The safety and security of CAVs
Historically involved with traditional automotive powertrains and technologies, Ricardo is now embracing connected and autonomous vehicles.
With the theme of the 2017 ITS World Congress—held in Montreal, Canada, late last year—being next-generation integrated mobility, there were plenty of new ideas presented on how to improve city driving and discussions about how smart cities of the future will operate. One of the companies involved in the event was Ricardo, which presented and discussed some of its latest thoughts and projects surrounding automated vehicle system design and homologation for safety.
The UK-headquartered company has written two papers focusing on how connected and automated vehicles (CAVs) can improve efficiency and convenience of road and vehicle use, while also reducing accidents. In the paper “Safety homologation process for connected automated vehicles,” Ricardo researchers state that that, while CAVs hold the prospect of delivering such commercial and societal benefits, they will bring new forms of risk too. The other paper, “New safety & security methods required for connected automated vehicle development,” describes how the new functionalities provided by high connectivity and automation make CAVs technologically distinct from conventional vehicles.
“One of the main advantages of CAVs is that they will improve safety, but one of the questions everyone is asking is ‘how safe is safe?’” said Eric Chan, Global Technical Expert on Connected and Automated Vehicles at Ricardo. “There are many answers to that question, one of which being that a vehicle needs to be safe for human drivers. From that point, we have to look at how safe human drivers are.”
One set of statistics from the UK states that, in passenger cars, there are two fatalities for every billion miles travelled. Chan argues that those figures would indicate that the roads are quiet safe. However by looking at the bigger picture, a more realistic conclusion can be drawn—one that doesn’t install the confidence needed in the end users.
How safe is safe? Cybersecurity is essential to prevent interference with vehicles.
“We ask ourselves how we can be sure the product we put out there is safe enough, and the simplistic answer is that you have to drive it for billions of miles, which is not feasible,” said Chan. “It is better to adopt a scenario-based approach and ask what scenarios a system has to deal with during that level of mileage.”
This scenario-based work is at the heart of a lot of Ricardo projects, according to Chan, as it gives the development engineers the opportunity to identify real situations and decide which ones can be evaluated with physical testing and which can be done in a virtual environment. There are also structured engineering processes that are employed during development that apply to functional safety and cybersecurity, so it is essentially analyzing the system in a methodical and analytical way, starting from the point of asking what the system has to do and what it could encounter.
“We’ve been using this approach on the safety side for many years for other systems so it is merely a matter of applying it to CAV technologies,” Chan confirmed.
There is an important difference between the safety side and the cybersecurity side, said Chan: “When you are looking at the safety of such systems, your analysis is based on historical experience of how these systems behave and what failures can happen. Once you have signed the whole system off and it goes into production things don’t change that much.”
But, with cybersecurity, things are more about how malicious elements may want to exploit vulnerabilities in your system, explained the Ricardo expert: “At the start of production, these elements are deployed over several years and people have access to different tools and data, and they can exploit different elements of it. That is one reason why, after start of production, a lot of the cybersecurity work is completed, but not so much for safety.”
Ricardo’s safety homologation paper presents a common process for driverless transport systems—everything from driverless public transport onto public road to automated cargo carriers on a dedicated track. The paper goes on to argue that, as the safety case is at least partially subjective, a separate third party should be assigned to assess the documentation independently.
The F 015 concept from Mercedes-Benz debuted advanced safety features for autonomous vehicles in 2015.
The security paper proposes a different approach to traditional vehicles to enable a more robust and successful development. The paper sets out what needs to be considered at each step of the vehicle and ecosystem development cycle to assess and mitigate risks and validate and assure safety and security of CAVs during their complete lifecycles.
Chan says that, while elements of the finished products have been signed of, it may be some time before full systems feature on automotive applications. Much of it is project-dependent and is only now being used in the development of demonstrator vehicles, he confirmed.