Incident Details

Incident: Smart Motorway Chaos: Flawed Technology Endangers Lives on M6.

Published Date: 2021-10-27

Postmortem Analysis
Timeline	1. The software failure incident involving the flawed technology at National Highways, as reported in Article 119619, happened around September 2021. - Step 1: The article mentions an audit on September 17, indicating the incident occurred around that time. - Step 2: The article was published on 2021-10-27. - Step 3: Based on the information, the incident likely occurred in September 2021.
System	1. Charm program introduced by National Highways in several regional control centers [119619] 2. Dynac system used for closing lanes, setting speed limits, and warning motorists of breakdowns [119619]
Responsible Organization	1. National Highways [119619] 2. Dynac system manufacturer, Kapsch TrafficCom [119619]
Impacted Organization	1. National Highways staff [119619] 2. Drivers on smart motorways [119619] 3. Control room operators [119619]
Software Causes	1. The software causes of the failure incident include the introduction of a new multi-million-pound programme called Charm by National Highways, which was reported to be riddled with problems such as 'unusable CCTV' cameras with poor image quality, freezing, and slow reactions [119619]. 2. The Dynac system used by National Highways for lane closures, speed limit settings, and breakdown warnings was criticized for being 'painfully slow', causing further delays in implementing measures to protect drivers [119619]. 3. An undercover investigation revealed failures at the control centers, including faulty and outdated computer hardware dating back to 2004, and software going down multiple times within a six-week period [119619].
Non-software Causes	1. Poor image quality, freezing, and slow reaction of CCTV cameras [119619] 2. Painfully slow Dynac system used for lane closures, speed limit settings, and breakdown warnings [119619] 3. Faulty and outdated computer hardware dating back to 2004 [119619]
Impacts	1. Poor image quality, freezing, and slow reaction of CCTV cameras leading to unusable cameras, which could potentially delay response to incidents and endanger lives [119619]. 2. Painfully slow Dynac system used for lane closures, speed limit settings, and breakdown warnings, further delaying measures to protect drivers [119619]. 3. Outdated computer hardware and software failures causing operational disruptions and potential safety hazards, as highlighted during an undercover investigation [119619]. 4. High stress levels and low morale among staff due to the poor state of technology and lack of action to address the issues, potentially impacting operational efficiency and safety [119619]. 5. Increased risk to drivers and passengers on smart motorways, with incidents such as crashes and injuries being attributed to the flawed technology and operational shortcomings [119619].
Preventions	1. Implementing thorough testing procedures before rolling out the new technology could have prevented the software failure incident [119619]. 2. Regular maintenance and updates of the software and hardware systems could have helped in identifying and fixing issues before they escalated [119619]. 3. Listening to and addressing the concerns raised by staff regarding the usability and functionality of the technology could have prevented the software failure incident [119619]. 4. Ensuring proper training for staff on how to use the technology effectively could have mitigated potential risks and issues [119619]. 5. Conducting a comprehensive risk assessment before implementing the new technology to identify potential safety hazards and address them proactively could have prevented the software failure incident [119619].
Fixes	1. Implement a thorough review and overhaul of the technology systems, including the Charm program and the Dynac system, to address the reported flaws and issues [119619]. 2. Upgrade the faulty, outdated computer hardware dating back to 2004 to ensure the systems are running on modern and reliable infrastructure [119619]. 3. Conduct regular maintenance and testing of the software and hardware to prevent future failures and ensure the safety of drivers on smart motorways [119619]. 4. Enhance communication and collaboration between staff, management, and technology providers to address concerns and implement necessary changes promptly [119619].
References	1. National Highways staff 2. Operator who sent the scathing email 3. Undercover reporter who spent time working at one of the control centers 4. National Highways boss Nick Harris 5. Department for Transport spokesman 6. Austrian firm Kapsch TrafficCom [119619]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident related to National Highways has happened again within the same organization. The article mentions that National Highways staff have accused the organization of rolling out flawed technology that is putting lives at risk. The new multi-million-pound programme called Charm introduced by National Highways is reported to be riddled with problems, including unusable CCTV cameras, slow Dynac system, and outdated computer hardware causing software failures [119619]. (b) The software failure incident related to smart motorways and the technology used on them has also been reported at other organizations or with their products and services. The article highlights that there have been 53 deaths on smart motorways in the four years leading up to 2019, with at least 18 of them blamed to some degree on the roads. Additionally, the article mentions that a recent undercover investigation revealed failures in the technology used on smart motorways, such as broken cameras, misted-up cameras, and faulty software [119619].
Phase (Design/Operation)	design, operation	(a) The software failure incident related to the design phase is evident in the article. The National Highways staff accused the bosses of rolling out flawed technology that is putting lives at risk. The new multi-million-pound programme called Charm introduced by National Highways in several regional control centers was criticized for being riddled with problems. The operator complained about unusable CCTV cameras with poor image quality, freezing, and slow reactions, as well as the Dynac system being painfully slow, further delaying measures to protect drivers [119619]. (b) The software failure incident related to the operation phase is also highlighted in the articles. The operator mentioned in the scathing email that it is only a matter of time until someone is seriously hurt or killed as a direct result of the chaotic system. He criticized the technology for being so problematic that it is like being forced to do their job blindfolded with both arms tied behind their back. The email also mentioned the poor state of technology that has been complained about for years without any significant improvements, leading to low staff morale and high stress levels [119619].
Boundary (Internal/External)	within_system	(a) within_system: - The software failure incident reported in the articles is primarily attributed to issues within the system itself. The National Highways staff accused the management of rolling out flawed technology, including a new multi-million-pound program called Charm, which was described as chaotic and riddled with problems [119619]. - The operator complained about unusable CCTV cameras, poor image quality, freezing cameras, and slow reactions when operators tried to assess the situation [119619]. - The Dynac system used for lane closures, speed limit settings, and breakdown warnings was criticized for being painfully slow, further delaying measures to protect drivers [119619]. - The software failures and outdated computer hardware within the control centers were highlighted, with reports of software going down multiple times during a six-week period [119619]. (b) outside_system: - The software failure incident does not seem to be primarily attributed to factors originating from outside the system. The focus of the articles is on the internal issues within the National Highways system, such as flawed technology, malfunctioning equipment, and inadequate software [119619].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: - The article reports on a software failure incident related to the introduction of flawed technology, specifically the Charm program and the Dynac system, by National Highways [119619]. - The Charm program introduced by National Highways in several regional control centers was described as riddled with problems, including unusable CCTV cameras with poor image quality, freezing, and slow reactions [119619]. - The Dynac system, used for lane closures, speed limit settings, and breakdown warnings, was criticized for being painfully slow, further delaying measures to protect drivers [119619]. - The article highlights issues with faulty, outdated computer hardware and software failures occurring multiple times during an undercover investigation at control centers [119619]. - The failures in the technology used on smart motorways, such as broken cameras and misted-up lenses, were identified during an audit, indicating non-human actions contributing to the software failure incident [119619]. (b) The software failure incident occurring due to human actions: - The article mentions that National Highways staff accused their bosses of recklessly and negligently rolling out flawed technology, indicating potential human actions in the decision-making process [119619]. - The operator who sent a scathing email to staff criticized the management's approach to technology, mentioning a lack of action despite repeated complaints about the poor state of technology [119619]. - The email titled 'Something needs to be done' highlighted the need for dramatic change in the way Highways manages its technology, suggesting a potential failure in human decision-making and management practices [119619]. - The article includes statements from MPs, relatives of victims, and campaign groups accusing National Highways of making a multi-billion pound mistake with taxpayers' money and lives, indicating potential human actions contributing to the software failure incident [119619].
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident occurring due to hardware: - The article mentions that there were faulty, outdated computer hardware dating back to 2004 in use at the control centers [119619]. - It is reported that one in ten cameras was broken, misted-up, or facing the wrong way during an audit, indicating hardware issues with the cameras [119619]. (b) The software failure incident occurring due to software: - The operator complained about the Dynac system being 'painfully slow,' which is a software issue affecting the efficiency of lane closures, speed limit settings, and breakdown warnings [119619]. - The software went down several times in the six weeks that an undercover reporter spent working at one of the control centers, indicating software failures [119619].
Objective (Malicious/Non-malicious)	non-malicious	(a) The software failure incident described in the articles does not seem to be malicious. The failure is attributed to flaws in the technology and systems implemented by National Highways, leading to serious safety concerns and accidents on smart motorways. The issues mentioned include unusable CCTV cameras, slow and outdated software systems, and a chaotic control system that hinders operators' ability to ensure road safety [119619]. These factors point towards a non-malicious software failure incident caused by inadequate technology and system implementation rather than intentional harm.
Intent (Poor/Accidental Decisions)	poor_decisions, accidental_decisions	(a) The intent of the software failure incident related to poor_decisions is evident in the article. National Highways introduced a new multi-million-pound program called Charm in several regional control centers. However, the technology was described as flawed, with operators warning that it is putting lives at risk due to problems such as unusable CCTV cameras, slow reaction times, and painfully slow systems like the Dynac system used for lane closures and speed limit settings. The operator criticized the management for not addressing the poor state of technology despite repeated complaints, indicating a failure due to contributing factors introduced by poor decisions [119619]. (b) The intent of the software failure incident related to accidental_decisions is also apparent in the article. The article mentions that there were faulty, outdated computer hardware dating back to 2004 in use, and the software went down several times in the six weeks that an undercover reporter spent working at one of the control centers. This indicates that the failures were not intentional but rather due to mistakes or unintended decisions that led to the software issues [119619].
Capability (Incompetence/Accidental)	development_incompetence	(a) The software failure incident related to development incompetence is evident in the article as National Highways staff accused their bosses of recklessly and negligently rolling out flawed technology that is putting lives at risk. The new technology introduced by National Highways, called Charm, was reported to be riddled with problems such as unusable CCTV cameras, slow reaction times, and painfully slow Dynac system used for lane closures and speed limit settings [119619]. (b) The software failure incident related to accidental factors is seen in the article where the operator warned that it is only a matter of time until someone is seriously hurt or killed as a direct result of the chaotic system. The failures in the technology, including unusable CCTV cameras, slow reaction times, and outdated computer hardware, were not intentional but rather accidental consequences of the flawed system implementation [119619].
Duration	permanent	(a) The software failure incident described in the articles appears to be more of a permanent nature. The articles highlight ongoing issues with the technology implemented by National Highways, such as unusable CCTV cameras, slow and faulty Dynac system, and outdated computer hardware. Staff have raised concerns about the poor state of technology over the years, indicating that these problems have persisted for a significant period of time without adequate resolution [119619]. The failures are not isolated incidents but seem to be systemic, indicating a more permanent nature of the software failure.
Behaviour	crash, omission, timing, value, other	(a) crash: The software failure incident described in the articles can be categorized as a crash. The operator mentioned in the scathing email that the technology being rolled out by National Highways is so flawed that it is like 'being forced to do our job blindfolded with both arms tied behind our back' and complained of 'unusable CCTV' cameras with poor image quality, freezing, and slow reactions [119619]. (b) omission: The software failure incident can also be categorized as an omission. The operator criticized the Dynac system for being 'painfully slow,' which further delayed measures to protect drivers. This indicates that the system omitted to perform its intended functions promptly, potentially putting lives at risk [119619]. (c) timing: The timing of the software failure incident can be considered a factor as well. The operator mentioned in the email that the technology's slow performance, such as the slow reaction of CCTV cameras and the delayed response of the Dynac system, could lead to serious harm or even fatalities, indicating that the system was performing its intended functions, but too late to prevent potential accidents [119619]. (d) value: The software failure incident can also be attributed to a failure in value. The operator expressed concerns about the poor state of technology, outdated hardware, and software failures that occurred multiple times during the undercover investigation. These issues indicate that the system was not performing its intended functions correctly, leading to inefficiencies and potential safety risks [119619]. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure, which involves inconsistent responses and interactions. The reported issues primarily focus on the system's flaws, slow performance, and failures rather than erratic or inconsistent behavior [119619]. (f) other: The other behavior exhibited in the software failure incident is the lack of proper maintenance and proactive management of the technology. The operator highlighted the passive approach taken by Highways in addressing technology issues, stating that there needs to be a dramatic change in how technology is managed instead of waiting for catastrophic events to prompt action. This lack of proactive maintenance and management contributed to the system's failures and potential risks [119619].

IoT System Layer

Layer	Option	Rationale
Perception	sensor, processing_unit, network_communication, embedded_software	(a) sensor: The article mentions complaints about 'unusable CCTV cameras' with poor image quality, freezing, and slow reactions when operators try to find out what is happening [119619]. (c) processing_unit: The operator criticized the Dynac system for being 'painfully slow', which further delayed measures to protect drivers [119619]. (d) network_communication: The article mentions that faulty, outdated computer hardware dating back to 2004 was in use and software went down several times in the six weeks that an undercover reporter spent working at one of six control centers [119619]. (e) embedded_software: The article discusses the introduction of a new multi-million-pound program called Charm in several regional control centers, which was riddled with problems according to the operator's scathing email [119619].
Communication	unknown	The software failure incident reported in the articles does not specifically mention whether the failure was related to the communication layer of the cyber physical system that failed. The focus of the incident is on the flaws and problems with the technology, such as unusable CCTV cameras, slow reaction times, and outdated computer hardware, rather than explicitly discussing failures at the communication layer level. Therefore, it is unknown whether the failure was specifically related to the communication layer of the cyber physical system.
Application	FALSE	The software failure incident described in the articles does not specifically mention that the failure was related to the application layer of the cyber physical system. The reported issues primarily focus on problems with technology components such as unusable CCTV cameras, slow Dynac system, faulty hardware, and software downtime. Therefore, it is unknown whether the failure was specifically related to the application layer based on the information provided in the articles.

Other Details

Category	Option	Rationale
Consequence	death, harm, property	(a) death: People lost their lives due to the software failure - The article mentions that there were 53 deaths on smart motorways in the four years leading up to 2019, with at least 18 of those deaths being blamed to some degree on the smart motorways [119619]. (b) harm: People were physically harmed due to the software failure - The article describes a former male model who suffered devastating injuries when his motorbike lost power on a smart motorway, leading to emergency surgery to rebuild his leg [119619]. - It also mentions an eight-year-old child who was killed on a hard shoulder running as a live lane on the M6 near Birmingham [119619]. (d) property: People's material goods, money, or data was impacted due to the software failure - The article discusses a couple whose car broke down and crashed on a smart motorway due to the software failure, resulting in their grandchild being traumatized by the incident [119619].
Domain	transportation	(a) The failed system was intended to support the transportation industry. The software failure incident occurred in the context of smart motorways managed by National Highways, where flawed technology, including unusable CCTV cameras and a slow Dynac system, was reported [119619]. The smart motorways are designed to use technology to close off lanes, set speed limits, and warn motorists of breakdowns to ensure road safety [119619].

Sources

Operator gives damning verdict on traffic alert system in email warning hundreds of his colleagues - Daily Mail - Published on: 2021-10-27
Article ID: 119619

Back to List