A matter of risk

While Industry 4.0 (I4.0) introduces new opportunities for increased productivity and radical innovation, the implementation of new technologies must also maintain the overall trustworthiness of production lines.

While I4.0 sees reduced risk in several areas, the range and flexibility of connected interfaces introduce a new set of risk issues. As production facilities become more complex, operators must manage a rapidly evolving system that incorporates multiple interdependencies, while minimizing downtime. It is therefore vital to consider the shifting landscape of risk, which is why I4.0 requires a new risk management approach that is customized to each individual actual use case.

As the increased flexibility created by I4.0 systems introduces new complexities and challenges, there is a shift from static risk assessment to one of dynamic risk. Analyzing and assessing the underlying physical and cyber risks to humans, property, and the environment is therefore a challenging task. Tackling safety issues by using a conventional static risk assessment approach would require time-consuming reiterations for every changing condition, which could potentially result in operational downtime.

Machinery safety standards define a set of general physical hazards that are used during type certification. However, current standards, such as ISO 12100 – Safety of machinery – General principles for design – Risk assessment and risk reduction, have not been designed around the concept of machine connectivity and interoperability. While hazards depend on the intended use and other limits of the machine in the physical world, conventional safety concepts do not consider the sources and effects of cyber threats that could create new hazards. Another limit related to hazards is that safety measures are designed to protect only human health using a ‘worst-case’ approach.

Given the connective complexity of interacting assets, applying worst-case assumptions can have an extremely negative impact on productivity and efficiency – preventing manufacturers from reaping the benefits.

In practice, when a machine operates in an application-specific context, its limits and applicable hazardous situations may differ significantly from those considered under worst-case and stand-alone scenarios. Additional hazardous situations may also arise from machine-to-machine interaction. They can be related to human health, property and environment, as well as to undesired operational downtime or bottlenecks.

To give an example, an automated guided vehicle (AGV) navigating towards a machine in an operating area with a human presence represents a ‘collision risk’. This risk may be mitigated by using three safety measures incorporated in AGV design (according to ISO 3691- 4 – Industrial trucks – Safety requirements and verification – Part 4: Driverless industrial trucks and their systems):
1. Personnel detection system
2. Speed control system
3. Braking system control

In current practice, speed limitations due to a human presence are therefore applied even if there are no humans in the actual AGV operating area.

Likewise, in a confined area, with no human presence allowed, an AGV making its final approach to a machine for docking may pose a collision risk between two industrial assets. This unsafe docking event risk may be mitigated by using two safety measures incorporated in AGV design:
1. Speed control system
2. Parking braking system control

Although there is no risk for humans in a confined area, the measures are necessary to protect industrial assets from expensive damage. The use of a context-sensitive safety approach could achieve the goal of property protection combined with higher system efficiency.

These scenarios demonstrate the need for adaptive production systems capable of monitoring and recognizing hazardous situations during runtime, to ensure that residual risks are handled within current practices. To meet the new needs of I4.0, a new event-triggered, dynamic risk assessment and automated validation of safety measures approach is therefore required. This would assist system designers and operators to navigate complex risk landscapes, in both virtual simulations and real-world applications. This requires a continuous and holistic risk assessment to ensure stable operations, increased productivity and reduce downtime in a smart manufacturing environment, which necessitates a digital representation of the physical manufacturing system, using digital twins and asset administration shells.

When faced with the challenge of navigating a complex new risk landscape, effective safety and security are key challenges as this can build trust with asset owners and operators. However, it is becoming increasingly impossible to apply existing risk assessment criteria to a dynamic I4.0 operating environment that is characterized by multiple interactions and data flows.

In today’s I4.0 domain, digital twins operate in parallel to the real-world factory, where thousands of sensors constantly collect and process data, either locally or on a larger scale. It is therefore vital that the digital twins have customized safety and security profiles. A safety profile should be modelled to describe asset safety from a general and an application-specific perspective. These profiles should then be processed by an inference engine against actual application constraints to define limits and risk-mitigation capabilities in a real-world application, thereby providing automated risk evaluations at runtime.

Paul Taylor
Paul Taylor is Business Development Director for Industrial Services at TÜV SÜD, one of the world’s leading experts in product testing and certification, with 150,000 product certificates in circulation globally. Its Product Service division analyses over 20,000 products each year in Europe, Asia-Pacific and the Americas, using its technical expertise to help customers optimize market access.

TÜV SÜD’s Machinery Safety Division is the UK market leader in machinery safety, providing a range of services on a world-wide basis, and TÜV SÜD BABT is the world’s leading radio and telecommunications certification body with EU based Notified Bodies and UK Conformity Assessment Body status.