Keeping autonomous vehicles safe at system level
The rate of technological development and investment in autonomous vehicles is accelerating. We’re still a long way from fully driverless, ‘Level 5’ vehicles, but the announcements keep on coming.
Uber establishing its Advanced Technologies Center in Pittsburgh, Google cooperating with Fiat Chrysler Automobiles and expanding testing into four US states, Tesla releasing its Autopilot semi-autonomous system and GM finalising similar Super Cruise technology for the Cadillac CT6 from 2017, to name but a few.
“There’s a lot of competition on the technical side between countries, between US states, and between car makers, automotive suppliers and information technology companies like Google and Uber,” assesses Raj Rajkumar, professor of electrical and computer engineering at Carnegie-Mellon University (CMU) in Pittsburgh, Pennsylvania, and director of the GM-CMU Connected and Autonomous Driving Lab. “The promise of these vehicles is very high so the people with the best teams, products and technologies will gain a significant edge in the marketplace.”
Amid so much activity, system safety remains a key concern for OEMs and suppliers, lawmakers and the travelling public alike. For Rajkumar, who is one of the confirmed speakers at IQPC’s System Safety conference in Silicon Valley this September, the competitive environment does not hold any safety concerns. “I do expect that over time, as the laws fall into place, they will require all cars with this capability to obey those rules,” he says. “But already today, different car models have different features and capabilities and we drive together. I expect a similar trajectory – just because it’s automated driving, I don’t think all cars will be required to have the exact same features at the same time.”
“System safety is an industry-wide and societal issue,” offers Randy Visintainer, director of autonomous vehicles at the Ford Motor Company, which will this year triple its fleet of Fusion Hybrid autonomous research vehicles. “We need consistent approaches, and all stakeholders – government, automakers, suppliers, insurance companies and consumer advocate groups – need to participate in this discussion. The most important principle as we move forward is achieving both continued innovation and improved public safety. We would encourage vehicle safety standards to be handled at the federal level in the US. And we urge the US to work with other regions of the world to harmonize future standards.”
The legislative challenge
In the current absence of federal legislation in the US to cover autonomous vehicle safety, prototype vehicles have been permitted to test on public roads by a number of states – perhaps the first time that vehicle safety has been regulated at state rather than federal level. Different states have taken different approaches. In California, the DMV passed legislation governing the testing of self-driving cars in September 2014, and earlier this year released draft legislation for their deployment to the public. Key measures are that manual controls must be fitted and a licensed driver is required to be in the vehicle at all times.
Testing, standardization, and regulation at a crux with innovation
“The testing requirements are pretty minimal and the first reports we received from seven companies for last year [11 are licensed] showed the types of things that were still causing problems for the vehicles,” says Brian Soublet, chief council and deputy director of the Legal Affairs Division at the California DMV. “The draft deployment regulation was completed prior to us receiving those reports. But they did reaffirm some of the concerns that we have, which are that the vehicles still face some obstacles in operating under certain conditions. In the draft regulation we took that in mind in that we did not want to see the vehicles capable of operating under conditions in which the manufacturers knew they were incapable of operating.”
Soublet notes that the sun blinding the sensors or cameras, or lack of lane-marking detection during rain, as two conditions where technical challenges remain. One of the concerns raised at public consultation sessions on the draft regulations earlier this year came from manufacturers who will have to submit their vehicles to a third-party for certification testing prior to deployment. That’s different to how things are normally done in the US, where vehicles are self-certified by manufacturers and if there’s an unreasonable risk to safety, the National Highway and Transport Administration (NHTSA) can order a recall. The need to define standards against which vehicles can be judged highlights the problem for state regulators trying to balance the future safety benefits of advancing autonomous technology with maintaining public safety in the short term. Fortunately, it looks like developments at a national level could soon help answer the question for DMVs across the USA.
“The difficult thing for a State regulator is the fact that we’re not experienced in the field of coming up with standards for automotive safety,” Soublet acknowledges. “How do you come up with standards? And if the standards are judged by whether or not the vehicle meets certain criteria, you also have to come up with the criteria! But NHTSA held two public workshops this spring and administrator Mark Rosekind has confirmed that in July, NHTSA will be issuing policy guidance to manufacturers on the things that NHTSA would expect to be in autonomous vehicles. We’re hoping that once we get a look at the policy guidance, we can see where we need to go. The great thing about what we’ve done so far is that it looks like it’s contributing to the movement that’s happening on a national level.”
System Safety - more than the sum of its parts
Of course, functional safety is only one aspect of the system safety considerations for autonomous technologies. Cyber security remains a major concern for vehicles that will communicate externally with traffic infrastructure, other vehicles and the Cloud.
“Once you have connectivity to the outside world, malicious people can come in, or even inadvertent messages can come in, which in turn could pose a safety hazard,” says Rajkumar. “Security researchers have shown that vehicles are vulnerable, that you can potentially take over vehicular control, so the car makers – who could possibly be held liable for any financial liabilities – are very cautious.
“They have dabbled in the space in the past but autonomous vehicles are a whole new ball game,” he expands. “Everybody is looking to ramp up their expertise and hire more people in the space. It’s not just about cyber security though – it’s about physical security, because the outcome of a security attack can be physical harm to people and property. Software development practices are important, but the sensors could be attacked as well for example, in a physical attack rather than a cyber attack. These are complete systems and if any part of the system is vulnerable, it means that the entire system is vulnerable. You literally have to plug all possible holes in the dam.”
Rajkumar suggests mitigations strategies ranging from keeping connectivity ports closed when not in use, having onboard redundancy in the form of a second subsystem that is always completely disconnected from the outside world, and even a safety default mode that finds a safe place to park the vehicle in the event of a problem being detected.
Cyber Security - the ever-changing uphill battle
At Ford, Visintainer believes that cooperation across the industry will be the best way to keep autonomous vehicles safe from cyber attack. He says that the company is, “constantly evolving security measures that are aligned to industry best practices to protect our vehicles,” and is working with legislators and industry partners. One initiative is the Automotive Information and Analysis Center, which serves as a central point for automakers, suppliers and other stakeholders to share cyber intelligence and respond to threats. “We believe this industry-wide approach helps ensure that consumers benefit from technology advances and are quickly protected from potential threats,” he adds.
The notion of “best practices” strikes a chord with Soublet, for cyber security is naturally a concern for legislators, too. “In the regulations we talk about certifying that the vehicle has some ability to detect spurious code or some type of cyber attack and either hand over control to the driver or take some sort of countermeasure,” he explains. “You have to certify to us that you are implementing best practices to avoid a cyber attack. But we want to avoid the situation where you’re too specific about what people have to do [to comply]. Technology changes so rapidly and if you get very specific, you’ll have to keep changing your regulation as the technology changes. If you build a better lock, you create a better thief, so cyber security is not something that’s ever finished.”