For decades we have been enamored by the idea of self-driving cars. Many assumed that autonomous vehicles (AVs) would have taken the world by storm by this point. We are seeing momentum pick up though:
Level 2 autonomy, which is described as two or more simultaneous automated functions with constant supervision by a driver, is now available in some vehicles; this level can be depicted by advanced driver assistance systems (ADAS) which include adaptive cruise control, hands-on lane-centering steering, and some hands-free steering.
Mercedes recently gained Level 3 autonomy (all safety-critical functions automated under certain conditions with a driver as a backup) certification in Nevada.
AV companies and suppliers have collectively spent more than $75 billion developing self-driving technology.
We are still far from widespread adoption because we have yet to address the toughest problems.
One-off demonstrations are easier
We build excitement by extrapolating what can be possible through small experiments. As experiments, companies such as Waymo and Cruise are operating on the streets of San Francisco and Phoenix. They have exposed AVs to a set of operating scenarios – a great starting point. A gradual expansion from this phase would allow them to experience a wider set of scenarios without undertaking too much risk all at once; with each gradual step, companies can solve the problems encountered in that step. For example, a collision with a bus in San Francisco led Cruise to issue a software fix for 300 of its vehicles.
Key challenges must be addressed to scale
Self-driving technologies have yet to fully mature. Level 3 and beyond autonomy introduces new technology at 3 different levels: (1) component-level, which includes lidar, radar, ultrasound, camera and electric drive-train, (2) system-level, which considers new architecture, smart algorithms with close to 100 million lines of code and inter-connectivity amongst the components, and (3) ecosystem-level, which involves connectivity with external systems or entities under V2X (e.g., GPS, passenger infotainment sources, infrastructure such as traffic system, tolls, parking, etc., vehicle or component manufacturers for remote monitoring, charging infrastructure).
Considering the technology that exists today, radar lacks angular resolution and struggles with stationary objects; cameras are susceptible to extreme light conditions; ultrasound is susceptible to temperature fluctuation and wind; today’s lidar (moving mirrors vs. solid state) is susceptible to moisture and raindrops, GPS accuracy is only within a 2-meter range. You might recall hearing of a Tesla running into a tractor-trailer because the system couldn’t make out the trailer against a bright sky. Clearly, maturing component-level technology is important.
Many complex rules and key decisions need to be embedded and orchestrated efficiently via connectivity with various components at the system-level. There have been nearly 400 crashes involving vehicles with partially automated driver-assist systems in a period of one year. News reports indicate that AVs have interfered with bus and light-rail routes via unexpected stops, ill-advised turns, and other illogical actions. The same reports indicate that Cruise and Waymo vehicles have caused at least 12 reported incidents involving San Francisco’s Municipal Transport Agency between September 2022 and the beginning of March 2023.
The widespread adoption and true value realization of AVs also call for ecosystem connectivity and inter-dependencies for safe and reliable operations, but it ends up being quite a challenge as multiple enterprises come into the picture. Some of the ecosystem connectivity may introduce external linkages with a vehicle’s safety-critical components. For example, remote monitoring of vehicle systems and over-the-air-update capabilities allow manufacturers to access critical vehicle systems. External charging stations and operators of those may have access to vehicle battery parameters if the AV is also an electric vehicle (EV). Several factors can impact performance and safe operations – e.g., GPS signal unavailability, lost cellular connectivity, a cyber-attack that compromises critical vehicle safety-system parameters or causes a component/system malfunction, critical information not transmitting as intended, etc. Many of these factors have the potential to cause a major catastrophe considering the infrastructures and enterprises serve a fleet of many vehicles and not just one.
We heard about cyber-attacks involving charging stations in the UK and Russia just as EVs started to see adoption. We also saw in 2014 how researchers hijacked Jeep Cherokee’s control even with a limited external connectivity. There are numerous potential cyber-attack scenarios involving AVs due to the complex connectivity landscape within their respective ecosystems.
Many of these concerns can be supported by a number of available analogies. For example, we saw the mass adoption of Healthcare IT with Obamacare, which increased interconnectivity and involved some level of ecosystem connectivity. A study performed by the Joint Commission identified many adverse incidents from Health IT (i.e., error of commission, error of omission or transmission, errors in data analysis, incompatibility between systems, etc.); 53% of the incidents resulted in death. In our personal experiences, we have experienced outages in many critical infrastructures (i.e., cellular network, power, cable operation, etc.).
A well-shared belief is that AVs will be safer because human drivers make many mistakes that computers don’t. While driving errors and variations can be reduced with AVs, we still expect to have humans involved in commissioning, configuring, and managing AVs and the associated ecosystem -- they will be dealing with a complex system-of-systems. A human error in the technology management domain could create considerable impact as shown in the following figure.
Organizations have generally demonstrated an ability to mature technologies at the component- and system-levels. The V2X with systems-of-systems, however, brings an unprecedented level of complexity. The management of cybersecurity and interoperability over an ecosystem’s lifecycle (i) happens to be an afterthought, (ii) requires an ecosystem performance coordination, and (iii) and tends to be a talent scarcened area. Widespread AV adoption will require perfecting cybersecurity and interoperability management in addition to ensuring quality and reliability at the component-level for public safety and security.
A new framework to ensure safety should be established
Current safety frameworks require vehicles to be certified and drivers to be licensed. Drivers are also required to renew their licenses periodically. A driver is mostly held accountable in the event of an accident. We can call this a “driver-reliant” model. This model works well up to Level 2 autonomy because the driver has the ability to take full control of a vehicle.
Things get a bit more complex at Level 3, as shown in the figure below. Autonomy at level 3 and beyond represents a shift from a “driver-reliant”model to a “technology-reliant” model. Under the “technology-reliant” model, who do we hold accountable for the safe operation of an AV? Who do we hold accountable in the event of an accident? Autonomy at level 3 and beyond likely requires a new framework to ensure safety.
Just as how a vehicle is certified, the ecosystem (i.e., infrastructure, all connected services and enterprises, and inter-dependencies amongst them) involving the AV may also need to be certified. The owner of an AV may need to be required to maintain “safe” condition levels (e.g., maintenance, software-updates, etc.) where the “safe” condition parameters are clearly defined and approved by a regulatory body. Each entity in the ecosystem should be required to ensure certain performance levels over the installations’ lifecycles.
As we prepare to have AV part of our daily lives with widespread adoption, what should the risk acceptance level be? How does this risk acceptance level translate to requirements for certification of the vehicle and the ecosystem? For example, the FAA’s current acceptable level of risk for airplane operations in the National Airspace System is one-in-a-billion or less chance of injury to an individual member of the public. The FAA ensures that it meets this level through appropriate regulatory oversight.
AVs are at the peak of inflated expectations on Gartner’s Hype Cycle. GM’s Mary Barra says that Cruise could generate $50 billion in revenue each and every year by 2030; and that’s just one company! The industry cannot move fast enough to address the following key success factors:
- Technology maturity
- Aftermarket support
- Regulatory, legal and risk management framework
ResiliAnt offers an easy-to-use platform and framework for the automotive industry to manage cybersecurity in a cost-effective manner. To learn more about our platform or attend our webinars, email us at info@ResiliAnt.co.