Second Conference Day
8:00 am - 8:30 am
Registration and Welcome Coffee
8:30 am - 8:40 am
Opening Remarks From the Chair
David Higham -
Principal Functional Safety Engineer, WG11 (ISO/SAE 21434), WG8 (ISO 26262 and SotIF),
Delphi Powertrain Systems
David Higham
Principal Functional Safety Engineer, WG11 (ISO/SAE 21434), WG8 (ISO 26262 and SotIF)Delphi Powertrain Systems
8:40 am - 9:10 am
Keynote opening | Panel Discussion Between ISO 26262:2018 and ISO 21448:2019 Experts
Helen Monkhouse -
Chief Engineer - Functional Safety,
HORIBA MIRA
While ISO 26262 in now in its second edition, SOTIF just reached the CD status in October. Having originated from ISO 26262, SOTIF is supposed to complement this standard and the key question for those within the safety community is how to deal with performance requirements for both standards at once. Key areas to be discussed:
- How to integrate both standards to optimize safety
- How to adapt existing development processes to SOTIF
9:10 am - 9:40 am
SOTIF Background
Originally started as part 14 of ISO 262626, SOTIF became a standard on its own in 2018. ISO 21448:2019 safety of the intended functionality (SOTIF) is meant to complete ISO 26262’s view on E/E system malfunctioning by a look into hazards due to the environment or unintentional misuse.
- Background: how ISO 21448 was born
- Difference between the two standards and why they are important
- Why both standards are needed parallel to each other
9:40 am - 10:10 am
A Systems Approach to Autonomous Vehicle Safety using STPA
John Thomas -
Executive Director - Safety and Security Group,
Massachusetts Institute of Technology
- New systems-based safety techniques like System Theoretic Process Analysis (STPA) are being used for today‘s increasingly complex and automated safety-critical systems
- As a top-down analysis, STPA emphasizes the system‘s dynamic behavior including automation interactions and human behavior
- This talk will demonstrate STPA applied to autonomous vehicles to identify potential design flaws, missing requirements, human interactions, and unsafe software behaviors
John Thomas
Executive Director - Safety and Security GroupMassachusetts Institute of Technology
10:10 am - 10:40 am
Smart Testing of an Autonomous System
Michael Schlenkrich -
Senior Director Product Management,
MSC Software GmbH
Simulating environments and subsystems for the development and validation of ADAS and AD
systems is a challenging task which scales exponentially with the realism and fidelity of the
individual simulated components. This presentation will highlight the means to start on a massive scale with a scanning of the event space by minimizing the risks and maximizing the autonomous vehicle development efficiency. It will point out how to narrow in on „interesting“ edge cases that justify the use of highly realistic and detailed models that consume considerable time and computational resources. In the virtual world, the edge case detection is done by analyzing the millions of scenarios with thousands of parallel processes for billions of miles, faster than real-time simulation enabling the increased speed to deployable systems.
10:35 am - 11:10 am
Morning Coffee Break and Networking
11:10 am - 11:50 am
AD, CD and SOTIF – What Does it Mean in Combination with ISO 26262?
The upcoming SOTIF standard, ISO 21448, has as an aim to be complementary to ISO26262. The autonomous driving (AD) development is a revolution in the automotive domain in several ways, where the continuous deployment (CD) may imply that the cars on the road are getting a little more capable every few weeks. What is then a good way to compile a valid complete safety argumentation for each CD release, and what role do the safety standards play there?
11:50 am - 12:30 pm
Co-ordination of Safe and Secure System Development
Helen Monkhouse -
Chief Engineer - Functional Safety,
HORIBA MIRA
This presentation will compare and contrast approaches to functional safety (in the established standard ISO 26262) and cybersecurity (in the emerging standard ISO/SAE 21434) including:
- Alignment of lifecycles and activities
- Approaches to risk management
- Assurance activities – Extending safety cases/safety arguments to security
12:30 pm - 1:10 pm
Key Challenges to the Safety Assurance of Autonomous Driving
Richard Hawkins -
Senior Research Fellow, Assuring Autonomy International Programme (AAIP),
University of York
It is not just in the automotive industry that autonomy is a big issue. The level of autonomy in
safety-related systems is rapidly increasing in many different domains such as healthcare,
manufacturing, agriculture, shipping and rail. All of these domains face t heir own unique
assurance challenges, but there are also many common themes that emerge across domains. In this presentation I will identify some of the key cross-domain challenges and lessons in assuring autonomy, and discuss the relevance of these to autonomous driving.
Richard Hawkins
Senior Research Fellow, Assuring Autonomy International Programme (AAIP)University of York
1:10 pm - 2:40 pm
Networking Luncheon
2:40 pm - 3:10 pm
Safety Challenges in a Multi-Sensor Fusion System
Valentin Uritescu -
Fusion Chief Architect,
Continental Automotive
- SAE levels mapping with the system driving functions
- Safety requirements in the system driving functions
- From single sensor-based system to multi-sensor fusion based system
- Development processes with regards safety
- Industry standardisation of detection, fusion and deployment
- Future work
3:10 pm - 3:40 pm
Safe Design Constraint in Context of Automated Driving
Mohamed Abbaz -
Functional Safety – Cyber Security Metier Manager,
Valeo Schalter und Sensoren GmbH
- In the context of automated based on sensing environment based on sensors fusion, V2X connected car, GNSS localization/HD Maps, machine learning, artificial intelligence show the limitation of functional safety standard 26262 focus on electrical, electronic malfunction and also on current SOTIF PAS standard related to nominal performance even for automation level 1 and 2 functions.
- The presentation will present challenge risk, new technical counter measure approach and vehicle safety architecture impact considering fault tolerance new metrics approach to ensure balance between safety and availability for safe and robust vehicle automated driving
Mohamed Abbaz
Functional Safety – Cyber Security Metier ManagerValeo Schalter und Sensoren GmbH
3:00 pm - 3:30 pm
Panel Discussion: Functional Safety in Autonomous Vehicles
Valentin Uritescu -
Fusion Chief Architect,
Continental Automotive
John Thomas - Executive Director - Safety and Security Group, Massachusetts Institute of Technology
Richard Hawkins - Senior Research Fellow, Assuring Autonomy International Programme (AAIP), University of York
- What’s the safety landscape for AV
- Hardware and random failure risks associated with AI/Ml
- ISO 26262 and assurance of neural network systems
- Challenges of compliance with increasingly complex systems
- Streamlining safety arguments
- What is the fail-safe when a human driver is no longer in control
- The legal perspective
John Thomas
Executive Director - Safety and Security GroupMassachusetts Institute of Technology
Richard Hawkins
Senior Research Fellow, Assuring Autonomy International Programme (AAIP)University of York
4:10 pm - 4:40 pm
Afternoon Coffee Break and Networking
4:40 pm - 5:10 pm
Deep Dive Session: Assuring Safety of Systems with Machine Learning Components
- Short introduction into machine learning approaches
- Challenges with respect to safety assurance
- Presentation and discussion of approaches to provide assurances for ML components and to create safety evidences
- Approaches to engineer safety supervisors
- Integrated Safety and ML engineering lifecycle, integrating hardening of ML components and engineering of safety supervisors
5:10 pm - 6:00 pm
Mix & Discuss | Choose one of the below topics and elaborate each with experts from the conference. For the topic you choose you have 30 minutes to discuss it in your group
A1 | Adapting the SAFe (Scaled Agile Framework) to Support Compliance to ISO 26262
John Öster, Director Global Management Systems & Tools, Volvo Cars
A2 | Challenges in Validating Autonomous Systems
Gareth Price, Functional Safety Manager, McLaren Applied Technologies
A3 | Safety Challenges in a Multi-Sensor Fusion System
Valentin Uritescu, Fusion Chief Architect, Continental
A4 | Developing A Robust Safety-Culture
Mark Hirche, Lead Functional Safety Assessor, Volvo Technology AB
Stefan Andersson, Director of Product Safety, Volvo Technology AB
A5 | Challenges in Achieving a 26262 Certification for a Battery Management System
Ole Tidemann, Functional Safety Manager, Lithium Balance A/S
B1 | How Safe is Safe Enough? Challenge in Defining What is “Sufficiently Safe”
B2 | The Impact of Legislation on SOTIF and the Impact of SOTIF on Legislation
Haneet Mahajan, Functional Safety Engineer, MAGNA ELECTRONICS
B3 | The Interplay of Safety and Security
Emrah Eminoğlu, Head of Functional Safety and Cyber Security for Autonomous Vehicles, Tomtom
B4 | Collaboration Along the Value Chain – Discussing an Industry-Wide Scenario Database and a Cross-Industry Collaboration on Safety Analysis (e.g. HARA)
