Certifiable avionics takes off as UAV fleet operates in commercial airspace

The new U.S. Defense budget significantly increases deployment of Unmanned Aerial Vehicles (). Under the new budget, the UAV sector is soon expected to approach one-third of all military aircraft platforms. With expanded missions, UAVs will more frequently operate in the U.S. national airspace and the airspace of other countries, alongside commercial and private aircraft. UAVs currently fly in restricted airspace during take-off and landing and quickly ascend to altitudes high above commercial air traffic. Operation of UAVs in commercial airspace will require the use of safety-certified software in embedded avionics systems.

Electronics suppliers need to provide software artifacts and certification evidence to enable their customers’ platforms to successfully achieve DO-178B (for software) and DO-254 (for firmware) certification. DO-178B defines guidelines for developing software for airborne systems and equipment. DO-254 applies the same basic design assurance principles to develop safety-critical firmware written for complex devices used in the subsystem, such as and programmable logic devices.

While some military avionics vendors are frequently required to show adherence to DO-178B, they may not necessarily be certified by the Federal Aviation Administration (FAA) or European Aviation Safety Agency (EASA). Nevertheless, many military systems integrators are using DO-178B (and soon DO-178C) design assurance guidelines as a replacement for obsolete military design standards.

UAV safety certification requirements emerge

The FAA is currently working to define specific safety certification rules for the deployment of UAVs in the National Airspace System (NAS). Critical capabilities such as “Sense-and-Avoid” and “due regard” are needed to ensure the safe operation of autonomous and remotely piloted vehicles that can encounter commercial and private aircraft. The industry is already seeing requirements in UAV electronic systems for DO-178B and DO-254. Development of software and hardware that can successfully be certified at the platform level requires the collection of all development artifacts, including plans, requirements, design, integration, test, verification, and validation of those products.

Industry response: Certifiable OSs and BSPs

Safety-critical systems require certification artifacts at the Operating System (OS) and Board Support Package (BSP) levels. Safety-certifiable OSs such as Green Hills’ INTEGRITY, Wind River’s VxWorks 653, , and Express Logic’s ThreadX demand a rigorous development process. These specialized certifiable OSs can be costly, with the price of some certification packages ranging from $300,000 to $500,000. Also BSPs for use in UAVs must have the same level of certifiable artifacts as the safety-certifiable OS. Electronics vendors have to ensure that the software development processes for the safety-certifiable OSs and BSPs generate all of these artifacts. Certification artifacts for safety-critical applications such as flight control and mission software are provided to the platform provider and reviewed by the certification authorities.

An example of a DO-178B and DO-254 certifiable electronic subsystem is ’ Versatile Flight Control Computer (VFCC), a high-performance embedded processing system optimized for Size, Weight, Power, and Cost (SWaP-C) (Figure 1). This rugged subsystem features dual 600 MHz ARM Cortex-A8 processors, dual TMS320C64x+ DSPs, and three Xilinx FPGAs, developed under IRAD. It is the first application in an AgustaWestland program for use in commercial and military versions of its Rotorcraft Technology Validation Programme (RTVP) helicopter.

Figure 1: The VFCC from Curtiss-Wright Controls Defense Solutions
(Click graphic to zoom by 1.9x)

Certified development for critical software

Critical software requirements flow down to system providers from prime contractors, who in turn receive their requirements from government agencies. It is critical for electronics providers to have a rigorous development process in place to meet these needs. In addition to DO-178B, prime contractors are seeking vendors who have a Capability Maturity Model Integration (CMMI) Level 3 appraisal as a minimum. The CMMI rating system is overseen by the Software Engineering Institute (SEI), a federally funded research and development center sponsored by the DoD. Prime contractors are typically needed to meet higher levels, CMMI 4 and 5, which in turn is driving demand for electronics providers who can support these development processes with a Level 3 rating. As unmanned vehicles increase operations in commercial aerospace, the need for rigorous development processes to the level of commercial aircraft is critical to the safety of the general public.

To learn more, e-mail Curtis at creichenfeld@curtisswright.com.