Incident: Ford Expedition and Lincoln Navigator Recall for Precollision Assist System Failure.

Published Date: 2020-05-12

Postmortem Analysis
Timeline 1. The software failure incident with the precollision assist system in the 2020 Ford Expedition and Lincoln Navigator vehicles happened when Ford announced the recall on May 12, 2020 [Article 99779].
System 1. Precollision assist system in 2020 Ford Expedition and Lincoln Navigator vehicles [99779]
Responsible Organization 1. Incorrect coding in interface modules was responsible for causing the software failure incident in the Ford Expedition and Lincoln Navigator vehicles [Article 99779].
Impacted Organization 1. Owners of 2020 Ford Expedition and Lincoln Navigator vehicles [Article 99779]
Software Causes 1. Incorrect coding in interface modules was identified as the software cause of the failure incident in the Ford Expedition and Lincoln Navigator vehicles [99779].
Non-software Causes 1. Incorrect coding in interface modules [99779]
Impacts 1. The software failure incident in the Ford Expedition and Lincoln Navigator vehicles led to the precollision assist system becoming entirely inoperable, increasing the risk of a crash for drivers who rely on this safety feature [99779].
Preventions 1. Proper code review and testing procedures during the development phase could have potentially prevented the incorrect coding in the interface modules that led to the inoperability of the precollision assist system [99779]. 2. Implementing robust quality assurance processes to catch such coding errors before the vehicles are released to the market could have helped prevent the software failure incident [99779].
Fixes 1. Reprogramming a handful of systems including the body control module, ABS, instrument cluster, headlight control, and tire pressure monitor systems at the dealership [99779].
References 1. Documents filed with the National Highway Traffic Safety Administration [Article 99779]

Software Taxonomy of Faults

Category Option Rationale
Recurring unknown (a) The software failure incident related to the precollision assist system in Ford Expedition and Lincoln Navigator vehicles is specific to Ford. There is no mention in the article of a similar incident happening again within the same organization. (b) The article does not mention any similar incident happening at other organizations or with their products and services.
Phase (Design/Operation) design, operation (a) The software failure incident in the Ford Expedition and Lincoln Navigator vehicles was attributed to incorrect coding in interface modules, which is a design-related issue introduced during the development phase [99779]. The incorrect coding prevented owners from accessing the precollision assist system, leading to the inoperability of the system. (b) The failure of the precollision assist system in the SUVs was due to the operation aspect, as drivers were unable to enable the function even though they believed it was activated. This operation-related issue could potentially increase the risk of a crash as drivers may rely on a system that is not functioning as intended [99779].
Boundary (Internal/External) within_system (a) The software failure incident in the article is within_system. The issue with the precollision assist system in the Ford Expedition and Lincoln Navigator vehicles was attributed to incorrect coding in interface modules within the vehicles' systems, affecting the functionality of the precollision assist system [99779]. The fix for the issue involved reprogramming several internal systems within the vehicles to address the bad code, indicating that the failure originated from within the system itself.
Nature (Human/Non-human) non-human_actions (a) The software failure incident in the Ford Expedition and Lincoln Navigator vehicles was due to incorrect coding in interface modules, which is a non-human action [99779]. This incorrect coding prevented owners from accessing the precollision assist system and drivers from enabling the function, leading to the inoperability of the system. The issue affected 25,081 Expedition and Navigators, and the fix involved reprogramming several systems in the vehicles to rectify the bad code.
Dimension (Hardware/Software) hardware, software (a) The software failure incident in the Ford Expedition and Lincoln Navigator vehicles was due to incorrect coding in interface modules, which is a contributing factor originating in hardware. This issue affected the precollision assist system, making it entirely inoperable [99779].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident described in Article 99779 is non-malicious. The issue with the precollision assist system in Ford Expedition and Lincoln Navigator vehicles was attributed to incorrect coding in interface modules, which led to the system becoming entirely inoperable. Ford announced a recall to fix the issue by reprogramming several systems in the affected vehicles, indicating that the failure was not due to malicious intent but rather a technical error [99779].
Intent (Poor/Accidental Decisions) accidental_decisions (a) The software failure incident related to the Ford Expedition and Lincoln Navigator vehicles' precollision assist system was not due to poor decisions but rather incorrect coding in interface modules. The issue was specifically attributed to bad code that did not allow owners to access the precollision assist system, leading to the system being entirely inoperable [99779].
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident in the Ford Expedition and Lincoln Navigator vehicles was due to incorrect coding in interface modules, which led to the precollision assist system becoming entirely inoperable. This issue was attributed to development incompetence as the incorrect coding was a result of human error or lack of professional competence during the software development process [99779]. (b) The software failure incident was accidental in nature as it was not intentional but rather a result of the incorrect coding in the interface modules, which affected the precollision assist system in the vehicles [99779].
Duration temporary The software failure incident reported in Article 99779 is temporary. The issue with the precollision assist system in the 2020 Ford Expedition and Lincoln Navigator vehicles was caused by incorrect coding in interface modules, affecting 25,081 vehicles. Ford will be recalling the SUVs to fix the issue by reprogramming a handful of systems, including the body control module, ABS, instrument cluster, headlight control, and tire pressure monitor systems. Once the systems are reprogrammed, the problem will be resolved, indicating that the software failure is temporary and can be rectified by a software update [99779].
Behaviour crash (a) crash: The software failure incident in the article can be categorized as a crash. The precollision assist system in the Ford Expedition and Lincoln Navigator vehicles was entirely inoperable due to incorrect coding in interface modules, preventing owners from accessing the system and enabling its function. This failure resulted in the system losing its state and not performing any of its intended functions, which could increase the risk of a crash [99779].

IoT System Layer

Layer Option Rationale
Perception sensor, embedded_software (a) The software failure incident related to the Ford Expedition and Lincoln Navigator vehicles' precollision assist system was due to incorrect coding in interface modules, which affected the sensor system. The issue prevented owners from accessing the precollision assist system and drivers from enabling the function, ultimately impacting the sensor's ability to warn the driver of a possible collision and apply the brakes if needed [Article 99779].
Communication unknown The software failure incident reported in Article 99779 was related to incorrect coding in interface modules affecting the precollision assist system in Ford Expedition and Lincoln Navigator vehicles. This issue did not specifically mention failures related to the communication layer of the cyber-physical system, such as link_level or connectivity_level failures. Therefore, based on the information provided in the article, it is unknown whether the failure was related to the communication layer of the cyber-physical system that failed.
Application TRUE The software failure incident reported in Article 99779 was related to incorrect coding in interface modules, which led to an issue with the precollision assist system in Ford Expedition and Lincoln Navigator vehicles. This issue prevented owners from accessing the precollision assist system and enabling its function. The incorrect coding in the interface modules falls under the category of application layer failures as it involves bugs in the software that affected the system's functionality [99779].

Other Details

Category Option Rationale
Consequence theoretical_consequence The consequence of the software failure incident in the article is related to the potential harm caused by the malfunctioning precollision assist system in Ford Expedition and Lincoln Navigator vehicles. The article mentions that if drivers think the system is enabled when it actually isn't, the risk of a crash increases, emphasizing the importance of the system in warning the driver of a possible collision and applying the brakes if needed. However, there is no specific mention of actual incidents of harm, death, property damage, or other consequences resulting from this software failure incident. Therefore, the consequence falls under the category of "theoretical_consequence" as potential risks were discussed but not actualized [99779].
Domain transportation (a) The software failure incident reported in Article 99779 is related to the transportation industry. Specifically, it affected the precollision assist system in Ford Expedition and Lincoln Navigator vehicles, which are SUVs designed for transporting people and goods [99779].

Sources

Back to List