Upcoming drone regulations that will impact Europe as a whole are set to provide a basic framework around compliance, but these rules likely won’t define the functional safety or cybersecurity tasks that operators and OEMs need to make a priority. These are the exact topics that the industry needs to define in order to enable growth, and that’s the reason CertX is focused on them to ensure innovation can work safely.
CertX is a functional safety and cybersecurity certification body that believes their services can help products to be more and remain safe. By doing so, OEMs can experience better market acceptance, lower insurance premiums and lower product liabilities risks. These advantages aren’t just about efficiencies and costs since there are laws which mandate the kind of independent evaluation that Certx provides.
To get a better sense of what it means for CertX to certify products, train staff and certify an organization’s processes, we connected with CertX CEO Jens Henkner. In the interview below, he detailed when he recognized the need for the services CertX provides, explained why cybersecurity will soon be a requirement for a variety of drone operations, talked through the most common piece of feedback he received and much more.
Jeremiah Karpowicz: Tell us a little bit about your career. I understand your aviation background is quite extensive.
Jens Henkner: I worked at Fairchild Dornier a small aircraft manufacturer where we build a 70-seater aircraft. In this relatively small company which went bankrupt in 2002 I had the chance to have an insight in all aspect of designing and certifying an aircraft being at the end responsible as chief engineer for the whole development and esp. the certification aspects. This helped when I came into Airbus to become the chief engineer in Germany for the Airbus 330/340 program.
I held a few other positions at Airbus that included heading a BU for aircraft conversion and an aircraft maintenance shop. I then moved on to work for an Indian wind turbine OEM and led all the technical teams there. A different world compared to aviation, yet with a lot of similarities. As simple as they look, they are highly automated equipment.
In what way does your manned aircraft experience influence and guide the work you’re doing with unmanned systems?
Functional safety is a method borne in the (manned) aircraft world. The drone regulation from EASA will have various degrees of rigour depending on the drone size, weight and operation type but they are following the same principle which is about ensuring a safe operation.
This is also a basic principle in the “big” aircraft world, so it’s very familiar to me and why we can speak the “aerospace language”. It’s also why we can offer help to operators who typically haven’t come across airworthiness aspects yet. Functional safety in the other domains is similar, apart from the fact that everyone has its own nuances and nomenclature in it.
CertX is the first functional safety and cybersecurity certification body in Switzerland. When and how did you recognize the need for this kind of organization?
With more and more equipment becoming automated or even autonomous, is it is important for OEMs, users and the public to ensure that they do not harm humans, other equipment or the environment. That is what functional safety is all about.
In short, we ensure that humans are protected from machines. Once those products are being used and are all connected, we also need to ensure that they stay safe. So cybersecurity protects the machines from humans to ensure hackers cannot misuse the equipment. Think about ICUs, cars or drones being hacked and remotely controlled by someone.
Today, we are living amidst a wave of innovation and currently, there are only a handful of certifying bodies worldwide in this specific area. Switzerland is a country of invention and quality. It already has real commercial drone operations in 2 cities. The request came up from a variety of companies here mostly wanting to put innovative products into the market. They recognized the need to ensure safety and found no one close to them after a thorough search.
Having said all this, it’s really all about experience and skill. We benefit from the proximity to a university which has a unique curriculum for students in functional safety and cybersecurity as well as the ROSAS institutes where they can work on real industrial safety-related projects.
Why type of person or organization should be looking at the training and certification you offer? Are these services available to companies across Europe?
We address all companies and persons who have to deal with those aspects as mentioned above.
Typically, whenever a controller and software together control safety-related aspects our services apply. That can be for intelligent sensors, autopilots of drones, adaptive distance controls in cars, industrial robots and many more items. Those services are not limited to Switzerland, and in fact we have requests and clients across Europe and even in China and India.
Certification bodies do exist, and they’ve created international standards that we adhere to in order to maintain particular independence, neutrality and fair evaluations. We are being audited and surveyed by an accreditation body (a governmental organization) which guarantees adherence to those norms.
And of course our Swiss DNA – quality, thoroughness and rigor – hopefully provides our clients a good added value.
What can you tell us about how regulation has influenced the way in which drone technology is being adopted in domains that range from automotive to railways?
It is one of our beliefs that eventually, autonomous pieces of equipment will be very similar across all domains. Having said that, unfortunately, the rule-making is very much disconnected.
Drone regulations such as the new EASA regulation are fairly advanced, but there’s a lot of pressure by various stakeholders in the automotive domain. We are the Swiss representant in the SOTIF committee setting the standards for autonomous cars and the way the automotive domains is approaching the safety aspects is in our view something that the other domains could learn from.
Tell us about the proposals to define AMCs and GMs to a repeatable fashion that are currently out there. How will they impact the overall market going forward?
As mentioned before, the drones rules are out just now but they lack the AMC and GMs to make them repeatable and applicable in practice.
Let’s look at one example – the EASA rules ask for CE marking. In the CE standards right now, there are no clear definitions of what needs to be done in order to be compliant or how to demonstrate safety in adverse conditions. Does that mean we have to wait until they occur or try to work those out in a lab test?
I think the rules are a good start but just like with the manned aircrafts, the big work is to create a set of AMC and GM to make them practical and, even more importantly, repeatable to create a multinational standard. The burden is with the operator today and the approval a national one. Having a wider practical standard would ease the burden for operators, allow more operations and at the end enable a growing market for all participants.
You’ve talked about a technical assessment of drone technology that consists of two levels. One is a classic safety check, the other is the decision check on an overall system level. What are some of the things operators need to realize about both of these levels?
Just to clarify, this 2 level approach comes from the automotive domain which is a good approach and to our view something to adopt for drones as well.
The first level is what we call the classical system reliability and safety aspects. Compare it to the physical fitness of a pilot. That pilot needs to have proper vision, should not suffer from serious health problems, etc. For those aspects, the current standards and techniques do apply very well.
The second level is a decision-making process which focused on making sure a pilot recognizes the situation that they make the right decision as a result of it. Humans can be trained for this decision-making process, but now AI needs to have this done as well. This is where the simulation kicks in. Instead of trying this out in real life – like for humans – we can simulate this in a digital environment and run several hundred thousands of possible (extreme) scenarios in systematic and repeatable fashion.
You’ve also mentioned that cybersecurity is the flip side of functional safety, and it will become mandatory for many different kinds of infrastructure inspections and operations. Is that concept something more and more organizations are beginning to realize? How have you seen conversations around cybersecurity change recently?
They will have to since lawmakers are already started to force them.
The book “Blackout” from Marc Elsberg showcases the stakes we’re dealing with. It’s a thriller about terrorists hacking smart meters and destabilizing the grid to force a blackout? It should be mandatory reading for everyone related to critical infrastructure. Since I have worked in this domain I can only say the scenario is not a sci-fi one and unfortunately very close to reality. It applies to other pieces of technology like cars. High-end cars have an automatic parking system which controls steering, throttle and brakes, but the cars are also connected to the Internet. So there is a door to possibly hijack the car. The only question is how good is it locked.
This is the part where we come in, as we’re there to make sure these systems are being protected and that these breakdowns and hacks can’t and don’t happen.
Is there a common mistake or challenge that you run into around cybersecurity? How have you been able to effectively explain or work through these challenges?
Not sure that I would call it a mistake, but I often hear “Oh we are very safe, we change passwords every month”.
The thing is, threats are often asymmetric, and the cybersecurity aspects are thought of as “have-to-do” issues with only a few people taking care of them even though they’re facing thousands of hackers out there. In most companies, the performance problem typically pushes the cybersecurity problem on the side.
In the United States, the police asked a hacker to test their drone system, and it was hijacked it with equipment worth less than $40 within a distance of 2km. The drone wasn’t a toy, and actually, the developers bypassed a few security elements because of performance reasons.
We believe you can’t compromise one or the other – both aspects must be adhered to. We offer a neutral view on things and provide a mirror for our clients.
What are you most looking forward to seeing happen with drone technology in 2019?
I think that we will see more industrial applications, like the surveillance of infrastructure in difficult terrain and deliveries into remote areas. I would hope that the different domains come a bit closer together to set the rules for operations since they’re ultimately all dealing with the same problem. If it flies, drives on the road or on a railway track, it’s always going to be a system with sensors detecting their environment and taking hopefully the right decision.
I firmly believe rule-making and standards will not prevent but fuel the growth of autonomous systems, so I hope all stakeholders will understand the urgency to move here.
What are some of the questions individuals or organizations should be asking when considering whether or not your certification services are the right fit for them?
If they have not yet done any certification or similar assessment, we would typically offer a gap analysis as a start. It would give them feedback around what their weak points are that need to be addressed. We also offer systematic training programs in all domains, either bookable online or if you have more than 8 people to train it is probably more economical if we come and provide a company specific course.
In early design phases, we can do pre-design assessments to give guidance on possible safety or security related feedback. We also advocate the creation of certification activity that occurs concurrently with the development, so our clients get the most benefit since we would highlight possible safety or cybersecurity early in the project. Once it finishes, they can get relevant feedback into their design process before it finishes.