AFuzion Wins Major Asian World-wide Aviation Services Contract (and Other News)

12 Jul

AFuzion is proud to win Asia’s world-wide competition for Avionics Development Services.

One of Asia’s largest aviation development companies  conducted a 2019 worldwide search for the best avionics development services company and chose … AFuzion.   Photo here of a few of their engineers at the first AFuzion meeting. This marks AFuzion’s 7th new Asian client in just the past six months.  AFuzion’s services include mentoring, consulting, DO-178C training and certification, DO-254 training and certification, and ARP4754A Systems/Safety deployment.  Also, AFuzion’s recently updated DO-178C Templates/Checklists and DO-254 Templates/Checklists are now in wide use worldwide, with over 7,000 engineers using them today … and growing.  In the past month, AFuzion has hired four new engineers:  all senior aviation, avionics, and safety veterans with 20+ years applied expertise each.  With all this growth comes additions to the corporate AFuzion office also:  a big welcome to Heather M in Web/Design, Matthew Kendall in Human Resources, and Davis Powell in Internal Operations – keep up all the great attitudes and hard work.

Also, thank you to everyone for requesting  new aviation development terms/explanations be added to our website. We followed your suggestions and added those terms along with AFuzion’s concise explanation for each. The updated AFuzion Tech Terminology for Aviation explanation page is updated and live here:  https://afuzion.com/tech-info/  

Also, AFuzion has added three new technical aviation development training courses on RTOS’s, Multi-Core Computing / CAST-32A, and AS9115A Quality Systems Management.  Each of these courses has been given at least three times in 2019 so far so thanks to all for suggesting we add these courses as well – keep your suggestions coming and AFuzion will do its best to follow-up.  AFuzion Aviation Development Training course information is available here: https://afuzion.com/training/

Finally, the annual IEEE Digital Avionics Systems Conference (DASC)  is coming to USA’s  San Diego September 8-11. North America’s largest avionics development technical conference with 50+ presentations, 15+ Tutorials, and amazing guest speakers/panels covering all the important topics.  Details here: https://2019.dasconline.org/pages/tutorial-schedule

AFuzion In Korea: YB Cho Presents AFuzion’s DO-178C / DO-254 Gap Analysis in Seoul

7 Jul

Mr. YB Cho of SOaR in Korea presented AFuzion’s DO-178C and DO-254 Services at Korea’s largest aerospace conference – July 2019. Say’s Mr. Cho “AFuzion’s world-reknowned DO-178C, DO-254, and ARP4754A services are well received and deployed in Korea. SOaR is pleased to be working with AFuzion bringing even more avionics certification services to Korea.” Additional details are found on the AFuzion homepage: https://afuzion.com/

Mr. YB Cho in Seoul Presenting AFuzion’s Solutions in Seoul’s largest aviation conference

Korea is a strong and growing aviation market, serving both military and civil aviation. Koreans favor DO-178C cost-efficiency and DO-254 fast time to market, so AFuzion’s ready-made DO-178C and DO-254 Templates for Plans, Standards, and Checklists are ideally suited to the Korean market. Korean companies have strong engineering, but appreciate AFuzion’s DO-254 Gap Analysis and DO-178C Gap Analysis to understand and then optimally close those gaps. Additional AFuzion Gap Analysis details are found here: https://afuzion.com/gap-analysis/

Adds AFuzion’s Vance Hilderman “AFuzion travels frequently to Korea, China, Singapore, Japan, and Malaysia to work with our clients there. In Korea, we’re very pleased to have Mr. YB Cho as our colleague. Our old technical whitepapers are widely distributed in Korea from folks who like yesterday’s old technology and don’t have their own, but the new AFuzion avionics development/certification whitepapers are freely downloaded from AFuzion’s site. Koreans (and the rest of the world) prefer the latest DO-178C and DO-254 information which is available freely on AFuzion’s site for download here: https://afuzion.com/avionics-safety-critical-training-whitepapers/

Free Tech Webinar June 27: “Top Safety-Critical Software Trends for 2020 & Beyond”

16 Jun

Fellow Engineers: Unless you’ve relocated to a monastery or are retiring this year (how boring!), you are concerned about the top safety-critical software trends. In this free technical webinar on June 27, 2019, AFuzion & Vector will share with you some of the best-kept secret (and some not well kept) trends for safety-critical software development. From faster development trends, to scalable architectures, to artificial intelligence, this one-hour webinar is important for virtually everyone. Choose one of three time slots – something for everyone. If you register, you can also watch the video later or forward to a friend; but only if you register. Free registration below. For technical safety-critical aviation whitepapers, download free at the AFuzion site here: https://afuzion.com/avionics-safety-critical-training-whitepapers/

Safety-critical development has rapidly emerged from its former specialty status to a mainstream juggernaut with tens of billions of Euros/Dollars in annual sales. While once a tiny specialized area, today’s IOT and reliability demands mandate “safety” throughout almost all areas of software development: automotive, aerospace, railway, industrial control, and even online transaction processing. Software cannot be made safe after it is developed so safety-critical and high-reliability software must undergo specialized design, validation, implementation, and verification: the very areas where technological change and evolution may appear to be diverging. So future safety-critical technological success requires an understanding of dynamics and predicting the future. This one-hour webinar provides AFuzion’s and Vector’s bold predictions for the near-future of safety-critical software development and what you’ll need to succeed. This webinar will address new technologies, methodologies, tools, and knowledge which will be necessary to compete in tomorrow’s world, today.

These are the registration links:

11:00am German time (2:30pm India) :  https://www.vector.com/de/de/events/global-de-en/webinars/2019/701120057-future-trends-in-safety-critical-software-development/

04:00pm German time  (10:00am US East Coast Time) : https://www.vector.com/de/de/events/global-de-en/webinars/2019/701613406-future-trends-in-safety-critical-software-development/

08:00pm German time: (11:am, US Pacific Time) https://www.vector.com/de/de/events/global-de-en/webinars/2019/706095681-future-trends-in-safety-critical-software-development/ ority49 \lsd

Safety-critical development has rapidly emerged from its former specialty status to a mainstream juggernaut with tens of billions of Euros/Dollars in annual sales. While once a tiny specialized area, today’s IOT and reliability demands mandate “safety” throughout almost all areas of software development: automotive, aerospace, railway, industrial control, and even online transaction processing. Software cannot be made safe after it is developed so safety-critical and high-reliability software must undergo specialized design, validation, implementation, and verification: the very areas where technological change and evolution may appear to be diverging. So future safety-critical technological success requires an understanding of dynamics and predicting the future. This one-hour webinar provides AFuzion’s and Vector’s bold predictions for the near-future of safety-critical software development and what you’ll need to succeed. This webinar will address new technologies, methodologies, tools, and knowledge which will be necessary to compete in tomorrow’s world, today.

For detailed Technical Aviation Certification terms, see AFuzion’s Tech Terms page here: https://afuzion.com/tech-info/

Avionics Engineers: Plan your September Travel to San Diego for America’s Largest Development Conference: DASC 2019 !!

8 Jun

Fellow Avionics Engineers – you likely know last year’s Digital Systems Avionics Conference (DASC) in London drew hundreds of engineers.  This year 2019 is in our own backyard of San Diego, Sept 8-12.  Dozens of technical presentations, plus ½ Day Tutorials on Aviation Systems ARP4754A, Avionics Safety ARP4761, Cyber-Security DO-326A, and Software/UAV’s for DO-178C.

Yes, “on the water” of San Diego’s Mission Bay with ½ price hotel rooms available for a couple more weeks – bring the family and plan your vacation around this one.  I am, so see you there!

Click Here for DASC 2019 Info: https://2019.dasconline.org/

The (un)Lucky 13 Aviation Safety Commandments!

13 Apr

The 13 (un)Lucky Commandments of Aviation Safety

Ethiopian Airlines Flight Remains post-Crash, March 2019

Fellow Aviation Engineers – I was discussing recent aviation headlines with our AFuzion senior engineering staff and it’s unanimous: the past six months are the historic Tipping Point which will be spoken of for the next 100 years. Remember your school Physics class and the video of the failing Tacoma Narrows Bridge emphasizing the need for safety via resonant frequencies? If you don’t know that one, you are either not an engineer or you skipped class that day.  Similarly, most of us have heard of the 10 Commandments received by Moses … Well, did you know there are ‘AFuzion’s Thirteen Commandments of Aviation Safety 2020”? If not, keep reading …

Yes, times were simpler back in Moses’ day – the aviation technology world is far more complex so an (un)lucky 13 Commandments are required. Our aviation great grandchildren will be discussing 2019 one hundred years from now as well. Perhaps we will have actually learned from these Thirteen Commandments of Aviation Safety for 2020. Yes, these are directed at the Boeing 737 MAX disasters, and specifically how we can learn from and apply these Thirteen Commandments; just as bridge design changed after the Tacoma Narrows disaster, aircraft safety, design, and oversight will be forever changed starting today. Hopefully. But only if we all understand and apply these Commandments. So here, I’ve summarized them for all current and future aviation engineers: for the next 100 years …

The (un)Lucky 13 Aviation Safety Commandments:

1.      Follow mandatory ARP4761 for Development Assurance Level (DAL) Assignment. When the safety assessment provided to FAA and EASA states the 737 MAX MCAS will only adjust the Horizontal Stabilizer by 0.6 degrees and then the airframer changes it during flight testing to 2.5 degrees x 2 activations = 5 degrees, that is a fundamentally different design and Major safety impact. Such requires a formal Functional Hazard Assessment (FHA) update and a DAL reassessment, in this case resulting in a DAL of “A” (1 x 10—9) probability instead of DAL B (1 x 10—7) or DAL C (1 x 10—5) as was originally specified and approved. Remember: the United States 14 Code of Federal Regulations (CFR) 25.1309 is not optional and this failure violates the “Update Safety Assessment Continually Commandment”.

2.     Utilize mandatory redundancy for critical systems. When people can die, the Development Assurance Level is A if the failure can cause a plane to crash or Level B if passengers can die. For Level A and B, the required reliability is met via redundancy. Yes, the 737 MAX was equipped with two sensors (redundant), but MCAS only actively used one of the sensors thus violating the “Redundancy Commandment”.

3.      Follow mandatory ARP4754A processes for System Requirements. Software is only as good as the System requirements mandated to precede it. Those System requirements must include Safety and derived requirements from the FHA and Preliminary System Safety Assessment (PSSA) per ARP4754A. This includes power-up testing of the Angle-of-Attack sensor, redundancy requirements, and pilot display/awareness requirements. The 737 MAX system requirements missed this Commandment therefore its software was doomed; subsequent patching (changing) of software to address missing Systems requirements is just another form of broken “System Commandment”.

4.     Implement both Continuous and Power-up Built-In-Test (BIT) on Power-up to test both Angle-of-Attack (AOA) Sensors and mismatches. When the sensor angle outputs differ by more than a nominal calibration amount (1-2 degrees), either both sensors should be deactivated with an accompanying pilot annunciation and MCAS deactivation, or a 3-sensor voting design should instead be deployed as befitting the MCAS system’s true DAL A FHA designation. Failure to consider these is a clear violation of “ARP4754A’s Continuous Safety Update Commandment”.

5.      Follow mandatory System Safety Assessment (SSA) ARP4754A/4761 FMEA and MTBF calculations to determine the AOA sensor reliability was insufficient for DAL B let alone DAL A; use this finding to update the design and apply to an updated PSSA thus requiring active sensor redundancy usage. Failure to do this violates the “ARP4761 FMEA/MTBF Validation Commandment”.

6.      Implement Built-In-Test (BIT) on Power-up to test both Angle-of-Attack (AOA) Sensors and mismatches. Evidence indicates the active LionAir sensor was off by 20-degrees while the plane was still taxiing yet such result was not actively used in MCAS system deactivation or pilot annunciation; this violates the “ARP4754A Derived Safety Requirement Commandment”.

7.     Follow rules for mandatory display of aircraft safety conditions including explicit pilot annunciation of MCAS Activation. When flight data recorders yield soon-to-be-dead pilots thumbing through operating manuals to determine what’s going on, it’s clear the 737 MAX pilots were not informed of MCAS system activation whose AOA sensor failure plunged them to the surface. Boeing previously had an enviable record deploying aircraft where the pilot exercised primary control versus a more automated-avionics approach. While either approach is feasible, the pilot-in-command strategy (historic Boeing and 737 MAX training protocols) require the 737MAX pilots to be informed of MCAS activation. They were not and the resultant crashes result from violating the “Promote Pilot Situational Awareness Commandment”.

8.     Follow New Aircraft Cert rules for New Aircraft. When the 737 MAX aircraft revision and heavy new engines so significantly changes the Center of Gravity thus requiring a new system (MCAS) to compensate, this is a Major design change. Adding an all-new system to mitigate the 737 MAX’s higher stall probability is good, but this yields a New design with mandatory higher recertification standards and requisite mandatory pilot retraining with significant procedural and operating manual updates. Sneaking in a Major change via a Minor update violates the “Certification Transparency Commandment”.

9.     Pilot workload and situational awareness are the single leading cause of aviation safety incidents; in my personal pilot ground-school training, pilot procedures and situational awareness were the principal training focus. Mandatory ARP4761 FHA processes require an assessment of pilot workload; both 737 MAX disasters occurred minutes after takeoff during initial climb out and relatively low altitudes: a high-risk area for aviation safety and pilot awareness. ARP4761 requires consideration of flight phase and pilot workload; had this been properly performed during the 737 MAX and MCAS FHA, the MCAS system response should have lessened the automatic horizontal stabilizer deflection angle while simultaneously alerting the pilot. Remember, automatic descent initiation is obviously problematic when the aircraft is still climbing out after takeoff – the ground (water) is just 40 seconds away instead of 5-10 minutes. This failure violated the “Consider Flight Phase and Pilot Workload during FHA Commandment”.

10.  Keep Certification independent: Maintain FAA or 3rd Party (Independent Designated Engineering Representative) oversight and proactive involvement instead of increasing Organization Design Approval (ODA) fraught with incestuous schedule/profit driven motivations.   Yes, this requires more FAA work meaning more funding (the annual FAA funding game is the laughingstock of the aviation world, trust me). Listen to the senior FAA personnel who specifically complained about the lack of oversight else such violates the “Independent Certification Commandment”.

11.   Apply mandatory ARP4761 System Safety Assessment specifying 10—5 (or 10—7 if active DAL B) Mean-Time-Between Failure (MTBF) to AOA sensors. Affirm AOA manufacturer’s MTBF calculations via screening and retest at airframe integrator. The 737 MAX sensors should not have experienced two separate failures on new aircraft. Such poor sensor reliability violates the “Prove Device Failure Rate MTBF Assumptions via Screening and Testing Commandment.”

12.  Keep things simple: aircraft are designed for the Average pilot, not the Best (military-trained) pilot. Forcing a pilot to learn to override a system via control stick updates, motor cutoff and trim adjustments is stupid (the Lion Air routine on the day’s prior flight with a well-trained pilot hitching a ride in the jumpseat). Instead, simply display “MCAS Activated – Continue or Disable?” on Primary Flight Displays with quick access for pilots to disable. Otherwise we violate the “Keep It Simple for Average Pilots Commandment.

13.  When the plane almost crashes on Sunday (Lion Air) it’s not readily cleared for safe flight the next day Monday without fixing the problem. Period. Aviation safety is built upon Root Cause Analysis and if you could not find the root cause you certainly could not then analyze it. This violates the “Don’t Be Stupid. Period. Commandment.”

There: Thirteen Aviation Safety Commandments. Interestingly, these Commandments are Forgiving: Had the 737 MAX events violated only one, or only seven, or only 12 of these Commandments, it’s my opinion the two crashes could have been prevented. But when thirteen of thirteen Commandments are broken, it’s time to seek Forgiveness – but only after going back and learning Prevention. Because after all, requesting Permission really is better than requesting Forgiveness.

Author’s note: AFuzion normally sells its “Applying ARP4754A” whitepaper and “Applying ARP4761” whitepaper for $50 each. But in the interest of world aviation safety, these two papers are free for anyone to download from now through April 30, 2019. Simply go to the Whitepaper page on www.afuzion.com. Download for free here: https://afuzion.com/rp-4761a-introduction-avionics-safety/

Safe Skies, Vance Hilderman, CEO, AFuzion Inc.

New Cyber-Security in Aviation LinkedIn Group and record Cyber-Security Class Attendance in Munich

17 Mar

New Cyber-Security in Aviation LinkedIn Group has started (join below), and big Kudos to AFuzion’s Mr. Aharon David teaching a large Aviation Cyber-Security DO-326A / ED-202A full-day course at Europe’s largest aviation event: Aerospace Tech Week in Munich last week.

Aharon’s cyber-security expertise was enjoyed by a large group of class attendees who learned about aviation’s newest requirements for Cyber-Security.  Demand was so strong that seven more classes are added for 2019 including Madrid, Italy, and DASC/San Diego.

For a free copy of AFuzion’s 20-page technical Aviation Cyber-Security paper on DO-326A and ED-202A, click here: Click here for AFuzion’s 20-age Tech Whitepaper on Aviation Cyber Security

To join the new Cyber-Security in Aviation group on LinkedIn, please click here: Click To Join Free Cyber-Security in Aviation or Engineers/Managers LinkedIn Group

 

Aviation Cyber Security & DO-326A: The New 2019 Mandates

15 Jan

Aviation Cyber Security will be perhaps the largest new development affecting all avionics developers and aircraft integrators for 2019.

Are you ready?  If not, read below for a free technical 1-hour tutorial webinar on February 7th and also training in Munich at Aviation Tech Week on March 12, 2019. To sign up for the free Feb 7 webinar, click here:   Click Here To Watch 1-Hour AFuzion DO-326A / ED202A Aviation Cyber-Security Webinar/Recording

To register for the March 12 Munich Aviation Week Aviation Security Training, click here: Aviation Security 1-Day Training Info & Registration Munich March 12

Aviation Security – it’s imperative in 2019 to develop an understanding of what is required for new avionics/aircraft development and operations via the new mandatory DO-326A/ED-202A documents.

The DO-326A/ED-202A set of documents is all about the mitigation of the aviation/aircraft safety effects of “Intentional Unauthorized Electronic Interaction (IUEI)”, a.k.a. “Cyber Threats”, and which were explicitly excluded from the classic DO-178/ED-12/ARP4754 set.

DO-326A/ED-202A & DO-356A/ED-203A focus upon type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. Their companions DO-355/ED-204 focus upon security for continued airworthiness. DO-326A/ED-202A currently has 3 (three) companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A, and a few more planned. DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers.

The DO-326A/ED-202A set currently applies to fixed-wing aircraft (Part 25), with clear FAA recommendations for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23),rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35), and clear indications of it will increasingly being applied to these other aircraft including military beginning in 2022 or thereafter.

DO-326A/ED-202A is “Airworthiness Security Process Specification”, used to mitigate effects of intentional electrical equipment intrusion, a.k.a. “IUEI” (Intentional Unauthorized Electronic Interaction) which could impact aircraft safety. DO-326A/ED-202A currently has 3 (three) companion documents: ED-201, DO-355/ED-204 and DO-356A / ED-203A (see below for detailed information) , and a few more planned. DO-326A / ED202A provide requirements and objectives in a similar fashion to DO-178C, DO-254, and ARP4754A; while the DO-326A guidance is just that, certification authorities increasingly assess DO-326A compliance as added requirements for aviation suppliers. Currently, DO-326A/ED-202A only applies to larger commercial aircraft, greater than 19 seats, hence is for Part 25 fixed-wing aircraft, however – clear FAA recommendations already exist for the adaptation/tailoring of DO-326A/ED-202A for general aviation (Part 23),rotorcraft (Parts 27 and 29), engines (Part 33) and propellers (Part 35). AFuzion’s participation in various committees and client work indicates DO-326/ED-202 will increasingly be applied to these other aircraft including military beginning in 2022 or thereafter. DO-326A focuses upon type certification during the first three phases of an aircraft (including avionics) type: 1) Initiation, 2) Development or Acquisition, and 3) Implementation. See DO-355/ED-204 below which focuses upon security for continued airworthiness.

Avionics and aircraft manufacturers need to address both developmental and operational aspects of their aircraft/systems. This ecosystem of secure safety within aviation development and operation focuses upon prevention of malware entering the avionics systems while they are being developed or data-loaded, and also during flight operations where such malware (or external hacking) could alter intended aircraft operations and safety.

As their titles suggest, ED-201 serves as the top-level “WHY” guide for the entire information security process. DO-326A/ED-202A define the “WHAT”, including risk assessment for ARP4761A; DO-356A/ED-203A comprise the “HOW” – more or less the “security-companions” of DO-178C/ED-12C et al; DO-355/ED-204 are the “WHAT THEN” – feeding to ARP5150; and the new ED-205 is for the ground (CNS/ATM, e.g. companions to DO-278A), more or less the “security-companions” of DO-278A/ED-109A, et al. Where the base aviation guidelines (DO-178C, DO-254, DO-278A, ARP4754A,…) suggest safe and verifiable engineering processes, the aforementioned security-related documents provide guidance and rules which augment those engineering processes for security intrusions and extend through aircraft operations. For DO-326A / ED-202A Guidance, DO-326A Training, DO-326A Mentoring, or DO-326A Gap Analysis, contact AFuzion.

For information on private DO-326A Training and ED-202A Training, see the AFuzion training page for more details here: AFuzion Cyber Security Training Info Click Here