SC-05: COP Data Degradation
| Field | Value |
|---|---|
| Scenario ID | PER-004-SC-05 |
| Context / Trigger | At 11:00 AM during a high-traffic period (18 active flights, 12 accepted flights pending activation), the Traffic Service enters degraded mode. One of the primary telemetry providers has experienced a network failure, reducing sensor coverage over the southeastern quadrant of the state. Track update rates for 6 active flights in that area drop from 1 Hz to intermittent updates every 10–15 seconds. The remaining 12 active flights outside the affected area continue with normal coverage. |
Narrative
The COP displays an immediate system status banner: “TRAFFIC SERVICE DEGRADED — Provider M-03 offline — Southeastern quadrant: reduced coverage” [UERQ-SYS-1680]. Affected tracks on the COP change their display: the staleness indicator [UERQ-SYS-1813(e)] shows a yellow clock icon with the time since last update. Tracks with updates older than 5 seconds show a dashed position circle (uncertainty grows with staleness) rather than a solid position icon.
Jessica assesses: 6 active flights are now in degraded monitoring. She cannot trust their displayed positions for non-conformance assessment or conflict detection. She makes two decisions.
First, she puts a hold on new activations in the affected quadrant: no new flights should transition from Accepted to Activated until coverage is restored, because she cannot monitor their conformance. She does not have authorization processing suspension authority (that is David’s role per UERQ-SYS-1420), so she calls the county authority covering the southeastern area and recommends they suspend activations for the affected zone. The county authority agrees and activates a temporary processing suspension.
Second, she contacts the 6 active operators’ organizations through the notification system: “Reduced traffic surveillance coverage in your operating area. Maintain enhanced visual observer vigilance. Report any anomalies immediately.”
She monitors the COP. After 22 minutes, the Traffic Service reports provider M-03 reconnected [UERQ-SYS-1631]. Track update rates return to normal. The staleness indicators clear. The COP returns to full-confidence display.
Jessica notifies the county authority that coverage is restored and the activation suspension can be lifted. She logs the degradation event, her response actions, and the resolution timeline for the shift report.
Traceability
| Linked End Goals | Maintain confidence in COP accuracy; identify when data cannot be trusted. |
| Linked Capabilities | Degradation Detection and Response (UERQ-SYS-1677), Degraded Mode Declaration (UERQ-SYS-1680), Fused Track Output staleness indicator (UERQ-SYS-1813(e)), Provider Fault Isolation (UERQ-SYS-1630), Auto Reconnection (UERQ-SYS-1631), Fusion Pipeline Failure Notification (UERQ-SYS-1805), Disconnect Detection and Alerting (UERQ-SYS-1734), In-Band Status Flags (UERQ-SYS-1664). |
| Safety Relevance | Yes: a COP that displays stale or incomplete data without clear indication is a safety hazard. Jessica’s decision to halt new activations in the affected area is a safety-conservative response that prevents flights from operating without adequate surveillance. The staleness indicator and degraded mode declaration are safety-relevant display requirements. |