978-1-4799-1622-1/14/$31.00 ©2014 Crown 1 Quantification of High Level Safety Criteria for Civil Unmanned Aircraft Systems Xunguo Lin & Neale L. Fulton CSIRO Computational Informatics GPO Box 664, Canberra 2601 ACT, Australia +61 2 6216 7052 Xunguo.Lin@csiro.au Mark E.T. Horn CSIRO Computational Informatics Locked Bag 17, North Ryde NSW 1670, Australia +61 2 9325 3236 Mark.Horn@csiro.au Abstract — The civil Unmanned Aircraft System (UAS) sector is growing rapidly, with a notable orientation towards applications considered too dull, dirty, dangerous or demanding for conventionally piloted aircraft. Operations in this sector present hazards of two main kinds: to other aircraft, and to people and property overflown by UAS. Methods currently used for assessing these hazards and for managing safety and risk are less than comprehensive. This paper commences with a review of existing High Level Safety Criteria for UAS, including safety metrics, hazard metrics and risk metrics for manned aircraft operations and other modes of transportation. A set of quantified risk criteria for UAS operations is then developed, consistent with the As Low As Reasonably Practicable (ALARP) risk management framework used in current regulatory practice. TABLE OF CONTENTS 1. INTRODUCTION ................................................ 1 2. SAFETY AND HAZARD METRICS ....................... 2 3. RISK METRICS AND ALARP FRAMEWORKS ... 3 4. EXISTING QUANTIFIED CRITERIA .................... 7 5. DERIVATION OF RISK CRITERIA ..................... 7 6. CONCLUSIONS .................................................. 9 GLOSSARY.......................................................... 10 APPENDIX A ....................................................... 11 ACKNOWLEDGEMENTS ...................................... 11 REFERENCES ...................................................... 11 BIOGRAPHY........................................................ 13 1. INTRODUCTION An Unmanned Aircraft Systems (UAS) is defined as “an aircraft and its associated elements which is operated with no pilot on board ” [1]. The term Unmanned Aerial (UA) refers more specifically to the aerial vehicle within an UAS. Recent advances in communication, navigation and computer processing technologies have made UAS increasingly viable in applications that may be characterized broadly as “too dull, dirty or dangerous” for Conventionally Piloted Aircraft (CPA) [2]. Examples include persistent surveillance, search and rescue, environmental surveys, and infrastructure monitoring. The routine use of UAS for such purposes clearly requires assurances as to the safety of their operation alongside other airspace users and over inhabited areas. For CPA, these assurances have been provided through regulations applied to the design, manufacture, maintenance and operation of the aircraft. National Aviation Authorities have yet to reach consensus on a similar framework of regulations for UAS, and in their absence, have mandated significant restrictions on their operations. The development of regulations that will permit the safe and routine operation of UAS in non-segregated airspace is a significant challenge, and arguably is a pre-condition for the development of UAS as a viable industry [3], [4]. The specification of High-Level Safety Criteria (HLSC) is an essential step towards the formulation of a rigorous regulatory framework for a technology such as UAS. The contributions of the present paper are twofold: to review the diverse range of HLSC that have been proposed already; and then, based on this review, to recommend and quantify a set of HSLC for application in the Australian airspace system. The paper is limited to civil UAS because of the major substantive and legal differences between military and civil applications, hence the need for different regulatory approaches for military applications. In this paper’s consideration of HLSC, a particular type of harmful event is called a hazard. The focus is on hazards to human life, in line with standards set by the International Civil Aviation Organization (ICAO). Risk refers to the estimated incidence of harm due to a hazard in the system under consideration, and a safe system is one for which the risk is acceptably small. It is useful also to distinguish between risk metrics and criteria. A metric is a measure applied to the observed attributes of a system (e.g., number of fatalities per annum). A criterion is a limit on a metric used in assessing system performance, typically by a regulatory body (e.g., an upper limit on risk expressed as a maximum acceptable number of fatalities per annum). In general, the risk metrics and criteria relevant to the present paper are of two main types. Operations-based measures refer to the frequency of damage, as exemplified by the number of fatalities per million flight hours or landings. Such measures are also sometimes classified as “Target Level of Safety” (TLS), although this term more properly applies only to risk criteria expressed in operations- based terms (e.g., maximum fatalities per million flight hours).