Abstract

NASA and the Aviation Industry is looking into “reduced crew operations” (RCO) that would cut today's required two-person flight crews down to a single pilot with support from ground-based crews. Shared responsibility across air and ground personnel will require highly reliable and secure data communication and supporting automation, which will be safety-critical for passenger and cargo aircraft. This paper looks at the different types and degrees of authority delegation given from the air to the ground and the ramifications of each, including the safety and security hazards introduced, the mitigation mechanisms for these hazards, and other demands on an RCO system architecture which would be highly invasive into (almost) all safety-critical avionics. The adjacent fields of unmanned aerial systems and autonomous ground vehicles are viewed to find problems that RCO may face and related aviation accident scenarios are described. The paper explores possible data communication architectures to meet stringent performance and information security (INFOSEC) requirements of RCO. Subsequently, potential challenges for RCO data communication authentication, encryption and non-repudiation are identified. The approach includes a comprehensive safety-hazard analysis of the RCO system to determine top level INFOSEC requirements for RCO and proposes an option for effective RCO implementation. This paper concludes with questioning the economic viability of RCO in light of the expense of overcoming the operational safety and security hazards it would introduce.

Highlights

  • The types and degree of safety and security hazards introduced by an RCO system will depend heavily on the degree of authority that an airborne system relinquishes to the ground and any of its supporting automation

  • One thing to keep in mind for these various levels of authority delegation is: what does cockpit resource management (CRM) mean when some of the cockpit resources aren’t in the cockpit or anywhere near the cockpit? Much of the existing RCO research has been aimed at questions like this that deal with the human part of potential RCO systems

  • When we get down to the low levels of failure probability allowed for safetycritical aviation functions, failure modes can happen that are unbelievable until we find out that they do occur

Read more

Summary

LEVELS OF AUTHORITY DELEGATION

The types and degree of safety and security hazards introduced by an RCO system will depend heavily on the degree of authority that an airborne system relinquishes to the ground and any of its supporting automation. Example scenarios for many of these situations are given in the “Control HandBack Problems” section below At this level of authority delegation, the GC has full authority over the aircraft, with the AC being incapacitated or otherwise unavailable to share in any cockpit duties. One of these is the fact that the system would have to prevent all the possible ways that an adversarial or suicidal AC could prevent an aircraft from safely completing its flight; and, there a lot of ways that this could be done Details of this are given in the section below called “RCO Interface to Onboard Safety-Critical Systems”. Another problem is that any solution to this scenario creates a new, and probably more dangerous, scenario described in the subsection. Such a design would violate the “do thy patient no harm” principle by creating a new cyber-attack pathway into the aircraft and another source of natural failures that could adversely affect all safety-critical systems on an aircraft!

RCO AUTHORITY QUESTIONS
RCO AIRBORNE SYSTEM ARCHITECTURE
RELATED RESEARCH AND DEVELOPMENT
CONTROL HAND-BACK PROBLEMS
ARE COMMUNICATION THREATS REAL?
COMMUNICATION ENCRYPTION
With its cryptographic keys?
Findings
10. SUMMARY
Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.