Framework for risk-based derivation of performance and interoperability requirements for UTM avionics

In order to define system requirements for avionics used for low-altitude, small, Unmanned Aircraft Systems (sUAS) operations, the functions those avionics must perform need to be identified. Since avionics are an important contributor to ensuring the safety of sUAS operations, one way to determine what functions are necessary is to identify the operational hazards Unmanned Traffic Management (UTM) avionics must help mitigate. SUAS operations have the potential to pose a risk to persons onboard other aircraft, as along with persons and property on the ground. Thus, the primary safety objectives are to prevent collisions between sUAS and manned aircraft, as well as collisions between sUAS and persons or property on the ground. Together with procedural and operational mitigations, UTM avionics would need to sufficiently mitigate operational hazards that could potentially lead to such collisions. However, depending on the operation, the type and level of exposure to such hazards will vary, and as a result the level and type of mitigations that UTM avionics need to provide will differ. Three operational categories are proposed in this paper, each with a specific set of operational hazards that have the potential to negatively impact safety. Category 1 operational hazards consist of collisions with fixed, or nearly-fixed, ground-based obstacles, including humans. Other operational hazards are excluded by nature of the operation or the operational environment. For example, a Category 1 operation may be the within line-of-sight inspection of a cell tower, where the presence of manned aviation can be excluded due to the presence of the cell tower. Category 2 includes Category 1 hazards as well as moving (ground-based) vehicles and other sUAS. An example would be a Beyond-Line-of-Sight (BLOS) inspection of a powerline, where manned aviation can still be excluded, but where there is a potential of encountering another sUAS. Category 3 further includes manned aviation - air transport as well as “Low and Slow” aircraft - in addition to Category 1 and 2 hazards. An example of this type of operation would be a BLOS inspection of a pipeline; the operation could no longer “take credit” of any infrastructure to mitigate the possible hazard of manned aviation. High-level system requirements for equipment that helps in the mitigation of operational hazards are derived for each operational category. Category 3 operations are of particular interest since they have the potential of interacting with manned aviation either within the UTM airspace, or during operations near the interface between the UTM airspace and the airspace immediately above it (usually Class G or E airspace). This introduces additional system requirements related to the interoperability of the two traffic management systems, which are explored in the last section of the paper. Specifically, if the sUAS is transmitting position and velocity information, that information must meet accuracy and integrity requirements in order for it to be used in separation assurance functions. If the sUAS uses position information received from another aircraft to execute collision avoidance maneuvers, those maneuvers must be coordinated with the maneuvers that are being executed onboard the manned aircraft. Similarly, if the sUAS uses a navigation system to ensure conformance to certain airspace and routes, this navigation system becomes a safety critical component, and must thus meet applicable performance standards. The derivation of lower-level system requirements for specific operations within each category is left as future work.