What Keeps Aviation IT Safe? Lessons from System Design and Data‑Driven Ops

When first entering the aviation industry, the author felt like an explorer stepping into a wilderness of information technology, believing that planting a single "modern technology" seed could grow a forest of transformative solutions.

After discussions with domestic solution providers, confidence was tempered by harsh realities: a product serving dozens of airlines lacked plug‑in customization, did not use GitFlow for product‑line management, and each customer’s code was maintained separately; the flight‑operation lifecycle system prohibited downtime yet had no load‑balancing, failover, or service degradation mechanisms, and its database relied only on daily backups without hot‑standby replication, making stability a matter of prayer; upgrades had no rollback and could not run in parallel, turning each deployment into a risky adventure.

The industry then asked the crucial question: "Is this system safe?" In Chinese civil aviation, safety is ingrained to the bone, and the regulator’s standards exceed global averages, rendering typical internet‑style rapid iteration and disaster‑recovery concepts practically illegal.

No Silver Bullet

Safety boundaries can be explored through aerospace examples such as SpaceX, whose reusable rockets demonstrate that even the most complex safety challenges can be tackled with familiar technologies.

NASA, one of the few institutions that can compete with Google for talent, pioneered software engineering practices to manage massive, error‑intolerant projects, coining the term "software engineer".

Since safety ultimately boils down to technical problems, proven engineering practices remain valid, bringing aviation IT back onto a solid technical track.

No Launch, No Harm

The first system to face safety scrutiny is the flight‑control system, which manages everything from flight planning to pilot resource allocation, take‑off/landing control, and abnormal flight handling. Its design includes a smooth rollout plan that allows gradual migration of routes to the new system while keeping the old system ready to take over instantly if failures occur.

The biggest single point of failure is the telegram system, the sole communication channel between airlines and air traffic control, using Morse‑code teleprinters that date back to before the founding of the People’s Republic. Maintaining this legacy link while demanding zero errors is akin to asking a Java programmer to write flawless C code.

Monitoring system availability relies on heartbeat checks: periodic test telegrams verify both send and receive paths, with adjustments to frequency to balance cost.

To let old and new systems share the same line, the telegram system is encapsulated, internally routing traffic and isolating the two systems, while a cold‑standby network line guards against carrier outages.

During a release readiness meeting, business units raised a concern: splitting routes would strain the shared pilot pool, and regulators would not accept parallel old‑new operation, demanding zero‑failure performance from the new system.

Regulators, Regulators

The Civil Aviation Administration of China, one of the world’s strictest regulators, tightly controls airline production operations. While this ensures safety, it also hampers efficiency and stifles individual creativity, prompting calls for bottom‑up innovation.

The core issue behind the regulator’s resistance is the extra workload of entering data twice in parallel systems. By automatically synchronizing data between old and new systems, only the differences need manual entry, reducing labor and preserving data integrity.

Not all data can be fully automated; some, like passenger boarding times and fuel quantities, still require human verification after flight.

Regulatory requirements also drive comprehensive logging—work logs, tickets, approvals, meeting minutes—so that any incident can be fully reconstructed and, if no human error is found, the responsible party can be absolved.

Future iterations will equip all field staff with information terminals, turning data entry into simple button clicks or even a shake gesture, while the system evolves toward an Event‑Sourcing architecture that captures every event, state, and process as data for deeper transformation.

Data Speaks

Aviation naturally generates massive data: engine performance, flight trajectories, pilot actions, maintenance records, and even minor faults like a loose air‑conditioner blade are meticulously logged.

Extracting value from this data is challenging because business experts often lack system thinking, leaving technical staff to build the “tower of Babel.” Nevertheless, when disputes arise, solid data can narrow the debate to data validity.

Fuel consumption dominates airline operating costs; optimizing fuel load is both an environmental and profit issue, with pilots holding significant influence over fuel decisions.

To improve fuel‑estimation models, the proposed solution has two phases: data accumulation and model training. Historical flights with similar conditions serve as anchors; actual flight data—including distance, load, weather, and consumption—is recorded and used to refine the model. Over time, the model learns to predict more accurate fuel requirements.

Source: 技术琐话