How safe and secure are autonomous vehicles?
There is widespread discussion that driverless cars, and more broadly autonomous vehicles, will monumentally change the landscape of the automotive industry, arguably creating the biggest transformation of society’s view of the vehicle in the last 150 years.
Public acceptance of the vehicle began following the ‘Red Flag Act’ of 1865 when, by the 1890s, it became the ‘norm’ to see motor vehicles mingling, albeit uncomfortably, with the horse and carriage.
Clearly many technical improvements have been made to all forms of road transport since then, but while dependency has certainly grown, society’s fundamental view of road transport remains unchanged – people are in charge of the machines. But the flags are back out now and society is suddenly aware that once again this is all about to change.
The precursor to these changes however is an essential focus on what approaches should be taken to ensure the safety and security of all road users as they are rolled out.
How much change will be driven by the availability of the new technologies and how much by what will be considered socially acceptable, politically expedient and in the interests of the automotive and insurance industries?
There has been much discussion in this area, but as the argument progresses we are likely to see some previously unconsidered and radical thinking emerging in this space.
The instinctive engineering-driven approach is to prove that in every possible instance and circumstance, the technology will be failsafe. The industry naturally looks to prove that all failure modes and functional ‘corner cases’ have been identified and catered for.
This is the respected approach behind ISO26262 functional safety standards, addressing suppliers’ needs for a standard they can be seen to be meeting, and delivering safe and secure products. The approach also serves to protect both suppliers and insurance underwriters from liability.
However from a societal perspective, a perhaps controversial view is that if there is a compelling case for achieving ‘sufficient benefit’ from a new form of autonomous technology, then there is a top-down argument, maybe even an obligation for it to be adopted.
Put another way, does a particular implementation of autonomy have to be proven to be 100% safe from the bottom up, if it will measurably save lives?
In February 2015 the UK Highways Agency reported that in the year prior to September 2014, there were nearly 193,000 UK road casualties with over 24,300 of those people either killed or seriously injured.
The government estimates that the average cost of each road traffic casualty is over £51,000. That equates to £1bn annually and our roads are only becoming busier every year. Understandably any application of technology that can significantly reduce the risks and hence this cost, becomes an attractive proposition.
It is arguable that a government might see sufficient political benefit and consider applying pressure to mandate such capabilities, whether 100% safe or not. The point is there may be previously unconsidered influences that will affect the practical route to driverless cars and the biggest business opportunities may come from spotting these early.
A related consideration for the automotive industry is that if vehicles are to be safe and secure, then they also need to be resilient to threat from modern cyber-attacks. How will it go about defining, measuring and certifying a vehicle’s ‘level of resilience’ against these? This is a sticking point the industry must address.
Irrespective of what new technologies are to be delivered and why, the question also remains: ‘how?’ There is widespread recognition of the cyber threat to connected vehicles, but far less agreement on how to deliver real-world solutions to protect against it.
Groups are considering the standards needed for the automotive and transport sector to give confidence to both suppliers and consumers that a vehicle’s level of resilience to cyber-attack can be measured and certified. This has to be compelling and will be measured against new, industry recognisable standards that simply don’t exist yet.
Many insurance companies will already refuse to insure a vehicle if it does not have an industry recognised immobiliser or tracker system fitted. In December 2014 insurers announced they would refuse to cover certain vehicles in London due to key-fobs being cloned and the vehicles being rendered defenceless against theft.
In the future, standards will need to be extended to recognise the new threats and to integrate them into the current qualification processes so that the OEMs and their executives will continue to be indemnified. It will be a whole new scenario the first time one of their autonomous vehicles makes an unfortunate decision that increases rather than reduces the death toll.
Certifying a vehicle to be resilient to a given level of cyber-attack is arguably a logical extension to the current ISO26262 qualification; and one that is currently under discussion. OEMS and T1s alike are going to need help with navigating all of these aspects, from working with standards bodies to the qualification of vehicles and to the development of manufacturing and test solutions.
So, as this article goes to show, on the path to realising safe, secure, certified autonomous vehicles, there is plenty of food for thought for industries and governments to consider.