Unmanned Aerial Vehicles (UAV) deliver sophisticated capabilities with tremendous cost advantage over traditional methods. While this technology has evolved from military missions, civil and commercial sectors are beginning to realize many of the same remote sensing benefits. However, one of the main barriers to rapid full-scale commercial growth is the concern for safety. As a myriad of certification agencies scramble to keep up with the unique demands of this fast-growing industry, one thing is clear – where applicable, pertinent certification standards for manned aircraft are starting to apply. For the complex electronics that provide the brains of these systems, this means a swift move towards compliance with DO-178C for software and DO-254 for hardware development.
UAV Evolution into the Civilian Domain
Not long ago, talk of UAV systems was reserved for the intelligence community. Today, the mainstream media is reporting on Amazon’s plans to use “drones” for 30 minute deliveries. It is clear that UAV systems have progressed rapidly in the past two decades. These sophisticated machines have branched out from their military roots to offer an endless array of commercial and civil possibilities, from border surveillance to fire control, police work, aerial mapping, and so on. An estimated $8 billion industry by 2018, huge potential lies ahead for these magnificent systems.
However, several key challenges stand in the way. First is the complex and uncertain certification landscape. Second is the necessary shift in both mindset and processes from the developers of these systems themselves.
The Certification Landscape
The UAV technology boom of the past two decades offered the military tremendous benefit in both budget and life savings. But in this world, accomplishing the “mission” is always the primary agenda. Safety, while a consideration, is a secondary objective as budget is available. Nonetheless, UAVs had to meet the pertinent military airworthiness guidance (e.g., MILHDBK 516B and MIL-STD-882E). However, as missions began morphing into possible civil applications, contracts started including requests for more robust compliance to civil airworthiness standards. Meanwhile, civil aviation agencies took notice of the Unmanned Aerial Systems (UAS) phenomena as well. What they noticed was that UAS (the term used by policy makers) include not only the vehicle itself, but also the control segment and data link – two very important differences from manned aircraft that complicate certification considerations.
A topic of discussion and concern for years, UAS certification policy has only recently gained significant momentum. At an international level, the ICAO (a special agency of the United Nations chartered with the safety of international aviation) published Circular 328 covering unmanned systems. This document states a UAS should demonstrate equivalent levels of safety as manned aircraft, and thus, meet the pertinent federal rules for flight and equipment.
At the US national level, in 2012 Congress passed a bill that mandated the Federal Aviation Administration (FAA) create a plan for allowing UAS into commercial airspace. This past November, the FAA responded by issuing the “Integration of Civil Unmanned Aircraft Systems (UAS) in the National Airspace System (NAS) Roadmap.” It sets forth a list of actions required for the safe integration of UAS into the NAS. In addition to referencing the ICAO’s statement, and declaring a harmonization strategy, the FAA also referenced the work of the RTCA (a non-profit industry organization that acts as a Federal Advisory Committee to the US government). RTCA Special Committee 203 (SC-203) has produced numerous documents addressing unmanned aircraft. Among them is DO-320, which states that UAS will require design and airworthiness certification to fly civil operations.
The FAA roadmap is, in essence, maturing the acceptance of UAVs from their current “experimental” standing (which allows them to fly limited missions) to requiring standard airworthiness type certificates (TCs), which will enable broader use and full integration into the NAS. In determining what is required, the FAA is leveraging existing pertinent policy and regulation, while simultaneously identifying unique needs and concerns of UAS.
From a safety perspective, if UAS must conform to the same rules and levels of safety as manned aircraft, given their relative size and weight, they would have to comply with the Code of Federal Regulations Part 14, subpart 23 (14 CFR 23). This regulation covers airworthiness of commuter aircraft. From an equipment perspective, the main concerns are adherence to subparts 23.1301 (function and installation) and 23.1309 (equipment, systems and installation). The primary guidance that addresses development of the complex electronic systems in compliance to these federal rules includes RTCA/DO-178C (“Software Considerations in Airborne Systems and Equipment Certification”) and RTCA/DO-254 (“Design Assurance Guidance for Airborne Electronic Hardware”), along with several other aircraft, systems and safety standards.
To complicate things, it may not just be the “airborne” systems that require compliance. The UAS brain is divided between the UAV itself (which requires onboard “sense and avoid” systems) and the control segment – with the data link between the two playing a crucial role. Not only do these new system aspects need development assurance considerations, they are also pushing the technology adoption envelope in terms of complexity of both hardware and software (a challenging area for the policy makers, even in manned systems today).
An Industry Paradigm Shift
For the UAS manufacturers of Medium Altitude Long Endurance (MALE) and High Altitude Long Endurance (HALE) aircraft, primary design and development grew out of the Department of Defense’s rapidly developing mission capabilities. The applicable certification criteria or airworthiness requirements were derived from MIL-HDBK-516 which employed a variety of standards, both civil and military. For these manufacturers, developing technology is a core capability. Developing in a regulated and highly controlled manner, however, was limited to applying appropriate manned standards until the FAA developed UAS policy, rules and regulations. With civil applications presenting themselves as a viable market opportunity, certification becomes a primary business objective with structure and oversight by the FAA replacing pure technological development and self-certification by the military.
For more than 10 years, General Atomics Aeronautical Systems, Inc. (GA-ASI) company leaders have envisioned the growing opportunity of civil applications and understanding of civil certification implications engaging in both process and outlook adjustments. Using a four phased approach, which includes awareness, training, implementation and enforcement, design teams now are in various stages of compliance with both DO-178C and DO-254. But understanding what compliance means can be complex, as both of these standards themselves have been evolving and changing. Many UAS stakeholders have been involved in industry technical groups such as RTCA SC-203 (disbanded) and the new SC-228 working group to address technical and operational challenges to integrating UAVs into the National Airspace System (NAS).
Complying with DO-178C and DO-254
The Code of Federal Regulations mandates that aircraft systems perform their intended function under any foreseeable operating condition. For the airborne software and hardware to comply with this rule, DO-178C and DO-254, respectively, have been developed, invoked, and are evolving as necessary.
DO-178 has been governing airborne software development for the better part of 30 years. As software complexity increases, so have both the requirements and solutions. Newly expanded and revised DO-178C presents additional compliance challenges over its predecessor DO-178B. For example, DO-178B required code coverage metrics be collected during requirements-based testing (which exercises the software’s “intended function”) to ensure sufficient testing of the code’s structure. DO-178C adds data coupling and control coupling coverage, which are only now feasible due to test automation and technology advances not commercially available in 1992 when DO-178B was released.
On the hardware side, DO-254 compliance has been a moving target since its inception. While the original document has not changed since its finalization in 2000, interpretation has evolved significantly. Written to provide objectives for the development life-cycle of all electronics from component to line replaceable unit (LRU), in 2005, it was invoked but re-scoped to apply only to “complex custom micro-coded components.” In 2008, Order 8110.105 clarified numerous aspects related to the new scoping and The Conducting Airborne Electronic Hardware Reviews: Job Aid was published to provide certification authorities guidelines for consistent interpretation during audits. In 2012, EASA published “Certification Memorandum SWCEH-001”, which harmonized with the previous FAA documents, but also stepped beyond them in several key areas.
In addition to harmonization challenges, technology advances in both hardware and software are challenging the guidance as well. The policy makers are truly scrambling to grasp and modify the policy as quickly as technology is evolving. UAS developers will likely feel the brunt of this policy confusion as they are pushing the technology adoption envelope, but perhaps can also serve in driving acceptance of newer technologies into the certification realm.
Insight From a Leader
GA-ASI, as a leader in this transition, has gained valuable insight with the reapplication of military UAVs to civilian applications. Certification efforts have included applying relevant manned aircraft standards, both military and civil, and leveraging experience in technological areas such as data links and ground control stations, and, participating in technical industry organizations to develop a path forward while waiting for the FAA to provide final rules and regulations.
To fly a civil mission means creating a civil aircraft, which requires a type certificate (to ensure safety and design assurance, enable insurance, etc.). So internally, organizations must ensure everyone starts with a view of what needs to be accomplished - verifying the certification basis and performance requirements. This starts with assuring the system requirements are both mission and airworthiness focused. Then analyzing existing development processes against the DO-178C/254 objectives and take incremental steps towards the necessary organizational improvements. Meanwhile, any open challenges necessary to achieve the final outcome – type certification – would need to be addressed. Overcoming this challenge means opening new doors of opportunity for this industry, and developers play a big role in making that happen. Policymakers too will play a crucial role in supporting industry growth by firmly clarifying the needed certification requirements. The industry is already moving ahead in anticipation.
This article was written by Michelle Lange, Logicircuit, Inc. (Alpharetta, GA); Scott Olson, General Atomics Aeronautical Systems, Inc. (Poway, CA); Bill St. Clair, LDRA Certification Services (LCS) (Phoenix, AZ); and Todd White, FAA Consultants (Lakewood Ranch, FL). For more information, Click Here .