INTRODUCTION
Connected and autonomous vehicles have long been hailed as the answer to safe transport. Around 1.25 million people die in road traffic accidents worldwide each year according to E&T– and driver error accounts for over 90 per cent of those deaths[1]. In theory, the removal of the driver as the lead decision maker for vehicle control should reduce this number, with the SMMT estimating that 2,500 lives will be saved between 2014 and 20302 through the introduction of autonomous vehicles. It is imperative however, that the industry ensures that the control technology underpinning the revolution remains safe, secure and functional as autonomous vehicle development progresses.
Artificial Intelligence (AI) technologies, which utilise machine learning, are at the heart of vehicle automation. There have been significant strides in the development of the basic algorithms used in machine learning in addition to an increase in the amount of quality data available. Infra-red sensors, Light Detection And Ranging (LiDAR) systems, 360° vision systems, wireless connectivity and many more data sources all combine to provide machine learning algorithms with a wealth of rich information from which to learn, optimise and grow. It is now widely acknowledged that autonomous vehicles offer the application that AI has been waiting for, and that the introduction of autonomous vehicles will be sooner than we think.
Wireless technologies and the associated benefits that they bring are an ever-increasing and indispensable part of modern society. Services such as Digital Radio and TV (DAB and DVB-T), GSM, 3G, 4G, Wi-Fi and Bluetooth are now commonplace in most executive and prestige vehicles. With demand increasing and implementation costs reducing, these technologies are becoming available across the majority of vehicles offered by manufacturers. For example, Bluetooth is common in all but the most basic entry level vehicles, and DAB and DVB-T are optional on most mid-range vehicles. Integrated GSM, 3G, 4G, 5G and Wi-Fi technologies will be available in the next wave of models from the major high-end vehicle manufacturers, and along with Intelligent Transport Systems (ITS), are set to deliver the much awaited ‘connected car’ and the connectivity backbone for autonomous vehicles.
For engineers though, who must look through the glossy benefits and get to the nuts and bolts of what is required to realise the change, a thorough understanding of the safety, security and functionality risks of each vehicle feature will be essential in ensuring that connected and autonomous technologies are resilient. These elements of the engineering process are inextricably linked, creating a web of intertwined and hidden risks. Security and safety systems must remain functional, whilst safety systems and functional systems must remain secure from cyber threats.
Standards form a key role in the engineering process, with ISO 26262 for functional safety and SAE J3061 for cyber security representing the state of the art for achieving high levels of system confidence. Whilst changes are being implemented to tackle the issues surrounding connectivity and autonomy and significant work is undertaken to align the standards, even ISO 26262 Edition[2] scheduled for release in 2018 is unlikely to fully cover the requirements for autonomous vehicles. This is a reflection of the complexity of verifying the safe and secure operation of connected and autonomous vehicles rather than any inadequacy in the standards generation process.
It is the engineering processes within these standards, defining rigorous recommendations and regulations (throughout the product lifecycle from concept to decommissioning), that must be built upon to fully realise resilience for autonomous systems. For example, at the core of HORIBA MIRA’s resilience services is a risk-driven approach for determining the requirements needed to achieve acceptable levels of safety, security and functionality and the fundamental processes required to verify that those levels have been achieved.
FUNCTIONAL PERFORMANCE
In order for connected and autonomous vehicles to function properly, we must ensure acceptable levels of performance for critical functions, such as braking, steering and acceleration. Key to this is the connected technology backbone; the broadcast systems and wireless links that enable connected vehicles to ‘talk’ to each other and to surrounding infrastructure. Data transmitted and received by vehicles will rise significantly, with vehicles using GSM, 3G, 4G, Wi-Fi, Bluetooth, vehicle to vehicle / infrastructure communication, and other data links and broadcast technologies.
Vehicle connectivity is improving, but not quickly enough for customers. According to J.D. Power’s 2016 Vehicle Dependability Study, the number of problems with infotainment, navigation and in-vehicle communication systems—collectively known as audio, communication, entertainment and navigation or ACEN—has increased and now accounts for 20% of all customer-reported problems.[3]
For vehicle manufacturers, this poses a big issue as many customers will rate the quality of the entire electrical system in their vehicles based on the reception and connectivity experience that the vehicle delivers. Currently for mainstream vehicles, radio reception is the key tell-tale, but for high-end vehicles, this will extend to TV reception and interference. However, in the future customers will be armed with an increased number of diagnostic tools including data link corruption or dropouts which will exhibit themselves as dropped phone calls, poor Wi-Fi reception or slow data rates. These will all form the tell-tale signs of electromagnetic interference issues or poor system / antenna performance. The irony is that the number of noise sources fitted to vehicles, and their proximity to sensitive antenna systems due to space constraints, are both causing an increased risk of electromagnetic issues and at the same time the means by which customers can perceive issues.
The risk of poor performance can lead to impact on the customer, such as the inability to make a phone call via the infotainment system, as well as warranty issues which lead to lengthy debates between customer, OEM and dealership. However issues will also reduce the effectiveness of vehicle features reliant on connectivity, some of which will be part of the vehicle control strategy. OEMs are acutely aware of these issues but are reliant on costly and time consuming subjective surveys to progress design development and gather data on connectivity performance issues meaning that signing off performance confidently is a challenge.
OEMs therefore require quantitative targets and meaningful performance measures for vehicle development. To meet these requirements for robust and accurate reception and connectivity assessment methods, a number of factors must be considered including; antenna performance, the level of wanted signal received by the vehicle when moving and the unwanted interference levels from the vehicle. All of these factors must be combined such that they reflect ‘real world performance’, accurately simulating the vehicle occupant’s experience to ensure that reception issues are identified and rated.
Connectivity is a key enabler in the future of mobility, and performance is crucial to feature functionality. Bottlenecks in connectivity must be avoided and data throughput must be maximised.
There are also many challenges ahead for electromagnetic testing of autonomous features, most of which surround the issue of system complexity. As functions are combined for co-pilot or auto-pilot features, system complexity grows rapidly. This in turn means that each system function is linked to multiple inputs from other vehicle systems. With this web of interconnectivity comes fragility, meaning fault modes are more likely. As such, test complexity increases due to the increase in stimuli for operational test modes. Efficient electromagnetic testing of autonomous features involves immersive situational testing, delivering services that use more diagnostic information, real-time vehicle data analysis, moving targets and a number of other actuator and simulator systems.
SAFETY
Traditionally, safety has been considered to include active safety, such as anti-lock braking systems, blind spot information systems and lane departure warning systems, as well as passive safety, including seat belts and airbags. However, with connectivity, electrification and automation, safety has to be considered in a completely new light. First and foremost, new technologies mean engineers are having to get to grips with new systems and tools which come with their own safety considerations. Secondly, new hazards are being created as a result of these new technologies. This includes exposure to electromagnetic energy and hazardous levels of electrical energy, potentially causing health-related issues, as well as thermal runaway, leading to thermal events such as the release of chemicals.
System failures are another potential cause of hazards and can be caused by random hardware faults or systematic faults such as software defects. Widespread application of electronic systems in vehicles means it is especially important that safety risks are managed throughout product development. The ever increasing complexity of vehicle technology requires a co-ordinated approach to safety and functionality, and that the safety of security systems and the security of safety systems must be considered together. Only by undertaking co-ordinated, pragmatic and ‘goal based’ programmes can robust engineering solutions be delivered while avoiding unnecessary development rework, verification and validation activities.
SECURITY
Increasing autonomy and connectivity has exposed us to the potential of greater levels of malicious activity in the form of cyberattacks. There are many potential threats that we face, including traditional vehicle theft, owners enhancing the performance of their own car, identity theft or unauthorised remote access to vehicle functions. Each of these threats can have a variety of different consequences, including the financial, privacy and operational impacts typically associated with the information security domain, as well as potential impacts upon safety and functionality.
In order to address these threats, we must use a risk-driven security engineering approach, through which appropriate security measures can be specified, designed and implemented. Effective verification and validation is required to evaluate whether the actual level of security is as designed, and whether it is effective at preventing the relevant attacks. This involves various review, analysis and testing activities which take several forms, including verification of correct functional behaviour, proper implementation of security mechanisms, vulnerability analysis and penetration testing to confirm the effectiveness of those mechanisms.
Due to the diverse nature of the automotive supply chain, it is essential to perform this verification for individual hardware and software components, complete embedded systems and at vehicle level, to ensure that all elements are properly integrated.
It is clear that there are still challenges on the horizon yet to be fully addressed, but with a coordinated approach to safety, security and functionality, we will be able to better map, manage and mitigate the risks for connected and autonomous vehicles.
REFERENCES
[1] https://www.gov.uk/government/uploads/system/uploads/ attachment_data/file/401562/pathway-driverless-carssummary.pdf
[2] https://www.smmt.co.uk/wp-content/uploads/sites/2/SMMTCAV-position-paper-final.pdf
[3] http://www.jdpower.com/press-releases/2016-us-vehicledependability-study-vds
