The Defense Department for the first time has published comprehensive safety guidelines for the design and operation of joint-service unmanned vehicles.
The document, titled, “Unmanned Systems Safety Guide for DOD Acquisition,” lists dozens of safety rules that should be followed by designers, engineers, manufacturers and operators of military robots, including unmanned aircraft and ground- and sea-based vehicles.
Extensive safety rules and regulations already exist within the Defense Department and each military service, but this latest set of guidelines primarily are aimed at future “joint” systems that would be built and employed by more than one service.
Mark Schaeffer, the Defense Department’s director of software and systems engineering, was in charge of drafting the safety regulations.
“Prior to the publication of this document, there was no guidance for joint systems,” said Elizabeth Rodriguez-Johnson, special assistant for safety at Schaeffer’s office. The organization reports to the deputy undersecretary of defense for acquisition, technology and logistics.
“With the ever increasing proliferation of unmanned systems, ground, air and sea, and with the growing complexity of these systems, including the capability to release weapons, it was essential that the Defense Department establish general safety guidelines for use by all services and manufacturers to help ensure the safe design and use of these systems in all operating environments, including joint military and commercial environments,” Rodriguez-Johnson said.
Each service has different safety standards, so an unmanned system that is employed by the Army and the Air Force, for example, has to go through separate safety evaluations from each service. The introduction of joint-service safety standards can now save substantial costs and accelerate the delivery of unmanned systems, Rodriguez-Johnson says.
Most unmanned vehicles that currently are in operation — more than 3,000 in Iraq — were developed, tested and built by individual services, but in the future the Defense Department expects that more systems will be joint. These joint programs will be required to comply with the new safety guidelines before they get a seal of approval from the Pentagon’s acquisition office, says Rodriguez-Johnson.
In addition to the unmanned systems guide, Shaeffer’s office has written a new policy for safety reviews for U.S. Special Operations Command weapon systems. The document has been sent to the acquisition executives of each military service and is awaiting final approval.
A centralized safety review has long been sought by SOCOM, which operates weapons systems from all services. Each service has different safety standards, so a SOCOM weapon system had to go through separate safety evaluations from each service. A consolidated safety review process can cut substantial costs and accelerate the delivery of weapon systems, Rodriguez-Johnson said.
A $4 million shoulder-fired missile program, for example, was able to save SOCOM as much as $500,000 and several months by following the joint safety review process and avoiding multiple service evaluations. “We are working to institutionalize the process with the services and SOCOM,” said Rodriguez-Johnson. She stressed that the services are not being asked to relinquish any autonomy. “We just have to work together, in more of a joint, collaborative manner.”
Schaeffer’s group also is working on a broader joint service weapon safety review guide that will expand on the one developed for SOCOM. It will apply to weapons and lasers that are handled, transported, or stored in joint operations or deployments. The guide is expected to be completed by mid-2008.
The unmanned vehicle safety guidelines were developed by design and system safety engineers from the Defense Department, Army, Navy, Air Force, Marine Corps, National Aeronautical and Space Administration, National Institute of Standards and Technology, private industry and academia.
The Marine Corps’ Gladiator unmanned ground vehicle was developed following these joint guidelines, and successfully passed a safety review in June, said one of the project’s contractors.
The dramatic expansion of unmanned vehicles in military operations was a major consideration in the drafting of the safety guidelines, as well as the frequent use of unmanned aircraft to fire weapons.
“Recent initiatives to employ unmanned systems as weapons delivery platforms revealed new or additional risk in the control of the weapons,” says the safety guide. For instance, without direct human control or intervention, a weapon could potentially be delivered to a target that is no longer hostile, whereas a human could have recognized the change in target profile and not delivered the weapon.
“Additionally, using unmanned platforms to investigate or operate in an unknown environment that turns out to be contaminated with chemical, biological or radiological waste could result in exposing those humans retrieving the unmanned system.” Also, says the guide, an unmanned system “may be constructed of materials and components that may present inherent hazards, such as hydraulics, pneumatics, or high-level radio frequency emitters.”
Weaponized unmanned vehicles present “significant and complex dangers to humans,” the document says. Typical safety concerns include loss of control and communications with the vehicle, unsafe returns to base, unexpected human interaction, inadvertent or erroneous firing of weapons, enemy jamming or taking control of the vehicle, and vehicle exposure to radiation or biological contamination.
The guidelines that the Defense Department published take into account the fact that many of the safety concerns related to unmanned vehicles already have been addressed by other Pentagon or service-specific policies and regulations.
But a handful of issues, the safety panel found, had not been tackled by any existing Defense Department or service-specific policy.
The new safety guidelines require that unmanned vehicle operators or any personnel involved in the recovery of the vehicle be properly trained to determine if the vehicle has been exposed to any hazardous agents or radiation. “The unmanned system shall be considered unsafe until a safe state can be verified,” says the policy.
Another rule would require that any weapons, lasers or emitters be loaded on unmanned vehicles “as late as possible in the operational sequence.” The intent is to “limit the exposure of personnel to a potentially high risk condition.”
In response to worries about enemies taking control of U.S. robots, the policy states that unmanned vehicles “shall be designed to only respond to fulfill valid commands from the authorized entities.”
Not every robotics system in use today is designed to comply with this rule. During tests involving two ground robots with two ground control stations, the controller of one vehicle was able to log in and control the second one without effectively validating that he was an authorized entity.
The Defense Department guidelines also call for all unmanned systems to be designed so that power systems used to release a missile from an aircraft are isolated from weapons or ordnance initiation circuits for as long as possible before a vehicle takes off on a mission. This would prevent the unintentional ignition of the rocket motor from an electrical short until as late as possible in the operation.
Unmanned systems also should be designed so that each piece of critical software has only one intended function. “The intent of this precept is to ensure safety critical code does not contain ‘dead code,’ otherwise there is a risk of invoking unintended functionality,” says the policy.
To prevent the inadvertent firing of weapons, the policy instructs that unmanned systems be designed so that more than a single command is required to fire a weapon or abort the mission. The document says that a “weaponized unmanned system requires the authorized entities to take three independent actions to fire weapons. Therefore, to inadvertently fire the weapon, three inadvertent actions or errors by the authorized entities would be necessary.”
Another measure intended to avert an unpremeditated weapon launch would require a minimum of two independent and unique validated messages in the proper sequence from the authorized operators. Both messages should not originate within the vehicle’s launching platform, says the policy.
The safety guidelines point out that the high value of unmanned vehicles — not only what it costs to build them but also the sensitive data that they carry — should compel designers to make sure the vehicles can be reclaimed after mishaps or crashes. “Design features should be included to ensure safe recovery of the unmanned system, ancillary equipment and unexpended weapons stores,” the policy states.
The document “Unmanned Systems Safety Guide for DOD Acquisition” has been posted at www.acq.osd.mil/atptf/.
Please email your comments to SErwin@ndia.org