Innovation vs Safety: Hazard Analysis Techniques to Avoid Premature Commitment during the Early Stage Development of National Critical Infrastructures

摘要

Preliminary hazards analysis helps identify safety concerns during the early stages of development. However, these techniques rely on scoping studies and functional decompositions that can be hard to sustain without premature commitment to particular software architectures. For example, small alterations to the high-level design of a critical infrastructure can force radical changes in the underlying hazard analysis. This creates tensions – safety managers become “the enemies of innovation” if they oppose modifications that trigger additional hazard analyses. Equally, it can be hard for safety managers to control project costs if alterations force continual changes in their safety assessments. These tensions are compounded because many hazard analysis techniques have their roots in the 1960s when issues of scale, modularity and reuse were arguably less significant than today. These arguments are illustrated by the EATS project creating an Advanced Testing and Smart Train Positioning System for the next generation European Train Control System. EATS integrates a range of wireless infrastructures with input from Satellite Based Augmentation Systems to reduce reliance on trackside infrastructures. However, the dynamic, multidisciplinary nature of the work has created a need for continuous feedback on potential safety concerns as lab and bench studies innovate with novel software architectures and prototype implementations. We present a number of approaches that can be used to balance the need for design commitment to support safety assessments and the flexibility required in the early-stage development of critical infrastructures.