Expert Perspectives: A Conversation with the Originator of UL 4600 on Safety, Security, and Autonomy in Automotive Development

Compliance & Regulation

Expert Perspectives: A Conversation with the Originator of UL 4600 on Safety, Security, and Autonomy in Automotive Development

By |

Expert Perspectives: A Conversation with the Originator of UL 4600 on Safety, Security, and Autonomy in Automotive Development

Welcome to our Expert Perspectives Series, where we showcase insights from leading experts in complex product, systems, and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future of their fields.

In this episode, Neil Stroud, Jama Software’s own General Manager of Automotive and Semiconductor, speaks with Philip Koopman, a leading expert in embedded systems and autonomous vehicle safety and originator of UL 4600.

Watch the full interview to learn more about:

Below is a preview of our interview. Click HERE to watch it in its entirety.

RELATED: Buyer’s Guide: Selecting a Requirements Management and Traceability Solution for Automotive

Kenzie Ingram: Welcome to our Expert Perspective series, where we showcase insights from leading experts in complex product systems and software development. Covering industries from medical devices to aerospace and defense, we feature thought leaders who are shaping the future of their fields. I’m Kenzie Ingram, your host, and today I’m excited to welcome Philip Koopman and Neil Stroud to our series.

Philip Koopman is a leading expert in embedded systems and autonomous vehicle safety, with a career spanning critical systems, embedded control networks, distributed embedded systems, and software safety. Neil Stroud is Jama Software’s own General Manager of Automotive and Semiconductor. He brings over 30 years of experience to the conversation, with the last 17 as an industry leader in the functional safety domain. Without further ado, I’d like to welcome Philip and Neil.

Neil Stroud: Hi everyone. I’m Neil Stroud, General Manager of our Automotive and Semiconductor business here at Jama Software. I’m honored today to be joined by Professor Philip Koopman. Phil, I’m going to hand over to you to do the introduction because you will do a way better job of it than I will.

Philip Koopman: Hi, I’m Phil Koopman and I’ve been doing self-driving car safety and embedded systems for a really long time. Self-driving car safety, like not quite 30 years, but we’re getting pretty close, and embedded systems for even longer. I’m a professor at Carnegie Mellon University, although I’m currently sort of finishing up that job. By the time this airs, I’ll be on my last sabbatical on my way to retirement from the university. That doesn’t mean I’m going to sit on the beach the rest of my life. It’s time for a personal pivot. And at Carnegie Mellon, I’ve been teaching embedded systems and doing a lot of work on automotive safety, software safety, but also a whole bunch of other different application domains. Just too many to list all over the place. So that’s kind of what I do for a living right now.

Stroud: Excellent. Thank you. And I’m really looking forward to this conversation. We’re going to go in many different directions and we’re going to talk about safety and autonomous vehicles and all kinds of things. Many folks will know you of course, as a very influential and critical voice around the world of autonomy and safety.

Koopman: I prefer not critical so much as advocating safety.

Stroud: Well, okay.

Koopman: If I’m critical, well, I’m just advocating safety. If people have a contrary view, you can decide what you think about that.

RELATED: Jama Connect® for Automotive

Stroud: Indeed, indeed. But before we get there, I’m interested to learn how you kind of got into all of this because if I think about it, I’ve been doing functional safety for 20 years, and I had no plans at all, it wasn’t even on my radar to get into this industry. I tripped and fell into it. It served me very well. So I’m interested to hear a little bit more about your story. How did you get here?

Koopman: To a degree, I tripped and fell into it too, but we have enough time, the longer story, it’s a really long story in details, but the longer story is back in high school I was in an organization called 4-H, which is for farm kids, and we had a farm, we had cows, but I lived in a city school district. So it’s sort of an interesting setup. And as part of it, for those from the US who are familiar with Boy Scouts, and I’m sure there’s a UK analog, there’s a thing called an Eagle Scout, which is sort of the pinnacle. Well, there’s a comparable thing in 4-H, a very parallel thing, although I point out 4-H is co-ed, and there’s some advantages to that, especially when you’re in high school and a teenager. But my thing thing was bicycle safety, it turned out.
And so I taught hundreds and hundreds of kids basic bicycle safety, which was sort of interesting. Now, I wasn’t planning on making a career of it. That’s just sort of part of how I fell into it. That was the angle that would get me to the end goal. So that was fine. That worked fine for me. Then I drove submarines for a living, and I wasn’t really the safety officer, but, well, actually I was the electrical safety officer, but that’s sort of like an incidental job. It’s more like if you’re going to sleep a couple dozen meters from a nuclear reactor every night, and there are other sources of nuclear radiation, which shall not be spoken of also around, you sort of take safety seriously. Oh yeah, and there’s this several-inch-thick steel hole, and if there’s a hole in it, all the water comes into the people tank, and that’s really bad for the people.

So safety’s kind of on your mind. It’s an extremely hazardous environment. And then I got the Navy, got a PhD, and eventually ended up at United Technologies, which has a bunch of embedded applications. Back then, they had not yet, right now, they sort of specialized, but back then they owned everything from elevators to car equipment to radars and sonars and jet engines and all sorts of stuff. And I did air conditioners and I did elevators. I touched a lot, everything, but I also did some automotive back then. Oh, yeah. Along the way, I was a chip designer of an automotive CPU, so I picked up some automotive experience there. And then I ended up at Carnegie Mellon University. So I was a chip designer. I did embedded applications at Carnegie Mellon and I was doing software robustness because DARPA gave us some funding for software robustness, which is kind of cool.

RELATED: The Impact of ISO 26262 on Automotive Development

Koopman: It’s not really safety, but it’s reliability, dependability. Then, Carnegie Mellon ran a car across the US for a couple of 3,000 miles, 98% hands off the wheel. Self-steering car. They just used regular cruise control, but it was on a highway, so that was fine. But it was doing optical flow. I think it was a very primitive neural network, but it wasn’t neural networks like we know them today. It was basically an optical flow algorithm following the lines. And if there were no lines, it would follow the scratches in the pavement or the oil drips or the tire wear or whatever. And it was remarkably good. And if it’s raining, the pavement wear puts lines into the rain. It just figured it out. 98%. That last 2% was mostly off-ramps that have better lines than the road because they’re not as worn. So it loved to take off-ramps. And when it went underneath an overpass in bright sunlight, the auto contrast adaptation freaked out, and it just said, “I don’t know what’s going on,” because the camera flaked out.

And that was mostly the 2%. Because it’s interstate highways, it’s just not a lot going on for a single car making a single trip. And ever since, they’ve been working on that last 2% still today. But after that, there was a bigger thing called the Automated Highway Systems. And there was a consortium not run by NHTSA, run by Federal Highways to automate the highways. And Carnegie Mellon put a couple of city buses on a highway with that kind of technology and some of their cars driving around again, 98% %-ish. And they’re like, maybe safety should be a thing. And they had some funding, and I needed some funding, so I became their safety guy because I knew something about reliability, dependability. And that was in the mid-nineties.

That’s how I got into self-driving car safety. It’s like right place, right time, right opportunity. Back in the NavLog crew. And now this is, we’re talking 10 years before any of the grand challenge stuff happened. This completely separate effort way before grand Challenge. And there are a few of us, like one or two or three. No, there are at least two. I know at least one of them, there may be a third, who were doing safety back then, and that was about it. Right? There are not a lot. And so I got into self-driving car safety then, and it’s come and gone. And I’ve done a ton of other embedded things, hundreds of design reviews not on cars, but safety always just keeps popping up. Doing a design review on a flow control valve for a chemical plant. It kind of matters, right? Things go boom if that messes up.
So I’ve touched a whole bunch of safety standards, but it’s turned out that once self-driving cars got hot, well, there I was back into self-driving car safety.

THIS HAS BEEN A PREVIEW OF OUR VIDEO AND TRANSCRIPT –
CLICK HERE TO WATCH THIS INTERVIEW IN ITS ENTIRETY:
Expert Perspectives: A Conversation with the Originator of UL 4600 on Safety, Security, and Autonomy in Automotive Development

Neil Stroud
Latest posts by Neil Stroud (see all)