Total Loss of Aircraft Hydraulic Power — Fault Tree
A reference fault tree for total loss of hydraulic power on a transport-category aircraft, covering all three independent hydraulic systems plus the RAT/accumulator backup. Prepared per ARP4761 for a DAL-A / Catastrophic failure condition with a target probability of < 1×10⁻⁹ per flight hour.
The scenario
Modern transport aircraft typically carry three independent hydraulic systems (commonly labelled A / B / Yellow-Green-Blue) plus a ram-air-turbine (RAT) and accumulator-driven backup. Hydraulic power is the prime mover for primary flight controls, gear, brakes and high-lift devices. The top event of this fault tree is simultaneous loss of all three hydraulic systems leaving the aircraft without controllable flight surfaces — classified Catastrophic under FAR/CS-25 §1309 and ARP4761.
Top event and decomposition
The top gate is an AND: every independent system must fail simultaneously for the catastrophic top event to occur. This structure is what gets the architecture below 10⁻⁹ /flight hour, and it is the textbook deductive justification for triple-redundant hydraulics.
- System A loss — engine-driven pump failure, reservoir leak, line rupture (with their own λ rates).
- System B loss — independent components and routing per CS-25 §1309 segregation requirements.
- System Yellow / emergency loss — RAT deployment failure, accumulator pre-charge depletion, or PTU (power-transfer unit) failure to engage.
Common-cause failure (CCF) is layered on the AND gate using the Beta model — the dominant contributor at this probability floor, since random-independent failure of three systems is already extremely rare.
Standards alignment
ARP4761 Section 4.6 prescribes FTA as the deductive technique for showing that a Catastrophic failure condition meets a Quantitative Probability Requirement (QPR) of < 10⁻⁹ /flight hour. This template is structured to feed directly into the System Safety Assessment (SSA) bundle alongside the corresponding FHA, PSSA and Common Cause Analysis (CCA — particle-risk, zonal, common-mode).
Use this template
Open the tree in FTA Studio to inspect the AND structure, override per-component failure rates with your engine and pump vendor data, run MOCUS for minimal cut sets, and (Enterprise edition) layer Monte Carlo uncertainty over the leaf rates to produce the lognormal mean and 95th percentile commonly required by SSA reviewers.