Incident: Ford Focus Recall Due to Powertrain Control Module Software Issue

Published Date: 2019-07-09

Postmortem Analysis
Timeline 1. The software failure incident with Ford Focus vehicles happened when the vehicles in the new recall did not receive the intended software update to the powertrain control module [86973]. 2. The article was published on 2019-07-09. 3. Estimation: The incident likely occurred around the time when the vehicles in the new recall were supposed to receive the software update but did not. Based on the publication date of the article (2019-07-09), the software failure incident likely occurred in early to mid-2019.
System 1. Powertrain control module in certain Ford Focus vehicles [86973]
Responsible Organization 1. The powertrain control module in the Ford Focus vehicles was responsible for causing the software failure incident [86973].
Impacted Organization 1. Owners of certain Ford Focus vehicles [86973]
Software Causes 1. The software cause of the failure incident was the powertrain control module not receiving the intended software update, leading to malfunctioning in detecting a stuck-open valve in the canister purge valve [86973].
Non-software Causes 1. The problem stemmed from the car's canister purge valve in the fuel system that might have stuck open, potentially causing excessive vacuum and deforming the fuel tank, leading to fuel gauge issues or vehicle stalling [86973].
Impacts 1. The software failure incident led to a malfunction in the powertrain control module, which could have caused excessive vacuum and potentially deformed the fuel tank, leading to issues with the fuel gauge or stalling of the vehicle [86973].
Preventions 1. Implementing a more robust quality control process during the initial recall to ensure that all affected vehicles receive the necessary software update [86973].
Fixes 1. Dealers will accept the double-recalled vehicles and apply the correct software calibration to the powertrain control module. Technicians will also inspect and replace the carbon canister, fuel tank, and fuel delivery module as required [86973].
References 1. Ford's official announcement [86973]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident related to the Ford Focus vehicles not receiving the intended software update to the powertrain control module has happened again within the same organization, Ford. This incident led to a second recall for about 58,000 examples of certain Ford Focus vehicles [86973]. The issue was supposed to be remedied in a previous recall but a smaller subset of vehicles did not receive the proper update, leading to the need for a second recall. (b) There is no information in the provided article about the software failure incident happening again at multiple organizations or with their products and services.
Phase (Design/Operation) design (a) The software failure incident in the Ford Focus recall was related to the design phase. The issue stemmed from the car's canister purge valve malfunctioning, which was part of the fuel system. The powertrain control module responsible for detecting a stuck-open valve may have malfunctioned, leading to potential problems with the fuel tank and fuel gauge. The specific subset of vehicles affected did not receive the intended software update to the powertrain control module, indicating a failure in the system development or update process [86973]. (b) The software failure incident was not directly attributed to the operation phase or misuse of the system in the articles provided.
Boundary (Internal/External) within_system (a) within_system: The software failure incident in this case was within the system. The issue originated from the powertrain control module not receiving the intended software update, leading to potential malfunctions related to the canister purge valve and the fuel system in the recalled Ford Focus vehicles [86973].
Nature (Human/Non-human) non-human_actions (a) The software failure incident in the Ford Focus recall was due to non-human actions. The issue stemmed from the car's canister purge valve malfunctioning and the powertrain control module not receiving the intended software update, leading to potential problems with the fuel system and fuel gauge [86973].
Dimension (Hardware/Software) hardware, software (a) The software failure incident in the Ford Focus recall was related to hardware issues. The problem originated from the car's canister purge valve in the fuel system, which might have stuck open. Additionally, the powertrain control module responsible for detecting a stuck-open valve may have malfunctioned. This combination of hardware issues could lead to excessive vacuum deforming the fuel tank, causing fuel gauge malfunctions or vehicle stalling [86973]. (b) The software failure incident in the Ford Focus recall was due to a subset of vehicles not receiving the intended software update to the powertrain control module. This lack of software update was the reason for the second recall issued by Ford to address the issue [86973].
Objective (Malicious/Non-malicious) non-malicious (a) The articles do not mention any malicious intent related to the software failure incident. The failure was due to a subset of vehicles not receiving the intended software update to the powertrain control module, leading to issues with the canister purge valve and fuel system [86973]. (b) The software failure incident was non-malicious, as it was a result of a technical oversight or error in the software update process rather than any intentional harm to the system.
Intent (Poor/Accidental Decisions) unknown The intent of the software failure incident in the Ford recall was not explicitly mentioned in the provided article. Therefore, it is unknown whether the failure was due to poor decisions or accidental decisions.
Capability (Incompetence/Accidental) accidental (a) The software failure incident in the Ford Focus recall was not explicitly attributed to development incompetence. The article mentions that the vehicles in the new recall did not receive the intended software update to the powertrain control module, but it does not specify the reason behind this oversight [86973]. (b) The software failure incident in the Ford Focus recall seems to be more aligned with an accidental failure. The article states that the problem stemmed from the car's canister purge valve and that the powertrain control module may have malfunctioned in detecting a stuck-open valve, leading to potential issues with the fuel tank and fuel gauge. The fact that a subset of vehicles did not receive the proper software update suggests an accidental oversight rather than intentional incompetence [86973].
Duration temporary The software failure incident described in the article is more aligned with a temporary failure. The article mentions that a specific subset of vehicles did not receive the intended software update to the powertrain control module, leading to the need for a second recall [86973]. This indicates that the failure was temporary and limited to those vehicles that missed the software update, rather than being a permanent issue affecting all vehicles.
Behaviour omission, value, other (a) crash: The software failure incident in the Ford Focus vehicles was not described as a crash where the system loses state and does not perform any of its intended functions [86973]. (b) omission: The software failure incident in the Ford Focus vehicles can be categorized as an omission, as the specific subset of vehicles did not receive the intended software update to the powertrain control module, leading to the need for a second recall to address this omission [86973]. (c) timing: The software failure incident in the Ford Focus vehicles was not related to timing issues where the system performs its intended functions but at the wrong time [86973]. (d) value: The software failure incident in the Ford Focus vehicles can be categorized as a value issue, as the powertrain control module may have malfunctioned, leading to excessive vacuum that could deform the fuel tank, causing issues with the fuel gauge or stalling the vehicle [86973]. (e) byzantine: The software failure incident in the Ford Focus vehicles was not described as a byzantine failure where the system behaves erroneously with inconsistent responses and interactions [86973]. (f) other: The software failure incident in the Ford Focus vehicles can be categorized as a flaw in the software update process, where a subset of vehicles did not receive the necessary software update, leading to potential fuel system issues [86973].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence unknown (a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The articles do not mention any consequences related to death, harm, basic needs, property damage, or non-human entities resulting from the software failure incident. The primary consequence discussed is related to the malfunction in the fuel system of the Ford Focus vehicles, leading to issues with the fuel gauge or potential stalling of the vehicle. The recall was issued to address these issues, and the fix involves applying the correct software calibration to the powertrain control module and inspecting/replacing components as necessary. The articles do not mention any severe consequences beyond the potential vehicle issues caused by the software failure.
Domain transportation (a) The failed system in the article is related to the transportation industry. The software failure incident involved certain Ford Focus vehicles not receiving the intended software update to the powertrain control module, which is crucial for the proper functioning of the vehicles [86973].

Sources

Back to List