AIAA 97-2961, Proceedings of 33rd Joint Propulsion Conference, Seattle, WA, July 1997.

ELECTRONIC SAFE AND ARMING DEVICES FOR USE WITH NON-INTERRUPTED EXPLOSIVE INITIATION

Daniel R. Knick
Barry Neyer
Elton (Al) E. Tibbitts
EG&G Star City, Inc.
PO Box 529
Miamisburg, OH 45343
(937) 865-3800

Current Address
Barry T. Neyer
Excelitas Technologies
1100 Vanguard Blvd
Miamisburg, OH 45342
(937) 865-5586
(937) 865-5170 (Fax)
Barry.Neyer@Excelitas.com

Abstract

Weapon systems utilize Safe and Arm Devices (S&As, or SADs) to ensure that certain safety and performance requirements are met before the main charge of the weapon can be detonated. Historically systems have been composed of detonators made from sensitive primary explosives coupled by an explosive train to the main explosive charge. These systems use mechanical, out-of-line systems to physically interrupt the explosive train and prevent inadvertent functioning. Arming is accomplished by rotating the detonators so that they are in-line with the explosive train.

The mechanical S&As are becoming difficult to produce and the manufacturing base is shrinking. Moreover, each weapon system has a unique design. Advancement in electronic component manufacturing and explosive initiation technologies have provided attractive alternatives to mechanical S&A systems. These Electronic SADs (ESADs) use insensitive explosives and employ electronic logic for performing the safe and arm function.

EG&G has entered into a CRADA with NSWC Dahlgren and NSWC Indian Head to design and develop an ESAD that could be used in a number of weapon systems. The system utilizes an Exploding Foil Initiator (EFI) to directly detonate an insensitive explosive. The EFI requires a firing pulse with a narrow temporal profile that is not easily produced accidentally. The ESAD also uses micromachined accelerometers and electronic timing circuits to ensure that the weapon system has traveled a safe distance from the launch system before the firing circuitry is energized.

EG&G has also entered into a CRADA with NSWC Dahlgren to develop a next generation detonator, a "Chip Slapper." The Chip Slapper is manufactured using modern electronic manufacturing techniques; these techniques allow us to produce detonators that are extremely consistent from one lot to the next. The EG&G Chip Slapper detonator will be hermetically sealed and qualified over a wide range of environments. Thus, this component could be used in a large number of systems.

Technical Papers of Dr. Barry T. Neyer

Safety Logic Design

This design focuses primarily on safety requirements for Navy missile systems as specified in the Weapons Systems Explosive Safety Review Board (WSESRB) technical manual.

Modern electronic components offer a variety of solutions to the challenge of safety logic. These designs can be roughly categorized into two groups; digital and analog designs. Depending upon missile requirements, it sometimes makes sense to some employ the use of a microcontroller. Microcontrollers offer greater adaptability to a variety of system requirements and tend to be more stable at temperature extremes. Their most powerful feature is their ability to process, in real time, environmental data from sensors and affect how the ESAD functions. They can receive data from other sections of the missile to make programmed decisions based on missile trajectory. Communications with the missiles guidance system offers a variety of in-flight adjustments to initiation techniques. Digital designs utilizing microcontrollers are more expensive to develop and qualify due to their greater complexity and software development time. Additionally, safety analysis of software directly involved in safety features of the ESAD is another area that can increase qualification costs.

Recent developments of low cost micromachined (MEMS) accelerometers have allowed for a more accurate measurement of safe separation distance when compared to "g" switches. These devices provide a DC output signal that is proportional to acceleration experienced by the device. They have other built-in features that allow diagnostics using the "self-test" input and they have an "alarm" output to warn of internal malfunction. These devices lend themselves readily to analog double integration methods of acceleration data to establish missile flight distance and provide an estimated distance from the launch platform.

The term "minimum safe separation distance" defines the shortest distance from the launch platform that the ESAD shall arm. This distance is not easily determined because it is influenced by many factors such as missile launch position trajectory, launch platform heading, and target position. Precision integration of missile acceleration data is critical to this endeavor. A potential solution to this problem would be to monitor acceleration along axis perpendicular to the flight of the missile. This data could be processed to increase overall accuracy and safety.

More than one accelerometer can be used to provide safety circuit redundancy by providing acceleration data to other safety circuits and eliminate a single point failure.

During bench testing of the ICS 3255 accelerometer, it became apparent some investigation of offset drift with temperature was required. Two ICS 3255 accelerometers were tested at various temperatures while recording offset and sensitivity to an acceleration change of Ī1g. The results of the study are shown in Figure 1.

Figure 1: ICS Accelerometer Thermal Test Results

As the thermal test results indicate the offset of the ICS accelerometer changes slightly with temperature, but the sensitivity remains stable. Electronic compensation techniques can nullify the offset changes with temperature and reduce error.

Integration of Accelerometer Signal

Acceleration signals can be double integrated to provide an indication of safe separation distance. Accurate accumulation of acceleration data is essential to achieving correct distance. If analog circuits are chosen to provide safety features, the challenge becomes controlling the IC op-amp integrators properly. Small amounts of leakage current and op-amp input bias current can introduce significant error. Extraordinary efforts aren't required, but the printed wiring board (PWB) lay-out must be considered and quality op-amps should be specified. See Figure 2.

Figure 2: ESAD Accelerometer Data Integration Technique

 

Safety Features

Two independent environments shall be used to prevent unintentional arming of the ESAD, and at least one of these features shall depend upon sensing a post launch environment. Enabling of energy interrupters, or inhibits as they are sometimes called, shall be accomplished by sensing post launch environments and they take-on the form of static or dynamic safety features. A dynamic safety feature is an energy interrupter designed to cycle between multiple states to provide a fail safe design. The frequency of the dynamic feature shall not normally occur in other sections of the missile. The number of safety features in a system depends upon the type utilized. Since dynamic safety features are inherently safer than static features the total number of features required varies with the type of combinations. An inherent safety feature of the ESAD is that it automatically returns to a safe state when power is removed. As the output energy of the thermal battery drops below that required to sustain charging current "bleed" resistors within the firing unit will discharge the capacitor in a matter of seconds. See Figure 3.

Figure 3: ESAD Safety Feature Combinations

ESAD designs must also address single point, and common mode failures. Circuit design shall be subjected to several analyses including, but not limited to, fault tree analysis, sneak circuit analysis, and FMECA, Failure Modes and Critically Analysis. All Military and DOD Standards must be understood and addressed with-in the design and then tested.

Testability

Testability of the ESAD should be built into the electronics package. This feature can take the form of limited power-up "built-in -tests", and/or simply "bench testing" diagnostics through spare input connector pins. The ICS accelerometer offers a "self test" input that when stimulated by an electrostatic force causes the seismic mass move allowing the entire circuit to be tested. Full bench testing can be realized with the use of an arbitrary waveform generator programmed to provide a signal that matches the acceleration profile of the missile. This feature can also be used to test ESAD safety features under a variety of simulated missile performance ranges. The ESAD should also be thoroughly tested using a centrifuge to characterize ESAD circuit performance independently of tests using the "self test" option.

To simplify bench testing, the ESAD should be designed to allow removal of all explosives from the electronics package. Not only does this approach alleviate explosive handling issues it allows for qualification and testing of the electronics package, EFI and explosive train separately. Field test equipment could be used to fully function the ESAD prior to assembly.

A block diagram of an analog ESAD is shown in Figure 4 shows implementation of two static safety features and one dynamic safety feature.

 

Figure 4: ESAD Block Diagram

EFI / Fireset Power Supply Design

Fireset design for inline explosive systems utilizing EFIs have been produced for more than fifteen years. Initiation dynamics and manufacturing parameters for these devices are well understood and have been characterized for a number of applications. Critical fireset design aspects involve packaging the fireset in the required configuration occupying as little volume as possible, without compromising high voltage or inductance requirements. The flexibility of EFI designs allow a wide variety of physical configurations. They can be designed to fit into tubes, pancake arrangements, and can readily be fired remotely using low inductance flat cables.

Other issues that need to be addressed are HV arcing, and inductance in the output circuit. Any fireset component that has to stand-off HV, such as the storage capacitor, must be packaged such as to circumvent potential arcing for all environments. This is a particularly difficult problem at reduced pressures that are likely at high altitude were arcs form much easier. Conformal coatings such as Paralene, or potting can be used to negate these issues. The storage capacitor, spark gap and interconnections to the EFI, must be laid-out in a manner to minimize inductance. Inductance in the output circuit affects current rise-time and significantly impacts EFI performance.

Figure 5: EFI Performance

EFI in-line initiation systems inherently have an added degree of safety due to the unique signal required to function the EFI and the insensitive secondary explosive that is utilized. By virtue of this aspect, the task for the electronic circuits becomes preventing energy accumulation in the fireset until safe separation distance has been achieved. Elapsed time from launch is one element in the effort to measure safe separation distance. But, elapsed time, alone, canít be used to guarantee safe separation. Elapsed time, in terms of measuring distance, is a function of average velocity and trajectory. What is most desirable is measurement of distance from the launch platform regardless of missile performance or trajectory. Solid state accelerometers can more accurately determine safe separation distance over a wide range of conditions.

Summary

ESADs offer solutions to problems with mechanical SADs and allow for flexible systems for future applications as missile system requirements grow more complex.

The implementation of ESADs carries the burden of a whole new set of failure modes to be studied and then resolved. Long term passive and active component degradation and compatibility with other system components need to be studied and issues resolved. Environments having no effect on mechanical systems may have a significant effect on performance and failure rate of electronic components. Conversely, issues with the mechanical design may be entirely eliminated by electronics. Mechanical systems are naturally impervious to certain environments that are potentially hazardous to electronic components. The message is to recommend an extensive test plan for the ESAD based on all known credible environments.