Incident: BMW UK Recall: Electrical Fault Causes Vehicle Shutdowns and Fatal Accident

Published Date: 2018-05-09

Postmortem Analysis
Timeline 1. The software failure incident involving BMW vehicles cutting out due to an electrical fault occurred in December 2016 as mentioned by Mwape Kambafwile in the article [71220]. 2. The incident where a Gurkha veteran, Narayan Gurung, died due to a BMW with an electrical fault stalling on a dark A-road happened on Christmas Day in 2016 as reported in the same article [71220].
System 1. Power-supply system in BMW 1 Series, 3 Series, Z4, and X1 petrol and diesel models made between March 2007 and August 2011 [Article 71220] 2. Electrical system in BMW vehicles causing brake lights to fail and the car to stall [Article 71220]
Responsible Organization 1. BMW [71220]
Impacted Organization 1. Customers who owned BMW 1 Series, 3 Series, Z4, and X1 petrol and diesel models made between March 2007 and August 2011 were impacted by the electrical fault causing vehicles to cut out [Article 71220]. 2. Narayan Gurung, a Gurkha veteran, lost his life due to a BMW with an electrical fault that caused brake lights to fail and the car to stall, leading to a fatal accident [Article 71220].
Software Causes 1. The failure incident was caused by an electrical fault in BMW vehicles, leading to vehicles cutting out while being driven [71220]. 2. The electrical fault was related to a power-supply issue in the vehicles, specifically affecting the cable leading to burnt-out cables and no current passing through the fuse box [71220].
Non-software Causes 1. Electrical fault in BMW cars leading to vehicles cutting out while being driven [Article 71220] 2. Delay in recalling potentially dangerous cars despite complaints from customers over loss of power [Article 71220] 3. Brake lights failure and car stalling due to an electrical fault in a BMW car [Article 71220] 4. Failure to recall affected vehicles promptly after incidents of power loss and accidents [Article 71220]
Impacts 1. The software failure incident led to BMW recalling more than 300,000 cars in the UK due to an electrical fault that caused some vehicles to cut out, potentially endangering drivers and passengers [Article 71220]. 2. The failure resulted in a fatal accident where a Gurkha veteran lost his life after swerving to avoid a BMW that had broken down due to the electrical fault, highlighting the serious consequences of the software failure [Article 71220]. 3. The incident raised concerns about the adequacy of the car recall system in the UK, with questions being raised about why it took BMW several years to fully recall the potentially dangerous cars in the UK compared to other countries [Article 71220].
Preventions 1. Implementing thorough quality assurance testing procedures during the development phase to detect and address any electrical faults or power-supply issues before the vehicles are released to the market [71220]. 2. Enhancing the monitoring and reporting system for customer complaints related to loss of power or electrical faults to ensure prompt investigation and resolution of potential issues [71220]. 3. Conducting proactive and timely recalls based on early complaints and reports of potential safety hazards to prevent accidents and injuries caused by software failures [71220].
Fixes 1. Conduct a thorough investigation into the root cause of the electrical fault leading to vehicles cutting out while being driven [71220]. 2. Implement a comprehensive quality control process to detect and address power-supply issues in vehicles during manufacturing and post-production stages [71220]. 3. Enhance communication and coordination between the company and regulatory authorities to ensure timely and effective recalls of potentially dangerous vehicles [71220]. 4. Improve the car recall system to expedite the identification and recall of vehicles with safety issues to prevent accidents and protect public safety [71220].
References 1. Interviews with affected customers, such as Mwape Kambafwile, who experienced the power-supply issue in their BMW vehicles [Article 71220]. 2. Reports from an inquest regarding the death of Narayan Gurung due to an electrical fault in a BMW vehicle [Article 71220]. 3. Statements from Andy McDonald, the Labour MP for Middlesbrough and the shadow transport secretary, criticizing BMW's conduct [Article 71220]. 4. Comments from Alex Neill, the Which? managing director of home products and services, questioning the adequacy of the car recall system in the UK [Article 71220].

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident related to BMW's electrical fault causing vehicles to cut out has happened again within the same organization. BMW had issued a safety call covering about 36,000 petrol vehicles last year but extended it after acknowledging the fault could affect more cars. The company recognized that there may have been similar power-supply issues in vehicles not covered by the original recall, leading to the proactive step of expanding the existing UK recall to cover all potentially affected vehicles [Article 71220]. (b) The software failure incident related to BMW's electrical fault causing vehicles to cut out has also happened at other organizations or with their products and services. The article mentions that BMW had previously recalled cars with the fault in the US, Canada, South Africa, and Australia before extending the recall in the UK. This indicates that similar incidents occurred in multiple countries [Article 71220].
Phase (Design/Operation) unknown The articles do not mention any software failure incident related to the development phases such as design or operation. Therefore, it is unknown whether the failure was due to contributing factors introduced by system development, system updates, or procedures to operate or maintain the system (design), or if it was due to contributing factors introduced by the operation or misuse of the system (operation).
Boundary (Internal/External) within_system (a) within_system: The software failure incident, in this case, the electrical fault causing BMW vehicles to cut out, originated from within the system. The fault was acknowledged by BMW, and the company extended the safety recall after realizing that more cars could be affected by the power-supply issue [71220]. (b) outside_system: There is no information in the provided article indicating that the software failure incident was due to contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in the BMW vehicles was primarily due to non-human actions, specifically an electrical fault in the power-supply system of the cars. This fault caused some vehicles to cut out while being driven, leading to safety concerns and even a fatal accident [71220]. (b) Human actions also played a role in the software failure incident as BMW failed to recall thousands of potentially dangerous cars despite complaints from customers over the loss of power dating back to 2011. The delay in recalling the affected vehicles was criticized by various individuals, including politicians and consumer rights advocates, highlighting the human aspect of the failure incident [71220].
Dimension (Hardware/Software) hardware, software (a) The software failure incident in the BMW vehicles was primarily due to hardware issues. The electrical fault in the vehicles caused them to cut out while being driven, leading to dangerous situations on the road [71220]. (b) The software failure incident in the BMW vehicles was also related to software issues. The power-supply issue in the vehicles, specifically affecting the fuse box due to a burnt-out cable, was a contributing factor to the failures experienced by drivers [71220].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the BMW recall was non-malicious. The failure was due to an electrical fault in the vehicles, specifically a power-supply issue, which caused some vehicles to cut out while being driven. BMW acknowledged the fault and extended the recall to cover all potentially affected vehicles, indicating that the issue was not caused by malicious intent but rather by a technical flaw in the system [71220].
Intent (Poor/Accidental Decisions) poor_decisions The software failure incident related to the BMW recall was primarily due to poor_decisions. BMW failed to recall thousands of potentially dangerous cars despite complaints from customers over the loss of power from as early as 2011. The company delayed withdrawing the affected vehicles from the roads, leading to serious safety concerns and even a fatal accident [71220].
Capability (Incompetence/Accidental) unknown The articles do not mention any software failure incident related to development incompetence or accidental factors.
Duration unknown The software failure incident reported in the articles is not related to a temporary or permanent software failure. The incident described pertains to an electrical fault in BMW vehicles, specifically affecting the power-supply system, which led to vehicles cutting out while being driven. This issue is not directly attributed to a software failure but rather an electrical fault within the vehicles [71220].
Behaviour crash, omission, value, other (a) crash: The software failure incident in the BMW vehicles can be categorized as a crash. The vehicles experienced a power-supply issue that caused them to cut out while being driven, leading to a loss of power and functionality [71220]. (b) omission: The software failure incident can also be categorized as an omission. The electrical fault in the BMW vehicles resulted in the omission of the intended function of maintaining power supply to critical components, causing the vehicles to stall and lose power unexpectedly [71220]. (c) timing: The timing of the software failure incident is not explicitly mentioned in the articles. (d) value: The software failure incident can be categorized as a value failure. The power-supply issue in the BMW vehicles caused the system to perform its intended functions incorrectly, leading to potential safety hazards for the drivers and passengers [71220]. (e) byzantine: The software failure incident is not described as exhibiting byzantine behavior in the articles. (f) other: The software failure incident can be further described as a safety-critical failure. The failure of the power supply system in the BMW vehicles posed a significant safety risk to the drivers and passengers, as evidenced by incidents where vehicles stalled on roads, leading to accidents and even fatalities [71220].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence death, harm (a) death: People lost their lives due to the software failure - An inquest heard that a Gurkha veteran, Narayan Gurung, was killed on Christmas Day in 2016 when he swerved to avoid a BMW that had broken down due to an electrical fault, causing its brake lights to fail and the car to stall on a dark A-road. Gurung died at the scene after his Ford Fiesta collided with a tree; his wife was seriously injured [Article 71220].
Domain transportation (a) The failed system was intended to support the transportation industry. The software failure incident involved BMW recalling more than 300,000 cars in the UK due to an electrical fault that caused some vehicles to cut out while being driven [Article 71220]. This incident directly impacts the transportation sector as it involves vehicles stalling and losing power during operation.

Sources

Back to List