Research & Development Projects

The Generic Nuclear Robotics Architecture (GNRA) is a new standard, currently at its initial states of creation, aiming to standardise the design, development, maintenance, and overall Through Life Capability Management of robotic systems for nuclear decommissioning and nuclear energy sector applications.

The GNRA standard aims to cover the following primary system types:

  • Platforms
  • Simulators
  • Digital Twins

We are researching and creating the initial structure of the GNRA documents, covering both the technical aspects and overall long-term management of the standard itself.

The programme is funded by the UKAEA in collaboration with TEPCO Japan, under the LongOps programme.

More information

We have been a long-standing (15+ years) member of the MilCAN Working Group, supporting the development, adoption, and maturity of the MilCAN Specifications. We have developed the official MilCAN Certification procedures and we have helped a number of companies and organisations to better understand how MilCAN works and how it should be properly and efficiently integrated within a system.

We are conducting internal R&D on the internal design on how MilCAN software should be designed to robustly meet the deterministic and operational reliability requirements of the specification.

We have developed from scratch our own embedded MilCAN Stack that meets the full MilCAN-A specification requirements. Our software is actively being used in a number of production platforms and systems. We have also created our own MilCAN Module Development Kit that provides a dedicated microcontroller running the MilCAN Stack, and can be connected to any common computing hardware via a standard USB interface. A custom library software allows the the MilCAN Stack to be fully controlled by any user application software.

What is MilCAN?

MilCAN, also known as Military Controller Area Network, is a communication protocol widely used in military vehicles and systems for data exchange and control purposes. It is based on the Controller Area Network (CAN) protocol, which is a well-established standard in automotive and industrial applications.

MilCAN extends the capabilities of the CAN protocol to meet the specific requirements of military environments. It provides a reliable and robust means of communication between various electronic components, subsystems, and devices within military platforms such as armoured vehicles, aircraft, naval vessels, and command centres.

The main purpose of MilCAN is to enable the exchange of real-time data and control commands between different military systems, including sensors, actuators, weapon systems, communication devices, and mission computers. It supports the integration of diverse equipment and facilitates interoperability, allowing different subsystems to communicate seamlessly.

MilCAN incorporates features to ensure secure and deterministic communication, which are vital in military applications. It employs encryption and authentication mechanisms to protect sensitive data and prevent unauthorized access. Additionally, it offers deterministic message scheduling, error detection, and fault tolerance to maintain reliable and predictable communication in harsh and demanding military environments.

By adopting MilCAN, military organizations can streamline their communication infrastructure, reduce wiring complexity, and enhance overall system performance. It enables effective coordination, control, and information sharing among various components, contributing to improved situational awareness, mission effectiveness, and operational efficiency in military operations.

We are conducting internal R&D on the internal design on the design and integration of Modular Safety Cases within complex Electronic Architectures, modular embedded software, and distributed communication.

We have been investigating and maturing the use of MSC in military land systems for many years, and we are using this knowledge to design better Electronic Architectures for high-integrity, safety-related, and safety-critical systems that can achieve a high level of long-term modularity and upgradability.

What is Modular Safety Cases?

Modular Safety Cases refer to an approach for managing safety in complex systems. A safety case is a structured argument, supported by evidence, that provides a compelling, comprehensible, and valid case that a system is safe for a specific application in a specific operating environment.

In the context of Modular Safety Cases, the safety case is divided into smaller, individual, and self-contained segments, each addressing a specific aspect of the system's safety. This modular approach allows for easier management and updating of the safety case as the system or its operating environment changes.

The idea behind Modular Safety Cases is to break down the safety argument into manageable and coherent modules, which can be developed and maintained independently. Each module focuses on a particular aspect of safety, such as hazard identification, risk assessment, safety requirements, or verification and validation.

The modular approach enables different stakeholders to focus on their specific areas of expertise and responsibilities, while still ensuring a comprehensive safety argument for the entire system. It also facilitates the integration of safety-related activities from different disciplines and promotes reusability of safety-related artifacts across similar systems.

Overall, Modular Safety Cases provide a structured and systematic approach to managing safety, promoting transparency, traceability, and comprehensibility of the safety argument in complex systems.

The Software Defined Vehicle (SDV) is an evolving R&D project where we look into the Electronic Architecture and the hardware & software infrastructure required to implement a fully functional and low-complexity military vehicle with Software Defined capability integration.

We consider an SDV to be able to provide the cost-effective and rapid integration of new capabilities and capability upgrades in the primary form of specialist software utilising existing computing and communication infrastructure, with the optional addition of new hardware modules.

Our approach does not rely on containers and VM and other such solutions that you'll find in IT and other commercial/industrial approaches to SDV infrastructure designs. We are creating our own distributed virtual OS that effectively creates a single "unified distributed computing platform" where all software modules effectively run as integrated applications (think massively parallel heterogeneous NUMA computing clusters). Our solution is purely C/C++ based with minimal external dependencies, making it highly platform portable.

This project includes a sub-project, the "Decoupled Crew Station" (DCS) investigation where we are creating modular platform Electronic Architecture for crewed vehicles that consist of two distinct and inter-changeable primary units, the base vehicle and the mission module. The DCS design effectively creates a plug-and-play electronic infrastructures with mission modules can be swapped without the need to redesign or reconfigure the base vehicle.

xNET is a bottom-up approach in designing a high-performance low-latency distributed communication architecture and application middleware with integrated safety and security.

The primary architecture design requirement of xNET is to leverage existing core and low-level networking and communication technologies (both hardware and software) in order to assemble and create the most cost-effective, efficient, and reliable solution possible with the available resources.

Typical capability-driven middleware designs tend to require the creation of complex component architectures, the development of high amounts of software components, and the coordination of complex synchronous and asynchronous internal component and external node interactions. Such top-down approaches can be very time consuming, costly, and have a high risk of accumulating technical debt.

Technical Characteristics

The xNET architecture utilises and builds on widely used existing and upcoming communication and security technologies and protocols such as:

  • IPv6, IPsec, and Software Defined Networks (SDN)
  • PKI Certificates
  • standardised and accredited encryption ciphers (AES, SPECK, etc)
  • abstraction and modularity design concepts (Data and System Modelling)
  • security management components (centralised & decentralised key management modules)
  • information and entity management and validation (certificate and blockchain based)
  • remote system access components for management, monitoring, and upgrading
  • application end-to-end source validation and information assurance
  • multi-path, self-reconfiguration, and self-healing technologies for enhanced resilience

Architecture Design

The xNET architecture defines and standardises how an embedded system communication architecture is designed, which protocols are used, how they are configured, and how they are used by the system applications. All these guidelines ensure the system maintains a high-quality level of operational security, safety, and resilience.

The following technologies have been considered for evaluation and integration:

  • OSI Layers 1 & 2: Ethernet, SDN
  • OSI Layers 3 & 4: IPv4/IPv6, TCP/IP, IPsec
  • OSI Layers 5 & 6: PKI, PKCS, Object-based Data Models
  • OSI Layer 7: Node watchdogs, cryptographic data guards, security monitoring modules, dynamic network/node reconfiguration and multi-path management agents

The technologies in layers 1 to 6 are primarily passive and facilitate the overall sub-system, intra-network, and remote intercommunication. The layer 7 technologies have a more active role within a device and the system as whole, operating within, along-side, and independently of the user applications handling tasks necessary to achieve the xNET concept requirements.


A high level of security is achieved through the use of fully standardised and encrypted network communication (Layers 1-6) with certificate-based authentication, ephemeral or static shared keys, and low-level network monitoring. Layer 7 components provide additional security monitoring and control services, suitable for both local and remote management of encryption and authentication configurations.

Safety / Resilience

The baseline of a security and authenticated communication system enables the consideration of high-level mechanisms to provide resilient and safe inter-application communication, making it possible to use the xNET architecture in safety-related and possibly safety-critical systems. Traditional safety-critical communication via very expensive safety-critical networks could be replaced by non-safety-critical networks with much higher bandwidth, functionality, and supply & support chain. This would make the xNET architecture suitable for advanced automotive, industrial, and military applications (active protection systems, fire-control, autonomous mobility), while being cost-effective enough to be used for secondary non-safety-critical sub-systems communication and increase security and resilience throughout the system architecture.