2.3: Systems
Systems You Can Bet Your Life On Other Information:
Cyber-enabled engineered systems in which cyber capability is deeply embedded at all scales must remain safe, secure, and
dependable – i.e., “systems you can bet your life on.” The challenge of building such systems, often from fundamentally untrusted
components, spans essentially every engineering domain. It requires the integration of knowledge and engineering principles
across many computational and engineering research disciplines (computing, networking, control, human interaction, and learning
theory, as well as electrical, mechanical, chemical, biomedical, nano-bioengineering, and other engineering disciplines) to
develop a “new CPS system science.” Where we are now: The complexity of cyber-physical systems, including robotic and autonomous
systems, is at a point where current methods are inadequate to anticipate possible failure modes and guarantee safe, predictable,
efficient operation. The world’s leading automotive manufacturers, for example, have suffered recent catastrophic product
failures that resulted in enormous recall costs and loss of consumer confidence with potentially huge economic consequences.
Deaths due to infusion pump failures have reached such a high level that the FDA has found it necessary to mount an initiative
to investigate. At the same time, our appetite for systems of this kind – in which the engineered systems are monitored and
controlled by computer and communication networks – drives the steep upward growth curve in system complexity. The dynamic,
often decentralized nature of these complex systems places unprecedented demands on the contributing areas of real-time computing,
communication, networked control; on engineering for the physical domains; and on verification, validation, and certification
support for all of these. Over-design currently is the only path to safety and successful system certification, leading to
a mindset of optimizing for a narrow task instead of encouraging adaptability and evolvability. Research needs: We need to
establish new, unified scientific and engineering foundations to securely, safely, and systematically understand, build, manage,
and adapt these “complex” systems – cyber-physical systems that remain reliable as they interact across internal subsystems,
with each other, with human users, and with highly complex and uncertain physical environments – and we need successful exemplars
of such systems. A core element of this agenda is development of new, more cost-effective approaches to certifying the quality
of these systems, a challenge that today consumes, for example, an estimated 50% of the resources required to develop new,
safety-critical systems in the aviation industry. Essential R&D areas include: * Comprehensive integrated design approaches
for cyber and physical system events and actions – for example, exploration and simplification of both nominal and failure
mode design for complex system environments that may incur undesirable or hazardous emergent behavior. * Improved models of
system and human behavior that can provide a framework for humansystem and system-system interoperation that can enforce safe
operation in mixed-initiative systems. For example, models should support interaction without introducing problems such as
mode confusion or technology surprise. * New approaches to fault tolerance: system prediction, recovery, and adaptation technology
for rapidly identifying and avoiding potentially reachable failure states, and for maximizing effective fall-back and fail-safe
recovery when these cannot be avoided. * Hardware, software, and control platforms and frameworks that support rigorous –
checked or verified – composition of system components and guaranteed regulation of component interactions. * New scientific
underpinnings and design approaches for securing cyber-physical systems, addressing both cyber and natural or malicious physical
disruptions (and interactions of these). * Technology-supported certification approaches that are based on claims and analytic
evidence, rather than merely process-based checklists, and that can support modular certification of components and assemblies,
with incremental re-certification after system modification – e.g., knowing and certifying what exactly it is that you can
trust, and why you can trust it. * A new generation of design and analysis toolchains that can produce rigorous evidence for
high-confidence system design, implementation and evaluation. For example, these would integrate discrete and continuous mathematical
models and support rigorous reasoning about the interacting behaviors of cyber and physical components. They might include
frameworks that equally support evaluation, V&V, and certification activities, in addition to design and implementation.
Indicator(s):
|
