The Safety Engineer’s Dilemma

The recent recalls of millions of Toyota vehicles is shining, in part, a spotlight on the safety features of modern electronics systems.   The designer(s) of a safety-critical system can certainly “over-design” the system with several fail-safe mechanisms and egregious amounts of redundancy that are also accompanied by exhaustive/extended testing.  This could however be self-defeating in that the resulting system can become

  1. Too complex having its own inherent failure modes and also increasing exponentially the number of tests that need to be carried out.
  2. Too expensive and therefore unaffordable and impractical.

Conversely, if one puts in too few fail-safe mechanisms and too little redundancy (which will probably be only known in hindsight), the system could become vulnerable to non-negligible non-zero failure rates.  What is a safety system engineer to do?  This is the dilemma that a safety engineer faces.

I see two ways out:

  1. Imagine a nuclear power plant – the system must necessarily be “over-engineered” due to the catastrophic implications of system failure.  However, fortunately, it would appear that the benefits of cheaper energy make the end-system affordable, acceptable and practical (in at least some countries).   Storage of spent fuel seems to be a pending issue, and again over-engineering of storage containers and regions would appear to be the solution.    In other words, these are systems whose benefits are large compared to the costs of such safety-critical systems.
  2. In the automotive context, the end-system (the automobile) must still be affordable, which of course is a relative term.   The more advanced systems with at least a touch of over-engineering gets into high-end models first, and then slowly migrate to the low-end models.   Extensive data collection and conscious tracking of various tradeoffs made during design ought to be an integral part of the process.

Remember that the electronics and its associated software are what gives us the power, sophistication, features and flexibility we want.  Also, one must note that mechanical elements have their own failure rates as well (think worn out brake pads, broken or cracked metal shafts and even battery failure).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: