Qioptiq logo Raytheon


By Chip Downing
Senior Industry Specialist, Aerospace & Defense

Our Unmanned Aircraft Systems (UAS) industry is growing up fast, and, with over 200 UAS projects globally, will prove to be one of the most prolific eras ever for aerospace. As these airborne devices are deployed into defense, commercial, and public safety programs the unit volumes and supporting ground systems will grow by orders of magnitude. However, for this to occur, big changes are needed in one of the most challenging components of a deployed UAS: software. Three aspects of this challenge are:
1. Safety. Safety certification with the government agencies FAA and EASA
2. SWaP. Reducing space, weight and power (SWaP) by combining applications from multiple vendors onto shared hardware platforms
3. Security. Multiplexing multiple levels of classified information, coalition partners, or other domains securely.


One of the difficult days for traditional R&D engineers working on UAS programs is to find out that the program is so successful that customers want to deploy the system from un-controlled airspace into controlled airspace. Just like commercial manned aircraft today, UAS activities in controlled airspace will need to comply with US Federal Aviation Administration (FAA) and European Aviation Safety Agency (EASA) safety regulations for controlling and separating aircraft, hot air balloons, and other objects, like skydivers, in this shared zone. Current guidelines ask for UAS programs to show an equivalent level of safety to their manned counterparts – but what is an equivalent level of safety?

For software on airborne systems, the global commercial avionics industry has developed a standard known as RTCA DO-178B/EUROCAE ED-12B, with RTCA (www.rtca.org) managing the North American standard, and EUROCAE (www.eurocae.org) managing European standard for software deployed on aircraft flying in “controlled airspace”. DO-178B and ED-12B are identical standards, and these standards, currently in their third revision, have an excellent track record for safety. Similarly, airborne hardware systems need to comply with a separate safety specification, RTCA DO-254/EUROCAE ED-80.

All systems on an airborne vehicle do not impact safety equally – some systems, like flight control systems, are quite critical to continued safety of flight. Other components, like cabin lighting systems, may have little or no effect on safety of the entire aircraft. With this in mind, DO-178B created separate safety levels to reflect the relative criticality of an individual system. These range from Level A (highest criticality) to Level E (lowest). Certification authorities set the required level after analyses of safety impact of failure of the systems on the entire aircraft. UAS engineers can then focus on the quality of the most critical systems, and are therefore relieved from the entire Level A certification burden as these levels decrease.

DO-178B software certification packages for COTS components are nontrivial investments, currently averaging $60-100 per line of software code. For example the DO-178B package for the ARINC 653 operating system from Wind River, VxWorks 653, contains more than 65,000 files to support the highest safety certification Level A. Developing this certification evidence cost millions of dollars, and would be cost-prohibitive if borne by a single program. As a COTS component the costs for each program are a fraction of this investment. Further, safety certification officials on many different projects have reviewed this COTS certification package, increasing its inherent quality and reducing risk for all programs.


As the demand for more capability increases on individual UAS, the volume of application software increases. This creates a pressure to reduce hardware size, weight, and power (SWaP) and cabling by combining software applications on fewer and smaller hardware platfo

Back to article list