Unmanned aerial vehicles and civil aircraft may co-habit the airspace after September 2015.
As the U.S. Federal Aviation Administration (FAA) moves ahead with plans for unmanned aerial systems/vehicles (UAS/UAV) to have regular access to U.S. airspace by 2015, it has encountered several barriers. For UAVs to be treated like manned aircraft, their systems likley need to be qualified to the same standards as civil avioncs. This is a challenge, as each UAS has largely unique systems. UAS equipment standards are emerging, but threats to GNSS abound, requiring defense/mitigation.
Demand for UAS has produced many different types flying in a range of applications. With no apparent standard avionics fit or uniform safety standards, each UAS type is basically configured for specific tasks. Commercial UAS applications continue to emerge, and major market growth is anticipated. One forecast indicates that the UAS market could reach $7.26 billion this year alone. The promise of new and better ways to reduce costs, improve safety, and increase operational efficiency feeds market expansion.
However, in the United States the FAA currently requires each UAS commercial project desiring access to controlled airspace to obtain an FAA-approved Certificate of Authorization. While the FAA has made efforts to speed up approvals, this process slowed widespread commercial adoption of UAS. Nevertheless, opportunities abound in pipeline and transmission line inspection, crop spraying, law enforcement, security, and surveillance, survey/mapping, remote area mail delivery, and hundreds of other applications. The FAA may have felt some pressure to move forward, because Congress has put in place the Modernization and Reform Act of 2012, which calls on the FAA to fully integrate unmanned systems, including those for commercial use, into the national airspace by September 2015.
UAS in the NAS. Meanwhile, a project called the Unmanned Aircraft Systems Integration in the National Airspace System (UAS in the NAS), undertaken by NASA’s Dryden Flight Research Center, seeks to reduce technical barriers related to safety and operational challenges associated with enabling routine UAS access to the NAS.
Europe has also launched a study on the integration of UAS in non-segregated airspace for the future Single European Sky. The ICONUS study will be carried out by a consortium within the European air traffic management program called Single European Sky ATM Research Programme (SESAR). The study will drive the definition of the requirements, capabilities, and equipment which UAS will need to operate safely and efficiently in the coming European SESAR environment.
The U.S. RTCA SC-203 committee is drafting UAS operational requirements, and there has been significant progress towards publishing Minimum Aviation Performance Standards (MASPS), including requirements for navigation. Europe has similar activities underway aimed at improving UAS access to its airspace.
MOPS. The big picture is that requirements for unmanned aircraft are being brought into conformance with the standards applied to the performance and behavior of manned aircraft. Navigation requirements for UAS are expected to specify that systems will need to be qualified to Minimum Operational Performance Standards (MOPS). This means that on-board electronics, including GNSS systems, will probably need to be FAA Technical Standard Orders (TSO) qualified, just as they are now for manned aircraft.
Why do we need to investigate certified avionics now? In the scheme of avionics, more than two years breathing space to certify UAS avionics systems is not a long time, not at all, until the September 2015 deadline. FAA airborne software and hardware qualification will take much time and effort to implement, and re-configuration of systems, interfaces, and operating procedures may take even longer.
For Manufacturers. UAS makers have the option to move forward in stages. For instance, by selecting a few existing airborne-qualified OEM avionics, they could minimize the internal effort to comply. As the first UAS with certified avionics emerge, they will probably get good support from FAA to adopt U.S. operating rules for the NAS. Embedding an existing certified GPS receiver in UAS avionics will reduce the internal work needed and allow more effort for developing commercial market opportunities that look to quickly adopt UAS.
Meanwhile, efforts are in full swing to change the U.S. and European navigation landscapes over the next few years. So it would be better to be ready with a capable GNSS receiver that is already built to meet the challenges of NextGen and SESAR.
GPS III and Galileo. The L5 civil GPS frequency may be operational around the time that UAS unrestricted access becomes possible. GPS L1/L5 dual-frequency operations will enable higher navigation accuracy, reliablity, and integrity. The FAA is already developing NextGen WAAS to include L5, and revisions to the GPS MOPS to include L5 should begin shortly, in time for a usable GPS L5 constellation in 2015/2016. The FAA is already preparing for L5 avionics, and industry investigative work is underway. Its possible that GPS L1/L5 may meet the accuracy and integrity requirements for CAT II/III automated landings. In Europe, Eurocae work is expected to gain momentum for the Galileo E1/E5a MOPS as the Galileo satellite navigation system becomes operational.
The new GNSS environment also includes WAAS/SBAS precision approach (localizer performance with vertical guidance, or LPV) capability: LPV is available now in the United States and will soon be in wider operation in Europe. Automatic Dependendant Surveillance (ADS-B) is rolling out in the United States and around the world. ADS-B is being mandated within the U.S. NAS as the means for air-traffic control to track all aircraft, so UAS avionics will need to include certified ADS-B Out capability.
In one commercial instance, the Septentrio AiRx2 receiver comes out of the box as a certified L1 GPS with ADS-B and WAAS LVP, but is also ready for GPS L5 and Galileo E1/E5a.
Even as greater steps forward enhance how GNSS is used in this wider definition of aviation that will soon include UAS, a team at the University of Texas demonstrated how a UAV could be maliciously side-tracked (see article on page 30 of this issue) — reminiscent of the Iranian downing of a U.S. surveillance drone in December 2011.
Admittedly the GPS on the vehicle in the UT test was not a qualified airborne receiver, but how could this happen when there was also an inertial sensor and a radio-altimeter on the UAV? A good question, which UAV manufacturers will need to consider when they implement their on-board Kalman filters, knowing that spoofing is now an additional threat to parry.
Couldn’t we detect that high-power RF spoofing signal at the front-end of the GPS receiver? Even if only to tell the on-board systems that there could be hazardous misleading information about? Or run separate GPS and GPS/inertial position solutions, detect significant divergence, and set the same warning flag? And multi-constellation, multi-frequency receivers, and even controlled radiation pattern antennas — all things to investigate. More work for the aviation receiver guys who labor tirelessly to improve GNSS integrity.
Of course if you hijack a UAV with a high-power spoofer, you are also spoofing civil transports operating in the same airspace, so now there is the potential to trigger a Federal investigation. It will probably be easier to detect this stuff with moving airborne sensors rather than the fixed ground equipment used to find jammers on trucks at Newark airport, and lots of pilots likely providing real-time location information on radios if their GPS goes even a little haywire. All would help to quickly locate and shut down any spoofer. Nevertheless, it’s a threat to be mitigated.
Fatal Crash. In South Korea, the effects of intermittent North Korean jamming of GPS to disrupt seal, land, and air navigation in the South may have contributed to the recent fatal crash of a Schiebel Camcopter S-100 drone, a 150-kilogram rotorcraft capable of 220 km/h flight. It should have coped with loss of GPS as the Camcopter has multiple inertial measurement units that allow safe operation and recovery in the absence of GPS signals. Emergency procedures to ensure a safe recovery in such a situation do not appear to have been correctly and adequately followed, manufacturer Schiebel alleges.
NovAtel may have found one way to help mitigate spoofing on UAVs; the company released a combined civil/SAASM GPS receiver, the OEM625S, aimed specifically at UAVs. Granted, the idea is to add SAASM anti-spoofing capability to a number of UAVs which currently use NovAtel commercial receivers, mostly in military systems. That may be motivated by the desire to avoid further Iranian incidents!
BAE Systems has been thinking of giving GPS a back-up for just those situations where jamming or even spoofing is detected. BAE’s Navigation via Signals of Opportunity (NAVSOP) system was just announced at the Farnborough air show in the UK and is still in research phase, but looks extremely promising. It interrogates the radio environment for the ID and signal strength of local digital TV and radio signals, plus air traffic control radars, with finer grained adjustments coming from cellphone masts and Wi-Fi routers. Mapping the location of all these sources might be quite an undertaking, and given that these are all non-safety-of-life commercial signals, the sources are subject to the vagaries of power outages, regular maintenance, and breakdowns. Nevertheless, with such a multitude of signals, NAVSOP could well turn out to be a viable back-up for GNSS.
So, shared access to civil airspace, wider applications in commercial operations, and changes in equipment qualification, along with potential solutions for GNSS jamming and spoofing: lots to consider for the UAS industry.
Taking It to the House
U.S. House of Representatives Committee on Homeland Security; Subcommittee on Oversight, Investigations, and Management; Hearing, July 19, 2012: Using Unmanned Aerial Systems Within the Homeland: Security Game Changer?
Testimony by Todd E. Humphreys, Ph.D.; Assistant Professor, Cockrell School of Engineering, The University of Texas at Austin. [Excerpted. Prof. Humphreys is a co-author of the article “Drone Hack” in the August issue of GPS World.]
The vulnerability of civil GPS to spooﬁng has serious implications for civil unmanned aerial vehicles (UAVs), as was recently illustrated by a dramatic remote hijacking of a UAV at White Sands Missile Range.
Hacking a UAV by GPS spooﬁng is but one expression of a larger problem: insecure civil GPS technology has over the last two decades been absorbed deeply into critical systems within our national infrastructure. Besides UAVs, civil GPS spooﬁng also presents a danger to manned aircraft, maritime craft, communications systems, banking and ﬁnance institutions, and the national power grid.
Constructing from scratch a sophisticated GPS spoofer like the one developed by the University of Texas is not easy. It is not within the capability of the average person on the street, or even the average Anonymous hacker. But the emerging tools of software-deﬁned radio and the availability of GPS signal simulators are putting spoofers within reach of ordinary malefactors.
There is no quick, easy, and cheap ﬁx for the civil GPS spooﬁng problem. What is more, not even the most eﬀective GPS spooﬁng defenses are foolproof. But reasonable, cost-eﬀective spooﬁng defenses exist which, if implemented, will make successful spooﬁng much harder.
I recommend that for non-recreational operation in the national airspace civil UAVs exceeding 18 lbs be required to employ navigation systems that are spoof-resistant.
More broadly, I recommend that GPS-based timing or navigation systems having a non-trivial role in systems designated by DHS as national critical infrastructure be required to be spoof-resistant.
Finally, I recommend that the DHS commit to funding development and implementation of a cryptographic authentication signature in one of the existing or forthcoming civil GPS signals.
Complete testimony (PDF) covers:
- The potential vulnerabilities of U.S. national transportation, communications, banking and finance, and energy distribution infrastructure;
- What does it take to build a spoofer? Buy a spoofer?
- Range and required knowledge of target.
- Fixing the problem:
• Jamming-to-noise sensing defense;
• Defense based on SSSC or NMA on WAAS signals;
• Multi-system multi-grequency defense;
• Single-antenna defense;
• Defense based on spread-spectrum security codes on L1C;
• Defense based on navigation message authentication on L1C, L2C, or L5;
• Correlation prole anomaly defense;
• Multi-antenna defense;
• Defense based on cross-correlation with military signals.