Possible software bug implicated in accident

Aviation Week provides this interesting report of a potential software bug and its effects.  An Airbus A400M airlifter crashed on May 9, killing four people. Aviation Week's sources indicate that the crash may have involved new software that manages the fuel levels in the fuel tanks.

More on Airplane Hacking

The FBI has released a notice on media claims about aircraft hacking.  You can see the document here (among other places).  Thanks very much to Nicholas Larrieu for the pointer to this document. The notice asks for assistance in identifying potential incidents and vigilance in preventing such events.  It also says:

"The FBI and TSA are currently analyzing claims in recent media reports which included statements that critical in-flight networks on commercial aircraft may be vulnerable to remote intrusion. At this time, the FBI and TSA have no information to support these claims but continue to leverage public and private sector partnerships to evaluate potential threats posed by intrusions into a commercial aircraft’s secure networks. The FBI and TSA also continuously monitor and analyze reporting on cyber and technical threats to proactively deter individuals from using remote intrusions to disrupt any portion of the aviation sector, including its business networks, critical navigation and air traffic control signals, and the onboard networks of commercial aircraft."

Airplane Hacking

CNN just posted this story about the ongoing saga of Chris Roberts, who has (depending on who you believe) either hacked into commercial airliners in flight or has investigated the possibility of such activities.

787 Battery As A Cyber-Physical System

The problems with the 787 battery a year ago haven't recurred, thankfully.  So now is a good time to step back and think about the implications of this issue for cyber-physical system design.  Here are a few informational links:

• Aviation Week provided excellent coverage, including this description of battery testing and a photo of the damaged battery.
• Boeing's review of the battery certification process. 
• An interesting article from Avionics Magazine on the battery issue.

While the battery behavior itself is ultimately a chemistry issue that is far beyond my expertise, the root causes go back to cyber-physical system design.  During normal operation after the engines are started on the ground, the airplane's electric energy comes from the auxiliary power unit, a small jet engine driving an electric generator. The battery is provided in part as an emergency electricity source in case the main generator fails.  The 787 is a fly-by-wire aircraft, so the flight controls depend on electronics.  But the 787 goes well beyond minimal fly-by-wire to use a great deal of electronics that are important to the aircraft operation.  As a result, the battery needs to be able to supply a great deal of energy in some cases.  The battery technologies generally used in aircraft---and those that are generally approved under certification procedures---provide lower energy density than does the lithium battery technology used in the 787.  Energy density is very important in an airplane because weight is a critical factor in overall aircraft performance.  Aircraft designs must be certified.  Although lithium batteries had been used in certified aircraft design in a handful of cases, the 787 represented an early use of this type of battery.  The detailed design of the battery subsystem was driven by competing system constraints: on the one hand, weight; on the other hand, heavy use of electronics.