[SystemSafety] a public beta phase ??? [No Classification]

Barnes, Robert A (NNPPI) Robert.Barnes2 at rolls-royce.com
Fri Jul 22 11:04:30 CEST 2016


This message has been marked as No Classification by Barnes, Robert A (NNPPI)


I am not a safety specialist; I am a security engineer working with safety systems.  What follows is amateur speculation, informed by experience working with safety engineers, risk management systems, and a little bit of electronic warfare.  I hope that means it is not without value, and does not preclude me taking part in discussions on this mailing list.

The purpose of hazard and risk analysis, and extracting lessons learned from previous incidents, is eliminating or controlling hazards such that harm can be avoided in the future.  Part of that process is coming up with new or better ways of controlling hazards, which is what Les is proposing.  It is just the next step in this process.  Adding a caveat to that, this is a mailing list and nobody is performing a serious risk management process here - merely throwing ideas around.

I think that Les' radar reflector idea has merit.  Cars are already equipped with optical retro-reflectors and lights to improve visibility to legacy sensors (namely the Mk.1 Eyeball).  The cost of implementing and maintaining these controls is significantly less (pennies per year) than the cost and harm of driving into another vehicle in poor visibility (eg fog), therefore they are a Good Thing (tm).  As automated vehicles become more ubiquitous, ensuring that vehicles have a minimum radar cross section from important angles may also be an effective mitigation against the type of accident that befell Joshua Brown ie avoiding the automated vehicle equivalent of driving into another vehicle in the fog.  Given how cheap and simple corner cube reflectors are, it almost seems crazy not to if autonomous vehicles do become ambitious on the roads.  For new vehicles it is certainly possible to design the exterior profile to give the desired radar cross-section, without resorting to reflectors.

Returning to Joshua Brown's accident, a very similar thing happened many years ago on the A48 between Pont Abraham and Cross Hands in South West Wales.  It was foggy morning and the trailer of a white lorry turning right (remembering that we drive on the left in the UK) was blocking the carriageway.  A car travelling in the outside lane struck the trailer and the driver was killed.  Under certain circumstances, humans also have reduced range in detecting obstructions on the road ahead.

Speed was considered to be a contributing cause of the accident, as the appropriate thing to do in the situation would have been to drive at a reduced speed.  Often we make these risk management decisions subconsciously.  Driver aides have some capability to do this (the cruise control in my Renault Megane will disengage if a loss of traction is detected).  Would it be appropriate for automated vehicles to support degraded operation (eg reducing speed) in response to poor visibility (radar, IR, visible) or weather, or should the automation hand over to the human operator ("It's raining; you drive.")?

What's clear to me is that not all of the edge cases have been adequately explored yet; however, without inviting owners to participate in the 'public beta', these edge cases won't get discovered.  Perhaps a better way to describe the 'public beta phase' is that Autopilot is going through a phase of human-supervised learning.

Regards,
-Rob

-----Original Message-----
From: systemsafety [mailto:systemsafety-bounces at lists.techfak.uni-bielefeld.de] On Behalf Of Peter Bernard Ladkin
Sent: 22 July 2016 05:24
To: Les Chambers; systemsafety at lists.techfak.uni-bielefeld.de
Subject: Re: [SystemSafety] a public beta phase ???



On 2016-07-22 01:13 , Les Chambers wrote:
> In 24 hours My Tesla Motor Club post attracted 930 views and 22 
> replies. It looks like this is a very active forum biased more towards 
> solutions than the it'll-never-work-narrative - I find this refreshing.

Congratulations. Another star is born.

Do remember the System Safety List is about system safety. If you look at ISO/IEC Guide 51 you'll see what that entails, namely hazard, risk and accident and incident analysis. That's why you read people here writing about hazards, risks and accidents.

If you're looking for something else, such as amateur speculative system design, it does seem appropriate to join some forum where that takes place, as you seem to have done.

PBL

Prof. Peter Bernard Ladkin, Bielefeld, Germany MoreInCommon Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs-bi.de






The following attachments and classifications have been attached:
The data contained in, or attached to, this e-mail, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact +44 (0) 3301235850 (Security Operations Centre) if you need assistance. Please do not copy it for any purpose, or disclose its contents to any other person.

An e-mail response to this address may be subject to interception or monitoring for operational reasons or for lawful business practices.

(c) 2016 Rolls-Royce plc

Registered office: 62 Buckingham Gate, London SW1E 6AT Company number: 1003142. Registered in England.



More information about the systemsafety mailing list