Incident Details

Incident: Lethal Flaws in Smart Motorway Radar System Lead to Fatalities

Published Date: 2021-09-28

Postmortem Analysis
Timeline	1. The software failure incident happened in September 2018. - The incident where Nargis Begum was killed on the M1 near Sheffield occurred in September 2018 [119029].
System	1. Stopped Vehicle Detection (SVD) radar system 2. Cameras and radar system 3. Control room computers 4. Safety cameras 5. Signal gantries
Responsible Organization	1. National Highways [119029] 2. Government [119029]
Impacted Organization	1. National Highways [119029, 119029, 119029] 2. Motorists using smart motorways [119029, 119029] 3. Control room staff at National Highways [119029] 4. Families of victims of smart motorway incidents [119029, 119029] 5. Police officers and emergency services [119029]
Software Causes	1. The radar system, Stopped Vehicle Detection (SVD), designed to alert the smart motorway control room to breakdowns within 20 seconds, gave false warnings and missed stranded cars due to glitches and faults in the software [119029, 119029]. 2. The software used to operate the safety cameras on smart motorways was faulty, with more than one in ten safety cameras broken, misted up, or facing the wrong way, and half the cameras on one section of the M25 being faulty [119029]. 3. The technology and software used to transmit images and alerts to the control room operators were unreliable, leading to delays in identifying breakdowns and accidents on the smart motorways [119029].
Non-software Causes	1. Lack of emergency bays on smart motorways, leaving motorists dangerously stranded when they break down [Article 119029]. 2. Insufficient number of signal gantries built, leaving motorists ignorant about obstructions ahead [Article 119029]. 3. Gaps between emergency refuge areas on smart motorways being too far apart, leading to stranded vehicles in live lanes [Article 119029].
Impacts	1. The software failure incident involving the radar system on smart motorways led to critical flaws in the system, including false warnings, missed breakdowns, and unreliable alerts to the control room, putting motorists in danger [119029, 119029]. 2. The failure of the radar system resulted in control room staff viewing alerts as low priority due to frequent false alarms, slow response times, and missed breakdowns, leading to a lack of timely assistance for stranded motorists [119029, 119029]. 3. The software failure incident contributed to an increase in fatalities on smart motorways, with death rates up to a third higher than on conventional motorways, contradicting claims by ministers and highways bosses that smart motorways are as safe or safer than traditional roads [119029, 119029]. 4. Families of victims affected by the smart motorway failures demanded the immediate reinstatement of hard shoulders throughout the network to prevent further tragedies and ensure the safety of motorists [119029, 119029].
Preventions	1. Proper testing and validation of the radar software system before its deployment could have potentially prevented the software failure incident [119029]. 2. Regular maintenance and monitoring of the radar system to ensure it functions as intended could have helped prevent the failures [119029]. 3. Implementing a more reliable and efficient system for detecting breakdowns on smart motorways, possibly with redundancies or backup systems, could have mitigated the risks associated with the software failure incident [119029].
Fixes	1. Conduct a thorough investigation into the failures of the radar software system on smart motorways to identify and address the critical flaws [119029, 119029]. 2. Implement urgent changes to the radar system to ensure it functions as intended, including addressing false alarms, missed breakdowns, and system failures reported by control room staff [119029]. 3. Retrofit additional emergency refuge areas on existing smart motorways where they are more than one mile apart to provide safe havens for broken-down vehicles [119029]. 4. Review the spacing of emergency bays on smart motorways to ensure they are positioned at appropriate intervals for the safety of motorists [119029]. 5. Pause the expansion of smart motorways until all technological difficulties and safety concerns are resolved, and conduct a full review of the smart motorway system to learn from the failures and prevent further loss of life [119029].
References	1. National Highways staff 2. Former ministers 3. MPs 4. Control room staff 5. Undercover reporter 6. Police Federation of England and Wales 7. Families of victims 8. Transport Secretary Grant Shapps 9. Former roads minister Sir Mike Penning 10. Former roads minister Sir John Hayes 11. Labour MP Sarah Champion 12. National Highways chief executive Nick Harris 13. Former National Highways chief executive Jim O'Sullivan 14. Department for Transport 15. AA President Sir Edmund King 16. Sally Jacobs, wife of a victim 17. Lynn Reeves, mother of a victim 18. Niaz Shazad, son of a victim 19. John Apter, National Chair of the Police Federation of England and Wales

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization	(a) The software failure incident having happened again at one_organization: - The software failure incident related to smart motorways radar system failing to detect breakdowns within 20 seconds has been reported multiple times within the National Highways organization. Control room staff reported that the radar system gives false warnings, misses stranded cars, and is unreliable [119029]. - Internal reports revealed that staff flagged system failures to National Highways bosses several times over the past few months, indicating a recurring issue with the radar system [119029]. (b) The software failure incident having happened again at multiple_organization: - The article does not provide information about the same software failure incident happening at other organizations or with their products and services.
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase can be seen in the smart motorways radar system. The radar system, known as Stopped Vehicle Detection (SVD), was designed to alert the control room to breakdowns within 20 seconds but was found to give false warnings and miss stranded cars. Control room staff reported that the system often goes off for non-breakdown reasons like slow-moving traffic or road signs, leading to a low priority for actual breakdown alerts. This failure in the design of the radar system contributed to the inefficiency and unreliability of the smart motorway technology [119029]. (b) The software failure incident related to the operation phase can be observed in the smart motorways where the radar system, meant to detect breakdowns, was reported to be constantly going off but missing actual breakdowns. Control room staff mentioned that the system was not functioning as it should, leading to a false sense of security and a lack of urgency in responding to real breakdowns. This failure in the operation of the radar system contributed to the risks and dangers faced by motorists on smart motorways due to the unreliable technology [119029].
Boundary (Internal/External)	within_system, outside_system	(a) The software failure incident related to the smart motorways radar system can be categorized as within_system. The failure of the radar system to detect breakdowns within 20 seconds, giving false warnings, missing stranded cars, and having glitches like constant false alarms and suppression of alerts were all internal issues within the system itself. The system was meant to be a critical component of the smart motorways to ensure the safety of motorists, but it was found to be unreliable and ineffective, leading to potential dangers on the roads [119029]. (b) The software failure incident related to the smart motorways radar system can also be categorized as outside_system. This is because the failure of the radar system was not solely due to technical issues within the system but also due to external factors such as the spacing of emergency bays being too far apart, leaving motorists stranded dangerously when they break down. The lack of adequate emergency refuge areas on smart motorways was highlighted as a contributing factor to the failures of the radar system, indicating issues originating from outside the system itself [119029].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: - The software failure incident in the smart motorways system was primarily due to critical flaws in the radar software system, known as Stopped Vehicle Detection (SVD), which is meant to alert the control room to breakdowns within 20 seconds but was giving false warnings and missing stranded cars [Article 119029]. - The radar system was described as impossible to rely on, with staff viewing alerts as low priority because they were triggered by slow-moving traffic and road signs, leading to missed breakdowns [Article 119029]. - Internal reports revealed that the radar system had been flagging system failures to highways bosses several times over the past few months, indicating ongoing issues with the technology [Article 119029]. (b) The software failure incident occurring due to human actions: - The decision to implement smart motorways without adequate safety measures, such as emergency bays being too far apart, was a human action that contributed to the software failure incident [Article 119029]. - Former roads ministers and MPs were described as disturbed by the revelations and called for urgent action to address the flaws in the smart motorways system, indicating human actions that led to the failure incident [Article 119029]. - The failure to address the technological difficulties and proceed with the expansion of the smart motorway network despite concerns from the police and the public was a human action that contributed to the ongoing software failure incident [Article 119029].
Dimension (Hardware/Software)	software	(a) The software failure incident occurring due to hardware: - The articles do not specifically mention any hardware-related failures contributing to the incident reported in the news articles [119029]. (b) The software failure incident occurring due to software: - The incident reported in the news articles [119029] primarily revolves around software failures related to the radar system used on smart motorways. The radar system, known as Stopped Vehicle Detection (SVD), was highlighted as giving false warnings, missing stranded cars, and being unreliable. Control room staff mentioned that the system often goes off for non-essential reasons, leading to a low priority on actual breakdown alerts. Additionally, internal reports revealed multiple instances of system failures being flagged to management, indicating software-related issues affecting the system's functionality. Staff also noted that the radar system failed to detect a car sitting in high-speed traffic for over 30 minutes, showcasing the software's inefficiency in detecting real breakdowns. The software failures in the radar system were a significant factor contributing to the safety concerns and incidents on smart motorways.
Objective (Malicious/Non-malicious)	non-malicious	(a) The software failure incident related to the smart motorways can be categorized as non-malicious. The failure was due to critical flaws in the radar software system, known as Stopped Vehicle Detection (SVD), which is meant to alert the control room to breakdowns within 20 seconds but was giving false warnings and missing stranded cars [119029]. The failure was attributed to glitches in the technology and unreliable devices, leading to a situation where motorists could find themselves in a stopped vehicle in a live lane without the authorities being aware of the incident [119029]. The failure was not intentional but rather a result of technological shortcomings and system inadequacies.
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The intent of the software failure incident: - The software failure incident related to the smart motorways radar system was primarily due to poor decisions made in the implementation and reliance on the technology. The radar system, known as Stopped Vehicle Detection (SVD), was meant to alert the control room to breakdowns within 20 seconds but was plagued with critical flaws. Control room staff reported that the system gave false warnings, missed stranded cars, and was unreliable, leading to a dangerous situation for motorists [119029]. - Former roads minister Sir Mike Penning expressed shock at the investigation findings and emphasized the need for action from National Highways to address the failures in the system. He highlighted that now that evidence of the system's shortcomings was available, action needed to be taken to rectify the situation [119029].
Capability (Incompetence/Accidental)	development_incompetence, accidental	(a) The software failure incident occurring due to development_incompetence: - The smart motorways radar system, known as Stopped Vehicle Detection (SVD), was reported to have critical flaws and failures. Control room staff mentioned that the system gave false warnings, missed stranded cars, and was impossible to rely on due to constant false alarms and failures to detect breakdowns [119029]. - Internal reports revealed that staff had flagged system failures to highways bosses multiple times over the past few months, indicating a lack of proper functioning and reliability of the radar system [119029]. (b) The software failure incident occurring due to accidental factors: - The article mentions instances where the radar system failed to detect breakdowns, leading to potential dangers for motorists. This failure seems to be accidental in nature, as it was not intentional but rather a result of the system's limitations and glitches [119029]. - The unreliable technology and faulty devices within the smart motorway system, such as non-functioning cameras and faulty computers, contributed to the failures and safety risks, which can be seen as accidental factors leading to the software failure incident [119029].
Duration	temporary	The software failure incident related to the smart motorways radar system can be categorized as a temporary failure. The radar system, known as Stopped Vehicle Detection (SVD), was reported to give false warnings, miss stranded cars, and have various glitches [119029]. Control room staff mentioned that the system often goes off for non-essential reasons like slow-moving traffic or road signs, leading to a low priority for actual breakdown alerts. Additionally, internal reports revealed multiple instances of system failures and staff flagging these issues to management [119029]. These issues indicate that the failure of the radar system was due to contributing factors introduced by certain circumstances but not all, making it a temporary failure.
Behaviour	crash, omission, timing, value, other	(a) crash: The software failure incident in the articles can be categorized as a crash. The radar system, known as Stopped Vehicle Detection (SVD), which is a critical component of smart motorways, was failing to detect stranded cars and providing false warnings while missing actual breakdowns. This failure led to a situation where vehicles could be stranded in live lanes without the control room being aware, posing a significant risk to motorists [119029]. (b) omission: The software failure incident can also be categorized as an omission. The SVD system was omitting to perform its intended function of accurately detecting and alerting the control room about breakdowns within 20 seconds. Control room staff reported that the system often missed actual breakdowns, leading to a situation where stranded vehicles were not being detected promptly [119029]. (c) timing: The software failure incident can be categorized as a timing issue. The SVD system was intended to alert the control room to breakdowns within 20 seconds. However, the system was often failing to do so in a timely manner, leading to delays in responding to stranded vehicles on the smart motorways. This timing issue compromised the safety of motorists using the smart motorway network [119029]. (d) value: The software failure incident can be categorized as a value issue. The radar system, which was a significant investment costing £122 million, was not providing the expected value in terms of accurately detecting and alerting the control room about breakdowns on smart motorways. The system's performance issues undermined its intended value of enhancing safety on the roads [119029]. (e) byzantine: The software failure incident does not align with a byzantine behavior as described in the articles. There is no indication of inconsistent responses or interactions from the radar system or the control room software in the context of the smart motorway failures reported [119029]. (f) other: The software failure incident can be categorized as a failure related to system reliability and accuracy. The radar system's inability to effectively detect and alert the control room about breakdowns, coupled with frequent false warnings and missed breakdowns, highlights a fundamental issue with the system's reliability and accuracy in performing its critical function on smart motorways [119029].

IoT System Layer

Layer	Option	Rationale
Perception	sensor, processing_unit, embedded_software	(a) sensor: Failure due to contributing factors introduced by sensor error - The failure in the smart motorway incident was related to the radar system, which is a type of sensor used to detect breakdowns within 20 seconds. The radar system was giving false warnings and missing stranded cars, leading to critical flaws in the system [119029]. (b) actuator: Failure due to contributing factors introduced by actuator error - There is no specific mention of an actuator failure in the articles provided. (c) processing_unit: Failure due to contributing factors introduced by processing error - The failure in the smart motorway incident was related to the radar system's processing unit, which was not functioning correctly. The system was unable to accurately detect breakdowns and often gave false alarms, indicating a processing error [119029]. (d) network_communication: Failure due to contributing factors introduced by network communication error - The articles do not mention any specific network communication errors contributing to the failure incident. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The failure in the smart motorway incident was related to the embedded software used in the radar system. The software was faulty, leading to missed breakdowns and false alarms, indicating an error in the embedded software [119029].
Communication	connectivity_level	The failure related to the communication layer of the cyber physical system that failed was at the connectivity_level. The failure was due to contributing factors introduced by the network or transport layer. The radar system, known as Stopped Vehicle Detection (SVD), which is a critical component of the smart motorways, was reported to have a host of false warnings while missing stranded cars. Control room staff mentioned that the system often goes off for low-priority reasons such as slow-moving traffic or road signs, leading to missed breakdown alerts. Additionally, internal reports revealed multiple instances where the radar system failed to detect actual breakdowns, and operators expressed concerns about the system not working as intended [119029].
Application	TRUE	The software failure incident related to the application layer of the cyber physical system that failed with contributing factors introduced by bugs, operating system errors, unhandled exceptions, and incorrect usage is evident in the smart motorways radar system failure as reported in Article 119029. The radar system, known as Stopped Vehicle Detection (SVD), was meant to alert the control room to breakdowns within 20 seconds but gave false warnings and missed stranded cars due to bugs and glitches. Control room staff reported that the system often missed breakdowns, had false alarms triggered by slow-moving traffic and road signs, and faced issues with suppressing itself and failing to detect stranded vehicles in live lanes. Staff flagged system failures to highways bosses multiple times over the past few months, indicating issues with the application layer of the radar system [119029].

Other Details

Category	Option	Rationale
Consequence	death, harm, non-human	(a) death: People lost their lives due to the software failure - More than 50 motorists have died on smart motorways from 2015 to 2019, with 18 deaths attributed to the road system [119029]. - Families of victims have called for the immediate reinstatement of the hard shoulder throughout the network after fatal incidents on smart motorways [119029]. (b) harm: People were physically harmed due to the software failure - The articles mention instances where individuals were physically harmed due to breakdowns on smart motorways, leading to fatalities [119029]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident impacted the radar system used on smart motorways to detect breakdowns, leading to critical flaws in the system [119029].
Domain	transportation, government	(a) The failed system was intended to support the transportation industry. The system in question was the radar software system used on smart motorways to alert the control room to breakdowns within 20 seconds, but it was reported to be giving false warnings and missing stranded cars, leading to critical flaws in the system [Article 119029]. (b) The transportation industry was affected by the software failure incident. The smart motorways, which are a part of the transportation infrastructure, were plagued with shocking failures due to critical problems in the radar software system meant to keep motorists safe [Article 119029]. (c) The failed system was not directly related to the extraction of materials from Earth. (d) The failed system was not directly related to sales or exchanging money for products. (e) The failed system was not directly related to the construction industry. (f) The failed system was not directly related to manufacturing. (g) The failed system was not directly related to utilities such as power, gas, steam, water, and sewage services. (h) The failed system was not directly related to the finance industry. (i) The failed system was not directly related to the knowledge industry. (j) The failed system was not directly related to the health industry. (k) The failed system was not directly related to the entertainment industry. (l) The failed system was indirectly related to the government sector as it involved the National Highways agency, control room staff, and government officials overseeing the smart motorways system [Article 119029]. (m) The failed system was not directly related to any other industry mentioned in the articles.

Sources

Boris Johnson orders inquiry into smart motorways after probe reveals lethal failings in system - Daily Mail - Published on: 2021-09-28
Article ID: 119029

Back to List