2.3: Systems
Systems You Can Bet Your Life On Other Information:
Systems You Can Bet Your Life On -- Cyber-enabled engineered systems in which cyber capability is deeply embedded at all scales
-- and on which life and safety often depend -- must remain ultra safe, secure, and reliable. The challenge of building such
systems, often from fundamentally untrusted components, spans essentially every engineering domain. It requires the integration
of knowledge and engineering principles across many computational and engineering research disciplines (computing, networking,
control, human interaction, and learning theory, as well as electrical, mechanical, chemical, biomedical, nanobioengineering,
and other engineering disciplines) to develop a "new cyber-physical system science." Where we are now -- the complexity of
cyber-physical systems, including robotic and autonomous systems, is at a point where current methods are inadequate to anticipate
possible failure modes and guarantee safe, predictable, efficient operation. The world's leading automotive manufacturers,
for example, have suffered catastrophic product failures that resulted in enormous recall costs and loss of consumer confidence
with potentially huge economic consequences. Deaths due to infusion pump failures have reached such a high level that the
FDA has found it necessary to mount an initiative to investigate. At the same time, our appetite for systems of this kind
-- in which the engineered systems are monitored and controlled by computer and communication networks -- drives the steep
upward growth curve in system complexity. The dynamic, often decentralized nature of these complex systems places unprecedented
demands on the contributing areas of real-time computing, communication, networked control; on engineering for the physical
domains; and on verification, validation, and certification support for all of these. Over-design currently is the only path
to safety and successful system certification, leading to a mindset of optimizing for a narrow task instead of encouraging
adaptability and evolvability. Research needs -- we need to establish new, unified scientific and engineering foundations
to securely, safely, and systematically understand, build, manage, and adapt these complex systems -- cyber-physical systems
that remain reliable as they interact across internal subsystems, with each other, with human users, and with highly complex
and uncertain physical environments -- and we need successful exemplars of such systems. A core element of this agenda is
the development of new, more cost-effective approaches to certifying the quality of these systems, a challenge that today
consumes, for example, an estimated 50% of the resources required to develop new, safety-critical systems in the aviation
industry. Essential R&D areas include: * Comprehensive integrated design approaches for cyber and physical system events and
actions -- for example, exploration and simplification of both nominal and failure mode design for complex system environments
that may incur undesirable or hazardous emergent behavior * Improved models of system and human behavior that can provide
a framework for humansystem and system-system interoperation that can enforce safe operation in mixed-initiative systems.
For example, models should support interaction without introducing problems such as mode confusion or technology surprise.
* New approaches to fault tolerance -- system prediction, recovery, and adaptation technology for rapidly identifying and
avoiding potentially reachable failure states, and for maximizing effective fall-back and fail-safe recovery when these cannot
be avoided * Hardware, software, and control platforms and frameworks that support rigorous -- checked or verified -- composition
of system components and guaranteed regulation of component interactions * New scientific underpinnings and design approaches
for securing cyber-physical systems, addressing both cyber and natural or malicious physical disruptions (and interactions
of these) * Technology-supported certification approaches that are based on claims and analytic evidence, rather than merely
process-based checklists, and that can support modular certification of components and assemblies, with incremental re-certification
after system modification (e.g., knowing and certifying what exactly it is that you can trust, and why you can trust it) *
A new generation of design and analysis toolchains that can produce rigorous evidence for high-confidence system design, implementation
and evaluation. For example, these would integrate discrete and continuous mathematical models and support rigorous reasoning
about the interacting behaviors of cyber and physical components. They might include frameworks that equally support evaluation,
verification and validation (V&V), and certification activities, in addition to design and implementation.
Indicator(s):
|
