AUVSI 2015 Conference
08000830: Welcome, agenda review/update, and participant introductions W+12 (F38 Chair)
08300900: FAA UAS Status Update Overview – Jim Williams (FAA UAS Integration Office)
09001015: FAA UAS Status Update Details
Cyrus Roohi and Steve George (FAA UAS Integration Office)
Wes Ryan or Designee (FAA Small Airplane Directorate)
11001130: ASTM F38 Standards Development Overview/Discussion – W+12 (F38 Chairman)
11301200: Operations over people standard update (WK37164) Doug Marshall
12001230: Operational risk assessment standard update (WK49619) – Harrison Wolf (USC)
15301550: Command and control update (F3002)– Phil Kenul (F38 Vice Chairman)
15501610: Pilot/visual observer training update (WK29229)– Scott Strimple
16101630: KState ASTM sUAS standards validation program status Mark Blanks (KSU)
16301645: EVLOS/BVLOS standard update – (WK49620)
16451700: Action item review and wrapup
F38 Approved Standards 1. F2500-07 Standard Practice for Unmanned
Aircraft System (UAS) Visual Range Flight
Operations 2. F2512-07 Standard Practice for Quality Assurance in
the Manufacture of Light
Unmanned Aircraft System 3. F2585-08 Standard Specification for
Design and Performance of Pneumatic-Hydraulic
Unmanned Aircraft 4. F2849-10 Standard Practice for Handling of
Unmanned Aircraft Systems at Divert
Airfields 5. F2851-10 Standard Practice for UAS Registration and
Marking (Excluding Small
Unmanned Aircraft Systems) 6. F2908-14 Standard Specification for
Aircraft Flight Manual (AFM) for a Small Unmanned
Aircraft System (sUAS) 7. F2909-14 Standard Practice for
Maintenance and Continued Airworthiness of Small
Unmanned Aircraft Systems (sUAS) 8. F2910-14 Standard Specification
for Design and Construction of a Small Unmanned
Aircraft System (sUAS) 9. F2911-14e1 Standard Practice for
Production Acceptance of Small Unmanned Aircraft
System (sUAS) 10. F3002-14a Standard Specification for Design of
the Command and Control System for
Small Unmanned Aircraft Systems (sUAS) 11. F3003-14 Standard
Specification for Quality Assurance of a Small Unmanned
Aircraft
System (sUAS) 12. F3005-14a Standard Specification for Batteries
for Use in Small Unmanned Aircraft
Systems (sUAS)
F38 Draft Standards 1. WK11425 New Practice for Private Unmanned
Aircraft System (UAS) Pilot Practical Test
Standards for Unmanned Aircraft Single-Engine Land (SEL) Remote
Control and Autonomous / Semiautonomous (Technical Contact: David
Gibbs)
2. WK16285 * New Specification for Specification for Design and
Performance of an Unmanned Aircraft System-Class 1320 (550# Gross
Weight to 1320# Gross Weight) (Technical Contact: Les Hicks)
3. WK27055 * New Practice for the Registration and Marking of
Unmanned Aircraft Systems (Technical Contact: Rocky Gmeiner)
4. WK28019 * New Practice for Selecting sUAS Launch and Recovery
(Technical Contact: Joseph Santor)
5. WK29229 * New Practice for Certification of Pilots, Visual
Observers, and Instructor Pilots and Training courses for Small
Unmanned Aircraft Systems (sUAS) (TC: Scott Morgan)
6. WK31391 * New Specification for Testing of a Small Unmanned
Aircraft System (sUAS) (TC: Ted Wierzbanowski)
7. WK37164 * New Specification for Operations Over People (TC:
Douglas Marshall) 8. WK49619 New Practice for Operational Risk
Assessment (ORA) (TC: Harrison Wolf) 9. WK49620 New Practice for
Extended/Beyond Visual Line of Sight Operations (TC: Ted
Wierzbanowski)
Presented by: FAA UAS Integration Office FAA Aircraft Certification
Service
Date: May 4, 2015
ASTM Community
Federal Aviation Administration
2 www.faa.gov/uas
Purpose
• Establish a path for the successful development and
implementation of ASTM F38 standards for small Unmanned Aircraft
Systems (sUAS)
• Help ASTM create quality standards
Federal Aviation Administration
3 www.faa.gov/uas
• Notice of Proposed New Rulemaking (NPRM)
• FAA Center of Excellence (COE)
• Paths to Flight
• F38 Standards Overview
4 www.faa.gov/uas
• Section 332 – “… a final rule on small unmanned aircraft
systems
that will allow for civil operation of such systems in the national
airspace”
• Section 333 – Provides authority to establish an interim policy
that
bridges the gap between the current state and NAS operations under
the sUAS rule
Federal Aviation Administration
5 www.faa.gov/uas
Federal Aviation Administration
6 www.faa.gov/uas
“Blanket” Certificate of Waiver or Authorization (COA) • Section
333 exemption holders automatically
receive 200 ft. COA with some restrictions – Operate within visual
line of sight (VLOS)
– VFR – VMC Conditions
Federal Aviation Administration
7 www.faa.gov/uas
8 www.faa.gov/uas
Designated Airworthiness Representatives (DAR)
• DARs can be authorized to issue Special Airworthiness
Certificates in the Experimental Category at UAS Test Sites for: –
Research and development
– Crew training
– Market survey
9 www.faa.gov/uas
• Operational Limitations
10 www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions
• Major provisions of proposed Small UAS Rule (Part 107): –
Operational Limitations
– Operator Certification and Responsibilities
11 www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions (continued)
• Must see and avoid manned aircraft – UAS must be first to
maneuver
away if collision risk arises
• Must discontinue flight in event of presenting a hazard to other
aircraft, people or property
Federal Aviation Administration
12 www.faa.gov/uas
– Airspace restrictions
13 www.faa.gov/uas
Proposed Small UAS Rule: Major Provisions (continued)
• May not fly over people, except those directly involved with the
operation
• Flights limited to: – 500 feet altitude
– 100 mph
14 www.faa.gov/uas
• Must avoid airport flight paths and restricted airspace
areas
• Must obey any FAA Temporary Flight Restrictions (TFRs)
Federal Aviation Administration
15 www.faa.gov/uas
NPRM and Consensus Standards
• FAA decided that under the NPRM a sUAS would not have to comply
with a set of unvalidated consensus standards
• Due to their light weight, small unmanned aircraft generally pose
a significantly lower risk to people and property on the ground
than manned aircraft
Federal Aviation Administration
16 www.faa.gov/uas
FAA Center of Excellence (COE)
• To better understand how the aircraft can be integrated into the
National Airspace System, the FAA is setting up a COE
Federal Aviation Administration
17 www.faa.gov/uas
• Experimental Airworthiness
• Type Certification
18 www.faa.gov/uas
Public COA
• Certificate of Authorization or Waiver (COA) are issued for
public operation
• Allows a particular UA to operate for a specified purpose, in a
specified area
• See www.faa.gov/uas/public_operations/ for more information
Federal Aviation Administration
19 www.faa.gov/uas
Experimental Certificates
• Process defined in FAA Order 8130.34C – Certificates have been
issues to both UAS and OPA*
• Two options for applicants: – Apply to FAA Headquarters, managed
by AIR-113
– Apply to UAS Test Sites, managed by geographic MIDO with
assistance provided by UAS DARs
*Optionally Piloted Aircraft (OPA) – a manned aircraft that can be
flown by a remote pilot from a location not onboard aircraft
Federal Aviation Administration
20 www.faa.gov/uas
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
UAS/OPA Experimental Certificates 209 Total: 85 Original & 124
Re-Issue [Through end of 2014]
Original Total
21 www.faa.gov/uas
Type Certification
– Insitu ScanEagle
Federal Aviation Administration
22 www.faa.gov/uas
• Type certification under § 21.17(b) special class – AC
establishes a risk-based decision making process
and explains how existing aircraft design requirements from § § 23,
25, 27, 29, and industry standards (including ASTM) can form a type
certification basis for UAS
Federal Aviation Administration
23 www.faa.gov/uas
• Memorandum of Agreement (MOA)
24 www.faa.gov/uas
• New two year agreement
25 www.faa.gov/uas
- Experimental - TC may be required
Regulated Category (C)
JARUS RPAS 1309
Federal Aviation Administration
26 www.faa.gov/uas
• Best Practice for preparing an Operational Risk Assessment
(ORA)
• Defining requirements and design features necessary for operating
UAS at low altitude BVLOS and/or EVLOS
• Defining design features and operational limitations/mitigations
for operating sUAS directly over people
Federal Aviation Administration
27 www.faa.gov/uas
ORA Best Practice
• The Operational Risk Assessment (ORA) is a key component of the
certification process outlined in the § 21.17(b) Advisory
Circular
• May also be used in experimental airworthiness determination and
333 exemption evaluation
Energy & Size +
28 www.faa.gov/uas
29 www.faa.gov/uas
Standard Comparison
F2355-14 Design and Performance Requirements for Lighter- Than-Air
Light Sport Aircraft
Vs.
F2910-14 Design and Construction of a Small Unmanned Aircraft
System (sUAS)
Federal Aviation Administration
30 www.faa.gov/uas
Standards Comparison
31 www.faa.gov/uas
Standards Comparison
32 www.faa.gov/uas
Standards Comparison
33 www.faa.gov/uas
33
34 www.faa.gov/uas
FAA Recommends
35 www.faa.gov/uas
Federal Aviation Administration
36 www.faa.gov/uas
Eliminate Ambiguity
37 www.faa.gov/uas
Define the Standard Pilot-static system is calibrated CFR part
91.411 every 24 months and must comply with appendices E
(altimeter) and F (transponder) of part 43. Appendix F of part 43
is applicable only if sUAS is capable of operating a
transponder
Federal Aviation Administration
38 www.faa.gov/uas
Battery F3005-14 Roohi
Identification and Marking Fugate
Small UAS Pilot Qualification Roohi
Federal Aviation Administration
39 www.faa.gov/uas
FAA AUVSI Schedule
• Legal Updates on the use of sUAS – Tuesday May 4th, 2015 3:30PM
B302
• Enabling UAS Capabilities – Wednesday May 5th, 2015 1:00 PM
B316
• Press Events – #1 May 5th, 2015 11:00AM Press Room 2
– #2 May 5th, 2015 12:15AM Press Room 2
Federal Aviation Administration
40 www.faa.gov/uas
41 www.faa.gov/uas
• Standards need to of high quality, definitive and
measurable
Federal Aviation Administration
42 www.faa.gov/uas
Questions/Concerns/New Actions
Dependability of Software of Unknown Pedigree
The MITRE Corporation
Stephen Cook Andy Lacher John Angermayer Drew Buttner Kerry Crouse
Ted Lester
Presentation to ASTM F38 May 4th, 2015
Approved for Public Release, Distribution Unlimited.
Case Number: 15-1416. The views, opinions, and/or findings
contained in this paper are those of author(s) and The MITRE
Corporation and should not be construed as an official
Government position, policy, or decision, unless designated
by
other documentation. Neither the FAA nor the DOT makes any
warranty or guarantee, or promise, expressed or implied,
concerning the content or accuracy of the views expressed
herein.
© 2015 The MITRE Corporation. All rights Reserved.
Agenda
Research Motivation
What is SOUP?
Software of Unknown Pedigree is: – A software item already
developed and/or generally available and has not been developed for
the purpose of being incorporated into a safety critical
application (sometimes called “off the shelf software”)
OR – A software item previously
developed for which adequate records of the development processes
are not available
3
developed in accordance with RTCA DO-178C or MIL-STD-882
Note: We consider “dependability” to encompass
both the safety and security aspects of SOUP
© 2015 The MITRE Corporation. All rights Reserved.
4
Research Question: How can the dependability of Software of Unknown
Pedigree (SOUP) be assessed so it can be used in (unmanned)
aviation safety- critical applications?
© 2015 The MITRE Corporation. All rights Reserved.
Clash of Cultures: Small UAS Opportunity
5
Entrepreneurial Conservative
Non-traditional aviation software
© 2015 The MITRE Corporation. All rights Reserved.
Research Idea: Analyze and assess processes and techniques from
other safety-critical applications where SOUP has been considered
or employed
Aviation Medical Nuclear
Desired Results and Impacts
Analytical decomposition of processes and techniques for SOUP in
safety-critical applications
Proposed dependability framework for use in aviation
Real-world case studies to evaluate framework
Assessment of potential for use in select aviation domains
Extension to portable avionics and advanced systems with complex,
dynamic software
7
certification cost reduction
Shorter development cycle
Ultimate goal: Inform civil and public airworthiness guidance and
standards
– FAA
slides instead of actual systems if we
don't use innovation to change cost.
© 2015 The MITRE Corporation. All rights Reserved.
Analysis of Best Practices from Other Industries
Team compared specific SOUP techniques and best practices from
other industries
We derived 45 tasks and placed them into a framework with
traceability to source documents
Organized by: – Category
Category ID Level Assessment Task
Description Security Space Aviation
Medical Nuclear Rail
US Use of SOUP
MINIMAL QL Conduct Hazard
Analysis
Conduct an analysis to determine the hazards and
impacts associated with the potential malfunction,
failure, or exploitation of the SOUP. Define the
SOUP's intended function. Determine the
consequences and possible mitigations for each
potential malfunction, failure, threat, or
exploitation. Document how the SOUP fails
(gracefully or suddenly). The analysis should be
conducted in a manner similar to SAE ARP 4761,
MILSTD882, or equivalent and should address
risk associated with potential security and safety
vulnerabilities (e.g., RTCA DO326, Airworthiness
Security Process Specification).
BSIMM AM1.3
NASA STC
RTCA DO 278A
IEC 62304; see
Figure 3 page 21.
Category, Level, Assessment
CM Code Metrics 4
CR Code Review 11
EA External Accreditation 5
CM - Code Metrics, 4
CR - Code Review, 11
Organizational Planning Tasks
OP Organization al Planning
OP.4 MAJOR QL Annual SOUP Hazard training
© 2015 The MITRE Corporation. All rights Reserved.
Use of SOUP Tasks
US Use of SOUP
US.2 MINIMAL QL Publish SOUP Integration Plan
US.3 MINIMAL QL Publish SOUP Maintenance Plan
US.4 MINOR QL Perform Market Survey
US.5 MINOR QL
Review SOUP functional, interface, and performance
requirements
US.6 MINOR QL Document Software Architecture
US.7 MINOR QL
Enforce Integration Plan and Track Exceptions
US.8 MINOR QL Enforce SOUP Maintenance Plan
US.9 MINOR QL Neutralize unwanted functionality
US.10 MAJOR QL Utilize User Problem Reporting
US.11 MAJOR QN
Document and Review Service History
US.12 MAJOR QN
Document and Review Expected and Measured Reliability
Metrics
US.13 MAJOR QN Utilize SOUP Wrapper Software
Note:
Code Metrics Tasks
CM Code Metrics
CM.1 MINIMAL QL Assess SOUP size
CM.2 MINOR QN
Record and Review Number of Lines of Code
CM.3 MAJOR QN
Determine and Review Code Complexity
CM.4 MAJOR QN
Record and Review SOUP Anomaly Reports
© 2015 The MITRE Corporation. All rights Reserved.
Code Review Tasks
CR Code Review
CR.3 MINOR QL
Conduct Automated Code Analysis
CR.4 MINOR QL
Conduct Manual Code Review of key areas
CR.5 MINOR QL
Audit SOUP Vendor's Software Life Cycle
CR.6 MINOR QL
Audit SOUP Vendor's Coding Standards
CR.7 MAJOR QN
Review & traced vendor requirements
CR.8 MAJOR QN
Review and trace integrator requirements satisfied by
SOUP
CR.9 MAJOR QL
Conduct Manual Code Review of entire code
CR.10 MAJOR QN
Ensure Adequate Structural Code Coverage
CR.11 MAJOR QL Document System Visualizations
© 2015 The MITRE Corporation. All rights Reserved.
External Accreditation Tasks
EA External Accreditation
EA.2 MINOR QN
Perform compliance assessment of SOUP
EA.3 MINOR QL
Determine if SOUP complies with any
TSOs or has an RSC
EA.4 MINOR QL Evaluate vendor QA process
EA.5 MAJOR QL
QA process is Externally Accredited
© 2015 The MITRE Corporation. All rights Reserved.
Testing Tasks
TE Testing
TE.2 MINIMAL QN
Test SOUP integrator's requirements
TE.3 MINIMAL QN
Use External Penetration Testers
TE.4 MINIMAL QL Conduct Regression Testing
TE.5 MINOR QN Test SOUP vendor's requirements
TE.6 MINOR QN
Use Internal Penetration Testing Tools
TE.7 MAJOR QN Perform Periodic Red Teaming
TE.8 MAJOR QN Simulate Software Crisis
© 2015 The MITRE Corporation. All rights Reserved.
Category ID Level Assessment Task
Description Security Space Aviation
Medical Nuclear Rail
US Use of SOUP
MINIMAL QL Conduct Hazard
Analysis
Conduct an analysis to determine the hazards and
impacts associated with the potential malfunction,
failure, or exploitation of the SOUP. Define the
SOUP's intended function. Determine the
consequences and possible mitigations for each
potential malfunction, failure, threat, or
exploitation. Document how the SOUP fails
(gracefully or suddenly). The analysis should be
conducted in a manner similar to SAE ARP 4761,
MILSTD882, or equivalent and should address
risk associated with potential security and safety
vulnerabilities (e.g., RTCA DO326, Airworthiness
Security Process Specification).
BSIMM AM1.3
NASA STC
RTCA DO 278A
IEC 62304; see
Figure 3 page 21.
16
Software Experts
case studies
© 2015 The MITRE Corporation. All rights Reserved.
Partnerships with small UAS vendors
Pursuing analysis with 3 small UAS manufacturers
Select specific safety- critical function implemented with
SOUP
Assess SOUP using framework
17
© 2015 The MITRE Corporation. All rights Reserved.
Tech Transfer Opportunities
Recommendation to ASTM F38
Consider SOUP Framework as input for ASTM standard for assessing
dependability of software for beyond visual line of sight sUAS
safety-critical functions
Benefits to industry 19
Conclusions and Next Steps
Best practices for use of SOUP safety-critical software from other
industries reviewed . . .
. . . and distilled into a SOUP dependability framework of 45
tasks
Small UAS present an opportunity to explore solutions to the IT and
aviation “clash of cultures” . . .
. . . case studies are underway with small UAS proponents
SOUP Framework will be updated using results of case studies . .
.
. . . and MITRE is engaging with ASTM F38 and other key
stakeholders in the aviation community
20
THANK YOU
AUVSI Conference
4 May 2015 Ted Wierzbanowski* Chair, ASTM International Committee
F38
* This material represents the views and positions of the presenter
and not those of ASTM International and/or the entire ASTM F38
Committee
© ASTM International 2
F38 Focus on small UAS (sUAS/sRPAS) History
Other sUAS Standards to be Developed
Harmonizing Standards
Presentation Overview
Combined with our innovative business services they enhance
performance and create confidence
Across borders, disciplines, and industries
Harnessing the expertise of over 30,000 members
Across manufacturing and materials, products and processes, systems
and services
Touching every part of everyday life: helping our world work
better
© ASTM International 05 May 2015 4
Effective and Relevant Around The World
The Role of Standards We rely on our members’ expertise and
commitment – their good science, good engineering and good
judgment
Recognizing expertise not geography – 148 countries are represented
by our members
Our voluntary consensus process gives everyone an opportunity to
participate – ensuring standards are effective and relevant across
diverse markets
Our standards help everyone: consumers, businesses, manufacturers,
innovators and governments
Embracing all the principles of the World Trade Organization’s
Agreement on Technical Barriers to Trade
Incorporated into contracts, regulations, codes, and laws, they
support established and emerging economies and free and fair global
trade
© ASTM International 05 May 2015 5
Improving Standards and Performance
Continuous Improvement and Added Value Services We recognize the
need to meet changing
market needs, regularly reviewing our standards and creating new
ones
We also deliver value-added services that enable customers to get
the most out of our standards:
ASTM Compass® gives 24/7 access to our content, plus tools to
manage, collaborate and learn
Our training, testing and certification programs ensure quality and
improve performance
Ultimately, like our founders, we’re ready to innovate, we value
good sense, we’re willing to share and be accountable.
Above all – we’re committed to helping our world work better
© ASTM International Choose Insert > Header and Footer to change
DateChoose Insert > Header and Footer to change Presentation
Title 6
Aviation Standards
Categories
Involvement e.g., FAR Part 103
Regulation by Self- Declaration to FAA-
Recognized Consensus Standards
Light Sport Aircraft
Standards, and Formal TC/PC processes
Consensus Standards are Primary Means of
Establishing Compliance ASTM Committee F37
Exempt from FARs by
A Spectrum of Standards & Regulations:
© ASTM International Choose Insert > Header and Footer to change
DateChoose Insert > Header and Footer to change Presentation
Title 7
Vision Routine, safe UAS operations in civil airspace through
standardization.
Mission Produce practical, consensus standards that facilitate UAS
operations
at an acceptable level of safety. These standards include the
design, manufacture, maintenance and operation of unmanned aircraft
systems as well as the training and qualification of personnel.
Committee F38 supports industry, academia, government organizations
and regulatory authorities.
ASTM International Committee F38
- Safe design, construction, test, modification, & inspection
of the individual component, aircraft, or system
F38.02 Flight Operations (Mark Blanks) Procedure/performance
oriented
Safe employment of the system within the aviation environment among
other aircraft & systems
F38.03 Personnel (Scott Morgan) Crew oriented
Safe practices by the individuals responsible for employing the
system
ASTM International Committee F38
History April 2008 – U.S. FAA charters an Aviation Rulemaking
Committee
(ARC) to examine a regulatory basis for permitting small Unmanned
Aircraft Systems (sUAS) to fly for compensation or hire
ASTM is invited to participate in the ARC
April 2009 – ARC recommendations include reference to the use of
industry consensus standards
September 2009 – FAA queries Standards Development Organizations
(SDO) for their ability and resources to produce sUAS
standards
April 2010 – FAA and ASTM sign a Memorandum of Understanding for
the development of standards to support a new rule for sUAS
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 10
History April 2008 – U.S. FAA charters an Aviation Rulemaking
Committee
(ARC) to examine a regulatory basis for permitting small Unmanned
Aircraft Systems (sUAS) to fly for compensation or hire
ASTM is invited to participate in the ARC
April 2009 – ARC recommendations include reference to the use of
industry consensus standards
September 2009 – FAA queries Standards Development Organizations
(SDO) for their ability and resources to produce sUAS
standards
April 2010 – FAA and ASTM sign a Memorandum of Understanding for
the development of standards to support a new rule for sUAS
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 11
History April 2008 – U.S. FAA charters an Aviation Rulemaking
Committee
(ARC) to examine a regulatory basis for permitting small Unmanned
Aircraft Systems (sUAS) to fly for compensation or hire
ASTM is invited to participate in the ARC
April 2009 – ARC recommendations include reference to the use of
industry consensus standards
September 2009 – FAA queries Standards Development Organizations
(SDO) for their ability and resources to produce sUAS
standards
April 2010 – FAA and ASTM sign a Memorandum of Understanding for
the development of standards to support a new rule for sUAS
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 12
History (cont) April 2010 to February 2015 – ASTM develops and
publishes the
following sUAS standards in support of anticipated sUAS rule
Design, construction, and test (F2910)
- Design of the C2 subsystem (F3002) - Use of batteries
(F3005)
Production acceptance (F2911)
Quality assurance (F3003)
Aircraft flight manual (F2908)
February 2015 - FAA issues notice of proposed rulemaking (NPRM)
that does not reference consensus standards NOTE: the FAA could not
tell ASTM that this change happened because of “ex
parte” rules
© ASTM International 13
History (cont) What will be in the final rule is unknown and,
depending on comments
received, consensus standards for detailed requirements may still
be referenced and/or required
In the meantime, work will continue to improve currently published
standards and develop new ones requested by the FAA (following
chart)
However, even without changes and/or updates, compliance with the
current published standards should facilitate safe operations of
sUAS in many of the commercial applications currently being
considered by various entities around the world.
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 14
Other sUAS Standards to be Developed
Five other standards are also in development that ASTM anticipates
will support additional and/or expanded sUAS operations. These
include:
Operations over People
Operational Risk Assessments
Certification of Pilots, Visual Observers, and Instructor Pilots
and Training Courses
Continued participation in ASTM UAS standards development by sUAS
stakeholders is highly encouraged
F38 Focus on small UAS (sUAS/sRPAS)
© ASTM International 15
ASTM leadership and members are also participating in other
efforts
US: RTCA
EU: WG-73/93
Harmonizing sUAS Standards
ASTM International Committee F38
© ASTM International Choose Insert > Header and Footer to change
DateChoose Insert > Header and Footer to change Presentation
Title 16
Contact Information
© ASTM International
F38.02.01 Operations Over People 4 May 2015 Doug Marshall Task
Group Chair
www.astm.org
www.astm.org
F38.02.01 Operations Over People TG 04 May 2015 Doug Marshall Cat
Wrangler
© ASTM International
Team Members
Choose Insert > Header and Footer to change DateChoose Insert
> Header and Footer to change Presentation Title 3
1 7 Brian Argrow Ben Miller
2 8 Mark Bateson Scott Strimple
3 9 Al Frazier Doug Marshall (Chair)
4 10 Rich Hanson TBD (Georgia Tech?)
5 11 Andy Johnson-Laird TBD (CNN?)
6 12 Paul McDuffee TBD (NIST?)
© ASTM International
Changes Since December Meeting New TOR Redefined Scope New Team
Member NPRM Language Banning OOP
© ASTM International Choose Insert > Header and Footer to change
DateChoose Insert > Header and Footer to change Presentation
Title 5
Introduction
7.0 Content
7.4 Knowledge (Judgment)
7.5 Skills (control)
Key Words
Draft Standard
Use Cases:
For example, using unmanned systems for various aerial shots at the
AT&T Stadium in San Francisco is a big project involving
multiple aircraft, complex airspace, a large event staff, security,
thousands of people in the audience that requires a very detailed
plan and precise execution
In contrast to a project of this size, shooting a film project of a
couple walking along a beach in Hawaii is a much smaller project,
but the steps to mitigate risk remain the same. The only difference
is the level of detail and the amount of work required in planning
each step.
© ASTM International Choose Insert > Header and Footer to change
DateChoose Insert > Header and Footer to change Presentation
Title 6
Terms of Reference (Final)?
Define the system, CONOPS, method of control
Perform an ORA
Identify proposed mitigation strategies
What are we writing to, if Part 107 bars OOP?
§ 333, § 21.17(b), or something else?
New initiative to accommodate BVLOS?
© ASTM International Choose Insert > Header and Footer to change
DateChoose Insert > Header and Footer to change Presentation
Title 7
Expected Deliverables
develop the process
Thank you
ASTM F38: Best Practice for Preparing Operational Risk Assessment
(ORA) in Support
of Design, Airworthiness & Operations
Group Members
Participants: Heather Harris – MTSI Nick Flom – University of North
Dakota, UAS Test Site Thomas Murray – Acute Management Strategies,
LLC. Brett Portwood – Federal Aviation Administration Andy Thurling
– AeroVironment
Task Lead: Harrison Wolf – University of Southern California
Collaborative Member: Doug Marshall –F38 Best Practices
for Operations over People
Scope
Develop a draft “best practice” standard that defines the process
to be followed to prepare the ORA in support of airworthiness,
design, or operational approval processes. At a minimum this “best
practice” should include the tasks that the applicant must complete
to prepare an acceptable ORA along with simple description on how
to complete each task. The ORA should consider the type of vehicle,
its method of control, its intended mission, its intended area of
operation, and the details of potential system failure
effects.
Group Goals
• Non-Prescriptive, open to technology change while referencing
specific nature of UAS
• Continuous communication and involvement across the group –
Weekly Teleconferences
• Accessibility and usability by a spectrum of individuals
Manufacturers • Airworthiness • Risk Analysis • Reliability Data •
Type Certifications • 21.17(B) certifications
Manufacturers • Airworthiness • Risk Analysis • Reliability Data •
Type Certifications • 21.17(B) certifications
Operators • Certificates of
& Data Collection
& Data Collection
Responsibility
Responsibility
& Evaluation • Test Sites & Delegated
& Evaluation • Test Sites & Delegated
Approval Entities
Reference Documents
EUROCAE ED 78A EUROCONTROL ESARR 4 FAA AC 120-92 FAA AC 23-1309-1E
FAA Order 8130.34C, sUAS NPRM FAA Order 8900.1 Volume 16 FAA UAS
ARC Recommendation Report ICAO 9859 AN/474 OPNAVINST 3500.39C SAE
ARP4754A SAE ARP4761 14 CFR Part 1 14 CFR 401.5
Work Item – April 14, 2015
WK49619
1. Scope
This practice defines the process to be followed to prepare the ORA
in support of airworthiness, design, or operational approval
processes. At a minimum this practice should include the tasks that
the applicant must complete to prepare an acceptable ORA along with
simple description on how to complete each task. The ORA should
consider the type of vehicle, its method of control, its intended
mission, its intended area of operation, and the details of
potential system failure effects.
http://www.astm.org/DATABASE.CART/WORKITEMS/WK49619.htm
Functions of the ORM Process Enhance mission or task accomplishment
by increasing the probability of success.
Minimize risk to acceptable levels while providing a method to
effectively manage resources.
Enhance decision-making skills based on systematic, reasoned and
repeatable processes.
Provide systematic structure to perform risk assessments.
Provide an adaptive process for continuous feedback through
planning, preparation, and execution.
Identify feasible and effective control measures, particularly
where specific standards do not exist.
Sections and Format
1. Definitions Specific to this Standard 2. Introduction to
Operational Risk Assessments 3. Components of Risk Assessment 4.
Hazard Identification 5. Hazard Assessment – Severity v. Likelihood
6. Analyzing Risk, Interpreting Outputs 7. Defining and
Implementing Mitigations 8. Mission & System Configuration Data
Collection 9. Safety Assurance Methods?
- Continuous Feedback
Common UAS Hazards (Supports Hazard
Identification Process) • A Short List of common hazards as
examples • Not comprehensive, a place to start for understanding
unique UAS hazard
identification
– Functional Hazard Assessments – Root Cause Analysis – FMEA –
Etc.
Developing Appropriate Mitigations
Identify Hazards Identify Hazards
Assess Risks Assess Risks
Collect Data and
• ASTM Official Document Formatting • BVLOS/EVLOS Definitions
– Timeline Issues • Short Examples for Each Section
Concerns • Do we properly address the full spectrum of those using
the Best Practice
in support of their applications?
- sUAS operators wanting to perform basic commercial operations -
Very low Kinetic Energy - Store bought UAS
- Manufacturer looking to prove reliability - Operator looking for
more
advanced operation access - Higher Kinetic Energy
- Operator looking to perform work in high responsibility
environments - Manufacturer looking to
prove reliability of complex system - Very High Kinetic
Energy
Concerns
• Do we want to outline practices for Mission configuration and
System configuration management, or reference documents that exist
delineating mission/system configurations? – Are we being ,too
prescriptive?
• Currently have an extensive outline of UAS configuration
checks.
Thank You
Contact Information:
Harrison Wolf University of Southern California (O): 310 342 1352
(M): 805 302 8480 Email:
[email protected] or
[email protected]
© ASTM International
www.astm.org
Revision of ASTM F3002-14a (sUAS C2 Design Spec) Summary of
Changes, Updates, and Comments
4 May 2015 Ajay Sehgal ASTM International Committee F38
© ASTM International
Contents (if Required)
Choose Insert > Header and Footer to change DateChoose Insert
> Header and Footer to change Presentation Title 2
1 Major Changes/Updates (1 of 2)
2 Major Changes/Updates (2 of 2)
3 Summary of Voter Comments
© ASTM International
• Limited the scope to sUA “within visual line of sight
• Clarified that C2 links can be either analog or digital
• Defined “C2 system”
• Defined “link status”
• Clarified labeling requirements
• Clarified connector requirements
• Clarified cosite RFI requirements
• Clarified link integrity requirements
• Clarified “maximum link range”
• Clarified CS display requirements
• Clarified reduced-range test requirements
© ASTM International
Summary of Voter Comments on Original sUAS C2 Design Spec
(F3002-14)
• 13 voters • 92 total comments • 6 administrative/editorial
comments
• 1 was about a provision regarding metric units that an ASTM
editor removed before Jan. 2014 publication of original F3002-
14
• 84 substantive comments • 4 were about the encryption requirement
that was removed to
create F3002-14a (published in July 2014)
• 2 negative comments • Both were about the since-removed
encryption requirement • Thus, no negative comments remained to be
resolved after
F3002-14a was published
Brief History Cadre formed August
Initial Draft
Commercial Operator Applicant
Basic sUA Operator
MTOGW (below 55lbs)
experience validated thru demonstrate ability to operate
outside of the Basic sUA parameters ie. Over People, BLVOS, Class B
etc
F38.02.01 for instance
sUA Pilot & Visual
Aircraft ategory
Command Control
1) NO Stick n Rudder 2) Mission Planning
Flight Con Auto Pilo
Pilot’s / Operator’s need different levels of training depending
upon:
The type of commercial flight operation
he sUA required pilot/operator skills to assu safety
Relatively low risk to increasingly higher risk
From stick and rudder to semi automatic to fully autonomous
Aeronautical Operational
Regulatory
o meaningful decision making within an SMS envir Development of
professional airman mindset
Questions?
F38-02 Subcommittee Chair
SVP: Validation via Certification • K-State proposed:
– Take a representative small UAS through the 14 CFR 21.17(b)
airworthiness certification process using the F38 standards as the
certification basis
• Certification process will: – Identify gaps in current F38
standards – Help determine appropriate level of rigor to
demonstrate compliance – Highlight major technical and/or process
issues – Identify potential for F38 standards to be used as a
certification basis for operations beyond sUAS NPRM
Airframe Selection • UAV Factory Penguin B
– 47 lb MTOW
– External pilot backup
3
CONOPS
• Based on 2009 sUAS ARC Recommendations – Day VFR, visual
line-of-sight (VLOS) only
– Below 1,200 feet in Class G
– Below 700 feet within 10 NM of airports
• Some additional considerations for the aircraft type – Limited
operations in Class D
– Investigation of BVLOS requirements
Conflict with Non Participating Traffic
D Remote I Catastrophic High (8) Operational
Limitations
Command Link Failure B Probable III Moderate
Moderate (11) Certification/Testing
Weather Hazards C Occasional III Moderate
Moderate (13) Operational Limitations
Engine Failure D Remote II Critical
Moderate (14) Certification/Testing
UAS Autopilot Failure D Remote II Critical
Moderate (14) Certification/Testing
Human Error D Remote II Critical
Moderate (14) Operational Limitations
UAS Flight Control Failure D Remote
III Moderate Low (20) None
ATC Communication Failure
Loss of Ability to Track
UAS on Radar
D Remote III Moderate Low (20) None
GPS Error/Position Error D Remote III Moderate
Low (20) None
UAS Battery/Generator Failure
Risk Mitigations
– Command link
– Propulsion system
– Weather hazards
– Human error
• Secondary Goal: Build gap analysis to identify unknown
risks
• Byproduct: Development of modified test methods
Testing
• Near-term focus on environmental tests for the C2 standard to
address largest unknowns for the system – Environmental effects on
C2 link not well
understood
– Little historical data on environmental effects to UAS
• Command and control reliability and integrity are the foundation
for safe operation of sUAS
Testing: Radiated Susceptibility • Background: Radiated
susceptibility testing evaluates the
equipment response to externally generated high frequencies (above
100 MHz) such as radiated RF from broadcasting antennas, radio
stations, etc.
• Purpose: Determine whether the command and control (C2) equipment
will operate acceptably when the equipment and its interconnecting
wires are exposed to a radiated RF field.
Testing: Radiated Susceptibility
Testing: Radiated Susceptibility Findings
1. Reproducible susceptibilities within a small frequency range
around 190 MHz.
2. Slight difference in susceptible frequency range between engine
on/off configurations.
3. Loss of control through GCS, without notification or indication
of lost link (multiplexer victim).
4. No susceptibilities between
230 MHz and 18 GHz at
medium power levels (75 V/m max)
Testing: Radiated Susceptibility Recommendations
• Design improvements – For example, improve RF shielding of C2
components
(like multiplexer in our case)
• Investigate software vulnerabilities
Testing: Next Steps
F38-02 Subcommittee Chair