Shared Skies: Safe Integration of Remotely
Piloted Aircraft
Challenges for Safely Operating in the National Airspace System
Submitted by Captain Sean Cassidy, ALPA First Vice President
During the past 100+ years of aviation history, several innovations have greatly advanced the
progress of aviation such as radar, the jet engine, and the Global Positioning System (GPS).
While Remotely Piloted Aircraft (RPA) show equal promise to become an extremely
transformative “game changing” technology, in order for RPAs to meet their full potential there
are many challenges that must be met to ensure an integrated world of RPA operations meets or
exceeds the high level of safety we currently realize in our national air space system today. For
the purposes of this discussion the term RPA will be used interchangeably with those associated
with Unmanned Aircraft Systems (UAS) and Unmanned Aerial Vehicles (UAV) as well as other
variations of those terms.
Background
The development and use of RPA has a history that exceeds fifty years. Throughout this
timeframe, however, the development and use of such systems has been primarily limited to
military organizations. Operations were conducted in either segregated airspace, such as Special
Activity Airspace (SAA), in combat areas, or other hostile environments. Since the terrorist
attacks of September 11, 2001, technological advances in electronics, airframe construction,
surveillance techniques, and other related areas have resulted in unprecedented growth in the
interest in and development of RPA for both military and commercial purposes.
The RPA currently used by the military services, other government agencies, and civil
enterprises are significantly advanced in both size and operational capabilities when compared to
their predecessors. They have an operational envelope ranging from extremely low level flying
to altitudes and endurance well beyond that of typical civil aviation aircraft. The airframes of
these aircraft vary from fixed- and rotary-wing aircraft the size of the smallest hobby aircraft, to
fixed-wing turbojet and propeller-driven aircraft with wingspans in excess of 100 feet. In
addition, there are lighter-than-air and vertical thrust designs, adding to the challenge of
developing standards for operation. These aircraft are used primarily for surveillance, border
patrol, anti-terrorist surveillance, military strategic and tactical missions, and weapons delivery.
Proponents have advocated using RPA for highway traffic control, search and rescue, pipeline
and critical infrastructure surveillance, environmental monitoring, agricultural application,
medical supply and pathology sample transport, small package delivery and a host of other civil
uses yet to be developed.
1
The benefits RPA provide, especially for national defense and law enforcement, are significant.
However, the introduction of such aircraft into an integrated national airspace system represents
an entirely new concept that has the potential, if not done correctly, to degrade the safety of both
commercial and general aviation flight operations. Consequently, the desire to use new
technologies or concern for national security alone cannot be the rationale that dictates the
operational concepts and procedures for mixing public use and commercial civilian RPA with
existing civil flight operations without implementing the required safeguards.
The scope of the interest in RPA is now expansive, with aggressive development efforts
underway in a number of nations. This is most clearly demonstrated by the FAA Modernization
and Reform Act of 2012 in which the U.S. Congress directed the FAA to provide an interim
“road map,” commission six test sites in the U.S. to evaluate non-segregated RPA operations and
ultimately come up with a regulatory plan for integrated RPA operations by September 30th,
2015. Although there is considerable activity to develop standards, there are no internationally
agreed upon standards for the design or manufacturing of aircraft, control stations or control
devices, operating software, means of communications between the pilot and aircraft or pilot and
air traffic management system, and the training and certification of pilots.
To that end, the International Civil Aviation Organization (ICAO) has published Circular 328 to
help guide the development of harmonized standards and practices for RPA. That document
states in pertinent part:
The goal of ICAO in addressing unmanned aviation is to provide the fundamental
international regulatory framework through Standards and Recommended Practices
(SARPs), with supporting Procedures for Air Navigation Services (PANS) and guidance
material, to underpin routine operation of RPA throughout the world in a safe,
harmonized and seamless manner comparable to that of manned operations. This circular
is the first step in reaching that goal.
While we are aware of a number of accidents and significant incidents involving RPA,
accessibility to public-use RPA accident/incident data is limited. Inasmuch as the nongovernmental use of RPA is in its infancy, there is no detailed publicly available data on accident
or incident rates for RPA. However, the accident/incident history that is public, regardless of
rate, suggests the need for more robust safety standards before RPA can be considered “as safe”
as other users of the airspace. This leads us to highlight some of the challenges to safe
integration.
Safe RPA Integration Means Equivalent Flight Standards
Safe integration means meeting the equivalent of well proven manned flight standards. In late
2004, the Aircraft Owners and Pilots Association (AOPA) asked RTCA and the FAA to convene
special committee (SC) 203 on RPA which has since been replaced in 2013 by SC-228. Industry
participants include RPA manufacturers, potential operators, general aviation, and other airspace
users who were tasked with developing performance standards for overall RPA systems and
2
subsystems. In particular, the group is now developing standards for detect-and-avoid equipment
that is expected to allow compliance with the 14 CFR Part 91 requirement for “see and avoid”
and another for the minimum standards for RPA command and control and communications.
While some manufacturers contend that RPA are not aircraft and that the “operator of the RPA in
flight” is not a pilot, the FAA has not supported these concepts. Nick Sabatini, former Associate
Administrator for Aviation Safety, stated at the opening of RTCA SC-203:
“…the aviation version of the Hippocratic Oath must also apply here: First, do no harm.
In introducing unmanned aircraft systems to civil airspace we must first do no harm —
have no adverse impact to those thousands of aircraft already operating in the NAS.
…With the burgeoning civil market, and the desire to “file and fly” these aircraft in a
manner so that they are transparent to other airspace users, a new FAA paradigm must
emerge. This paradigm includes a methodical introduction of civil RPA into the NAS
demonstrating a level of safety equal to or exceeding that which exists today.”
To attain the Target Level of Safety, an evolving process of understanding the design and
limitations of the aircraft will be required so that appropriate levels of safety assurance can be
developed. Most importantly, authorities must not limit the scope of approval to certification of
just the aircraft, but also the complete system, including the data link infrastructure, ground
control station, as well as the pilot/controller communication components. The list of mandatory
areas must include:









Licensing and medical certification standards for pilots,
Certification standards for RPA and associated equipment
Assurance of compliance with rules of the air,
Ability to safely operate during periods of degraded or lost control and communication
between the ground station and the RPA,
Ability to Sense and avoid all other traffic in order to comply with existing FARs,
Ability to maneuver to maintain required separation and avoid collisions with other
aircraft,
Ability to perform and maneuver comparably to other aircraft,
Ability to operate in congested air traffic areas without requiring extraordinary
surveillance or control, thus taxing an already overburdened ATC system, and
Ability to detect and avoid weather. This is a more acute problem for RPA than other
aircraft because RPA are not designed with the same all-weather-capability systems to
deal with thunderstorms, wind shear, icing, hail, etc., as are other aircraft in the airspace.
Safe RPA Operations Must be Multi-Layered and Team Focused
Moving beyond the establishment of technical and regulatory standards, safe RPA integration
must embody a multi-layered approach to operations with a focus that goes beyond just the
airborne portion of the flight to recognize the importance of all phases of the operation. In
current manned commercial operations, the pilot, who plays a critical role, is still only one
member of an extensive team of professionals which is part of a comprehensive safety process,
and that process begins well in advance of when the engines are started. In commercial aviation,
3
which has repeatedly set the high mark worldwide for transportation safety, that team includes
operations representatives, licensed maintainers, dispatchers and controllers, and other support
staff too numerous to mention. The net result is that a comprehensive safety assurance system,
one which embodies many checks and balances and constant oversight, is in motion well in
advance of when the pilot starts performing his pre-flight duties. That safety assurance system
includes airworthiness inspections, routing and weather evaluation, aircraft performance
calculations, etc. This multi-layered approach to safety is a system which has evolved over
many decades and embodies many lessons learned, and it involves literally hundreds of steps
taken to ensure a safe and successful flight.
Ground operations are often more risk prone than they appear and thus the safety issues are easy
to overlook. Consequently, the team overseeing the RPA operations must be ready to encounter
a host of often complex challenges. Congested ramp operations, changing ground clearances and
runway assignments, and impromptu aircraft service requirements add additional layers of
complexity before the aircraft ever leaves the ground. And for the extremely dynamic airborne
phase of operations, even with the significant benefits that improved technology in command,
control and onboard detection systems will provide in meeting operating restrictions and
mitigating risk factors, those are just the entry point in ensuring safe and successful RPA
operations. This is due to the high level of complexity inherent in normal flight operations, not to
mention irregular ones. This means that whoever is tasked with flying and supporting the RPA
must be fully engaged throughout the entire operation to replicate the same level of detail,
continuous requirement for decision making and constant need for information that manned
pilots deploy in addition of course to the basic requirements of operating the flight controls and
flight management systems. Simply put, for all their benefits, these technologies should not be
viewed as devices that get the operators closer to being able to “set and forget” due to their
capabilities but rather valuable tools in a fully integrated, multi-layer approach to flight
operations that can draw valuable lessons from those in operation today.
Exporting the Flight Deck to the Ground
A pilot on board an aircraft can see, feel, smell and hear many indications of an impending
problem and begin to formulate a course of action before even the most sophisticated sensors and
indicators provide positive indications of trouble, so he is naturally equipped to handle many of
the operational complexities that accompany every flight. The challenge for safe, integrated
RPA operations thus becomes how to capture the situational awareness and sensory cues one
develops through experience in the flight deck and export those to the pilot flying the RPA. It
also involves developing a keen understanding of the attendant human factors and decision
making process involved in manned and unmanned flight and the sense of gravitas that all
manned pilots understand since they have “skin in the game” when they are in the flight deck.
The U.S. Air Force has taken a very proactive approach in meeting this need through an ab initio
training syllabus that has their RPA pilots begin their training in a manned aircraft where they
develop basic airmanship and instrument skills, and get a first-hand understanding of the
performance limits of their aircraft. This approach to training unfortunately is not the norm, for
in contrast to the highly skilled military pilots and selected manufacturers’ pilots that operate
4
platforms such as the Global Hawk and Predator in the NAS, the Army and Marines fly their
smaller RPA using non-pilot “operators” who often have little to no traditional pilot training.
Some currently discussed plans for RPA operations also would allow a single pilot to control
more than one aircraft, leading to an increased potential for being distracted from trouble on one
simply by having to conduct normal operations on another. This would introduce unnecessary,
unacceptable and completely avoidable risk into the airspace system. All these issues must be
better understood and resolved as part of any road map to integrated operations.
Safe Integrated RPA Operations Must be Physically and Digitally Secure
After the unforgettable events of 9-11, in which we witnessed the deliberate use of commercial
airliners as weapons of mass destruction, the government along and the aviation industry were
compelled to develop a different mindset about the potential uses of aircraft and adjust their
security measures accordingly. This lead to new regulatory requirements for fortified flight deck
doors on airliners as well as the creation of an armed pilot protective force and new crew training
measures designed to counter threats inflight, to name just a few of the changes.
As RPA operations grow in size and complexity, if they are to safely cohabitate airspace with
manned operations and fly over densely populated and sensitive areas, the entities seeking to
operate them will have to pursue a plan of action that creates an overall level of security
equivalent to that which currently exists in the NAS, because unmanned aircraft, even those of a
fairly modest size, clearly have the capability to inflict significant damage if flown into a
sensitive area, a structure or another aircraft. The act of simply flying through a very high traffic
zone such as class B airspace around a major airport without any authorization and coordination
also can create significant system disruptions and reduce the levels of safety in those extremely
dense operating areas.
In many respects this security challenge may be even more daunting because unlike manned
operations where there is a process of training, certification and checks that serve as gates to
getting access to bigger and more complex aircraft, not to mention some of the physical aspects
of airports that create additional layers of physical protection, the controls to an RPA could much
more easily end up in the wrong hands if proper precautions are not taken. This means that
operators must not only safeguard against unauthorized access while the controls and RPA are
unattended, but they also must safeguard against the very real possibility that a pilot or pilots
flying an RPA could be forced against their will to use the RPA for very insidious purposes.
Turning towards cyberspace, since the RPA is essentially a flying computer which
communicates with another ground-based computer system tasked with carrying out commands
input by the pilot, an emerging threat which has recently come into focus is that of cyberwarfare.
While the military has dedicated considerable resources in security assurance programs designed
to lock down software and protect against signal corruption, these kinds of resources and
technology will likely not be as readily accessible to commercial operators who wish to gain
access to integrated airspace. In manned operations, the pilot on board always retains the ability
to take over manually if the automation is not performing as intended. The fact that normal (non-
5
lost link/fail safe mode) RPA flight operations are wholly dependent on the digital
communications must be evaluated for potential risk factors, and those risk factors must be
understood and where necessary mitigated as part of any plan for safe RPA integration.
Conclusion
The benefits of RPA are obvious, and we are clearly entering the age in which we will witness a
significant increase in unmanned flight operations. A primary focus of this transition, if it is to
be done in the most effective manner possible, is that the term “unmanned” flight must not be
misconstrued to mean “unpiloted” flight because of the critical role pilots play regardless of
whether they are physically located in the flight deck or in a ground control station. Safe RPA
integration means that we must continue to seek or improve upon the current level of technical
standards, operations plans, pilot training and security that is the hallmark of the safest form of
transportation in the world-- a system that took many decades to create and continues to evolve.
Safe RPA integration means that demonstrably equivalent standards must be the underlying
driver behind any implementation timeline or roadmap for operations in the NAS.
6