In our CEO Update of Q4, 2023 we are exploring the tech megatrend of safety and security. Joining TTTech CEO and co-founder Georg Kopetz as a special guest is Alexander Damisch, Vice President Dependable Networks at TTTech. Alexander is an expert in IoT and industrial cybersecurity and has co-founded a cybersecurity company. He brings decades of deep-dive system knowledge to TTTech to develop truly dependable networks.
Georg, TTTech’s vision is “Advancing safe technologies, improving human lives.” The company’s initial goal was to make safety-critical systems like those found in cars or planes as safe as possible. 25 years later, machines, vehicles, and infrastructure are becoming increasingly connected and automated. Does this change the meaning and perception of safety?
Georg: What we have seen for the last couple of years is that increasingly powerful computer systems get embedded into more and more machines. Systems are also becoming increasingly capable of perceiving what goes on around the machine, which is making them much more automated and even autonomous. In this context, safety becomes much more important. The definition of safety hasn’t changed, it’s still about preventing accidents and preventing harm to humans. But the context in which these systems are used increases the importance of safety – and also the importance of security.
What’s the difference between safety and security?
Alexander: In very simple terms, in industry safety means we are protecting people from the machine. Security means we want to protect the machine from the people. If you cannot protect the machine, you cannot protect the people. A simple example that I once heard at TÜV was the idea of a safety match. You cannot ignite it on any surface other than the one provided on the matchbox but say a toddler got hold of the match and swallowed it. They could still be harmed because they haven’t been trained to use matches yet. The concept of intended use is extremely important. For a system to be safe it has to be used as intended. If you think about malicious intent, the idea is to bypass or even exploit what makes the system safe to create an unsafe situation. That’s where security comes in, but the ultimate goal is still to protect the people.
So, safety and security are connected?
Georg: The two concepts are like twins. Every safety system connected to other systems should also be secure to prevent hacks. They are like two sides of the same coin, you can have security systems without safety implications because not all IT systems need to be equally as safe, but security is essential for every safety system.
Alexander: I really like your image of safety and security being two sides of a coin. Eventually, we want to build systems that behave as intended under every condition.
How is cybersecurity changing in an increasingly digital age?
Alexander: There was a wake-up call about 13 years ago with the famous Stuxnet hack. Somebody broke into a completely isolated uranium infrastructure in Iran and basically compromised the country’s nuclear program via a simple user interface that was not safety-critical. What separates the past from the present is that systems with different criticality levels have been connected, and this development is here to stay. This is a challenge we need to resolve for our customers because there is clearly a business problem they have to solve and it’s all linked to the trend of connectivity that will even accelerate in the future.
Georg: Absolutely, you could say that the most secure systems are systems not connected to the Internet. But our customers also want to reap the benefits of regular upgrades, and the Internet with cloud services, big data, and AI. The challenge is to balance that with the safety and security requirements. So, our approach is that we build ultra-dependable networks that are both safe and secure and, in a way, help the customer resolve these problems with pre-certified platforms.
How do you create such dependable networks?
Alexander: A system that’s completely disconnected doesn’t exist anymore. Today, you have to face the fact that you are always in a contested environment, meaning the hacker is already in the network. We can learn a lot from industries in which TTTech has had a footing for a long time, like aviation. They have something called “mixed criticality” and time and space partitioning. That means that you have applications of different criticalities. For example, the passenger display and the application controlling the turbine will have different criticalities. However, they can run on the same network, separated by time and space, so a safety-critical application cannot be delayed or intercepted by a non-critical application. The same principle has now made its way into the consumer industry, for example, the iPhone.
What we do now is that we provide the same isolation and properties to the network and connect them to the applications in a way that makes sure all of them have the same properties. This enables the applications to run as they were intended to, even in a very connected and very converged environment. Basically, you consider security on the design level and build the system top-down.
Georg: Another thing that the aerospace industry pioneered is the concept of fail-operational systems. Systems that keep running even if individual components fail. We now see more and more fail-operational systems in other industries, like energy, for example. Our energy supply is so vital that it has to be protected by all means and I believe that fail-operational systems will become even more pervasive in the future to prevent large-scale blackouts.
Subscribe to our newsletterand receive CEO updates directly to your inbox
You are talking about transferring safety concepts from one industry to another. How complex is this process?
Alexander: If you look at it from a higher level, the aspects are completely the same, be it in aerospace, energy, railway, or industrial IoT. You want to make sure that things behave as intended under any condition. But there are differences you need to understand. First, there are certification standards, which are a huge advantage when you go to market. And there are things you need to understand to build systems that conform to these standards. On the network level, there are tiny differences you need to consider, but we are working on unified design principles that can be applied to any system in any industry.
Georg: On the chip level, there is also strong interest in using the same chips across various industries. All our different market verticals use similar semiconductors with some minor exceptions, like space. This is a great opportunity because you start with a safety architecture that is built on those basic components. When we started looking into cross-industry fertilization at TTTech, we discovered that certain types of microchips could play a role in multiple industries, despite separate certification requirements.
Artificial intelligence is here to stay. What do we know about safety and industrial AI? How safe are AI systems really?
Georg: In my opinion, there are two issues we must consider when we talk about industrial AI: Firstly, how to make sure that a safety architecture is in place that ensures that if the AI system fails, the system as a whole still behaves in a safe way. When it comes to building safety architectures for AI, TTTech is very strong today and we can provide good solutions to our customers, because we know how to build safe systems and how to embed AI algorithms into those systems. In a way, we are boxing AI and containing it to make sure it sticks to its intended use case. This is important in many industries, like automotive or off-highway, but also in many industrial use cases.
The second question is a much bigger one, namely, are AI systems safe, and where to place the boundaries in safety and AI? Can AI algorithms become unsafe because the AI is learning the wrong things and then making the application behave in an unintended way? And I think this subject requires a lot more research. The more we use AI algorithms that leave the intended use cases and contained systems we have today, the more important it is that we understand their limits in terms of safety and security. I think safety and AI will be one of the most urgent topics to explore in the coming years and we try to be at the forefront of this trend.
Alexander: There is a lot of research going into not just perception but into evaluating and verifying the data that comes out of it. Using mathematics to assess if the output is still valid. And I believe this is really where we can spearhead the industry.
Many thanks to both of you for this fascinating discussion! There is surely a lot to talk about here and we look forward to revisiting the topic in one of our future CEO updates.
