legibility of the screens used at Swanwick.

A confidential document seen by Computer Weekly reveals that since January air traffic controllers have experienced difficulties with, for example, telling Cardiff and Glasgow apart and reading flight levels onscreen. In one case a controller who handled the transfer of flights from one air space sector to another warned of the need for a "nose-on-screen" approach to their work.

Should such a system, upon which so many thousands of lives depend at any one time, have been given a green light?

According to the Civil Aviation Authority (CAA), which regulates the UK's air industry, the answer is "yes".

Yet when we drill down into the CAA's requirements, we discover that it gave its rubber-stamp of approval largely on the basis that Nats was itself satisfied with the steps taken to guarantee safety-critical systems at Swanwick.

This is hardly auditing at its most rigorous. On the contrary, what we have here is the perverse incidence of a regulator delegating responsibility for the sign-off of safety-critical systems to the very customer it should be regulating.

Indeed, the CAA's involvement in auditing Swanwick could even prove to be positively damaging. As things stand, Nats is still able to cite the CAA's endorsement of its systems in the face of public criticism. If the CAA's auditing of the system was so scant, surely it would have been better if it had been totally uninvolved, leaving Nats with the full burden of responsibility and no fallback?

The fact that the CAA is statutorily excluded from audit by the National Audit Office only emphasises its lack of accountability.

Clearly it is time for the CAA to come clean on the extent of its involvement in regulating the safety of a system that may make the difference between life and death.

If it believes it has been proactive and effective in so doing, it should be happy to provide details of the independent assurances of the safety of the new Swanwick system it sought and received.

If it will not - or cannot - do so, should we be wholly surprised if disaster strikes in our skies?

Read more on IT risk management