Committee F38 on Unmanned Aircraft Systems · Committee F38 on Unmanned Aircraft Systems 4 May 2015 AUVSI 2015 Conference Atlanta, Georgia SLIDES ATTACHED AGENDA 0800‐0830: Welcome,

Committee F38 on Unmanned Aircraft Systems 4 May 2015

AUVSI 2015 Conference

Atlanta, Georgia SLIDES ATTACHED

AGENDA

0800‐0830: Welcome, agenda review/update, and participant introductions ‐ W+12 (F38 Chair)

0830‐0900: FAA UAS Status Update Overview – Jim Williams (FAA UAS Integration Office) 0900‐1015: FAA UAS Status Update Details

‐ Cyrus Roohi and Steve George (FAA UAS Integration Office)

‐ Wes Ryan or Designee (FAA Small Airplane Directorate)

1015‐1030: Break

1030‐1100: Software of Unknown Pedigree: ‐ Steve Cook (MITRE)

1100‐1130: ASTM F38 Standards Development Overview/Discussion – W+12 (F38 Chairman)

1130‐1200: Operations over people standard update (WK37164) ‐ Doug Marshall

1200‐1230: Operational risk assessment standard update (WK49619) – Harrison Wolf (USC)

1230‐1530: Lunch and Networking

1530‐1550: Command and control update (F3002)– Phil Kenul (F38 Vice Chairman)

1550‐1610: Pilot/visual observer training update (WK29229)– Scott Strimple

1610‐1630: K‐State ASTM sUAS standards validation program status ‐ Mark Blanks (KSU)

1630‐1645: EVLOS/BVLOS standard update – (WK49620)

1645‐1700: Action item review and wrap‐up

1700: Adjourn

F38 Approved Standards 1. F2500-07 Standard Practice for Unmanned Aircraft System (UAS) Visual Range Flight

Operations 2. F2512-07 Standard Practice for Quality Assurance in the Manufacture of Light

Unmanned Aircraft System 3. F2585-08 Standard Specification for Design and Performance of Pneumatic-Hydraulic

Unmanned Aircraft 4. F2849-10 Standard Practice for Handling of Unmanned Aircraft Systems at Divert

Airfields 5. F2851-10 Standard Practice for UAS Registration and Marking (Excluding Small

Unmanned Aircraft Systems) 6. F2908-14 Standard Specification for Aircraft Flight Manual (AFM) for a Small Unmanned

Aircraft System (sUAS) 7. F2909-14 Standard Practice for Maintenance and Continued Airworthiness of Small

Unmanned Aircraft Systems (sUAS) 8. F2910-14 Standard Specification for Design and Construction of a Small Unmanned

Aircraft System (sUAS) 9. F2911-14e1 Standard Practice for Production Acceptance of Small Unmanned Aircraft

System (sUAS) 10. F3002-14a Standard Specification for Design of the Command and Control System for

Small Unmanned Aircraft Systems (sUAS) 11. F3003-14 Standard Specification for Quality Assurance of a Small Unmanned Aircraft

System (sUAS) 12. F3005-14a Standard Specification for Batteries for Use in Small Unmanned Aircraft

Systems (sUAS)

F38 Draft Standards 1. WK11425 New Practice for Private Unmanned Aircraft System (UAS) Pilot Practical Test

Standards for Unmanned Aircraft Single-Engine Land (SEL) Remote Control and Autonomous / Semiautonomous (Technical Contact: David Gibbs)

2. WK16285 * New Specification for Specification for Design and Performance of an Unmanned Aircraft System-Class 1320 (550# Gross Weight to 1320# Gross Weight) (Technical Contact: Les Hicks)

3. WK27055 * New Practice for the Registration and Marking of Unmanned Aircraft Systems (Technical Contact: Rocky Gmeiner)

4. WK28019 * New Practice for Selecting sUAS Launch and Recovery (Technical Contact: Joseph Santor)

5. WK29229 * New Practice for Certification of Pilots, Visual Observers, and Instructor Pilots and Training courses for Small Unmanned Aircraft Systems (sUAS) (TC: Scott Morgan)

6. WK31391 * New Specification for Testing of a Small Unmanned Aircraft System (sUAS) (TC: Ted Wierzbanowski)

7. WK37164 * New Specification for Operations Over People (TC: Douglas Marshall) 8. WK49619 New Practice for Operational Risk Assessment (ORA) (TC: Harrison Wolf) 9. WK49620 New Practice for Extended/Beyond Visual Line of Sight Operations (TC: Ted

Wierzbanowski)

Presented to: ASTM International

Presented by: FAA UAS Integration OfficeFAA Aircraft Certification Service

Date: May 4, 2015

Federal AviationAdministrationFAA Brief to the

ASTM Community

Committee F38 on Unmanned Aircraft Systems

Federal AviationAdministration

ASTM Committee F38May 4, 2015

2www.faa.gov/uas

Purpose

• Establish a path for the successful development and implementation of ASTM F38 standards for small Unmanned Aircraft Systems (sUAS)

• Help ASTM create quality standards



3www.faa.gov/uas

Overview

• FAA Modernization and Reform Act of 2012 (FMRA)

• Notice of Proposed New Rulemaking (NPRM)

• FAA Center of Excellence (COE)

• Paths to Flight

• F38 Standards Overview

• F38 and the FAA



4www.faa.gov/uas

FAA Modernization and Reform Act of 2012

• Section 332– “… a final rule on small unmanned aircraft systems

that will allow for civil operation of such systems in the national airspace”

• Section 333– Provides authority to establish an interim policy that

bridges the gap between the current state and NAS operations under the sUAS rule



5www.faa.gov/uas

Section 333 Exemption ConOps

FILMING | POWER LINE INSPECTION | PRECISION AGRICULTURE | FLARE STACK INSPECTION



6www.faa.gov/uas

“Blanket” Certificate of Waiver or Authorization (COA)• Section 333 exemption holders automatically

receive 200 ft. COA with some restrictions– Operate within visual line of sight (VLOS)

– VFR – VMC Conditions

– Maintain determined distances form airports/heliports



7www.faa.gov/uas

UAS Test Sites

http://www.faa.gov/uas/legislative_programs/test_sites/



8www.faa.gov/uas

Designated Airworthiness Representatives (DAR)

• DARs can be authorized to issue Special Airworthiness Certificates in the Experimental Category at UAS Test Sites for:– Research and development

– Crew training

– Market survey



9www.faa.gov/uas

Notice of Proposed Rulemaking (NPRM) – Small UAS Rule

• Operational Limitations

• Operator Certification and Responsibilities

• Aircraft Requirements



10www.faa.gov/uas

Proposed Small UAS Rule: Major Provisions

• Major provisions of proposed Small UAS Rule (Part 107):– Operational Limitations

– Operator Certification and Responsibilities

– Aircraft Requirements

– Model Aircraft



11www.faa.gov/uas

Proposed Small UAS Rule: Major Provisions (continued)

• Must see and avoid manned aircraft– UAS must be first to maneuver

away if collision risk arises

• Must discontinue flight in event of presenting a hazard to other aircraft, people or property



12www.faa.gov/uas


• Must assess risks presented by: – Weather conditions

– Airspace restrictions

– Location of people



13www.faa.gov/uas


• May not fly over people, except those directly involved with the operation

• Flights limited to:– 500 feet altitude

– 100 mph



14www.faa.gov/uas


• Must avoid airport flight paths and restricted airspace areas

• Must obey any FAA Temporary Flight Restrictions (TFRs)



15www.faa.gov/uas

NPRM and Consensus Standards

• FAA decided that under the NPRM a sUAS would not have to comply with a set of unvalidated consensus standards

• Due to their light weight, small unmanned aircraft generally pose a significantly lower risk to people and property on the ground than manned aircraft



16www.faa.gov/uas

FAA Center of Excellence (COE)

• To better understand how the aircraft can be integrated into the National Airspace System, the FAA is setting up a COE



17www.faa.gov/uas

Additional Paths to Airworthiness

• Public COA Process (Public Use)

• Experimental Airworthiness

• Type Certification



18www.faa.gov/uas

Public COA

• Certificate of Authorization or Waiver (COA) are issued for public operation

• Allows a particular UA to operate for a specified purpose, in a specified area

• See www.faa.gov/uas/public_operations/ for more information



19www.faa.gov/uas

Experimental Certificates

• Process defined in FAA Order 8130.34C– Certificates have been issues to both UAS and OPA*

• Two options for applicants:– Apply to FAA Headquarters, managed by AIR-113

– Apply to UAS Test Sites, managed by geographic MIDO with assistance provided by UAS DARs

*Optionally Piloted Aircraft (OPA) – a manned aircraft that can be flown by a remote pilot from a location not onboard aircraft



20www.faa.gov/uas

By the Numbers

12

14

98

54

1113

18

1

3

17

21

24

1921

24

32

47

0

5

10

15

20

25

30

35

40

45

50

2005 2006 2007 2008 2009 2010 2011 2012 2013 2014

UAS/OPA Experimental Certificates209 Total: 85 Original & 124 Re-Issue [Through end of 2014]

Original Total



21www.faa.gov/uas

Type Certification

• First Type Certificates (TC) issued in 2013– AeroVironment PUMA

– Insitu ScanEagle

• Advisory Circular covers TC process under § 21.17(b)



22www.faa.gov/uas

Advisory Circular for UAS

• Type certification under § 21.17(b) special class– AC establishes a risk-based decision making process

and explains how existing aircraft design requirements from § § 23, 25, 27, 29, and industry standards (including ASTM) can form a type certification basis for UAS



23www.faa.gov/uas

Future of ASTM F38 and the FAA

• Memorandum of Agreement (MOA)

• Potential Relationships

• ASTM’s Current Efforts

• Foundation of Standards

• Validation of Standards



24www.faa.gov/uas

Memorandum of Agreement

• Updated previous expired MOA

• Out for review and signature

• New two year agreement



25www.faa.gov/uas

PotentialRelationshipBetweenEfforts

Open Category (A)

- Proposed sUAS Rule (VLOS)

- 333 Exemptions (Time Limited)

- TC not required

SpecificCategory (B)

- Operational andgeographic limitstraded for designassurances

- Experimental- TC may be required

RegulatedCategory (C)

ASTMStandards

- TC UAS without restrictions meeting “typical” design assurances

JARUSRPAS 1309

AC for 21.17(b)Type Certification



26www.faa.gov/uas

ASTM F38’s Current Efforts

• Best Practice for preparing an Operational Risk Assessment (ORA)

• Defining requirements and design features necessary for operating UAS at low altitude BVLOS and/or EVLOS

• Defining design features and operational limitations/mitigations for operating sUAS directly over people



27www.faa.gov/uas

ORA Best Practice

• The Operational Risk Assessment (ORA) is a key component of the certification process outlined in the § 21.17(b) Advisory Circular

• May also be used in experimental airworthiness determination and 333 exemption evaluation

Energy & Size+

CONOPS

6 Risk Classifications

Expected Level of Safety



28www.faa.gov/uas

Current Published Standards

• Flight Manual

• Maintenance

• Design

• Production

• C2

• Quality Assurance

• Batteries



29www.faa.gov/uas

Standard Comparison

F2355-14 Design and Performance Requirements for Lighter-Than-Air Light Sport Aircraft

Vs.

F2910-14 Design and Construction of a Small Unmanned Aircraft System (sUAS)



30www.faa.gov/uas

Standards Comparison

F2355-14(Light Sport)

F2910-14(sUAS)



31www.faa.gov/uas



F2910-14(sUAS)



32www.faa.gov/uas



F2910-14(sUAS)



33www.faa.gov/uas

Example of Well Defined F38 Design Standards

33



34www.faa.gov/uas

FAA Recommends

• Remove “should” wherever possible

• Clearly define limitations

• Set intended standards– Specific

– Measurable

– Clear/unambiguous



35www.faa.gov/uas

Can Standard be Measured or Tested?



36www.faa.gov/uas

Eliminate Ambiguity



37www.faa.gov/uas

Define the StandardPilot-static system is calibrated CFR part 91.411 every 24 months and must comply with appendices E (altimeter) and F (transponder) of part 43. Appendix F of part 43 is applicable only if sUAS is capable of operating a transponder



38www.faa.gov/uas

FAA ASTM Leads

Standard ASTM FAA-Lead

Design and Construction F2910-14 Gunnar

Control and Communication F3002-14a Jain

Battery F3005-14 Roohi

Continuing Airworthiness F2909-14 Winn

Quality Assurance F3003-14 Chen

Production Acceptance F2911-14 Ghimire

Operations Over People Bergson

Beyond Visual Line of Sight Walsh

Identification and Marking Fugate

Small UAS Airplane Flight Manual F2908-14 Neylon

Small UAS Pilot Qualification Roohi



39www.faa.gov/uas

FAA AUVSI Schedule

• Legal Updates on the use of sUAS– Tuesday May 4th, 2015 3:30PM B302

• Enabling UAS Capabilities– Wednesday May 5th, 2015 1:00 PM B316

• Press Events– #1 May 5th, 2015 11:00AM Press Room 2

– #2 May 5th, 2015 12:15AM Press Room 2



40www.faa.gov/uas

FAA AUVSI Booth #548



41www.faa.gov/uas

Summary

• FAA teaming with ASTM

• FAA needs validated/accepted industry consensus standards

• Standards need to of high quality, definitive and measurable



42www.faa.gov/uas

Questions/Concerns/New Actions

© 2015 The MITRE Corporation. All rights Reserved.

Dependability of Software of Unknown Pedigree

The MITRE Corporation

Stephen CookAndy LacherJohn AngermayerDrew ButtnerKerry CrouseTed Lester

Presentation to ASTM F38May 4th, 2015

Approved for Public Release, Distribution Unlimited.

Case Number: 15-1416. The views, opinions, and/or findings

contained in this paper are those of author(s) and The MITRE

Corporation and should not be construed as an official

Government position, policy, or decision, unless designated by

other documentation. Neither the FAA nor the DOT makes any

warranty or guarantee, or promise, expressed or implied,

concerning the content or accuracy of the views expressed herein.


Agenda

■ What is Software of Unknown Pedigree (SOUP)?

■ Research Motivation

■ SOUP Dependability Framework

■ Recommendation to ASTM F38

■ Conclusions

2


What is SOUP?

■ Software of Unknown Pedigree is:– A software item already

developed and/or generally available and has not been developed for the purpose of being incorporated into a safety critical application (sometimes called “off the shelf software”)

OR– A software item previously

developed for which adequate records of the development processes are not available

3

■ In contrast:– Aviation pedigreed software

developed in accordance with RTCA DO-178C or MIL-STD-882

Note: We consider “dependability” to encompass

both the safety and security aspects of SOUP


4

Research Question: How can the dependability of Software of Unknown Pedigree (SOUP) be assessed so it can be used in (unmanned) aviation safety-critical applications?


Clash of Cultures: Small UAS Opportunity

5

InformationTechnology

Aviation

Speed to market

Innovation

Open

EvolutionaryProven

Proprietary

Revolutionary

Tightly regulated

Safety

Risk avoidedRisk rewardedMinimally regulated

Entrepreneurial Conservative

Technology

Innovations

Safest Mode of

Transportation

Small Unmanned AircraftSoftware intensive

Lower cost than manned aircraft

Non-traditional aviation software

Some software hazards mitigated

MITRE: IT and Aviation Expertise


Research Idea:Analyze and assess processes and techniques from other safety-critical applications where SOUP has been considered or employed

Aviation Medical Nuclear

Rail Space Software Security


Desired Results and Impacts

■ Analytical decomposition of processes and techniques for SOUP in safety-critical applications

■ Proposed dependability framework for use in aviation

■ Real-world case studies to evaluate framework

■ Assessment of potential for use in select aviation domains

■ Extension to portable avionics and advanced systems with complex, dynamic software

7

Desired Results Impacts■ Acquisition and

certification cost reduction

■ Shorter development cycle

■ Ultimate goal: Inform civil and public airworthiness guidance and standards

– FAA

– Military Services

– NATO

– Standards bodies

…we're just going to build PowerPoint

slides instead of actual systems if we

don't use innovation to change cost.


Analysis of Best Practices from Other Industries

■ Team compared specific SOUP techniques and best practices from other industries

■ We derived 45 tasks and placed them into a framework with traceability to source documents

■ Organized by:– Category

– Level

– Assessment Method

8

Category ID Level Assessment Task Description Security Space Aviation Medical Nuclear Rail

US ‐ Use of SOUP

US.1

MINIMAL QL Conduct Hazard Analysis

Conduct an analysis to determine the hazards and impacts associated with the potential malfunction, failure, or exploitation of the SOUP. Define the SOUP's intended function. Determine the consequences and possible mitigations for each potential malfunction, failure, threat, or exploitation. Document how the SOUP fails (gracefully or suddenly). The analysis should be conducted in a manner similar to SAE ARP 4761, MIL‐STD‐882, or equivalent and should address risk associated with potential security and safety vulnerabilities (e.g., RTCA DO‐326, Airworthiness Security Process Specification).

BSIMM AM1.3

NASA‐STC‐

8719.13C, App. A, F

RTCA DO‐278A

RTCA DO‐326 Sec 2.3.3

IEC 62304; see

Section 7.1

European Regulatrs;

see Section 2.2.3

DOT/FRAlORD‐03/14Final Report April 2003; see

Figure 3 page 21.

Peer Reviewed


Category, Level, Assessment

9

OP ‐ Organizational Planning 4

US ‐ Use of SOUP 13

CM ‐ Code Metrics 4

CR ‐ Code Review 11

EA ‐ External Accreditation 5

TE ‐ Testing 8

Total 45

OP -Organizational

Planning,4

US - Use of SOUP, 13

CM - Code Metrics, 4

CR - Code Review, 11

EA - External Accreditation,

5

TE - Testing, 8

6 Categories

MINIMAL 12

MINOR 18

MAJOR 15

Total 45

MINIMAL, 12

MINOR, 18

MAJOR, 15

3 Levels

QL ‐ Qualitative 29

QN ‐ Quantitative 16

Total 4529

16

0

5

10

15

20

25

30

35

QL ‐ Qualitative QN ‐ Quantitative

Tasks

2 Assessment Methods


Organizational Planning Tasks

10

Category ID Level Assessment Task

OP ‐Organizational Planning

OP.1 MINIMAL QL Educate executives and train employees

OP.2 MINOR QL Publish Organizational SOUP Software Plan

OP.3 MINOR QL Record SOUP in SOUP Database

OP.4 MAJOR QL Annual SOUP Hazard training


Use of SOUP Tasks

11


US ‐ Use of SOUP

US.1 MINIMAL QL Conduct Hazard Analysis

US.2 MINIMAL QL Publish SOUP Integration Plan

US.3 MINIMAL QL Publish SOUP Maintenance Plan

US.4 MINOR QL Perform Market Survey

US.5 MINOR QLReview SOUP functional, interface, and performance requirements

US.6 MINOR QL Document Software Architecture

US.7 MINOR QL Enforce Integration Plan and Track Exceptions

US.8 MINOR QL Enforce SOUP Maintenance Plan

US.9 MINOR QL Neutralize unwanted functionality

US.10 MAJOR QL Utilize User Problem Reporting

US.11 MAJOR QN Document and Review Service History

US.12 MAJOR QNDocument and Review Expected and Measured Reliability Metrics

US.13 MAJOR QN Utilize SOUP Wrapper Software

Note:

Results of

Task US.1

determine

SOUP

Level


Code Metrics Tasks

12


CM ‐ Code Metrics

CM.1 MINIMAL QL Assess SOUP size

CM.2 MINOR QN Record and Review Number of Lines of Code

CM.3 MAJOR QN Determine and Review Code Complexity

CM.4 MAJOR QN Record and Review SOUP Anomaly Reports


Code Review Tasks

13


CR ‐ Code Review

CR.1 MINIMAL QL Create Vulnerability List

CR.2 MINIMAL QL Identify Known Vulnerabilities

CR.3 MINOR QL Conduct Automated Code Analysis

CR.4 MINOR QL Conduct Manual Code Review of key areas

CR.5 MINOR QL Audit SOUP Vendor's Software Life Cycle

CR.6 MINOR QL Audit SOUP Vendor's Coding Standards

CR.7 MAJOR QN Review & traced vendor requirements

CR.8 MAJOR QNReview and trace integrator requirements satisfied by SOUP

CR.9 MAJOR QL Conduct Manual Code Review of entire code

CR.10 MAJOR QN Ensure Adequate Structural Code Coverage

CR.11 MAJOR QL Document System Visualizations


External Accreditation Tasks

14


EA ‐ External Accreditation

EA.1 MINIMAL QL Determine QA process of SOUP vendor

EA.2 MINOR QN Perform compliance assessment of SOUP

EA.3 MINOR QLDetermine if SOUP complies with any TSOs or has an RSC

EA.4 MINOR QL Evaluate vendor QA process

EA.5 MAJOR QL QA process is Externally Accredited


Testing Tasks

15


TE ‐ Testing

TE.1 MINIMAL QL Publish V&V plans and procedures.

TE.2 MINIMAL QN Test SOUP integrator's requirements

TE.3 MINIMAL QN Use External Penetration Testers

TE.4 MINIMAL QL Conduct Regression Testing

TE.5 MINOR QN Test SOUP vendor's requirements

TE.6 MINOR QN Use Internal Penetration Testing Tools

TE.7 MAJOR QN Perform Periodic Red Teaming

TE.8 MAJOR QN Simulate Software Crisis


Category ID Level Assessment Task Description Security Space Aviation Medical Nuclear Rail

US ‐ Use of SOUP

US.1

MINIMAL QL Conduct Hazard Analysis

Conduct an analysis to determine the hazards and impacts associated with the potential malfunction, failure, or exploitation of the SOUP. Define the SOUP's intended function. Determine the consequences and possible mitigations for each potential malfunction, failure, threat, or exploitation. Document how the SOUP fails (gracefully or suddenly). The analysis should be conducted in a manner similar to SAE ARP 4761, MIL‐STD‐882, or equivalent and should address risk associated with potential security and safety vulnerabilities (e.g., RTCA DO‐326, Airworthiness Security Process Specification).

BSIMM AM1.3

NASA‐STC‐

8719.13C, App. A, F

RTCA DO‐278A

RTCA DO‐326 Sec 2.3.3

IEC 62304; see

Section 7.1

European Regulatrs;

see Section 2.2.3

DOT/FRAlORD‐03/14Final Report April 2003; see

Figure 3 page 21.

Way Forward – Case Studies with Small UAS Proponents

16

SOUP Dependability Framework

Evaluate SOUP per framework;

Provide feedback to vendors MITRE Aviation

Software Experts

Partner with UAS vendors for real-world

case studies

Update SOUP Dependability

Framework per case study results


Partnerships with small UAS vendors

■ Pursuing analysis with 3 small UAS manufacturers

■ Select specific safety-critical function implemented with SOUP

■ Assess SOUP using framework

■ Complete quad chart for each task

17

Updated Framework based on Lessons Learned - September 2015


Tech Transfer Opportunities

18


Recommendation to ASTM F38

■ Consider SOUP Framework as input for ASTM standard for assessing dependability of software for beyond visual line of sight sUAS safety-critical functions

■ Benefits to industry19


Conclusions and Next Steps

■ Best practices for use of SOUP safety-critical software from other industries reviewed . . .

. . . and distilled into a SOUP dependability framework of 45 tasks

■ Small UAS present an opportunity to explore solutions to the IT and aviation “clash of cultures” . . .

. . . case studies are underway with small UAS proponents

■ SOUP Framework will be updated using results of case studies . . .

. . . and MITRE is engaging with ASTM F38 and other key stakeholders in the aviation community

20


THANK YOU

21

© ASTM International

www.astm.org

ASTM International Committee F38 on Unmanned Aircraft Systems

AUVSI Conference

4 May 2015Ted Wierzbanowski*Chair, ASTM International Committee F38

* This material represents the views and positions of the presenter and not those of ASTM International and/or the entire ASTM F38 Committee

© ASTM International 2

BackgroundASTM

Aviation Standards

ASTM F38 Vision, Mission, & Structure

F38 Focus on small UAS (sUAS/sRPAS)History

Other sUAS Standards to be Developed

Harmonizing Standards

Presentation Overview

© ASTM International 05 May 2015 3

Touching Every Part of Everyday Life

Introduction 12,000+ ASTM standards operate globally

Combined with our innovative business services they enhance performance and create confidence

Across borders, disciplines, and industries

Harnessing the expertise of over 30,000 members

Across manufacturing and materials, products and processes, systems and services

Touching every part of everyday life: helping our world work better


Effective and Relevant Around The World

The Role of Standards We rely on our members’ expertise and

commitment – their good science, good engineering and good judgment

Recognizing expertise not geography –148 countries are represented by our members

Our voluntary consensus process gives everyone an opportunity to participate – ensuring standards are effective and relevant across diverse markets

Our standards help everyone: consumers, businesses, manufacturers, innovators and governments

Embracing all the principles of the World Trade Organization’s Agreement on Technical Barriers to Trade

Incorporated into contracts, regulations, codes, and laws, they support established and emerging economies and free and fair global trade


Improving Standards and Performance

Continuous Improvement and Added Value Services We recognize the need to meet changing

market needs, regularly reviewing our standards and creating new ones

We also deliver value-added services that enable customers to get the most out of our standards:

ASTM Compass® gives 24/7 access to our content, plus tools to manage, collaborate and learn

Our training, testing and certification programs ensure quality and improve performance

Ultimately, like our founders, we’re ready to innovate, we value good sense, we’re willing to share and be accountable.

Above all – we’re committed to helping our world work better

© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 6

Aviation Standards

Heavily RegulatedNormal, Utility, Transport

Categories

Regulation by FAA-Recognized 3rd Party

Involvemente.g., FAR Part 103

Regulation by Self-Declaration to FAA-

Recognized Consensus Standards

Light Sport Aircraft

KitesModels

Sanctioned Industry Standards and Programs for

Safe Construction and OperationUSHPA SOPs

FAR Parts Supported by TSOs, Consensus

Standards, and Formal TC/PC processes

Consensus Standards are Primary Means of

Establishing ComplianceASTM Committee F37

Exempt from FARs by

Definition

A Spectrum of Standards & Regulations:


VisionRoutine, safe UAS operations in civil airspace through standardization.

MissionProduce practical, consensus standards that facilitate UAS operations

at an acceptable level of safety. These standards include the design, manufacture, maintenance and operation of unmanned aircraft systems as well as the training and qualification of personnel. Committee F38 supports industry, academia, government organizations and regulatory authorities.

ASTM International Committee F38


StructureF38.01 Airworthiness (Ajay Sehgal) Hardware oriented

- Safe design, construction, test, modification, & inspection of the individual component, aircraft, or system

F38.02 Flight Operations (Mark Blanks) Procedure/performance oriented

Safe employment of the system within the aviation environment among other aircraft & systems

F38.03 Personnel (Scott Morgan) Crew oriented

Safe practices by the individuals responsible for employing the system



HistoryApril 2008 – U.S. FAA charters an Aviation Rulemaking Committee

(ARC) to examine a regulatory basis for permitting small Unmanned Aircraft Systems (sUAS) to fly for compensation or hire

ASTM is invited to participate in the ARC

April 2009 – ARC recommendations include reference to the use of industry consensus standards

September 2009 – FAA queries Standards Development Organizations (SDO) for their ability and resources to produce sUAS standards

April 2010 – FAA and ASTM sign a Memorandum of Understanding for the development of standards to support a new rule for sUAS

F38 Focus on small UAS (sUAS/sRPAS)


















History (cont)April 2010 to February 2015 – ASTM develops and publishes the

following sUAS standards in support of anticipated sUAS rule Design, construction, and test (F2910)

- Design of the C2 subsystem (F3002)- Use of batteries (F3005)

Production acceptance (F2911)

Quality assurance (F3003)

Maintenance and continued airworthiness (F2909)

Aircraft flight manual (F2908)

February 2015 - FAA issues notice of proposed rulemaking (NPRM) that does not reference consensus standards NOTE: the FAA could not tell ASTM that this change happened because of “ex

parte” rules



History (cont)What will be in the final rule is unknown and, depending on comments

received, consensus standards for detailed requirements may still be referenced and/or required

In the meantime, work will continue to improve currently published standards and develop new ones requested by the FAA (following chart)

However, even without changes and/or updates, compliance with the current published standards should facilitate safe operations of sUAS in many of the commercial applications currently being considered by various entities around the world.



Other sUAS Standards to be Developed

Five other standards are also in development that ASTM anticipates will support additional and/or expanded sUAS operations. These include:

Operations over People

Extended and Beyond Visual Line of Sight Operations

Operational Risk Assessments

Marking

Certification of Pilots, Visual Observers, and Instructor Pilots and Training Courses

Continued participation in ASTM UAS standards development by sUAS stakeholders is highly encouraged



ASTM leadership and members are also participating in other efforts

US: RTCA

EU: WG-73/93

Canada

Objective - One set of standards worldwide

Benefit to buyers: Lowers acquisitions costs

Benefit to builders: Lowers manufacturing costs

Harmonizing sUAS Standards



Contact Information


Paul Nelepovitz

Membership Secretary

+1-520-390-0486

[email protected]

Ted Wierzbanowski

Chairman

+1-626-429-8864

[email protected]


www.astm.org

Questions/Discussion


F38.02.01Operations Over People4 May 2015Doug MarshallTask Group Chair

www.astm.org


www.astm.org

F38.02.01Operations Over People TG04 May 2015Doug MarshallCat Wrangler


Team Members

Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 3

1 7Brian Argrow Ben Miller

2 8Mark Bateson Scott Strimple

3 9Al Frazier Doug Marshall (Chair)

4 10Rich Hanson TBD (Georgia Tech?)

5 11Andy Johnson-Laird TBD (CNN?)

6 12Paul McDuffee TBD (NIST?)


Changes Since December MeetingNew TORRedefined ScopeNew Team MemberNPRM Language Banning OOP


Introduction

1.0 Scope

2.0 Referenced Documents

3.0 Terminology

4.0 Applicability

5.0 General Requirements

6.0 Structure (of ORA for OOP)

7.0 Content

7.1 Demonstrations and/or oral exam?

7.2 Use cases or scenarios

7.3 Flight Operations Safety Plan

7.4 Knowledge (Judgment)

7.5 Skills (control)

7.6 Attitude (Discipline, professionalism)

Key Words

Draft Standard

Use Cases:

For example, using unmanned systems for various aerial shots at the AT&T Stadium in San Francisco is a big project involving multiple aircraft, complex airspace, a large event staff, security, thousands of people in the audience that requires a very detailed plan and precise execution

In contrast to a project of this size, shooting a film project of a couple walking along a beach in Hawaii is a much smaller project, but the steps to mitigate risk remain the same. The only difference is the level of detail and the amount of work required in planning each step.


Terms of Reference (Final)?

Scope Uncertainty

Process To obtain approval

To fly over people

For news gathering and other applications

Define the system, CONOPS, method of control

Perform an ORA

Outline “Best Practice” to: Identify known potential risks

Identify proposed mitigation strategies

Method to present results to FAA/GAA

What are we writing to, if Part 107 bars OOP?

§ 333, § 21.17(b), or something else?

New initiative to accommodate BVLOS?


Expected Deliverables

R&M Document?

Overlap with ORA TG?

Defining process, or

Prescriptive standards?

Used complex R&M to

develop the process


www.astm.org

Thank you

ASTM F38: Best Practice for Preparing Operational Risk Assessment (ORA) in Support

of Design, Airworthiness & Operations

Presented By: Harrison WolfUniversity of Southern California

Group Members

Participants:Heather Harris – MTSINick Flom – University of North Dakota, UAS Test SiteThomas Murray – Acute Management Strategies, LLC. Brett Portwood – Federal Aviation AdministrationAndy Thurling – AeroVironment

Task Lead: Harrison Wolf – University of Southern California

Collaborative Member:Doug Marshall –F38 Best Practices

for Operations over People

Scope

Develop a draft “best practice” standard that defines the process to be followed to prepare the ORA in support of airworthiness, design, or operational approval processes. At a minimum this “best practice” should include the tasks that the applicant must complete to prepare an acceptable ORA along with simple description on how to complete each task. The ORA should consider the type of vehicle, its method of control, its intended mission, its intended area of operation, and the details of potential system failure effects.

Group Goals

• Standardization across industry and work group efforts

• Non-Prescriptive, open to technology change while referencing specific nature of UAS

• Continuous communication and involvement across the group – Weekly Teleconferences

• Accessibility and usability by a spectrum of individuals

Manufacturers• Airworthiness• Risk Analysis• Reliability Data• Type Certifications• 21.17(B) certifications

Manufacturers• Airworthiness• Risk Analysis• Reliability Data• Type Certifications• 21.17(B) certifications

Operators• Certificates of

Authorizations• Section 333 Process• Future Approval Processes• Operational Pre-Flight• Post-Operations Analysis

& Data Collection

Operators• Certificates of

Authorizations• Section 333 Process• Future Approval Processes• Operational Pre-Flight• Post-Operations Analysis

& Data Collection

Safety Professionals• Safety Case Development• Reliability Analytics• Approvals & Insurance• Levels of Integration and

Responsibility

Safety Professionals• Safety Case Development• Reliability Analytics• Approvals & Insurance• Levels of Integration and

Responsibility

Regulators• Approval Process Standard• Safety Case Analysis• Reliability Data Collection

& Evaluation• Test Sites & Delegated

Approval Entities

Regulators• Approval Process Standard• Safety Case Analysis• Reliability Data Collection

& Evaluation• Test Sites & Delegated

Approval Entities

Reference Documents

EUROCAE ED 78AEUROCONTROL ESARR 4FAA AC 120-92FAA AC 23-1309-1EFAA Order 8130.34C, sUAS NPRMFAA Order 8900.1 Volume 16FAA UAS ARC Recommendation ReportICAO 9859 AN/474OPNAVINST 3500.39CSAE ARP4754ASAE ARP476114 CFR Part 114 CFR 401.5

Work Item – April 14, 2015

WK49619

1. Scope

This practice defines the process to be followed to prepare the ORA in support of airworthiness, design, or operational approval processes. At a minimum this practice should include the tasks that the applicant must complete to prepare an acceptable ORA along with simple description on how to complete each task. The ORA should consider the type of vehicle, its method of control, its intended mission, its intended area of operation, and the details of potential system failure effects.

http://www.astm.org/DATABASE.CART/WORKITEMS/WK49619.htm

Functions of the ORM Process Enhance mission or task accomplishment by increasing the probability of success.

Minimize risk to acceptable levels while providing a method to effectively manage resources.

Enhance decision-making skills based on systematic, reasoned and repeatable processes.

Provide systematic structure to perform risk assessments.

Provide an adaptive process for continuous feedback through planning, preparation, and execution.

Identify feasible and effective control measures, particularly where specific standards do not exist.

Sections and Format

1. Definitions Specific to this Standard 2. Introduction to Operational Risk Assessments3. Components of Risk Assessment 4. Hazard Identification5. Hazard Assessment – Severity v. Likelihood 6. Analyzing Risk, Interpreting Outputs 7. Defining and Implementing Mitigations8. Mission & System Configuration Data Collection9. Safety Assurance Methods?

- Continuous Feedback

Common UAS Hazards (Supports Hazard

Identification Process)• A Short List of common hazards as examples• Not comprehensive, a place to start for understanding unique UAS hazard

identification

Analyzing Risk

• Severity v. Likelihood• Quantitative v. Qualitative• Spectrum of Applicants Concern• Tools:

– Functional Hazard Assessments– Root Cause Analysis– FMEA– Etc.

Developing Appropriate Mitigations

• What are considered Mitigations?• Operational Mitigations• System Safety Mitigations• Pilot Experience

Identify HazardsIdentify Hazards

Assess RisksAssess Risks

Develop Mitigations

Develop Mitigations

Assure Mitigations don’t create new hazards

Assure Mitigations don’t create new hazards

Collect Data and

maintain logs

Collect Data and

maintain logs

Next Steps

• Mitigation Process Development– Operation Focused Mitigations– System Focused Mitigations

• ASTM Official Document Formatting• BVLOS/EVLOS Definitions

– Timeline Issues• Short Examples for Each Section

Concerns • Do we properly address the full spectrum of those using the Best Practice

in support of their applications?

- sUAS operators wanting to perform basic commercial operations - Very low Kinetic Energy- Store bought UAS

- Manufacturer looking to prove reliability- Operator looking for more

advanced operation access- Higher Kinetic Energy

- Operator looking to perform work in high responsibility environments- Manufacturer looking to

prove reliability of complex system- Very High Kinetic Energy

Concerns

• Do we want to outline practices for Mission configuration and System configuration management, or reference documents that exist delineating mission/system configurations?– Are we being ,too prescriptive?

• Currently have an extensive outline of UAS configuration checks.

Thank You

Contact Information:

Harrison WolfUniversity of Southern California(O): 310 342 1352(M): 805 302 8480Email: [email protected] or [email protected]


www.astm.org

Revision of ASTM F3002-14a(sUAS C2 Design Spec)Summary of Changes, Updates, and Comments

4 May 2015Ajay SehgalASTM International Committee F38


Contents (if Required)

Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 2

1Major Changes/Updates (1 of 2)

2Major Changes/Updates (2 of 2)

3Summary of Voter Comments


Major Changes/Updates (1 of 2)

• Limited the scope to sUA “within visual line of sight

• Clarified that C2 links can be either analog or digital

• Defined “C2 system”

• Defined “FMS” and distinguished it from “FCS”

• Defined “link status”

• Explained “shall” vs. “should” vs. “may”

• Clarified labeling requirements

• Clarified connector requirements

3


Major Changes/Updates (2 of 2)

• Clarified cosite RFI requirements

• Clarified link integrity requirements

• Clarified “maximum link range”

• Clarified CS display requirements

• Clarified reduced-range test requirements

• Eliminated redundant/repetitive verbiage

4


Summary of Voter Comments onOriginal sUAS C2 Design Spec (F3002-14)

• 13 voters• 92 total comments• 6 administrative/editorial comments

• 1 was about a provision regarding metric units that an ASTM editor removed before Jan. 2014 publication of original F3002-14

• 84 substantive comments• 4 were about the encryption requirement that was removed to

create F3002-14a (published in July 2014)

• 2 negative comments• Both were about the since-removed encryption requirement• Thus, no negative comments remained to be resolved after

F3002-14a was published

5/5/2015 5


www.astm.org

Thank you

n - Scott MorganLead - Scott Strimple

Brief History Cadre formedAugust

Initial Draft

November

Revised Draft

December

Ballotissued in February

2015

eronautical KnowledgeTraining Source

eronautical KnowledgeTesting Source

Operational FlightTraining Source

Demonstrated ability to assure operational

CommercialOperator Applicant

BasicsUA Operator

MTOGW (below 55lbs)

VLOSBelow 400’ AGL

Class G or equivalentVisual Observer

experience validated thru demonstrateability to operate

outside of the Basic sUA parametersie. Over People, BLVOS, Class B etc

F38.02.01 for instance

sUA Pilot & Visual

ObserverStandards

Age MedicalLanguag

e

AeronauticalKnowledge

OperationalFlight

Training

OperationalFlight

Testing

sUAS ARC 2009

Operational Limitations

GrandfatherExperience

sUA Pilot & Visual

ObserverStandards

Age MedicalLanguag

e

AeronauticalKnowledge

OperationalFlight

Training

OperationalFlight

Testing

Challenges

Operational Limitations

GrandfatherExperience

One size doesn’t fit all

Aircraftategory

ght echanicsxed wingotor wingombinationnithopterher

Command Control

1) Stick n Rudder2) C2 Programming

1) NO Stick n Rudder2) Mission Planning

Flight ConAuto Pilo

Pilot’s / Operator’s need different levels of training depending upon:

The type of commercial flight operation

he sUA required pilot/operator skills to assusafety

Relatively low risk to increasingly higher risk

From stick and rudder to semi automatic to fully autonomous

Aeronautical Operational

Aircraft SystemsHuman Factors

Regulatory

o meaningful decision making within an SMS envirDevelopment of professional airman mindset

Questions?

STANDARDS VALIDATION PROJECT

Mark BlanksUAS Program Manager

F38-02 Subcommittee Chair

May 2015

SVP: Validation via Certification• K-State proposed:

– Take a representative small UAS through the 14 CFR 21.17(b) airworthiness certification process using the F38 standards as the certification basis

• Certification process will:– Identify gaps in current F38 standards– Help determine appropriate level of rigor to

demonstrate compliance– Highlight major technical and/or process issues– Identify potential for F38 standards to be used as a

certification basis for operations beyond sUAS NPRM

Airframe Selection• UAV Factory Penguin B

– 47 lb MTOW

– 28cc, 2-stroke gas engine

– Cloud Cap Piccolo autopilot

– Catapult launched

– Auto runway landing (RTK GPS enabled)

– External pilot backup

– COTS airframe, K-State integration

3

CONOPS

• Based on 2009 sUAS ARC Recommendations– Day VFR, visual line-of-sight (VLOS) only

– Below 1,200 feet in Class G

– Below 700 feet within 10 NM of airports

• Some additional considerations for the aircraft type– Limited operations in Class D

– Investigation of BVLOS requirements

Operational Risk AssessmentHAZARD PROBABILITY SEVERITY RISK LEVEL MITIGATION

Conflict with Non‐Participating Traffic

D ‐ Remote I ‐ Catastrophic High (8)Operational Limitations

Command Link Failure B ‐ Probable III ‐Moderate Moderate (11) Certification/Testing

Weather Hazards C ‐ Occasional III ‐Moderate Moderate (13)Operational Limitations

Engine Failure D ‐ Remote II ‐ Critical Moderate (14) Certification/Testing

UAS Autopilot Failure D ‐ Remote II ‐ Critical Moderate (14) Certification/Testing

Human Error D ‐ Remote II ‐ Critical Moderate (14)Operational Limitations

UAS Flight Control Failure D ‐ Remote III ‐Moderate Low (20) None

ATC Communication Failure

D ‐ Remote III ‐Moderate Low (20) None

Loss of Ability to Track UAS on Radar

D ‐ Remote III ‐Moderate Low (20) None

GPS Error/Position Error D ‐ Remote III ‐Moderate Low (20) None

UAS Battery/Generator Failure

D ‐ Remote IV ‐Minor Low (21) None

Risk Mitigations

• Mitigation through Certification/Testing– Aircraft performance and limitations

– Command link

– Propulsion system

– Autopilot

• Mitigation through Operational Limitations– Conflict with non-participating traffic

– Weather hazards

– Human error

Testing

• Primary Goal: Hands-on validation of requirements

• Secondary Goal: Build gap analysis to identify unknown risks

• Byproduct: Development of modified test methods

Testing

• Near-term focus on environmental tests for the C2 standard to address largest unknowns for the system– Environmental effects on C2 link not well

understood

– Little historical data on environmental effects to UAS

• Command and control reliability and integrity are the foundation for safe operation of sUAS

Testing: Radiated Susceptibility• Background: Radiated susceptibility testing evaluates the

equipment response to externally generated high frequencies (above 100 MHz) such as radiated RF from broadcasting antennas, radio stations, etc.

• Purpose: Determine whether the command and control (C2) equipment will operate acceptably when the equipment and its interconnecting wires are exposed to a radiated RF field.

Testing: Radiated Susceptibility

Testing: Radiated SusceptibilityFindings

1. Reproducible susceptibilities within a small frequency range around 190 MHz.

2. Slight difference in susceptible frequency range between engine on/off configurations.

3. Loss of control through GCS, without notification or indication of lost link (multiplexer victim).

4. No susceptibilities between 230 MHz and 18 GHz at medium power levels (75 V/m max)

Testing: Radiated SusceptibilityRecommendations

• Operational limitations– Avoid flying near broadcast antennas without additional

RF shielding or prior knowledge of susceptible frequency ranges

• Design improvements– For example, improve RF shielding of C2 components

(like multiplexer in our case)

• Investigate software vulnerabilities

Testing: Next Steps

• Temperature Variation

• Vibration

• Structural

• Conducted Susceptibility

Questions?

Mark BlanksKSU UAS Program Manager

F38-02 Subcommittee Chair

[email protected]