Tech Papers
Is Robot Safety Too Often an Afterthought?
POSTED 10/31/2024 | By: Winston Leung, Senior Product Marketing Manager
Dull. Dangerous. Dirty – this is the triple threat of robots. Whether it be on the hustling factory floor, on the side of a high-rise building, or in the sewage system of city streets, robots are a blessing in a metal-encased disguise. They bring forth a wave of opportunities that elevate our society in unprecedented ways and take us into a world where the opening scenes of the movie “I, Robot” look like reality. Imagine having a humanoid-like “Sonny” as your personal assistant. Everything we do, how we work, how we interact with the world, and what we create, all changes with the touch of a finger or vocalization of words.
It’s a utopia in the making where humans can rely on robots to do everything – lights out automation, no human intervention. However, the truth is quite far from that reality, and we’re still a little way from the likes of Arnold’s “T-5000” nemeses roaming in our midst.
Industrial automation is where innovation truly comes to life, transforming robot fiction into reality. Every day, robots are relied upon to deliver consistent productivity and quality. Without these machines, many of us would likely suffer from back pain and arthritis trying to meet society's increasing demands. However, robots are not without their challenges. Software glitches, mechanical failures, overheating, and power surges can all impact their performance in factory automation. Even minor inconsistencies in operating conditions can lead to malfunction. Moreover, these disruptions pose significant safety risks, potentially causing serious injuries or even fatalities to nearby workers.
Industry 4.0 Goals vs. Reality
In Industry 4.0, full automation was the goal. Human workers would be replaced by robots and the need for human intervention would be limited. It was an ideology where humans were seen as inefficient, and automation was to replace what people could do.
In reality, we created environments where humans and robots coexist in separate workspaces and seldomly interact with one another, but when they do, robots are reduced to minimal operational speeds or completely powered down - not an ideal situation when demand for higher production throughput is the goal.
Looking Ahead to Industry 5.0
Fast-forward to today, robots with collaborative applications, to be formerly known as cobots, have brought a new meaning to automation. The evolution to Industry 5.0 is now in progress, and the movement towards humans and robots collaborating in a shared workspace is becoming the norm.
It’s a vision that sees the benefits of humans in automation leveraging the strengths of our existence – our flexibility, our senses, and our intelligence. But how much trust can we put into robots if we’re no longer operating in completely separate, safeguarded working environments? And are we able to maintain a collaborative automation environment when serious injuries and fatalities from robot accidents continue to exist?
Lessons from Real-life Industry
Crushing injuries are some of the most catastrophic injuries in the workplace. In late 2023, a South Korean worker was crushed by a robot while conducting an inspection at a vegetable packing facility. It was a horrific accident where the robot grabbed and pressed him against a conveyor belt. However, situations like this are rare in a coexistent work environment, but the same cannot be said for serious injuries. Look no further than in North America; in a recent finding it was discovered that a worker in the U.S., who was programming two inactive robots, was pinned and pierced by an active robot in his proximity in a battery manufacturing facility in 2021. Although uncommon, these accidents do occur time and time again.
In this zero-sum game, the robotic industry is stuck between a rock and a hard place. Any fatalities or serious injuries are perceived negatively and inhibit the growth of the industry. Even though, statistically, robots help improve overall workplace safety, it’s a different challenge altogether when automation moves from coexistence to collaboration. In a collaborative environment, the risks increase with the frequency of interactions, which is why the update to the ISO 10218 standard is not only timely but necessary.
Updates to ISO 10218-1 and ISO 10218-2
The upcoming ISO changes bring forth a range of new requirements designed to enhance the safety and efficiency of robotic systems. It identifies a wide range of mandatory and optional functional safety requirements and involves enabling robot systems to perform their intended functions without causing unacceptable risk of harm. In industrial robotics, this means preventing accidents and enabling smooth, reliable operations:
-
Enhancing Uptime: By reducing the likelihood of failures, companies can ensure continuous production.
-
Increasing Throughput: Safe operations mean fewer interruptions, leading to higher productivity.
-
Protecting Workers: Implementing safety measures protects human operators from potential hazards.
The updates to ISO 10218 are to enhance the safety framework for industrial robots. These upcoming changes alter the landscape of how industrial robots operate and follow a similar pattern as to our transition from coexistent (Industry 4.0) to collaborative (Industry 5.0) working environments. At a high level, key revisions from the international standard include:
-
Improved Risk Assessments: Enhancements to risk assessment procedures will help identify and mitigate potential hazards more effectively.
-
Stricter Safety Function Verification: New guidelines will require that safety functions are rigorously tested and validated.
-
Enhanced Human-Robot Collaboration: Updated requirements will facilitate safer interactions between humans and robots.
-
Incorporation of Cybersecurity Measures: Integrating cybersecurity protocols will protect robotic systems from digital threats.
These updates are significant, to say the least. From a software perspective, it changes how the industry views safety. Existing safeguards such as protective and emergency stop will continue to exist but will only be one part of a plethora of other requirements – many of which will impact how software is developed, designed, and documented.
Don't Miss These Industry-Leading Events!
Simplifying Robot Safety, from the Start
For functional safety in industrial robots, ISO 10218 serves as a product-specific standard of the broader IEC 61508 standard in which safety-related applications may require compliance up to SIL 3.
This process involves looking at validation at the design level to show that in logical simulations the system does not create a hazard – higher SIL levels require formal design validation. Safety, like security, is not a tool or mechanism you can add after you’ve designed your robot applications. The principal safety activities are embedded in every phase of the software development life cycle and a well-defined safety process ensures that the organization keeps safety in mind at every step.
Leveraging commercial off-the-shelf (COTS) software that is already certified for safety by an external auditing firm can simplify the process of safety certification. For example, using a real-time operating system (RTOS) such as QNX® OS for Safety that is pre-certified to IEC 61508 SIL 3.
The certification demonstrates the product has passed an audit and is assessed to be compliant with the safety standard, providing a high level of confidence that the product is suitable for use in safety-critical robot systems. As we move towards more complex systems in a collaborative working environment, the need for reliability, safety, and security is the foundation for establishing the trust needed for robotic systems. This starts with a microkernel-based architecture.
Five Reasons Why a Microkernel-based OS Is Essential for Industrial Robot Systems
1. Enhanced Predictability and Reliability
A safety-certified microkernel architecture ensures that robotic systems operate with high predictability and reliability. Unlike monolithic kernels, where all processes run in a single address space, a microkernel separates critical system components, running them in isolated memory spaces. This design reduces the risk of system-wide failures, ensuring that safety-critical functions are performed predictably and reliably. For industrial robots, this means more consistent performance and safer operations, meeting the stringent demands of ISO 10218.
2. Improved Fault Tolerance
The microkernel architecture is inherently fault-tolerant. By isolating various system components, it ensures that a failure in one component does not affect the entire system. This isolation is crucial for maintaining operational safety, especially in environments where robots interact closely with human workers. The upcoming ISO 10218 revisions emphasize the need for robust safety function verification and human-robot collaboration, both of which benefit significantly from the fault-tolerant nature of microkernels.
3. Enhanced Security Measures
With the increasing integration of robotics in industrial settings, cybersecurity has become a critical concern. The revisions to the ISO 10218 standards incorporate cybersecurity to protect robotic systems from digital threats. A microkernel architecture offers superior security by minimizing the attack surface. By isolating system services and drivers, it prevents unauthorized access and potential breaches, helping to ensure both operational safety and security.
4. Scalable and Modular Design
The modular nature of a microkernel architecture allows for greater scalability and flexibility. As industrial robots become more advanced and their applications more diverse, the ability to scale and adapt the operating system becomes increasingly important. A microkernel can easily accommodate additional safety features and updates without disrupting the entire system. This modularity is particularly beneficial in meeting the evolving safety function verification and human-robot interaction requirements specified in the updates to the ISO 10218 standards.
5. Simplified Development Tools
Certifying a robotic system to comply with ISO 10218 can be a complex and time-consuming process especially those already running on a non-certified operating system. However, porting to a pre-certified OS that happens to be POSIX compliant could help simplify the process to allow for the use of Linux-like development tools and easier migration of existing applications on a safety-certified platform. This compliance helps developers meet the new safety requirements of ISO 10218 more efficiently, reducing both development time and costs.
Advanced Safety in Industrial Robotics
The pending updates to ISO 10218 highlight the need for more advanced safety measures in industrial robotics.
A safety-certified microkernel architecture offers a robust solution, providing predictability, fault tolerance, simplified certification, security, and scalability. Adopting this architecture not only helps comply with the changing standards but also drives innovation and efficiency in robotic systems with a strong foundation. As we move towards a future where robots play an increasingly integral role in industrial operations, ensuring safety through advanced architectural choices becomes paramount.
Look no further than 700 years into the future, where this emphasis on safety and reliability is portrayed by our best friend, "WALL-E", the operational garbage-compacting robot, who is left to clean the earth. Every day, it operates without failure and fulfills its objectives – pick up, compact, and stack garbage and maintain itself to repeat all over again.
As the only robot left roaming the earth, it was probably built using a safety-certified microkernel hard real-time operating system like the QNX OS for Safety. Although fictional, this illustration underscores the critical importance of robust, safety-oriented architectures in ensuring the seamless operation and longevity of robotic systems, echoing the advancements and standards we prioritize today.
Related Reading