Vehicle Resilience for Connected and Autonomous Vehicles

      HORIBA MIRA Vehicle Resilience

      As road transport becomes increasingly shared, connected, intelligent, automated and electrified, it is entering a new age of systems engineering complexity.

      This is a seismic shift, the like of which has not been seen in the automotive industry since horses were replaced by cars in the early 1900s. It is such a fundamental shift, that companies completely unrelated to automotive, let alone transport, are now posing a very real threat to the automotive giants of the past in their quest to revolutionise the future of mobility. This level of disruption was last observed with the advent of the World Wide Web which also created a hotbed of opportunity and has since enabled and accelerated the world of ‘information technology’ that we know today.

      The speed at which vehicle startups (market disrupters) are bringing new technologies and features to market is sending shock waves through an industry that has historically been highly conservative with respect to the integration of new technologies into vehicles. Unencumbered by traditional methods, and positively embracing risk, market disrupters are making rapid progress when it comes to developing products for future mobility. The sheer scale of the technical and commercial opportunities associated with next-generation mobility are huge.

      The traditional automotive industry has a global market of 80 million vehicles per annum and with an average sale value of circa $19,000 providing an estimated value of $1.5 trillion representing some 2% of global GDP: we can see why this industry is an attractive proposition.

      However, market disrupters have a very different view, with an estimated annual global market of 10 trillion vehicle miles at an average value of $1 per mile. This provides an estimated value of $10 trillion representing some 13% of global GDP and a very different opportunity. The next $100 billion market has been somewhat elusive for investors over the last decade, and we are now seeing the emergence of an opportunity 100 times bigger. This is big business, gathering major momentum, and attracting huge investment.

      Thought provoking advertising tells us about the safety benefits of Advanced Driver-Assistance Systems and autonomy, the connectivity benefits of vehicle-to-everything communications, and the environmental benefits of electromobility; but as engineers we have to see through the glossy benefits and get to the details of what is realistically required to realise the change and bring these features to the masses with safety, security and  functionality in mind.

      It is acknowledged that embracing risk has paid dividends in the progress of human kind throughout the course of history, but we have also learnt that unknown risks can be catastrophic. It is through sacrifice and a great deal of research that we have learnt that risk-based systems engineering is currently the best-known approach to understanding and mitigating the risks associated with safety related systems.

      As the role of the driver is progressively removed from vehicle control and off-board information relating to the vehicles current environment and position becomes key, the electronic systems that replace human input will need to provide extremely high levels of dependability to ensure public acceptability of these technologies. Potential threats to dependability range from changing environmental conditions through to malicious human misuse.

      Resilience has been defined as the persistence of dependability in the face of change. Thus, the electronic systems of future vehicles, as well as the intelligent transport systems that they interact with, will need to be designed to ensure a high degree of resilience to a wide range of threats. So, the technology is close, and we are on the brink of a revolution, but is the industry ready for such a leap? For example, can some semblance of order be implemented on the non-deterministic nature of machine learning for such a complex application as automated driving?

      As the automotive industry goes through this period of unprecedented change, requirements are emerging for the evolution of advanced systems engineering methods and tools for the integration and verification of new technologies, which will transform the way the automotive industry engineers vehicles in the future. This transformation towards ‘Resilience Engineering’ is being driven by a number of key factors that directly impact the cost of developing vehicles and the threat of brand deterioration in the event of liability or quality related issues:

      • Modern vehicle complexity is growing faster than our ability to manage it using traditional and current methods and tools. This is increasing the possibility of performance shortfalls due to inadequate or missing specifications and incomplete verification coverage, highlighting the need for risk-based systems engineering and a robust Design Verification Process (DVP).
      • System design has historically emerged from pieces, with component engineering performed in isolation from the complete vehicle architecture. However, with increasing complexity and an incomplete understanding of the total system, the potential capability (and cost) requirement for developing systems that are brittle, difficult to test, complex and expensive increases significantly. This highlights the need for the system integrator to assess and pass information to suppliers to ensure that the correct design targets and verification methods are employed.
      • Technical and programmatic sides of projects can be inefficient, or poorly aligned, significantly increasing the risk of ineffective decision making. This severely hampers both technical and programmatic risk evaluation and management throughout the vehicle development life-cycle, highlighting the need for the technical and programmatic risks to be fully understood and dealt with accordingly.
      • Rising vehicle connectivity will inevitably be accompanied by increasing cyber security threats, which will constantly evolve and develop as attackers strive to overcome existing and evolving defenses and exploit unidentified vulnerabilities. This highlights the need to consider mis-use and unintended use, as well as intended use cases.
      • Most major engineering failures result from a failure to map, manage and mitigate risks appropriately. Following the Space Shuttle disasters, the Columbia Accident Investigation Board determined that the preferred approach is review by an “independent technical authority” highlighting the need for stronger technical risk-based decision making.

      The main issue facing this revolution, however, is product resilience. Safety, security, and functionality aspects all contribute to resilience. But can these aspects be measured, assessed and verified for such complex systems? Currently ISO 26262 for functional safety and SAE J3061 for cybersecurity offer the best chance of achieving the high levels of confidence required to engineer vehicles that are safer and more secure.

      Whilst changes are being implemented to tackle the issues surrounding automated driving, significant work is still required to align the standards. Even ISO 26262 Edition 2, published in December 2018, is unlikely to fully cover the requirements for automated driving functions. This is a reflection of the complexity of verifying the safe and secure operation of automated vehicles rather than any inadequacy in the standards generation process.

      It is the risk-based systems engineering processes within these standards, defining rigorous recommendations and regulations throughout the product lifecycle (from concept to decommissioning) that must be built upon to achieve the necessary resilience for shared, connected, intelligent, automated and electrified vehicles. In this way vehicle resilience services support a unified risk-based system engineering approach to boost the development of future vehicles that are highly resilient to environmental and criminal threats, thus ensuring acceptable levels of functional safety, safety of the intended functionality, cybersecurity, connectivity and mission-critical functionality.

      With the growing and evolving risks to vehicle safety, security and functionality, it is suggested that risk-based systems engineering delivers the highest standards of vehicle resilience through an agile, rigorous and uniquely unified approach to the integration of complex technology for the protection of brand, consumers and user experience.

         

      This article was written by HORIBA MIRA’s Anthony Martin (Head of Vehicle Resilience Technologies) and Alastair Ruddle (Vehicle Resilience Chief Scientist) and submitted to FISITA to form part of the FISITA Vehicle Connectivity Briefing Paper. The paper summarises the research and experience of vehicle connectivity experts and covers strategy and policy, communication and standards, and applications and infrastructure.