Functional vehicular safety reaches world statusAdd bookmark
The automotive software industry is looking at perhaps the biggest era of change since vehicles began using computer components to regulate simple systems. With the advent of fully electric vehicles and autonomous vehicular research, manufacturers and regulators are concerned with all functional aspects of vehicles, including electronic and data security.
India and China have now begun major initiatives to address safety. Concerns about air and water pollution sit at the top of the national transportation problems in these countries, but demand for more sophisticated, non-polluting vehicles is skyrocketing. This demand drives the need for more reliability and security, as well. Vehicles running hybrid or all-electric systems use far more advanced chip-driven electronics than simple anti-smog devices.
There are wide gaps between the legal requirements/industrial standards for safety and security of electronic systems in western nations, and those in Asia and Africa. Europe and the United States, for example, have strict regulations for software security that are continually being examined. One of the dangerous possibilities inherent in fully connected networks in motor vehicles is hacking and sabotage. Western nations are becoming more concerned every year about this type of vulnerability.
Now, China and India are attempting to catch up in the complex, electronically controlled automobile design world. The China Automotive Technology and Research Center (CATARC) was started to develop China’s safety and reliability rules in electronically sophisticated vehicles. CATARC is building large facilities for testing and research. In 2017, the group began an ambitious project to determine the actual fuel use cycle of various small and large trucks in China. The “China Cycle” group hopes to determine real conditional fuel use throughout the country.
The next challenge for CATARC is the overall safety and security of motor vehicle systems. China is the world’s largest importer of cars and trucks; at this writing, vehicle giant General Motors was selling more vehicles in China than in the United States. China is where many industries around the world believe growth potential is highest. CATARC is in charge of helping China build its own ultra-complex motor vehicles.
Challenges are complex and changing
A system of safer roads, guarded by electronic warnings in which vehicles operate partly under the driver’s control and partly by automatic embedded wireless controllers in cars and in the roadway, is the vision of highly developed nations with excellent infrastructure in place. They have roads that generally drain quickly in storms; that have an electronic system in place controlling traffic signals; that have available electricity above and below ground, and cell towers in place.
These features are less reliable in many countries. In major cities, the crowded roads and lack of electricity pose problems for safety and security. Conditions under which countries with large populations must navigate this new transportation reality are complex and daunting. (1) The major cities in Asia have vast transportation challenges to overcome. This report takes a candid look at the differences not only in driving conditions between eastern and western cities, but at the overall mindset of drivers in both places. The way drivers view their responsibilities and privileges in different countries varies widely, especially in crowded cities.
So, the management of traffic using technology not only requires software/hardware security but the acceptance of roadway safety basics. This is difficult for cities where every inch of road space is taken by a car, bike, pedestrian, motorcycle, scooter or animal cart, the report said. Every driver in an Indian city is conditioned to react to an astonishing array of dangerous behaviors; they tend to be far more aggressive, taking chances European drivers would never consider.
The conditions change constantly on urban roads. Breakdowns, emergencies, pedestrian traffic and lack of enforcement make driving a more hazardous activity. The main point of this report about Indian roadways is that data taken from the chaos of traffic can be invaluable in making stronger, more secure systems in vehicles that help in all situations.
Security of systems begins in vehicles
For these reasons and many more, secure system-on-a-chip functions in motor vehicles must begin with at the vehicle level and build outward as the regional infrastructure can support it. The advent of vehicles communicating with each other is much closer to reality that an era of vehicles communicating with roadways. In China, the move toward functional safety standards began in earnest with the several meetings, among them SAE-China Congress 2016. (2). At this writing, SAE-China 2017 is in progress.
These meetings are designed to showcase the latest technology in auto manufacturing, and to set the framework for better processes for builders in China and elsewhere. Engineers discuss how to best implement functional safety into current manufacturing capabilities while helping design capabilities for the future. New plants and research centers will be built with greater safety and environmental systems in mind.
Each vehicle manufacturer is now trying to incorporate the same scalable architecture for chip-based systems and software that has been built into computer systems for many years. Automobiles now have extremely confined available space for hardware of any kind. If you have looked under the hood of a new car recently, you see what appears to be a solid mass of machinery. Designers relish the miniaturization of electronic signalers, but know it still needs room for mounting.
An example of security of systems detailed at SAE-China is a paper on functional safety in the design of electric power steering. (3) The authors describe the faults and failures inherent in power steering systems, and set parameters for reducing risk to an acceptable level. The definition of this risk varies, and in that variation lies the difference in what is acceptable in one country but not in another. Certainly, a power steering system offers a default to standard steering in failure mode, but the principles of multiple safety channels for each catastrophic failure remain the same. Which system failure is acceptable? The answer is at the heart of functional safety standards in every country. When hundreds of thousands of imported vehicles mix with millions of domestically made ones, the safety, repair and testing of vehicles becomes murky indeed.
So, acceptance of risk lies at the center of functional safety standards. The power steering example shows that any electronic path that interprets a dangerous situation can shut the system down, leading to a vehicle stop. This safety level may or may not be incorporated into the manufacturing guideline in every country. China is moving toward developing and implementing more fail-safe systems that reduce risk with every development cycle.
Mahindra & Mahindra – India has developed a working field tractor that operates remotely through a pad computer. Its safety parameters are less rigorous than a passenger car, or driverless car, for obvious safety reasons. Traffic involves a great number of people operating together; a tractor is plowing an empty field by itself. Still, the tractor systems can offer a lot of insight into fail-safe equipment and human error.
By default, the tractor operates only in a defined area – the property inside the farm boundaries. It has a stop setting via GPS for property lines and remote sensor driven GPS for plowing straight lines. This technology can be used in a safe but effective manner to test the reactions of slow-moving vehicles to obstacles and emergencies. Algorithms derived in this way will not be as useful for high-speed traffic. However, in cities like Mumbai where traffic is near standstill much of the time, the tests possible with the Mahindra robotic tractor’s GPS system can be translated directly in time and space units.
Functional safety needs to be international
Cybersecurity for these systems comes next. When more vehicles talk to each other, and talk to the facilities in the streets, security becomes paramount. With rudimentary tests completed on positioning and automatic shutdown, the tractor example represents a basic blueprint for testing functional safety as well. Attacks on a tractor in real operation can help transition out of the laboratory and into real world situations. These could also help India create more of its own functional safety testing facilities, just as CATARC builds in China.
India can grow its own research and development expertise with the help of companies like Exida, LLC and Toshiba Asia-Pacific. With offices around the world, Exida and Toshiba specialize in automotive functional safety training, among other industries. The list of their service chain reads like a manual for emerging automotive researchers in these countries to follow.
The companies provide (as listed directly from Exida) (4):
• “Functional Safety Management
• Safety Requirements Specification
• Validation Test Plan
• Safety Concept
• Safety Manual
• Final Safety Case
• Failure Mode Effects and Diagnostic Analysis (FMEA)
• Fault Tree Analysis
• Fault Insertion Tests
• Mechanical FMEA
• Interference Freeness
• Dependent Failures and Common Cause Failure (CCF).”
The safety of wireless Internet systems becomes more and more critical every year. As IoT connects all kinds of mechanical devices to electronic networks, at-fault and possible-fault parameters become more complex. Keeping up with these changes will require regions of the world outside of Europe and North America to join forces in accepting and implementing standards, then forging ahead to satisfy their own unique security challenges.