Safety risk evaluation of the remote operation of HAVs
This project seeks to identify functional safety risks of selected scenarios of the remote operation of Highly Automated Vehicles (HAV) and provide recommendations to mitigate these risks. It will explore existing lessons learned from the industries, where remote operations are implemented, such as the mining, railway, and aviation sectors.
In the near future, level 4 automated shuttle driverless fleet are likely to be introduced in suburban environments as a first/last mile passenger transportation option. Vehicle automation requires a deep understanding of the functional safety and fallback systems under critical conditions, which are very low probability events (but with catastrophic consequences) and therefore difficult to identify and mitigate.
To overcome this safety challenge, such fleet will be remotely monitored/controlled by a remote operator. This is the preferred method by the Waymo trial in Phoenix and the Cruise trial in San Francisco.
SAE International has recently modified its taxonomy of automated driving to include the remote operation in the level of automation. However, there are no international or Australian rules or codes of practice on how remote operation centres need to intervene when shuttles or their occupants seek an intervention from the remote operator.
The findings are expected to be utilised by regulatory authorities while permitting remote operation of level 4 vehicles. Noting, regulators will need to assess safety from various angels such as crash safety, operational safety, non-collision safety, functional safety, cyber safety and behavioural safety. Other than functional safety risks of selected scenarios of remote operation all other safety aspects are not part of this scope.
Project background
Research need
Level 4 automated vehicles must address six distinct safety areas: behavioural safety, functional safety, cyber safety, crash safety, operational safety, and non-collision safety. These are described as:
- Behavioural safety refers to the driving decisions and behaviour of the vehicle on the road. Just as for human drivers, HAV are subject to traffic rules and must safely navigate a variety of scenarios, both expected and unexpected.
- Functional safety seeks to ensure that vehicles operate safely even when there is a system fault or failure. That means building in backup systems and redundancies.
- Cyber safety requires the system and associated communication stack has appropriate cyber security.
- Crash safety or crashworthiness, refers to the ability of vehicles to protect passengers inside the vehicles during a crash through a variety of measures, ranging from a structural design that shields people inside, to features like seat restraints and airbags that mitigate injury or prevent death.
- Operational safety refers to the interaction between HAV and passengers.
- Non-collision safety address physical safety for the range of people who might interact with the vehicle. For example, this includes electrical system or sensor hazards that could cause harm to occupants, vehicle technicians, trained drivers, first responders, or bystanders.
Currently there are no international or Australian rules or codes of practice on how remote operation centres need to intervene when HAV or their occupants seek an intervention from the remote operator.
Queensland’s Department of Transport and Main Roads (TMR), and the Queensland University of Technology (QUT) have jointly identified that functional safety risks of remote operation of a HAV have not been well understood and therefore a project seeking to identify safety risks of remote operation of a HAV with an objective of providing evidence-based recommendations to mitigate these risks, would be beneficial.
The learnings are expected to be utilised by regulatory authorities while permitting remote operation of HAVs. Further, the advent of 5G communication provides a significant transformation in the capability of automated vehicle’s remote operation. Low latency, reliability, high volume of data exchanges, and flexibility are enablers upon which real-time/near real-time remote operations can be implemented.
Developing critical infrastructure to understand remote operation of highly automated vehicle
Existing pilots in Europe and the United States have started implementing remote operations of shuttles and automated vehicle in limited areas to allow a more naturalistic approach of the experiment, without a safety operator in the vehicle (including shuttle).
The remote operator can have multiple roles in the management of the automated services, from the management of in-field support teams to retrieving blocked vehicles via remotely controlling the HAV.
The automated vehicle architecture achieves the following tasks: sensing (from the sensors to the semantic description of the environment), decide on the future actions, plan the relevant trajectory and act to control the actuators (steering and/or pedals).
It is expected that the remote operator has full access to the full description of the environment from the sensors and is able to control the actuators. The communication path requires a high quantity of data to be transmitted/received at a very low communication latency.
Flexible infrastructure design will provide opportunities to investigate transmitting/receiving the high level description of the environment and allowing the remote operator to locally remove some constraints. Understanding the safety risk of these remote operation architecture requires a specific infrastructure to be able to test and understand specific use cases that can inform regulatory decision.
Further, any remote operation centre will also need to ensure that a secondary remote operation centre is always available in case of an emergency (such as fire evacuation of the primary remote operation centre). Therefore, the said infrastructure will need to be able to provide smooth transition to the secondary remote operation centre when required.
Project intent
The project will help establish a state-of-the-art infrastructure (primary remote operation centre) for the remote operation of automated vehicle, as well as produce a secondary remote operation centre at TMR office. The project will hire the test track facility and seek to control ZOE2 (Queensland’s HAV) remotely via the remote operation centre and via the secondary remote operation centre.
ZOE2 will be at the test track when controlled through primary or secondary remote operation centre. The project will seek to understand and identify functional safety risks of remote operation of HAVs and provide recommendations to mitigate these risks. It will explore existing lessons learned from other industry, such as mining, railway and aviation, where remote operations are implemented.
The project will be delivered through the following tasks:
- Create a dedicated infrastructure at the test track (primary remote operation centre) and a secondary remote operation centre at TMR office
- Modify the Automated Vehicle (ZOE2) to allow the remote operation
- Identify use cases (with a focus on safety risk) in consultation with the stakeholders, literature review and other industry
- Implement/experiment mitigation strategies on the field and understand the impact of the communication availability (such as drop from 5G to 4G)
- Identify risk occurring during the switch from the primarily remote operation centre to the secondary remote operation centre and the impact on the vehicle operation
The learnings are expected to be utilised by regulatory authorities while permitting remote operation of HAVs.
Project objectives
The project seeks to identify functional safety risks of selected scenarios of remote operation of highly automated vehicles and recommend mitigation strategies.
Currently there are no international or Australian rules or codes of practice on how remote operation centres need to intervene when shuttles or their occupants seek an intervention from the remote operator.
This project will help establish capability at test track allowing the test and evaluation of safety critical scenarios with ZOE2. The project will also establish a secondary remote operation centre at TMR office.
Specifically, the project will:
- Help test track operator develop the infrastructure needed at their facility, including the 5G infrastructure and the remote operation centre
- Establish secondary remote operation centre at TMR office and the modification in the ZOE2 to allow the remote operation capability
- Define use cases to be investigated through consultation with multiple stakeholders
- Test and evaluate the functional safety risk of remote operation of the identified scenarios and develop mitigation strategies
- Provide recommendations for the regulatory staff assessing the permit application for the remote operation of HAVs
- The capabilities developed during the project will be at a proof-of-concept level, allowing further development and investigation of research questions on the other safety aspects of remote operation beyond the initial scope of the project.
Please note …
This page will be a living record of this project. As it matures, hits milestones, etc., we’ll continue to add information, links, images, interviews and more. Watch this space!