Navigant Research Blog

Automakers Doing More Rigorous Safety Analysis for Vehicle Automation

— November 23, 2016

Connected VehiclesBack in September 2014 as the ITS World Congress gathered in Detroit, General Motors (GM) CEO Mary Barra announced that in 2016, a new Cadillac model would become available with the semi-autonomous Super Cruise system. With only a handful of weeks left in 2016, we now know that the Super Cruise will debut on Cadillac’s flagship CT6 sedan, but it won’t be arriving until sometime in 2017.

A lot has happened since that announcement, and GM has put a much greater emphasis on ensuring safety as a result of the massive ignition switch recall that began early in 2014. Those process changes have led to some significant upgrades to Super Cruise in an effort to avoid the issues caused by human interactions with Tesla’s similar AutoPilot driver assist system. Navigant Research’s Autonomous Vehicles report projects that by 2020, approximately 13 million vehicles with these so-called Level 2 automation systems will be sold annually.

Geofencing

In the process of evaluating the safety of Super Cruise, one of the key differences that GM has implemented is geofencing. Since Super Cruise is designed primarily as an advanced highway driving assist system for use on limited access roadways, GM is not relying on customers to understand where it does and does not function. Instead, the system will check the navigation map—if the vehicle isn’t on a suitable road, the driver will not be able to activate it. In contrast, Tesla’s operating instructions state that AutoPilot should only be used on divided, limited access roads, but there is nothing in the system to actively prevent a driver from using the system in an urban area or any other roadway that it’s not designed for.

Similarly, Tesla doesn’t really take measures to prevent operators from taking their attention away from the road. Countless videos have been posted by Tesla drivers as they take a nap, read, or even climb in the back seat while using AutoPilot. The research conducted by Bryan Reimer and the Advanced Vehicle Technology Consortium at the Massachusetts Institute of Technology reinforces the idea that even informed drivers will get distracted while using systems like AutoPilot or Volvo’s Pilot Assist.

Improving Safety

Cadillac is installing an active driver monitoring system in the CT6, which will include more prominent alerts if the operator does not remain engaged while using Super Cruise. If the driver does not respond, the car will pull to the side of the road and come to a safe stop.

GM safety engineers have also addressed the issue of the inevitable mechanical failure. When fully autonomous vehicles arrive, they will require systems that can maintain control during a failure mode until the vehicle is safely stopped. One of the key safety failure modes for a system like Super Cruise is the electrically assisted steering.

One of the optional features on the currently available CT6 without Super Cruise is the Active Chassis Package, which includes a rear-wheel steering system to aid low-speed maneuverability and high-speed stability. This rear steering system will be included on the CT6 with Super Cruise. While the rear steering is not designed to provide the same full maneuvering capability of the normal front steering, it will be sufficient to safely steer the car to the side of the road in the event of a front steering failure.

We won’t have an opportunity to fully evaluate the capabilities of Super Cruise until sometime next year, but it does inspire some confidence that GM is at least thinking about and trying to address both human and mechanical failure modes before putting the system into customer hands.

 

Cyber Security Is Imperative Before Deploying Autonomous Vehicles

— September 1, 2016

Connected VehiclesAugust 2016 brought a flurry of autonomous driving announcements from Delphi, nuTonomy, Ford, Velodyne, Volvo, Uber, Quanergy, and others. News about developments and deployment plans for self-driving vehicles came almost daily. A common thread was that the vehicles will be used as part of autonomous mobility on-demand (AMOD) services that require connectivity in addition to onboard sensing to function. However, something equally (if not more) important to implement before deploying any of these vehicles is beefing up the cyber security.

As the automotive world has raced over the last few years to transform itself into a mobility business, cyber security experts of both the white and black hat variety have also been advancing their own capabilities. In parallel with that, we’ve seen the launch of numerous startups focused on securing increasingly sophisticated vehicles from bad actors, including several based in Israel. Among them are Karamba Security, Argus Cyber Security, and TowerSec.

Hardened Telematics

With external connection points through telematics being the obvious starting point for any malicious attacker trying to infiltrate a vehicle, that’s also the first surface that needs to be hardened. “To provide protection, we have to think like hackers,” said David Barzilai, chairman and co-founder of Karamba. “There are two primary ways to hack a system like this, dropping malicious binary code into the electronic control unit [ECU] or in-memory attacks while the system is running.”

The so-called code-dropper approach involves rewriting some of the code that resides in the flash storage of an ECU with malicious code designed to do something never intended by the manufacturer. Karamba has devised an approach to prevent this that is very straightforward for the software engineers at an automaker to implement without having to change any of their own code.

When building binary files that ultimately get loaded into the ECU, the scripts include calls to the Karamba system to automatically include some of that company’s code. Karamba generates hashes (an encrypted alphanumeric string that uniquely represents the contents of a file) of all the factory binary files which are included. If someone tries to reprogram an ECU with a binary that doesn’t match the hash, it will be rejected.

In-Memory Attacks

Even if the original programming remains intact, in-memory attacks remain the most common attack vector. Control instructions and data get moved from the static flash storage to dynamic memory in order to run in real time. If an attacker manages to inject deliberately corrupted data into a memory address, it is possible to send the control flow off to an instruction never intended by the designers of the system. This is the sort of attack that can enable someone connecting through a vehicle’s telematics system to take control of safety-critical systems like the throttle, brakes, or steering.

Some security providers use heuristic analysis to look for anomalous behavior in real time and stop the activity. This approach creates rules with weighting and probability to detect anomalies based on previously unknown attacks and is utilized by most computer anti-malware programs. Since the in-vehicle electronics should never be running random unknown programs like a computer or smartphone, Karamba has taken a deterministic approach. During the software build, they analyze and map every possible instruction control flow. In the vehicle, any instruction call that doesn’t match the flow map immediately gets discarded, an approach that should not result in any false positives.

Navigant Research’s Autonomous Vehicles report projects that nearly 5 million autonomous vehicles will be sold in 2025, growing to more than 40 million in 2030. Harnessing the safety benefits of this technology requires every vehicle to be secure and resilient against cyber attacks.

 

Ford Sets a Date for Its Autonomous Vehicle Future

— August 19, 2016

Connected VehiclesOn August 16, Ford held a press conference to announce its plan to launch a fully autonomous vehicle in 2021. Even though the response at the live event was strangely unenthusiastic, there were a number of points that were important for the future of autonomous vehicles and the automotive industry in general.

The headline news was that in 2021, Ford intends to launch a Level 4 (SAE Standard J3016) fully autonomous vehicle. To clarify the nature of the car, CEO Mark Fields made it clear that it would not have a steering wheel or control pedals, even though last year Ford said it had no plans to sell wheeled pods in which people are merely along for the ride.

The company also said that it would be several years after 2021 before individuals can buy it; it is aimed at carsharing and ridesharing fleet operators. Ford Smart Mobility LLC may become one of the first customers. Ford and GM are already piloting their own systems on shuttles for their employees, as noted in a blog earlier this year by my colleague Sam Abuelsamid.

Skipping a Step

Ford also said it would continue to develop and improve its driver assistance features up to Level 2 (partial automation), but it would not be introducing any vehicles with Level 3 (conditional automation) because company researchers had concluded that there was no safe way to ensure that drivers would remain alert enough to resume control in an emergency after an extended period of automated driving. Ford vehicles in the future will either have a range of assistance features or be driverless.

This is a change from the gradual automation theme that has prevailed in the industry until now, although Ford has been saying for the past year that it doesn’t believe that Level 3 is viable. Solving the Level 3 handover issue has been an important topic at recent technical conferences, and Ford has now confirmed its position. While most other OEMs have been working on Level 3, many are now coming around to the idea that the Level 2 to 4 jump is inevitable.

Although convenience and mobility were the focus of the announcement, Ford also acknowledged that safety is a big part of the reason to promote more driver assistance and eventually fully autonomous vehicles. Providing mobility to those without access today, such as the elderly and infirm, was another of the high-level goals. There are also potential opportunities in local package delivery.

Future Investments

Also included in the press announcement were investments in a series of companies providing key pieces of the future autonomous vehicle:

  • Velodyne: A supplier of lidar sensors
  • SAIPS: An Israel-based computer vision and machine learning company
  • Nirenberg Neuroscience: A machine vision platform for performing navigation and object recognition
  • Civil Maps: A provider of high-resolution 3D mapping capabilities

However, Ford made it clear that it was not interested in simply installing autonomous driving software developed elsewhere. It sees its future as a system integrator and will keep most of the development and integration roles in-house.

When asked about powertrain for this new vehicle, Ford said that it would leverage one of its global platforms, but would not confirm whether it would be all-electric or not. The company noted that it has experience with hybrid drive as well as electric and the powertrain has not yet been chosen.

Ford intends to expand from being primarily a vehicle manufacturer to become a mobility company and has drafted a timeline for this shift. This aligns with Navigant Research’s Transportation Outlook white paper that was published in early 2016, and the timing validates the forecasts in our Autonomous Vehicle reports. It will be interesting to see how other OEMs react.

 

Progress on Automotive Cyber Security, but Still Much to Do

— August 8, 2016

CarsharingWhen I joined Navigant Research two years ago, I sat down on my first day and wrote a post on this blog about automotive cyber security. At that point, most of the industry was still largely refusing to acknowledge that cyber security was even something to be concerned about. Things have changed quite dramatically since then, but there is still a long way to go, as recent news shows.

All of the major automakers except for Tesla have come together to establish the Automotive Information Sharing and Analysis Center (Auto-ISAC). Like ISACs in other industries, the Auto-ISAC provides a mechanism for manufacturers to share non-competitive information about security threats and collaborate on understanding and correcting these vulnerabilities. Since the Auto-ISAC started operations at the end of 2015, it has also begun to add suppliers to its member ranks.

Developing Best Practices

At the recent Billington Automotive Cybersecurity summit in Detroit, the Auto-ISAC announced the development of a set of cyber security best practices for the industry. Industry executives and regulators—including General Motors CEO Mary Barra, National Highway Traffic Safety Administration director Mark Rosekind, and Secretary of Transportation Anthony Foxx—discussed the importance of designing for cyber security and what is being done to address threats.

In August of 2014, Tesla was taking the lead on hiring white hat hackers to work on security from inside, and other companies are now doing the same. Tesla, GM, and Fiat Chrysler Automobiles have all established responsible disclosure programs that provide a means for researchers to submit information about vulnerabilities they have discovered.

A pair of Silicon Valley startups, HackerOne and Bugcrowd, have developed platforms for submission and vetting of vulnerability disclosures that are used by these automakers as well as dozens of other technology companies. Bugcrowd has also developed a reputation system for researchers that submit vulnerability information and works with client companies to select groups of white hat hackers to conduct pre-release testing on new products.

Numerous startups including Karamba Security, Argus Cyber Security, and TowerSec have popped up in recent years to develop both hardware and software solutions to help detect and stop intrusions from malicious attackers. Since everyone familiar with cyber security acknowledges that no complex system can ever be guaranteed as secure, manufacturers are also working on resilience to keep vehicles safe in the event of an attack and be able to update them quickly after vulnerabilities are found.

Navigant Research’s Automotive Cyber Security report projects that by 2025, more than 45 million vehicles annually will have telematics capabilities that enable over-the-air software updates, just as Tesla does today on its vehicles.

Vulnerabilities Continue

Despite the progress, recent news shows that there is still much work to be done on existing vehicles. In Houston, Texas, a pair of car thieves have been arrested after stealing 30 Jeeps in 6 months by hacking the vehicles’ ignition systems with a computer. Charlie Miller and Chris Valasek have again hacked a vehicle, taking control of the steering and brakes. After FCA corrected the vulnerability that enabled last year’s remote hack, they connected a computer through the onboard diagnostic port this time.

Yet another group of researchers have even demonstrated how a signal generator could be used to provide false reflections and fool the radar sensor of a Tesla with its AutoPilot driver assist active.

There will be undoubtedly be many more such demonstrations in the coming years as vehicles get more sensors, more connectivity, and more automation. From here on out, the industry can no longer afford to relax and will have to remain vigilant and ready to respond quickly to threats. Fortunately, they seem to be doing just that.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author


{"userID":"","pageName":"Fuel Efficiency and Emerging Technologies","path":"\/tag\/fuel-ffficiency-and-emerging-technologies?page=2","date":"5\/24\/2018"}