Safe-by-Design in Engineering: An Overview and Comparative Analysis of Engineering Disciplines
2. Basic Concepts
3. Research Approach
Brief introduction to the disciplinary domain, hazards, social challenge(s), and relevant developments in the field.
What is the “system” that the discipline’s design practice focuses on? What are the technological and/or social components? Which risk management strategies and associated methods or tools are used? Are there (codified) design principles promoting safety or safety awareness and, if so, what are they? What considerations or dilemmas do designers in the discipline face?
What does the future of the discipline and/or the system affected by its research look like? Where are the opportunities and bottlenecks in addressing safety?
4. Disciplinary Perspectives
4.1. Construction Engineering
4.1.1. Context: Human Factors in Distributed Settings
4.1.2. Focus: Structural and Organizational Measures
- Macro level: external factors such as legislation, climate, politics, and culture;
- Meso level: business and project factors such as safety culture and working; conditions
- Micro level: human factors such as competence, stress resistance, knowledge, and attitude.
- Keep the construction project and process simple;
- Provide sufficient resources and suitable people to fit the complexity of the project;
- Create a complete list of tasks and responsibilities and check and act on each;
- Provide a competent chief constructor with a certain level of accountability and responsibility;
- Pursue repetitive forms of collaboration;
- Develop safety awareness;
- Ensure effective exchange of information and knowledge;
- Implement effective risk management of the process;
- Support (inter)national initiatives in the field of structural safety and include them contractually where possible.
4.1.3. Outlook: Digitalization and Automation
4.2. Chemical Engineering
4.2.1. Context: Large-Scale Industry Response to Accidents and Pollution
4.2.2. Focus: Consolidated Principles for Safe and Green Chemistry
- Minimize: Reducing the amount of hazardous material present at any one time (e.g., by using smaller batches);
- Substitute: Replacing one material with a less hazardous one (e.g., cleaning with water and detergent rather than a flammable solvent);
- Moderate: Reducing the strength of an effect (e.g., having a cold liquid instead of a gas at high pressure or using material in a dilute rather than concentrated form);
- Simplify: Eliminating problems by design rather than by adding equipment or features to deal with them. Fitting options and using complex procedures only if they are really necessary;
- Improve fault tolerance: Designing equipment and processes to be capable of withstanding possible faults or deviations from design.
- Limit effects: Adjusting design, location, or transportation of equipment so that the worst possible condition produces less danger (e.g., having gravity take leaks to safe places; using bunds; avoiding knock-on effects);
- Make fool proof: Making incorrect assembly impossible; ease of control.
- Less hazardous chemical syntheses implies a radical rethinking in the design of chemical synthesis routes. New catalytic routes reducing the number of synthesis steps are one major pillar here. Other changes include replacing problematic (reactive or environmentally questionable) solvents and reagents with safer options and using catalysis to lower reaction temperatures and thereby reduce explosion risks. New concepts such as cascade reactions (reducing the number of individual synthesis steps including downstream processing) or reactor concepts such as flow chemistry are also gaining interest.
- Designing safer chemicals aimed at higher-quality products (i.e., lower amounts or absence of unidentified and potentially toxic by-products). Catalysis, in particular, is a key element in achieving this goal. Furthermore, using selective catalysts (especially biocatalysts) improves the selectivity of the reaction, thus yielding fewer or no undesired side-products. This abolishes or drastically reduces the need for derivatization steps and the need to remove auxiliaries from the final product.
- Production of products has to be sustainable to “satisfy today’s needs without compromising the resources of the following generations” .
- New energy-saving syntheses will conserve fossil resources; the same is true for using non-noble metal catalysts and auxiliaries (e.g., avoiding non-renewable phosphates or helium).
- There is also an ongoing trend towards a more holistic definition of product performance. While, traditionally, this term has been applied to the designed use of a given product, it is now being extended to earlier and later phases of the product’s life. For example, new feedstocks are being explored to substitute fossil-based polymers with renewable alternatives. Equally important are the current efforts to design polymers with built-in predetermined breaking points to facilitate their recycling and their natural degradation if exposed to the environment (avoiding massive accumulation of wastes in the oceans, for example).
- Process designers aim to maximize throughput rate, process yield, and product purity, while simultaneously limiting capital, operation, and maintenance costs; space required; safety concerns; environmental impacts; and emissions and waste production. They also have to consider the minimum levels of reliability, redundancy, flexibility, and anticipated variability in feedstock and product. Several hazard indices have been developed as tools for chemical process loss prevention and risk management. Each provides a dimensionless index value that is defined relatively and may be combined with a decision analysis tool for setting priorities.
4.2.3. Outlook: From Safety and Sustainability to Non-Toxic and Circular Economy
- Based on non-depleting resources: that is, transitioning from fossil-based chemicals to renewable feedstock. Moreover, anthropogenic CO2 will be used as feedstock.
- Non-toxic: necessitating more predictive models for structure-activity relationships.
- Non-persistent: built-in (bio)degradability of products that are ultimately distributed into the environment (e.g., consumer products such as cosmetics and active pharmaceutical ingredients).
4.3. Aerospace Engineering
4.3.1. Context: Integrated Sector and Safety Culture
4.3.2. Focus: Flight Control Systems as Part of a Layered Safety Approach
4.3.3. Outlook: Safe Automation
4.4. Urban Environment
4.4.1. Context: Crime Prevention as a Distinct Aspect in Urban Design
4.4.2. Focus: Inhibiting Crime
- Natural Surveillance: People are less likely to be violent or take part in illegal activities if they know they can be seen. This can be achieved by keeping areas well lit, increasing presence in high traffic areas, and eliminating hiding places.
- Territorial reinforcement and access control: This can be achieved by clearly defining the boundaries between public and private areas with fencing, landscaping, and signs. Well-marked areas direct the flow of traffic and discourage non-local traffic from passing on private grounds.
- Maintenance: This refers to keeping buildings properly maintained by quickly removing graffiti and trash, fixing broken windows, keeping school hallways clear, and cleaning landscaping. The idea is that “signs of disorder” attract disorderly behaviour that may turn into violent acts.
4.4.3. Outlook: Limits to Security?
4.5. Software Engineering
4.5.1. Context: Safety as Performance Requirement
- The software is free of anomalies that may cause it to stop functioning or to have erroneous behaviour (e.g., race conditions, dead locks, or buffer overflows).
- The software functions according to a specification of its behaviour (i.e., given input satisfying P, the software’s output satisfies Q).
- The software satisfies certain performance requirements such as worst-case execution time (WCET) or memory usage requirements.
- The software has security properties such as integrity, confidentiality, or availability.
4.5.2. Focus: Trade-Offs and Choices in Safety Approaches
- Dynamic analysis and testing: In this approach, software is run on a real platform (testing) or an instrumented platform (dynamic analysis) with a representative set of inputs to confirm if it satisfies the desired properties. This approach can be used at the level of individual software modules (unit testing), against interfaces between modules (integration testing), at the level of the whole software (system testing), or at the level of the interaction between the software and the physical system (acceptance testing). Since only a finite number of inputs can be tested, testing or dynamic analysis can never guarantee the absence of software errors. It is therefore crucial to write representative tests that lead to good coverage of the different modules of the software.
- Static analysis and formal verification: This approach aims to establish properties at the level of the source code without actually running the software. Contrary to testing, static analysis or formal verification can ensure that properties hold for any input. However, this comes with a trade-off. This approach can typically establish either fairly weak properties, such as the absence of anomalies (through static analysis methods such as abstract interpretation or type systems) in a fully automatic manner; or strong properties such as correct input/output behaviour (through formal verification methods such as model checking, deductive verification, or theorem proving) with significant human guidance.
- Design patterns and coding conventions: This approach aims to write software in a structured method by using reusable patterns for common problems (design patterns) and by following certain conventions for organization (coding conventions). This approach typically goes hand in hand with testing in early phases of development (test-driven development) and with using static analyses to enforce that certain patterns are being consistently used (e.g., through linter tools).
4.5.3. Outlook: Software Solutions for Software Safety
4.6.1. Context: Heavily Regulated Platform Technology
4.6.2. Focus: Safe-by-Design Principles
- Toxicity and pathogenicity to humans, other animals, and plants;
- Persistence and invasiveness in ecosystems;
- Horizontal gene transfer and gene pool contamination in populations.
- Choosing the right organism: to minimize toxicity, pathogenicity, and potential invasiveness, provided the designer takes context into account;
- Designing physical barriers: to create barriers at different scales;
- Self-destruct mechanisms: to trigger events leading to cell death if certain external conditions change (e.g., kill-switches);
- Dependency: to require certain elements or food to survive (e.g., auxotrophy);
- Design distance between the natural and the synthetic: to minimize exchange of genes between organisms (e.g., orthogonality, xenobiology, and recoding the genome);
- Sculpting evolution: to influence the genetic make-up of a population (e.g., daisy drives);
- Control with external stimuli: to activate or deactivate cells by using external stimuli (e.g., light);
- Warning mechanisms: to require human intervention, with the aid of sensors in the microorganism (e.g., visible change in colour to signal changing conditions that can affect safety).
4.6.3. Outlook: Broadening the Scope from Control to Choice
4.7.1. Context: Emerging Technology, Emerging Risks
4.7.2. Focus: Design Options
- Material choice is crucial. Certain ceramics, such as silica and alumina, are largely inert and therefore much safer to use than several metals. However, this is not a guarantee: the very small size and/or specific shape can lead to the reactivity of materials that are inert at the macroscale. For example, aluminum at larger scales is inert, but aluminum nanoparticles can serve as rocket fuel . Carbon is normally safe for human health, but carbon nanotubes pose severe health risks [58,59].
- Morphology covers several important properties, including size and shape. Although all particles smaller than 100 nm are considered nanoparticles, many of the special functionalities only start when the particles are much (~10 times) smaller. Several researchers suggest that particles < 30 nm are much more toxic to the body than particles in the 30–100 nm range [60,61]; others indicate that the dependence is not that straightforward . Another important question is whether one uses nanoparticles, nanotubes, or nanosheets. For carbon, it seems that nanotubes are the most toxic, but the use of graphene (nanosheets) is also not without risk [58,59].
- Clustering of a large number of nano-objects into an aggregate or agglomerate is another important aspect. For example, many commercial nanopowders are produced via flame synthesis , while their primary particles are typically 10–30 nm, they sinter during production forming very strong aggregates, typically of several 100s of nm. Due to fact that the particles have formed “necks” between each other, it is nearly impossible that they will detach during their lifetime.
- Coating or encapsulation is an attractive manner to shield off a potential harmful particle from its environment (e.g., the human body). Scalable approaches to produce precisely coated nanoparticles are available . An example is the coating of TiO2 nanoparticles in sunscreen, which maintains the positive property of TiO2 (protection against the sun) while averting its drawback (reactive to the skin) .
- Minimizing quantity is the last aspect. Due to the fact that nanoparticles are typically very active, using a tiny amount is often sufficient. Morose  gives an example from the lighting industry, which has significantly reduced the amount of toxic mercury used in fluorescent lights over the years.
4.7.3. Outlook: Organizing Safety Knowledge Base
4.8.1. Context: Security as a Distinct Safety Aspect in Digital Technologies
4.8.2. Focus: Accounting for User Needs and Complex Configurations
4.8.3. Outlook: Maintaining Security and Connectivity
5. Discussions: Design Methods
5.1. Strategies in Principle and in Practice
- “Chemical engineering” OR “process industry”;
- “Nano-engineering” OR nano-technology, nanomaterial, “nanostructured material”, and “nanoengineered material”;
- “Software engineering “ OR “software development”, and “software design”;
- Bio-engineering OR bio-technology;
- “Aerospace engineering” OR aviation;
- “Construction engineering” OR “structural engineering”;
- “Cyber space” OR cyber-physical.
5.2. Context Matters
6.1. Safe-by-Design as Normative Yardstick: Towards a Value-Inclusive Approach to Innovation
6.2. Recommendations for Future Research
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
- Schot, J.; Steinmueller, W.E. Three frames for innovation policy: R&D, systems of innovation and transformative change. Res. Policy 2018, 47, 1554–1567. [Google Scholar]
- Stilgoe, J.; Owen, R.; Macnaghten, P. Developing a framework for responsible innovation. Res. Policy 2013, 42, 1568–1580. [Google Scholar] [CrossRef][Green Version]
- Van Oost, E.; Kuhlmann, S.; Ordóñez-Matamoros, G.; Stegmaier, P. Futures of science with and for society: Towards transformative policy orientations. Foresight 2016, 18, 276–296. [Google Scholar] [CrossRef]
- Klaassen, P.; Rijnen, M.; Vermeulen, S.; Kupper, F.; Broerse, J. 4 Technocracy versus experimental learning in RRI. In Responsible Research and Innovation: From Concepts to Practices; Routledge: Oxfordshire, UK, 2018; pp. 77–98. [Google Scholar]
- Taebi, B.; Correlje, A.; Cuppen, E.; Dignum, M.; Pesch, U. Responsible innovation as an endorsement of public values: The need for interdisciplinary research. J. Responsible Innov. 2014, 1, 118–124. [Google Scholar] [CrossRef]
- Van de Poel, I.; Asveld, L.; Flipse, S.; Klaassen, P.; Scholten, V.; Yaghmaei, E. Company strategies for responsible research and innovation (RRI): A conceptual model. Sustainability 2017, 9, 2045. [Google Scholar] [CrossRef][Green Version]
- Van de Poel, I.; Robaey, Z. Safe-by-design: From safety to responsibility. Nanoethics 2017, 11, 297–306. [Google Scholar] [CrossRef][Green Version]
- Collingridge, D. The Social Control of Technology; Frances Pinter: London, UK, 1980. [Google Scholar]
- EEA (European Environment Agency). Late lLessons from Early Warnings: Science, Precaution, Innovation; EEA Report No. 1/2013; EEA: Copenhagen, Denmark, 2013. [Google Scholar]
- Randall, A. Risk and Precaution; Cambridge University Press: Cambridge, UK, 2011. [Google Scholar]
- Hansson, S.O. The Precautionary Principle. In Handbook of Safety Principles; Möller, N., Hansson, S.O., Holmberg, J.E., Rollenhagen, C., Eds.; John Wiley & Sons: Hoboken, NJ, USA, 2018; Volume 9, pp. 258–283. [Google Scholar]
- Serksnis, T. Safety by Design. In Designing Electronic Product Enclosures; Springer: Berlin/Heidelberg, Germany, 2019; pp. 181–186. [Google Scholar]
- Doorn, N.; Hansson, S.O. Design for the value of safety. In Handbook of Ethics, Values and Technological Design; Van den Hoven, J., Vermaas, P., van de Poel, I., Eds.; Springer: Dordrecht, The Netherlands, 2015; pp. 491–511. [Google Scholar]
- Klein, G.; Elphinstone, K.; Heiser, G.; Andronick, J.; Cock, D.; Derrin, P.; Elkaduwe, D.; Engelhardt, K.; Kolanski, R.; Norrish, M. seL4: Formal verification of an OS kernel. Commun. ACM 2010, 53, 107–115. [Google Scholar] [CrossRef]
- Pool, R. Forum on Proposed Revisions to ABET Engineering Accreditation Commission General Criteria on Student Outcomes and Curriculum (Criteria 3 and 5): A Workshop Summary; National Academies Press: Washington, DC, USA, 2016. [Google Scholar]
- Olson, S. Engineering Societies and Undergraduate Engineering Education: Proceedings of a Workshop; National Academies Press: Washington, DC, USA, 2017. [Google Scholar] [CrossRef]
- ABET. Criteria for Accrediting Engineering Programs, 2019–2020. Available online: https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-engineering-programs-2019–2020/ (accessed on 16 April 2020).
- Terwel, K.C.; Jansen, S.J. Critical factors for structural safety in the design and construction phase. J. Perform. Constr. Facil. 2015, 29, 04014068. [Google Scholar] [CrossRef]
- Zhang, S.; Sulankivi, K.; Kiviniemi, M.; Romo, I.; Eastman, C.M.; Teizer, J. BIM-based fall hazard identification and prevention in construction safety planning. Saf. Sci. 2015, 72, 31–45. [Google Scholar] [CrossRef]
- Crowl, D.A.; Louvar, J.F. Chemical Process Safety: Fundamentals with Applications, 3rd ed.; Pearson Education: London, UK, 2011. [Google Scholar]
- Taylor, J.R. Statistics of design error in the process industries. Saf. Sci. 2007, 45, 61–73. [Google Scholar] [CrossRef]
- Kletz, T.A. Cheaper, Safer Plants or Wealth and Safety at Work: Notes on Inherently Safer and Simpler Plants; The Institution of Chemical Engineers: Rugby, Warwickshire, UK, 1985. [Google Scholar]
- Anastas, P.T.; Warner, J.C. Green Chemistry Theory and Practice; Oxford University Press: New York, NY, USA, 1998. [Google Scholar]
- Brundtland, G.H. Our Common Future; Oxford University Press: Oxford, UK, 1987. [Google Scholar]
- Sheldon, R.A. The E factor 25 years on: The rise of green chemistry and sustainability. Green Chem. 2017, 19, 18–43. [Google Scholar] [CrossRef]
- Gentile, M.; Rogers, W.; Mannan, M. Development of a fuzzy logic-based inherent safety index. Process Saf. Environ. Prot. 2003, 81, 444–456. [Google Scholar] [CrossRef][Green Version]
- Khan, F.I.; Amyotte, P.R. How to make inherent safety practice a reality. Can. J. Chem. Eng. 2003, 81, 2–16. [Google Scholar] [CrossRef]
- Tugnoli, A.; Cozzani, V.; Landucci, G. A consequence based approach to the quantitative assessment of inherent safety. AIChE J. 2007, 53, 3171–3182. [Google Scholar] [CrossRef]
- Khakzad, N.; Landucci, G.; Reniers, G. Application of Graph Theory to Cost-Effective Fire Protection of Chemical Plants During Domino Effects. Risk Anal. 2017, 37, 1652–1667. [Google Scholar] [CrossRef] [PubMed]
- Hubbard, S. Safety Culture: Examination of Safety Attitudes Across Transportation Modes. Transp. Res. Rec. 2016, 2582, 61–71. [Google Scholar] [CrossRef]
- Goupil, P. AIRBUS state of the art and practices on FDI and FTC in flight control system. Control Eng. Pract. 2011, 19, 524–539. [Google Scholar] [CrossRef]
- De Florio, F. Airworthiness: An Introduction to Aircraft Certification and Operations, 3rd ed.; Elsevier: Oxford, UK, 2016. [Google Scholar]
- De Vries, P.S.; Van Kampen, E.-J. Reinforcement learning-based control allocation for the innovative control effectors aircraft. In Proceedings of the AIAA Scitech 2019 Forum, San Diego, CA, USA, 7–11 January 2019. [Google Scholar]
- Helmer, A.; de Visser, C.C.; Van Kampen, E.-J. Flexible Heuristic Dynamic Programming for Reinforcement Learning in Quad-Rotors. In Proceedings of the AIAA Information systems—AIAA, Kissimmee, FL, USA, 8–12 January 2018. [Google Scholar]
- Garcıa, J.; Fernández, F. A comprehensive survey on safe reinforcement learning. J. Mach. Learn. Res. 2015, 16, 1437–1480. [Google Scholar]
- Oscar, N. Defensible Space: Crime Prevention through Urban Design; Macmillan: New York, NY, USA, 1972. [Google Scholar]
- Casteel, C.; Peek-Asa, C. Effectiveness of crime prevention through environmental design (CPTED) in reducing robberies. Am. J. Prev. Med. 2000, 18, 99–115. [Google Scholar] [CrossRef]
- Durumeric, Z.; Li, F.; Kasten, J.; Amann, J.; Beekman, J.; Payer, M.; Weaver, N.; Adrian, D.; Paxson, V.; Bailey, M. The matter of heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference, Vancouver, BC, Canada, 5–7 November 2014; pp. 475–488. [Google Scholar]
- Koopman, P. A Case Study of Toyota Unintended Acceleration and Software Safety. Ph.D. Thesis, Carnegie Mellon University, Pittsburgh, PA, USA, 18 September 2014. [Google Scholar]
- Hopcroft, J.E.; Motwani, R.; Ullman, J.D. Introduction to Automata Theory, Languages, and Computation; Addison-Wesley: Boston, MA, USA, 2006. [Google Scholar]
- Schmidt, M. Diffusion of synthetic biology: A challenge to biosafety. Syst. Synth. Biol. 2008, 2, 1–6. [Google Scholar] [CrossRef][Green Version]
- Robaey, Z. Dealing with Risks of Biotechnology: Understanding the Potential of Safe-by-Design; Dutch Ministry of I&W: The Hague, The Netherlands, 2018. [Google Scholar]
- Stemerding, D.; Betten, W.; Rerimassie, V.; Robaey, Z.; Kupper, F. Future making and responsible governance of innovation in synthetic biology. Futures 2019, 109, 213–226. [Google Scholar] [CrossRef]
- Asin-Garcia, E.; Kallergi, A.; Landeweerd, L.; dos Santos, V.A.M. Genetic Safeguards for Safety-by-design: So Close Yet So Far. Trends Biotechnol. 2020, 38, 1308–1312. [Google Scholar] [CrossRef]
- Teunisse, W.; Robaey, Z.; Asveld, L. Potentiële Safe-by-Design Strategieën door Directed Evolution. Onderzoeksrapport voor het Ministerie van Infrastructuur en waterstaat. 2019. Available online: https://www.rijksoverheid.nl/documenten/rapporten/2019/12/13/potentiele-safe-by-design-strategieen-door-directed-evolution (accessed on 10 June 2021).
- Robaey, Z.; Spruit, S.L.; Van de Poel, I. The Food Warden: An Exploration of Issues in Distributing Responsibilities for Safe-by-Design Synthethic Biology Applications. Sci. Eng. Ethics 2017, 24, 1673–1696. [Google Scholar] [CrossRef][Green Version]
- Bouchaut, B.; Asveld, L. Safe-by-Design: Stakeholders’ Perceptions and Expectations of How to Deal with Uncertain Risks of Emerging Biotechnologies in the Netherlands. Risk Anal. 2020, 40, 1632–1644. [Google Scholar] [CrossRef] [PubMed]
- Salameh, S.; Gomez-Hernandez, J.; Goulas, A.; Van Bui, H.; van Ommen, J.R. Advances in scalable gas-phase manufacturing and processing of nanostructured solids: A review. Particuology 2017, 30, 15–39. [Google Scholar] [CrossRef]
- Buffat, P.; Borel, J.P. Size effect on the melting temperature of gold particles. Phys. Rev. A 1976, 13, 2287. [Google Scholar] [CrossRef][Green Version]
- Monikh, F.A.; Chupani, L.; Vijver, M.G.; Vancová, M.; Peijnenburg, W.J. Analytical approaches for characterizing and quantifying engineered nanoparticles in biological matrices from an (eco) toxicological perspective: Old challenges, new methods and techniques. Sci. Total Environ. 2019, 660, 1283–1293. [Google Scholar] [CrossRef][Green Version]
- Jantunen, A.P.K.; Gottardo, S.; Rasmussen, K.; Crutzen, H.P. An inventory of ready-to-use and publicly available tools for the safety assessment of nanomaterials. NanoImpact 2018, 12, 18–28. [Google Scholar] [CrossRef]
- Soeteman-Hernandez, L.G.; Apostolova, M.D.; Bekker, C.; Dekkers, S.; Grafström, R.C.; Groenewold, M.; Handzhiyski, Y.; Herbeck-Engel, P.; Hoehener, K.; Karagkiozaki, V. Safe innovation approach: Towards an agile system for dealing with innovations. Mater. Today Commun. 2019, 20, 100548. [Google Scholar] [CrossRef]
- Morose, G. The 5 principles of “design for safer nanotechnology”. J. Clean. Prod. 2010, 18, 285–289. [Google Scholar] [CrossRef]
- Yan, L.; Zhao, F.; Wang, J.; Zu, Y.; Gu, Z.; Zhao, Y. A Safe-by-Design strategy towards safer nanomaterials in nanomedicines. Adv. Mater. 2019, 31, 1805391. [Google Scholar] [CrossRef] [PubMed]
- Zhang, Q.; Huang, J.Q.; Qian, W.Z.; Zhang, Y.Y.; Wei, F. The road for nanomaterials industry: A review of carbon nanotube production, post-treatment, and bulk applications for composites and energy storage. Small 2013, 9, 1237–1265. [Google Scholar] [CrossRef] [PubMed]
- Reijnders, L. Safer-by-design for nanomaterials. In Nanotoxicity; Elsevier: Amsterdam, The Netherlands, 2020; pp. 215–237. [Google Scholar]
- Galfetti, L.; De Luca, L.; Severini, F.; Meda, L.; Marra, G.; Marchetti, M.; Regi, M.; Bellucci, S. Nanoparticles for solid rocket propulsion. J. Phys. Condens. Matter 2006, 18, S1991. [Google Scholar] [CrossRef]
- Liu, X.T.; MU, X.Y.; WU, X.L.; Meng, L.X.; Guan, W.B.; Qiang, Y.; Hua, S.; Wang, C.J.; LI, X.F. Toxicity of multi-walled carbon nanotubes, graphene oxide, and reduced graphene oxide to zebrafish embryos. Biomed. Environ. Sci. 2014, 27, 676–683. [Google Scholar]
- Ma-Hock, L.; Strauss, V.; Treumann, S.; Küttler, K.; Wohlleben, W.; Hofmann, T.; Gröters, S.; Wiench, K.; van Ravenzwaay, B.; Landsiedel, R. Comparative inhalation toxicity of multi-wall carbon nanotubes, graphene, graphite nanoplatelets and low surface carbon black. Part. Fibre Toxicol. 2013, 10, 23. [Google Scholar] [CrossRef][Green Version]
- Hanley, C.; Thurber, A.; Hanna, C.; Punnoose, A.; Zhang, J.; Wingett, D.G. The influences of cell type and ZnO nanoparticle size on immune cell cytotoxicity and cytokine induction. Nanoscale Res. Lett. 2009, 4, 1409–1420. [Google Scholar] [CrossRef][Green Version]
- Nel, A.E.; Mädler, L.; Velegol, D.; Xia, T.; Hoek, E.M.; Somasundaran, P.; Klaessig, F.; Castranova, V.; Thompson, M. Understanding biophysicochemical interactions at the nano–bio interface. Nat. Mater. 2009, 8, 543–557. [Google Scholar] [CrossRef]
- Rabolli, V.; Thomassen, L.C.; Princen, C.; Napierska, D.; Gonzalez, L.; Kirsch-Volders, M.; Hoet, P.H.; Huaux, F.; Kirschhock, C.E.; Martens, J.A. Influence of size, surface area and microporosity on the in vitro cytotoxic activity of amorphous silica nanoparticles in different cell types. Nanotoxicology 2010, 4, 307–318. [Google Scholar] [CrossRef]
- Savolainen, K.; Alenius, H.; Norppa, H.; Pylkkänen, L.; Tuomi, T.; Kasper, G. Risk assessment of engineered nanomaterials and nanotechnologies—A review. Toxicology 2010, 269, 92–104. [Google Scholar] [CrossRef]
- Kane, G.; Bakker, C.; Balkenende, A. Towards design strategies for circular medical products. Resour. Conserv. Recycl. 2018, 135, 38–47. [Google Scholar] [CrossRef]
- Hansen, S.F.; Sørensen, S.N.; Skjolding, L.M.; Hartmann, N.B.; Baun, A. Revising REACH guidance on information requirements and chemical safety assessment for engineered nanomaterials for aquatic ecotoxicity endpoints: Recommendations from the EnvNano project. Environ. Sci. Eur. 2017, 29, 14. [Google Scholar] [CrossRef] [PubMed][Green Version]
- Schwirn, K.; Tietjen, L.; Beer, I. Why are nanomaterials different and how can they be appropriately regulated under REACH? Environ. Sci. Eur. 2014, 26, 4. [Google Scholar] [CrossRef][Green Version]
- Labille, J.; Feng, J.; Botta, C.; Borschneck, D.; Sammut, M.; Cabie, M.; Auffan, M.; Rose, J.; Bottero, J.-Y. Aging of TiO2 nanocomposites used in sunscreen. Dispersion and fate of the degradation products in aqueous environment. Environ. Pollut. 2010, 158, 3482–3489. [Google Scholar] [CrossRef] [PubMed]
- Sarkawi, S.; Dierkes, W.K.; Noordermeer, J.W. Elucidation of filler-to-filler and filler-to-rubber interactions in silica-reinforced natural rubber by TEM Network Visualization. Eur. Polym. J. 2014, 54, 118–127. [Google Scholar] [CrossRef]
- Siriwardena, P. Security by design. In Advanced API Security; Apress: Berkeley, CA, USA, 2014; pp. 11–31. [Google Scholar]
- Cavoukian, A. Privacy by Deisgn; Information and Privacy Commissioner of Ontario: Ottawa, ON, Canada, 2009. [Google Scholar]
- Anderson, R. Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed.; Wiley: Indianapolis, IN, USA, 2008. [Google Scholar]
- Pieters, W. Security. In Routledge Handbook of Philosophy of Engineering; to appear; Routledge: London, UK, 2020. [Google Scholar]
- Van den Hoven, J.; Blaauw, M.; Pieters, W.; Warnier, M. Privacy and information technology. In The Stanford Encyclopedia of Philosophy, Summer 2018 ed.; Zalta, E.N., Ed.; Metaphysics Research Lab, Stanford University: Stanford, CA, USA, 2018. [Google Scholar]
- Sindre, G.; Opdahl, A.L. Eliciting security requirements with misuse cases. Requir. Eng. 2005, 10, 34–44. [Google Scholar] [CrossRef]
- Petitcolas, F.A.P. Kerckhoffs’ Principle. In Encyclopedia of Cryptography and Security; van Tilborg, H.C.A., Jajodia, S., Eds.; Springer: Boston, MA, USA, 2011. [Google Scholar]
- OWASP. A Guide to Building Secure Web Applications and Web Services (ver. 2.0.1); Free Software Foundation: Boston, MA, USA, 2005. [Google Scholar]
- Kirlappos, I.; Parkin, S.; Sasse, M.A. “Shadow Security” as a tool for the learning organization. ACM SIGCAS Comput. Soc. 2015, 45, 29–37. [Google Scholar] [CrossRef]
- Pieters, W.; Hadžiosmanović, D.; Dechesne, F. Security-by-experiment: Lessons from responsible deployment in cyberspace. Sci. Eng. Ethics 2016, 22, 831–850. [Google Scholar] [CrossRef][Green Version]
- Sanders, W.H. Quantitative security metrics: Unattainable holy grail or a vital breakthrough within our reach? IEEE Secur. Priv. 2014, 12, 67–69. [Google Scholar] [CrossRef]
- Ahmed, M.A.; van den Hoven, J. Agents of responsibility—Freelance web developers in web applications development. Inf. Syst. Front. 2010, 12, 415–424. [Google Scholar] [CrossRef][Green Version]
- Bauer, J.M.; Van Eeten, M.J. Cybersecurity: Stakeholder incentives, externalities, and policy options. Telecommun. Policy 2009, 33, 706–719. [Google Scholar] [CrossRef]
- Rutherford, D.B., Jr. What do you mean it’s fail safe? In Proceedings of the Rapid Transit Conference, Atlanta, Georgia; 1990. [Google Scholar]
- Evans, S.W.; Beal, J.; Berger, K.; Bleijs, D.A.; Cagnetti, A.; Ceroni, F.; Epstein, G.L.; Garcia-Reyero, N.; Gillum, D.R.; Harkess, G. Embrace experimentation in biosecurity governance. Science 2020, 368, 138–140. [Google Scholar] [CrossRef] [PubMed]
- Van den Hoven, J.; Vermaas, P.E.; Van de Poel, I. Handbook of Ethics, Values, and Technological Design: Sources, Theory, Values and Application Domains; Springer: Dordrecht, The Netherlands, 2015. [Google Scholar]
- Van de Poel, I. An ethical framework for evaluating experimental technology. Sci. Eng. Ethics 2016, 22, 667–686. [Google Scholar] [CrossRef] [PubMed][Green Version]
- McCray, L.E.; Oye, K.A.; Petersen, A.C. Planned adaptation in risk regulation: An initial survey of US environmental, health, and safety regulation. Technol. Forecast. Soc. Chang. 2010, 77, 951–959. [Google Scholar] [CrossRef][Green Version]
- Klinke, A.; Renn, O. Adaptive and integrative governance on risk and uncertainty. J. Risk Res. 2012, 15, 273–292. [Google Scholar] [CrossRef]
- Hansson, S.O. How to be cautious but open to learning: Time to update biotechnology and GMO legislation. Risk Anal. 2016, 36, 1513–1517. [Google Scholar] [CrossRef]
- OECD. Guidelines for Resilience Systems Analysis; Organisation for Economic Co-operation and Development (OECD): Paris, France, 2014. [Google Scholar]
|A||Probabilistic risk-based design||Incorporates target reliability indices, system decomposition into subsystems (fault and event trees), and probabilistic models of stress on and capacity of the system in the design.|
|B||(Deterministic) safety factor-based design||Incorporates multiplication factors on load and resistance variables of the system.|
|C||Fail-safe design/fail-secure design||In engineering, a fail-safe is a design feature or practice that in the event of a specific type of failure, inherently responds in a way that will cause minimal or no harm to other equipment, to the environment, or to people . Unlike inherent safety to a particular hazard, a system being “fail-safe” does not mean that failure is impossible or improbable, but rather that the system’s design prevents or mitigates unsafe consequences of the system’s failure. That is, if and when a “fail-safe” system fails, it remains at least as safe as it was before the failure.|
|D||Active safe design||Involves a reaction to a dangerous event by user intervention. For example, in the car industry, active safety measures are already in operation prior to an accident.|
|E||Passive safe design||Involves a reaction to a dangerous event automatically by natural laws.|
|F||Vandal-proof design||Design against vandalism.|
|G||Idiot-proof/fool-proof design||Design against misuse by end-users or to minimize negative consequences of abuse.|
|H||Fault-tolerant design||System continues processing (possibly at a reduced level) when part of the system fails.|
|I||Circular design||Design that enables maintaining product integrity (i.e., functionality and value) over a long period of time and eliminates waste.|
|Disciplines → Design methods ↓||Construction engineering||GS hits||Chemical engineering||GS hits||Aerospace engineering||GS hits||Urban engineering||GS hits|
Probabilistic risk-based design
|Target failure probabilities are specified, depending on the failure consequences of the structures.||2510||Process safety design: Identify failure scenarios and estimate consequences; redesign until risks are below a target level (of 10−6/year/individual).||361||Acceptable level of risk calculations based on components.||1820||Related to the probabilistic design of infrastructure within the urban environment.||219|
Safety factor-based design
|Multiplication factors are used on characteristic/ representative values of load and resistance variables.||15,100||Anticipate higher loads and weaker resistance by incorporating safety factors in the design.||4820||Example: Determining maximum load for strength of wings and other structures.||12,700||As above.||2570|
Fail-safe design/ fail-secure design
|Failure of one construction element does not lead to complete collapse.||2070||Replace materials with less-hazardous options (e.g., clean with water and detergent rather than a flammable solvent).||1960||Example: Statically stable design of aircraft, which means failure of automatic flight control system does not lead to an uncontrollable aircraft.||17,600||Related to resilience of the urbanized area.||1280|
Active safe design
|Actively monitor the construction site to prevent accidents and fatalities.||374||Use of sensor and control technology to stabilize pressure and temperature levels.||357||Example: Traffic collision avoidance system warns of traffic and advises pilots.||2360||Focused on active safe design of road infrastructure in the urban environment.||672|
Passive safe design
|Use passive safe columns to absorb the energy of a collision.||333||Gravity taking leaks to safe places; use bunds; avoid knock-on effects.||730||Example: Crash structures and seat design.||1750||Focused on passive safe design of hazardous industries inside urbanized areas.||222|
Security-proof/ vandalism-proof design
|Use gates, fences, or surveillance cameras.||8||Use gates, fences, or surveillance cameras.||23||None: Aircraft operate in secure areas and people inside aircraft generally do not want to put themselves in danger.||177||Crime prevention by improving natural surveillance in the urban environment.||8800|
|Careful supervision of design and execution phases of the construction project.||432||Make incorrect assembly impossible; ease of control.||264||MINIMAL: Airbus aircraft have built in protection against aircraft upset due to incorrect pilot inputs. Highly skilled end-users (pilots) are expected.||4280||None.||0|
|Space between construction elements to accommodate fluctuations in geometrical dimensions.||1520||Equipment and processes designed to withstand possible faults or deviations from design.||2870||All crucial systems are redundant, sometimes triply or quadruply. A single fault should never lead to a crash.||20,400||Related to infrastructural design of the built environment.||2220|
|Modular construction strategies (“Lego-type” structures).||125||Redefine performance to include entire product life cycle; “Nexus” solutions that synergistically solve several sustainability issues.||115||MINIMAL: Aircraft are mainly designed for their operational phase. After the operational phase, aircraft are stored or scrapped.||417||Green cities.||107|
|Disciplines → Design methods ↓||Software engineering||GS hits||Bio-engineering||GS hits||Nano-engineering||GS hits||Cyber space||GS hits|
Probabilistic risk-based design
|Use probabilistic programming or probablistic verification to take uncertainties into account; (For this column we take the software developer’s perspective not the user of the software).||514||Escape frequencies as a measure.||232||For example, the spread of various areas and species in the environment.||97||Explicit modelling of threat actors and their behavior may provide guidance regarding risk level and associated controls.||98|
Safety factor-based design
|Make software forewards compatible by anticipating on future functional and safety requirements.||3280||Found in rationales of SbD but implementation limited.||5840||Limiting release may be combined with limiting toxicity.||846||Security measures such as cryptographic key lengths should consider future developments (e.g., increased computing power).||390|
Fail-safe design/fail-secure design
|Use software verification or static analysis tools to ensure that certain properties hold by construction.||12,500||Closest to the technical application of Safe-by-Design (e.g., kill switches).||6350||Naomaterials used to make fail-safe (construction) materials; rarely used to make nanomaterials themselves safe.||445||Intrusion prevention systems aimed at reducing damage from a detected cyberattack.||2690|
Active safe design
|Programmer manually writes tests or uses program analysis tools to ensure software quality.||2040||Closest to the technical application of Safe-by-Design (e.g. biosensors).||547||Mostly, nanomaterials used in components for active safety; rarely used to make nanomaterials themselves safe.||77||Network monitoring may indicate attacker activity and enable operator responses.||767|
Passive safe design
|Testing or program analysis tools are integrated in the software development pipeline through continuous integration.||1180||Closest to the technical application of SbD (e.g. auxotrophy).||548||Mostly, nanomaterials used in components for passive safety; rarely used to make nanomaterials themselves safe.||124||Decentralized architectures limit the amount of data accessible through a single system.||253|
Security-proof / vandalism-proof design
|Explicitly validate inputs to provide robust response to all possible inputs, for example, to prevent injection attacks.||1430||None.||3||None.||0||Backups and quick restore procedures make cyber attacks and vandalism less attractive.||317,000|
Idiot-proof / fool-proof design
|Testing or program analysis tools are integrated in the software development pipeline through continuous integration.||3870||Can be understood as biosecurity, not presently covered.||3130||Typically refers to synthesis and applications and not so much to safety.||219||Privacy-friendly or security-friendly defaults (e.g., multi-factor authentication) may protect users against attacker manipulation (e.g., phishing e-mails).||2610|
|Explicitly validate inputs to provide robust response to all possible inputs, for example, overflows and illegal memory access.||17,500||None.|
Not in the rationales of SbD.
|4190||No relation to toxicity.||0||Network segmentation limits possibilities for attackers to compromise the whole system.||12,000|
|Reuse of software through libraries, thereby inheriting safety guarantees of the libraries.||303||None.|
Is found in bioengineering but not discussed in the context of safety.
|371||Possible tension between Safe-by-Design and circular design (see text).||81||Adequate identification of and response to software vulnerabilities, via software updates, is crucial.||78|
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
van Gelder, P.; Klaassen, P.; Taebi, B.; Walhout, B.; van Ommen, R.; van de Poel, I.; Robaey, Z.; Asveld, L.; Balkenende, R.; Hollmann, F.; et al. Safe-by-Design in Engineering: An Overview and Comparative Analysis of Engineering Disciplines. Int. J. Environ. Res. Public Health 2021, 18, 6329. https://doi.org/10.3390/ijerph18126329
van Gelder P, Klaassen P, Taebi B, Walhout B, van Ommen R, van de Poel I, Robaey Z, Asveld L, Balkenende R, Hollmann F, et al. Safe-by-Design in Engineering: An Overview and Comparative Analysis of Engineering Disciplines. International Journal of Environmental Research and Public Health. 2021; 18(12):6329. https://doi.org/10.3390/ijerph18126329Chicago/Turabian Style
van Gelder, Pieter, Pim Klaassen, Behnam Taebi, Bart Walhout, Ruud van Ommen, Ibo van de Poel, Zoe Robaey, Lotte Asveld, Ruud Balkenende, Frank Hollmann, and et al. 2021. "Safe-by-Design in Engineering: An Overview and Comparative Analysis of Engineering Disciplines" International Journal of Environmental Research and Public Health 18, no. 12: 6329. https://doi.org/10.3390/ijerph18126329