Incident Details

Incident: Smart Motorway Technology Failures on M62 Impacting Driver Safety

Published Date: 2021-10-20

Postmortem Analysis
Timeline	1. The software failure incident on the smart motorway on the M62 occurred in October 2021 as reported in Article 120470.
System	1. Roadside message screens and overhead gantry signs on the smart motorway section between the Croft and Eccles interchanges on the M62 [120470] 2. Stopped vehicle detection technology on the particular section of the M62 [120470]
Responsible Organization	1. National Highways [120470]
Impacted Organization	1. National Highways [120470] 2. Drivers on the affected stretch of smart motorway on the M62 [120470] 3. Road traffic officers [120470]
Software Causes	1. Potential manufacturing fault with the roadside message screens and overhead gantry signs [120470] 2. Software used to close lanes went down several times in the control rooms [120470] 3. CCTV blackspots and technological failures in the control rooms [120470] 4. Outdated technology and faulty hardware, including CCTV boxes from 2004, making it hard for operators to locate stranded vehicles [120470]
Non-software Causes	1. Staffing issues, including concerns about workload sharing among regional control centers and a car colliding with a traffic officer's vehicle under a red 'X' on an overhead sign [120470]. 2. Manufacturing faults with roadside message screens and overhead gantry signs [120470]. 3. Lack of stopped vehicle detection technology on a particular section of the M62 [120470].
Impacts	1. The software failures on the smart motorway on the M62 between the Croft and Eccles interchanges led to a significant number of broken roadside message screens and overhead gantry signs, causing delays in the control room dealing with breakdowns and leaving some cars stuck in live lanes for over an hour [120470]. 2. The broken signals and overhead gantry signs resulted in traffic officers having to perform rolling road blocks for recovery services to safely leave emergency bays, hindering their ability to respond effectively to incidents [120470]. 3. The software failures also led to breakdowns in live lanes going unseen by the control room, with vehicles often left stranded for extended periods, impacting the safety of both road users and traffic officers [120470]. 4. The lack of functioning digital screens informing motorists of hazards forced drivers to adhere to a reduced speed limit until the repairs were completed, affecting traffic flow and potentially causing congestion [120470]. 5. The software failures raised concerns about the overall safety of smart motorways, prompting calls for the immediate suspension of smart motorways and the re-introduction of hard shoulders to prevent further incidents and fatalities [120470].
Preventions	1. Regular maintenance and monitoring of the roadside message screens and overhead gantry signs to address any potential manufacturing faults or defects [120470]. 2. Implementation of new technology such as 'stopped vehicle detection' to compensate for the lack of a hard shoulder on smart motorways [120470]. 3. Ensuring adequate staffing levels and training in regional control centers to promptly address breakdowns and incidents on smart motorways [120470]. 4. Installation of reliable and updated hardware, such as CCTV systems, to improve monitoring and response capabilities on smart motorways [120470].
Fixes	1. Implement new 'stopped vehicle detection' technology on the particular section of the M62 to compensate for the lack of a hard shoulder [120470]. 2. Address potential manufacturing faults with the roadside message screens and overhead gantry signs to ensure proper functioning [120470]. 3. Improve maintenance procedures to promptly repair broken signals and signs to avoid delays and ensure road safety [120470]. 4. Enhance staffing levels and training to ensure control room operators can effectively monitor and respond to incidents on smart motorways [120470]. 5. Conduct a thorough investigation into the software failures and address any systemic issues identified to prevent future incidents [120470].
References	1. National Highways insiders [Article 120470] 2. Daily Mail undercover investigation [Article 120470]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization, multiple_organization	(a) The software failure incident having happened again at one_organization: The article reports on a software failure incident related to smart motorways managed by National Highways. The incident involved technology failures, including broken roadside message screens and overhead gantry signs, leading to delays in the control room dealing with breakdowns [120470]. (b) The software failure incident having happened again at multiple_organization: The article mentions that the smart motorways network, not just limited to a specific organization, has been facing serious issues as revealed by a six-week undercover investigation. Problems included broken safety cameras, misted up cameras, cameras facing the wrong way, and failures in the software used to close lanes across different smart motorway sections [120470].
Phase (Design/Operation)	design, operation	(a) The article reports on software failures related to the design phase, where issues were introduced by system development or updates. For example, the article mentions that on the affected stretch of smart motorway on the M62, a significant number of roadside message screens were broken, and two overhead gantry signs stopped working for a month due to potential manufacturing faults [120470]. (b) The article also highlights software failures related to the operation phase, where issues were introduced by the operation or misuse of the system. For instance, there were instances where breakdowns in live lanes went unseen by the control room, leading to vehicles being stuck for over an hour. Additionally, control room staff were unable to check reports of broken-down vehicles, potentially leaving motorists stranded in high-speed traffic [120470].
Boundary (Internal/External)	within_system, outside_system	(a) within_system: The software failure incident reported in the articles is primarily within the system. The failures mentioned include broken roadside message screens, malfunctioning overhead gantry signs, faulty signals for lane closures, speed restrictions, and warning legends, as well as issues with stopped vehicle detection technology. These failures are attributed to potential manufacturing faults and errors within the control room, hindering the response to breakdowns and leaving vehicles stranded in live lanes for extended periods [120470]. (b) outside_system: The software failure incident also involves factors originating from outside the system. For example, there are mentions of staffing issues affecting the control room's ability to respond effectively to incidents on the smart motorways. Additionally, there are concerns raised about the overall safety and design of smart motorways, including the controversial decision to eliminate hard shoulders and operate them as live lanes, which contributes to the risks faced by drivers and emergency responders [120470].
Nature (Human/Non-human)	non-human_actions, human_actions	(a) The software failure incident occurring due to non-human actions: - The article reports on technology failures along a stretch of smart motorway on the M62, including broken roadside message screens and overhead gantry signs [Article 120470]. - Two overhead gantry signs were left broken for over a month, contributing to the technology failures on the smart motorway [Article 120470]. - National Highways mentioned that some of the needed repairs were related to a potential manufacturing fault, indicating a non-human factor contributing to the software failure incident [Article 120470]. (b) The software failure incident occurring due to human actions: - The article mentions that breakdowns in live lanes regularly go unseen by the control room, with vehicles often left stuck for over an hour, indicating potential human errors or oversight in monitoring and responding to incidents [Article 120470]. - Staffing issues were also highlighted, with plans in place for different regional control centers to share the workload if necessary, suggesting potential human-related factors contributing to the software failure incident [Article 120470]. - The article mentions that control room staff were unable to check reports of broken-down vehicles, leading to motorists being stranded in high-speed traffic, indicating human actions affecting the response to incidents on the smart motorway [Article 120470].
Dimension (Hardware/Software)	hardware, software	(a) The articles mention hardware failures contributing to the software failure incident. For example, there were issues with broken roadside message screens and overhead gantry signs on the smart motorway section between the Croft and Eccles interchanges on the M62 [120470]. Additionally, there were reports of faulty and outdated hardware, such as CCTV boxes from 2004, being in use, making it challenging for operators to locate stranded vehicles [120470]. (b) The articles also highlight software failures contributing to the incident. There were instances where the software used to close lanes went down several times in the control rooms, impacting the ability to manage traffic effectively [120470]. Furthermore, there were reports of staff struggling with outdated technology, indicating software-related challenges [120470].
Objective (Malicious/Non-malicious)	non-malicious	(a) The articles do not mention any malicious intent behind the software failure incident reported on the smart motorways. The failures seem to be attributed to technical issues, staffing problems, and system shortcomings rather than intentional actions to harm the system [120470]. (b) The software failure incident on the smart motorways appears to be non-malicious in nature. The failures are described as technology failures, staffing issues, lapses in technology, broken roadside message screens, faulty signals, and outdated hardware. These issues are not portrayed as intentional acts to harm the system but rather as unintended consequences of system deficiencies [120470].
Intent (Poor/Accidental Decisions)	poor_decisions	(a) The software failure incident related to poor decisions can be inferred from the articles. The incident on the smart motorway on the M62 was plagued by technology failures, broken roadside message screens, and malfunctioning overhead gantry signs [120470]. These failures were reported to be putting drivers' lives at risk and causing delays in the control room dealing with breakdowns. The whistleblowers described the situation as 'dire' and highlighted issues such as broken signals, faulty technology, and delays in responding to breakdowns. Additionally, there were concerns raised about the safety implications of breakdowns in live lanes going unseen by the control room, leading to vehicles being stuck for extended periods [120470]. These issues suggest that the software failure incident was influenced by poor decisions related to the maintenance, monitoring, and response mechanisms of the smart motorway technology.
Capability (Incompetence/Accidental)	development_incompetence, accidental	(a) The software failure incident occurring due to development incompetence: - The article highlights issues with the smart motorway technology, including broken roadside message screens and faulty overhead gantry signs, leading to delays in the control room dealing with breakdowns [120470]. - There are reports of broken signals, faulty signs, and outdated hardware causing hindrances for traffic officers and recovery services, with some signals being faulty for months on end [120470]. - The article mentions that the software used to close lanes went down several times in the control rooms, and there were reports of CCTV blackspots and technological failures in the system [120470]. (b) The software failure incident occurring accidentally: - The article mentions that some of the broken signs and screens were due to a potential manufacturing fault, and repairs were underway to address these issues [120470]. - It is reported that National Highways confirmed a car collided with a traffic officer's vehicle as it passed under a red 'X' on an overhead sign, indicating a potential accident caused by the software failure [120470]. - The article also mentions that control room staff were unable to check reports of broken-down vehicles, leading to motorists being stranded in high-speed traffic, which could be considered an accidental failure in the system [120470].
Duration	permanent, temporary	The software failure incident related to the smart motorway on the M62 involved both permanent and temporary failures: (a) Permanent Failure: - The article mentions that on the affected stretch of smart motorway between the Croft and Eccles interchanges, a staggering 24 of the 36 roadside message screens were broken, and some signals had been faulty for months on end [Article 120470]. - Additionally, the article highlights that the software used to close lanes went down several times in the six weeks the reporter worked at one of the regional control rooms, indicating ongoing and persistent software failures [Article 120470]. (b) Temporary Failure: - The article also mentions that two overhead gantry signs on the same stretch of smart motorway were broken for over a month but have now been repaired, indicating a temporary failure that was resolved [Article 120470]. - Furthermore, National Highways mentioned that repairs for the broken signs were underway and expected to be complete in the coming days, suggesting a temporary nature of the failure [Article 120470].
Behaviour	crash, omission, other	(a) crash: The software failure incident in the smart motorway system can be categorized as a crash. The incident involved failures in technology, such as broken roadside message screens and overhead gantry signs, leading to delays in the control room's response to breakdowns and leaving vehicles stranded in live lanes for extended periods [120470]. (b) omission: The software failure incident can also be categorized as an omission. The broken signals and screens resulted in the system omitting to provide necessary information to drivers, such as lane closures, speed restrictions, and warning legends. This omission led to traffic officers having to perform rolling road blocks for recovery services due to the lack of functioning signals [120470]. (c) timing: The software failure incident does not align with a timing failure. The issue was not related to the system performing its intended functions too late or too early but rather failing to perform them due to technical faults [unknown]. (d) value: The software failure incident does not align with a value failure. The issue was not related to the system performing its intended functions incorrectly but rather failing to perform them due to broken technology components [unknown]. (e) byzantine: The software failure incident does not align with a byzantine failure. The system did not exhibit inconsistent responses or interactions but rather experienced consistent failures in specific components, such as broken screens and signs [unknown]. (f) other: The software failure incident can be categorized as a failure due to system hardware issues. The incident involved faulty and outdated hardware, including broken cameras and misted-up screens, which made it challenging for operators to locate stranded vehicles and monitor the road effectively [120470].

IoT System Layer

Layer	Option	Rationale
Perception	sensor, processing_unit	(a) sensor: The article mentions issues with roadside message screens and overhead gantry signs along the smart motorway section, indicating problems with sensors. For example, 24 of the 36 roadside message screens were broken, and two overhead gantry signs stopped working for a month [120470]. (b) actuator: The article does not provide specific information about failures related to actuators. (c) processing_unit: The article mentions delays in the control room dealing with breakdowns due to lapses in technology, indicating potential issues with the processing unit. It also states that breakdowns in live lanes regularly go unseen by the control room, suggesting processing errors [120470]. (d) network_communication: The article does not explicitly mention failures related to network communication errors. (e) embedded_software: The article does not directly address failures specifically related to embedded software errors.
Communication	unknown	The software failure incident reported in the articles does not specifically mention whether the failure was related to the communication layer of the cyber physical system that failed. The focus of the articles is on technology failures, staffing issues, broken roadside message screens, faulty overhead gantry signs, and other operational challenges on smart motorways. The articles highlight issues such as broken signals, faulty cameras, outdated hardware, and failures in implementing lane closures and speed limits, but they do not delve into the specific technical layers of the cyber physical system that may have contributed to these failures.
Application	FALSE	The software failure incident reported in the articles related to the smart motorway technology failures on the M62 does not specifically mention that the failure was related to the application layer of the cyber physical system. The articles primarily focus on technology failures, broken roadside message screens, faulty overhead gantry signs, and issues with the control room's response to breakdowns. Therefore, it is unknown whether the failure was specifically related to the application layer based on the information provided in the articles.

Other Details

Category	Option	Rationale
Consequence	death, harm, property, delay	(a) death: People lost their lives due to the software failure - The article mentions fatalities on smart motorways, with 53 people reported to have died on smart motorways in the four years leading up to 2019, and 18 of the fatalities were attributed at least partly to the way the roads operate [120470]. (b) harm: People were physically harmed due to the software failure - The article discusses incidents where breakdowns in 'live lanes' regularly went unseen by the control room, with vehicles often left stuck for 'over an hour,' potentially putting individuals at risk of harm [120470]. (d) property: People's material goods, money, or data was impacted due to the software failure - The article mentions issues with the smart motorway technology, including broken roadside message screens and faulty overhead gantry signs, which could impact drivers' ability to navigate safely and efficiently [120470]. (e) delay: People had to postpone an activity due to the software failure - The article highlights delays in the control room's response to breakdowns due to lapses in technology, potentially leading to delays for drivers stuck in live lanes [120470].
Domain	transportation	The software failure incident reported in the news articles is related to the transportation industry. The incident specifically involves smart motorways managed by National Highways, which are part of Britain's motorway network [Article 120470]. The smart motorways utilize technology such as roadside message screens, overhead gantry signs, and digital screens to inform motorists about hazards, speed limits, lane closures, and collisions. However, the failure of these technological components, including broken roadside message screens and overhead gantry signs, has led to safety risks for drivers and delays in the control room's response to breakdowns on the smart motorways [Article 120470].

Sources

Smart motorway riddled with glitches: TWO THIRDS of M62 message signs are broken - Daily Mail - Published on: 2021-10-20
Article ID: 120470

Back to List