Honeywell Enhancing Airplane State Awareness (EASA) Project: Final Report on Refinement and Evaluation of Candidate Solutions for Airplane System State Awareness

The loss of pilot airplane state awareness (ASA) has been implicated as a factor in several aviation accidents identified by the Commercial Aviation Safety Team (CAST). These accidents were investigated to identify precursors to the loss of ASA and develop technologies to address the loss of ASA. Based on a gap analysis, two technologies were prototyped and assessed with a formative pilot-in-the-loop evaluation in NASA Langleys full-motion Research Flight Deck. The technologies address: 1) data source anomaly detection in real-time, and 2) intelligent monitoring aids to provide nominal and predictive awareness of situations to be monitored and a mission timeline to visualize events of interest. The evaluation results indicated favorable impressions of both technologies for mitigating the loss of ASA in terms of operational utility, workload, acceptability, complexity, and usability. The team concludes that there is a feasible retrofit solution for improving ASA that would minimize certification risk, integration costs, and training impact

Using Ontologies to Detect Anomalies in the Sky

Ce mémoire de maîtrise présente une solution pour améliorer la sécurité des systèmes de contrôle de trafic aérien. Cette solution prend la forme d’un détecteur d’anomalies qui va déceler les manipulations malicieuses de données. Par les mêmes mécanismes, ce détecteur peut aussi détecter les situations d’urgences et les violations des lois du trafic aérien. Les systèmes de contrôle de trafic aérien sont composés de plusieurs capteurs qui envoient des données aux stations de travail des contrôleurs aérien sur un réseau IP en utilisant un protocole de partage de données en temps réel nommé Data Distribution Service. Des données malicieuses comme de fausses positions d’avions peuvent être insérées dans le trafic du réseau en compromettant une machine connectée à celui-ci ou en émettant des signaux contenant les données falsifiées qui seront captées et transmises sur le réseau par les capteurs. Actuellement, une fois que ces données sont sur le réseau, les systèmes ne disposent pas de mécanismes pour différencier les données malicieuses des vraies données et les traiteront de la même façon. La présence de données falsifiées sur le réseau peut causer de la confusion qui peut mener à des situations dangereuses incluant une sécurité aérienne réduite. Nous avons évalué l’impact des différentes attaques sur les systèmes de contrôle de trafic aérien en construisant un modèle de menaces tout en considérant les procédures d’urgence déjà en place dans le monde de l’aviation. Nous avons conclu qu’il y a plusieurs façons selon lesquelles un adversaire peut injecter des données malicieuses dans les systèmes. Il peut le faire soit en injectant les données directement dans le réseau ou en utilisant une radio logicielle pour émettre des données malicieuses sur les fréquences utilisées par les capteurs qu’ils les transmettent eux-mêmes sur le réseau. Ces données peuvent induire les contrôleurs de trafic aérien en erreur et leur faire prendre une décision dangereuse. Ce modèle de menaces a servi dans l’ébauche des méthodes de détection.----------ABSTRACT : This Master’s thesis introduces an anomaly detection solution to increase the security of Air Traffic Control Systems against malicious data manipulation threats. At the same time, this detection system can detect emergencies and air traffic rules violations. Air Traffic Control Systems are made of multiple sensors sending data to air traffic controller workstations over an IP network using a publish-subscribe protocol, Data Distribution Service. Malicious data can be inserted into this network by either compromising a machine on the network, or by tricking the sensors into emitting falsified data. Once into the network, the system currently cannot distinguish malicious data from real one and will treat it as such, potentially causing dangerous situations and general confusion that could lead to air traffic safety being compromised. We quantify the impact different attacks have on the system by building a threat model while considering existing safety procedures already in place in the aviation world. We found that there are multiple ways an attacker can inject malicious data into the system either directly by injecting false data into the network or indirectly by sending spoofed broadcasts that will be picked up by the ground equipment and in turn injected into the network. These data manipulations can induce an air traffic controller into making a wrong decision. This threat model also gives us direction on how to detect potential threats. To counter these threats, we design a detection solution using ontologies to store data and a query engine to interact with it. By using ontologies, we can add semantics to the data and facilitate the creation of detection queries in the SPARQL query language. It uses a translation table to convert Data Distribution Service data structures into ontological concepts. The detection engine runs on dedicated machines and sends alerts to the concerned computers if a query detects an anomaly. The ontological model was built using the assumptions we made about the data pieces circulating on the Air Traffic Control System’s network. Designing an ontology that is specific enough to be useful for detection, but also generic enough to easily add new detection capabilities proved to be a challenge. We found that we often needed to add new concepts to the ontology when we designed new queries

EUNADICS-AV early warning system dedicated to supporting aviation in the case of a crisis from natural airborne hazards and radionuclide clouds

The purpose of the EUNADICS-AV (European Natural Airborne Disaster Information and Coordination System for Aviation) prototype early warning system (EWS) is to develop the combined use of harmonised data products from satellite, ground-based and in situ instruments to produce alerts of airborne hazards (volcanic, dust, smoke and radionuclide clouds), satisfying the requirement of aviation air traffic management (ATM) stakeholders (https://cordis.europa.eu/project/id/723986, last access: 5 November 2021). The alert products developed by the EUNADICS-AV EWS, i.e. near-real-time (NRT) observations, email notifications and netCDF (Network Common Data Form) alert data products (called NCAP files), have shown significant interest in using selective detection of natural airborne hazards from polar-orbiting satellites. The combination of several sensors inside a single global system demonstrates the advantage of using a triggered approach to obtain selective detection from observations, which cannot initially discriminate the different aerosol types. Satellite products from hyperspectral ultraviolet–visible (UV–vis) and infrared (IR) sensors (e.g. TROPOMI – TROPOspheric Monitoring Instrument – and IASI – Infrared Atmospheric Sounding Interferometer) and a broadband geostationary imager (Spinning Enhanced Visible and InfraRed Imager; SEVIRI) and retrievals from ground-based networks (e.g. EARLINET – European Aerosol Research Lidar Network, E-PROFILE and the regional network from volcano observatories) are combined by our system to create tailored alert products (e.g. selective ash detection, SO2 column and plume height, dust cloud, and smoke from wildfires). A total of 23 different alert products are implemented, using 1 geostationary and 13 polar-orbiting satellite platforms, 3 external existing service, and 2 EU and 2 regional ground-based networks. This allows for the identification and the tracking of extreme events. The EUNADICS-AV EWS has also shown the need to implement a future relay of radiological data (gamma dose rate and radionuclides concentrations in ground-level air) in the case of a nuclear accident. This highlights the interest of operating early warnings with the use of a homogenised dataset. For the four types of airborne hazard, the EUNADICS-AV EWS has demonstrated its capability to provide NRT alert data products to trigger data assimilation and dispersion modelling providing forecasts and inverse modelling for source term estimate. Not all of our alert data products (NCAP files) are publicly disseminated. Access to our alert products is currently restricted to key users (i.e. Volcanic Ash Advisory Centres, national meteorological services, the World Meteorological Organization, governments, volcano observatories and research collaborators), as these are considered pre-decisional products. On the other hand, thanks to the EUNADICS-AV–SACS (Support to Aviation Control Service) web interface (https://sacs.aeronomie.be, last access: 5 November 2021), the main part of the satellite observations used by the EUNADICS-AV EWS is shown in NRT, with public email notification of volcanic emission and delivery of tailored images and NCAP files. All of the ATM stakeholders (e.g. pilots, airlines and passengers) can access these alert products through this free channel.Peer ReviewedArticle escrit per 46 autors/es: Hugues Brenot Nicolas Theys Lieven Clarisse Jeroen van Gent Daniel Hurtmans Sophie Vandenbussche Nikolaos Papagiannopoulos Lucia Mona Timo Virtanen Andreas Uppstu Mikhail Sofiev Luca Bugliaro Margarita Vázquez-Navarro Pascal Hedelt Michelle Maree Parks Sara Barsotti Mauro Coltelli William Moreland Simona Scollo Giuseppe Salerno Delia Arnold-Arias Marcus Hirtl Tuomas Peltonen Juhani Lahtinen Klaus Sievers Florian Lipok Rolf Rüfenacht Alexander Haefele Maxime Hervo Saskia Wagenaar Wim Som de Cerff Jos de Laat Arnoud Apituley Piet Stammes Quentin Laffineur Andy Delcloo Robertson Lennart Carl-Herbert Rokitansky Arturo Vargas Markus Kerschbaum Christian Resch Raimund Zopp Matthieu Plu 1 Vincent-Henri Peuch Michel van Roozendael Gerhard WotawaPostprint (author's final draft

Assessment of the State-of-the-Art of System-Wide Safety and Assurance Technologies

Since its initiation, the System-wide Safety Assurance Technologies (SSAT) Project has been focused on developing multidisciplinary tools and techniques that are verified and validated to ensure prevention of loss of property and life in NextGen and enable proactive risk management through predictive methods. To this end, four technical challenges have been listed to help realize the goals of SSAT, namely (i) assurance of flight critical systems, (ii) discovery of precursors to safety incidents, (iii) assuring safe human-systems integration, and (iv) prognostic algorithm design for safety assurance. The objective of this report is to provide an extensive survey of SSAT-related research accomplishments by researchers within and outside NASA to get an understanding of what the state-of-the-art is for technologies enabling each of the four technical challenges. We hope that this report will serve as a good resource for anyone interested in gaining an understanding of the SSAT technical challenges, and also be useful in the future for project planning and resource allocation for related research

ATM automation: guidance on human technology integration

© Civil Aviation Authority 2016Human interaction with technology and automation is a key area of interest to industry and safety regulators alike. In February 2014, a joint CAA/industry workshop considered perspectives on present and future implementation of advanced automated systems. The conclusion was that whilst no additional regulation was necessary, guidance material for industry and regulators was required. Development of this guidance document was completed in 2015 by a working group consisting of CAA, UK industry, academia and industry associations (see Appendix B). This enabled a collaborative approach to be taken, and for regulatory, industry, and workforce perspectives to be collectively considered and addressed. The processes used in developing this guidance included: review of the themes identified from the February 2014 CAA/industry workshop1; review of academic papers, textbooks on automation, incidents and accidents involving automation; identification of key safety issues associated with automated systems; analysis of current and emerging ATM regulatory requirements and guidance material; presentation of emerging findings for critical review at UK and European aviation safety conferences. In December 2015, a workshop of senior management from project partner organisations reviewed the findings and proposals. EASA were briefed on the project before its commencement, and Eurocontrol contributed through membership of the Working Group.Final Published versio

Adaptive Airborne Separation to Enable UAM Autonomy in Mixed Airspace

The excitement and promise generated by Urban Air Mobility (UAM) concepts have inspired both new entrants and large aerospace companies throughout the world to invest hundreds of millions in research and development of air vehicles, both piloted and unpiloted, to fulfill these dreams. The management and separation of all these new aircraft have received much less attention, however, and even though NASAs lead is advancing some promising concepts for Unmanned Aircraft Systems (UAS) Traffic Management (UTM), most operations today are limited to line of sight with the vehicle, airspace reservation and geofencing of individual flights. Various schemes have been proposed to control this new traffic, some modeled after conventional air traffic control and some proposing fully automatic management, either from a ground-based entity or carried out on board among the vehicles themselves. Previous work has examined vehicle-based traffic management in the very low altitude airspace within a metroplex called UTM airspace in which piloted traffic is rare. A management scheme was proposed in that work that takes advantage of the homogeneous nature of the traffic operating in UTM airspace. This paper expands that concept to include a traffic management plan usable at all altitudes desired for electric Vertical Takeoff and Landing urban and short-distance, inter-city transportation. The interactions with piloted aircraft operating under both visual and instrument flight rules are analyzed, and the role of Air Traffic Control services in the postulated mixed traffic environment is covered. Separation values that adapt to each type of traffic encounter are proposed, and the relationship between required airborne surveillance range and closure speed is given. Finally, realistic scenarios are presented illustrating how this concept can reliably handle the density and traffic mix that fully implemented and successful UAM operations would entail

UAS Pilots Code – Annotated Version 1.0

The UAS PILOTS CODE (UASPC) offers recommendations to advance flight safety, ground safety, airmanship, and professionalism.6 It presents a vision of excellence for UAS pilots and operators, and includes general guidance for all types of UAS. The UASPC offers broad guidance—a set of values—to help a pilot interpret and apply standards and regulations, and to confront real world challenges to avoid incidents and accidents. It is designed to help UAS pilots develop standard operating procedures (SOPs), effective risk management,7 safety management systems (SMS), and to encourage UAS pilots to consider themselves aviators and participants in the broader aviation community

Enhancing Cyberspace Monitoring in the United States Aviation Industry: A Multi-Layered Approach for Addressing Emerging Threats

This research project examined the cyberspace domain in the United States (U.S.) aviation industry from many different angles. The research involved learning about the U.S. aviation cyberspace environment, the landscape of cyber threats, new technologies like 5G and smart airports, cybersecurity frameworks and best practices, and the use of aviation cyberspace monitoring capabilities. The research looked at how vulnerable the aviation industry is from cyber-attacks, analyzed the possible effects of cyber-attacks on the industry, and suggests ways to improve the industry\u27s cybersecurity posture. The project\u27s main goal was to protect against possible cyber-attacks and make sure that the aviation industry is safe and secure

Multi-sensor data fusion techniques for RPAS detect, track and avoid

Accurate and robust tracking of objects is of growing interest amongst the computer vision scientific community. The ability of a multi-sensor system to detect and track objects, and accurately predict their future trajectory is critical in the context of mission- and safety-critical applications. Remotely Piloted Aircraft System (RPAS) are currently not equipped to routinely access all classes of airspace since certified Detect-and-Avoid (DAA) systems are yet to be developed. Such capabilities can be achieved by incorporating both cooperative and non-cooperative DAA functions, as well as providing enhanced communications, navigation and surveillance (CNS) services. DAA is highly dependent on the performance of CNS systems for Detection, Tacking and avoiding (DTA) tasks and maneuvers. In order to perform an effective detection of objects, a number of high performance, reliable and accurate avionics sensors and systems are adopted including non-cooperative sensors (visual and thermal cameras, Laser radar (LIDAR) and acoustic sensors) and cooperative systems (Automatic Dependent Surveillance-Broadcast (ADS-B) and Traffic Collision Avoidance System (TCAS)). In this paper the sensors and system information candidates are fully exploited in a Multi-Sensor Data Fusion (MSDF) architecture. An Unscented Kalman Filter (UKF) and a more advanced Particle Filter (PF) are adopted to estimate the state vector of the objects based for maneuvering and non-maneuvering DTA tasks. Furthermore, an artificial neural network is conceptualised/adopted to exploit the use of statistical learning methods, which acts to combined information obtained from the UKF and PF. After describing the MSDF architecture, the key mathematical models for data fusion are presented. Conceptual studies are carried out on visual and thermal image fusion architectures