Bjelica’s book “System function and safety: A flipped approach to design for safety” is coming in November
When we talk about pioneers in the field of the automotive industry, it’s very important that we introduce you to one of those who recognized the importance of investing in knowledge, and who work on it intensively with great enthusiasm. Prof. dr. Milan Bjelica, the CEO of NIT Institute is an experienced researcher, educator, and industry veteran with 15 years of experience in complex programs in the fields of consumer electronics and the automotive industry. He participated in the early designs of the new generation of autonomous mobility solutions with a strong focus on safety. He is also an associate professor at the Department of Computer Engineering at the University of Novi Sad, and an instructor of the functional safety program at the University of California, San Diego, USA.
Your book "System function and safety: A flipped approach to design for safety" will be published in November. The expectations are high, so can you tell us more about what you put in the foreground?
"What I have noticed in the past decade is that the digitization process of industries in which digitization was a relatively manageable challenge is ending. In the nineties, television was first digitized, then communication and media through applications and solutions for mobile devices and the Internet, ending with the digitization of mobility (cars). The development of networked autonomous cars, which are entirely based on digital technologies, hardware, and software, is underway. The following industries that are next in line for digitization are particularly safety-critical – Industry 4.0 includes the digitization of production processes, smart factories, autonomous processes, smart cities with modern railways, the Internet of Things, and new solutions for the aerospace sector (new versions of aircraft that we should expect, space programs). These industries are based on safety-critical systems that require new knowledge for their design. These are engineering skills that largely require software design and development.
Unfortunately, today's software, hardware, and electronic engineers generally do not have much knowledge about the safety of technical systems. That fact was the basic motivation for writing the abovementioned book, but also for creating the complete System safety and Functional safety program within the NIT Academy. This program covers the field of system security using modern examples from current industrial projects, and participants can get to know the current methods of designing safety systems both through the book and through the courses. The focus of the book is on system safety and functional safety terminology and standards. The participants are introduced to the techniques of meeting the requirements according to the standards (eg IEC 61508, ISO 26262, etc.), how to correctly implement the safety process, and how to design a system, including hardware and software architecture, which should be functionally safe. The approach to presenting the material is also very interesting, as it is one of the first books on the market that is fully accompanied by digital material, i.e. examples, exercises, tasks, and links to video lessons that accompany the written material. This teaching methodology is a flipped classroom, hence the subtitle "A flipped approach to design for safety".
Automotive engineering is undoubtedly a hot topic. Where are we as an industry in this, and where can we be?
"Serbia is still in one of the initial stages of development in automotive engineering, so NIT Academy is mostly focused on the foreign market. What is encouraging is that R&D development departments, where there is a lot of software implementation, are opening more and more in Serbia, and our teams are starting to work on more sophisticated projects and components. There are large Tier 1 companies like ZF and Continental, but also a lot of Tier 2 companies where we have a large number of software companies that develop software for the automotive industry, and I think that Serbia is also slowly approaching world trends."
In a lecture at this year's SEEA conference, you said that when we talk about autonomous driving, the key is software and algorithms that process a large amount of data from a large number of embedded sensors. Can you clarify that for us?
"Software becomes the key in autonomous driving, i.e. mobility, precisely because of its complexity. It is easily overcome by programmable components such as processors or systems on chip (SoC) components. Thus, the complexity was previously overcome in the domain of multimedia, computers, and mobile phones. Now we want to use a similar approach in cars as well, which is much more difficult because it is a safety-critical system. Algorithms that are required for e.g. autonomous driving, which are mostly based on machine vision and artificial intelligence, can only be implemented with complex software".
So the software addresses the challenges posed by the complexity of autonomous vehicles?
"Right on. Instead of having an extremely complicated physical system architecture, now all the complexity can move into the virtual domain. Instead of having many hardware modules, now software modules can be set up, configured, turned on, turned off, updated, and taken from different vendors. In this way, changes in hardware can be minimized, while the complete development, feature enhancements, and integration are transferred to the software domain.
So software really becomes the key part of the automotive industry, but at the same time the main challenge now, due to the complexity of the software architecture and security problems that have largely shifted to the software sphere. Software engineers now need to have the entire knowledge of systems engineering, requirements analysis, functional security, and software engineering with an emphasis on processes, and this is something that we have to keep in mind as a new reality and the need for adequate recruitment and training processes".
Does the software also affect the organization of companies that manufacture cars or their components?
"Departments that previously in Tier 1 companies mostly dealt with electronics and electrics of cars, are now increasingly turning to software. Even completely new software departments are being opened where fellow software engineers who do not have much experience in the automotive industry, in automotive engineering, and do not have experience related to system safety and functional safety are being accepted. That's where I really see room for high-quality education programs like NIT Academy has. Together with the University of California, we provide all the necessary knowledge for this area and enable upskilling and reskilling. It's a process where colleagues who previously worked in another field in the automotive industry will now become engineers ready to tackle modern software-based challenges. Also, colleagues who are software engineers can learn all the peculiarities of the automotive industry, in order to contribute adequately to the development of safe software".
Positions in the automotive industry are also open to people without experience, if they have studied software. Most of them come straight from college where they had no exposure to automotive software engineering. How are they approached?
"It depends on which approach is used. Companies spend an enormous amount of time training people through projects, and in general finding out what it takes to train someone. The transition of engineers or entire companies from consumer electronics or general computing to the automotive field can be quite long. Companies often lose three to five years to qualify their processes, personnel, and knowledge. That process can be significantly accelerated with adequate education programs. The duration of the education program, of course, depends on the profile of the engineers who join the program, however, three to six months is a feasible period in which we can upgrade our knowledge so that teams can be created that can perfectly respond to the challenges of new automotive projects."
How much time is spent on training within the program?
"Training is organized in blocks that are implemented in order and cover all relevant areas, starting with the necessary software environments, such as AUTOSAR classic or AUTOSAR adaptive, the much-needed programming languages with examples of applications in the modeling of car systems (such as C++) or the C language for embedded applications, usually to implement real-time functions. All necessary quality assurance processes, such as ASPICE related to software development, are also covered in detail. The area of system safety and functional safety is specially dealt with through the ISO 26262 standard. This way, the definition program can be mastered in three to six months, and that's how you learn on the job. Often, companies meet the participants and donate two hours of their working time for learning, so that the working day is shortened to six hours and the rest of the time can be devoted to training. Some participants need additional time, but the whole process is feasible in practice with work."
There are many job openings for people in the automotive industry. Are there enough engineers to fill those positions?
"No, there aren’t. There are engineers who have no experience in the automotive industry, while those with experience are very few. Those with experience are usually already working and are very well paid. There is a lot of room for further training and retraining, fortunately there are programs for such a thing".
How do you comment on the problem that our faculties do not have safety-related subjects in the curriculum?
"It is not only a problem of education in Serbia. This is how education is in the world as well, which is slow to catch up with the demands of new industries. The problem of safety is traditionally associated with mechanical engineering and possibly electronics and energy. Computer hardware and software are very poorly covered by system safety examples and processes. In traditional solutions, the amount of software is minimal, e.g. in the aircraft industry where for this reason a dramatic redesign of the aircraft control system has not yet occurred. I would say that the need for modern curricula will be recognized more and more, which will see that the development of software and complex systems for safety-critical applications are unavoidable".
Why does our school system not recognize the urgent need for automotive software engineers, given that many things are already becoming safety-critical? When is the right time for engineers to start studying?
"It is not entirely true that our education system does not recognize the need for automotive software engineers. This need is recognized at some faculties, for example at the Faculty of Technical Sciences in Novi Sad, however, there is great inertia in training. Faculties are dedicated to undergraduate studies, providing a good, broad foundation. However, when we talk about the specific requirements of modern industries, effective upskilling or reskilling programs are needed, where faculties do not have the necessary agility. Special providers of lifelong learning programs such as NIT Academy represent a very good blend between education and industry. Most of the colleagues who work at NIT have experience in education and come from the university, they have doctorates, but at the same time they work in the industry, so they have fresh knowledge from the industry, fresh examples, and fresh understanding of the needs of the industry itself".
To what extent is "Safety culture" fostered here - a complete understanding of safety?
"I would say that this culture is at a very low level, especially among the younger generation, so a lot of work really needs to be done there. Starting with company management, steps must be taken toward understanding safety issues and safety culture as something that is really important. Simply hiring a safety engineer isn’t a solution. If a company wants to develop systems that are safe, it needs much more than a safety manager. They are just one link in the chain. Everyone must be able to correctly perceive, understand, and participate in the entire process. The safety manager is there to correctly record processes, requests, and so on, but that is definitely not enough as such. This problem can be solved with systematic training and it is great that such a thing exists in our market. Companies that invest in education can definitely solve the problem not only in the medium or long term but also in the short term. A huge problem arises if the systems are not developed in the correct way, because sooner or later there will be a complete redesign of the entire system, or a large part of it. We don't even need to talk about the costs of such a mistake".
You designed the program Functional Safety Fundamentals for Automotive (FSFA) and you conduct it in cooperation with UCSD, which means that you recognized the need of the market and the lack of staff. What was that road like?
"It was extremely painstaking. For years we have been gathering knowledge for creating such a curriculum through industrial projects. We have carefully selected associates and their basic professions. The key moment was when we realized the need to systematize knowledge in a way that could present itself to a wider student audience. This was done precisely thanks to the NIT Academy and the didactics that exist there, as well as the formal education and certification that our instructors first passed. I can freely say that we made a great team. We are still waiting for the moment when the industry is fully aligned in understanding security and that program is run on a larger scale. It has been active for two years already, last year we got 20 new FSFA certified engineers, which is great - but considering the need, I see that there is a huge room for expansion".
