There are certain things you expect when you're building drones for photomapping and journalism. First, you expect some setbacks. Perhaps a crash or two, or at least a few broken props. At worst, you expect a drone to take a fatal nosedive into a field and break into a hundred pieces, never to fly again.
There is a learning curve to this stuff. But you don't expect your drone to go haywire and burst into flames while you're working on it.
Last month, I was busy preparing an electric-powered drone in my basement for a maiden flight. With a wingspan of over 5 feet, and weighing a little over 7 pounds, it was the largest drone I've worked on yet, and it had a decent-sized power source to match.
Much larger drones have flown on the same basic technology, with power sources of twice the capacity used here. Most of our development to this point has focused on battery-powered drones instead of methanol-powered drones, because we want to keep the risk of fire down (even though fuel fires are rare). But that doesn't meant that batteries can't catch fire.
For my drones, I use lithium polymer batteries, or "LiPo," and they're pretty advanced as far as battery technology goes. They run today's electric cars -- the Leafs, the Teslas, the Fiskers and Volts. If you are reading this on a smartphone, you can thank a lithium battery.
Most other cells are contained in cylinders, but lithium polymer cells come in individual pouches. LiPo batteries are packs of lithium polymer cells that have been bound and tightly wrapped together. What really sets LiPo batteries apart, however, is the amount of energy they can store.
Whenever you're storing a great deal of energy in a compact space, and you suddenly release all that energy, you're liable to create tremendous heat. Since LiPos hold a lot of energy, under the right conditions, they can also catch fire.
According to the instructions of the original balsa plane I was hacking into an autonomous drone, the motor and its speed controller required 5 LiPo cells. I did not have a five-cell LiPo pack. I did have two 3-cell packs, and one 4-cell pack (which is quite large). Thanks to fuzzy math, I somehow thought it was safe to use the 4-cell pack and a 3-cell pack, for a total of 7 cells.
Everything seemed OK at first. The motor whirred happily during testing. Then I took the drone back to the basement to finish mounting and calibrating the autopilot, and things got weird.
Honey, fire extinguisher! Fire extinguisher!
When you shut off the transmitter, commonly known as the controller, you're surrendering direct control of the unmanned aerial system. Whatever electromagnetic waves happen to waft in the direction of the aircraft may be picked up by the receiver and interpreted any number of ways. That may include a signal to turn a motor on full blast without your permission, and without the immediate ability to turn it off.
I'm not sure that's what happened during this ordeal, but things went downhill after I cut the power to the transmitter. The motor sputtered and made one turn of the prop, and smoke rose from the avionics bay. A flame somewhere between six inches and a foot tall shot out of the speed controller, melting the vinyl coating of the airplane and scorching the balsa frame.
My hands went up. All I could do was watch.
"Uh... honey! Fire extinguisher! Fire extinguisher!"
My wife sprinted to the basement staircase, ripped the fire extinguisher off the wall like some kind of She-Ra, and handed me the extinguisher, bracket and all. I removed the pin and coated the airplane, along with much of the basement, in a thick layer of yellow powder.
After I carried the smoldering drone outside, vacuumed the entire basement, and ran to the store to purchase three new fire extinguishers (of various sizes to handle catastrophes of various magnitudes), I collapsed on the couch, coated in a fine layer of chemical flame retardant.
My wife shook her head. "I should be mad at you, but I just feel sad for you."
"You've crashed drones, you've had balloons fly off. You worked so hard, and now this one caught fire. It's sad."
We have some new rules in the house. First, no charging batteries in the basement. Second, no testing of motors in the basement. And last, no testing motors that have propellers attached.
A Word on GPS Spoofing.
Having a drone catching fire inexplicably is scary stuff, but it's not an excuse to fear drones categorically. Unfortunately, many people already have very strong, very negative opinions of drones, and it's not just because they are used for extrajudicial assassinations. The public perception of drones is at an all-time low.
Negative publicity has been building steadily since the public learned of the potential for government agencies to use drones for surveillance at home. Last month, the media ramped up sensationalizing the risks of drone technology when researchers at the University of Texas "spoofed" a drone's guidance system.
I'll explain. Most drones rely on the Global Positioning System, or GPS, a constellation satellites in space that send radio signals to assist with navigation on Earth. Drones receive those signals and use them to find out where they are, where they are headed, and how quickly they are headed there. Those are not impossible signals to mimic, meaning it's possible to send a counterfeit signal to make a drone think it's somewhere that it's not (potentially causing a collision or other serious incident).
Todd Humphreys, the engineering professor behind the spoofing experiments, testified before congress that "GPS receivers used in commercial and general aviation aircraft, in maritime vessels, and in surface vehicle transport are vulnerable to GPS spoofing," and that "GPS spoofing remains a significant risk to civil manned aircraft."
News outlets jumped at the chance to pick at a chink in the armor of domestic UAS (Unmanned Aerial Systems). Fox News said Humphreys told a "stunned committee" that "The potential is there... for terrorists to do the same thing." Another, "exclusive" report from Fox News, also featuring the professor, told of a "gaping hole in the government’s plan to open US airspace to thousands of drones." "They could be turned into weapons," the report warned.
Frightened citizens wrote breathlessly to their papers and representatives. One such letter, printed in the Walton Sun, a newspaper servicing a beach community near Florida's Elgin Air Force Base, read that "We could get collisions in the air, or engine failures, and there could be loss of life." It was published alongside a photoshopped picture of an enormous Global Hawk drone (among the rarest and largest of military drones) flying above a coastline.
"When a plane flies over, it’s overhead for a minute or so, then gone," it continued. "These things, however, are a constant noisy, intrusive drone. Enjoying the outdoor deck is certainly diminished."
How to Stop Fearing the Drone.
Saying nothing of the choice to live near one of the largest, most active air force bases in the country, most drones, especially small sUAS weighing less than 20 pounds (the kind that we use at DroneJournalism.org), are quite silent when operating at altitude. And the technology is making them even more quiet.
While the prospect of an out-of-control drone certainly is scary, this is a problem that engineers have known about since the first GPS satellite was launched. The military uses encrypted signals, which greatly reduces the chance for spoofing.
"A military-style spoofing defense, in which the transmitted signals are fully encrypted, is not appropriate for the civilian sector as it denies free and open access," Humphreys noted in his congressional testimony. But he also added that encryption isn't necessary, and gave nine non-cryptographic solutions to stifle would-be spoofers.
Counterfeit GPS signals have to be much stronger than authentic signals to have any effect, about 10 times as strong as the signals coming from satellites. One of Humphrey's nine solutions essentially has the drone weed out inappropriately strong signals.
Drones also can capture multiple GPS signals, and cross-check those signals for the most appropriate position. It's much harder for someone trying a spoof three signals than to spoof one signal.
| The MicroGRAM - a supposedly spoof-proof GPS module. |
The drone industry already has GPS units with anti-spoofing tech wired in. At the most recent Association of Unmanned VehSI conference in Las Vegas, Rockwell Collins was advertising the benefits of its MicroGRAM system, which it says is protected against both spoofing and jamming. The MicroGRAM isn't just for large birds like the Predator or the Global Hawk, either -- the module is the size of a postage stamp, and is being marketed for small unmanned aerial systems.
Researchers are also working on ground-based GPS that could be a complement to space-based GPS, or used exclusively for drone navigation. And of course, that's not counting that a drone could be flown manually in the event of an emergency.
Solutions aren't just found within the GPS radio, either. Most drones, even the simple ones I work with, use multiple sensors. Drones can be guided with accelerometers, gyroscopes, magnetometers, barometric pressure sensors, infrared, optical cameras, sonar, radar and laser systems. Each one of these sensors gives drone developers another opportunity to cross-check what the GPS is saying about position, direction, and speed and potentially override a bogus signal.
A whole sub-field of drone research is concerned with building drones to operate in places where you can't get a GPS signal -- like inside buildings, underground, or inside caverns. These locations are called "GPS denied environments." One method to fly in those spaces involves SLAM, or "Simultaneous Localization And Mapping," where drones use their sensors to compute a model of a room, and then use that model to fly inside that room without running into obstacles.
 |
| One of MIT's SLAM drones -- using a Microsoft Kinect sensor |
And how big is the threat of spoofing in the first place? "Constructing from scratch a sophisticated GPS spoofer like the one developed by the University of Texas is not easy" Humphreys testified. "It is not within the capability of the average person on the street, or even the average Anonymous hacker."
"I estimate that there are more than 100 researchers in universities across the globe who are well-enough versed in software-defined GPS that they could develop a sophisticated spoofer from scratch with a year of dedicated effort. Spoofer development is likely outside the capability of organized crime or terrorist organizations without access to advanced training, but is well within the capability of near-peer nation states."
How difficult does Humphreys say it is to safeguard against jamming? He said his techniques "would reliably detect a sophisticated spoofing attack... with a low probability of false alarm, could be implemented in the short term, would not significantly increase the cost of a GPS-based navigation system, and would be applicable to a broad range of GPS dependent systems."
Are Drones Safer Than Manned Aircraft?
Today, spoofing is a highly-technical, highly improbable tactic that could be used against anything that relies on a GPS, not just drones. GPS spoofing not very likely to happen in the first place, and the technology is improving every day to make it even more improbable. In fact, all signs point to the possibility that autonomous drones might be more safe than their human-flown counterparts, just as it seems that self-driving cars could dramatically reduce accidents.
This point is best illustrated by Rockwell Collins, who in addition to producing the spoof-guarded MicroGRAM module, also developed something called "Damage Tolerance Control." It's a system that allows drones to fly and land safely, even if they happen to lose part of a wing during flight.
In an email sent to me about the MicroGRAM, Rockwell Collins mentioned they had blown the wing off an F-16 fighter model, and were able to land the drone autonomously.
But what about the accident rates of military drones? News agencies recently published reports with sensational headlines like "Raining droes?" showing that drones had the highest accident rate in the entire Air Force, almost three times the average across all Air Force aircraft.
But buried in those news reports were the fact that military drones have an accident rate similar to the F-16 fighter jets, that drones are stressed with flight times that far exceed manned flights (drones don't have to sleep or eat), and that crash statistics include the early drones that were rushed into deployment without adequate development time. The Predator drone actually has an accident rate that is slightly lower than single-engine private aircraft (and Predator accident rates include drones that were shot down by enemy fire -- which does happen in a war zone).
While collectively, military drones do have a higher accident rate than most manned military aircraft, more recent reports indicate that pilot error is the primary factor in drone crashes. About 80 percent of drone crashes result from pilot error, and drone pilots are being overwhelmed with computer screens and flight data. To put it another way, blaming drones for slightly-higher than normal crash rates makes about much sense blaming automobiles (all of them) for crashes that occur while the driver is texting and driving.
When it comes down to safety, there is no reason why drones can't improve in their ability to not run into things. The odds of any accident obviously increases when you increase the traffic in the skies (the FAA estimates 30,000 drones in the US by 2020 -- which divides to 600 per state, or one drone per 126 square miles -- though not all drones everywhere will be flying at the same time). But ultimately, it's better to have two 20-pound, unmanned drones smacking into each other and falling on nobody, than say, having two, 2,000-pound, fully fueled news helicopters crash into each other, killing four people. Meanwhile, drone companies are developing technology that will all but end collisions between drones ("detect sense and avoid" technology).
How to Start Loving the Drone.
 |
| The drone repaired -- and prepared for flight. |
I can confidently say my drone wasn't brought down by anti-aircraft fire. Even though it behaved as if its operating signal was spoofed, that did not start the fire fire. The fire was caused by user error; and something that was learned from and is not likely to happen again.
The burnt electronic speed controller was replaced, the LiPo power source was sorted out, and the drone did actually fly -- and surprisingly well, at that. This one is destined to become a tool for some lucky central Illinois high school students, who will learn about sensors, computers, robotics, physics, chemistry and earth science as they use it to take photomaps of the environment.
These students are about to be introduced to drones in the way that the rest of the public needs to be introduced. Not as instruments for warfare, not as kamikaze robots of death, but as useful tools that can monitor beach rubbish, deliver life-saving medication, guide boats through ice, keep tabs on nuclear disasters, safely fight forest fires, and in general, make the world a better place.
We need some good old fashioned education, not sensationalism. What we need is better journalism.
I leave with a video taken from on-board the aircraft. Subsequent posts will follow the development of this drone, and ultimately show the progress of the students I'm working with.
