Table 2.
Manifestations of risk management strategies in different disciplines.
|
Historically Grown
Technologies |
|
|||||||
| Disciplines → Design methods ↓ | Construction engineering | GS hits | Chemical engineering | GS hits | Aerospace engineering | GS hits | Urban engineering | GS hits |
|
A
Probabilistic risk-based design |
Target failure probabilities are specified, depending on the failure consequences of the structures. | 2510 | Process safety design: Identify failure scenarios and estimate consequences; redesign until risks are below a target level (of 10−6/year/individual). | 361 | Acceptable level of risk calculations based on components. | 1820 | Related to the probabilistic design of infrastructure within the urban environment. | 219 |
|
B
Safety factor-based design |
Multiplication factors are used on characteristic/ representative values of load and resistance variables. | 15,100 | Anticipate higher loads and weaker resistance by incorporating safety factors in the design. | 4820 | Example: Determining maximum load for strength of wings and other structures. | 12,700 | As above. | 2570 |
|
C
Fail-safe design/ fail-secure design |
Failure of one construction element does not lead to complete collapse. | 2070 | Replace materials with less-hazardous options (e.g., clean with water and detergent rather than a flammable solvent). | 1960 | Example: Statically stable design of aircraft, which means failure of automatic flight control system does not lead to an uncontrollable aircraft. | 17,600 | Related to resilience of the urbanized area. | 1280 |
|
D
Active safe design |
Actively monitor the construction site to prevent accidents and fatalities. | 374 | Use of sensor and control technology to stabilize pressure and temperature levels. | 357 | Example: Traffic collision avoidance system warns of traffic and advises pilots. | 2360 | Focused on active safe design of road infrastructure in the urban environment. | 672 |
|
E
Passive safe design |
Use passive safe columns to absorb the energy of a collision. | 333 | Gravity taking leaks to safe places; use bunds; avoid knock-on effects. | 730 | Example: Crash structures and seat design. | 1750 | Focused on passive safe design of hazardous industries inside urbanized areas. | 222 |
|
F
Security-proof/ vandalism-proof design |
Use gates, fences, or surveillance cameras. | 8 | Use gates, fences, or surveillance cameras. | 23 | None: Aircraft operate in secure areas and people inside aircraft generally do not want to put themselves in danger. | 177 | Crime prevention by improving natural surveillance in the urban environment. | 8800 |
|
G
Idiot-proof/fool-proof design |
Careful supervision of design and execution phases of the construction project. | 432 | Make incorrect assembly impossible; ease of control. | 264 | MINIMAL: Airbus aircraft have built in protection against aircraft upset due to incorrect pilot inputs. Highly skilled end-users (pilots) are expected. | 4280 | None. | 0 |
|
H
Fault-tolerant design |
Space between construction elements to accommodate fluctuations in geometrical dimensions. | 1520 | Equipment and processes designed to withstand possible faults or deviations from design. | 2870 | All crucial systems are redundant, sometimes triply or quadruply. A single fault should never lead to a crash. | 20,400 | Related to infrastructural design of the built environment. | 2220 |
|
I
Circular design |
Modular construction strategies (“Lego-type” structures). | 125 | Redefine performance to include entire product life cycle; “Nexus” solutions that synergistically solve several sustainability issues. | 115 | MINIMAL: Aircraft are mainly designed for their operational phase. After the operational phase, aircraft are stored or scrapped. | 417 | Green cities. | 107 |
| Disciplines → Design methods ↓ | Software engineering | GS hits | Bio-engineering | GS hits | Nano-engineering | GS hits | Cyber space | GS hits |
|
A
Probabilistic risk-based design |
Use probabilistic programming or probablistic verification to take uncertainties into account; (For this column we take the software developer’s perspective not the user of the software). | 514 | Escape frequencies as a measure. | 232 | For example, the spread of various areas and species in the environment. | 97 | Explicit modelling of threat actors and their behavior may provide guidance regarding risk level and associated controls. | 98 |
|
B
Safety factor-based design |
Make software forewards compatible by anticipating on future functional and safety requirements. | 3280 | Found in rationales of SbD but implementation limited. | 5840 | Limiting release may be combined with limiting toxicity. | 846 | Security measures such as cryptographic key lengths should consider future developments (e.g., increased computing power). | 390 |
|
C
Fail-safe design/fail-secure design |
Use software verification or static analysis tools to ensure that certain properties hold by construction. | 12,500 | Closest to the technical application of Safe-by-Design (e.g., kill switches). | 6350 | Naomaterials used to make fail-safe (construction) materials; rarely used to make nanomaterials themselves safe. | 445 | Intrusion prevention systems aimed at reducing damage from a detected cyberattack. | 2690 |
|
D
Active safe design |
Programmer manually writes tests or uses program analysis tools to ensure software quality. | 2040 | Closest to the technical application of Safe-by-Design (e.g. biosensors). | 547 | Mostly, nanomaterials used in components for active safety; rarely used to make nanomaterials themselves safe. | 77 | Network monitoring may indicate attacker activity and enable operator responses. | 767 |
|
E
Passive safe design |
Testing or program analysis tools are integrated in the software development pipeline through continuous integration. | 1180 | Closest to the technical application of SbD (e.g. auxotrophy). | 548 | Mostly, nanomaterials used in components for passive safety; rarely used to make nanomaterials themselves safe. | 124 | Decentralized architectures limit the amount of data accessible through a single system. | 253 |
|
F
Security-proof / vandalism-proof design |
Explicitly validate inputs to provide robust response to all possible inputs, for example, to prevent injection attacks. | 1430 | None. | 3 | None. | 0 | Backups and quick restore procedures make cyber attacks and vandalism less attractive. | 317,000 |
|
G
Idiot-proof / fool-proof design |
Testing or program analysis tools are integrated in the software development pipeline through continuous integration. | 3870 | Can be understood as biosecurity, not presently covered. | 3130 | Typically refers to synthesis and applications and not so much to safety. | 219 | Privacy-friendly or security-friendly defaults (e.g., multi-factor authentication) may protect users against attacker manipulation (e.g., phishing e-mails). | 2610 |
|
H
Fault-tolerant design |
Explicitly validate inputs to provide robust response to all possible inputs, for example, overflows and illegal memory access. | 17,500 | None. Not in the rationales of SbD. |
4190 | No relation to toxicity. | 0 | Network segmentation limits possibilities for attackers to compromise the whole system. | 12,000 |
|
I
Circular design |
Reuse of software through libraries, thereby inheriting safety guarantees of the libraries. | 303 | None. Is found in bioengineering but not discussed in the context of safety. |
371 | Possible tension between Safe-by-Design and circular design (see text). | 81 | Adequate identification of and response to software vulnerabilities, via software updates, is crucial. | 78 |
Note: GS = Google Scholar.