This post will review three comments, all submitted by individuals. Let me just gripe that anyone who submits a comment should supply their background, experience, or education so that the reader can take into account the perspective of the submitter when considering the comments. That would also be helpful for NHTSA staff.
1. Chemical Facility Security News author
Patrick Coyle submitted a comment that he also posted on Dec. 3, 2020 in the Chemical Facility Security News, a daily blog about chemical security and safety issues that does not appear to be affiliated with any business, non-profit organization, or professional association. According to the blog's "About" section, Mr. Coyle has:
15 years experience in the US Army with extensive experience in training development, delivery and evaluation. He spent 20 years working in the chemical process industry developing and improving chemical manufacturing processes with a large emphasis on chemical and process safety. He currently writes a daily blog, the Chemical Facility Security News, examining the issues associated with the Chemical Facility Anti-Terrorism Standards administered by the Department of Homeland Security.
The blog, which dates back 13 years, currently averages approximately 30 posts per month, but in previous years the total number of posts climbed as high as 700. According to Mr. Coyle's LinkedIn profile, he has deep experience in drafting "reports on rework investigations and safety incidents that provide a wealth of information for subsequent investigations." Clearly this is a person who is familiar with ensuring safety with careful development and following of procedures.
In his comment/blog post, Mr. Coyle does a nice job of summarizing NHTSA's stated goals for seeking guidance and the framework that NHTSA aims to develop for autonomous vehicles (AVs). This is no easy task because the ANPRM is long and detailed.
Cybersecurity focus
Mr. Coyle has a very engineering-type perspective. Given the topic of his blog, it is no surprise that Mr. Coyle focuses on cybersecurity in his comments. He aptly points out that "Not a single one of the 24 specific questions that NHTSA proposed for response addressed cybersecurity topics." and he continues:
NHTSA missed the boat by not including a fifth ‘core function’ for ADS; “Protection”. In keeping with the language of the ANPRM, “protection” would refer to the ability of the ADS system to continue to protect the safety of the vehicle’s occupants in the event of an electronic failure due to component failure, communication (internal or external) disruption or cyberattack. In process safety terms, this means that the system has mechanisms and protocols in place to ensure that it fails in an inherently safe manner.
Mr. Coyle supplies a few examples of obvious areas where failures would be dangerous and, therefore, failure prediction and mitigation should be embedded into the testing and regulation of AVs. He mentions interruptions of software updates, sensor operation, power, and communications.
For cybersecurity go to another agency
In terms of NHTSA's perspective, keeping cybersecurity out of the ANPRM and AV regulation in general makes sense. The Federal Trade Commission (FTC), after all, is the federal agency with jurisdiction over any communications technology and the Department of Homeland Security, as well as the FBI and the Department of Justice, each have a piece of the regulatory thicket of cybersecurity, not to mention authority to investigate and prosecute criminal activity.
To the average person, however, such division of jurisdiction over one type of product, in this case AVs, might not make sense.
2. Next comment is anonymous
Although the next comment submitted is anonymous, thus providing no context about the submitting person's perspective, it focuses on the same theme as Mr. Coyle's comment. While I would direct the anonymous submitter to a grammar and writing style course, this person manages to get the idea across that we should have performance safety standards and integrate safety into AV development procedures, similar to the way that the aerospace industry operates.
Anonymous does know what they are talking about, mentioning Mobileye's proposed open safety model called Responsibility Sensitive Safety. "These types of safety standards focus on the measurable performance of an ADS while encouraging consumer confidence in an open standard." This submitter would accept at least some simulation as part of safety testing.
3. Author, maybe?
Phil Rink, perhaps the engineer, inventor and children's author, submitted another similar comment. I am guessing that this is the same Phil Rink, but, because the comment author never says anything about themself, conjecture is all I have available. That Phil Rink invented an underwater camera, which became a standard, and sold his company; he has also authored a couple of books for children of about 8-11, from a cursory look.
Mr. Rink submits a comment that seemingly refers to partial vehicle automation and makes a point that I have harped on endlessly.
When the automation fails, and it will fail, the human driver will not be able to detect the failure soon enough to prevent the failure. If notified by the automation, the human will not be able to gain situational awareness soon enough to choose a corrective action and apply that action. Things happen too quickly in driving situations, and especially in uncommon situations, which is where the automation will fail.
Mr. Rink also seems to refer to and prefer the concept of the operational design domain (ODD) and he would ban AV operation on public roads outside of an AV's ODD.
No comments:
Post a Comment