Deus ex Vehiculum: Security in the Age of Computerized Cars

As reported by the Economist: One ingenious conceit employed to great effect by science-fiction writers is the sentient machine bent on pursuing an inner mission of its own, from HAL in “2001: A Space Odyssey” to V.I.K.I. in the film version of "I Robot". Usually, humanity thwarts the rogue machine in question, but not always. In “Gridiron”, released in 1995, a computer system called Ismael—which controls the heating, lighting, lifts and everything else in a skyscraper in Los Angeles—runs amok and wreaks havoc on its occupants. The story's cataclysmic conclusion involves Ismael instructing the skyscraper’s computer-controlled hydraulic shock-absorbers (installed to damp the swaying caused by earthquakes) to shake the building, literally, to pieces. As it does so, Ismael’s cyber-spirit flees the crumbling tower by e-mailing a copy of its malevolent code to a diaspora of like-minded computers elsewhere in the world.

While vengeful cyber-spirits may not lurk inside today’s buildings or machines, malevolent humans frequently do. Taking control remotely of modern cars, for instance, has become distressingly easy for hackers, given the proliferation of wireless-connected processors now used to run everything from keyless entry and engine ignition to brakes, steering, tire pressure, throttle setting, transmission and anti-collision systems. Today’s vehicles have anything from 20 to 100 electronic control units (ECUs) managing their various electro-mechanical systems. Without adequate protection, the “connected car” can be every bit as vulnerable to attack and subversion as any computer network. 

Were that not worrisome enough, motorists can expect further cyber-mischief once vehicle-to-vehicle (V2V) communication becomes prevalent, and cars are endowed with their own IP addresses and internet connections. Meanwhile, car makers are beginning to offer over-the-air updates, using cellular connections, for patching flaws in their vehicles’ software. This makes it easier for attackers to infiltrate not just the odd vehicle, but thousands of them at a time. BMW recently beamed an over-the-air software update to 2.2 million of its customers’ cars. The potential for fleet-wide cyber-attacks ought to have car-makers seriously concerned.

Nor is it just vehicle theft motorists have to worry about. Car hacking can threaten people’s lives, both in the vehicle and outside it. The mind shudders at the thought of malicious code being inserted remotely into the logic of a self-driving car speeding autonomously down the highway.

This is not science fiction. Land Rover recently demonstrated a smartphone app that lets an owner take wireless control of his machine while up to ten meters (33 feet) away from it. The aim, says Land Rover, is to let off-road drivers maneuver their vehicles safely over dangerous stretches of terrain, or to assist urban motorists trying to back a vehicle out of a tight parking spot. Fine, except that such a level of remote control could also make it easier for thieves to steal parked cars, or terrorists to create chaos on the road. 

What is being done to protect vehicles from cyber-attack? Several recent events have stirred legislators into action. Last summer, for instance, during a meeting of automotive engineers and security experts, a 14-year-old schoolboy showed industry experts how to take control of a car remotely using circuitry he had lashed up overnight with $15 worth of parts bought from Radio Shack the day before. The youngster turned the windscreen wipers on and off, locked and unlocked the doors, engaged the engine-start mechanism, and had the headlamps flash to the beat of a tune on his iPhone. “It was mind-blowing,” recounted Andrew Brown, vice-president and chief technologist at Delphi Automotive, a manufacturer of auto parts.

More recently, Consumer Reports, a publication owned by a consumer advocacy and independent testing center in Yonkers, New York, got an eye-opener during a visit to a National Highway Traffic Safety Administration (NHTSA) laboratory. The publication’s editors were surprised when a technician turned off the engine of a test car they were driving using nothing more than a mobile phone. NHTSA has found ways of tampering remotely with door locks, seat-belt tensioning, instrument panels, brakes, steering mechanisms and engines—all while the test cars were being driven. Since its laboratory visit, Consumer Reports has been urging America's Congress to legislate for the highest possible security standards for car computer systems.

The message seems to be getting through. In recent weeks, the House Committee on Energy and Commerce has questioned all 17 motor manufacturers that sell vehicles in America, as well as NHTSA itself, about their plans to thwart car hackers. For its part, NHTSA has compiled a 40-page report on how best to deal with cyber-threats on the road. The safety agency has shared its findings with car-makers, but has been understandably reluctant to publicize the counter-measures in detail. 

The problem confronting car-makers everywhere is that, as they add ever more ECUs to their vehicles, to provide more features and convenience for motorists, they unwittingly expand the “attack surface” of their on-board systems. In security terms, this attack surface—the exposure a system presents in terms of its reachable and exploitable vulnerabilities—determines the ease, or otherwise, with which hackers can take control of a system.

In a car, the remote attack surface includes such things as the vehicle’s on-board diagnostics, Bluetooth and WiFi ports, telematic devices like GPS navigation and cellular radios, plus radio-frequency chips in remote entry keys, tire pressure sensors and the like that communicate wirelessly with transponders connected to the vehicle’s Controller Area Network (CAN).

By functioning as a common communications bus, the CAN’s two-wire network for transmitting digital messages around a vehicle allows manufacturers to add features and accessories to a vehicle simply by plugging the additional components into the bus, instead of having to run fresh wires or install additional networks. That makes wiring the innards of cars easier and cheaper.

But by multiplexing signals from different devices on the CAN’s common communications channel, it is possible for vulnerabilities associated with an attack surface to talk to components that perform actual driving functions. For instance, it is not far-fetched to imagine an on-board cellular connection (such as GM’s OnStar network) being tricked into allowing hackers to inject malicious code into ECUs managing, say, the steering, braking or engine controls—courtesy of the shared CAN bus.

By far the best study to date of vehicle security is a survey carried out by Charlie Miller, formerly with the National Security Agency and now at Twitter, and Chris Valasek of IOActive, a security services company based in Seattle. The two researchers examined the remote attack surfaces of 20 popular models on American roads. In each case, they traced the network architecture along with all the computer-controlled features of the vehicles involved. In doing so, they were able to draw conclusions about how vulnerable, in principle, the various vehicles were to remote attack.

Of the half dozen attack surfaces Dr Miller and Mr Valasek analysed in detail for each vehicle, the most vulnerable in all instances turned out to be the on-board Bluetooth feature (“a very reliable entry point for attackers”), a car’s cellular radio service (“the holy grail of automotive attack”), and any browser-based internet connection available (“widely understood by attackers”).

The three most hackable vehicles—in terms of how their network architectures permitted attack surfaces to talk to components performing physical actions—were the 2014 Jeep Cherokee, the 2015 Cadillac Escalade and the 2014 Infiniti Q50. This being litigious America, the automakers concerned quickly found themselves in the legal cross-hairs, as owners sought financial compensation for their vehicles’ perceived vulnerabilities.

One conclusion of the study is that, like computer networks, vehicles need layered defenses, so that penetrating to the heart of the system, though not impossible, becomes increasingly tedious and costly for an attacker. Another obvious suggestion is that automotive networks like the CAN bus, along with its local interconnections, should be designed in a way that isolates ECUs that talk to the outside world from those that control critical functions within the vehicle.

Ultimately, of course, cars are going to need some method of detecting cyber-attacks, and to have the means to neutralize them. In one important way, threat detection is easier in cars than in the networks used in offices. On a CAN bus, for instance, only ECUs are engaged in swapping messages with one another; no gullible humans are involved—as they are in offices—to open back doors unwittingly to phishing attacks from cyber-crooks masquerading as colleagues or customers.

That makes it easier to spot anomalies caused by an attacker’s injected code. To capture the attention of a targeted ECU, a bogus message has to be sent at a much higher rate—anything up to 100 times normal—in order to swamp legitimate messages being received by the processor. A simple device that plugs into a car’s diagnostic port can easily detect such exceptional traffic and instruct the CAN bus to ditch it.

That is a good start. But it does not mean cars can be made immune to cyber-attack. There is no such thing as absolute security. As Dr Miller and Mr Valasek note, even firms like Microsoft and Google have been unable to make a web browser that cannot go a few months without needing some critical security patch. Cars are no different. All the more so once they start communicating with one another, as well as with traffic signs and other roadside equipment.

Consumers Spend 85% Of Time On Smartphones In Apps, But Only 5 Apps See Heavy Use

As reported by TechCrunch: New research on mobile behavior released today points to the growing struggle that app businesses face in establishing themselves as a must-have download on users’ smartphones. Today’s consumers are spending over 85 percent of their time on their smartphones using native applications, but the majority of their time – 84 percent – is spent using just five non-native apps they’ve installed from the App Store.

Those five apps will vary from person to person. For some, their top five could include social media or gaming, while others may spend more time in instant messaging.

This data further supports a study Nielsen released earlier this month which also reiterated that there does appear to be an upper limit to how many apps consumers use on a monthly basis. While this new study from Forrester Research examines where consumers spent the majority of their time, Nielsen’s report noted that users would only use 26 to 27 apps per month in total.

The new data on app usage comes from a Forrester Research study that analyzed 2,000 U.S. smartphone owners to better determine how users engage with the apps they have on their phones. According to the findings, communication and social apps account for the most usage – with a combined 21 percent of all smartphone minutes. Text messaging and voice calls were not counted, but would add to this total if they had been.

This trend also means that a small handful of companies are now dominating app usage. Facebook, for example, accounts for 13 percent of U.S. minutes spent on apps, followed closely by Google at 12 percent. Other big-name tech companies also see heavy usage, including Amazon (3 percent), Apple (3 percent), Yahoo (2 percent), Microsoft (1 percent) and eBay (1 percent.)

As a category, social networks claim 14 percent of all smartphone usage – or more than 25 minutes per day. Facebook is the leader here, with 1.25 billion mobile monthly active users.

[Note on the above chart: the large grouping referred to as “major category leader” includes the other leading apps that do not fall within the 6 companies evaluated for the research, such as Twitter, Firefox, The Weather Channel, etc.]

Meanwhile, U.S. users spend 4.8 percent of their smartphone minutes in instant messaging apps like WhatsApp, but globally, this figure is even higher. Worldwide, apps like WeChat, KakaoTalk, Line and others are seeing users spending 50 to 200 minutes with them per week. In the U.S., however, the phone’s native messaging application sees higher usage than IM’ing apps, accounting for 8 percent of minutes spent on smartphones.

Media is another popular category of apps with weather, news and sports accounting for 3 percent of all usage minutes. News leads here with a median of 11 minutes, 51 seconds per day. Mobile users’ interest and heavy use of news apps is likely why Apple decided to enter the space itself with the launch of the forthcoming “News” app which will be installed by default with iOS 9.

Games and Music account for 6 percent of smartphone usage minutes, while streaming video represents 9 percent of minutes. Here, YouTube leads with 43 percent adoption, but Netflix has the highest median use at 31 minutes, 33 seconds. Books and magazines represent 2 percent of smartphone usage minutes, which is actually fairly high given their long-form nature. Other categories like Shopping (5 percent), Maps/Navigation (6 percent), Email (non-native, 4 percent), Productivity (3 percent) are also popular.

Based on this data and other findings in the new report, Forrester advises businesses to design their apps only for their best and most loyal or frequent customers – because those are the only one who will bother to download, configure and use the application regularly. For instance, most retailers say their mobile web sales outweigh their app sales, the report says. Meanwhile, outside of these larger players, many customers will use mobile websites instead of a business’ native app.

Cambridge Brings the Internet of Things (IoT) to Livestock

As reported by Business Weekly: Cambridge Industrial Design (CID) has created the ‘udderly’ exceptional device for Irish client True North Technologies and it is now being trialed.

Packed with an array of sensors it tracks a cow’s every movement and is able to match this to particular behavior – such as grazing, socializing or simply lying down, chewing the cud. This information is then sent in real-time through mobile GSM networks to a central hub.

There it is analysed in conjunction with other data such as milk yields and grass length, which is monitored by the Grass Hopper measuring device, also designed by CID. enabling farmers to ensure that cows are grazing in the best area by creating location-based virtual electric fences using the cow bell collars, which confine them to specific pastures.

These geo-fences can be easily and remotely changed depending on grazing conditions – further increasing efficiency as they remove the time and manpower needed to manually put up and take down physical electric fences.

The collar is part of a pan-European project that also involves Teagasc (the Irish government agricultural research agency), Institute d’Laval in France and Agroscope, Switzerland.

Tim Evans, design director at CID, explained how Heidi met hi-tech.  He said: “Wearables, such as the Apple Watch, may be stealing the headlines, but tracking the behavior of cows is equally vital to farmers who want to best manage their grazing.

“In creating this sensor we took our inspiration from the traditional alpine cow bell, using a rounded shape to minimize the size and maximize strength. This ensures it is rugged enough to cope with being bashed against fences and feeding troughs, and simple enough for farmers to remove for cleaning and recharging.

The result moves wearable technology forward – and the cows think it is "udderly brilliant.”

Cambridge Industrial Design was also responsible for the manufacture of the cow bells, using one of its network of trusted suppliers. Created from super tough glass-filled nylon, they were manufactured using the Selective Laser Sintering (SLS) 3D printing process to enable fast prototyping and revisions during the field trial phase of the project.

“Contrary to popular belief, agriculture is increasingly reliant on technology to maximize yields and ensure the highest standards of animal welfare,” said Patrick Halton, managing and technology director, True North Technologies. “By combining our strengths in GPS and location technology with Cambridge Industrial Design’s skills we have been able to create an innovative, tough product that will help dairy farmers to optimize their operations.”

The cow bell is one example of Cambridge Industrial Design’s growing portfolio of wearable/location based designs. These also include the SureFlap pet door, which opens when triggered by the animal’s microchip, and the compact xNAV navigation module for drones.

The number of dairy cows in the EU 28 in 2013 stood at 23.475 million.  The UK had an estimated 1.84 million dairy cows as of June 2014.

There are over 65,000 dairy farms in the United States with an average herd size of about 100 per farm, with a median size of about 900 cows.  Pennsylvania for example, has 8,500 dairy farms with an estimated 555,000 dairy cows.  Milk produced in Pennsylvania yields an annual revenue of about US$1.5 billion.  

World wide the number of dairy cows in 2012 was estimated to be over 269 million, India having the largest number at an estimated 45.2 million.  Total world milk production is estimated to grow from 692 million tons in 2010 to 827 million tons in 2020, a 19% increase.

eLoran Signal Tests Start, Could Demonstrate GPS Backup Alternative

As reported by InsideGNSS: With worries mounting about jamming and other disruptions of GPS signals, officials took a step Friday (June 19, 2015) toward possibly establishing a backup for satellite navigation users in the U.S.

Congressman Frank LoBiondo, R-N.J., flipped a switch at a decommissioned Loran-C station in Wildwood, New Jersey, to begin transmission of an enhanced Loran or eLoran signal. The signal, which is part of a year long test, will be receivable up to a 1,000 miles away and will help establish whether the old facilities can become the foundation foe a reliable eLoran network to provide positioning, navigation, and, perhaps most importantly, timing (PNT) information in the United States.

Signals from the GPS constellation currently provide precise timing information essential to a wide range of critical infrastructure including the power grid, cell phone network, financial systems, and the Internet. Because of this and other GPS dependencies, U.S. officials are weighing a proposal to upgrade the now idle Loran-C installations to broadcast eLoran signals across the country.

Last month, the Department of Homeland Security (DHS) and the U.S. Coast Guard (USCG) signed a cooperative research and development agreement (CRADA) with Harris Corporation and UrsaNav to evaluate and demonstrate such a network. The Wildwood signal is part of that effort.

The powerful signals from an eLoran ground-based radio navigation system are widely seen as a cost effective backup for GPS and have been endorsed by leading PNT experts including the National Space-Based PNT Advisory Board. ELoran signals would be very difficult to jam and are able to reach underground, underwater, through buildings and into other obscured areas where the GPS cannot penetrate. GPS and eLoran operate on different frequencies and share no common failure points.

“eLoran is an ideal technology to complement GPS for critical, resilient and assured PNT,” said Ed Sayadian, then-vice president of Civil & Aerospace Systems at Exelis, which signed the CRADA in May and has since been acquired by Harris. “ELoran is a difficult to disrupt technology that offers PNT and wide area broadcast data capabilities indoors, in underground locations and other GPS-denied environments.”

“From international commerce to simple driving directions, GPS has transformed the way we live our lives and conduct business. Yet disruptions are increasing as demand skyrockets,” LoBiondo told Inside GNSS in a statement. “From my perspective on the House Coast Guard & Maritime Transportation Subcommittee and the Armed Services Committee, eLoran is the perfect complement to GPS with significant benefits and opportunities in both commercial and private applications, including unmanned aerial systems, which are currently being tested in my South Jersey district. It is clear the U.S. will continue to be the leader in global positioning technology with the deployment of eLoran.”

Harris and UrsaNav, a leading supplier of eLoran technology, equipment, and services, will work to assess the capabilities and potential utilization methods of the enhanced system — identifying strengths, capacities, and potential vulnerabilities of the technology.  The Wildwood signal will be turned on and off over the next year as part of the testing process.

“The recently released 2014 Federal Radionavigation Plan states that it is a policy objective of the U.S. government not to be critically dependent upon a single system for PNT,” said UrsaNav President Chuck Schue.

“The new Cooperative Research and Development Agreement between the DHS, USCG, Harris, and UrsaNav allows us to demonstrate a second, complementary system for PNT: eLoran,” Schue continued. “It was an honor to be here today as Congressman LoBiondo threw the switch that put eLoran signals back on air in the United States for the first time in several years. Although these signals today are only for test purposes, they are a testament to our government’s desire to make PNT an assured service.”

Plasma Resonance Could Overcome Radio Silence for Returning Spacecraft

As reported by GizMag: Returning spacecraft hit the atmosphere at over five times the speed of sound, generating a sheath of superheated ionized plasma that blocks radio communications during the critical minutes of reentry. It's a problem that's vexed space agencies for decades, but researchers at China's Harbin Institute of Technology are developing a new method of piercing the plasma and maintaining communications.

According to physicists Xiaotian Gao and Binhao Jiang of the Habin Institute, by redesigning the spacecraft antenna, it may be possible to maintain communications by setting up resonance in the plasma sheath. Essentially, this involves turning the layer between the spacecraft and the sheath into a capacitor in the antenna circuit. This causes the sheath to act as an inductor. Together, they create a resonant circuit.  

"Once the resonance is reached, the energy can be exchanged between them steadily and losslessly, like real capacitance and inductance do in a circuit," says Gao. "As a result, the electromagnetic radiation can propagate through the matched layer and the plasma sheath like they do not exist."

According to the researchers, the tricky bit is to keep the matched layer and the plasma sheath smaller than the length of the radio waves. However, Gao believes that it's possible to tune the craft's antenna to compensate

"We don't need to know exactly the properties of the plasma layer, but we need to know the ranges for these properties," says Gao. "The matched layer will be adjusted by an automatic control system, so we only need to know the ranges to make sure this whole system can work appropriately."

This isn't the first attempt to solve the blackout problem, but the team says that this is a lighter and simpler method that doesn't rely on the shape of the spacecraft to work. The researchers also say that the method could be applied not only to returning spacecraft, but also future hypersonic passenger aircraft, missiles, and ICBMs

Source: Journal of Applied Physics

Samsung Makes Big Trucks Transparent in the Name of Road Safety

As reported by The Verge: Back in 2009, Russian design house Art Lebedev introduced the dramatically titled Transparentius concept for improving road safety. It was remarkably simple: put a camera on the front of large, slow-moving trucks and connect it to video displays on the back, thereby informing trailing drivers whether it's safe to overtake the big rig. That's the exact same idea that Samsung is now pursuing with a new prototype truck. Making use of its abundance of outdoor displays, the Korean company has stitched together a video wall of four displays at the rear of the truck, which transmits video captured by a wireless camera at the front.

Samsung says it's now working to obtain regulatory approval for the deployment of its so-called Safety Truck, however the idea doesn't appear economically practical at large scale. The camera might be cheap and simple enough to install, but four displays per truck would be a major investment for any transport company to make, especially since it wouldn't lead to any direct financial benefit. Still, it's impressive that Samsung has managed to overcome the technical challenges (like solar glare) of realizing this otherwise laudable idea.

A more realistic solution to improving information while driving will be provided by Vehicle-to-Vehicle Communication (V2V) systems, which are expected to arrive in US cars next year. This is a form of networked intelligence whereby your car transmits data about its position, direction, and speed, and receives the same about cars around it. It can thus issue alerts about unsafe driving by others or notify of any collisions ahead even before any other drivers have had the time to react. In that way, V2V does even more than just give you vision the way Samsung's Safety Truck would, though making big trucks transparent is undoubtedly a much cooler application of technology.

SpaceX Augments and Upgrades Drone Ship Armada

As reported by NASA SpaceFlight: SpaceX’s aspirations towards recovering launched Falcon 9 first stages are continuing to focus on ocean based landings, ahead of realizing the goal of returning the cores back to land. With continual refinements to the approach, SpaceX have welcomed new and improved Autonomous Spaceport Drone Ships (ASDS), one of which has been sighted taking a cruise down the Panama Canal.

Marmac 300 – The First Drone Ship:

In November 2014, Elon Musk confirmed reports of SpaceX’s “Autonomous Spaceport Drone Ship (ASDS)” – providing an overhead photo of a 300-foot-long ocean-going barge with a deck widened with steel “wing” extensions to a span of 170 feet.

The barge sported a large white “X” logo in the center of two giant concentric circles, marking the spot at which Musk hoped the first stage of a SpaceX Falcon 9 v1.1 rocket would soon touch down during an ocean landing somewhere off the east coast of Florida.

Mr. Musk’s “drone ship” photo was the first visible evidence that SpaceX was serious about attempting to recover a launched first stage.

Earlier that year SpaceX had filed with the U.S. Patent and Trademark Office requesting a review of rival company Blue Origin’s patent for a method of landing a rocket stage at sea.

SpaceX claimed that the Blue Origin patent should not have been granted, since similar methods had been described by other inventors long before Blue Origin filed for their patent.

Evidently SpaceX had confidence it would prevail in the patent dispute, since the “drone ship” was unveiled to the public mere months after filing for the patent review, and long before a decision could be expected from the Patent Office – which later announced in March that SpaceX’s dispute had enough merit to go forward in a review process which is now ongoing but may not be resolved until 2016.

Soon after, photos appeared showing the drone ship en route to her new home port in Jacksonville, Florida.Mr. Musk presented his company’s first drone ship as using thrusters repurposed from deep-sea oil rigs, able to hold its position at sea to within three meters even in a storm, and perhaps able to allow future refueling and fly-back of the rocket stage to its launch site.

Despite its fanciful name, the drone ship was built on a rather mundane barge. The Marmac 300 had been a maritime workhorse for over 15 years, doing drudgery for its owner McDonough Marine Service that included being submerged beneath the keels of sunken vessels and then refloated to effect their recovery.

Now, in addition to wing extensions, Marmac 300 carried four diesel-powered hydraulically-driven thrusters for position-keeping, diesel fuel tanks and several large steel shipping containers at either end of the deck housing communications gear, an autonomous guidance system and additional equipment.

The drone ship was towed to her new home in the port of Jacksonville, to the north of the Cape Canaveral, probably relating to a decision to minimize her travel distance to the landing zone on rocket recovery missions, since Falcon 9 flights typically travel north-east from Cape Canaveral out over the Atlantic.

The winged Marmac 300 got her first chance to catch a Falcon 9 stage in January of this year, during the CRS-5 resupply mission to the International Space Station.

Unfortunately, the incoming stage ran out of the hydraulic fluid needed for operation of the aerodynamic “grid fins” used for precision guidance, and the stage crashed into the drone ship and was destroyed.

However, rather than downplay the mishap, SpaceX released spectacular video footage of the event and vowed to try again with extra hydraulic fluid. Also, the ASDS proved herself up to the challenge, sustaining only minor damage.

Afterwards, Mr. Musk noted she was being repaired and that she would be given the fanciful new name “Just Read the Instructions,” after a fictional spaceship commanded by an artificial intelligence in the Iain M. Banks novel “The Player of Games”.

On this first recovery attempt, SpaceX demonstrated what would become more or less their standard operating procedure. The drone ship left port several days before the schedule launch attempt, towed by a dedicated tugboat named Elsbeth III. Shortly after, the support ship “GO Quest” left port to join the convoy.

Once at – or near – the landing zone, Elsbeth III’s crew would presumably start up the drone ship thrusters and set her free to auto-position herself at pre-programmed GPS coordinates.

Elsbeth III and GO Quest – which appears to carry a large satellite dish on deck – would then stand off at a safe distance during the landing attempt.

The drone ship was fitted with deluge water jets that flooded the deck with ballast water from the barge’s tanks, for cooling the deck from the blast of the landing rocket engines.

Some time before the incoming stage was expected, the water pumps would be started and the deck flooded. Some of the on-deck photos later provided by SpaceX showed water jets flooding the deck as the incoming stage came into view.

During the landing attempt, the drone ship was transmitting video back to SpaceX launch control facilities for real-time visual monitoring of the landing.

It appeared during SpaceX’s webcast of this and later recovery attempts that SpaceX mission control personnel were seen to be watching a near-real-time video feed from the drone ship, based on their reactions as they watched their monitors, and based on Musk’s tweets shortly after the fact with details that suggested he had seen the event.

No crew were on board the drone ship during the attempt, hence the “autonomous” label.

Hans Koenigsmann, SpaceX’s Vice President for Mission Assurance, said in a press conference before the CRS-5 mission that it would take about one to two hours after a landing for the crew to safe the stage remotely before boarding the drone ship.

Remote-controlled safing activities would likely include venting pressurized helium from the fuel tank and venting residual LOX.

Once the crew had boarded the drone ship, the stage would be secured for transport.

Although Musk has said the stage would be stable because of the weight of its engines and their support structure at the aft end of the stage, he has mentioned that steel “shoes” might be welded to the deck over the feet of the stage’s legs for added insurance.

There have also beenmentions of chains attached between the deck and the aft of the stage.

Once back in port, the stage would be offloaded by crane, further safed – fuel drained, etc – placed on a “breakover” fixture to rotate it horizontal, then loaded onto a truck and transported by road to either SpaceX’s facilities in McGregor, Texas or SpaceX’s Spaceport America base in New Mexico for additional inspections and testing.

Following CRS-5, the drone ship’s next recovery mission came in February with the launch of the DSCOVR spacecraft for NASA.

Unfortunately, heavy weather at sea knocked out one of the four thrusters and SpaceX reported that 3-story waves were breaking over the deck.

The company called off the landing attempt on the drone ship, and “Just Read the Instructions” returned to port with visible damage to on-deck equipment apparently caused by wave impact.

Soon after, Mr. Musk reported that he planned significant upgrades to the drone ship so that it could handle “literally anything” in the future. As a result, the drone ship was subsequently fitted with a vertical steel bow wall and two more powerful bow thrusters.

Marmac 300 got her last shot at glory during the CRS-6 ISS resupply mission in April, but was once again thwarted by a wobbly landing of the Falcon 9 first stage, which touched down on deck but couldn’t keep itself upright and toppled over – rupturing its propellant tanks in dramatic fashion.

However, SpaceX had made progress, as the stage did not run out of hydraulic fluid this time and appeared oh-so-close to sticking its landing.

SpaceX also introduced a new innovation in making a video of the event, using a camera-equipped flying drone to launch itself from the ASDS, hover at a distance, take video of the landing attempt, and return to the ASDS.

Despite the temporary conflagration caused by the stage impact, the flying drone was able to return and land on the ASDS, allowing SpaceX to later recover the data card from the camera and publish the dramatic video.

Shortly after the abortive CRS-6 attempt the drone ship was towed back to the shipyard where she had been outfitted in Morgan City, Louisiana. In June, a new drone ship built on McDonough’s Marmac 304 barge appeared in Jacksonville as her replacement.

While SpaceX has not said why Marmac 300 was retired, she may have served as a prototype not intended for long-term service. Marmac 304 is a much newer barge that has not seen heavy prior use, and may be considered to have a longer life ahead of her.

Marmac 304 – The Next Generation:

The new drone ship built from Marmac 304 reported for duty at Jacksonville in early June, albeit in unfinished condition.

With dimensions virtually identical to Marmac 300, she carries some new features, including a steel blast wall erected between the rear containers and the landing deck, in addition to the steel bow wall as previously seen on Marmac 300.

Ongoing work visible on deck suggests that a second blast wall may be installed at the forward end of the landing deck as well.

These – and other preparations – are expected to render Marmac 304 operable in time for the upcoming CRS-7 mission to resupply the Space Station in late June.

Marmac 303 – Of Course I Still Love You:

Shortly after Marmac 304 headed east from Louisiana, her sister barge Marmac 303 left the same port and went south for the Panama Canal.

Carrying the wing extensions reportedly clipped from Marmac 300, Marmac 303 reached the Panama Canal on June 9 and began her transit June 14, exiting the Canal on the 15th.

Since the wing extensions – if attached – would make the barge too wide to transit the canal when attached, they were laid on her deck in sections as cargo and will be attached permanently when she reaches California in about three weeks.

Towing Marmac 303 is the tugboat Rhea, sister ship to the tug Elsbeth III which tends to Marmac 304. After being fitted with her wings and readied for service, she will go to work catching Falcon 9 first stages from SpaceX’s launch pad at Vandenberg Air Force Base.

Although no announcement has been made of her expected operational date, the upcoming Jason-3 mission from Vandenberg would be her first opportunity to attempt a stage recovery.

SpaceX has said they hoped to be permitted to attempt a return-to-launch-site landing of the first stage at Vandenberg, but to date it appears that permission may not yet have been granted, and the landing pad that would be used for such an attempt at SLC-4W was shown in a recent photo to consist only of graded earth with the concrete pad not yet poured.

According to Musk, the west coast drone ship will be dubbed “Of Course I Still Love You,” after another fictional spaceship from the mind of science fiction writer Iain M. Banks.

Future Plans:

The drone ship is apparently a mandatory stepping stone in SpaceX’s ultimate goal of having Falcon 9 first stages return themselves after launch with a “boostback” maneuver to the launch site, for a soft landing on terra firma.

SpaceX is now building landing facilities at both Cape Canaveral (LC-13) and Vandenberg Air Force Base (SLC-4W). According to Mr. Musk, officials have asked for “repeated, successful” demonstrations of a first stage landing on the drone ship before a landing attempt will be allowed at the Cape.

SpaceX is also building a new company-owned launch facility near Brownsville, Texas, for commercial satellite launches over the Gulf of Mexico. The Texas launch facility would be SpaceX’s third orbital launch facility and yet another potential base for drone ship operations.

Even after Falcon 9 first stages begin landing at launch sites, there may be continued opportunities for downrange landings on drone ships. Some higher-energy missions and heavier payloads would prevent the first stage from reserving enough propellant to boost itself back to the launch site, making downrange landing on a drone ship the only option for recovery.

Also, the drone ships may also be called on to recover stages from SpaceX’s next launch vehicle, the Falcon Heavy, which will have a central core flanked by two side boosters.

Both side boosters and the first stage of the vehicle’s core will be designed for autonomous landing, and Mr. Musk has said there may be missions in which the boosters fly back to the launch site but the first stage of the core lands downrange on a drone ship.

In his first “drone ship” tweet, Mr. Musk held out the tantalizing possibility that the drone ships would eventually allow recovered stages to be refueled, launched from the deck, and fly themselves home. Time will tell if SpaceX can make this dream a reality.

In the meantime, it seems increasingly likely that the company could pull off a successful landing of a Falcon 9 first stage on a drone ship soon, perhaps as early as this month.