Incident: Air Bag Deployment Software Defect in GM Vehicles

Published Date: 2016-09-09

Postmortem Analysis
Timeline 1. The software failure incident involving General Motors Co happened in mid-May 2016 [47585]. 2. The incident was discovered by G.M.'s safety engineers in May 2016 [47585].
System 1. Sensing and diagnostic module software in certain GM vehicles from the 2014 to 2017 model years [48317, 47585] 2. Electronic motion sensor in a 2014 GM vehicle [47585]
Responsible Organization 1. General Motors Co GM.N [48317, 47585] 2. National Highway Traffic Safety Administration (NHTSA) [48317, 47585]
Impacted Organization 1. General Motors Co (GM) [48317, 47585] 2. Vehicle owners of the recalled vehicles [48317, 47585]
Software Causes 1. The failure incident was caused by a software defect in the sensing and diagnostic module that controls air bag deployment, which may prevent the deployment of frontal air bags in certain rare circumstances [48317]. 2. The software defect was related to an electronic motion sensor that, under certain circumstances, can prevent airbags from inflating in a crash [47585].
Non-software Causes 1. The failure incident was caused by a sensing and diagnostic module defect that prevented air bag deployment in certain circumstances [48317, 47585]. 2. The failure incident was linked to an electronic motion sensor that, under certain circumstances, prevented airbags from inflating in a crash [47585].
Impacts 1. The software defect in General Motors vehicles prevented air bags from deploying during a crash, leading to one death and three injuries [48317, 47585]. 2. General Motors had to recall nearly 4.3 million vehicles worldwide to address the software defect, including trucks, cars, and SUVs from the 2014 to 2017 model years [48317, 47585]. 3. The recall had a financial impact on GM, causing its stock to fall by 2.8 percent [48317]. 4. The National Highway Traffic Safety Administration (NHTSA) highlighted that certain driving conditions could activate a diagnostic test in the air bag software, preventing air bag deployment in a crash [48317]. 5. GM's dealers had to update the vehicle software to prevent future air bag and pretensioner nondeployments [48317]. 6. The recall was a significant event for GM, given its history of air bag-related issues, including a previous recall of 2.6 million vehicles due to an ignition-switch defect [48317]. 7. The recall process involved a quick software modification that could be done by dealers without customers needing to receive a recall notice first [47585]. 8. The quick response to the software defect by GM and the government contrasted with past safety issues, such as the ignition switch problem that took years to resolve [47585].
Preventions 1. Implementing thorough software testing procedures during the development phase to identify and rectify any potential defects before the software is deployed [48317, 47585]. 2. Conducting regular software updates and maintenance checks to ensure the software remains functional and secure [48317, 47585]. 3. Enhancing communication channels within the organization to encourage employees to report safety concerns promptly, as demonstrated by GM's "Speak Up For Safety" system [47585].
Fixes 1. Updating the vehicle software to prevent future air bag and pretensioner nondeployments [48317]. 2. A quick software modification that could be done by dealers to fix the airbag deployment issue [47585].
References 1. General Motors Co (GM) [Article 48317, Article 47585] 2. U.S. National Highway Traffic Safety Administration (NHTSA) [Article 48317, Article 47585] 3. GM spokesman Tom Wilkinson [Article 48317, Article 47585] 4. Michelle Krebs, analyst with Autotrader.com [Article 47585] 5. Tesla [Article 47585] 6. Tesla chief executive, Elon Musk [Article 47585] 7. Tesla spokeswoman, Alexis Georgeson [Article 47585] 8. G.M. Chief Executive, Mary T. Barra [Article 47585] 9. Delphi Automotive, the supplier of the module [Article 47585]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization (a) The software failure incident having happened again at one_organization: - General Motors Co faced another air bag-related issue due to a software defect that prevented air bags from deploying during a crash [48317]. - In 2014, GM recalled nearly 2.6 million vehicles because of an ignition-switch defect that also prevented air bags from deploying in some crashes [48317]. (b) The software failure incident having happened again at multiple_organization: - The article does not mention any other organizations facing a similar software failure incident related to air bags.
Phase (Design/Operation) design, unknown (a) The software failure incident related to the design phase is evident in the articles. General Motors Co announced a recall of nearly 4.3 million vehicles worldwide due to a software defect that can prevent airbags from deploying during a crash. The issue was traced back to a software defect in the sensing and diagnostic module that controls airbag deployment [48317, 47585]. This indicates that the failure was due to contributing factors introduced during the system development phase. (b) The software failure incident related to the operation phase is not explicitly mentioned in the articles. Therefore, it is unknown if the failure was due to contributing factors introduced by the operation or misuse of the system.
Boundary (Internal/External) within_system (a) within_system: The software failure incident related to the airbag deployment issue in General Motors vehicles was caused by a software defect within the system. The sensing and diagnostic module that controls airbag deployment had a software defect that could prevent the deployment of frontal airbags in certain rare circumstances [48317, 47585]. The issue was traced back to an electronic motion sensor that, under certain circumstances, could prevent airbags from inflating in a crash [47585]. General Motors conducted road testing and identified the fault within the system before deciding on a recall to update the vehicle software to prevent future airbag and pretensioner nondeployments [48317]. (b) outside_system: There is no information in the articles to suggest that the software failure incident was caused by contributing factors originating from outside the system.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident in Article 47585 occurred due to non-human actions. The article mentions that the problem was traced to an electronic motion sensor that, under certain circumstances, can prevent airbags from inflating in a crash. This flaw was related to one fatality and other accidents resulting in three injuries [47585]. (b) The software failure incident in Article 48317 also involved human actions. It states that GM received a report in May of a crash involving a 2014 Chevrolet Silverado truck in which the driver’s frontal air bag and seat belt equipment did not deploy. GM opened an investigation into the issue in June and conducted road testing at its Milford Proving Grounds in August before deciding on a recall. The company's dealers will update vehicle software to prevent future airbag and pretensioner nondeployments [48317].
Dimension (Hardware/Software) hardware, software (a) The software failure incident related to hardware: - The software defect that prevented air bags from deploying during a crash was linked to a sensing and diagnostic module that controls air bag deployment, indicating a hardware-related issue [48317]. - Engineers traced the problem to an electronic motion sensor that, under certain circumstances, can prevent airbags from inflating in a crash, suggesting a hardware-related issue [47585]. (b) The software failure incident related to software: - The recall was due to a software defect in the sensing and diagnostic module that controls air bag deployment, indicating a software-related issue [48317]. - The fix for the problem involved a quick software modification that could be done by dealers, highlighting a software-related issue [47585].
Objective (Malicious/Non-malicious) non-malicious (a) The software failure incident related to the General Motors recall of nearly 4.3 million vehicles worldwide due to a software defect that can prevent air bags from deploying during a crash was non-malicious. The failure was attributed to a software defect in the sensing and diagnostic module that controls air bag deployment, which may prevent the deployment of frontal air bags in certain "rare circumstances" [48317, 47585]. The issue was traced back to an electronic motion sensor that, under certain circumstances, can prevent airbags from inflating in a crash [47585]. (b) There is no indication in the articles that the software failure incident was malicious.
Intent (Poor/Accidental Decisions) poor_decisions (a) The software failure incident related to the General Motors recall of nearly 4.3 million vehicles worldwide due to a software defect that can prevent air bags from deploying during a crash was primarily due to poor decisions. The failure was caused by a software defect in the sensing and diagnostic module that controls air bag deployment, which may prevent the deployment of frontal air bags in certain "rare circumstances" [48317, 47585]. The defect was identified as a result of an investigation initiated by GM after a crash involving a 2014 Chevrolet Silverado truck where the air bags did not deploy. The issue was traced back to an electronic motion sensor that, under certain circumstances, could prevent air bags from inflating in a crash [47585]. The recall and software fix were necessary due to the poor decision in the design or implementation of the software, leading to potential safety risks for vehicle occupants.
Capability (Incompetence/Accidental) development_incompetence, accidental (a) The software failure incident related to development incompetence is evident in the case of General Motors' recall of nearly 4.3 million vehicles worldwide due to a software defect that can prevent air bags from deploying during a crash. The defect was linked to one death and three injuries, highlighting a failure in the development process that led to a critical safety issue [48317, 47585]. (b) The software failure incident related to accidental factors is demonstrated by the issue with the air bag deployment in certain rare circumstances due to a software defect. This problem was not intentional but arose as a result of an accidental flaw in the software that controls air bag deployment [48317, 47585].
Duration temporary From the provided articles, the software failure incident related to the airbag deployment issue in General Motors vehicles can be categorized as a temporary failure. The software defect in the sensing and diagnostic module could prevent the deployment of frontal airbags in certain "rare circumstances" [48317]. The issue was traced to an electronic motion sensor that, under certain circumstances, can prevent airbags from inflating in a crash [47585]. This indicates that the failure was not permanent but rather occurred under specific conditions or circumstances.
Behaviour crash, omission, value (a) The software failure incident in the articles is related to a crash. The defect in the software prevented the deployment of frontal airbags in certain "rare circumstances," leading to a situation where the air bags did not deploy during a crash involving a 2014 Chevrolet Silverado truck [48317]. (b) The software failure incident can also be categorized as an omission. In certain instances, the software defect caused the airbags to not deploy when they were supposed to, resulting in at least one death and three injuries [47585]. (c) The timing of the software failure incident is not explicitly mentioned in the articles. (d) The software failure incident can be linked to a value failure. The software defect caused the airbag sensing and diagnostic module to activate a diagnostic test under certain driving conditions, which in turn prevented the airbag from deploying in the event of a crash, leading to incorrect performance of the intended function [48317]. (e) The software failure incident does not exhibit characteristics of a byzantine failure. (f) The software failure incident can be considered as a combination of crash (a) and omission (b) behaviors, where the system lost its state and failed to perform its intended function of deploying airbags in certain circumstances, resulting in a critical omission of safety features during a crash [48317, 47585].

IoT System Layer

Layer Option Rationale
Perception sensor, embedded_software (a) sensor: The software failure incident related to the GM airbag recall was due to a sensor error. The article mentions that the issue was traced to an electronic motion sensor that, under certain circumstances, can prevent airbags from inflating in a crash [47585]. (e) embedded_software: The failure was also related to embedded software error. GM stated that the sensing and diagnostic module that controls airbag deployment had a software defect that may prevent the deployment of frontal airbags in certain "rare circumstances" [48317]. Additionally, GM and Delphi reviewed data from other vehicles suspected of similar airbag problems and determined that the module had a fault in its software that caused it to become incapable of deploying the airbags during a diagnostic test [47585].
Communication unknown The software failure incident reported in the news articles does not specifically mention whether the failure was related to the communication layer of the cyber physical system that failed. The focus of the articles is on the software defect in the sensing and diagnostic module that controls air bag deployment, which may prevent the deployment of frontal air bags in certain circumstances. The articles discuss how General Motors responded to the issue, traced the problem to an electronic motion sensor, and conducted road testing before deciding on a recall. There is no explicit mention of the failure being related to the communication layer (link_level) or the network/transport layer (connectivity_level) of the cyber physical system.
Application TRUE The software failure incident reported in the news articles was related to a software defect in the sensing and diagnostic module that controls airbag deployment in certain vehicles manufactured by General Motors. This defect was specifically mentioned to be a software issue that may prevent the deployment of frontal airbags in certain rare circumstances [48317, 47585]. This aligns with the definition of a failure at the application layer of a cyber-physical system, as it involves a bug in the software controlling the airbag deployment system.

Other Details

Category Option Rationale
Consequence death, harm (a) The consequence of the software failure incident in this case was a death. The software defect in General Motors vehicles prevented air bags from deploying during a crash, which was linked to one death and three injuries [48317, 47585].
Domain manufacturing The software failure incident reported in the news articles is related to the manufacturing industry. General Motors Co announced a recall of nearly 4.3 million vehicles worldwide due to a software defect that can prevent airbags from deploying during a crash [48317, 47585]. This defect in the sensing and diagnostic module controlling airbag deployment affected trucks, cars, and SUVs from the 2014 to 2017 model years, including models like Buick LaCrosse, Chevrolet Corvette, Silverado 1500, Chevrolet Tahoe, Suburban, Silverado HD, and Cadillac Escalade [48317]. The recall and software update were aimed at addressing the issue to ensure the safety of the vehicles and passengers [47585].

Sources

Back to List