What Should Toyota/NHTSA Do?

We know the following.  Toyota itself has acknowledged that it cannot rule out problems in its electronics throttle control system as a cause behind the sudden acceleration of some of its cars.  NHTSA is in the spotlight to ensure public safety.   What should they do?

The problem in the Toyota electronics could be due to

  • hardware design issues (assumptions made regarding failures that are violated),
  • hardware implementation issues (such as sensors, actuators or computers with manufacturing defects that result in higher than normally very low failure rates),
  • electrical issues including ESD (electro-static discharge), grounding and EMI (electro-magnetic interference) problems,
  • software bugs that kick in only under abnormal conditions,
  • architectural integration with each subsystem doing the “correct” thing but the completed system having an integration issue, or
  • An insidious combination of the above.

What should Toyota/NHTSA do now?

  • Each should assemble an independent team of experts – mechanical engineers, electrical engineers, embedded hardware engineers, embedded software engineers, control engineers, sensor/actuator experts, reliability engineers and safety engineers.
  • Get all documentation and internal communications available at Toyota.
    • In particular, get access to Toyota’s internal investigations and results from vehicles that have had known acceleration problems – these are critical materials to study and will narrow down the search space dramatically.
  • Evaluate the fail-safe mechanisms in ETCS-I and their effectiveness against a wide spectrum of possible failure points.   What if this sensor fails?  What if the throttle control mechanism fails? What if this board fails? What if the ECU (electronic control unit) fails? What if the output there get stuck?  What if an input here fluctuates all the time?  What if there is a voltage spike at an input? At an output?  What if any these two failures happen simultaneously? What does the software do if an unexpected event happens?   These questions can be asked (and hopefully answered) very methodically and rigorously.
  • Work backwards from the sudden acceleration event.  That is, suppose that sudden acceleration has occurred.  What events and what sequences can lead to that outcome?  What could have gone wrong (however improbable) for that outcome to be produced?   To paraphrase Sherlock Holmes, if you have eliminated all possibilities but one, then you have found the culprit, however improbable it may seem.
  • Study all architectural and design documents, then pore into the code, the wiring diagrams, and the internals of all the sensors, actuators and ECUs.

If you think that a businessperson/manager should also be on the team, think again.   It would serve Toyota much better over the long term to find the problem in its electronics (there is one!) and fix it.  Else, this cloud would hang over the company, its customers and its shareholders causing more damage.   Bite the bullet, figure out the source, fix it and move on.   The short-term pain will be much less than the long-term impact on the company (and the Japanese economy perhaps).

Addendum: Any data that Toyota has in their “black boxes” should also be studied.  As I have argued in a previous blog, it could help exonerate them too.   Any studies they may have of why drivers may press the wrong pedal (more so than in other cars) should also be looked at.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: