Published Date: 2021-07-15
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident related to the Chevrolet Bolt EV battery fires occurred in March 2019 [Article 118715]. 2. The incident was reported 18 months before August 2020, when General Motors opened a formal investigation on Bolt fires [Article 118715]. 3. Therefore, the software failure incident happened around September 2017. |
| System | 1. Battery modules in Chevrolet Bolt EVs [117289, 119533, 120494, 119523, 118715, 118275] |
| Responsible Organization | 1. General Motors [117289, 119533, 120494, 119523, 118715, 118275] 2. National Highway Traffic Safety Administration [117289, 119533, 119523, 118715] |
| Impacted Organization | 1. Owners of the 2017 to 2019 Chevrolet Bolt EVs [117289, 119533, 120494] 2. General Motors (GM) [117289, 119533, 120494] 3. National Highway Traffic Safety Administration [117289, 119533, 118715] |
| Software Causes | 1. The failure incident was caused by a manufacturing defect in the battery packs that could lead to a fire when fully charged, and General Motors developed software to restrict the state of charge to 90% to mitigate the risk [117289, 119533]. 2. General Motors issued diagnostic software to identify the issue before it manifested itself so repairs to the packs could be made, but even after the repairs, fires occurred in some vehicles [117289, 119533]. 3. The root cause of the battery fires in certain Chevrolet Bolt EVs was identified as the simultaneous presence of two rare manufacturing defects in the same battery cell [120494]. 4. The software update installed in the vehicles as part of the recall limited the battery charge to 90% to reduce the risk of fire when charged to full or very close to full capacity [118715]. |
| Non-software Causes | 1. Manufacturing defects in battery cells, including a short-circuit if an anode tab is torn and if a separator between battery cells becomes folded [120494]. 2. Rare manufacturing defects in the battery cells, specifically the simultaneous presence of two rare manufacturing defects in the same battery cell [120494]. 3. Defective battery modules in the Chevrolet Bolt electric cars [120494]. 4. Battery-related fires due to potentially defective batteries in the Chevrolet Bolt electric cars [118715]. 5. Risk of fire in batteries made at LG Chem's Korea plant [118715]. |
| Impacts | 1. The software failure incident in Chevrolet Bolt EVs led to fires in some vehicles, prompting General Motors to issue recalls and advise owners to park their cars outside after charging and avoid charging them overnight to mitigate the risk of fire [117289, 119533, 120494, 119523]. 2. The incident resulted in General Motors recalling nearly 51,000 Chevrolet electric cars in the United States due to battery modules at risk of catching fire, affecting models from 2017 to 2019 [119533]. 3. The software failure incident expanded to cover all 141,000 Chevrolet Bolts produced by GM, including models from 2017 to 2022, leading to a significant financial impact on GM with costs exceeding $1 billion for the recalls [120494]. 4. Owners of affected Chevrolet Bolts were advised to limit the battery charge to 90%, park their vehicles outside after charging, and avoid leaving them charging overnight until the defective battery modules could be replaced, causing inconvenience and potential safety concerns for the owners [118275]. 5. The software failure incident highlighted the challenges faced by automakers in managing high-voltage battery systems in electric vehicles, emphasizing the importance of safety measures and proactive recalls to address potential risks of fire [118715]. |
| Preventions | 1. Implementing software updates or patches to address identified defects in the battery management system could have prevented the software failure incident [117289, 119533, 120494]. 2. Conducting thorough diagnostic procedures and replacing faulty battery modules as part of the recall process could have prevented the software failure incident [118715]. 3. Limiting the battery charge to 90% through software restrictions could have prevented the software failure incident [118715]. 4. Providing clear instructions to owners on how to set their vehicle to a 90% state of charge limitation using Target Charge Level mode could have prevented the software failure incident [118275]. |
| Fixes | 1. General Motors developed software to restrict the state of charge to 90% in affected Chevrolet Bolt EVs to mitigate the risk of fire incidents [117289]. 2. General Motors planned to replace defective battery modules in the recalled Chevrolet Bolt EVs to address the manufacturing defects causing the fire risk [119533]. 3. General Motors issued a software update that limits the battery charge to 90% as an interim remedy in the initial recall of 2017-2019 Bolt models [118715]. 4. General Motors advised owners of affected Bolt EVs to set their vehicles to a 90% state of charge limitation and charge their vehicles more frequently to reduce the risk of fire incidents [118275]. | References | 1. General Motors (GM) [117289, 119533, 120494, 119523, 118715, 118275] 2. National Highway Traffic Safety Administration [117289, 119533, 120494, 119523, 118715, 118275] 3. Chevrolet Bolt EV [117289, 119533, 120494, 119523, 118715, 118275] 4. LG Chem [119533, 120494, 118715] 5. Vermont State Rep. Tim Briglin [117289, 119523] 6. CNBC [119523] 7. Reuters [118715] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization | (a) The software failure incident having happened again at one_organization: - General Motors experienced a software failure incident related to battery fires in Chevrolet Bolt EVs. The incident occurred multiple times, with fires reported even after the initial recall and software updates to prevent overheating issues [117289, 119533, 120494, 119523, 118715, 118275]. (b) The software failure incident having happened again at multiple_organization: - There is no specific mention in the provided articles about the same software failure incident happening at other organizations or with their products and services. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident occurring due to the development phases: - The software failure incidents related to the Chevrolet Bolt EVs catching fire were primarily due to manufacturing defects in the battery cells. General Motors identified two rare manufacturing defects in the battery cells as the root cause of the battery fires in certain Chevrolet Bolt EVs [120494]. - General Motors had issued recalls and software updates to address the risk of fire in the batteries made at partner LG Chem's plant in South Korea. The recalls included software updates that limited the battery charge to 90% as an interim remedy, and later, dealers were instructed to replace battery module assemblies that failed diagnostics and install advanced onboard diagnostic software to predict potential issues related to battery charge [118715]. (b) The software failure incident occurring due to the operation phases: - Despite the software updates and recalls issued by General Motors to address the risk of fire in the Chevrolet Bolt EVs, two Bolt EVs that had received the final remedy caught fire. Owners of the affected vehicles were advised to park their vehicles outdoors immediately after charging and not to leave them charging overnight [119523]. - Owners of the 2017-2019 Chevrolet Bolt EVs were urged to park their vehicles outdoors after charging and to avoid leaving them while they charge overnight due to the risk of fire associated with the battery packs [117289]. |
| Boundary (Internal/External) | within_system | (a) within_system: - The software failure incident related to the Chevrolet Bolt EVs catching fire was primarily due to a manufacturing defect in the battery packs that could cause a short circuit, leading to fires when fully charged [117289, 119533, 120494]. - General Motors identified two rare manufacturing defects within the battery cells as the root cause of the battery fires in certain Chevrolet Bolt EVs [120494]. - The initial recall involved adding software to limit the battery charge to 90% as an interim remedy to address the risk of fire in the affected vehicles [118715]. - Despite the software updates and recalls, fires continued to occur in some Chevrolet Bolt EVs even after they had been serviced as part of the recall, indicating a persistent issue within the system [119523]. (b) outside_system: - The software failure incident was not primarily attributed to factors originating from outside the system but rather to internal manufacturing defects within the battery cells and packs [117289, 119533, 120494, 118715, 119523]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software failure incident in the Chevrolet Bolt EVs was primarily due to manufacturing defects in the battery cells, specifically two rare manufacturing defects that could lead to a short-circuit in the battery cells, causing fires [Article 119533]. - General Motors identified a manufacturing defect in the battery packs that could cause a short and lead to a fire when fully charged. They developed software to restrict the state of charge to 90% to mitigate the risk of fire [Article 117289]. - The software failure incident was linked to two rare manufacturing defects in the battery cells, such as a torn anode tab and a folded separator between battery cells, which could result in a short-circuit [Article 120494]. (b) The software failure incident occurring due to human actions: - General Motors issued a recall for Chevrolet Bolts from the 2017 to 2019 model years to address the risk of fire in batteries made at LG Chem's Korea plant. As an interim remedy, GM dealers installed a software update to limit the battery charge to 90% [Article 118715]. - Owners of Chevrolet Bolts from the model years 2017 through 2019 were urged to park their vehicles outdoors after charging and to avoid leaving them while they charge overnight. This was after the vehicles were repaired as part of a recall, and two Bolts caught fire post-repair [Article 119523]. - General Motors advised owners of affected vehicles to set their vehicle to a 90 percent state of charge limitation using Target Charge Level mode and to charge their vehicles more frequently to avoid depleting the battery below a certain range until the recall work could be performed [Article 118275]. |
| Dimension (Hardware/Software) | hardware, software | (a) The software failure incident occurring due to hardware: - The software failure incident involving Chevrolet Bolt EVs catching fire was linked to two rare manufacturing defects in the battery cells, specifically a short-circuit caused by a torn anode tab and a folded separator between battery cells [120494]. - General Motors identified a manufacturing defect in the battery packs of Chevrolet Bolt EVs that could cause a short and lead to a fire when fully charged. This defect was related to hardware issues in the battery packs [117289]. (b) The software failure incident occurring due to software: - General Motors developed software to restrict the state of charge of the affected battery packs to 90% to prevent fires when fully charged [117289]. - GM initially issued a software update to limit the battery charge to 90% as an interim remedy to address the risk of fire in the batteries of Chevrolet Bolts [118715]. - GM later planned to replace battery modules that had defective cells as part of the recall, and dealers were instructed to install advanced onboard diagnostic software to predict potential issues related to battery charge [119533]. |
| Objective (Malicious/Non-malicious) | non-malicious | (a) malicious: - There is no indication in the provided articles that the software failure incident related to the Chevrolet Bolt EV fires was malicious in nature. The incidents were attributed to manufacturing defects in the battery modules and software limitations introduced to prevent overheating and fires [117289, 119533, 120494, 119523, 118715, 118275]. (b) non-malicious: - The software failure incidents related to the Chevrolet Bolt EV fires were non-malicious in nature. The failures were primarily caused by manufacturing defects in the battery modules and software limitations introduced to prevent overheating and fires. General Motors and LG Chem identified rare manufacturing defects in the battery cells as the root cause of the fires, leading to multiple recalls and replacement of battery modules [117289, 119533, 120494, 119523, 118715, 118275]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) poor_decisions: - The software failure incident related to the Chevrolet Bolt EV fires was due to a manufacturing defect in the battery packs that could cause a short circuit leading to fires when fully charged. General Motors identified this defect and developed software to restrict the state of charge to 90% to mitigate the risk of fire [117289, 119533]. - Despite the initial software fix, two Bolt EVs that had received the software update caught fire, indicating that the software solution was not completely effective in preventing the fires [119523]. - General Motors faced challenges in addressing the root cause of the battery fires, with multiple recalls and replacements of battery modules being necessary to rectify the issue [118715, 118275]. (b) accidental_decisions: - The software failure incident related to the Chevrolet Bolt EV fires was not explicitly attributed to accidental decisions or unintended mistakes in the articles provided. The focus was primarily on the manufacturing defect in the battery packs and the subsequent software updates and recalls to address the fire risk. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) development_incompetence: - The software failure incident related to the Chevrolet Bolt EV fires was due to a manufacturing defect in the battery packs that could cause a short circuit leading to a fire when fully charged. General Motors identified this defect and developed software to restrict the state of charge to 90% to mitigate the risk of fire [117289]. - General Motors and LG Chem identified two rare manufacturing defects in the battery cells of the Chevrolet Bolt EVs as the root cause of the battery fires. These defects included a torn anode tab and a folded separator between battery cells [120494]. (b) accidental: - The software failure incident involving Chevrolet Bolt EVs catching fire was not intentional but occurred due to manufacturing defects in the battery cells. General Motors and LG Chem linked the fires to two rare manufacturing defects that could be present in cells in the Bolt’s battery pack [119533]. - The fires in the Chevrolet Bolt EVs were not intentional but were accidental occurrences resulting from the presence of two rare manufacturing defects in the battery cells [119523]. |
| Duration | permanent, temporary | (a) The software failure incident related to the Chevrolet Bolt EV battery issue can be considered permanent as it was caused by manufacturing defects in the battery modules that could lead to fires even after software updates and repairs were attempted [117289, 119533, 120494, 119523, 118715, 118275]. (b) The software failure incident can also be seen as temporary as General Motors attempted to address the issue through software updates and recalls to prevent further incidents, indicating a temporary solution to mitigate the risk of fires [117289, 119533, 120494, 119523, 118715, 118275]. |
| Behaviour | crash, omission, timing, value, other | (a) crash: Failure due to system losing state and not performing any of its intended functions - The software failure incident in the articles can be categorized as a crash due to the risk of fire in Chevrolet Bolt EVs caused by a manufacturing defect in the battery packs. This defect could lead to a fire when the battery is fully charged, indicating a failure of the system to maintain its intended function of safe operation [117289, 119533, 120494]. (b) omission: Failure due to system omitting to perform its intended functions at an instance(s) - The software failure incident can also be seen as an omission as the software was designed to restrict the state of charge to 90% to prevent fires in Chevrolet Bolt EVs. However, even after repairs and software updates, fires still occurred, indicating an omission in fully addressing the root cause of the issue [117289, 119533, 120494]. (c) timing: Failure due to system performing its intended functions correctly, but too late or too early - The timing of the software updates and recalls in response to the fire risk in Chevrolet Bolt EVs could be considered a timing failure. Despite identifying the manufacturing defects and issuing software updates, fires occurred after the updates were applied, suggesting a delay in fully resolving the issue in a timely manner [117289, 119533, 120494]. (d) value: Failure due to system performing its intended functions incorrectly - The software failure incident can be attributed to a value failure as the software updates and diagnostic procedures aimed to prevent fires in Chevrolet Bolt EVs did not completely address the manufacturing defects in the battery packs, leading to continued fire incidents [117289, 119533, 120494]. (e) byzantine: Failure due to system behaving erroneously with inconsistent responses and interactions - The software failure incident does not exhibit characteristics of a byzantine failure based on the information provided in the articles. (f) other: Failure due to system behaving in a way not described in the (a to e) options; What is the other behaviour? - The software failure incident could also be categorized as a flaw in the system design or implementation, leading to persistent safety risks despite attempted software fixes and recalls [117289, 119533, 120494]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, processing_unit, embedded_software | (a) sensor: Failure due to contributing factors introduced by sensor error - The failure in the Chevrolet Bolt EVs was related to battery modules that could cause fires when charging, indicating a sensor error in the battery modules [Article 118275]. (b) actuator: Failure due to contributing factors introduced by actuator error - There is no specific mention of an actuator error in the articles provided. (c) processing_unit: Failure due to contributing factors introduced by processing error - The failure in the Chevrolet Bolt EVs was linked to two rare manufacturing defects in the battery cells, indicating a processing error in the manufacturing process [Article 120494]. (d) network_communication: Failure due to contributing factors introduced by network communication error - There is no mention of network communication errors in the articles provided. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The failure in the Chevrolet Bolt EVs was initially addressed by a software update to limit the battery charge to 90%, indicating an embedded software error that needed correction [Article 118715]. |
| Communication | unknown | The software failure incidents related to the Chevrolet Bolt EV fires were primarily linked to the battery modules and manufacturing defects rather than the communication layer of the cyber-physical system. The failures were attributed to defects in the battery cells, manufacturing issues, and the risk of fire when the batteries were fully charged. The incidents led to recalls and replacement of battery modules to address the root cause of the fires ([117289], [119533], [120494], [119523], [118715], [118275]). |
| Application | FALSE | The software failure incidents related to the Chevrolet Bolt EV fires were not directly attributed to the application layer of the cyber physical system. Instead, the incidents were primarily linked to manufacturing defects in the battery cells and modules, which could lead to fires when charging the vehicles [117289, 119533, 120494, 119523, 118715, 118275]. Therefore, the failures were not specifically related to the application layer as described in the question. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | property, non-human, other | (a) death: People lost their lives due to the software failure - No information about deaths due to the software failure incidents was mentioned in the provided articles. (b) harm: People were physically harmed due to the software failure - No information about physical harm to individuals due to the software failure incidents was mentioned in the provided articles. (c) basic: People's access to food or shelter was impacted because of the software failure - No information about people's access to food or shelter being impacted due to the software failure incidents was mentioned in the provided articles. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incidents related to Chevrolet Bolt EVs involved a risk of fire due to a manufacturing defect in the battery packs, leading to property damage [117289, 119533, 120494, 119523, 118715, 118275]. (e) delay: People had to postpone an activity due to the software failure - No information about people having to postpone activities due to the software failure incidents was mentioned in the provided articles. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incidents affected the Chevrolet Bolt EVs, leading to the risk of fire due to battery defects [117289, 119533, 120494, 119523, 118715, 118275]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incidents involving the Chevrolet Bolt EVs resulted in real consequences such as the risk of fire due to battery defects [117289, 119533, 120494, 119523, 118715, 118275]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The potential consequences discussed in the articles included the risk of fire due to battery defects in the Chevrolet Bolt EVs, which did occur [117289, 119533, 120494, 119523, 118715, 118275]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The main consequence of the software failure incidents reported in the articles was the risk of fire in Chevrolet Bolt EVs due to manufacturing defects in the battery packs, leading to property damage and safety concerns for owners [117289, 119533, 120494, 119523, 118715, 118275]. |
| Domain | transportation, manufacturing | (a) The failed system was intended to support the production and distribution of information. The software failure incident was related to the Chevrolet Bolt EVs, specifically the battery modules, which posed a risk of catching fire when charging. General Motors issued recalls and developed software updates to address the issue ([117289], [119533], [120494], [119523], [118715], [118275]). |
Article ID: 117289
Article ID: 119533
Article ID: 120494
Article ID: 119523
Article ID: 118715
Article ID: 118275