Incident Details

Incident: Ford Motor Co Recalls Vehicles Due to Braking Software Error

Published Date: 2022-04-01

Postmortem Analysis
Timeline	1. The software failure incident involving the Ford vehicles occurred on April 1, 2022, as reported in Article 125568.
System	1. Integrated trailer brake control module software in 2021-2022 F-150, 2022 Ford Maverick, Expedition, Lincoln Navigator, F-250, F-350, F-450, and F-550 vehicles [125568].
Responsible Organization	1. Ford Motor Co [125568]
Impacted Organization	1. Ford Motor Co [125568]
Software Causes	1. The software cause of the failure incident in the Ford Motor Co recall was a software error in the integrated trailer brake control module software, affecting 2021-2022 F-150, 2022 Ford Maverick, Expedition, Lincoln Navigator, F-250, F-350, F-450, and F-550 vehicles [125568].
Non-software Causes	1. The engine oil separator housing in certain Ford vehicles could crack and develop an oil leak, potentially causing an engine fire [125568]. 2. A part in towed trailers equipped with an electric or electric-over hydraulic brake system in various Ford vehicles might not brake properly [125568].
Impacts	1. The software error in Ford vehicles could hinder braking, potentially leading to safety concerns for drivers and passengers [125568].
Preventions	1. Proper testing and quality assurance procedures during the development of the integrated trailer brake control module software could have potentially prevented the software failure incident [125568].
Fixes	1. Dealers will update the integrated trailer brake control module software to fix the software failure incident related to the braking issue in certain Ford vehicles [125568].
References	1. Ford Motor Co press release 2. Reports by Ford Motor Co 3. Statements by Ford Motor Co dealers 4. Reporting by David Shepardson (Reuters journalist) [125568]

Software Taxonomy of Faults

Category	Option	Rationale
Recurring	one_organization	(a) The software failure incident related to the Ford Motor Co recall involves a software error that could hinder braking in certain vehicles [125568]. This incident is specific to Ford Motor Co and its products.
Phase (Design/Operation)	design	(a) The software failure incident related to the design phase is mentioned in the article. Ford Motor Co is recalling 391,836 vehicles because a towed trailer equipped with an electric or electric-over hydraulic brake system might not brake due to a software error. Dealers will update the integrated trailer brake control module software to address this issue [125568]. (b) The software failure incident related to the operation phase is not explicitly mentioned in the provided article.
Boundary (Internal/External)	within_system	(a) The software failure incident related to the Ford vehicle recall is categorized as within_system. The article mentions that Ford is recalling vehicles due to a software error that could hinder braking in certain models like the 2021-2022 F-150, Expedition, and others [125568]. This indicates that the software issue causing the braking problem originates from within the vehicle's system itself.
Nature (Human/Non-human)	non-human_actions	(a) The software failure incident related to non-human_actions: - Ford Motor Co is recalling 391,836 vehicles due to a software error that could hinder braking in towed trailers equipped with an electric or electric-over hydraulic brake system. Dealers will update the integrated trailer brake control module software to address this issue [125568]. (b) The software failure incident related to human_actions: - There is no specific mention in the article about the software failure incident being directly caused by human actions.
Dimension (Hardware/Software)	hardware, software	(a) The software failure incident related to hardware: - Ford Motor Co is recalling 737,000 vehicles in the United States due to a part that could develop an oil leak and a software error that could hinder braking [Article 125568]. - The recall includes vehicles with issues such as the engine oil separator housing cracking and developing an oil leak, potentially causing an engine fire, and a software error affecting the braking system when towing a trailer with specific brake systems [Article 125568].
Objective (Malicious/Non-malicious)	non-malicious	(a) The software failure incident related to the Ford Motor Co recall is non-malicious. The recall is due to a software error that could hinder braking in certain vehicles, specifically affecting the integrated trailer brake control module software in various Ford vehicles [125568].
Intent (Poor/Accidental Decisions)	accidental_decisions	(a) The software failure incident related to the Ford Motor Co recall involved a software error that could hinder braking in certain vehicles. The recall affected 391,836 vehicles, including models such as F-150, Expedition, and others, where a towed trailer equipped with an electric or electric-over hydraulic brake system might not brake due to a software issue. Ford received 67 reports of improper function potentially related to the software error but no reports of crashes or injuries related to the recall [125568].
Capability (Incompetence/Accidental)	accidental	(a) The software failure incident related to development incompetence is not mentioned in the provided article [125568]. (b) The software failure incident related to an accidental factor is mentioned in the article [125568]. Ford Motor Co is recalling vehicles due to a software error that could hinder braking in certain models. The issue with the software could lead to a situation where a towed trailer equipped with an electric or electric-over hydraulic brake system might not brake properly. Ford has 67 reports of improper function potentially related to the software issue, but no reports of crashes or injuries related to the recall.
Duration	temporary	(a) The software failure incident related to the Ford Motor Co recall involves a temporary duration. The article mentions that Ford is recalling certain vehicles due to a software error that could hinder braking. Specifically, the recall affects 391,836 vehicles, including various models like F-150, Expedition, and others, where the issue is related to a towed trailer equipped with an electric or electric-over hydraulic brake system not braking properly. Dealers will address this issue by updating the integrated trailer brake control module software [125568].
Behaviour	crash, other	(a) crash: The software failure incident related to the Ford vehicles involved a software error that could hinder braking, potentially leading to a crash. The article mentions that Ford is recalling vehicles due to a software error that could affect braking performance, specifically in vehicles equipped with an electric or electric-over hydraulic brake system [125568]. (b) omission: The articles do not mention any instances of the software failure incident related to the Ford vehicles omitting to perform its intended functions at an instance(s). (c) timing: The articles do not mention any instances of the software failure incident related to the Ford vehicles performing its intended functions correctly, but too late or too early. (d) value: The software failure incident related to the Ford vehicles does not involve the system performing its intended functions incorrectly. (e) byzantine: The articles do not mention any instances of the software failure incident related to the Ford vehicles behaving erroneously with inconsistent responses and interactions. (f) other: The software failure incident related to the Ford vehicles involves a software error that could hinder braking, potentially leading to a crash. This behavior could be categorized as a safety-critical issue impacting the overall functionality and safety of the vehicles [125568].

IoT System Layer

Layer	Option	Rationale
Perception	actuator, embedded_software	(a) The article mentions a software error in Ford vehicles that could hinder braking. Specifically, it states that Ford is recalling vehicles due to a software error that could hinder braking in certain models like the Ford Escape, Ford Bronco Sport, F-150, and others [125568]. This indicates a failure related to the actuator layer of the cyber physical system, where the software controlling the braking system may have issues. (b) The article does not mention any specific issues related to actuator errors. (c) The article does not mention any specific issues related to processing unit errors. (d) The article does not mention any specific issues related to network communication errors. (e) The article highlights that Ford is recalling vehicles to update the integrated trailer brake control module software, indicating a failure related to the embedded software layer of the cyber physical system [125568].
Communication	link_level	The software failure incident reported in Article 125568 is related to the connectivity level of the cyber physical system. Ford Motor Co is recalling vehicles due to a software error that could hinder braking in certain models. Specifically, the recall involves updating the integrated trailer brake control module software in 2021-2022 F-150, 2022 Ford Maverick, Expedition, Lincoln Navigator, F-250, F-350, F-450, and F-550 vehicles. This software update is aimed at addressing the issue where a towed trailer equipped with an electric or electric-over hydraulic brake system might not brake properly, indicating a failure at the connectivity level of the cyber physical system [125568].
Application	TRUE	The software failure incident mentioned in Article 125568 was related to the application layer of the cyber physical system. Specifically, Ford Motor Co recalled vehicles due to a software error that could hinder braking in certain models like the 2021-2022 F-150, 2022 Ford Maverick, Expedition, Lincoln Navigator, F-250, F-350, F-450, and F-550 vehicles. The issue was related to the integrated trailer brake control module software, which could cause improper function in towed trailers equipped with an electric or electric-over hydraulic brake system [125568].

Other Details

Category	Option	Rationale
Consequence	theoretical_consequence	(a) death: People lost their lives due to the software failure (b) harm: People were physically harmed due to the software failure (c) basic: People's access to food or shelter was impacted because of the software failure (d) property: People's material goods, money, or data was impacted due to the software failure (e) delay: People had to postpone an activity due to the software failure (f) non-human: Non-human entities were impacted due to the software failure (g) no_consequence: There were no real observed consequences of the software failure (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? The articles do not mention any consequences related to death, harm, basic needs, property damage, or non-human entities due to the software failure incidents reported. There were no reports of injuries or crashes related to the recalls mentioned in the article. The consequences were mainly related to potential safety issues that could arise from the software errors, such as hindering braking in vehicles and improper function of trailer brake systems.
Domain	transportation	(a) The software failure incident reported in the article is related to the automotive industry, specifically affecting Ford Motor Co vehicles [125568].

Sources

Ford recalls 737000 U.S. vehicles over software and fire-risk issues - Reuters - Published on: 2022-04-01
Article ID: 125568

Back to List