Currently reading: Autopilot: how self-driving cars can learn from planes
We trust in automated systems to fly our aeroplanes, but many people remain unconvinced by driverless cars. We find out why

We’re in the stunning and historic London headquarters of the Royal Aeronautical Society.

The building, just off Hyde Park Corner, oozes history, with varnished noticeboards carrying the names of the society’s past presidents, many of whom were at the forefront of aeronautical engineering and development.

I’m here to talk about self-driving cars with a gentleman called Tony Henley, who has spent his whole career in the world of avionics including 35 years at BAE Systems specialising in navigation and navigation displays. He has a degree in electronics and a masters in instrumentation. Today he is a consultant to various bodies, including the government, on subjects that include drones.

Tesla Autopilot crash: transport expert defends autonomous driving tech

Why am I talking to an aviation expert about cars? Because more than once I’ve been sitting next to a car company executive who, when I’ve brought up the subject of self-driving cars, has drawn a comparison between autonomous cars and aircraft and said that for decades airliners have been flying around the place on autopilot, so why can’t the same be done with cars? I’m not a professional pilot but I have flown privately all around Europe and have been a co-pilot in business jets and turboprops. The sky is very big and when you’re flying in controlled airspace, which all airliners do, you are being monitored and tracked.

And, crucially, kept separate from other aircraft.

I’m not concerned here with the common question of ‘How does the autonomous car choose between hitting a child or an old person?’ or the legal ramifications of an autonomous car having a prang. Those are interesting and important subjects, but I want to talk to Henley about the technology that’s involved. About redundancy, for example. I know that the Boeing 747 jumbo jet was equipped with three independent autopilot systems right from its launch in 1969.

“The first thing that we have to get straight,” says Henley, “is the difference between autonomous and automated. It is illegal for an aircraft to be autonomous or not controlled by a human, even in the case of a drone. Modern airliners are highly all automated, not autonomous. But you’re correct about redundancy on airliners. The Boeing 777, for example, has nine independent flight control computers in three different compartments. “This is probably overkill even by aviation standards, but it’s not just the level of redundancy, it’s also the integrity of the individual computers themselves. In aviation, we have something called Design Assurance Levels, or DAL for short. DAL A is the highest level, DAL B the second, DAL C third, and so on. DAL A and B are essentially the same specification, it’s just that B requires less testing and certification work. Incidentally, the manual that contains the specifications and parameters for how software is written is 1000 pages long.

Back to top

“The 777’s flight computers are all DALA. What this means in practice is that they’re completely self-contained. The computers do not communicate via wi-fi or Bluetooth and the software cannot be patched or updated online. It’s incorruptible and secure, in other words.”

And here we have a problem when we cross over into the world of autonomous cars. The car needs to communicate with the outside world to get information on mapping, traffic, other vehicles in the vicinity and more. How can we be sure that the car’s software and operating systems won’t be corrupted?

Elmar Frickenstein is BMW’s head of autonomous car development and is in charge of a team of 1300 engineers – a huge amount of manpower and, no doubt, brain power. I ask Frickenstein about the level of redundancy that will be built into BMW’s autonomous cars.

BMW previews autonomous iNext ahead of concept reveal later this year

“We have complete redundancy both of the hardware and software; each is backed up,” he says. “The car has 30 different sensors comprising of Lidar, radar, camera and sonar equipment with a high level of redundancy if any were to fail.”

That’s reassuring, but only up to a point. I also ask Frickenstein about what standards the software and hardware is being developed to. The answer is “BMW standards”, because as yet there are no international standards for autonomous or even highly automated systems. This does not surprise me. Even in the 21st century we have managed to develop electric vehicles that are charged with plugs that are not interchangeable and using a charging network that doesn’t have the level of commonality that it should have. What hope for a unified set of rules for autonomous cars?

Then there are other concerns about systems. Software is written by humans and there is as big a challenge in autonomous cars as in aviation in designing and developing software that can cover every conceivable scenario. The performance and reliability of an autonomous car is going to rely on these human skills. And then there’s maintaining these systems. There is an onus on technicians to understand the complexities of the vehicle and especially the software. Diagnostic tools are already moving beyond the realms of small, local garages and even main dealers are not always able to resolve gremlins in the software. So what does Henley think about the optimistic timelines that are currently being bandied about by car company marketing people? Are they actually accurate?

Back to top

“Level three autonomy, in which a driver could give control to the vehicle from entry junction to exit junction on a motorway with the driver managing the transitions to and from normal roads, is practical and could be with us within a few years,” he says. “Earlier level three concepts, in which control was given back to the driver when things went wrong, have largely been dropped as unworkable: the driver would not have the situational awareness to be able to safely resume control.

“Level four, which will be limited to controlled areas, is doable but will require enormous investment in infrastructure. Level five, which is full autonomous driving over any road, including country lanes, is a long way off. People are talking about [it arriving by] 2030, but I think that is optimistic.”

A year or so ago, I was shown a video by Volvo that showed a ‘driver’ sitting back in comfort reading a newspaper while the car drove itself. I think the public are seduced by the vision of a relaxing journey in which they can use their time usefully.

I think this is nonsense: it’ll be a nerve-racking experience. My pal Nick is a 777 captain at British Airways. He says: “The only time I’ve been really frightened in my airline career was when I was doing an autoland (first demonstrated in 1967) at Milan Linate airport. I couldn’t see the runway until the nosewheel had touched the ground. Visibility was about 95 metres. I was sitting there hoping to God that all the systems worked perfectly.”

That is what it’s going to be like sitting in a self-driving car at night on a motorway in poor weather at 70mph. The good news is that I’m going to set up a business that tackles people’s fear of not driving much the same as the fear of flying courses operated by EasyJet and other airlines. I will soon be a millionaire and will spend my money on a Ferrari 250 SWB that I will probably not be allowed to drive on the road...

Read more

BMW i Vision Dynamics concept-inspired i5 to spark new era of i cars

Back to top

Join the debate

Comments
17
Add a comment…
yvesferrer 5 August 2018

An aircraft on the M 25?

At 30 000 ft, an airliner can fly in reasonable safety: it is alone in a huge cube of airspace! The real danger comes at landing time when it has to share space with other aircraft.

At 0 ft, a car can drive in reasonable safety on a straight road in Utah! Far too many imponderables: from white vans to idiots undertaking or lane hogging, etc...

Even with drivers as alert as they might be (ok, some are perhaps less alert than others) we see the results of dreadful accidents every day.

Drivers MUST remain in charge!

jason_recliner 6 August 2018

yvesferrer wrote:

yvesferrer wrote:

At 30 000 ft, an airliner can fly in reasonable safety: it is alone in a huge cube of airspace! The real danger comes at landing time when it has to share space with other aircraft.

At 0 ft, a car can drive in reasonable safety on a straight road in Utah! Far too many imponderables: from white vans to idiots undertaking or lane hogging, etc...

Even with drivers as alert as they might be (ok, some are perhaps less alert than others) we see the results of dreadful accidents every day.

Drivers MUST remain in charge!

 

Are people better equipped to respond to unexpected events on the road than computers?

 

Perhaps autonomous cars would still have accidents, but less frequently than cars driven by humans?

 

I don't know the answer to these questions; it's something to consider.

Slowmo 5 August 2018

Automated speed restrictors

Mandatory speed restricting technology should be the government's priority.
david RS 5 August 2018

It's harder to do an

It's harder to do an autonomous system for cars and with cheaper components than for planes.

 

Cobnapint 5 August 2018

Correct

You don't get many white vans cutting in, kids running out, narrow country lanes with mobile homes coming the other way or people slamming their brakes on in front of you at 35000 ft.