|
I love Open Architecture (OA). I am delighted that I can plug a device into my computer's USB port and have it recognized and in use in an amazingly short time. I have to say that I remember the days of flipping toggle switches and watching the binary flash on the individual LEDs in order to load the program that would activate the home-built interface from the computer to the paper tape reader, so I think OA stuff is great. Long live Commercial Off-The-Shelf (COTS) equipment built to open systems standards!
My concern is (you had to know that was coming, right?) that the rush to implement OA will cause us to miss some of the realities that I believe system safety can illuminate. My concern was raised this summer during a seminar on OA, which has been mandated by the Navy. This seminar was an overview intended for program managers and others new to OA, so it was expected that some of the finer points of OA implementation would be glossed over. When the statement "Processor speeds have largely outstripped requirements for determinism" was made, I found myself worrying about what was being left out. Working with real-time systems (naval guns), I've found deterministic behavior a good thing, particularly when doing safety analyses and testing. During this seminar, much was said about open systems, COTS, life-cycle affordability and rapid capability insertion, some of it in opposition to my experiences with real-time controls for weapon systems.
This is just an opinion article, not a "how-to." I did a small amount of research, and found that COTS and Safety, COTS obsolescence, and Software Of Unknown Pedigree (SOUP) have all been adequately addressed within the safety community by such knowledgeable sources as Warren Naylor, Clif Ericson and others. Methods have been proposed to manage these issues, and much good advice is available to anyone who thirsts for such knowledge.
What I'm still concerned about is the perception that is given by those who preach in favor of OA and COTS. They say "reduced test and evaluation expenses as a result of OA," when safety experts agree that using COTS requires more testing and different forms of evaluation in order to determine risk and ensure proper mitigation and system safety. Guidance from the Navy states, "Ensure life-cycle affordability including system design, development, delivery, and support while mitigating COTS obsolescence by exploiting Rapid Capability Insertion Process…." I almost don't know where to start with that one, particularly given that the systems we field and maintain stay in the field for decades. COTS obsolescence has made support a nightmare, and apparently, the cure according to this guidance is to increase the churn rate. In spite of the basic principle of OA that the standards guarantee commonality, those of us in in-service engineering find that re-design and re-development for obsolete components is necessary in order to just keep spares on the shelf, and at a much-increased lifecycle cost.
This is probably not news to most of the readers of JSS. So what's my point besides the opportunity to rant a bit? Open systems and OA are not just a military trend but an electronics industry movement, as well. All users of computers, communications and media, and data in electronic form are affected. Much of our public infrastructure depends on this technology, from air traffic control systems to emergency responder dispatch systems, traffic signal networks to hospital databases to power grid controls.
The public perception of OA being "easy" needs to be balanced with some realism about the costs and requirements needed to ensure safety. I know that the aviation industry is at the forefront of system safety, as are safety professionals in the nuclear power industry. I hope to hear from some of you who work in areas that impact public safety about how you are using system safety to address the issues of OA and COTS obsolescence. I plan to initiate discussions with local public safety professionals to see what they plan and have implemented with respect to these concerns. I hope you will, too.
The writer is president of the Winners Circle Chapter of the System Safety Society.
|
