If you have a regular reader of our blog, you have probably noticed that we already spoke about functional safety with our CEO Milan Bjelica in his interview.
But if you are new to our blog, we will try to explain some essential facts you need to know about the automotive industry, safety standards and the fact that we still don't have self-driving cars.
According to a snap published by the Daily Mail, people from 1960 imagined what the future would be like. They thought we would be driving in self-driving cars and playing board games around a coffee table at the beginning of a new century.
Alongside some other disturbingly accurate predictions, the idea of a self-driving car from the future is what we have today, or at least tech-giants want us to think that.
But, what does safety have to do with self-driving cars? Are our "self-driving" cars really that? What do people even know about safety?
Buckle up, and let's find out.
Safety and Safety-Critical Systems
To begin talking about functional safety, we must first talk about safety in general. In the last couple of decades, people started digitizing industries that traditionally had very little to do with computers. It all started with mobile phones and media, and then it started affecting different kinds of vehicles. Finally, today we have a digitalization of factories and industrial equipment.
So, there is a massive need for various applications, and software started engulfing everywhere.
The number of applications in factories, the media industry, cars, and other vehicles grows dramatically. Suddenly, there are now so many applications that can affect safety. Any system that can cause harm to people and the environment or damage to the property we call a "safety-critical system".
So, vehicles, aerospace, railways, factories are all safety-critical industries. This is a huge problem because we have a lot of new engineers from newly required fields that have little or no clue about safety. Essentially all IT people fall under this category - from media and communications personnel to embedded and software engineers. And, just like that, the dots start connecting. So, what's functional safety got to do with safety-critical systems? Well, everything.
What is functional safety?
Functional safety (FuSa) is a subset of general safety. If you want to make sure you are safe doing something, you must know what can go wrong. It would help if you analyzed safety hazards, which software people rarely do. It's not part of their education. While safety tells you how and what to do in order to make your systems safe, functional safety teaches you the functional behaviour that shall prevent an accident from occurring. If you have a machine, a computer, or a process that is your equipment under control, you need a safety function to monitor it constantly.
This function and its application allow you to gain information about what and how went wrong if it even was a system malfunction in the first place and immediately put the machine into a safe state. A good example would be applying brakes and stopping the car, turning off the heat, or pausing all robot activity. These are called active safety measures, and it's the essence of Functional Safety. So, FuSa is based on monitoring and intervening in order to prevent an accident.
Swiss cheese model
Let’s briefly take a look at the “Swiss cheese model” developed by Reason in 1997.
So, all of the slices are parts of the system, some barriers that stand in the way of an event becoming an accident. When we analyze the slices of cheese and the possible hazards, we have to figure out what can go wrong - this is represented by the holes in the cheese. Do we have some bugs in the software? Maybe some faults in the sensors? If our system fails in an active way generally, all of our holes become hazards, and all of them can become accidents. This is a great way to understand how these holes in the cheese appear, and what we can do to minimize the number of holes.
Why is functional safety important today?
Wherever we look, we can find software. Software is an essential part of safety-critical products such as cars, medical devices, and aeroplanes. The difference between these products and other, commercial ones is that safety-critical devices can fail and result in someone’s death. So, safety is important because lives are at stake.
Safety standards were designed because the software needs to be safe, reliable, and secure. At its core, functional safety is important because it protects people from harm.
We already use complex technology on a daily basis, and it’s difficult to imagine life without it. Because of this, it’s essential that our devices are safe to use. Functional safety is a pioneering field because it’s only recently getting the acknowledgement it deserves. Nowadays it’s becoming more and more important in industrial and consumer products. A big reason for this is that the controls are getting increasingly complex and they are safeguarding against more instances. This is precisely why all software engineers should get to know at least the basics of safety.
What is functional safety in the automotive industry?
Automotive innovations now centre more on software than mechanics, and there is a huge need for functional safety engineers who are also software experts.
In the words of our UCSD-approved instructor, Dr Bjelica:
“If something works algorithmically, it doesn’t mean it will run the same way on the road. Even more importantly, it will not necessarily yield safe results.”
“
If something works algorithmically, it doesn’t mean it will run the same way on the road. Even more importantly, it will not necessarily yield safe results.
Dr Milan Bjelica
Automotive functional safety traditionally meant taking care of the physical parts of a vehicle, so they don't wear out. Nowadays, it's also vital to account for potential software errors, especially since the so-called "self-driving cars" are out on the market. Therefore, it's best to look at functional safety in the automotive industry through this example.
Fully autonomous functionality can work great in controlled environments like factories. However, when we talk about life-threatening situations such as vehicle failure, we can't satisfy the current success rate. Precisely, for a car to be reliably safe, the error rate should be close to one in a million. Just because a car can drive itself for a long time on the highway or stay in its lane doesn't make it autonomous in the sense that most people imagined.
Are self-driving cars just a myth today?
Currently, the error rate of these self-driving cars is about one in 10,000. This might sound like a decent rate until we look at the ASIRT statistics:
“Approximately 1.35 million people die in road crashes each year; on average 3,700 people lose their lives every day on the roads.”
So, at this point, autonomous cars still require a licensed driver that can take over driving operations at any point in time. Only then can these vehicles be considered safe. For that reason, marketing these vehicles as autonomous or self-driving is a serious, possibly life-threatening mistake. The correct marketing language should be something like “advanced driver assistance”.
The goal of automotive functional safety engineers is to make all road vehicles absolutely safe, but this process takes time. Additionally, there is a lack of specialized training in this field, and the need for functional safety experts is only going to keep rising.
What is ISO 26262?
ISO 26262 is a Road Vehicle Functional Safety standard that was published in 2011. ISO 26262 applies to electronic and electrical systems that consist of software and hardware components in vehicles. It aims to ensure building and designing functionally safe vehicles through the supply chain. Among other automotive standards, ISO 26262 defines the requirements necessary to avoid hazardous risks caused by system malfunctions. It covers passenger cars, busses, motorcycles, and trucks. Implementing ISO 26262 ensures that the vehicle and its components will have a high level of safety from the start.
First of all - What are Automotive Safety Integrity Levels?
In order to understand functional safety ISO 26262 standard, we need to understand ASILs. ISO 26262 determines automotive-specific risk classes ASILs, or Automotive Safety Integrity Levels. ASIL defines safety measures and rigidity needed when developing safety mechanisms at all levels of the system. ASIL D is the most precise and safe level that every functional safety engineer strives to achieve. ISO 26262 also defines the requirements for the management systems. This includes planning for the functional safety lifecycle, configuration, and change management. Additionally, the ISO 26262 standard identifies the requirements for verification and validation measures to ensure a safe level of safety is being achieved.
Most importantly, ISO26262 is about how you develop things to be sure they are reliable. Which processes and methods do you need to follow? How do you design hardware and develop software in order to be compliant with Functional Safety standards? This is the most valuable thing to learn when it comes to safety standards.
What are automotive functional safety certifications?
Everyone in the automotive industry wants to work on big projects. However, the road to the top is a difficult one. There is a very specific hierarchy in place. At the top of the iceberg are OEMs, or Original equipment manufacturers, such as BMW, Tesla, and Daimler. Under them are companies that produce parts that are later built in cars, such as Continental and Bosch. Finally, there are suppliers of sub-parts and software companies that participate in the project run by OEMs.
This is where automotive FuSa certifications come to play. OEM sets certain quality assurance and safety standards that you need to comply with. In order to participate in these big projects, you need formal certification to prove that you can comply with these standards. However, you need to have concrete knowledge, not just a piece of paper that says you attended a 5-day course. This is why our courses are a great choice for motivated and ambitious engineers since we focus everything around actual hands-on experience.
In most cases, OEMs respect TÜV certification or audits. However, they can also accept formal certification by high education institutions, just like UCSD. Thanks to our UCSD-approved courses, we can offer legitimate certification, unlike many non-applicable ones on the market.
Where is functional safety used today in the industry?
There is a lot of different industries that rely on functional safety on a daily basis. The best thing about our functional safety courses is that they are applicable to any of these industries. There is only one specialized automotive functional safety course (Functional Safety Standards for Automotive) for those of you who find automotive particularly interesting.
Functional safety is used in the following industries:
Automotive industry
Machines and powerplants
Heavy machinery
Electric equipment
Process industry and factories
Nuclear power plants
Railway
Medical industry
Aerospace
What are the requirements to be an automotive functional safety engineer?
Whether you are an individual or a company, our courses can help you solve two possible problems.
You need (or want to become) a FuSa engineer.
In this case, it's a no-brainer. You enrol in one of our courses, get a certificate and get an excellent foundation to become a FuSa engineer.
Understanding safety and FuSa is vital for every engineer in safety-critical projects and industries.
This is possibly the most important thing to take away from this entire article. Engineers are pouring into safety-critical industries, and they need to be aware of all safety requirements and challenges. This is called "safety culture", and it desperately needs to be nurtured. Unfortunately, 2-3 safety experts can't teach 1000+ engineers about safety. We recommend FuSa courses to everyone, especially people working in safety-critical projects and industries.
If you think that there is something else left to explain around functional safety and becoming an automotive functional safety engineer feel free to write to us or leave us comments, and we will try to answer each request.
