PhD Throwback Series
The Series
This is the third and last article of my PhD Throwback series. In the previous thought-piece, I presented the application of the RiskSOAP methodology to a road tunnel, whereas this is a case study of drone safety, which was conducted in collaboration with my good friends and colleagues Tassos and Nektarios. The paper follows chronologically from my PhD research and adopts a similar approach to RiskSOAP; that is, a gap analysis between the optimal system configuration and the actual one.
This article will give you a flavour of the analysis and its findings, but you can also access the full paper here:
Part #3 - To what extent do drones “embed” safety?
The Context
Drone market contributes billions to the global economic growth. Although a broad range of industries use drones (e.g. agriculture, energy, mining, construction, real estate, news media, and film production), the highest growth is observed for recreational reasons. However, it seems that the increase of drone sales has brought new safety challenges. Aviation authorities and police departments have been receiving reports for drones flying near airplanes and helicopters or close to airports without permission. In the last two years, there is a sharp increase in reporting inadvertent events, where mid-air collisions comprise a major risk and security breaches are of high concern. Also, injuries or property damages resulting from drone flights overpopulated areas are not atypical. Small drones are frequently affordable and capable of carrying cameras, lightweight cargoes or other equipment over areas where people on ground are unaware of drones flying overhead.
Having recognised the risks posed by drone operations, a wide spectrum of stakeholders such as military, police and civil aviation authorities, companies and manufactures have developed and/or used anti-drone procedures, measures and technology. The Dutch Police has trained falcons against small drones; tracking systems follow small unmanned vehicles, and jam their sensors and signals, leading the drone to crash; nets operated by humans on ground or airborne robots are wielded against drones. Recently, the Federal Aviation Administration (FAA) has tested an Anti-UAV Defence System, which has been selected for the evaluation at US airports as part of its Pathfinder Program. This program is designed to evaluate technologies that can be used to detect and identify unauthorised Unmanned Aerial Vehicles (UAVs) or drone flights near airports.
Although accident and incident reports unveil the potential of drones to threaten public safety if not properly managed, it seems that a reactive approach has bloomed, based mainly on oppression and suspension. Yet, a common regulatory framework based on a systemic risk assessment is missing; the majority of the directives and regulations applied to different countries focus on the drone user, without having yet completely addressed small drones’ design and certification, or the responsibilities of the authorities. Furthermore, as it is presented in the literature review and discussed in the respective section in the full paper (cited above), published hazard analyses are not visibly based on systemic approaches that address, in a holistic manner, the responsibilities of all actors contributing to drone flights, such as manufacturers, authorities and drone operators.
The Method
Considering the safety challenges in small drone operations and the absence of a corresponding comprehensive risk analysis framework, this paper presents the complete results of a preliminary study and its scope is fourfold:
First, it presents a set of safety requirements generated from the application of the Systems Theoretic Process Analysis (STPA) method and assigned to the authority, manufacturer, end operator and drone automation levels.
Second, we performed a gap analysis between the set of safety requirements and the ones met by 19 popular drone models in order to show how much safety those models “embed”.
Third, we statistically compare the same drone models pairwise, in regard to the safety requirements they meet as a means to present the extent of the respective differences, and we searched for any variations across manufacturers and countries of origin.
Fourth, we explore the association of drone prices with the extent they meet those requirements.
The Study
In order to identify the hazards and the associated causal factors in the operation of a small-drone system and to derive respective safety requirements, we applied STPA. Table 1 and Figure 1 show the preliminary steps of STPA. Namely, in Table 1 we identify the accident, high level hazards and the corresponding safety requirements, whereas Figure 1 depicts the safety control structure. The full analysis can be found in the paper referenced above.
Table 1. Preliminary steps of STPA
Figure 1. Control structure for a generic small-drone system
STPA led systematically to the identification of 20 hazardous states and 31 causal factors associated with 3 high-level safety hazards in the operation of a small-drone system, and drove the generation of 70 safety requirements distributed across the authority, manufacturer, end-user and drone automation levels. Those requirements were grouped into four categories, i.e. authority, manufacturer, end-user and drone automation, and the ones of the last three categories were used as a benchmark to assess the safety “embedded” in 19 small drones of the current market.
The requirements proposed in this study cover a range of hazards and causal factors that are not yet explicitly and holistically addressed in published risk analysis and regulations (e.g. language of display and manual, end-user’s familiarisation and abilities, interference, overwhelming of the operator with multiple alerts and messages, environmental conditions etc.). The set of the safety requirements derived by the STPA results might serve as a reference for a harmonised approach to small drones’ design, certification and standardisation.
The gap analysis of the 19 small drones indicated high dissimilarities regarding the extent to which the drones meet the same safety requirements at the manufacturer, end-user and automation levels. It appears that the more expensive drones meet more safety requirements than the cheaper ones, and the more the requirements met by one system controller (i.e. manufacturer, end-user and automation) the more the requirements met by the rest of those controllers for the same drone model. These findings seem to reflect the effort of manufacturers to define restrictions and provide instructions about the safe operation of the system along with the support of the end-user with detailed operating manuals and automated functions. The more expensive models carry advanced technological characteristics which are expected to transfer task load and responsibility from the end-user to drone automation, thus enhancing the operator's awareness of the environment where drones are operated and achieving the recreational purposes of small drone flights while guarding safety. As the test results also suggested, the level of requirements’ fulfilment was not a matter of country of drones’ origin, but of individual manufacturer.
Discussion
The existing or under review regulatory framework for small drones focuses almost exclusively on the limitations that the user needs to consider, without the authorities having currently developed mechanisms to directly enforce and proactively monitor such limitations. The requirements and expectations imposed solely on the end-user might turn the main scope of flying a drone (i.e. leisure and passion for flight) into a complex socio-technical problem, which at the same time threatens public safety. Also, a strict regulatory environment focusing mainly on the responsibilities of the end-user might also discourage consumers to purchase small drones and, inevitably, impact the sustainability of the specific market. Nonetheless, today the protection against losses due to drone related events seems to rely mostly on the competency of the end-user to fly a drone safely and his/her vigilance to maintain the rules released by the respective authorities, or on reactive technological countermeasures.
Apart from the regulatory bodies, the challenges regarding the safety of UAVs have captured the attention of various academics, researchers and practitioners. Research is still ongoing and is expected to intensify as UAVs become more and more ubiquitous. However, to date, all published risk assessments for UAVs are based mainly on data collected from manned aircraft and not on a hazard analysis for small drones operated in uncontrolled airspace. Thus, the hazards lying in the interaction between the end-user and a small drone under various levels of automation have not been fully studied and adequately considered. In addition, little has been written in the literature about how to support the aviation community in the establishment of a regulatory framework grounded on a systematic and transparent analysis.
In this work, different responsibilities of the actors of the system were assigned per safety requirement as a means to suggest the level of control over the system under study, from authority to drone automation. In this manner, the end-user has not been the only focal point for safe small drone flights, as it is implied in current regulations and directives. Rather, the assignment of responsibilities across the system actors and their maintenance is paramount for ensuring public safety and minimising the need for devising countermeasures against drone flights.
The proposed method complements the existing risk assessment frameworks for small drones and contributes to the establishment of a commonly endorsed and shared risk analysis framework at an international level. Such a framework will support the development of a holistic and methodologically justified standardisation scheme for small drone flights.