# System Safety Assessment (SSA) — MRT-X Tactical UAS

**Document:** RPT-MRTX-SSA-001 | **Type:** Vendor substantiation
**Revision:** v1.0 | **Date:** 3 June 2026
**Prepared by:** Aerix Defense Systems (fictional) — J. Pell, Airworthiness & Safety Lead
**Verifies against:** SRD-MRTX-001 §6, §4.8; MIL-STD-882E

---

> **FICTIONAL — METHODOLOGY TEST INPUT.** Not a real safety assessment. Contains deliberately planted gaps for an academic airworthiness-engine demonstration.

## 1. Scope and Method

This System Safety Assessment identifies hazards associated with the MRT-X air vehicle and assesses risk per MIL-STD-882E using the standard severity (Catastrophic/Critical/Marginal/Negligible) and probability (Frequent through Improbable) categories and the resulting Risk Assessment Code (RAC) matrix. Functional Hazard Assessment was performed at the system and subsystem level.

## 2. Severity and Probability Definitions

Severity and probability follow MIL-STD-882E Tables I and II. Catastrophic = loss of air vehicle or death/permanent disability to ground personnel. Critical = major system damage or severe injury. RAC bands: High (1–5), Serious (6–9), Medium (10–17), Low (18–20).

## 3. Hazard List

| HID | Hazard | Cause | Severity | Probability | RAC | Mitigation |
|---|---|---|---|---|---|---|
| H-01 | Total loss of generator output in flight | Turbine flameout, generator fault | Catastrophic | Remote | High→Medium | Energy buffer sized for autoland (SRD-5.6); BIT alerting |
| H-02 | Loss of C2 link | DDIL RF, jamming, range | Critical | Occasional | Medium | Lost-link RTH / pre-planned recovery (SRD-6.4) |
| H-03 | Lithium battery thermal runaway | Cell defect, overcharge | Critical | Remote | Medium | Thermal-runaway containment, fault isolation (SRD-5.10/5.11) |
| H-04 | Mid-air collision within swarm | Navigation drift, formation error | Critical | Remote | Medium | Detect-and-avoid (SRD-6.8); formation deconfliction |
| H-05 | Uncommanded flight termination | False lost-link trigger | Critical | Remote | Medium | Lost-link logic validation |
| H-06 | Fuel leak / fire | Fuel system breach | Catastrophic | Improbable | Medium | Fire protection (SRD-5.9) |
| H-07 | HVDC arc-fault on 270 VDC bus | Insulation failure, connector | Critical | Remote | Medium | Arc-fault detection/protection (SRD-5.7) |

## 4. Risk Assessment Summary

All identified hazards are assessed at Medium or lower residual risk following mitigation. No residual High-risk hazards remain. The system safety posture is assessed as acceptable for the proposed flight clearance envelope.

## 5. Hazard Closure Notes

H-01 through H-07 are addressed by the mitigations cited. Verification of each mitigation is tracked in the respective subsystem reports (propulsion, electrical, software, battery).

## 6. Revision History

- **v1.0 (3 June 2026):** Initial SSA. Seven system-level hazards identified and assessed per MIL-STD-882E.

---

### [INTERNAL — NOT PART OF REPORT] Planted gaps in this document

- **PG-SSA-1:** The hazard list contains **no hazard for weapon-payload integration** despite SRD-4.7/4.8 establishing weapon integration. MIL-STD-882E energetics/munitions hazard analysis is entirely absent. (Category: GAP — missing hazard analysis.)
- **PG-SSA-2:** H-02 and H-05 treat "loss of C2 link" as a single condition, **not distinguishing direct-operator-link loss from total mesh-path loss** (SRD-6.9). The mitigation for H-05 (false termination) is asserted without analysis of how the trigger behaves in a surviving mesh. (Category: AMBIG/under-analysis.)
- **PG-SSA-3:** H-01 residual probability "Remote" is asserted but **not substantiated** with a generator/turbine reliability figure; no MTBF or failure-rate basis is given for a Catastrophic-severity hazard. (Category: unsubstantiated risk claim.)