Saturday, October 5, 2013

UAT or 1090ES?


If you are considering ADS/B, there is a choice to make. Do you install a Universal Access Transceiver (UAT) or the Mode S transponder that has an extended squitter (1090-ES)? It all depends...

What country are you in? If you aren't in the USA, then the choice is pretty much made. The USA offers the option of a UAT. The rest of the world needs Mode S transponders for ADS/B installations.

If you are in the USA, and you mostly fly above FL180, then the choice is pretty much made again. The FAA doesn't allow aircraft flying above 18,000ft to use the UAT. It just makes sense to get the 1090-ES transponder that will do Mode S if you want take advantage of ADS/B and fly about FL180.

The UAT transmits and receives on 978MHz, the 1090-ES transmits and receives on 1090MHz. The ADS/B system will allow all participating aircraft to see each other. If the two devices work on different frequencies, how does a 1090MHz transceiver see a 978MHz transceiver? The ground stations will repeat the 978MHz messages on 1090MHz, as well as repeat the 1090MHz message on 978MHz. The ground station will also show both messages on the "RADAR" scope, so the air traffic controller knows where everyone is.

The FAA separated the two systems for a couple reasons. The 978MHz devices can handle more data (has more bandwidth), so more aircraft in a concentrated area will work without overloading ground stations or other aircraft. The 1090 Mode S transponders are already on the larger faster aircraft that are flying higher, so the expense should be minimized (I am repeating the FAA here, in reality, most operators will need to replace the transponders they have to get the extended squitter feature).

The UAT's are even more useful, since the FAA will broadcast extra information. The two extra messages that the FAA is broadcasting are the TIS/B and FIS/B. The 1090-ES system will get TIS/B, but not FIS/B.

TIS/B is Traffic Information Service-Broadcast, where non-ADS/B equipped aircraft will show up on the aircraft display, similar to ADS/B equipped aircraft. The ground station will broadcast the position of aircraft that are only visible on RADAR. As a pilot, you will be able to see more of what the controller sees.

FIS/B is Flight Information Service-Broadcast. Flight information includes weather, and aeronautical products. While XM provides some weather, that you must subscribe to, the FIS/B is free to everyone. The XM product may have additional information, or be more timely. The FIS/B data is what the FAA will be looking at, including potentially air traffic control. The aeronautical products appear to be weather like items, such as NOTAMs and SUA status.

Exactly what device to get will depend on the capability of the chosen display. Many of the MFD manufacturers will take either device for input, the displayed information may help make the choice. Some will show the weather RADAR information in great detail, others will show it blocky or not at all. Over the next couple years, the MFDs are sure to get better.

Should you wait, or should you buy today? Today the ADS/B MFD technology is being developed. Over the next 5 years, the technology will surely mature. Having ADS/B in on a tablet computer will allow a pilot to get their feet wet, sooner. By 2020, most aircraft will be required to have ADS/B out, which probably means, unless someone builds an under $1000 solution to ADS/B out only, most aircraft will be equipped with ADS/B in and out.

Can you get rid of your transponder once you have ADS/B? No, the Mode/C component will still be needed for RADAR service and TCAS for non-ADS/B equipped aircraft.

It'll be an interesting couple years going forward. What do you think?


Tuesday, October 1, 2013

DO-178C Reliability



DO-178C quantifies the level of safety needed for an aircraft software system. In an aircraft there are various software systems. Some systems are benign, others are safety critical. Something like a reading light in a passenger compartment would be benign system, if a failure were to occur, the safety of flight is not compromised (unless the passenger throws a tantrum!). In a fly by wire aircraft the control system is generally considered critical to flight.

DO-178C is a standard maintained by the RTCA. The RTCA is a group of aviation professionals that manage standards. It provides a place for manufacturers, user and regulators to come together and provide a consensus of regulations and guidance to managing the technology used in aviation. DO-178C is the guidance the FAA (and other regulation bodies) use to insure avionics and other software systems are certified to the proper level.

DO-178C enhances DO-178B. DO-178C standard was available starting Jan 2012, and was used to update the FAA AC 20-115C during the summer of 2013. There are companion documents related to software, tools, formal methods and testing.

There are 5 safety or Design Assurance Levels (DAL) for DO-178C.
  1. Catastrophic - Failure may cause multiple fatalities, usually with loss of the airplane. (level A)
  2. Hazardous - Failure has a large negative impact on safety or performance, or reduces the ability of the crew to operate the aircraft due to physical distress or a higher workload, or causes serious or fatal injuries among the passengers.  (level B)
  3. Major - Failure significantly reduces the safety margin or significantly increases crew workload. May result in passenger discomfort (or even minor injuries).  (level C)
  4. Minor - Failure slightly reduces the safety margin or slightly increases crew workload. Examples might include causing passenger inconvenience or a routine flight plan change.  (level D)
  5. No Effect - Failure has no impact on safety, aircraft operation, or crew workload.  (level E)

Like any software project safety, security and quality start with planning. It isn't very easy to add security to an existing product, likewise it may not be easy to add safety and redundancy to an existing product.

DO-178 requires documentation. Items such as the Software Requirements Document (SRD) and the Software Design Description (SDD) are a good idea for all software projects they are required for DO-178 certification. Additional documents include Software Verification Cases and Procedures (SVCP) outlines how the software will be tested, and Software Verification Results (SVP) kind of proves that the SVCP was actually done, and the items passed or not.

The typical deliverables for a DO-178 project will include the SRD, SDD, the executables, the SVCP and the SVP. Additionally there may be code coverage test results to insure the test results hits all good and bad situations. If the software product is an upgrade to an existing package, there may be other documents that include Software Configuration Index (SCI) like the source code control system documentation, and the Software life cycle Environment Configuration Index (SECI) to outline the development and improvement process.

Typically a Designated Engineering Representative (DER) will review the deliverable to insure the system meets the level of certification desired. The DER may work for the company developing the product, or be an external consultant.

There are various tools the developers and the testers can use to insure the certification process was followed. Starting with the documentation there are templates.Web based compliance verification tools are available. DO-178 software test suites are also used.

Some vendors will suggest that a level A certification is something to shoot for. Actually, for any system, the lowest possible level should be what the designers should seek. In an ideal situation, any failure should be an inconvenience, not an emergency. If the engines are running, and the flight controls work the aircraft can be flown to a suitable facility where repairs can be made.  

DO-178C is a robust standard that can apply to all software development. DO-178C is required for aviation software systems, and provides customers with piece of mind with regard to systems on the aircraft.