Aggiornamenti normativi settoriali An interview with Dr. Zhu: Automotive safety and security are essential for future technologies
Autonomous vehicle technology is evolving rapidly, but it must be thoroughly designed, implemented and tested to ensure the overall safety of all road users. Dr Ke Zhu is the new Vice President Automotive Safety and Security at TÜV SÜD. While Dr Zhu is mainly responsible for the operative business, the highly autonomous driving team of Dr Houssem Abdellatif, Global Head of Automated & Connected Driving, focuses on the research and development of appropriate new services. Both teams closely work together and form a perfectly functioning organization between the development of TÜV SÜD services via funded projects, pilot projects and research work and the transfer of this work into operational and scalable services for our customers. In the following interview, Dr Ke Zhu discusses the safety challenges that the industry faces, especially with regards to automation technologies and how they should be addressed.
Dr Zhu, you joined TÜV SÜD last December, with more than ten years of R&D experience - please tell us a little about your experience in the automotive sector and the main changes you are currently seeing in this industry.
Before I joined the automotive sector, my PhD investigated various automated mobility topics, including computer vision, localisation and parallel programming. This gave me a deep technological understanding and strengthened my analytical skills from a scientific perspective.
My first challenge within the automotive sector was to lead the development of an active chassis sub-system on the world’s first domain controller, using environmental sensors. Subsequently, I was responsible for building a new environmental model and data fusion competence centre. This enabled a comprehensive understanding of a vehicle and delivered situate information of autonomous functions, such as highway pilot and automated parking.
As TÜV SÜD is a neutral third-party organisation, it was the ideal fit for me to use my automated mobility experience and to build a team which focuses on adding both safety and value to innovative products. A new era has begun, as the industry evolves from ‘automotive’ to ‘mobility’. Technical innovations such as AI, connectivity, electrification and big-data are enabling us to develop novel mobility products and services. However, as system complexity and function automation increase, so safety and security become ever more important and must be considered during vehicle development and production.
New technologies also bring new challenges as they must be integrated quickly into existing and new products. Many companies, which include both traditional car makers and new market players, are therefore breaking the usual development lifecycle by defining novel business models that introduce cutting-edge technologies into production.
What are your responsibilities at TÜV SÜD?
Currently, I have two roles at TÜV SÜD. Globally, I am responsible for building our strategy, competences and operations in the area of automotive safety and security. This will ensure that all regions have a highly aligned vision and implementation plan. Regionally, I am leading the department of Safety for Electronics and Electrics (E/E) Systems in Germany, which is the global hub for technology development and training applications.
What do you think about current standards like ISO 26262? Do they meet the challenges associated with the functional safety of automated driving systems?
No, definitely not. The main scope of the ISO 26262 standard is to handle E/E system failures for an individual vehicle, and it is not mandatory for vehicle homologation. Also, the cause of potential hazards for an automated system is not yet covered, even though the introduction of automation technology makes functional safety assessment essential.
A revision of the existing standard is therefore required, to more specifically address the functional safety issues associated with the operation of driverless vehicles. This should include the vehicle environment (in/around a vehicle), the communication/connectivity, infrastructure and multi-agent interactivities. Currently, the definition of standards, such as Safety of The Intended Functionality (SOTIF), is in progress and should close the gaps of performance limitation and insufficient situational awareness.
What are the possible solutions for closing the regulatory gaps for new automation Technologies?
The specific safety definition of Automated Driving Functions (ADF) consists of two parts – ‘safety of ego sub-system’ and ‘environment sub-system’. In an intelligent and connected ego-vehicle, we face safety challenges such as the failure of E/E systems, performance/behaviour limitation, and misuse of the function by the user or automated system.
For the environment sub-system, we must consider building additional system redundancy by using passive reflectors or sensors. These can extend the physical limitations of in-vehicle perception sensors and be easily integrated into the existing infrastructures of highways or parking lots.
Dynamic real-time traffic and back-end server information allow global conditions to be derived for the safe use of ADF, and also provide the highest accuracy in the relative localisation of safe and free space. In addition, in a hybrid situation the interactive behaviour of an intelligent system with other traffic participants has an impact on the safe application of ADF. All this must therefore be taken into consideration when developing standards and regulations for both technological developments and applications. To close the existing gaps, we need a cross-industrial collaboration and an aligned top-level design, at both national and international levels.
Figure 1:Beside considering safety aspects within an ego-vehicle, the definition of ‘system’ is extended to the environmental infrastructures and includes the interaction of a hybrid traffic system.
While the industry waits for the regulatory authorities to catch-up with the growing complexity and connectivity of autonomous driving technologies, how is TÜV SÜD approaching safety testing of automated vehicles?
The testing methodology must be adapted to currently developing trends and must therefore be data-driven and probabilistically validated. Consequently, we have been evolving our tool-chains for both virtual testing and scenario-based physical testing over the last few years.
TÜV SÜD is also involved in developing new standards like ISO/PAS 21448 (SOTIF) and we are creating global testing benchmarks for safety inspection and validation. In the US, we collaborate with start-ups to understand the current needs and what exactly must be tested for future mobility solutions. In China, we analyse how we can make use of big-data for testing purposes. In the Czech Republic, we focus on testing equipment and training engineers for physical testing. In Germany, we develop testing frameworks and methodologies. And recently, TÜV SÜD and our American and Chinese partners founded the International Alliance for Mobility Testing and Standardization (IAMTS). I believe that this platform will offer a significant number of possibilities for cross-regional and cross-industrial safety testing collaboration.
What does the future hold for autonomous driving safety developments and especially for AI Systems?
Future (serial) safety development must be big-data driven and specified for a targeted scenario, as a clearly modelized scenario is fundament to achieving a measurable function scope and safety boundary. Each scenario model should be equipped with reproducible testing data, both in virtual and physical environments.
As AI is one of the main enablers of autonomous driving, safety developers must have a clear understanding about the effects errors have on the performance of the end system in the AI development value chain. For example, it must be clear what the effects of data annotation on the performance of the object detection model would be. Also, verification and validation of every single stage within the product development cycle is essential. This includes data collection, data structure, labelling and the final product, which is the algorithm or the model.
Lastly, moving towards AI models that are more interpretable would help identify those cases in which safety objectives could be violated. Furthermore, as the development of AI and machine learning models become more streamlined and automated, additional safety components should also be included, and may also be automated to some extent.
About the expert
Dr Ke Zhu is responsible for TÜV SÜD’s global automotive safety and security operations, and also leads the department of Safety for Electronics and Electrics (E/E) Systems in Germany. Born in China, he has lived in Germany since 2001, and is a computer science graduate from the University of Duisburg-Essen (study focus: Computer Vision & Neural Network) and guest researcher at the University of Saskatchewan, Canada. He wrote his diploma thesis, about ‘Simultaneous Localization and Assignment for Autonomous Robots’, with the Fraunhofer Institute IPA Stuttgart. During his Doctorate at the Technical University Munich, he was involved in projects with DLR (German Aerospace Center) and investigated the topic of ‘real-time large-scale data processing of satellite and aerial images’.
During his career he has gained in-depth academic and industry experience. This has included being responsible for the development of an active chassis control system, using environmental sensors, at a premium German OEM. He was also team leader for Embedded Software ADAS/AD, later progressing to become Head of the Compressive Environmental Model (CEM) and data fusion ADAS/AD at one of the biggest system Tier one.