THE LAST WORD. The security and reliability of unmanned aerial vehicles (UAVs) is of considerable concern, especially as unmanned aircraft are increasingly employed in public airspace. Robert Dewar, president and CEO of AdaCore, a provider of commercial software solutions for the Ada programming language discusses the role of software in safety-, security-, and reliability-critical applications, including UAVs. In a one-on-one interview, Dewar imparts information and advice on ensuring the safety and security of unmanned aerial systems (UAS).
Military and civil UAVs will be sharing, and likely flooding, public airspace. What are some concerns, and how can software be a hindrance or a savior?
UAVs do not pose quite the same set of safety concerns as manned aircraft. Obviously, there are no pilots or passengers on board to worry about; however, the risks to other aircraft from air collisions and to people on the ground from ground collisions are just as real. UAVs, like manned aircraft, are heavily dependent on complex software.
For commercial aircraft, and increasingly any military aircraft flying through commercial space, we have rigorous requirements for software in the form of the DO-178C standard. These standards do not guarantee 100 percent freedom from software errors, but in practice they are remarkably effective, as evidenced by the fact that we have never lost a life due to a software bug on a commercial aircraft in the entire history of commercial aviation.
Unfortunately, UAV software is written without any requirements for meeting this or any similar standard. Instead, it is typically written using normal industry practices for commercial software; but, we only have to look at news stories that come out every week, not to mention our own experiences with commercial software, to know that such industry practices are far from reliable. It is one thing to have to deal with your PC crashing, and quite another for a UAV to crash into your house from a similar bug.
Do current software tools offer protection from drones being hacked by adversaries?
We do have techniques for writing highly reliable, unhackable secure software. On libre.adacore.com is a description of the Tokeneer project, and an interesting demonstration project from the National Security Administration (NSA) showing such techniques in action. We simply have to take matters more seriously and deploy such techniques in this context. This may possibly involve additional costs, but clearly such costs are warranted; in fact, it is not always clear that it does cost more to do things right. The cost of failed missions is high!
UAV close calls (such as users losing their link to the drone) and accidents are on the rise. Can they be prevented with software testing and verification?
Exactly! [They can be prevented] by applying the same kind of techniques that are reliable enough for us to all feel safe flying on modern commercial aircraft, even though our lives in such a circumstance depend on the absolute reliability of complex software systems. (The software onboard the Boeing 787 is more than 5 million lines of critical code.)
Is the use of open-source software in UAV systems a security concern?
The use of open-source software tools for producing such software certainly is no cause for concern. Large parts of the Boeing 787 software are written using open-source tools, and AdaCore, which is 100 percent dedicated to freely licensed, open-source software
(FLOSS), has customers using its tools for many critical military and commercial products.
If you are talking about the software onboard the UAVs being open sourced, that's an interesting question. There are arguments both ways about the use of open source making software more reliable (more good eyes to find bugs, but also more evil eyes to find bugs). Most likely in military contexts, it is unlikely to be a viable approach. However, it's interesting to ask whether civilian applications, such as police surveillance, should be opened up. After all, it seems reasonable for citizens to be able to verify that such tools have appropriate capabilities and are used in an appropriate way (there is obvious potential for huge abuse). A similar situation arises with voting machine software.
Is AdaCore involved in, a resource for, or otherwise helping determine the requirements and certifications related to UAVs, including their future and expanding use of common airspace?
We have been very much involved both in the development of DO-178C (and assisting our avionics customers with the use of DO-178B/C) and, also, in conjunction with our partner Praxis, in the use of techniques for high-security software.
What advice would you give the FAA?
A starting point would be to require DO-178 certification for all planes flying in commercial space, including UAVs. If you fly a Cessna around, its software must be certified. Why should we have laxer standards for UAVs?
What advice would you give engineers and developers involved with UAVs?
All engineers need to adopt the "failure-is-not-an-option" attitude that is necessary for producing reliable, certified software. UAVs require at least as much care as commercial avionics applications.