Upload
hamien
View
228
Download
1
Embed Size (px)
Citation preview
Committee F38 on Unmanned Aircraft Systems 4 May 2015
AUVSI 2015 Conference
Atlanta, Georgia SLIDES ATTACHED
AGENDA
0800‐0830: Welcome, agenda review/update, and participant introductions ‐ W+12 (F38 Chair)
0830‐0900: FAA UAS Status Update Overview – Jim Williams (FAA UAS Integration Office) 0900‐1015: FAA UAS Status Update Details
‐ Cyrus Roohi and Steve George (FAA UAS Integration Office)
‐ Wes Ryan or Designee (FAA Small Airplane Directorate)
1015‐1030: Break
1030‐1100: Software of Unknown Pedigree: ‐ Steve Cook (MITRE)
1100‐1130: ASTM F38 Standards Development Overview/Discussion – W+12 (F38 Chairman)
1130‐1200: Operations over people standard update (WK37164) ‐ Doug Marshall
1200‐1230: Operational risk assessment standard update (WK49619) – Harrison Wolf (USC)
1230‐1530: Lunch and Networking
1530‐1550: Command and control update (F3002)– Phil Kenul (F38 Vice Chairman)
1550‐1610: Pilot/visual observer training update (WK29229)– Scott Strimple
1610‐1630: K‐State ASTM sUAS standards validation program status ‐ Mark Blanks (KSU)
1630‐1645: EVLOS/BVLOS standard update – (WK49620)
1645‐1700: Action item review and wrap‐up
1700: Adjourn
F38 Approved Standards 1. F2500-07 Standard Practice for Unmanned Aircraft System (UAS) Visual Range Flight
Operations 2. F2512-07 Standard Practice for Quality Assurance in the Manufacture of Light
Unmanned Aircraft System 3. F2585-08 Standard Specification for Design and Performance of Pneumatic-Hydraulic
Unmanned Aircraft 4. F2849-10 Standard Practice for Handling of Unmanned Aircraft Systems at Divert
Airfields 5. F2851-10 Standard Practice for UAS Registration and Marking (Excluding Small
Unmanned Aircraft Systems) 6. F2908-14 Standard Specification for Aircraft Flight Manual (AFM) for a Small Unmanned
Aircraft System (sUAS) 7. F2909-14 Standard Practice for Maintenance and Continued Airworthiness of Small
Unmanned Aircraft Systems (sUAS) 8. F2910-14 Standard Specification for Design and Construction of a Small Unmanned
Aircraft System (sUAS) 9. F2911-14e1 Standard Practice for Production Acceptance of Small Unmanned Aircraft
System (sUAS) 10. F3002-14a Standard Specification for Design of the Command and Control System for
Small Unmanned Aircraft Systems (sUAS) 11. F3003-14 Standard Specification for Quality Assurance of a Small Unmanned Aircraft
System (sUAS) 12. F3005-14a Standard Specification for Batteries for Use in Small Unmanned Aircraft
Systems (sUAS)
F38 Draft Standards 1. WK11425 New Practice for Private Unmanned Aircraft System (UAS) Pilot Practical Test
Standards for Unmanned Aircraft Single-Engine Land (SEL) Remote Control and Autonomous / Semiautonomous (Technical Contact: David Gibbs)
2. WK16285 * New Specification for Specification for Design and Performance of an Unmanned Aircraft System-Class 1320 (550# Gross Weight to 1320# Gross Weight) (Technical Contact: Les Hicks)
3. WK27055 * New Practice for the Registration and Marking of Unmanned Aircraft Systems (Technical Contact: Rocky Gmeiner)
4. WK28019 * New Practice for Selecting sUAS Launch and Recovery (Technical Contact: Joseph Santor)
5. WK29229 * New Practice for Certification of Pilots, Visual Observers, and Instructor Pilots and Training courses for Small Unmanned Aircraft Systems (sUAS) (TC: Scott Morgan)
6. WK31391 * New Specification for Testing of a Small Unmanned Aircraft System (sUAS) (TC: Ted Wierzbanowski)
7. WK37164 * New Specification for Operations Over People (TC: Douglas Marshall) 8. WK49619 New Practice for Operational Risk Assessment (ORA) (TC: Harrison Wolf) 9. WK49620 New Practice for Extended/Beyond Visual Line of Sight Operations (TC: Ted
Wierzbanowski)
Presented to: ASTM International
Presented by: FAA UAS Integration OfficeFAA Aircraft Certification Service
Date: May 4, 2015
Federal AviationAdministrationFAA Brief to the
ASTM Community
Committee F38 on Unmanned Aircraft Systems
Federal AviationAdministration
ASTM Committee F38May 4, 2015
2www.faa.gov/uas
Purpose
• Establish a path for the successful development and implementation of ASTM F38 standards for small Unmanned Aircraft Systems (sUAS)
• Help ASTM create quality standards
Federal AviationAdministration
ASTM Committee F38May 4, 2015
3www.faa.gov/uas
Overview
• FAA Modernization and Reform Act of 2012 (FMRA)
• Notice of Proposed New Rulemaking (NPRM)
• FAA Center of Excellence (COE)
• Paths to Flight
• F38 Standards Overview
• F38 and the FAA
Federal AviationAdministration
ASTM Committee F38May 4, 2015
4www.faa.gov/uas
FAA Modernization and Reform Act of 2012
• Section 332– “… a final rule on small unmanned aircraft systems
that will allow for civil operation of such systems in the national airspace”
• Section 333– Provides authority to establish an interim policy that
bridges the gap between the current state and NAS operations under the sUAS rule
Federal AviationAdministration
ASTM Committee F38May 4, 2015
5www.faa.gov/uas
Section 333 Exemption ConOps
FILMING | POWER LINE INSPECTION | PRECISION AGRICULTURE | FLARE STACK INSPECTION
Federal AviationAdministration
ASTM Committee F38May 4, 2015
6www.faa.gov/uas
“Blanket” Certificate of Waiver or Authorization (COA)• Section 333 exemption holders automatically
receive 200 ft. COA with some restrictions– Operate within visual line of sight (VLOS)
– VFR – VMC Conditions
– Maintain determined distances form airports/heliports
Federal AviationAdministration
ASTM Committee F38May 4, 2015
7www.faa.gov/uas
UAS Test Sites
http://www.faa.gov/uas/legislative_programs/test_sites/
Federal AviationAdministration
ASTM Committee F38May 4, 2015
8www.faa.gov/uas
Designated Airworthiness Representatives (DAR)
• DARs can be authorized to issue Special Airworthiness Certificates in the Experimental Category at UAS Test Sites for:– Research and development
– Crew training
– Market survey
Federal AviationAdministration
ASTM Committee F38May 4, 2015
9www.faa.gov/uas
Notice of Proposed Rulemaking (NPRM) – Small UAS Rule
• Operational Limitations
• Operator Certification and Responsibilities
• Aircraft Requirements
Federal AviationAdministration
ASTM Committee F38May 4, 2015
10www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions
• Major provisions of proposed Small UAS Rule (Part 107):– Operational Limitations
– Operator Certification and Responsibilities
– Aircraft Requirements
– Model Aircraft
Federal AviationAdministration
ASTM Committee F38May 4, 2015
11www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions (continued)
• Must see and avoid manned aircraft– UAS must be first to maneuver
away if collision risk arises
• Must discontinue flight in event of presenting a hazard to other aircraft, people or property
Federal AviationAdministration
ASTM Committee F38May 4, 2015
12www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions (continued)
• Must assess risks presented by: – Weather conditions
– Airspace restrictions
– Location of people
Federal AviationAdministration
ASTM Committee F38May 4, 2015
13www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions (continued)
• May not fly over people, except those directly involved with the operation
• Flights limited to:– 500 feet altitude
– 100 mph
Federal AviationAdministration
ASTM Committee F38May 4, 2015
14www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions (continued)
• Must avoid airport flight paths and restricted airspace areas
• Must obey any FAA Temporary Flight Restrictions (TFRs)
Federal AviationAdministration
ASTM Committee F38May 4, 2015
15www.faa.gov/uas
NPRM and Consensus Standards
• FAA decided that under the NPRM a sUAS would not have to comply with a set of unvalidated consensus standards
• Due to their light weight, small unmanned aircraft generally pose a significantly lower risk to people and property on the ground than manned aircraft
Federal AviationAdministration
ASTM Committee F38May 4, 2015
16www.faa.gov/uas
FAA Center of Excellence (COE)
• To better understand how the aircraft can be integrated into the National Airspace System, the FAA is setting up a COE
Federal AviationAdministration
ASTM Committee F38May 4, 2015
17www.faa.gov/uas
Additional Paths to Airworthiness
• Public COA Process (Public Use)
• Experimental Airworthiness
• Type Certification
Federal AviationAdministration
ASTM Committee F38May 4, 2015
18www.faa.gov/uas
Public COA
• Certificate of Authorization or Waiver (COA) are issued for public operation
• Allows a particular UA to operate for a specified purpose, in a specified area
• See www.faa.gov/uas/public_operations/ for more information
Federal AviationAdministration
ASTM Committee F38May 4, 2015
19www.faa.gov/uas
Experimental Certificates
• Process defined in FAA Order 8130.34C– Certificates have been issues to both UAS and OPA*
• Two options for applicants:– Apply to FAA Headquarters, managed by AIR-113
– Apply to UAS Test Sites, managed by geographic MIDO with assistance provided by UAS DARs
*Optionally Piloted Aircraft (OPA) – a manned aircraft that can be flown by a remote pilot from a location not onboard aircraft
Federal AviationAdministration
ASTM Committee F38May 4, 2015
20www.faa.gov/uas
By the Numbers
12
14
98
54
1113
18
1
3
17
21
24
1921
24
32
47
0
5
10
15
20
25
30
35
40
45
50
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
UAS/OPA Experimental Certificates209 Total: 85 Original & 124 Re-Issue [Through end of 2014]
Original Total
Federal AviationAdministration
ASTM Committee F38May 4, 2015
21www.faa.gov/uas
Type Certification
• First Type Certificates (TC) issued in 2013– AeroVironment PUMA
– Insitu ScanEagle
• Advisory Circular covers TC process under § 21.17(b)
Federal AviationAdministration
ASTM Committee F38May 4, 2015
22www.faa.gov/uas
Advisory Circular for UAS
• Type certification under § 21.17(b) special class– AC establishes a risk-based decision making process
and explains how existing aircraft design requirements from § § 23, 25, 27, 29, and industry standards (including ASTM) can form a type certification basis for UAS
Federal AviationAdministration
ASTM Committee F38May 4, 2015
23www.faa.gov/uas
Future of ASTM F38 and the FAA
• Memorandum of Agreement (MOA)
• Potential Relationships
• ASTM’s Current Efforts
• Foundation of Standards
• Validation of Standards
Federal AviationAdministration
ASTM Committee F38May 4, 2015
24www.faa.gov/uas
Memorandum of Agreement
• Updated previous expired MOA
• Out for review and signature
• New two year agreement
Federal AviationAdministration
ASTM Committee F38May 4, 2015
25www.faa.gov/uas
PotentialRelationshipBetweenEfforts
Open Category (A)
- Proposed sUAS Rule (VLOS)
- 333 Exemptions (Time Limited)
- TC not required
SpecificCategory (B)
- Operational andgeographic limitstraded for designassurances
- Experimental- TC may be required
RegulatedCategory (C)
ASTMStandards
- TC UAS without restrictions meeting “typical” design assurances
JARUSRPAS 1309
AC for 21.17(b)Type Certification
Federal AviationAdministration
ASTM Committee F38May 4, 2015
26www.faa.gov/uas
ASTM F38’s Current Efforts
• Best Practice for preparing an Operational Risk Assessment (ORA)
• Defining requirements and design features necessary for operating UAS at low altitude BVLOS and/or EVLOS
• Defining design features and operational limitations/mitigations for operating sUAS directly over people
Federal AviationAdministration
ASTM Committee F38May 4, 2015
27www.faa.gov/uas
ORA Best Practice
• The Operational Risk Assessment (ORA) is a key component of the certification process outlined in the § 21.17(b) Advisory Circular
• May also be used in experimental airworthiness determination and 333 exemption evaluation
Energy & Size+
CONOPS
6 Risk Classifications
Expected Level of Safety
Federal AviationAdministration
ASTM Committee F38May 4, 2015
28www.faa.gov/uas
Current Published Standards
• Flight Manual
• Maintenance
• Design
• Production
• C2
• Quality Assurance
• Batteries
Federal AviationAdministration
ASTM Committee F38May 4, 2015
29www.faa.gov/uas
Standard Comparison
F2355-14 Design and Performance Requirements for Lighter-Than-Air Light Sport Aircraft
Vs.
F2910-14 Design and Construction of a Small Unmanned Aircraft System (sUAS)
Federal AviationAdministration
ASTM Committee F38May 4, 2015
30www.faa.gov/uas
Standards Comparison
F2355-14(Light Sport)
F2910-14(sUAS)
Federal AviationAdministration
ASTM Committee F38May 4, 2015
31www.faa.gov/uas
Standards Comparison
F2355-14(Light Sport)
F2910-14(sUAS)
Federal AviationAdministration
ASTM Committee F38May 4, 2015
32www.faa.gov/uas
Standards Comparison
F2355-14(Light Sport)
F2910-14(sUAS)
Federal AviationAdministration
ASTM Committee F38May 4, 2015
33www.faa.gov/uas
Example of Well Defined F38 Design Standards
33
Federal AviationAdministration
ASTM Committee F38May 4, 2015
34www.faa.gov/uas
FAA Recommends
• Remove “should” wherever possible
• Clearly define limitations
• Set intended standards– Specific
– Measurable
– Clear/unambiguous
Federal AviationAdministration
ASTM Committee F38May 4, 2015
35www.faa.gov/uas
Can Standard be Measured or Tested?
Federal AviationAdministration
ASTM Committee F38May 4, 2015
37www.faa.gov/uas
Define the StandardPilot-static system is calibrated CFR part 91.411 every 24 months and must comply with appendices E (altimeter) and F (transponder) of part 43. Appendix F of part 43 is applicable only if sUAS is capable of operating a transponder
Federal AviationAdministration
ASTM Committee F38May 4, 2015
38www.faa.gov/uas
FAA ASTM Leads
Standard ASTM FAA-Lead
Design and Construction F2910-14 Gunnar
Control and Communication F3002-14a Jain
Battery F3005-14 Roohi
Continuing Airworthiness F2909-14 Winn
Quality Assurance F3003-14 Chen
Production Acceptance F2911-14 Ghimire
Operations Over People Bergson
Beyond Visual Line of Sight Walsh
Identification and Marking Fugate
Small UAS Airplane Flight Manual F2908-14 Neylon
Small UAS Pilot Qualification Roohi
Federal AviationAdministration
ASTM Committee F38May 4, 2015
39www.faa.gov/uas
FAA AUVSI Schedule
• Legal Updates on the use of sUAS– Tuesday May 4th, 2015 3:30PM B302
• Enabling UAS Capabilities– Wednesday May 5th, 2015 1:00 PM B316
• Press Events– #1 May 5th, 2015 11:00AM Press Room 2
– #2 May 5th, 2015 12:15AM Press Room 2
Federal AviationAdministration
ASTM Committee F38May 4, 2015
41www.faa.gov/uas
Summary
• FAA teaming with ASTM
• FAA needs validated/accepted industry consensus standards
• Standards need to of high quality, definitive and measurable
Federal AviationAdministration
ASTM Committee F38May 4, 2015
42www.faa.gov/uas
Questions/Concerns/New Actions
© 2015 The MITRE Corporation. All rights Reserved.
Dependability of Software of Unknown Pedigree
The MITRE Corporation
Stephen CookAndy LacherJohn AngermayerDrew ButtnerKerry CrouseTed Lester
Presentation to ASTM F38May 4th, 2015
Approved for Public Release, Distribution Unlimited.
Case Number: 15-1416. The views, opinions, and/or findings
contained in this paper are those of author(s) and The MITRE
Corporation and should not be construed as an official
Government position, policy, or decision, unless designated by
other documentation. Neither the FAA nor the DOT makes any
warranty or guarantee, or promise, expressed or implied,
concerning the content or accuracy of the views expressed herein.
© 2015 The MITRE Corporation. All rights Reserved.
Agenda
■ What is Software of Unknown Pedigree (SOUP)?
■ Research Motivation
■ SOUP Dependability Framework
■ Recommendation to ASTM F38
■ Conclusions
2
© 2015 The MITRE Corporation. All rights Reserved.
What is SOUP?
■ Software of Unknown Pedigree is:– A software item already
developed and/or generally available and has not been developed for the purpose of being incorporated into a safety critical application (sometimes called “off the shelf software”)
OR– A software item previously
developed for which adequate records of the development processes are not available
3
■ In contrast:– Aviation pedigreed software
developed in accordance with RTCA DO-178C or MIL-STD-882
Note: We consider “dependability” to encompass
both the safety and security aspects of SOUP
© 2015 The MITRE Corporation. All rights Reserved.
4
Research Question: How can the dependability of Software of Unknown Pedigree (SOUP) be assessed so it can be used in (unmanned) aviation safety-critical applications?
© 2015 The MITRE Corporation. All rights Reserved.
Clash of Cultures: Small UAS Opportunity
5
InformationTechnology
Aviation
Speed to market
Innovation
Open
EvolutionaryProven
Proprietary
Revolutionary
Tightly regulated
Safety
Risk avoidedRisk rewardedMinimally regulated
Entrepreneurial Conservative
Technology
Innovations
Safest Mode of
Transportation
Small Unmanned AircraftSoftware intensive
Lower cost than manned aircraft
Non-traditional aviation software
Some software hazards mitigated
MITRE: IT and Aviation Expertise
© 2015 The MITRE Corporation. All rights Reserved.
Research Idea:Analyze and assess processes and techniques from other safety-critical applications where SOUP has been considered or employed
Aviation Medical Nuclear
Rail Space Software Security
© 2015 The MITRE Corporation. All rights Reserved.
Desired Results and Impacts
■ Analytical decomposition of processes and techniques for SOUP in safety-critical applications
■ Proposed dependability framework for use in aviation
■ Real-world case studies to evaluate framework
■ Assessment of potential for use in select aviation domains
■ Extension to portable avionics and advanced systems with complex, dynamic software
7
Desired Results Impacts■ Acquisition and
certification cost reduction
■ Shorter development cycle
■ Ultimate goal: Inform civil and public airworthiness guidance and standards
– FAA
– Military Services
– NATO
– Standards bodies
…we're just going to build PowerPoint
slides instead of actual systems if we
don't use innovation to change cost.
© 2015 The MITRE Corporation. All rights Reserved.
Analysis of Best Practices from Other Industries
■ Team compared specific SOUP techniques and best practices from other industries
■ We derived 45 tasks and placed them into a framework with traceability to source documents
■ Organized by:– Category
– Level
– Assessment Method
8
Category ID Level Assessment Task Description Security Space Aviation Medical Nuclear Rail
US ‐ Use of SOUP
US.1
MINIMAL QL Conduct Hazard Analysis
Conduct an analysis to determine the hazards and impacts associated with the potential malfunction, failure, or exploitation of the SOUP. Define the SOUP's intended function. Determine the consequences and possible mitigations for each potential malfunction, failure, threat, or exploitation. Document how the SOUP fails (gracefully or suddenly). The analysis should be conducted in a manner similar to SAE ARP 4761, MIL‐STD‐882, or equivalent and should address risk associated with potential security and safety vulnerabilities (e.g., RTCA DO‐326, Airworthiness Security Process Specification).
BSIMM AM1.3
NASA‐STC‐
8719.13C, App. A, F
RTCA DO‐278A
RTCA DO‐326 Sec 2.3.3
IEC 62304; see
Section 7.1
European Regulatrs;
see Section 2.2.3
DOT/FRAlORD‐03/14Final Report April 2003; see
Figure 3 page 21.
Peer Reviewed
© 2015 The MITRE Corporation. All rights Reserved.
Category, Level, Assessment
9
OP ‐ Organizational Planning 4
US ‐ Use of SOUP 13
CM ‐ Code Metrics 4
CR ‐ Code Review 11
EA ‐ External Accreditation 5
TE ‐ Testing 8
Total 45
OP -Organizational
Planning,4
US - Use of SOUP, 13
CM - Code Metrics, 4
CR - Code Review, 11
EA - External Accreditation,
5
TE - Testing, 8
6 Categories
MINIMAL 12
MINOR 18
MAJOR 15
Total 45
MINIMAL, 12
MINOR, 18
MAJOR, 15
3 Levels
QL ‐ Qualitative 29
QN ‐ Quantitative 16
Total 4529
16
0
5
10
15
20
25
30
35
QL ‐ Qualitative QN ‐ Quantitative
Tasks
2 Assessment Methods
© 2015 The MITRE Corporation. All rights Reserved.
Organizational Planning Tasks
10
Category ID Level Assessment Task
OP ‐Organizational Planning
OP.1 MINIMAL QL Educate executives and train employees
OP.2 MINOR QL Publish Organizational SOUP Software Plan
OP.3 MINOR QL Record SOUP in SOUP Database
OP.4 MAJOR QL Annual SOUP Hazard training
© 2015 The MITRE Corporation. All rights Reserved.
Use of SOUP Tasks
11
Category ID Level Assessment Task
US ‐ Use of SOUP
US.1 MINIMAL QL Conduct Hazard Analysis
US.2 MINIMAL QL Publish SOUP Integration Plan
US.3 MINIMAL QL Publish SOUP Maintenance Plan
US.4 MINOR QL Perform Market Survey
US.5 MINOR QLReview SOUP functional, interface, and performance requirements
US.6 MINOR QL Document Software Architecture
US.7 MINOR QL Enforce Integration Plan and Track Exceptions
US.8 MINOR QL Enforce SOUP Maintenance Plan
US.9 MINOR QL Neutralize unwanted functionality
US.10 MAJOR QL Utilize User Problem Reporting
US.11 MAJOR QN Document and Review Service History
US.12 MAJOR QNDocument and Review Expected and Measured Reliability Metrics
US.13 MAJOR QN Utilize SOUP Wrapper Software
Note:
Results of
Task US.1
determine
SOUP
Level
© 2015 The MITRE Corporation. All rights Reserved.
Code Metrics Tasks
12
Category ID Level Assessment Task
CM ‐ Code Metrics
CM.1 MINIMAL QL Assess SOUP size
CM.2 MINOR QN Record and Review Number of Lines of Code
CM.3 MAJOR QN Determine and Review Code Complexity
CM.4 MAJOR QN Record and Review SOUP Anomaly Reports
© 2015 The MITRE Corporation. All rights Reserved.
Code Review Tasks
13
Category ID Level Assessment Task
CR ‐ Code Review
CR.1 MINIMAL QL Create Vulnerability List
CR.2 MINIMAL QL Identify Known Vulnerabilities
CR.3 MINOR QL Conduct Automated Code Analysis
CR.4 MINOR QL Conduct Manual Code Review of key areas
CR.5 MINOR QL Audit SOUP Vendor's Software Life Cycle
CR.6 MINOR QL Audit SOUP Vendor's Coding Standards
CR.7 MAJOR QN Review & traced vendor requirements
CR.8 MAJOR QNReview and trace integrator requirements satisfied by SOUP
CR.9 MAJOR QL Conduct Manual Code Review of entire code
CR.10 MAJOR QN Ensure Adequate Structural Code Coverage
CR.11 MAJOR QL Document System Visualizations
© 2015 The MITRE Corporation. All rights Reserved.
External Accreditation Tasks
14
Category ID Level Assessment Task
EA ‐ External Accreditation
EA.1 MINIMAL QL Determine QA process of SOUP vendor
EA.2 MINOR QN Perform compliance assessment of SOUP
EA.3 MINOR QLDetermine if SOUP complies with any TSOs or has an RSC
EA.4 MINOR QL Evaluate vendor QA process
EA.5 MAJOR QL QA process is Externally Accredited
© 2015 The MITRE Corporation. All rights Reserved.
Testing Tasks
15
Category ID Level Assessment Task
TE ‐ Testing
TE.1 MINIMAL QL Publish V&V plans and procedures.
TE.2 MINIMAL QN Test SOUP integrator's requirements
TE.3 MINIMAL QN Use External Penetration Testers
TE.4 MINIMAL QL Conduct Regression Testing
TE.5 MINOR QN Test SOUP vendor's requirements
TE.6 MINOR QN Use Internal Penetration Testing Tools
TE.7 MAJOR QN Perform Periodic Red Teaming
TE.8 MAJOR QN Simulate Software Crisis
© 2015 The MITRE Corporation. All rights Reserved.
Category ID Level Assessment Task Description Security Space Aviation Medical Nuclear Rail
US ‐ Use of SOUP
US.1
MINIMAL QL Conduct Hazard Analysis
Conduct an analysis to determine the hazards and impacts associated with the potential malfunction, failure, or exploitation of the SOUP. Define the SOUP's intended function. Determine the consequences and possible mitigations for each potential malfunction, failure, threat, or exploitation. Document how the SOUP fails (gracefully or suddenly). The analysis should be conducted in a manner similar to SAE ARP 4761, MIL‐STD‐882, or equivalent and should address risk associated with potential security and safety vulnerabilities (e.g., RTCA DO‐326, Airworthiness Security Process Specification).
BSIMM AM1.3
NASA‐STC‐
8719.13C, App. A, F
RTCA DO‐278A
RTCA DO‐326 Sec 2.3.3
IEC 62304; see
Section 7.1
European Regulatrs;
see Section 2.2.3
DOT/FRAlORD‐03/14Final Report April 2003; see
Figure 3 page 21.
Way Forward – Case Studies with Small UAS Proponents
16
SOUP Dependability Framework
Evaluate SOUP per framework;
Provide feedback to vendors MITRE Aviation
Software Experts
Partner with UAS vendors for real-world
case studies
Update SOUP Dependability
Framework per case study results
© 2015 The MITRE Corporation. All rights Reserved.
Partnerships with small UAS vendors
■ Pursuing analysis with 3 small UAS manufacturers
■ Select specific safety-critical function implemented with SOUP
■ Assess SOUP using framework
■ Complete quad chart for each task
17
Updated Framework based on Lessons Learned - September 2015
© 2015 The MITRE Corporation. All rights Reserved.
Recommendation to ASTM F38
■ Consider SOUP Framework as input for ASTM standard for assessing dependability of software for beyond visual line of sight sUAS safety-critical functions
■ Benefits to industry19
© 2015 The MITRE Corporation. All rights Reserved.
Conclusions and Next Steps
■ Best practices for use of SOUP safety-critical software from other industries reviewed . . .
. . . and distilled into a SOUP dependability framework of 45 tasks
■ Small UAS present an opportunity to explore solutions to the IT and aviation “clash of cultures” . . .
. . . case studies are underway with small UAS proponents
■ SOUP Framework will be updated using results of case studies . . .
. . . and MITRE is engaging with ASTM F38 and other key stakeholders in the aviation community
20
© ASTM International
www.astm.org
ASTM International Committee F38 on Unmanned Aircraft Systems
AUVSI Conference
4 May 2015Ted Wierzbanowski*Chair, ASTM International Committee F38
* This material represents the views and positions of the presenter and not those of ASTM International and/or the entire ASTM F38 Committee
© ASTM International 2
BackgroundASTM
Aviation Standards
ASTM F38 Vision, Mission, & Structure
F38 Focus on small UAS (sUAS/sRPAS)History
Other sUAS Standards to be Developed
Harmonizing Standards
Presentation Overview
© ASTM International 05 May 2015 3
Touching Every Part of Everyday Life
Introduction 12,000+ ASTM standards operate globally
Combined with our innovative business services they enhance performance and create confidence
Across borders, disciplines, and industries
Harnessing the expertise of over 30,000 members
Across manufacturing and materials, products and processes, systems and services
Touching every part of everyday life: helping our world work better
© ASTM International 05 May 2015 4
Effective and Relevant Around The World
The Role of Standards We rely on our members’ expertise and
commitment – their good science, good engineering and good judgment
Recognizing expertise not geography –148 countries are represented by our members
Our voluntary consensus process gives everyone an opportunity to participate – ensuring standards are effective and relevant across diverse markets
Our standards help everyone: consumers, businesses, manufacturers, innovators and governments
Embracing all the principles of the World Trade Organization’s Agreement on Technical Barriers to Trade
Incorporated into contracts, regulations, codes, and laws, they support established and emerging economies and free and fair global trade
© ASTM International 05 May 2015 5
Improving Standards and Performance
Continuous Improvement and Added Value Services We recognize the need to meet changing
market needs, regularly reviewing our standards and creating new ones
We also deliver value-added services that enable customers to get the most out of our standards:
ASTM Compass® gives 24/7 access to our content, plus tools to manage, collaborate and learn
Our training, testing and certification programs ensure quality and improve performance
Ultimately, like our founders, we’re ready to innovate, we value good sense, we’re willing to share and be accountable.
Above all – we’re committed to helping our world work better
© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 6
Aviation Standards
Heavily RegulatedNormal, Utility, Transport
Categories
Regulation by FAA-Recognized 3rd Party
Involvemente.g., FAR Part 103
Regulation by Self-Declaration to FAA-
Recognized Consensus Standards
Light Sport Aircraft
KitesModels
Sanctioned Industry Standards and Programs for
Safe Construction and OperationUSHPA SOPs
FAR Parts Supported by TSOs, Consensus
Standards, and Formal TC/PC processes
Consensus Standards are Primary Means of
Establishing ComplianceASTM Committee F37
Exempt from FARs by
Definition
A Spectrum of Standards & Regulations:
© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 7
VisionRoutine, safe UAS operations in civil airspace through standardization.
MissionProduce practical, consensus standards that facilitate UAS operations
at an acceptable level of safety. These standards include the design, manufacture, maintenance and operation of unmanned aircraft systems as well as the training and qualification of personnel. Committee F38 supports industry, academia, government organizations and regulatory authorities.
ASTM International Committee F38
© ASTM International 8
StructureF38.01 Airworthiness (Ajay Sehgal) Hardware oriented
- Safe design, construction, test, modification, & inspection of the individual component, aircraft, or system
F38.02 Flight Operations (Mark Blanks) Procedure/performance oriented
Safe employment of the system within the aviation environment among other aircraft & systems
F38.03 Personnel (Scott Morgan) Crew oriented
Safe practices by the individuals responsible for employing the system
ASTM International Committee F38
© ASTM International 9
HistoryApril 2008 – U.S. FAA charters an Aviation Rulemaking Committee
(ARC) to examine a regulatory basis for permitting small Unmanned Aircraft Systems (sUAS) to fly for compensation or hire
ASTM is invited to participate in the ARC
April 2009 – ARC recommendations include reference to the use of industry consensus standards
September 2009 – FAA queries Standards Development Organizations (SDO) for their ability and resources to produce sUAS standards
April 2010 – FAA and ASTM sign a Memorandum of Understanding for the development of standards to support a new rule for sUAS
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 10
HistoryApril 2008 – U.S. FAA charters an Aviation Rulemaking Committee
(ARC) to examine a regulatory basis for permitting small Unmanned Aircraft Systems (sUAS) to fly for compensation or hire
ASTM is invited to participate in the ARC
April 2009 – ARC recommendations include reference to the use of industry consensus standards
September 2009 – FAA queries Standards Development Organizations (SDO) for their ability and resources to produce sUAS standards
April 2010 – FAA and ASTM sign a Memorandum of Understanding for the development of standards to support a new rule for sUAS
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 11
HistoryApril 2008 – U.S. FAA charters an Aviation Rulemaking Committee
(ARC) to examine a regulatory basis for permitting small Unmanned Aircraft Systems (sUAS) to fly for compensation or hire
ASTM is invited to participate in the ARC
April 2009 – ARC recommendations include reference to the use of industry consensus standards
September 2009 – FAA queries Standards Development Organizations (SDO) for their ability and resources to produce sUAS standards
April 2010 – FAA and ASTM sign a Memorandum of Understanding for the development of standards to support a new rule for sUAS
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 12
History (cont)April 2010 to February 2015 – ASTM develops and publishes the
following sUAS standards in support of anticipated sUAS rule Design, construction, and test (F2910)
- Design of the C2 subsystem (F3002)- Use of batteries (F3005)
Production acceptance (F2911)
Quality assurance (F3003)
Maintenance and continued airworthiness (F2909)
Aircraft flight manual (F2908)
February 2015 - FAA issues notice of proposed rulemaking (NPRM) that does not reference consensus standards NOTE: the FAA could not tell ASTM that this change happened because of “ex
parte” rules
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 13
History (cont)What will be in the final rule is unknown and, depending on comments
received, consensus standards for detailed requirements may still be referenced and/or required
In the meantime, work will continue to improve currently published standards and develop new ones requested by the FAA (following chart)
However, even without changes and/or updates, compliance with the current published standards should facilitate safe operations of sUAS in many of the commercial applications currently being considered by various entities around the world.
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 14
Other sUAS Standards to be Developed
Five other standards are also in development that ASTM anticipates will support additional and/or expanded sUAS operations. These include:
Operations over People
Extended and Beyond Visual Line of Sight Operations
Operational Risk Assessments
Marking
Certification of Pilots, Visual Observers, and Instructor Pilots and Training Courses
Continued participation in ASTM UAS standards development by sUAS stakeholders is highly encouraged
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 15
ASTM leadership and members are also participating in other efforts
US: RTCA
EU: WG-73/93
Canada
Objective - One set of standards worldwide
Benefit to buyers: Lowers acquisitions costs
Benefit to builders: Lowers manufacturing costs
Harmonizing sUAS Standards
ASTM International Committee F38
© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 16
Contact Information
ASTM International Committee F38
Paul Nelepovitz
Membership Secretary
+1-520-390-0486
Ted Wierzbanowski
Chairman
+1-626-429-8864
© ASTM International
F38.02.01Operations Over People4 May 2015Doug MarshallTask Group Chair
www.astm.org
© ASTM International
www.astm.org
F38.02.01Operations Over People TG04 May 2015Doug MarshallCat Wrangler
© ASTM International
Team Members
Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 3
1 7Brian Argrow Ben Miller
2 8Mark Bateson Scott Strimple
3 9Al Frazier Doug Marshall (Chair)
4 10Rich Hanson TBD (Georgia Tech?)
5 11Andy Johnson-Laird TBD (CNN?)
6 12Paul McDuffee TBD (NIST?)
© ASTM International
Changes Since December MeetingNew TORRedefined ScopeNew Team MemberNPRM Language Banning OOP
© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 5
Introduction
1.0 Scope
2.0 Referenced Documents
3.0 Terminology
4.0 Applicability
5.0 General Requirements
6.0 Structure (of ORA for OOP)
7.0 Content
7.1 Demonstrations and/or oral exam?
7.2 Use cases or scenarios
7.3 Flight Operations Safety Plan
7.4 Knowledge (Judgment)
7.5 Skills (control)
7.6 Attitude (Discipline, professionalism)
Key Words
Draft Standard
Use Cases:
For example, using unmanned systems for various aerial shots at the AT&T Stadium in San Francisco is a big project involving multiple aircraft, complex airspace, a large event staff, security, thousands of people in the audience that requires a very detailed plan and precise execution
In contrast to a project of this size, shooting a film project of a couple walking along a beach in Hawaii is a much smaller project, but the steps to mitigate risk remain the same. The only difference is the level of detail and the amount of work required in planning each step.
© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 6
Terms of Reference (Final)?
Scope Uncertainty
Process To obtain approval
To fly over people
For news gathering and other applications
Define the system, CONOPS, method of control
Perform an ORA
Outline “Best Practice” to: Identify known potential risks
Identify proposed mitigation strategies
Method to present results to FAA/GAA
What are we writing to, if Part 107 bars OOP?
§ 333, § 21.17(b), or something else?
New initiative to accommodate BVLOS?
© ASTM International Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 7
Expected Deliverables
R&M Document?
Overlap with ORA TG?
Defining process, or
Prescriptive standards?
Used complex R&M to
develop the process
ASTM F38: Best Practice for Preparing Operational Risk Assessment (ORA) in Support
of Design, Airworthiness & Operations
Presented By: Harrison WolfUniversity of Southern California
Group Members
Participants:Heather Harris – MTSINick Flom – University of North Dakota, UAS Test SiteThomas Murray – Acute Management Strategies, LLC. Brett Portwood – Federal Aviation AdministrationAndy Thurling – AeroVironment
Task Lead: Harrison Wolf – University of Southern California
Collaborative Member:Doug Marshall –F38 Best Practices
for Operations over People
Scope
Develop a draft “best practice” standard that defines the process to be followed to prepare the ORA in support of airworthiness, design, or operational approval processes. At a minimum this “best practice” should include the tasks that the applicant must complete to prepare an acceptable ORA along with simple description on how to complete each task. The ORA should consider the type of vehicle, its method of control, its intended mission, its intended area of operation, and the details of potential system failure effects.
Group Goals
• Standardization across industry and work group efforts
• Non-Prescriptive, open to technology change while referencing specific nature of UAS
• Continuous communication and involvement across the group – Weekly Teleconferences
• Accessibility and usability by a spectrum of individuals
Manufacturers• Airworthiness• Risk Analysis• Reliability Data• Type Certifications• 21.17(B) certifications
Manufacturers• Airworthiness• Risk Analysis• Reliability Data• Type Certifications• 21.17(B) certifications
Operators• Certificates of
Authorizations• Section 333 Process• Future Approval Processes• Operational Pre-Flight• Post-Operations Analysis
& Data Collection
Operators• Certificates of
Authorizations• Section 333 Process• Future Approval Processes• Operational Pre-Flight• Post-Operations Analysis
& Data Collection
Safety Professionals• Safety Case Development• Reliability Analytics• Approvals & Insurance• Levels of Integration and
Responsibility
Safety Professionals• Safety Case Development• Reliability Analytics• Approvals & Insurance• Levels of Integration and
Responsibility
Regulators• Approval Process Standard• Safety Case Analysis• Reliability Data Collection
& Evaluation• Test Sites & Delegated
Approval Entities
Regulators• Approval Process Standard• Safety Case Analysis• Reliability Data Collection
& Evaluation• Test Sites & Delegated
Approval Entities
Reference Documents
EUROCAE ED 78AEUROCONTROL ESARR 4FAA AC 120-92FAA AC 23-1309-1EFAA Order 8130.34C, sUAS NPRMFAA Order 8900.1 Volume 16FAA UAS ARC Recommendation ReportICAO 9859 AN/474OPNAVINST 3500.39CSAE ARP4754ASAE ARP476114 CFR Part 114 CFR 401.5
Work Item – April 14, 2015
WK49619
1. Scope
This practice defines the process to be followed to prepare the ORA in support of airworthiness, design, or operational approval processes. At a minimum this practice should include the tasks that the applicant must complete to prepare an acceptable ORA along with simple description on how to complete each task. The ORA should consider the type of vehicle, its method of control, its intended mission, its intended area of operation, and the details of potential system failure effects.
http://www.astm.org/DATABASE.CART/WORKITEMS/WK49619.htm
Functions of the ORM Process Enhance mission or task accomplishment by increasing the probability of success.
Minimize risk to acceptable levels while providing a method to effectively manage resources.
Enhance decision-making skills based on systematic, reasoned and repeatable processes.
Provide systematic structure to perform risk assessments.
Provide an adaptive process for continuous feedback through planning, preparation, and execution.
Identify feasible and effective control measures, particularly where specific standards do not exist.
Sections and Format
1. Definitions Specific to this Standard 2. Introduction to Operational Risk Assessments3. Components of Risk Assessment 4. Hazard Identification5. Hazard Assessment – Severity v. Likelihood 6. Analyzing Risk, Interpreting Outputs 7. Defining and Implementing Mitigations8. Mission & System Configuration Data Collection9. Safety Assurance Methods?
- Continuous Feedback
Common UAS Hazards (Supports Hazard
Identification Process)• A Short List of common hazards as examples• Not comprehensive, a place to start for understanding unique UAS hazard
identification
Analyzing Risk
• Severity v. Likelihood• Quantitative v. Qualitative• Spectrum of Applicants Concern• Tools:
– Functional Hazard Assessments– Root Cause Analysis– FMEA– Etc.
Developing Appropriate Mitigations
• What are considered Mitigations?• Operational Mitigations• System Safety Mitigations• Pilot Experience
Identify HazardsIdentify Hazards
Assess RisksAssess Risks
Develop Mitigations
Develop Mitigations
Assure Mitigations don’t create new hazards
Assure Mitigations don’t create new hazards
Collect Data and
maintain logs
Collect Data and
maintain logs
Next Steps
• Mitigation Process Development– Operation Focused Mitigations– System Focused Mitigations
• ASTM Official Document Formatting• BVLOS/EVLOS Definitions
– Timeline Issues• Short Examples for Each Section
Concerns • Do we properly address the full spectrum of those using the Best Practice
in support of their applications?
- sUAS operators wanting to perform basic commercial operations - Very low Kinetic Energy- Store bought UAS
- Manufacturer looking to prove reliability- Operator looking for more
advanced operation access- Higher Kinetic Energy
- Operator looking to perform work in high responsibility environments- Manufacturer looking to
prove reliability of complex system- Very High Kinetic Energy
Concerns
• Do we want to outline practices for Mission configuration and System configuration management, or reference documents that exist delineating mission/system configurations?– Are we being ,too prescriptive?
• Currently have an extensive outline of UAS configuration checks.
Thank You
Contact Information:
Harrison WolfUniversity of Southern California(O): 310 342 1352(M): 805 302 8480Email: [email protected] or [email protected]
© ASTM International
www.astm.org
Revision of ASTM F3002-14a(sUAS C2 Design Spec)Summary of Changes, Updates, and Comments
4 May 2015Ajay SehgalASTM International Committee F38
© ASTM International
Contents (if Required)
Choose Insert > Header and Footer to change DateChoose Insert > Header and Footer to change Presentation Title 2
1Major Changes/Updates (1 of 2)
2Major Changes/Updates (2 of 2)
3Summary of Voter Comments
© ASTM International
Major Changes/Updates (1 of 2)
• Limited the scope to sUA “within visual line of sight
• Clarified that C2 links can be either analog or digital
• Defined “C2 system”
• Defined “FMS” and distinguished it from “FCS”
• Defined “link status”
• Explained “shall” vs. “should” vs. “may”
• Clarified labeling requirements
• Clarified connector requirements
3
© ASTM International
Major Changes/Updates (2 of 2)
• Clarified cosite RFI requirements
• Clarified link integrity requirements
• Clarified “maximum link range”
• Clarified CS display requirements
• Clarified reduced-range test requirements
• Eliminated redundant/repetitive verbiage
4
© ASTM International
Summary of Voter Comments onOriginal sUAS C2 Design Spec (F3002-14)
• 13 voters• 92 total comments• 6 administrative/editorial comments
• 1 was about a provision regarding metric units that an ASTM editor removed before Jan. 2014 publication of original F3002-14
• 84 substantive comments• 4 were about the encryption requirement that was removed to
create F3002-14a (published in July 2014)
• 2 negative comments• Both were about the since-removed encryption requirement• Thus, no negative comments remained to be resolved after
F3002-14a was published
5/5/2015 5
Brief History Cadre formedAugust
Initial Draft
November
Revised Draft
December
Ballotissued in February
2015
eronautical KnowledgeTraining Source
eronautical KnowledgeTesting Source
Operational FlightTraining Source
Demonstrated ability to assure operational
CommercialOperator Applicant
BasicsUA Operator
MTOGW (below 55lbs)
VLOSBelow 400’ AGL
Class G or equivalentVisual Observer
experience validated thru demonstrateability to operate
outside of the Basic sUA parametersie. Over People, BLVOS, Class B etc
F38.02.01 for instance
sUA Pilot & Visual
ObserverStandards
Age MedicalLanguag
e
AeronauticalKnowledge
OperationalFlight
Training
OperationalFlight
Testing
sUAS ARC 2009
Operational Limitations
GrandfatherExperience
sUA Pilot & Visual
ObserverStandards
Age MedicalLanguag
e
AeronauticalKnowledge
OperationalFlight
Training
OperationalFlight
Testing
Challenges
Operational Limitations
GrandfatherExperience
One size doesn’t fit all
Aircraftategory
ght echanicsxed wingotor wingombinationnithopterher
Command Control
1) Stick n Rudder2) C2 Programming
1) NO Stick n Rudder2) Mission Planning
Flight ConAuto Pilo
Pilot’s / Operator’s need different levels of training depending upon:
The type of commercial flight operation
he sUA required pilot/operator skills to assusafety
Relatively low risk to increasingly higher risk
From stick and rudder to semi automatic to fully autonomous
Aeronautical Operational
Aircraft SystemsHuman Factors
Regulatory
o meaningful decision making within an SMS envirDevelopment of professional airman mindset
SVP: Validation via Certification• K-State proposed:
– Take a representative small UAS through the 14 CFR 21.17(b) airworthiness certification process using the F38 standards as the certification basis
• Certification process will:– Identify gaps in current F38 standards– Help determine appropriate level of rigor to
demonstrate compliance– Highlight major technical and/or process issues– Identify potential for F38 standards to be used as a
certification basis for operations beyond sUAS NPRM
Airframe Selection• UAV Factory Penguin B
– 47 lb MTOW
– 28cc, 2-stroke gas engine
– Cloud Cap Piccolo autopilot
– Catapult launched
– Auto runway landing (RTK GPS enabled)
– External pilot backup
– COTS airframe, K-State integration
3
CONOPS
• Based on 2009 sUAS ARC Recommendations– Day VFR, visual line-of-sight (VLOS) only
– Below 1,200 feet in Class G
– Below 700 feet within 10 NM of airports
• Some additional considerations for the aircraft type– Limited operations in Class D
– Investigation of BVLOS requirements
Operational Risk AssessmentHAZARD PROBABILITY SEVERITY RISK LEVEL MITIGATION
Conflict with Non‐Participating Traffic
D ‐ Remote I ‐ Catastrophic High (8)Operational Limitations
Command Link Failure B ‐ Probable III ‐Moderate Moderate (11) Certification/Testing
Weather Hazards C ‐ Occasional III ‐Moderate Moderate (13)Operational Limitations
Engine Failure D ‐ Remote II ‐ Critical Moderate (14) Certification/Testing
UAS Autopilot Failure D ‐ Remote II ‐ Critical Moderate (14) Certification/Testing
Human Error D ‐ Remote II ‐ Critical Moderate (14)Operational Limitations
UAS Flight Control Failure D ‐ Remote III ‐Moderate Low (20) None
ATC Communication Failure
D ‐ Remote III ‐Moderate Low (20) None
Loss of Ability to Track UAS on Radar
D ‐ Remote III ‐Moderate Low (20) None
GPS Error/Position Error D ‐ Remote III ‐Moderate Low (20) None
UAS Battery/Generator Failure
D ‐ Remote IV ‐Minor Low (21) None
Risk Mitigations
• Mitigation through Certification/Testing– Aircraft performance and limitations
– Command link
– Propulsion system
– Autopilot
• Mitigation through Operational Limitations– Conflict with non-participating traffic
– Weather hazards
– Human error
Testing
• Primary Goal: Hands-on validation of requirements
• Secondary Goal: Build gap analysis to identify unknown risks
• Byproduct: Development of modified test methods
Testing
• Near-term focus on environmental tests for the C2 standard to address largest unknowns for the system– Environmental effects on C2 link not well
understood
– Little historical data on environmental effects to UAS
• Command and control reliability and integrity are the foundation for safe operation of sUAS
Testing: Radiated Susceptibility• Background: Radiated susceptibility testing evaluates the
equipment response to externally generated high frequencies (above 100 MHz) such as radiated RF from broadcasting antennas, radio stations, etc.
• Purpose: Determine whether the command and control (C2) equipment will operate acceptably when the equipment and its interconnecting wires are exposed to a radiated RF field.
Testing: Radiated SusceptibilityFindings
1. Reproducible susceptibilities within a small frequency range around 190 MHz.
2. Slight difference in susceptible frequency range between engine on/off configurations.
3. Loss of control through GCS, without notification or indication of lost link (multiplexer victim).
4. No susceptibilities between 230 MHz and 18 GHz at medium power levels (75 V/m max)
Testing: Radiated SusceptibilityRecommendations
• Operational limitations– Avoid flying near broadcast antennas without additional
RF shielding or prior knowledge of susceptible frequency ranges
• Design improvements– For example, improve RF shielding of C2 components
(like multiplexer in our case)
• Investigate software vulnerabilities