Both industry and certification authorities have reason to be excited about the benefits and opportunities of reusing and building products for more than one domain such as aviation and automobiles. Cross-domain reuse in an increasingly complex world can inject novel technologies to conventional domains to increase safety. Such opportunities come with social and ethical responsibilities for the safe use of a product in the target environment, not just whether the product and evidence are acceptable to certification authorities. The evidence may be wrongly presented based only on the equivalency in the use of expected language in pertinent standards. The evidence should be based on the actual accomplishments met and whether those accomplishments are applicable towards design assurance and safety in the target domain and environment. Cross-domain reuse has many considerations. This talk is focused only on safety and security. Obviously, consideration of reuse must include functionality, use of standards in that domain, and certification concerns. All these considerations have undercurrents of safety as well as security. Let us focus further on three topics: 1. Derivation of risk: Derivation of risk depends on the target domain and the human/system use of the product. Also, the acceptable level of risk tolerance is inherently different in different domains. Aviation is one of the few domains where safety risk tolerance is codified. As stewards of safety in this society, we need to be aware of the real idea behind certification, and promulgate a safety culture to take responsibility for safe cross-domain use of the product throughout the product life. 2. Appropriate use of evidence: While acceptability for certification is important, the knowledge and evidence for why a product is acceptable is even more important. Evidence may have been produced in a previous domain that appears to be usable in a target domain. Only the basis for that evidence may have a different interpretation and implication in the target domain because the terminology for even simple terms such as "reviews" may not have the same meaning in different domains. Further, the same functionality may be used in diverse ways in the two domains. 3. Importance of systems engineering: There are certainly considerations that may be codified and delegated to checklists. But blind use of checklists makes a poor substitute for domain knowledge and engineering. Cross-domain use does not just mean that one could deploy a product. Continued safe use of the product in the target domain has specific implications for maintenance of the product as well as maintenance of the system of which the product is just one component. For example, an electro-mechanical system may need adjustments to maintenance cycles depending on the characteristics of the component commanding the mechanical actions. In general, we must make sure that component engineering is within the context of system safety and security. Opportunities of cross-domain reuse indeed come with responsibilities to understand, analyze, and engineer the product. Appropriate reuse considered in the system context can be a powerful tool to introduce newer technologies to solve complex problems.
展开▼
