September 13, 2017
As an engineer who has worked in telecommunications, unmanned systems, Internet of Things (IoT), and robotics for the past 20 years, I am going to start this article by letting you read about how the story ends: autonomy is coming.
Any trade or profession that makes use of a human’s hand eye coordination, including truck driving, will leverage technology to replace certain manual skills of the operator. In fact, some level of automation is currently being used in surgery, dentistry, nursing and flying aircraft. The type of autonomy that is used in these professions is called Human-Assisted Autonomy, or Human-Machine Teaming. In these cases, there is always a human in the loop. Autonomy technology is considered part of robotics technology. Specifically, autonomy is part of an area called Assistive Robotics. The idea here is that robots are used when they can reduce stress and danger for the operator, or substantially reduce operator costs. I do not foresee a time in the next 10-15 years when there is no human decision maker in the picture during long haul trucking operations.
There are four considerations in thinking about autonomy and trucking:
- The state of autonomy technology for large trucks
- The inherent complexity and risks associated with moving loaded heavy trucks
- The value of truck drivers in being the custodians of safety on the highways and roads
- The state of cyber-security and its twin sister, cyber-risk in heavy trucks
Each of these considerations leads to a conclusion that it will take a long time until the human can safely be taken out of the driver’s seat in heavy trucks.
Roboticists consider that it is much easier to achieve higher levels of autonomy flying an aircraft than operating a ground vehicle. This make sense because an aircraft operates freely in 3 dimensions, and a ground vehicle, at best, operates freely in 1+ dimensions. Much of the science of autonomy deals with obstacle avoidance. Ground vehicles operate along the path of the road, and have some possible lateral freedom. That lateral freedom of movement, in the best of circumstances with no traffic, consists of a few traffic lanes. It is a fact that a ground vehicle will generally have considerable less freedom of movement than either an air vehicle or surface vessel. Yet given the risks with large drones, no one flies them without a human in the loop.
We see assistive robotics applied in mass market today in the parking assist, which is increasingly being deployed by auto manufacturers in private automobiles. We know there’s a movement towards use of autonomous automobiles being driven by auto manufacturers, ride companies like Uber and Lyft, high tech companies like Apple and Google, and chip companies like Intel and NVIDIA.
To comprehend autonomous vehicles, let’s first understand the terminology that is used and examine what this means. The National Highway Traffic Safety Administration (NHTSA) defines five levels of vehicle autonomy:
Level 1 – Function-specific Automation: Automation of specific control functions, such as cruise control, lane guidance and automated parallel parking. Drivers are fully engaged and responsible for overall vehicle control (hands on the steering wheel and foot on the pedal at all times).
Level 2 – Combined Function Automation: Automation of multiple and integrated control functions, such as adaptive cruise control with lane centering. Drivers are responsible for monitoring the roadway and are expected to be available for control at all times, but under certain conditions can disengaged from vehicle operation (hands off the steering wheel and foot off pedal simultaneously).
Level 3 – Limited Self-Driving Automation: Drivers can cede all safety-critical functions under certain conditions and rely on the vehicle to monitor when conditions require transition back to driver control.
Level 4 – Self-Driving Under Specified Conditions: Vehicles can perform all driving functions under specified conditions.
Level 5 – Full Self-Driving Automation: Vehicles can perform all driving functions on all normal road types, speed ranges and environmental conditions.
BIS Research estimates that the higher levels of automation (3, 4 and 5) are presently in the test and development phase. Feasibility of vehicles equipped with higher level automated systems are under way on public roads. The penetration rate of level’s 3, 4 and 5 technology in passenger cars is anticipated to be 0.016%, 0.002% and 0.002%, respectively in the year 2020.
It is only at NHTSA’s Level 5 – Full Self-Driving Automation – that here is no human in the loop. Earlier this year, Audi and NVIDIA announced they would field test a Level 4 vehicle in three years. In July of this year, NVIDIA announced that one of its microprocessors is powering the world’s first Level 3 self-driving production automobile. Tesla’s Autopilot system is a Level 2 system and requires the driver to be paying attention at all times. So, it’s probably fair to say that while Level 2 autonomy is already in the market, it will take a considerable amount of time until Level 5 autonomy is widely deployed in passenger automobiles.
It is expected that the truck industry will leverage the large investment that is being made in autonomy for automobiles, and it is doing that for Levels 1 and 2 autonomy.
The risk due to software failure in some intelligent component that is supporting the autonomy function in the truck probably provides the greatest source of likelihood of failure leading to injury, death and property damage. Autonomy is supported by a sophisticated network of sensors that is continuously measuring a wide variety of variables. Many of the sensors are already in the vehicles, which are essential for both performance and safety. A familiar example is the Wheel Speed Sensor (WSS). The anti-lock braking system (ABS), traction control and stability control systems all rely on the WSS. Typically, the WSS and other sensors communicate over an electrical communications bus (BUS). Sensors collect and send information over the BUS to computers that process the information and make control decisions that are then communicated to objects like actuators that implement the control decisions.
When you read articles about some vehicle system being hacked, the access to the hacked element was often through the BUS.
Last year, Wired published an interesting article called, HACKERS HIJACK A BIG RIG TRUCK’S ACCELERATOR AND BRAKES. The title of the article speaks for itself, and describes research conducted by students at the University of Michigan as part of a class assignment. SAE International is working to train engineers who develop automated control systems for cars and trucks to include security in their design. However, one problem is that BUS systems, and most of the automated control systems that vehicles depend upon, were developed before much consideration was given to security issues.
SAE Standard J1939 is the common standard that is used for computing and communications elements in heavy vehicles. When the students at the University of Michigan hacked the truck to issue acceleration and braking commands, they inserted messages through the truck’s diagnostic port. Once they had access to the diagnostic port, even though they did not know all the commands that they would need, they were able to query computer modules for J1939 commands that they would need. However, what is also important here, is because of common J1039 commands the attack is relatively easy to reproduce across a variety of manufacturers’ truck lines.
The absence of security in the initial design of vehicle automation systems means that even if the autonomy system is secure, other automation systems that it relies upon are not necessarily secure. This is mainly because these BUS and automation systems were developed years before the idea of the connected vehicle was common, and security was not a main concern of designers.
Looking at the cyber risk, let’s put this in context. The risks to public safety from a single accident in long haul trucking is considerably larger than they are for an automobile accident. It may appear obvious, but it’s worth noting some basic facts regarding the potential for injury, death and property damage.
Without delving into the details of the calculation, an average loaded passenger car that weighs about 3,720 lbs., traveling at 62 mph will deliver about 73 tons of force in a crash. We compare this to a loaded semi-truck that weighs about 60,000 lbs. also traveling at 62 mph will deliver about 1,184 tons of force. The difference in the potential damage that can be done is considerable.
The eighteen-wheeler is 70-80 feet in length, and a good size car is about 15 feet long. Due to size and weight, it takes 40% longer to stop a truck than it does an automobile. According the American Trucking Association, truck crashes are twice as likely to result in a fatality than car crashes. This makes sense because of the size of trucks and the high forces that are delivered on impact.
In a University of Michigan study of 8,309 fatal Large Truck – Passenger Car crashes, 81% of car drivers were determined to have some fault, while 26% of truck drivers were determined to have some fault. In 10% of the cases, it was determined that both drivers were at fault. It is fair to conclude from this that truck drivers are aware and understand the increased danger their vehicle and contents pose to themselves and to the public.
Autonomous vehicles are just one part of a group of objects that are collectively included in the Internet of Things (IoT). In the case of trucks, the area of IoT security is a relatively new and emerging field. The result is robotics and autonomy designers are far ahead of the security designers. Security cannot be an afterthought if it is to be done right. To get economically adequate security in products, especially high impact products like long haul trucks, security must be part of the product from initial concept, through design, into manufacturing and distribution. A very important part of security is how to manage software updates to ensure that software in vehicles is updated to reflect fixes to security vulnerabilities and operational defects that are inevitably discovered. It is important to ensure that the update process cannot be hijacked to introduce new security vulnerabilities.
While autonomy is coming, drivers will continue to be a critical part of trucking for a long time. The risk to lives is considerable if systems fail or hacking occurs. The risk is just too great not to have a driver in the cab. Moreover, as technology advances towards Level 5 autonomy, drivers will not become obsolete. In fact, it is quite possible that future generation of drivers will do their driving from a cubicle in a driving center much like pilots fly drones currently in the military.
This article originally appeared in CVTA’s quarterly publication Get-in-Gear Summer/Fall 2017 edition.
Jeff Stern is the CEO of Chain Security, LLC