Zoltan Molnar is a functional safety engineer with Hexagon | NovAtel. After being exposed to functional safety in the oil and gas industry, he achieved functional safety certifications in the automotive industry. He expanded his expertise while working for Hexagon to include cybersecurity and software quality standards.
As vehicles gain greater connectivity, more refined Advanced Driver Assistance Systems (ADAS) and other capabilities marking milestones on the path to full autonomy, automotive functional safety and cybersecurity principles have converged.
Zoltan recently sat down to discuss this convergence and how companies in the Hexagon Autonomy & Positioning division, such as NovAtel and AutonomouStuff, implement safety concepts in complex automated systems.
Your functional safety expertise encompasses multiple industries — oil and gas, automotive — what are some of the core principles that you consider for safety assessments regardless of specific industry standards?
Since the ISO26262 automotive safety standard evolved on top of the IEC61508 industrial safety standard, there are lots of similarities in the safety assessment approach. Key elements, regardless of industry, are the need for availability of safety documentation with argumentation and references to evidence that the safety requirements are met and an assessment of fulfillment of both the development process and the technical requirements based on objective evidence. I find it important to note that it is necessary to have sufficient degree of independence between the safety assessor and the developing project team, also regardless of the industry.
The safety considerations in different parts of Hexagon's Autonomy & Positioning division are quite diverse, from relatively low-quantity builds of automated research and development platforms at AutonomouStuff to large-scale production of positioning technology at NovAtel. How do you approach safety certifications differently in those different scenarios?
Actually, the deployment scale does not influence the safety certification approach, if the need for safety has been identified. Safety of one is as important as safety of many. In the case of AutonomouStuff the safety certification is also considering the vehicle-level safety evaluation. In the case of NovAtel, a System Safety Element Out of Context, the GNSS positioning sub-system, is considered in the scope of safety certification. Users of NovAtel’s positioning technology would still have to conduct safety assessments and certification of the vehicle-level functions integrating the GNSS positioning sub-system.
Regulations such as the ISO26262 automotive safety standard are well defined, but cybersecurity regulations for vehicles are still evolving due to the relatively recent introduction of connected technology to automobiles. Why is this area important?
Unintended and malicious user interaction had to be always considered in safety analyses. What has changed for automotive is that the connected technology increases the attack surface, the ways that malicious interaction may happen, dramatically. Suddenly, taking control over a vehicle's internal data buses over the internet, while it is being driven, has become possible. New ways to circumvent safety mechanisms have emerged. The impact of potential large-scale safety risks due to cybersecurity threats is enormous, hence we see the large effort spent by the automotive and standards community to standardize dealing with these threats.
What cybersecurity standards does Hexagon's A&P division consider, and what is on the horizon for that area of functional safety?
Besides the IT infrastructure cybersecurity standards common to the IT industry, we have created a development cybersecurity process that implements the recommendations of SAE J3061. This process is fully integrated with the development and functional safety processes. We’re following the development of ‘ISO21434 Road Vehicles Cybersecurity’ by the ISO standards committee and plan to align our development cybersecurity process with this new standard upon its official publication.
How has the introduction of cybersecurity standards fundamentally changed functional safety engineering?
The fundamental change is that we now have a formalized framework to develop the risks from cybersecurity aspects and then to include these risks for consideration in the functional safety analyses. Previously, the handling of the cybersecurity aspects during safety analyses may have been resolved with different approaches and to different degrees, as opposed to the well-defined expectations now outlined in the standards. It is now necessary that functional safety experts become knowledgeable of the cybersecurity standards. At Hexagon A&P, we are taking a holistic approach to the certification process, considering the integrating systems and subsystems, not just individual components. We also assure that functional safety and cybersecurity assurance is integrated throughout the development life-cycle.