safety/security concerns when automating slr systems · safety/security concerns when automating...

ILRSTechnicalWorkshopRiga1-6Oct,2017(Wetzel) 1

Space Geodesy Satellite Laser Ranging

HowardDonovan2,ScottWetzel2,DonaldPatterson2,JulieHorvath2,AliceNelson2,JanMcGarry1,EvanHoffman1,John,Cheek3

1NASAGoddardSpaceFlightCenter2KBRwyle (formerlyHTSI)3SigmaSpaceCorporation

Safety/SecurityConcernswhenAutomatingSLRSystems


Abstract

Safety/SecurityConcernswhenAutomatingSLRSystems

Thispresentationfocusesontheidentification,analysisandassessmentofsafetyandsecurityissuesnecessarytoachievingautomationofSLRsystems.ThefocuswillbeonSGSLRbutwillberelevanttoanySLRsystem.Areasofconsiderationincludeautomationregulatoryanalysis,hazardanalysis,situationknowledgeandaction,supportingsafetysystems,hazardreporting,ITSecurity,andoverallsiteassessment.Thepresentationwilldiscusswhatisneededduringdesign,implementationandverificationofthesystem.


SafetyOverviewu Canweautomatesafetyissuesandsystemintegrityissues?u Identifytheentityorentitiesthatprovidetheconcurrenceon

non-objectiontotheautomatedoperationofhazardousoutdoorlaseroperationsthroughthegovernedairspace.– HostCountry

• Highlevelgovernment(Federal/National)• LocallevelGovernment(State/Region)– Requirementsoftheseentities

u Currentlyexistordotheyneedtobecreatedu Unattended/automatedoutdoorlaseroperationsexplicitlyallowedoraretheyinferred

– Organization(Science)sponsoringtheoutdoorlaseroperations• Safetyrequirements• Proceduresforacquiringconcurrence• Safetyplanandimplementation• Safetyplanimplementationverification

– InternationalRequirementsifinanothercountry– Whichrequirementstakepriority(moststringentineachcategory)– Periodicrenewal


uRequirements/StandardsUsedInclude:–NASAProceduralRequirements(NPR8715.3)–GoddardProceduralRequirement(GPR:1860.2)– FederalAviationAdministration(FAA:AC70-1)–AmericanNationalStandardsInstitution(ANSI-Multiple)– SocietyofAutomotiveEngineers(SAE:3includingAS6029A)

SGSLRLaserSafetyPlan


PerformFullSystemHazardAnalysisu Indoorlasersafetyanalysis

– Laserroomaccess– Operationsareaaccess– Buildingaccess

u Outdoorlasersafetyanalysis– Lasertransmitteraccess– Aidedviewing– Airspaceidentification– Identifyingusersoftheairspace(planes,helicopters,balloons,

Gliders,Parachutists,etc.u IndoorandOutdoorsafetyanalysismusttakeintoaccount

– Operations– Maintenance– GeneralPublicaccess– Effectson,orby,closeproximityprojects/offices/etc.


u Performacomprehensivehazardanalysistoidentifyallhazardsassociatedwiththedevelopment,implementation,test,operation,andmaintenanceinvolvingtheuseofthelaser– IndoorLaserHazards• Local,state,federal,hostnationlaseroperationsrequirements• Laserparametersanddetermine– MaximumPermissibleEnergy(MPE)– NominalOcularHazardDistance(NOHD)• Reviewthephysicallayoutofthelaserroomandoperationsarea,identifypotentiallaserhazardsandhazardzones

• Reviewlayoutoftheopticalbench,determineenergydensities,identifyassociatedlaserhazards

• Reviewopticalalignmentprocedures,identifyassociatedlaserhazards

HazardAnalysis- Indoor


u Identifylocal,state,federal,andhostnationlaseroperationsrequirements

u Performairspaceanalysis– IdentifyairportswithintheNOHD,Sensitive,Critical,andLaserFreehazardranges

– Determinetypesofaircraft,aircraftaltitudes,andaircraftspeedsthatareexpectedtobeintheairspacevolume

– Identifyannualairportoperations– Identifynearbyoperationsthatusetheaffectedairspacevolume

u Identifynearbyoperationsthatmaybeaffectedbysatellitelaserrangingactivities

HazardAnalysis- Outdoor


Laser-Free&CriticalZoneConditions

Critical Zone5 µW/cm2

Laser Free Zone50 nW/cm2

10,000feet

5.2 Statute Miles

20 º

NGSLRSystem

RunwayAirport Reference Point11.5 Statute Miles

Critical Zone5 µW/cm2

Runway5.75 Statute Miles1.04 Statute Miles

20 ºLaser Free Zone 2,000

feet

NGSLRSystem

50 nW/cm2

• IdentifyairportSensitive,Critical,andLaserFreezones• IdentifyairportswhichthetransmittedlaserenergywillpenetrateSensitive,Critical,andLaserFreezones


u Identifylocal,state,federal,andhostnationoffices/agenciesmitigationrequirements

u Identifymethodstomitigateallidentifiedindoorlaserhazards– Hazardelimination,engineeringcontrols,useofsafetydevices,use

ofcautionandwarningdevices,implementationofproceduresandtraining,andtheuseofPPE

u Correlatemitigationmethodswithallidentifiedindoorlaserhazards– Hazardelimination,engineeringcontrols,useofsafetydevices,use

ofcautionandwarningdevices,implementationofproceduresandtraining,andtheuseofPPE

– Identifylasersafetysubsystemcapabilities– Implementchangestomitigationmethods/subsystemsasneeded

u Implementandverifymitigationmethods/subsystems

HazardMitigation– Indoor&Outdoor


u Emergencyreportingu Recordkeepingu Timetaggingofcriticaldata

HazardReporting


u Safetyinherentindesignu PersonalProtectiveEquipment(PPE)u Automatedemergencynotificationsystemu Laserhazardwarnings,labels,andcontrolmeasures

– Warningsignsandlabels– Videomonitoringsystem– Proceduresandbeamblocks

u Integratedsystemsafetyfeatures– AreaSafety- DoorwaySensors/StairwayPressureplates– KeyedAccesstoBuildingandLaser– Beamcontainmentbarriers– LaserSafetyChassiswithautomatedbeamblockandlaserfire(trigger)inhibitsignal

u Safetyrequirementsandprocedures– GeneralSafetyRequirements (SGSLRSafetyHandbook)– OperationsProcedures (SGSLROperationsManual)– SystemMaintenanceProcedures (SGSLROperationsManual)– LaserAlignmentProcedures (SGSLRAlignmentManual)– EmergencyProcedures (SGSLRSafetyHandbook)

SafetyControls(1)


u CertificationandTraining– TrainingandCertificationRequirementsforallusersofthesystem-System

Operators,LaserUsersandOpticalAlignments– Allusersmustfollowtherequirementsandprocedureslistedinsystem

manuals

u SafetyEquipment(Lasersafetygoggles,fallprotection,etc.)

u SafetyVerification– RoutineSafetyInspection,periodictestingandcommunications

u SecurityConcerns– SituationalAwarenessofSystemHealthandsurroundingenvironment– PreventionofUnauthorizedEntry– BothPhysicalandElectronic

SafetyControls(2)


SystemSecurityu Physicalsecurityassessment

– Securecompound– Buildingaccess– Lasertransmitteraccess– ReactiontoUnauthorizedaccess– Reactiontoauthorizedaccessbutunauthorizedoperations– Securityimplementation

• Redundancy• Securitylevels

u ITSecurityassessment– Internetaccess– Instantterminationoflaseroperationsinanemergency– Systemmonitorandcontrol– Upgrades– Unauthorizedcontrol


ImplementationPhaseu Implementaccordingtoallguidelines,requirementsandimplementationplansdevelopedduringdesignphase.

u Ensureallplans,Hardware,Software,othercontrolsareimplementedanddocumentedpriortotesting.

u Allpossiblescenariosmustbedetermined,documented,reviewed,testedandverified.

u Allpossibledecisionpathsforthesoftwaremustbedocumentedandtested.Inanautomatedsystemthehardware/softwarebecomesafetycritical.

u Subsystemsthatcanbetestedseparatelyshouldbe,butfinalverificationcanonlybedoneatthesystemlevelinasclosetoactualusageaspossible.


TestingPhaseu Testingandverificationshouldbedocumentedandtestedinall

operationalmodes,maintenancemodes,diagnosticmodesandsimulations.Shutdownandpower-upshouldalsobepartofthis.

u Somesoftwaretestingmayrequiresimulationbecausesomepathsmaynoteasilybereached.

u Methodstotestmustbedeterminedthatdonotharmanyhumans,ordamageanyinstrumentation,facilities,aircraft,butthatallowtestingascloseaspossibletorealsystemuse.

u Alltestingandverificationwillneedtobeperformedwithahumanpresentbutonlywatching(incasesomethinggoeswrong).Thehumanwilldocumentperformanceseen,butthefinalverificationwillbefromanalysisperformedusingthedatacollected(includingvideo)duringtesting.

Safety/securityforfullautomationisamajordesign,documentationandtestingeffort.

safety/security concerns when automating slr systems · safety/security concerns when automating...

Documents