Recent years have seen the development of a range of new types of entrants to the aviation ecosystem. These have included prototypes of urban air taxis, to varying small and medium-sized unscrewed vehicles for a range of applications such as cargo and delivery services, security operations, healthcare support and environmental monitoring. Drones, just as one example, will mean entirely new forms of traffic, especially at very low levels of airspace with high demand in densely populated areas where risk levels will be increased.
In this context, the system-of-systems that keeps our skies safe for traditional forms of aircraft will be unable to cope. A wholesale transformation of ATM systems is needed to open up a new age of commercial opportunities for the aviation sector. A test of both technological innovation and the will to collaborate across stakeholders that may have differing needs and targets.
Human operators in traditional ATM are already facing high workloads and a deluge of data for analysis and interpretation from different information systems, such as for flight planning, radar and weather. The current approach is not scalable in ways that can deliver the hybrid airspace: the combination of crewed and uncrewed aircraft delivering a host of new services and the complexity that it will bring both for localized urban areas and the global air traffic system.
Secure and shareable information
ICAO is committed to establishing new safety standards for uncrewed traffic. New forms of information exchange that can lead to a seamless integration are already being explored by NASA, the FAA, SESAR and EUROCONTROL, with projects researching Concept of Operations, new technologies and case studies. UK Research and Innovation (UKRI) — via its Future of Flight Challenge — is investing in R&D and demonstrators of how a new ecosystem can work safely.
At the root of the challenges presented by Unmanned Traffic Management (UTM) is the need for building a new system built on layers of information sharing and secure data exchange that can guarantee safety for all airspace users. For example, all vehicle operators need to be able to identify themselves as trusted entities and share their flight intent with each other. There must be interoperability. Operational information will need to be shared between ATM and UTM service providers and their respective users tailored to their needs and requirements. In turn, the tailored and relevant ATM and UTM information must be accessible to specific stakeholders in a trusted and assured way.
Data being shared across a hybrid airspace needs to be consistently accountable and explainable, every movement and decision being explicit and trustworthy. Every anomaly must be clearly identified and traceable. However, there are not yet any clear guidelines on acceptable levels of performance for increasingly automated and autonomous systems.
Distributed ledger technology
Current technologies used to coordinate and manage aviation originated in the 20th century. The information systems used by many airports, airlines and air traffic controllers predate the internet, but are still the basis of the aviation world. New technology is rarely adopted first by the aviation industry. It is a hermetically sealed world – insulated from the internet and its threats. This has been a barrier to innovators in aviation, who have tried to embrace the potential of cloud computing offerings and operate their equipment using public 4G/5G connectivity. Outdated and unreliable technology is a drag on the existing aviation industry. A Cranfield study has estimated that 60% of flight delays that aren't weather-related are due to failures in handling data.
The existing ATM infrastructure is a relatively unsophisticated form of distributed system, ensuring interoperability through global standards. However, many of the messaging formats and protocols come from an era of fixed lines and teletype machines, and on this basis, any homogenization aimed at building a unified infrastructure that meets the global needs of safety and efficiency is unlikely to be possible.
Distributed systems have moved on. In particular, the explosion of interest in blockchain technology has brought forth a software toolkit that is exceptionally well suited to build UTM – and rebuild ATM – as a system-ofinteroperable systems. One that replaces old protocols, trust between human operators, an inevitable level of obscurity and lockout, with explicit computational verification of actors, assertions, and processes.
Work is underway on a platform using distributed ledger technology (DLT), similar to the blockchain technology. The consortium of partners – including Cranfield, Heathrow Airport, airline group IAG, ANSP NATS, IT company SITA and Oxford University – expect an ATM/UTM framework using DLT technology to be in place by 2024.
DLT enables thousands of independent computers across systems to share a uniform history, the same view over stateful data: in other words, the who, what why and when of each airspace participant and their movement. DLT systems also embed cryptographically-enforced controls over user actions, and can allow for the embedding of process controls with built-in parameters, so-called smart contracts. Such systems can be paired with other distributed technologies such as direct peer-to-peer data transfers for exchanging large stateless data objects like radar data and Verifiable Credentials and Self-Sovereign Identity (SSI) technology for encapsulating the permissions of independent actors.
With simple architectural definitions, open-source code and open APIs, this base infrastructure can be used to underpin the future filing of flight plans, the capture and exchange of live routing data, and ensure the right data is made available to the right stakeholders at the right time. Access controls for visibility of and interactions with data can be embedded.
With a shared will across international ATM, these approaches could also enhance the existing ATM communication infrastructure — or be made interoperable through suitable interpreters and interfaces. National digital UTM/ATM infrastructures could be underpinned by core stakeholders such as large airports or ANSPs including air traffic control centers and bridged to other national infrastructures for the verifiable and safe point-to-point routing of flight or other critical data. These could be cryptographically wrapped to control legibility, further enhanced with read receipts, made machine readable and processable for risk analysis, and co-interpretation with live radar or weather data.
In this way, distributed approaches can make the underlying digital infrastructure of UTM and ATM systems reflect the real-world interactions and needs of its users and stakeholders rather than enforcing a onesize-fits-all approach.
AI will enhance cybersecurity measures for the DLTs, allowing for constant real-time data collection, processing, monitoring and authorization during operations. AI algorithms can be trained using historical data to recognize expected UTM message content and the expected behaviors of the parties involved, and so detect deviations that may signal misbehavior on a DLT system. Suspected malign messages can be removed or marked-up.
A new report published by Cranfield, ‘The development of an UTM system using cross-cutting technologies: Distributed ledgers and artificial intelligence’ outlines the technology involved also proposes a new governance framework. The report sets out a series of rules for those stakeholders participating in a distributing ledger, so that they can provide and receive data and services in a trustworthy environment.
Challenges for the DLT project include achieving scalability, sustainability, technological stability and cybersecurity. Scalability and sustainability go hand-in-hand with these technologies and derive from the computer science fundamentals that underlie them. Following their initial invention in the late 1980s, multiple methods and algorithms have since been developed that aim to bring disparate independent computers to a consensus, a singular view over stateful data. There is always a trade-off between the number of consensus participant computers within a network, the maximum message density or finalization rate, message size, and physical distribution of participants.
The class of consensus algorithms that underpin public blockchains, such as Bitcoin, enable tens of thousands of consensus participants, but have low message finalization rates and consume a lot of energy to achieve this. Trade-offs can be made to balance out if the network topology is appropriately designed. A selection of participants drawn from recognized aviation organizations could form the core consensus group for securing the ledger of record. Many tens of thousands of external organizations or users could then be variously able to hold clones of the ledger or submit transactions to it, but not be able to take part in its consensus. Across aerospace borders, there could be bridging solutions built between private national ecosystems with shared consensus.
Technologies in this field are evolving quickly. Blockchain was invented just over a decade ago. Already at least 10 different approaches and thousands of clones of these approaches have been developed to implement distributed ledgers. The premature adoption of a consensus algorithm and other elements from the distributed ledger toolkit –programmability or smart contracting – could over time lead to significant technical debt should better solutions arrive.
Cybersecurity is an ever-present and critical challenge for any computer system. With ‘Byzantine Fault Tolerant consensus algorithms’ there is the ability for DLTs to tolerate a proportion of malicious actors within the system and still achieve faithful data availability and replication. Gross collusion or corruption of consensus actors only allows for the censorship of new transactions, and not the editing of submitted transactions, and the theft of cryptographic signing keys only allows the manipulation of new and not historic ledger entries.
To secure the smart contracts and user-programmable functionality, there are cybersecurity challenges with Turing Complete virtual machines which must be carefully managed: who is allowed to submit code to be executed, and how strictly it is reviewed prior to acceptance. Domain-specific programmability, to restrict permitted behaviors, may turn out to be a better option when it comes to mission-critical situations.
Perhaps the greatest cybersecurity risk is the permanence of records in a distributed ledger. No matter the cryptographic methods selected, these could be susceptible to decryption and intrusion at some point in the distant future. The choice of cryptography, and the content of messages will need to be carefully considered in the overall design of a DLT-based UTM or ATM solution.
Opening up the hybrid airspace is achievable in the near future. All that's needed is the shared will and coming together of the main players in the aviation sector to seize the opportunity that's being presented.