Published Date: 2015-09-18
| Postmortem Analysis | |
|---|---|
| Timeline | 1. The software failure incident involving Volkswagen's diesel cars occurred in mid-September 2015 [Article 57666]. 2. The incident was also mentioned to have happened on Dec. 2, 2014, when Volkswagen assured U.S. and California regulators that a software change would remedy the emissions issue [Article 52082]. |
| System | 1. Software designed to cheat emissions tests in Volkswagen diesel cars [51369, 51495, 52082, 52192, 52195, 59605, 93612] 2. Engine management software in Mercedes diesel cars [72694] 3. Software installed in VW cars that was ruled as a 'defeat device' under EU regulations [98293] |
| Responsible Organization | 1. Volkswagen [51369, 51495, 52033, 52192, 52195, 52311, 93612] 2. Fiat Chrysler Automobiles [59605] 3. Daimler [72694] 4. German regulators [93110, 98293] |
| Impacted Organization | 1. Customers and the public [51369, 51495] 2. Volkswagen Group, including Audi, Porsche, and other brands [51495, 52082] 3. Shareholder advocates and former employees of Volkswagen [52192] 4. VW, Audi, Skoda, and Seat owners [52311] 5. Fiat Chrysler Automobiles [59605] 6. Mercedes-Benz (Daimler) [72694] 7. Claimants represented by Slater and Gordon in the UK against VW [93612] 8. Volkswagen Group and its employees [98293] 9. Mercedes-Benz customers impacted by the emissions scandal [120238] |
| Software Causes | 1. The software cause of the failure incident was the installation of defeat device software in Volkswagen diesel cars to cheat emissions tests [51369, 52033, 52082, 59605]. 2. The software was designed to make it appear that the vehicles complied with emissions standards during lab tests, but emitted substantially higher levels of pollutants during normal driving [59605]. 3. The software issue involved a sophisticated computer program that intentionally bypassed or rendered inoperative the vehicles' emission control system [59605]. 4. The software was a "defeat device" under EU regulations, as ruled by the High Court, indicating its deceptive nature [98293]. 5. The software was acknowledged by internal VW documents to be unlawful and the only basis for meeting emissions limits, showing a clear acceptance of its deceptive functionality [93612]. |
| Non-software Causes | 1. Failure of people inside Volkswagen to sound warnings about illegal engine software and pass information up the chain of command [Article 52192] 2. Centralized decision-making culture inside Volkswagen [Article 52192] 3. Failure by Martin Winterkorn, the former chief executive of Volkswagen, to keep shareholders informed [Article 52192] 4. Use of a valve controlling software that recirculates exhaust gases, which was not representative of real driving conditions [Article 118717] |
| Impacts | 1. False emissions data was provided by close to half a million diesel cars designed by Volkswagen, leading to a violation of US rules and a loss of trust from customers and the public [51369, 51495]. 2. The software failure resulted in a recall of approximately 11 million Volkswagen Group autos worldwide, affecting fuel efficiency, power, acceleration, and causing cars to go into "limp home" mode [52082, 61091]. 3. Owners of affected cars reported poor fuel consumption, starting difficulties, mysterious rattles, and a loss of power, undermining claims that the software fix had no impact on driving [61709]. 4. The scandal led to a wider internal investigation focusing on responsibility for installing illegal software and the failure of management to take appropriate action, impacting the culture and decision-making processes within Volkswagen [52192]. 5. The software failure had a significant impact on emissions, with nitrogen dioxide exposure affecting mortality rates equivalent to 23,500 deaths annually in the UK, and internal documents showing that VW was aware of the unlawful nature of the software [93110, 93612]. 6. Daimler, another automaker, faced similar issues with emissions software, leading to a recall of three million Mercedes diesel cars, although the company denied any wrongdoing [72694]. 7. Litigation and court battles ensued following the scandal, with a court ruling that the software installed in VW cars was indeed a "defeat device" under EU regulations [98293]. 8. Mercedes also recalled vehicles to provide a software update to comply with emissions regulations following the scandal [120238]. |
| Preventions | 1. Implementing thorough and independent software code inspections to detect any malicious hacks or anomalies in the software [Article 52311]. 2. Encouraging a culture of transparency and accountability within the organization to ensure that information about violations or illegal software is promptly reported up the chain of command [Article 52192]. 3. Conducting regular and rigorous testing of software updates or fixes to ensure they effectively address the issues without causing further failures [Article 52082]. 4. Enforcing regulations and oversight to ensure that companies disclose any software modifications affecting emissions controls and seek regulatory approval [Article 52195]. 5. Implementing mechanisms for early detection of software anomalies or deviations from expected behavior, such as conducting comprehensive emissions tests under real-world driving conditions [Article 118717]. |
| Fixes | 1. An emissions software update issued at local Volkswagen dealerships and service centers [51495]. 2. Recalibrating the software that runs the engine [52082]. 3. Providing a software update known as a 'fix' to make the vehicles comply with emissions regulations [120238]. | References | 1. West Virginia University [51369, 52034] 2. International Council on Clean Technology [51369, 52082] 3. California Air Resources Board [52082] 4. United States government and California regulators [52192] 5. Law firm conducting a survey [61091] 6. Internal VW documents [93612] 7. High Court [98293] |
| Category | Option | Rationale |
|---|---|---|
| Recurring | one_organization, multiple_organization | (a) The software failure incident having happened again at one_organization: - Article 61709 mentions that Audi AG, a subsidiary of Volkswagen, was also caught in the scandal related to the defeat device in diesel cars. (b) The software failure incident having happened again at multiple_organization: - Article 72694 reports that Daimler, the parent company of Mercedes-Benz, faced problems with its emissions software and had to refit the software in some of its diesel models. |
| Phase (Design/Operation) | design, operation | (a) The software failure incident related to the design phase: - Volkswagen designed software for diesel cars that gave false emissions data, leading to a violation of US rules [51369]. - Volkswagen admitted to installing a "defeat device" in vehicles equipped with 2-liter diesel engines to cheat on emissions tests, indicating a deliberate design decision to deceive regulators [52033]. - The software ruse by Volkswagen was particularly difficult to detect, indicating a sophisticated design of the software to evade detection [52082]. - An internal investigation at Volkswagen is focusing on who was responsible for installing illegal software designed to fool emissions testers, highlighting a design failure in the software development process [52192]. - Federal and California regulators began investigating a second computer program in Volkswagen's diesel cars that affected the operation of emission controls, indicating potential design flaws in multiple software components [52195]. - The software used by Volkswagen to cheat on emissions tests bypassed and rendered inoperative the vehicles' emission control system, indicating a deliberate design flaw in the software [59605]. - Daimler faced problems with its emissions software, leading to a recall of three million Mercedes diesel cars due to software issues [72694]. - VW's customers' representative highlighted that VW had long known that the software was unlawful and indefensible, indicating a design flaw in the software that was deliberately concealed [93612]. - The High Court ruled that the software function in VW cars was indeed a defeat device under EU regulations, indicating a design flaw in the software that violated regulations [98293]. - The software controlling a valve in VW cars was considered a "defeat device" by consumers in Austria, indicating a design flaw that manipulated emissions data [118717]. (b) The software failure incident related to the operation phase: - The defeat device software installed by Volkswagen allowed vehicles to pass emissions tests without affecting fuel economy and performance during operation [52192]. - Volkswagen withdrew 2016 models of its diesel cars from environmental certification in the US due to undisclosed software affecting the operation of emission controls [52195]. - The software used by Volkswagen caused vehicles to emit substantially higher levels of nitric oxide during normal driving, indicating an operational failure in emission control [59605]. - Daimler faced issues with its emissions software, which included auxiliary emissions control devices that could turn off emissions controls during driving for various reasons, affecting the operation of the vehicles [72694]. - VW customers highlighted that the software was the only basis on which emissions limits were met, indicating an operational failure in emissions control during regular vehicle operation [93612]. - The High Court ruled that the software function in VW cars was a defeat device under EU regulations, indicating an operational failure in compliance with regulations during vehicle operation [98293]. - The software controlling a valve in VW cars was considered a "defeat device" by consumers in Austria, indicating an operational failure in emissions control during real driving conditions [118717]. |
| Boundary (Internal/External) | within_system, outside_system | (a) within_system: The software failure incident related to Volkswagen's diesel cars involved the installation of illegal software known as a "defeat device" within the vehicles. This software was designed to cheat on emissions tests by activating emissions controls during testing but emitting significantly higher levels of nitrogen oxide during normal driving [#52033, #52192, #59605]. (b) outside_system: The failure was also influenced by factors outside the system, such as the regulatory environment and the actions of external entities. For example, the Environmental Protection Agency (EPA) and California regulators conducted investigations into the software, and external researchers like Mr. Kodjak's group identified the discrepancy in emissions data that led to the discovery of the defeat device software [#52033, #52034]. |
| Nature (Human/Non-human) | non-human_actions, human_actions | (a) The software failure incident occurring due to non-human actions: - The software installed in Volkswagen vehicles was designed to cheat on emissions tests by emitting substantially higher levels of nitric oxide than allowed [59605]. - The software allowed Volkswagen vehicles to pass emissions tests without the usual trade-off in fuel economy and performance [52192]. - The software controlled by Volkswagen was used to bypass, defeat, and render inoperative the vehicles' emission control system, causing them to emit substantially higher levels of nitric oxide than allowed [59605]. (b) The software failure incident occurring due to human actions: - Volkswagen admitted to installing software to fool emissions tests, indicating a deliberate decision to deceive regulators [52033]. - The failure of people inside Volkswagen to sound warnings about illegal engine software emerged as a crucial element of the scandal, suggesting a lack of action by individuals who may have known about the deception [52192]. - Internal documents showed that Volkswagen had long known that the software was unlawful and indefensible, indicating awareness of the wrongdoing by individuals within the company [93110, 93612]. |
| Dimension (Hardware/Software) | hardware, software | (a) The articles provide information about the software failure incident related to hardware and software factors: - Hardware: The software failure incident at Volkswagen was primarily due to the installation of illegal software designed to fool emissions testers, which involved a defeat device that bypassed the vehicles' emission control system [52033, 59605]. - Software: The software failure incident was directly attributed to the use of sophisticated computer programs to deceive emissions tests, indicating intentional steps to avoid legal requirements through software manipulation [52033, 52192]. These articles highlight how the software failure incident at Volkswagen was a result of both hardware (installation of defeat devices) and software (sophisticated computer programs) factors. |
| Objective (Malicious/Non-malicious) | malicious | (a) In the software failure incident related to Volkswagen's emissions scandal, it was a malicious act. The software was intentionally designed to cheat on emissions tests by installing a "defeat device" in vehicles equipped with 2-liter diesel engines [52033]. The software was created to make emission controls work in a testing lab but not on the road, indicating a deliberate attempt to deceive regulators and consumers [52033]. The scandal involved a conscious decision and a fairly sophisticated computer program to make it appear that the vehicles complied with emissions standards during testing [52033]. Additionally, internal investigations at Volkswagen focused on identifying not only who installed the illegal software but also on which managers may have learned of the deception and failed to take appropriate action [52192]. (b) The software failure incident at Volkswagen was non-malicious in the sense that the company denied the software in question was an illegal defeat device in Europe, despite German regulators ruling that the software was designed to cheat emissions tests [93110]. There were arguments presented by VW that the software function was not a defeat device, and the company had been deploying various arguments to defend the software function [93110]. Additionally, there were internal documents showing that the company had long known the software was unlawful and indefensible, indicating a level of acceptance within the company rather than a deliberate act to harm the system [93612]. |
| Intent (Poor/Accidental Decisions) | poor_decisions | (a) The intent of the software failure incident: - The software failure incident involving Volkswagen's diesel cars was not accidental but rather a result of poor decisions and intentional actions. The incident involved the installation of a "defeat device" in vehicles equipped with 2-liter diesel engines, which was a conscious decision and involved a sophisticated computer program to deceive emissions tests [52033]. - Volkswagen admitted that the software installed in its vehicles was used to cheat on emissions tests, indicating a deliberate attempt to evade regulations [52192]. - Internal documents from Volkswagen showed that the company was aware that the software was unlawful and indefensible, with employees acknowledging that the vehicles would fail emissions tests without the software [93110, 93612]. - The High Court ruling confirmed that the software function in VW cars was indeed a defeat device under EU regulations, indicating a deliberate intent behind the software [98293]. |
| Capability (Incompetence/Accidental) | development_incompetence | (a) In the articles, it is evident that the software failure incident related to Volkswagen's emissions scandal was not accidental but rather a result of development incompetence. The articles highlight how Volkswagen intentionally designed and installed software, known as a "defeat device," in their diesel cars to cheat emissions tests. This deliberate act involved a fairly sophisticated computer program to make it appear that the vehicles complied with emissions standards during lab tests, while emitting substantially higher levels of pollutants during normal driving [52033, 59605]. The scandal involved a conscious decision by individuals within the company to evade legal requirements, indicating a lack of professional competence in adhering to regulations and ethical standards in software development. (b) The software failure incident was not accidental but a deliberate act of deception by Volkswagen. The articles emphasize that the defeat device software was intentionally designed and implemented to cheat emissions tests, allowing the vehicles to pass while emitting higher levels of pollutants in real-world driving conditions [52033, 59605]. This intentional act was not a result of accidental software glitches or unforeseen problems but a calculated decision by individuals within the company to circumvent regulations and deceive regulators and consumers. |
| Duration | permanent, temporary | (a) The software failure incident related to Volkswagen's emissions scandal can be considered permanent as it involved the deliberate installation of illegal software, known as a "defeat device," in vehicles equipped with 2-liter diesel engines to cheat on emissions tests [52033]. The scandal was not a result of an oversight or an unforeseen problem in the software but rather a conscious decision involving a fairly sophisticated computer program to deceive emissions testers [52033]. The scandal led to a widening internal investigation at Volkswagen to determine who was responsible for installing the illegal software and which managers may have learned of the deception but failed to take appropriate action [52192]. (b) On the other hand, the software failure incident related to Daimler's emissions software issue can be considered temporary as it involved a recall of three million Mercedes diesel cars built since 2011 to retrofit the software without calling it a recall [72694]. This indicates that the issue was addressed through a fix or update to comply with emissions regulations, suggesting a temporary nature of the failure. |
| Behaviour | omission, value, byzantine, other | (a) crash: Article 61709 reports on VW cars triggering 'limp mode,' a safety feature that cuts power to protect the engine when an issue is detected, resulting in rapid deceleration. (b) omission: Article 52033 mentions that Volkswagen installed software to make it appear the vehicles complied with emissions standards in the test lab, omitting the actual emissions levels during real-world driving. (c) timing: Article 52082 discusses how the Volkswagen software ruse was particularly difficult to detect, indicating a timing issue in detecting the software manipulation. (d) value: Article 59605 states that the software used by Volkswagen caused the vehicles to emit substantially higher levels of nitric oxide than allowed, indicating a failure in the system performing its intended functions correctly. (e) byzantine: Article 98293 mentions that the software function in VW cars was ruled to be a 'defeat device' under EU regulations, showing inconsistent responses and interactions in the software behavior. (f) other: The behavior of the software failure incident in the articles can also be described as intentional deception and manipulation to cheat emissions tests, as seen in the installation of defeat devices by Volkswagen to mislead consumers and regulators [52033]. |
| Layer | Option | Rationale |
|---|---|---|
| Perception | sensor, actuator, processing_unit, embedded_software | (a) sensor: Failure due to contributing factors introduced by sensor error - The defeat device software in Volkswagen's cars was designed to make its emission controls work in a testing lab but not on the road, indicating a sensor error in detecting real-world conditions [52033]. (b) actuator: Failure due to contributing factors introduced by actuator error - The software fix implemented by Volkswagen to reduce emissions did not fully address the issue, suggesting a potential actuator error in controlling emissions [52082]. (c) processing_unit: Failure due to contributing factors introduced by processing error - The defeat device software in Volkswagen's cars involved a fairly sophisticated computer program to deceive emissions tests, indicating a processing error in the software design [52033]. - The software used by Volkswagen to cheat on emissions tests was a deliberate decision involving intentional steps to avoid legal requirements, pointing to a processing error in the software development [52033]. (d) network_communication: Failure due to contributing factors introduced by network communication error - There is no specific mention of network communication errors contributing to the software failure incident in the provided articles. (e) embedded_software: Failure due to contributing factors introduced by embedded software error - The defeat device software used by Volkswagen to cheat on emissions tests was embedded in the vehicles' systems, indicating an embedded software error [52033]. - The software fix implemented by Volkswagen to reduce emissions did not fully address the issue, suggesting a potential embedded software error in controlling emissions [52082]. |
| Communication | unknown | The articles do not provide specific information related to whether the software failure incident was related to the communication layer of the cyber physical system that failed at the link_level or connectivity_level. |
| Application | FALSE | The software failure incident related to Volkswagen's use of defeat device software to cheat emissions tests was not related to the application layer of the cyber physical system. The failure was intentional and involved the design and implementation of a sophisticated computer program to deceive emissions testing, rather than being caused by bugs, operating system errors, unhandled exceptions, or incorrect usage at the application layer [52033, 52082, 52192, 52195, 52311, 59605, 93110, 93612, 118717]. |
| Category | Option | Rationale |
|---|---|---|
| Consequence | death, harm, property, non-human, theoretical_consequence | (a) death: People lost their lives due to the software failure - Article 52033 mentions that General Motors settled a criminal investigation into how it handled defective ignition switches that caused at least 124 deaths. (b) harm: People were physically harmed due to the software failure - Article 52033 discusses the potential harm to public health due to vehicles emitting far more NOx than official tests suggest. (d) property: People's material goods, money, or data was impacted due to the software failure - Article 52108 mentions the potential costs owners of Volkswagen vehicles could face because their cars may not perform as claimed, leading to substantial losses. (f) non-human: Non-human entities were impacted due to the software failure - Article 52108 discusses the potential consequences for Volkswagen, including facing an $18 billion fine in the US alone, vehicle recalls and buybacks, class action lawsuits, and criminal charges. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - Article 52108 mentions the potential for vehicle recalls and buybacks, class action lawsuits from owners, and criminal charges as consequences that were anticipated but had not fully materialized at the time of the article. |
| Domain | transportation, manufacturing, finance, knowledge, government | (a) The failed system was related to the production and distribution of information as it involved software controlling a valve that recirculates exhaust gases from the engine outlet, affecting emissions of nitrogen oxides [Article 118717]. (b) The transportation industry was impacted as the software failure involved vehicles equipped with software to cheat on emissions tests, affecting the transportation of people and goods [Article 52192]. (c) The software failure incident did not directly relate to the extraction of natural resources. (d) The failed system was not directly linked to sales transactions. (e) The construction industry was not directly affected by the software failure incident. (f) The manufacturing industry was significantly impacted as the software was installed in vehicles to deceive emissions tests, affecting the creation of products [Article 52033]. (g) The utilities industry was not directly involved in the software failure incident. (h) The finance industry was indirectly mentioned in terms of potential financial penalties and costs associated with the software failure [Article 52108]. (i) The knowledge industry was indirectly mentioned in the context of the scandal highlighting the importance of open inspection of software with potential impacts on human life [Article 52311]. (j) The health industry was not directly related to the software failure incident. (k) The entertainment industry was not directly involved in the software failure incident. (l) The government industry was indirectly involved as there were mentions of governments being aware of defeat devices and lobbying to dilute emissions tests [Article 51392]. (m) The software failure incident was not directly related to any other industry. |
Article ID: 118717
Article ID: 59605
Article ID: 120238
Article ID: 93612
Article ID: 52108
Article ID: 51873
Article ID: 72694
Article ID: 52033
Article ID: 51392
Article ID: 93113
Article ID: 51824
Article ID: 52195
Article ID: 57666
Article ID: 51495
Article ID: 51369
Article ID: 51366
Article ID: 51695
Article ID: 98293
Article ID: 52192
Article ID: 52311
Article ID: 61709
Article ID: 52034
Article ID: 61091
Article ID: 93110
Article ID: 94890
Article ID: 52082