C. Warren Axelrod

Automobile Safety Systems ARE Subject to International Standards

In all the discussions, which I have read in newspapers, or seen online and on television, about the Volkswagen “defeat device” software deception, there have been few, if any, references to international standards that should be applied to safety-critical systems in general and to automotive vehicle systems in particular. Well, they do exist in the form of IEC 61508 (Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems) and ISO 26262 (Road Vehicles – Functional Safety).

The IEC (International Electrotechnical Commission) defines “safety” and “functional safety” as follows (see http://www.iec.ch/functionalsafety/explained/ ):

“Safety is freedom from unacceptable risk of physical injury or of damage to the health of people, either directly or indirectly as a result of damage to property or to the environment. [emphasis added]

Functional safety is the part of the overall safety that depends on a system or equipment operating correctly in response to its inputs.

Functional safety is the detection of a potentially dangerous condition resulting in the activation of a protective or corrective device or mechanism to prevent hazardous events arising or providing mitigation to reduce the right consequence of the hazardous event.”

It’s not exactly clear where the VW malware fits into this schema since the above definitions do not really contemplate deliberate sabotage of a system by manufacturers themselves. However, it is pretty obvious that the VW defeat-device software does not meet the general definition of safety. With regard to functional safety, it sort-of meets the criteria, except that, from VW’s point of view, the software was working “correctly” and they had no intention of preventing “hazardous events.”

The real question here is: How enforceable are the IEC and ISO standards, such as IEC 61508 and ISO 26262? Well, first we need to distinguish between ISO compliance and ISO certification. “ISO compliance” can be attributed based on reviews by an accounting firm, for example—no specific expertise is required. On the other hand, “ISO certification” means that qualified individuals have examined the policy and procedures and ascertained that those of the company are satisfactory with regard to the ISO standard. As with other reviews and certifications of this nature, they usually apply to a particular process at a specific point in time. They cannot be generalized to the company as a whole, nor do they extend into the future. They also do not dive deeply into the technologies themselves. Nevertheless, the certification does provide some measure of assurance that the company takes things seriously, in this case functional safety—or does it?

TÜV Rheinland claims to be “a worldwide neutral test and certification institute” which supports companies “to develop and manufacture safety-related products and systems” to be compliant with “relevant standards” such as IEC 61508 and ISO 26262. In an online presentation on functional safety, TÜV lists a number of client companies as automotive clients, such as Ford, Bosch, Nissan and Delphi, but while it does not show VW as a client, they may well be (or will soon be) a client. On another slide, VW is shown as being “involved in the creation of ISO 26262” and purportedly was in the process of setting up their systems according to the standard. By inference, VW is likely to be ISO compliant. But that begs the question that, if VW is indeed managing against ISO 26262, how could they have passed the defeat-device software? We may well find this out as the investigation proceeds.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*