Published Date: 2022-07-08
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving Cruise's autonomous vehicles happened on June 28, as reported in Article 129846. |
| System | 1. Cruise autonomous vehicles operated by General Motors [129846] 2. Cruise server communication system [129846] |
| Responsible Organization | 1. Cruise, a subsidiary of General Motors [129846] 2. California Department of Motor Vehicles [129846] |
| Impacted Organization | 1. Drivers in San Francisco [129846] 2. Pedestrians in San Francisco [129846] 3. Emergency vehicles potentially hindered [129846] |
| Software Causes | 1. Loss of connection with the Cruise server leading to nearly 60 vehicles being disabled across San Francisco [129846]. 2. Inability to access the system allowing remote operators to safely steer stopped vehicles to the side of the road [129846]. 3. Regular loss of contact with driverless vehicles, blocking traffic and potentially hindering emergency vehicles [129846]. 4. Software glitch causing Cruise vehicles to stop in traffic lanes, creating traffic jams [129846]. 5. Failure to maintain two-way communication link between the vehicles and remote operators as required by regulations [129846]. |
| Non-software Causes | 1. The failure incident was caused by a loss of connection between the autonomous vehicles and a Cruise server, leading to nearly 60 vehicles being disabled across San Francisco [129846]. 2. The incident was exacerbated by the inability of company staff to see where the vehicles were located or communicate with riders inside, as well as the inability to access the system allowing remote operators to safely steer stopped vehicles to the side of the road [129846]. 3. The failure incident involved a Cruise vehicle being struck by an oncoming Toyota Prius while making a left turn, resulting in both the Cruise employee in the car and the Prius driver needing medical treatment [129846]. |
| Impacts | 1. Traffic disruptions and jams occurred in San Francisco due to nearly 60 Cruise autonomous vehicles being disabled across the city after losing touch with a Cruise server, with some vehicles halting in crosswalks and creating a jam in the city's downtown [129846]. 2. The software failure incident led to Cruise vehicles being stuck in traffic lanes, causing inconvenience to pedestrians and motorists navigating around them [129846]. 3. The outage incidents raised concerns about the safety and reliability of Cruise's autonomous vehicles, potentially violating permits requiring two-way communication between the vehicles and remote operators overseeing their movements [129846]. 4. The software failure incident resulted in Cruise vehicles blocking intersections and crosswalks, prompting public frustration and calls for improvements in the technology to ensure smoother operations on public roads [129846]. |
| Preventions | 1. Implementing robust backup systems and redundancies to ensure continuous communication between the autonomous vehicles and the central server, even in case of server failures or network issues [129846]. 2. Conducting thorough testing and quality assurance processes to identify and address any potential software glitches or bugs that could lead to loss of communication with the vehicles [129846]. 3. Enhancing the monitoring and alert systems to quickly detect when vehicles lose touch with the server and take proactive measures to address the issue before it impacts traffic flow [129846]. 4. Regularly updating and maintaining the software systems of the autonomous vehicles to ensure they are equipped to handle various road conditions and technical challenges without getting stuck or causing disruptions [129846]. |
| Fixes | 1. Implementing robust fallback systems that allow the vehicles to pull over and turn on hazard lights when encountering technical problems or road conditions they can't handle [129846]. 2. Enhancing the communication and remote oversight capabilities between the vehicles and the company's operators to prevent losing contact with the fleet [129846]. 3. Improving the software to minimize the frequency of incidents where vehicles stop in traffic lanes due to technical issues [129846]. 4. Ensuring transparency and openness about the incidents and challenges faced by the self-driving company to build trust with the public and regulators [129846]. | References | 1. San Francisco Examiner 2. Reddit 3. California Department of Motor Vehicles 4. California Public Utilities Commission 5. WIRED 6. General Motors 7. Cruise spokesperson Tiffany Testo |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - Cruise, a subsidiary of General Motors, experienced a software failure incident where nearly 60 autonomous vehicles were disabled across San Francisco after losing touch with a Cruise server [129846]. - On May 18, Cruise lost touch with its entire fleet for 20 minutes, during which the company was unable to see where the vehicles were located or communicate with riders inside. The company was also unable to access its system which allows remote operators to safely steer stopped vehicles to the side of the road [129846]. (b) The software failure incident having happened again at multiple_organization: - The article mentions that Cruise's software failure incident is not an isolated case, as similar incidents have occurred with other autonomous vehicle companies like Waymo, Aurora, and Zoox [129846]. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase can be seen in the article where Cruise's autonomous vehicles experienced outages on multiple occasions, losing touch with the server and causing the vehicles to become disabled across San Francisco [129846]. These incidents were attributed to technical problems within the system, indicating a failure in the design or development phase of the autonomous vehicle software. (b) The software failure incident related to the operation phase is evident in the article where Cruise vehicles were reported to have stopped in traffic lanes, blocking intersections and causing disruptions to traffic flow in San Francisco [129846]. These operational failures, such as vehicles getting stuck in crosswalks or blocking lanes, point to issues arising during the operation or use of the autonomous vehicles. |
| Boundary (Internal/External) | within_system | (a) within_system: The software failure incident involving Cruise's autonomous vehicles in San Francisco on June 28 was primarily within the system. The incident occurred when nearly 60 vehicles were disabled across the city after losing touch with a Cruise server, leading to the vehicles being stuck in traffic and creating jams [129846]. Additionally, on May 18, Cruise lost touch with its entire fleet for 20 minutes, rendering the company unable to access its system for remote operators to steer the vehicles to the side of the road [129846]. These incidents highlight internal system failures within Cruise's autonomous vehicle technology. |
| Nature (Human/Non-human) | non-human_actions | (a) The software failure incident occurring due to non-human actions: The incident involving Cruise's autonomous vehicles in San Francisco on June 28 was primarily due to a technical issue where nearly 60 vehicles were disabled across the city after losing touch with a Cruise server. This led to the vehicles being unable to move, causing traffic disruptions and creating a blockade. The outage lasted at least 15 minutes, and similar incidents had occurred previously where the entire fleet lost touch with the server for 20 minutes, rendering the vehicles immobile [129846]. (b) The software failure incident occurring due to human actions: There is no specific information in the provided article indicating that the software failure incident was directly caused by human actions. The incidents described primarily point towards technical issues and failures within the autonomous vehicle system rather than human actions contributing to the failures. |
| Dimension (Hardware/Software) | software | (a) The articles do not provide specific information about a software failure incident occurring due to hardware issues. (b) The software failure incident reported in the articles is related to software issues originating in the software itself. The incident involved Cruise autonomous vehicles losing touch with a Cruise server, resulting in nearly 60 vehicles being disabled across San Francisco over a 90-minute period [129846]. The software failure led to the vehicles being stuck in traffic, creating jams and blocking intersections, which required manual intervention to resolve the situation. Additionally, there were instances where the company lost contact with its driverless vehicles, hindering communication with riders inside and preventing remote operators from safely steering the vehicles to the side of the road [129846]. These incidents highlight software-related failures within the autonomous vehicle system. |
| Objective (Malicious/Non-malicious) | non-malicious | (a) The articles do not provide any information indicating that the software failure incident was malicious in nature, i.e., due to contributing factors introduced by humans with the intent to harm the system [129846]. (b) The software failure incident described in the articles appears to be non-malicious in nature. The incident involved Cruise autonomous vehicles losing touch with a server, resulting in nearly 60 vehicles being disabled across San Francisco over a 90-minute period. This led to traffic disruptions and vehicles being stuck in various locations, including crosswalks and intersections. The incident was attributed to technical problems and loss of communication with the vehicles, rather than any intentional malicious actions [129846]. |
| Intent (Poor/Accidental Decisions) | poor_decisions, accidental_decisions | (a) The software failure incident involving Cruise's autonomous vehicles in San Francisco can be attributed to poor decisions made by the company. The incident on June 28, where nearly 60 vehicles were disabled across the city after losing touch with a Cruise server, led to traffic disruptions and potential safety hazards [129846]. Additionally, there were previous outages on May 18 where the entire fleet lost touch with the server for 20 minutes, rendering the company unable to locate the vehicles, communicate with riders, or access the system to steer the vehicles to safety [129846]. (b) The software failure incident can also be linked to accidental decisions or unintended consequences. For example, the incident on June 3 involved a Cruise vehicle making a left turn and being struck by an oncoming Toyota Prius, resulting in injuries to the Cruise employee and the Prius driver [129846]. This incident led Cruise to temporarily reprogram its vehicles to make fewer unprotected left turns to prevent similar accidents in the future [129846]. |
| Capability (Incompetence/Accidental) | development_incompetence, accidental | (a) The software failure incident related to development incompetence is evident in the article as Cruise, a subsidiary of General Motors, faced multiple incidents where their autonomous vehicles lost touch with the server, causing them to become disabled and block traffic in San Francisco [129846]. These incidents occurred on May 18 and June 28, with the company losing contact with its entire fleet for 20 minutes in one instance. An anonymous letter from a Cruise employee alleged that the company regularly loses contact with its driverless vehicles, leading to traffic disruptions and potentially hindering emergency vehicles [129846]. (b) The software failure incident related to accidental factors is also apparent in the article as Cruise experienced outages where their autonomous vehicles stopped in traffic lanes seemingly inexplicably, causing inconvenience to pedestrians and motorists in San Francisco [129846]. Additionally, there was an incident where a Cruise vehicle making a left turn was struck by an oncoming Toyota Prius, resulting in both drivers seeking medical treatment. Cruise temporarily reprogrammed its vehicles to make fewer unprotected left turns in response to this crash [129846]. |
| Duration | temporary | (a) The software failure incident described in the articles was temporary. The incident on June 28 involving Cruise's autonomous vehicles in San Francisco lasted at least 15 minutes, during which nearly 60 vehicles were disabled across the city after losing touch with a Cruise server [129846]. Additionally, on May 18, Cruise lost touch with its entire fleet for 20 minutes, during which the company's cars sat stopped in the street, and staff were unable to see where the vehicles were located or communicate with riders inside [129846]. These incidents indicate temporary software failures rather than permanent ones. |
| Behaviour | crash, omission, timing, other | (a) crash: The software failure incident described in the articles can be categorized as a crash. This is evident from incidents where the Cruise vehicles lost touch with the server, resulting in nearly 60 vehicles being disabled across San Francisco over a 90-minute period, causing traffic jams and vehicles to be halted in crosswalks [129846]. (b) omission: The software failure incident can also be classified as an omission. This is seen when the Cruise vehicles encountered technical problems or road conditions they couldn't handle, leading them to pull over and turn on hazard lights, essentially omitting to perform their intended functions of driving smoothly without interruptions [129846]. (c) timing: The timing of the software failure incident can be considered a factor as well. The incident where the Cruise vehicles lost touch with their entire fleet for 20 minutes, leaving the cars stopped in the street without the ability for remote operators to safely steer them to the side, highlights a timing issue in the system's response to technical failures [129846]. (d) value: The software failure incident does not directly align with a failure due to the system performing its intended functions incorrectly (value). The focus of the incident is more on system crashes, omissions, and timing issues rather than the system providing incorrect outputs or results. (e) byzantine: The software failure incident does not exhibit characteristics of a byzantine failure where the system behaves erroneously with inconsistent responses and interactions. The primary issues observed were related to system crashes, omissions, and timing problems rather than erratic or inconsistent behavior. (f) other: The other behavior observed in the software failure incident is the system causing inconvenience and traffic disruptions without resulting in injuries. Despite the technical glitches and failures, the incidents described in the articles did not lead to any reported injuries but rather caused inconvenience to drivers and pedestrians in San Francisco [129846]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, actuator, network_communication, embedded_software | (a) sensor: The software failure incident involving Cruise's autonomous vehicles in San Francisco on June 28 was related to sensor errors. The vehicles lost touch with a Cruise server, causing nearly 60 vehicles to be disabled across the city after they lost communication with the server [129846]. (b) actuator: The incident on June 3, where a Cruise vehicle making a left turn was struck by an oncoming Toyota Prius, could be related to actuator errors. The report filed by the company with the DMV mentioned that the Cruise vehicle had stopped in the intersection before completing its turn, potentially indicating an issue with the actuator's response or control [129846]. (c) processing_unit: There is no specific mention of a processing unit failure in the provided articles. (d) network_communication: The software failure incident on June 28, where Cruise vehicles lost touch with a server, leading to nearly 60 vehicles being disabled across the city, is related to network communication errors [129846]. (e) embedded_software: The incidents of Cruise vehicles stopping in traffic lanes seemingly inexplicably, as reported in May and June, could be attributed to issues with the embedded software controlling the vehicles' behavior on the road [129846]. |
| Communication | connectivity_level | The software failure incident reported in the articles was related to the communication layer of the cyber physical system that failed at the connectivity_level. The incident involved Cruise autonomous vehicles losing touch with a Cruise server, resulting in nearly 60 vehicles being disabled across San Francisco over a 90-minute period after they lost connection with the server [129846]. Additionally, the company lost touch with its entire fleet for 20 minutes on a previous occasion, during which the cars were unable to communicate with remote operators or access the system allowing for safe steering of the vehicles to the side of the road [129846]. These issues indicate a failure at the network or transport layer of the communication system within the autonomous vehicle technology. |
| Application | TRUE | The software failure incident reported in the articles related to Cruise's autonomous vehicles in San Francisco does not specifically mention whether the failure was related to the application layer of the cyber physical system. The incidents described involve issues such as vehicles losing touch with a server, getting stuck in traffic, and facing connectivity problems, but the specific technical details or root causes of these failures at the application layer are not explicitly mentioned in the provided articles. Therefore, it is unknown whether the failure was specifically related to the application layer based on the information available in the articles. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | delay, non-human, theoretical_consequence | (a) death: There were no reports of people losing their lives due to the software failure incident described in the articles [129846]. (b) harm: There were no reports of people being physically harmed due to the software failure incident described in the articles [129846]. (c) basic: There were no reports of people's access to food or shelter being impacted because of the software failure incident described in the articles [129846]. (d) property: The software failure incident caused inconvenience and delays, such as vehicles getting stuck in traffic lanes, but there were no specific reports of people's material goods, money, or data being impacted [129846]. (e) delay: The software failure incident led to significant delays and disruptions in traffic flow, with multiple autonomous vehicles getting stuck in various locations across San Francisco, causing traffic jams and inconvenience to drivers and pedestrians [129846]. (f) non-human: The software failure incident impacted the autonomous vehicles operated by Cruise, causing them to become immobile and disrupt traffic flow in San Francisco [129846]. (g) no_consequence: The software failure incident had real observed consequences, such as traffic disruptions and delays caused by the immobile autonomous vehicles [129846]. (h) theoretical_consequence: Theoretical consequences discussed in the articles include potential violations of permits related to the operation of autonomous vehicles, concerns about safety systems being compromised, and the need for transparency from self-driving companies regarding incidents on public roads [129846]. (i) other: There were no other specific consequences of the software failure incident described in the articles [129846]. |
| Domain | transportation, finance, government | (a) The failed system was related to the transportation industry, specifically autonomous vehicles. The incident involved Cruise's autonomous Chevrolet Bolts operated by Cruise, a subsidiary of General Motors, getting disabled across San Francisco due to losing touch with a Cruise server, leading to traffic disruptions and vehicles being stuck in various locations [129846]. (h) The incident also has implications for the finance industry as Cruise, the autonomous vehicle company, is competing with well-capitalized rivals like Google's sister company Waymo, Aurora, and Zoox, which is owned by Amazon. General Motors invested significant amounts of money into Cruise's self-driving unit, highlighting the financial stakes involved in the autonomous vehicle industry [129846]. (l) Additionally, the failed system's impact extends to the government sector as the California Department of Motor Vehicles, which oversees the state's autonomous vehicle operations, was made aware of the incident and planned to meet with Cruise to gather additional information. The California Public Utilities Commission (CPUC) also approved Cruise's permit to charge money for ride-hail services, indicating regulatory involvement in the autonomous vehicle sector [129846]. |
Article ID: 129846