The rapid advancement of technologies related to military drones has led to the proliferation of diverse models and families, making them indispensable components in modern localized conflicts and military operations. They have fundamentally altered the methods of military engagement and the patterns of operational conduct. The inherent advantage of a military drone, compared to manned aircraft, lies in its potential to reduce the risk of personnel casualties and lower operational costs. However, the safety risks inherent in the development and manufacturing phases of a military drone are not significantly diminished. Currently, there is a lack of systematically established, standardized norms for preventing safety production risks during the development of military drones, both domestically and internationally. Drawing from extensive experience in constructing a dual-prevention mechanism that integrates risk classification control with hidden danger investigation and governance, this article analyzes typical problems encountered in safety risk identification and assessment during the realization process of military drones. It examines the rationality of existing workflows and the feasibility of potential solutions, ultimately exploring an optimized model suitable for safety risk identification and assessment within China’s military drone sector.
Current Status of Safety Risk Identification and Assessment in Military Drone Development
In the high-stakes environment of military drone development, effective safety management is paramount. The current practices for identifying and assessing safety production risks often reveal several critical shortcomings that can undermine the overall safety posture of a program.
1. Status of Safety Risk Identification
The primary issues in current risk identification for military drone programs include incomplete hazard source identification, inaccurate risk evaluation, and the implementation of non-specific control measures. An analysis of risk identification activities within a typical military drone development team, which covered product design, manufacturing processes, testing, occupational health, emergency management, and general office activities, highlighted the following persistent problems:
- Misunderstanding of Core Concepts: A fundamental lack of deep understanding of definitions leads to inaccurate descriptions of hazard sources. For example, hazards are vaguely described as “external personnel entering the workplace carrying tools, equipment, or materials that may cause injury,” “injury while moving heavy objects,” or “motor vehicle operation on icy or waterlogged roads.” These descriptions fail to pinpoint the specific hazardous energy or substance and the precise condition that leads to harm.
- Incomplete Hazard Identification: The identification focus is disproportionately placed on physical equipment and facilities, often neglecting critical human factors (unsafe acts), managerial deficiencies, and environmental conditions that contribute to risk.
- Incorrect Logic Between Hazard and Risk: The logical relationship between a hazard source and the resulting risk is misconstrued. For instance, a hazard source in an office area might be described as “personnel activity,” while the associated risk is listed as “failure to hold required certifications.” This indicates a confusion between the source of danger and the potential negative outcome.
- Overly Broad Identification Units: Different types of hazards and potential accidents are grouped into a single, coarse-grained process step. For example, combining “using an overhead crane for lifting and transferring heavy objects” into one step is problematic. The hazards, risk levels, and required control measures for the lifting operation differ significantly from those for the transfer operation.
- Non-standard Descriptions of Activities: Work procedures or production steps are described in an ambiguous and non-standardized manner, such as labeling a step simply as “factory disinfection personnel,” which can lead to misunderstandings and inconsistent risk analysis.
- Dominance of Non-Core Risks: A significant portion of identified risk items pertains to general daily management and office activities, rather than focusing on the core, high-hazard processes intrinsic to military drone development, such as hazardous material handling, high-energy testing, or flight trials.
These issues collectively underscore a foundational gap in safety knowledge among personnel, including a confusion between concepts like “hazard source,” “risk,” and “critical danger point,” which directly results in identification that is neither comprehensive nor precise.
2. Status of Safety Risk Assessment
Prior to the standardization of assessment methods, project teams frequently relied on subjective evaluation techniques, such as the LEC (Likelihood, Exposure, Consequence) method, leading to several assessment-related problems:
- Excessive Subjectivity: In methods like LEC, where the risk score (D) is calculated as $$D = L \times E \times C$$ with typical value ranges (e.g., 6-63 for certain interpretations), the evaluator’s personal judgment heavily influences the scores assigned to Likelihood (L), Exposure (E), and Consequence (C). This leads to inconsistent and non-reproducible risk ratings across different teams or individuals.
- Lack of Hierarchy in Control Measures: Existing safety risk control and occupational disease prevention measures do not systematically follow the hierarchy of controls theory (Elimination, Substitution, Engineering Controls, Administrative Controls, PPE). This often results in an over-reliance on less effective measures like personal protective equipment (PPE) or warnings, while more robust engineering solutions are overlooked.
- Incomplete Risk Registers: The resulting risk registers or logs are often missing crucial management information, such as the assigned control level (e.g., corporate, departmental, team), the responsible department/person, and a clear classification of the risk type. This gap hinders effective accountability and follow-up.
Optimization Philosophy and Framework
To address these deficiencies, an optimized model was developed based on foundational standards and guidelines, including the State Council’s opinions on building dual-prevention mechanisms, general rules for enterprise risk classification control, and national standards for accident classification and hazard factor codes. This model was refined through multiple iterations of creating and updating “four-color” risk registers and by incorporating lessons learned from addressing typical problem areas.
The core philosophy involves clarifying fundamental definitions and their logical relationships, standardizing description formats, refining the granularity of analysis, and selecting more objective assessment tools. The following table summarizes the key problems and their corresponding optimization strategies:
| Serial No. | Existing Problem | Optimization Content |
|---|---|---|
| 1 | Inaccurate description of hazard sources. | Standardize the hazard description format to: “[Energy / Hazardous Substance] may lead to [personnel death/injury/occupational illness or equipment damage] due to [unsafe condition of an object / unsafe human act / management defect / unfavorable environment].” |
| 2 | Incomplete identification of hazard sources. | Systematically identify hazards by considering three temporal states (past, present, future) and three operational states (normal, abnormal, emergency) for both personnel and facilities. Use energy/hazardous substances as the entry point and examine geography, layout, infrastructure, environment, process, materials, and management systems. |
| 3 | Incorrect logic between hazard source and risk. | Clarify that a hazard source is the foundation of risk. The risk is defined as the potential accident type and its consequences that the hazard source could trigger, directly related to likelihood and severity. |
| 4 | Overly broad identification units. | Categorize work activities into three main classes: 1) Product Design & Development, 2) Office & General Management, 3) Production Site Operations. Define subdivision principles for each class based on actual processes. |
| 5 | Non-standard description of work steps. | Standardize activity descriptions as: “In the [XX Area], using [XX Materials/Equipment], perform [XX Action].” Use clear verbs like “manage,” “operate,” “maintain,” “inspect,” “approve.” |
| 6 | Daily management risks overshadowing core military drone development risks. | Focus identification efforts on the core product lifecycle. For design teams, start from product design and trace hazards through production, testing, maintenance, and disposal phases across all technical disciplines (aerodynamics, structures, propulsion, avionics, GNC, etc.). |
| 7 | High subjectivity in methods like LEC. | Select systematic assessment methods (e.g., Risk Matrix) aligned with safety objectives and unit characteristics. Objectively assign values to factors based on defined criteria. Determine risk level using the method’s acceptability criteria or the ALARP (As Low As Reasonably Practicable) principle. |
| 8 | Control measures not following the hierarchy of controls. | Formulate control measures according to the hierarchy: Engineering Controls, Management Measures, Training & Education, Personal Protective Equipment (PPE), Emergency Preparedness. |
| 9 | Missing management information in risk registers. | Augment the risk register to include clear control ownership: Responsible Department/Project Team/Test Crew and Responsible Person(s). |
The Optimized Model for Hazard Identification and Risk Assessment and Its Application
1. Preliminary Preparation
Effective preparation is critical for a thorough analysis. The collection and review of the following information are essential before commencing the identification process for a military drone program:
- Layout drawings, lists of critical danger points, and inventories of major equipment and facilities.
- Physicochemical property sheets of raw and auxiliary materials, and Safety Data Sheets (SDS) for all chemicals.
- Detailed understanding of the product’s lifecycle: transportation, intended use (including expected operational scenarios), maintenance, and ultimate disposal.
- Equipment commissioning plans, operating and maintenance procedures, and emergency response plans.
- Technical documentation (assembly, use, maintenance manuals) highlighting warnings, hazardous components, and specified technical safety measures or conditions.
- Decommissioning and disposal requirements, particularly for hazardous waste like lithium batteries after system disassembly.
- Any other relevant operational, historical incident, or regulatory data.
2. Hazard Identification and Risk Assessment Workflow
The optimized workflow for military drone development is a systematic, multi-step process designed to ensure comprehensiveness and objectivity. This process is encapsulated in the following workflow diagram and detailed steps:
Workflow: Hazard Identification & Risk Assessment for Military Drone Development
- Define Work Activity
- Divide into Assessment Units / Job Steps (Using JHA principles)
- Conduct Hazard Identification & Create List
- Define Risk Name (Based on accident type)
- Perform Risk Analysis & Determine Level (Using LS Matrix)
- Propose Risk Control Measures
- Assign Control Ownership
- Formulate & Dynamically Update Risk Register
During implementation, specific practices ensure the process supports daily safety management:
- Dividing Identification Units: To accurately locate risks, units are defined along two dimensions: physical location (site, building, room, specific area) and procedural step (specific task being performed). This two-coordinate system precisely pins the risk point.
- Standardizing Hazard Description: Using defined work steps as input, the team systematically considers the “Three Temporal States” and “Three Operational States.” Identification probes for unsafe acts, unsafe conditions, environmental factors, and management defects, always linking them to a specific energy or hazardous substance. The description follows the standardized template mentioned earlier.
- Defining Risk Name: To ensure consistency, potential incidents are categorized according to standard accident classification systems (e.g., object strike, fire, explosion, fall from height). This accident type becomes the official “risk name,” ensuring clear communication of the potential outcome.
- Conducting Risk Analysis: To maintain consistency with organizational safety protocols, predefined “Critical Danger Points” are directly mapped to risk levels. A Level I Critical Point correlates to a “Major Risk (Red),” Level II to “Significant Risk (Orange),” and Level III to “Moderate Risk (Yellow).” For other hazards, a more granular Risk Matrix (LS) method is applied. This method assesses risk level (R) based on the product of the likelihood of occurrence (L) and the severity of consequences (S).
$$R = L \times S$$
Both L and S are defined on a scale (e.g., 1-5) with clear, objective criteria for each rating, significantly reducing subjectivity compared to the LEC method. - Formulating Control Measures: Measures are developed following the hierarchy of controls to ensure the most effective solutions are prioritized. The table below illustrates the categories and examples specific to military drone development:
| Category | Description | Example for a Military Drone Context |
|---|---|---|
| 1. Engineering Controls | Hardware modifications, technical solutions, or physical barriers that eliminate, reduce, or isolate the hazard. | For the risk of “object strike” from fasteners: “Incorporate specified torque values for critical fasteners into the design input. Clearly annotate these torque requirements on the final assembly and test instruction cards.” |
| 2. Management Measures | Policies, procedures, rules, and supervision designed to manage the hazard. | For the risk related to tire failure on a wheeled military drone: “The airframe development specification shall mandate material selection and fatigue testing requirements for landing gear tires.” |
| 3. Training & Education | Instruction, drills, and information dissemination to ensure personnel are competent and aware of risks. | For safe integration of payloads: “Conduct training on the test plan and field operation procedures. Include specific safety reminders related to payload securement during pre-task briefings.” |
| 4. Personal Protective Equipment (PPE) | Equipment worn by individuals to mitigate exposure to hazards. | For operations involving overhead loads: “Personnel must wear safety helmets, safety shoes, and anti-slip gloves when entering and working in the test area.” |
| 5. Emergency Preparedness | Plans, resources, and training to respond effectively if an incident occurs. | For burn hazards from hot components: “First aid procedure: Immediately cool the affected area with clean, running water. Remove any constricting items (gloves). Apply an antiseptic and cover with a sterile dressing. Use an ice pack over the dressing for pain relief and to reduce inflammation.” |
- Assigning Control Ownership: For effective monitoring, each risk control measure is assigned to a specific Responsible Department (e.g., Structures Design Team, Flight Test Operations) and further down to a named Responsible Person. This clarifies accountability for implementation and verification.
3. Practical Application Example
The optimized model was applied to a specific military drone development program. The team began by categorizing all activities into three primary units, which were then decomposed into detailed steps:
- Unit 1: Product Design & Development. Subdivided into Design, Manufacturing Support, and Testing.
- Design: Steps included Overall Concept Design, Aerodynamic Design, Structural & Stress Analysis, Propulsion System Design, Avionics Design, Guidance & Control System Design, etc.
- Manufacturing Support: Steps included Requirements Handover and Production Line Follow-up.
- Testing: This was extensively detailed into over 20 steps, such as Test Plan Development, Safety Briefings for Stakeholders, Pre-entry Safety Checks, Fuel Loading/Unloading, Lithium Battery Management, Product Hoisting, Static Load Testing, Engine Runs, and Flight Testing.
- Unit 2: Office & General Management. Covered daily office activities, tool management, server rooms, and administrative tasks.
- Unit 3: Production Site Operations. Further refined into 81 sub-processes based on specific manufacturing and assembly techniques.
By focusing the identification through the lens of the product design lifecycle, the team identified several dozen distinct hazard sources. The distribution was: 48% from Product Design & Development, 33% from Office & General Management, and 19% from Production Site Operations. This balanced list effectively covered the full spectrum of safety risks in military drone development, successfully eliminating the earlier problems of incomplete identification, inaccurate assessment, and weak controls. The resulting structured register now serves as a valuable reference template for other military drone programs.
Conclusion
The military drone sector in China is undergoing a phase of accelerated development. Consequently, the models for managing safety production risks during the development of these complex systems must be dynamic, capable of iterating alongside technological advances, and promptly incorporating lessons learned from emerging issues. This article, starting from the fundamental concepts and logical relationships between hazards and risks, and building upon optimization research within the dual-prevention mechanism framework, has explored the application of an enhanced safety risk classification and control model for military drone development. It proposes a standardized implementation framework for safety risk identification and control tailored to the unique processes of military drone system realization. This model enables more effective monitoring of safety throughout the development lifecycle and provides a refined, actionable workflow to support both managerial oversight and on-site risk control, thereby contributing to the safer and more reliable development of advanced military drone platforms.