DO-178B and DO-254: A unified aerospace-field theory?
StoryFebruary 10, 2009
Vance Hilderman
HighRely Incorporated
Though some progress has been made toward a unified field theory, relating the physics of heavenly bodies to subatomic particles, another type of unification is having more measurable success: the unification of military and commercial avionics through increasing utilization of the DO-178B and DO-254 safety standards.
The last century saw great strides toward a unified field theory, which attempts to relate the physics of heavenly bodies to subatomic particles. The first part of this century has seen similar unification progress within avionics by combining commercial software and hardware standards with those from the military. For physics, the desired unification is proving elusive, because the existing theories for large structures and subatomic particles are currently incompatible. However, previous incompatibilities between commercial and military avionics are being resolved at a rapid pace, leaving ultimate unification more a matter of “when” than “if” via the DO-178B and DO-254 avionics safety standards.
But, this path to unification has not always been as clear-cut as it is today. Only a few short years ago, embedded military projects eschewed key commercial safety standards for software and hardware development. Military projects were deemed “different” because they fulfilled critical tactical and defensive missions, whereas commercial avionics projects emphasized safety and cost-effectiveness.
However, consider some of the similarities between today’s military and commercial avionics:
- Both utilize high-complexity integrations
- Both require access to leading-edge commercial technologies
- Both require safety with a reasonable cost
- Both are increasingly concerned with reusability, quality, and increased cost-effectiveness
Originally on different flight paths, commercial avionics used the DO-178B standard for software, with success measured by schedule, cost, and reusability while emphasizing passenger and user safety. Military industries worldwide took note and gradually adopted much of DO-178B as the de facto standard for aerospace software. Next, the commercial world applied a similar standard, called DO-254, to hardware and again the military establishment took note.
Today, DO-178B and DO-254 are increasingly required for almost all commercial and military aerospace projects throughout the world (see sidebar below). Fighter and cargo jets, unmanned airborne systems, and even space exploration vehicles are adopting or mandating DO-178B and DO-254. But differences in the military’s mission and perception remain strong and hinder unified adoption of these standards. Over the next year, DO-178C will replace DO-178B (see sidebar opposite page), and DO-254 will become mandatory on virtually all commercial and military projects. This “unification” poses many challenges and raises new questions, for which the author postulates a unified aerospace-field theory: Commercial and military avionics’ previous incompatibilities are increasingly resolved with DO-178B and DO-254 adherence, and key metrics include technology complexity, cost, FAA oversight, and MIL-STD compatibility.
Sidebar 1: DO-178B and DO-254: American, but “worldwide”
(Click graphic to zoom by 1.5x)
|
|
DO-178B and DO-254 resolve a complex chain
The DO-178B (software) and DO-254 (hardware) standards presume that hardware and software must operate in harmonic unison, each with proven reliability. Previously, hardware was considered “visible” and tested at the system level with integrated software; hence hardware was exempt from DO-178B quality attributes. But that exemption resulted in functionality being moved from software to hardware for the purpose of avoiding software certification. Also, hardware complexity has evolved such that hardware is often as complex, or more so, than software due to the embedded logic within PLDs, ASICs, and FPGAs. In the present day, everyone recognizes that hardware and software comprise an inextricable chain with the quality equal to that of the weakest link, hence the mandate to also apply DO-254 to avionics hardware. Figure 1 shows the scope of DO-178B and DO-254 and confirms that each avionics component comprises one link within this complex chain.
Figure 1: Typical Avionics LRU
(Click graphic to zoom by 1.4x)
|
|
Sidebar 2: DO-178B versus DO-178C: Becoming “unified”
(Click graphic to zoom by 1.5x)
|
|
Costs versus benefits: A military “surprise”
For decades, military organizations have developed hardware and software using a variety of specialized, defense-oriented standards including 2167A, 498, 882, and others. As military organizations, they were highly motivated to use hardware and software standards that differed from the commercial sector since it was perceived that military applications had their own unique requirements. Military’s utmost concern was primarily “mission,” which took precedence over safety and long-term cost reduction.
As recently as a few years ago, military organizations believed a popular myth that DO-178B and DO-254 doubled or tripled the cost of avionics development and deployment. This inflated myth delayed the adoption of DO-178B and DO-254 within military establishments because of the belief that doubling or tripling avionics development costs could not be justified. Indeed, a quick review of DO-178B and DO-254 seemed to add onerous planning, requirements detail, process controls, and rigorous low-level testing. However, these additional attributes are the very characteristics that actually reduce long-term costs while increasing safety. After the military studied, then adopted DO-178B and DO-254, it became apparent that the actual cost increases, while not trivial, are much more palatable. In most cases, the direct benefits outweigh the added cost, a fact that has spurred recent acceptance of DO-178B and DO-254 by the military community. Figure 2 shows a typical project development cost increase relating to DO-178B and DO-254 by criticality level, where Level E is a noncritical system and Level A is the most critical system with stricter certification requirements.
Figure 2: DO-178B and DO-254 Criticality Level
(Click graphic to zoom by 1.4x)
|
|
DO-178B and DO-254 can improve quality, maintainability, reusability, schedule attainment, and safety. The apparent 10 to 40 percent cost increase is thereby justified. And from a pure safety standpoint, it is no secret that commercial aircraft fatalities have been steadily declining for decades, in no small part due to DO-178B and DO-254.
Military and FAA: Not seeing eye-to-eye
The military did not want to relinquish oversight to the Federal Aviation Administration (FAA), nor did the FAA have the bandwidth or authorization to intervene within military projects. For decades, U.S. military forces largely operated autonomously from commercial counterparts. Airports, air traffic control, and airspace were separate; it was only natural that avionics development and certification were separate as well. Today, the FAA and military are closely cooperating via new avionics certification initiatives within Homeland Security, unmanned aerial systems, and FAA Designated Engineering Representative (DER) reviews of military avionics. However, military agencies self-certify their own systems, generally without formal FAA approval.
MIL-STD and DO-178/254: Compatible?
Military organizations were once unfamiliar with DO-178B and DO-254 specifics, hence applying widely varying and subjective criteria. Truth be told, DO-178B and DO-254 can be terse and vague; specialized training by experts or years of experience are typically required to apply them in the real world. The military standards used in avionics were primarily contractual mechanisms applied to ensure industrial compliance with technical specifications and interoperability. Military aircraft safety and commercial avionic interaction were desirable goals but not enforced.
Eventually, worldwide militaries became surprisingly aware of numerous advantages held by their commercial counterparts: reduced costs and accident rates. However, militaries often further complicated DO-178B/DO-254 adoption by requiring simultaneous adherence to their own MIL standards. While well-intentioned, this mix is counterproductive since the standards differ and conflict with each other in key areas: DO-178B and DO-254 already have ample ambiguity and subjectivity that is grossly complicated when requiring corollary adherence to MIL standards. Therefore, military organizations have increasingly adopted DO-178B and DO-254 and mandated their sole compliance on an increasing number of projects.
The reality of unification
Commercial and military software/hardware are proceeding with unification via DO-178B and DO-254 despite key differences. Like different branches of the armed forces, they have learned that integration and commonality benefit everyone despite such differences. Industry is behind such unification as it increasingly develops products for combined commercial and military applications. Militaries are adopting common processes and oversight mechanisms to unify DO-178B and DO-254 and increasingly mandating compliance for all airborne electronics.
Worldwide industry groups for DO-254 and DO-178B are active at www.do254site.com and www.do178site.com. Similar airborne hardware and software online blogs are active at www.do254blog.com and www.do178blog.com. Worldwide commercial avionics certification agencies are working increasingly closely with military organizations to maximize commonality and interoperability. Winston Churchill once famously stated, “Democracy is the worst form of government except for all those others that have been tried.” Similarly, some may paraphrase: “Military and commercial avionics unification is the worst form of standardization in the world … except for all those others that have been tried.” Unification: here today and here to stay.
Vance Hilderman is cofounder of HighRely Incorporated and coauthor of the book “Avionics Certification: A Complete Guide to DO-178 & DO-254” (2007). He was also the principal founder of TekSci in the 1990s. In a 20-plus-year career, Vance has served as consultant for most of the world’s largest aerospace companies and provided training in avionics software development and certification. He can be contacted at [email protected].
HighRely Incorporated
602-443-7359
