By Joe Wlad
Forty-plus years ago, when automatic pilots were first used to perform automatic landings of large aircraft, there was a joke that was circulated among pilots everywhere. Future aircraft would be manned only by a single pilot and a dog. The pilot’s job would be to feed the dog. The dog’s job would be to bite the pilot if she or he touched anything. Today, we’ve advanced well beyond that presageful joke, and airborne systems can now operate autonomously without human, or canine, participation.
One key event taking place this week, that Wind River is exhibiting at, is the Association for Unmanned Vehicle Systems International (AUVSI) North America, which showcases the latest trends and technologies in unmanned systems. This event consistently attracts a lot of attention and participation. In fact, this year’s show in Washington, DC is likely to have record participation, which is indicative of the trends we’re seeing in automated and unmanned systems designs.
Ever since hobbyists have demonstrated the ability to control model-sized aircraft using radio signals, engineers conceived of controlling larger-scale unmanned aircraft for both military and civilian purposes. A number of the research efforts for unmanned aircraft over the past two decades have now evolved into larger rate production, and in some cases, deployment in the Iraq and Afghanistan war zones. While this is a tribute to the engineers and architects of these designs, one negative consequence of this success is that we now have many unmanned systems that cannot easily coexist with manned aircraft because lack of standards and regulatory requirements for unmanned vehicles. Moreover, the systems in use today are not interoperable. In other words, each unmanned air vehicle is tied to a unique ground station which increases the cost of design and certification.
If you are wondering what rules govern the operation of unmanned vehicles in US National Airspace, the FAA has published operational air traffic policies in the form of a Notice, JO 7210.766 Unmanned Aircraft Operations in the National Airspace System. This document is intended for use by FAA personnel responsible for air traffic operations. Among many other things, this notice identifies some of the requirements unmanned vehicles must meet that share National Airspace with commercial and private aircraft. Since unmanned systems don’t usually comply with standard safety or airworthiness requirements, operators of unmanned air vehicles must obtain a Certification of Authorization (COA) from the FAA which will give the operator restricted permission to operate the unmanned aircraft. Typically, the restrictions include operation in non-populated areas, restricted or positive-control airspace and/or warning areas. Additionally, the operator must convince the FAA that the vehicle can be operated safely under all conditions including lost communication provisions and system failures. Each COA is specifically authorized by the FAA and requires a lot of effort on the part of both the applicant and the FAA.
The Department of Defense (DoD) and the FAA envision integrating use of unmanned aircraft in a more standard fashion so that systems can be certified at lower cost and become more interoperable. One unique characteristic about unmanned systems is that safety properties must be addressed for both the air vehicle and the ground control system. The Office of the Secretary of Defense (OSD) in the DoD has chartered a working group (WG) called the Unmanned Control Systems, Control Segment, or UCS. The goals of the UCSWG are to define standard, reusable, interoperable ground stations that can support a variety of unmanned aircraft. The UCSWG does this by defining the properties of a platform independent model (using a model-driven architecture) whereby services such as mission control, vehicle control, communication, etc, can be added to support each vehicle without modification to the underlying platform. The UCS standard will have various interfaces based on a NATO standard, called STANAG 4586, which is specifically designed for UAV interface systems. The current UCS efforts, called architecture 2.1, are planned to be complete by the end of 2011 but additional efforts are likely to continue beyond 2011.
Special attention has been given to the safety and security aspects of UCS and Wind River is playing a big role in helping to define the safety requirements for UCS. The working group has included standards and guidance from NATO, DoD and the FAA such as:
- NATO STANAG 4671: UAV Systems Airworthiness Requirements
- RTCA DO-178B: Software Considerations in Airborne Systems and Equipment Certification
- DIACAP: DoD IA Certification and Accreditation Process
- CNSSI 1253: Security Categorization and Control Selection for National Security Systems
- MIL-STD-882D: System Safety
- MIL-HDBK-516B: Airworthiness Certification Criteria
At its foundation, the UCS2.1 platform-independent model architecture is defined as a partitioned platform where separation is provided by a time/space partitioned operating system which supports open standards such as ARINC 653 or POSIX, cross-domain services for high assurance and mixed levels of safety criticalities. Additional layers of functionality such as configuration in accordance with RTCA/DO-297, middleware such as DDS or cryptographic services are also defined in UCS 2.1. Wind River’s VxWorks MILS platform, VxWorks 653 platform and Wind River Linux Secure and the Wind River Hypervisor all support the tenets of UCS 2.1, depending upon how a Platform Specific Model (PSM) is defined. Information assurance requirements could be either medium assurance cross domain communication or high assurance cross-domain communication depending upon mission requirements.
In the coming weeks, I’ll provide more information on the safety requirements and certification processes for UCS. Until then, you can learn more about UCS and the evolution of the architecture at: http://www.ucsarchitecture.org/page/home