Systemic Fragility in the Cyber-Physical City: An Analysis of Cascading Operational Failures in Autonomous Systems During Power Infrastructure Loss

by Gemini 3.0, Deep Research. Warning, LLMs may hallucinate!

1. Executive Analysis of the Heteronomous Paradox

The rapid proliferation of autonomous systems—encompassing self-driving vehicles (AVs), uncrewed aerial systems (UAS), autonomous mobile robots (AMRs), and automated industrial logistics—has been predicated on a technological vision of independence. These agents are designed to perceive, think, and act without direct human intervention. However, the operational reality revealed by recent infrastructure failures, most notably the grid disruption in San Francisco involving Waymo robotaxis, suggests a fundamental paradox: these systems are not truly autonomous but deeply heteronomous. They rely on a continuous, invisible tether of electrical power, connectivity, and environmental instructional cues to function. When the supporting infrastructure—the “Smart City” grid—fails, the autonomous agents operating within it do not merely revert to a neutral state; they frequently enter a failure mode that amplifies the crisis, transforming from mobility solutions into physical obstructions.¹

This report provides an exhaustive technical examination of the dependencies that bind AI-driven technologies to the electrical grid. It moves beyond the obvious loss of motive power (charging) to analyze the subtler, yet more critical, loss of instructional capacity(traffic signals, V2X beacons), teleoperative oversight (cellular backhaul), environmental definition (lighting and sensor physics), and physical access (smart locks and elevators). By synthesizing data from automotive, telecommunications, agricultural, and industrial domains, the analysis demonstrates that the current “safe stop” protocols favored by autonomous safety standards are insufficient for systemic resilience, creating a risk of “gridlock by design” during widespread power outages.

2. The San Francisco Sentinel Event: Deconstructing the Waymo Stasis

The widespread power outage that struck San Francisco, impacting approximately 130,000 Pacific Gas & Electric (PG&E) customers, serves as a definitive case study in the fragility of Level 4 autonomous deployment in urban environments. The incident did not involve a failure of the vehicles’ onboard power; the electric drive trains and compute stacks remained fully energized. Instead, the failure was one of environmental illegibilityand coordination collapse.¹

2.1 The Loss of Signal Phase and Timing (SPaT) Authority

In a standard urban operational design domain (ODD), traffic signals function as the supreme instructional authority. They provide deterministic, boolean logic (Stop/Go) that overrides probabilistic perception. When the grid failed, these signals ceased functioning. For a human driver, a “dark” traffic signal triggers a fallback social protocol: the intersection is treated as an all-way stop. This relies on non-verbal communication, eye contact, and an intuitive understanding of turn-taking—capabilities that remain elusive for current AI architectures.²

The Waymo fleet, encountering these dark intersections, faced an epistemological crisis. While the perception stack could geometrically identify the intersection, the absence of the authoritative “Green” or “Red” state, combined with the erratic behavior of human drivers who were loosely (or poorly) following the all-way stop protocol, created a scenario exceeding the vehicles’ risk tolerance. The “Conservative Behavior” coded into the safety policy dictated that if the right-of-way is ambiguous, the vehicle must wait. With multiple autonomous vehicles entering the same high-ambiguity zone simultaneously, they effectively deadlocked each other, waiting for a clearance signal that the de-energized infrastructure could not provide.²

2.2 The Collapse of the Teleoperation Feedback Loop

The standard mitigation for AV confusion is Remote Assistance (RA) or Teleoperation. When the AI reaches a confidence threshold below the safety limit, it requests human guidance. The San Francisco incident, however, exposed the vulnerability of this tether. The power outage deactivated home Wi-Fi routers across the affected neighborhoods, forcing thousands of residents onto the cellular network for information. This surge in traffic congested the local cell towers—many of which were operating on limited battery backup or experiencing handover failures.⁵

The high-definition video uplink required for a remote operator to safely assess the intersection (typically requiring <100ms latency and >10 Mbps upload speed) became unstable. Without the ability to “see” the scene in real-time, remote operators could not authorize the vehicles to proceed. The vehicles, adhering to a “fail-safe” protocol, executed a Minimum Risk Condition (MRC) maneuver, which in this context meant stopping in the active lane of traffic. This transformed the software confusion into a physical blockade, impeding emergency responders and exacerbating the traffic chaos caused by the blackout.¹

3. The Optical Cliff: Sensor Physics and Environmental Illumination

A second, less discussed consequence of power outages is the sudden alteration of the photic environment. Autonomous perception systems are tuned for specific lighting conditions. The loss of streetlights, storefront illumination, and building security lighting creates an “optical cliff”—a sudden drop in visual fidelity that can blind vision-centric perception stacks.

3.1 Divergence of Sensor Modalities in Complete Darkness

The performance of an autonomous agent in a blackout is heavily determined by its sensor architecture. The industry is currently divided between “Vision-Centric” approaches (relying on cameras) and “LiDAR-Centric” approaches (relying on laser scanning).

Camera Systems (Passive Perception):

CMOS image sensors are passive devices; they require external photons to generate data. In a city stripped of electrical lighting, the ambient lux levels drop to near zero, illuminated only by the vehicle’s own headlights. This creates a “tunnel vision” effect.

• Peripheral Blindness: While headlights illuminate the forward path, the side cameras—critical for detecting pedestrians stepping off curbs or cyclists approaching from cross-streets—stare into a void.

• Dynamic Range Failure: The high contrast between the bright headlight cone and the surrounding darkness challenges the sensor’s dynamic range.

• Semantic Loss: Cameras rely on visual texture to identify lane markings and read signs. In the dark, these features lose contrast. A vision-only system (like Tesla’s FSD) may struggle to distinguish between a paved road and a dark sidewalk without the semantic cues provided by streetlights.⁹

LiDAR Systems (Active Perception):

LiDAR (Light Detection and Ranging) sensors are “active” devices, emitting their own laser pulses (typically at 905nm or 1550nm) and measuring the time-of-flight of the reflection.

• Blackout Immunity: LiDAR performance is largely independent of ambient light. In fact, LiDAR data often improves in a blackout because there is less background solar noise (during the day) or artificial light interference.

• Geometric Fidelity: A LiDAR-equipped vehicle (like Waymo or Zoox) retains a perfect 3D understanding of the intersection geometry, curbs, and physical obstacles even in total darkness.¹⁰

Thermal Imaging (The Missing Link):

Standard automotive sensors have gaps in pedestrian detection in the dark. Thermal (Long-Wave Infrared) cameras detect heat signatures and require no light. However, they are not yet standard on most robotaxi fleets. In a blackout, where pedestrians are the primary hazard in unlit crosswalks, the lack of thermal sensors represents a significant safety gap in current sensor suites.14

3.2 The Visual Odometry Trap

Localization—knowing exactly where the vehicle is on the map—often uses “Visual Odometry” or SLAM (Simultaneous Localization and Mapping). This relies on tracking static features (landmark points like building corners or signs). When the lights go out, the visual appearance of these landmarks changes drastically or they disappear entirely. If the localization algorithm cannot match the dark environment to its “daytime” or “lit night” reference map, the vehicle’s confidence in its position drops. If this confidence falls below a threshold (typically centimeters), the safety driver (software) forces a stop, fearing the vehicle might drift into oncoming traffic.¹²

Table 1: Comparative Sensor Degradation During Urban Power Outage

4. The Invisible Tether: Telecommunications Infrastructure and the “Nudge”

The “autonomy” of modern AI systems is contingent on a constant flow of data. The San Francisco incident highlighted that the breakdown of the cellular network is often the proximate cause of the robotic failure. The vehicle knows it is stuck; it tries to ask for help; the network is dead.

4.1 The Battery Gap in the 5G Edge

The shift to 5G networks involves a densification of the network topology. While traditional “Macro” cell towers cover large areas and often house diesel generators with 24-48 hours of fuel, the high-speed, low-latency bandwidth required for autonomous video uplinks often comes from “Small Cells” mounted on utility poles.

• Power Dependency: These small cells are frequently powered directly by the municipal grid or have minimal battery backups (2-4 hours). In a prolonged outage, the small cells fail first.¹⁵

• The Handover Trap: As the small cells go dark, the AV modems attempt to hand over to the distant Macro towers. However, these Macro towers are now shouldering the entire data load of the neighborhood.

• Congestion Collapse: With residents streaming video, checking news, and making emergency calls, the Macro tower becomes saturated. The AV, requiring a stable upload stream for teleoperation, suffers from packet loss and jitter. If the latency exceeds the safety threshold (e.g., 200-500ms), the remote operator cannot legally or safely issue drive commands.¹⁷

4.2 The Regulatory Vacuum on Backup Power

The resilience of the cellular network is a matter of fierce regulatory debate.

• FCC vs. Carriers: The US Federal Communications Commission (FCC) has historically attempted to mandate backup power, but carriers have resisted blanket requirements due to the logistical complexity and cost of maintaining generators at hundreds of thousands of cell sites.²⁰

• California’s 72-Hour Rule: Following wildfire-related shutoffs, the California Public Utilities Commission (CPUC) mandated 72 hours of backup power for wireless facilities. However, this rule applies primarily to “High Fire Threat Districts” (Tier 2 and 3). Urban centers like downtown San Francisco, where robotaxis operate, are often Tier 1 and thus may not be subject to the same stringent backup requirements, leaving a resilience gap in the very areas with the highest density of autonomous agents.¹⁵

• EU Regulation: In Europe, ENISA oversees telecom resilience, but similar challenges exist regarding the definition of critical versus non-critical base stations.²⁵

4.3 Satellite Communication: The Ground Station Weakness

Many autonomous systems point to satellite internet (e.g., Starlink) as a redundancy. This is a partial fallacy in a wide-area blackout.

• Ground Station Power: LEO satellite constellations rely on terrestrial “Gateways” or Ground Stations to connect to the internet backbone. If the region hosting the gateway loses power (and its fiber backhaul), the satellite link fails, regardless of the satellite’s own solar power.²⁷

• Power Budget: A high-performance satellite terminal (like Starlink) consumes 50-100 Watts. For a stranded drone or delivery robot operating on battery, this power drain is unsustainable compared to a low-power LTE radio, rapidly depleting the vehicle’s reserves.²⁹

5. Vertical Infrastructure: The Trap of the Smart Building

The “Last Mile” of autonomy often involves entering physical structures—hospitals, offices, and apartments. Here, the power outage severs the API integration between the robot and the building’s electromechanical systems.

5.1 The Elevator API Disconnect

Service robots, such as the Aethon TUG used in hospitals for linen and medication delivery, communicate with elevators via Wi-Fi to request floors.

• Emergency Power Logic: When a building switches to generator power, the Elevator Controller often enters a load-shedding mode. Non-essential integrations (like the Robot Interface API) are frequently dropped to prioritize human recall and fire service operation.

• The Lobby Bottleneck: Robots currently on upper floors may be trapped. Worse, robots in the lobby cannot ascend. Unlike humans, who can take the stairs, the robots gather in the elevator lobby. In an evacuation scenario (often triggered alongside power outages due to fire alarms), a fleet of heavy, stationary robots blocking the lobby creates a severe egress hazard for humans fleeing the building.³¹

5.2 Access Control: Fail-Safe vs. Fail-Secure

Autonomous Mobile Robots (AMRs) navigate internal corridors, passing through automated fire doors and secure laboratory entrances. The failure mode of the lockdictates the robot’s fate.

• Fail-Secure locks: High-security areas (pharmacies, server rooms, biosafety labs) use “Fail-Secure” electric strikes, which remain locked when power is cut (mechanical key override only).

• The Robot Lockout: A robot attempting to deliver urgent chemotherapy drugs to a ward protected by a Fail-Secure lock is physically barred from entry. It cannot use a key; it relies on the RFID/Wi-Fi credential handshake. If the Access Control Server is down or the door controller has no battery, the robot is useless. It stops in the hallway, becoming an obstacle.³⁵

• Wi-Fi Authentication: Even “Fail-Safe” doors (which unlock on power loss) may be impassable if the robot’s navigation logic requires a digital “Door Open” confirmation from the server before it attempts to push through. If the Wi-Fi is down, the robot may simply wait for a confirmation that never comes.³⁹

6. Industrial Logistics: The “Islands of Automation” Crisis

Warehouses and ports are increasingly adopting “lights-out” automation. A power outage reveals that these systems are highly sensitive to “dirty shutoffs.”

6.1 Warehouse Execution Systems (WES) Amnesia

The modern warehouse is orchestrated by a WES that tracks the state and location of hundreds of robots.

• The Communications Blackout: If the facility loses power, the industrial Wi-Fi Access Points (often powered by PoE switches) die instantly unless every switch is on a UPS.

• State Loss: The robots execute an immediate emergency stop (E-Stop).

• The Restart Cost: When power returns, the WES must re-establish the “truth” of the floor. If robots drifted during the stop, or were manually pushed by humans clearing aisles, their virtual location in the WES does not match their physical location. The system cannot simply resume; it requires a time-consuming “localization reset” where every robot must re-orient itself or be manually driven to a home marker. This turns a 1-hour power outage into a 12-hour operational recovery ordeal.⁴⁰

6.2 Port Automation and Suspended Loads

Automated Stacking Cranes (ASCs) at ports run on high-voltage electricity.

• Container Hang: A power cut leaves containers suspended. While mechanical safety brakes hold the load, the sensors (encoders) tracking the hoist height may drift or lose calibration during the power transient.

• Twistlock Uncertainty: The twistlocks connecting the spreader bar to the container are fail-safe mechanically, but the electronic sensors confirming “Locked/Unlocked” status need power. Upon restart, the system may register a “Fault” state, requiring a human technician to climb the crane (a slow, dangerous process) to visually verify the locks before the crane is allowed to move.⁴³

7. Aerial and Agricultural Autonomy: The Signal Dependency

In domains without traffic lights, the “instructional cue” is the GNSS (Global Navigation Satellite System) signal. Power outages on the ground degrade this signal in the air and field.

7.1 RTK-GPS and the Base Station Failure

Autonomous tractors and precision delivery drones do not rely on standard GPS (which has 2-5 meters of error). They use Real-Time Kinematic (RTK) GPS, which achieves centimeter-level precision by comparing the satellite signal to a signal from a fixed “Base Station” on the farm or a local reference network (CORS).

• The Outage Mechanism: If the farm’s power goes out, the local Base Station stops transmitting corrections. This is functionally identical to the “Solar Storm” scenario described in agricultural reports.⁴⁵

• The Float Trap: The tractor’s receiver drops from “RTK Fixed” (cm accuracy) to “RTK Float” or “Autonomous” (meter accuracy).

• Operational Failure: An autonomous cultivator cannot operate with 2-meter error; it would tear up the crop rows. The machine executes a safety stop. A widespread rural blackout (common during storms) effectively grounds the entire autonomous farming fleet, halting time-critical harvests.⁴⁵

7.2 Unmanned Traffic Management (UTM) Blindness

The FAA’s UTM concept relies on a network of UAS Service Suppliers (USS) exchanging data. This is a ground-based internet application.

• Ground Sensor Loss: UTM relies on ground radars and RF receivers to detect non-cooperative traffic (e.g., medical helicopters). If the power grid fails, these sensors go offline.

• Lost Link Protocol: Without the “Detect and Avoid” data feed, the UTM network must command a systemic “Land Now” or “Return to Launch.”

• The Landing Hazard: If the drone attempts to return to a charging nest that is unpowered (no beacon, no landing lights, no precision landing signal), the risk of crash landing increases significantly.⁴⁹

8. Heavy Transport: Rail and Maritime Vulnerabilities

8.1 Positive Train Control (PTC) Battery Limits

Railroads use PTC to prevent collisions. This system relies on Wayside Interface Units (WIUs) at signals and radio towers to transmit “Civil Speed Restrictions” to the locomotive.

• The AREMA Standard: Industry standards (AREMA) typically require signal locations to have battery backup, often rated for 8 to 24 hours.⁵²

• The Prolonged Outage: In events like the 2021 Texas Freeze or the 2003 Northeast Blackout, outages can last days. Once the batteries deplete, the WIUs die.

• Restricted Speed: A train cannot simply drive “visually” at full speed in PTC territory. Without the digital “Proceed” token, the train is forced into “Restricted Speed” (typically <20 mph, able to stop within half the range of vision). This causes the rail network capacity to collapse, turning a high-speed logistics artery into a parking lot.⁵⁴

8.2 Maritime AIS and “Smart Buoys”

Autonomous ships use Automatic Identification System (AIS) data to track other vessels.

• Shore Station Dependence: Coastal AIS networks rely on shore stations to repeat signals and transmit “Virtual Aids to Navigation” (digital buoys that exist only on charts).

• The Blackout Blindness: If shore power fails, the AIS repeaters die. The autonomous ship loses its “Over the Horizon” awareness. It is forced to rely solely on onboard radar (Line of Sight). In complex straits or inclement weather, this reduction in situational awareness may force the autonomous vessel to anchor rather than risk collision.⁵⁷

9. The Substrate of Intelligence: Compute and Cooling

Finally, the “brain” of the autonomous system—whether in the cloud or at the edge—is thermally constrained by power.

9.1 Data Center Thermal Ride-Through

Autonomous fleets rely on cloud data centers for routing, fleet orchestration, and machine learning model updates.

• The Cooling Gap: When grid power fails, there is a gap (often 60-120 seconds) before generators fully load the chillers. While UPS batteries keep the servers on, they rarely power the cooling infrastructure immediately.

• Thermal Throttling: ASHRAE guidelines warn that high-density AI server clusters can overheat in seconds without airflow. The servers protect themselves by “throttling” (slowing down).

• Latency Spike: This throttling increases the processing time for fleet optimization algorithms. A route calculation that took 50ms might now take 500ms, introducing system-wide lag in the fleet’s decision loop.⁶⁰

9.2 Edge AI Overheating

Onboard the vehicle, the AI compute unit (e.g., NVIDIA Jetson or Drive AGX) generates significant heat.

• The Stopped Vehicle Scenario: A robotaxi stalled in the sun during a summer blackout (with no movement to generate airflow and potentially disabled cabin AC to save traction battery) faces a thermal crisis.

• Performance Degradation: As the onboard chip heats up, it throttles. This reduces the frame rate of object detection. The robot becomes “slower” to react to hazards, effectively cognitively impaired by the heat.⁶³

10. Conclusion: Toward “Island Mode” Resilience

The analysis of the San Francisco Waymo incident and the broader ecosystem reveals a critical flaw in the design of current autonomous systems: they are optimized for a “Connected, Powered, Illuminated” world. When the supporting infrastructure is removed, the safety protocols (Minimum Risk Condition) default to a state—stopping in place—that is locally safe for the vehicle but systemically catastrophic for the city.

The “Smart City” is currently a fragile mesh of dependencies. A power outage does not just turn off the lights; it:

1. Removes Authority: (Traffic lights, Access Control)

2. Severs Connectivity: (Small Cells, Backhaul)

3. Obscures Geometry: (Camera blindness)

4. Degrades Precision: (RTK-GPS loss)

Recommendations for Future Resilience:

To prevent future “gridlock by design,” the industry must move toward “Island Mode” capabilities:

• Decentralized Negotiation: AVs must adopt peer-to-peer (Mesh V2V) protocols to negotiate right-of-way at dark intersections without reliance on infrastructure signals.

• Infrastructure Hardening: Telecommunications regulations must evolve to view “Small Cells” as critical infrastructure requiring extended battery backup, matching the 72-hour standards emerging in high-risk zones.

• Passive-First Perception: Certification for autonomous systems should mandate high-performance operation in total darkness (using LiDAR/Thermal) rather than allowing reliance on street lighting.

• Mechanical Overrides: Building codes must require that “robot-accessible” doors and elevators retain a mechanical or localized power override that does not depend on a central server connection.

Without these structural changes, the autonomous city remains vulnerable to a “Cascading Stasis,” where a simple fuse blowout can freeze the movement of people and goods across an entire metropolis.

Detailed Technical Analysis

1. Introduction: The Fragility of Connected Autonomy in Power-Denied Environments

The integration of Artificial Intelligence (AI) into the physical infrastructure of cities—via autonomous vehicles, smart grids, and robotic logistics—has created a new class of systemic risk: Cyber-Physical Interdependency Failure. While traditional risk models focus on the direct loss of utility (e.g., “the lights are out”), the deployment of autonomous agents introduces a secondary layer of failure. These agents rely on the grid not just for energy (propulsion), but for information (instruction).

When the grid fails, the flow of information stops. The traffic light stops signaling “Stop.” The cellular tower stops transmitting the remote operator’s video feed. The GPS base station stops correcting the satellite drift. The autonomous agent, deprived of these external cues, enters a state of “Epistemic Uncertainty.” Modern safety standards (ISO 21448, UL 4600) dictate that in the face of uncertainty, the agent must transition to a Minimum Risk Condition (MRC). In almost all cases, the MRC is “Stop.”

The San Francisco incident ¹ demonstrated that when hundreds of agents execute this “Stop” command simultaneously in a dense urban environment, the result is a deadlock that blocks human emergency response and amplifies the impact of the original power outage. This report analyzes the specific mechanisms of this failure across multiple domains.

2. Deep Dive: The Signal Phase and Timing (SPaT) Dependency

The most immediate cause of the San Francisco gridlock was the interaction between the AV perception stack and the de-energized traffic signals.

2.1 The “Oracle” Problem

Level 4 AVs (like Waymo) use High-Definition (HD) maps that encode the semantic rules of the road. An intersection on the map is tagged as “Signalized.” The AV’s planner expects an authoritative state (Green/Yellow/Red) from this location.

• Nominal Operation: The AV uses computer vision (cameras) to detect the state of the light. Advanced deployments also use DSRC/C-V2X radios to receive the SPaT message directly from the traffic controller’s Roadside Unit (RSU).

• Blackout Operation: In a blackout, the RSU is dead (no radio signal). The traffic light is dark (no visual signal).

• The Human Fallback: Human drivers rely on a “Social Fallback.” We treat the dark light as a stop sign, but we also use eye contact, hand waves, and vehicle “creep” to negotiate turn-taking.

• The AV Failure: The AV perception system detects the “Dark” state. Its internal logic (the Oracle) is silent. The AV cannot make eye contact. It cannot “wave” another driver through. It is programmed to be conservative. If it cannot calculate a collision-free path with high certainty, it waits.

2.2 The “Gridlock Geometry”

In San Francisco, human drivers were entering the intersection aggressively, often not coming to a complete stop or taking turns out of order. The AV’s prediction models likely showed “potential collision” vectors from all sides.

• The Deadlock: The AV waits for the humans to settle. The humans, seeing the AV stopped, try to drive around it. The AV detects the moving humans and resets its “wait” timer. This cycle repeats until the intersection is physically blocked.²

Requirement for Resilience: The missing capability is peer-to-peer negotiation. If the AVs could communicate directly with each other (V2V) to agree on a crossing order, and if they could signal their intent to humans (e.g., via external LED message boards saying “Stopping / Your Turn”), the deadlock could be broken. Currently, this capability is not standardized.

3. Sensor Physics: The “Optical Cliff” in Urban Blackouts

The discussion of AV safety often assumes “night driving” conditions, which implies the presence of streetlights, building lights, and other cars. A power outage creates “Absolute Urban Darkness,” a condition rarely tested in public datasets.

3.1 The Limits of CMOS Cameras

Automotive cameras typically use CMOS sensors. Key performance indicators (KPIs) relevant to blackouts include:

• Low-Light Sensitivity (ISO): To see in the dark, the sensor ramps up gain (ISO). This introduces “noise” (grain).

• The Impact of Noise: Edge detection algorithms (used to find lanes and objects) rely on finding sharp contrast boundaries. High noise blurs these boundaries. The AI’s confidence in “Is this a lane line?” drops.⁹

• Dynamic Range (HDR): In a blackout, the only light source is the vehicle’s own headlights. This creates a scene with extreme brightness in the center (the beam) and pitch blackness at the edges. Standard HDR algorithms struggle to balance this, often crushing the shadows (making them pure black) to prevent the headlights from blowing out.

• Result: The “Peripheral Blindness.” The AV can see what is directly in front of it, but it loses the ability to see a child waiting on the curb before they step into the light.¹⁰

3.2 The Advantage of Active Sensing (LiDAR)

LiDAR sensors (like those on Waymo) emit laser pulses. They are their own light source.

• Physics: A LiDAR unit spinning at 10Hz creates a 360-degree 3D map of the world regardless of ambient light.

• Blackout Performance: In daylight, the sun (a massive source of infrared light) creates “noise” for LiDAR detectors. In a blackout at night, this noise floor drops. LiDAR actually performs better in terms of signal-to-noise ratio in the dark.

• The Waymo Paradox: Despite having LiDAR (which sees perfectly in the dark), the Waymo vehicles still stalled. This proves that the failure was not perceptual (they knew where obstacles were) but instructional (they didn’t know the rules of the dark intersection).¹

3.3 The “Vision-Only” Vulnerability (Tesla)

Systems that reject LiDAR (like Tesla’s Autopilot/FSD) face a much higher risk in blackouts.

• Depth Estimation: Vision-only systems estimate depth using “Structure from Motion” or neural networks trained on visual cues (shadows, perspective, vanishing lines).

• Blackout Failure: In a blackout, the visual cues vanish. The “vanishing point” is invisible if the horizon is dark. The depth estimation neural network is operating “out of distribution” (OOD).

• Phantom Braking: To be safe, the system often hallucinates obstacles in the noisy dark pixels, leading to sudden, dangerous stops on highways during power outages.¹¹

Table 2: Sensor Suite Resilience Analysis

4. Connectivity: The Fragile Tether of Teleoperation

When the AV cannot decide, it calls a human. This “Human-in-the-Loop” fallback is the Achilles’ heel of system resilience during power outages.

4.1 The 5G Topology Weakness

The move to 5G involves “Network Densification.”

• Macro Cells: (The big towers). Range: Miles. Power: Generators (24-48hr).

• Small Cells: (The shoeboxes on light poles). Range: Hundreds of feet. Power: Grid + Battery (0-4hr).

• The Blackout Sequence:

1. Grid fails.

2. Small cells run on battery. AVs function normally.

3. Hour 4: Small cell batteries die.

4. AVs lose their primary high-bandwidth connection.

5. AV modems roam to the distant Macro cell.

6. The Bottleneck: The Macro cell is now handling traffic from all the dead small cells, plus the surge of human users. The “Signal to Noise and Interference Ratio” (SINR) plummets.

7. Latency Spike: The Round Trip Time (RTT) for data jumps from 30ms to 500ms.

8. Teleops Failure: Remote driving requires real-time reaction. You cannot steer a car with 500ms lag. The Teleops software detects the lag and disables the “Remote Control” feature. The AV is now truly alone.⁵

4.2 The “Fail-Safe” is “Stop”

Without teleoperation, the AV executes its “Minimum Risk” maneuver. In the San Francisco case, this meant stopping. The connectivity failure directly caused the physical obstruction.

4.3 Regulatory Gaps: The Battle for Backup Power

The lack of resilience is a policy choice.

• California AB 2421 & CPUC: California mandates 72 hours of backup power, but exemptions exist for “infeasibility” (e.g., a pole cannot support a heavy battery cabinet) and the rule focuses on “High Fire Threat Districts.” Downtown San Francisco is not a High Fire Threat District. Therefore, the densest deployment of robotaxis operates in a zone with the least regulated backup power requirements for small cells.¹⁵

• Carrier Pushback: Verizon and AT&T have argued to the FCC that flexible routing (moving traffic to other towers) is better than mandating generators at every site. The San Francisco incident proves that “flexible routing” fails when the congestion is total.²⁰

5. Vertical Infrastructure: The “Locked Out” Robot

The robotic ecosystem extends into buildings. Here, the failure of the “Smart Building” API creates physical traps.

5.1 The Elevator Gap

Robots like the Aethon TUG use elevators to deliver hospital meals and linen.

• Integration: The robot does not push the button; it sends a Wi-Fi signal to the Elevator Server.

• Power Loss: Elevators on emergency power often disable their Ethernet switches to save load. The “Robot Interface” goes offline.

• The Trap: A robot inside the elevator when power fails might be recalled to the lobby and the door opens. The robot tries to exit but cannot calculate a path because its map (which assumes it is on Floor 5) conflicts with its sensors (which see the Lobby). It freezes in the doorway, preventing the elevator doors from closing and disabling the car for human use.³¹

5.2 Access Control Logic

• Fail-Safe: Doors unlock (magnet disengages). Good for humans. Robots may still fail to enter if they require a digital handshake.

• Fail-Secure: Doors remain locked (electric strike). Robots are locked out.

• The Hospital Scenario: In a blackout, nurses are overwhelmed. They rely on robots for supply runs. If the robots are locked out of the “Clean Utility” room because the door is Fail-Secure and the robot cannot use a physical key, the nursing staff must abandon patients to fetch supplies manually, defeating the purpose of the automation during the crisis.³⁵

6. Aerial and Agricultural Autonomy

6.1 The Solar Storm / Power Outage Parallel

Research snippets regarding solar storms ⁴⁵ highlight the vulnerability of RTK-GPS. A solar storm disrupts the ionosphere. A power outage disrupts the Base Station. The effect on the autonomous agent is identical: Loss of Precision.

• Mechanism: RTK requires a correction stream. If the base station loses power, the stream stops.

• Impact: An autonomous crop sprayer relying on 2cm accuracy will drift by 2 meters. To prevent destroying the crop, it must stop.

• The “Float” Risk: Some systems fallback to “RTK Float” (less accurate). If the farmer is unaware of the outage (e.g., the base station is miles away), the machine might continue operating with degraded accuracy, causing thousands of dollars in crop damage before being noticed.⁴⁵

6.2 UTM and the “Land Now” Command

The FAA’s UTM system requires continuous connectivity.

• Infrastructure: It relies on “Supplemental Data Service Providers” (SDSPs) for weather and ground radar data.

• Failure: If the SDSP’s ground sensors lose power, the “safety volume” around the drone cannot be guaranteed.

• Result: The drone executes a “Lost Link” or “System Failure” procedure. Typically, this is “Return to Home.” If the “Home” charging pad is unpowered (no beacon), the drone may fail to land precisely, risking damage or injury.⁴⁹

7. Logistics: The Warehouse Execution System (WES)

Modern warehouses are dense grids of robots.

• The Coordinator: The WES assigns tasks and routes traffic to prevent collisions.

• The Outage: When Wi-Fi dies, the robots stop.

• The “Zombie” Robot: Even if the robots have batteries, they are “lobotomized” without the WES. They cannot accept new orders.

• The Recovery: Restarting a WES is complex. It involves verifying the position of every robot. If a robot continued moving for 2 seconds after the WES died (due to latency), the WES’s map is wrong. The system will trigger “Collision Warnings” immediately upon restart, requiring a manual floor sweep.⁴⁰

8. Compute and Cooling: The Thermal Limit

All autonomous intelligence runs on silicon. Silicon generates heat.

8.1 Data Center Thermal Ride-Through

Autonomous fleets depend on cloud servers.

• The Cooling Gap: In a power transition (Grid -> Generator), cooling often stops for 1-2 minutes.

• ASHRAE Class A1: Data center servers are rated for specific temperatures.

• Throttling: If the temp spikes, the CPUs throttle. This increases the processing time for every task—route optimization, dispatch, voice recognition. The entire fleet feels “sluggish”.⁶⁰

8.2 Edge AI Throttling

• Scenario: A delivery robot stuck in the sun during a blackout.

• Mechanism: The onboard computer (e.g., Jetson Xavier) hits 85°C. It throttles the GPU.

• Result: The object detection framerate drops from 30fps to 10fps. The robot’s reaction time triples. It becomes unsafe to navigate near pedestrians.⁶³

9. Conclusion

The “Smart City” is an ecosystem of interconnected dependencies. The Waymo incident in San Francisco was not a “glitch”; it was a demonstration of Systemic Fragility.

The reliance on:

• Active Infrastructure (Traffic Lights, V2X)

• Continuous Connectivity (5G, Teleops)

• Environmental Stability (Lighting, GPS)

...means that autonomous systems are currently designed for “Fair Weather” operation—not just meteorologically, but electrically.

The Path Forward:

To achieve true resilience, the industry must embrace “Island Mode” Autonomy:

1. Protocol Independence: Vehicles must be able to negotiate intersections via peer-to-peer V2V without relying on traffic lights.

2. Sensor Independence: Certification must require full capability in zero-lux conditions (LiDAR/Thermal mandated).

3. Infrastructure Hardening: Small cells and RTK base stations must be classified as critical infrastructure with mandatory 24-72hr backup power.

Without these measures, the “Smart City” risks becoming a trap, where a simple power outage transforms our mobile future into a gridlocked present.

Works cited

1. San Francisco power outage: Waymo suspends self-driving taxi service after city blackout, accessed December 21, 2025, https://www.financialexpress.com/world-news/us-news/san-francisco-power-outage-waymo-suspends-self-driving-taxi-service-after-city-blackout/4084407/

2. Waymo Pauses San Francisco Service After Blackout - FindArticles, accessed December 21, 2025, https://www.findarticles.com/waymo-pauses-san-francisco-service-after-blackout/

3. San Francisco power outage: Hundreds of Google’s Waymo self-driving cars stranded across the city, company says it is due to, accessed December 21, 2025, https://timesofindia.indiatimes.com/technology/tech-news/san-francisco-power-outage-hundreds-of-googles-waymo-self-driving-cars-stranded-company-says-it-is-due-to/articleshow/126104544.cms

4. Waymo temporarily suspends service in SF amid power outage : r/SelfDrivingCars - Reddit, accessed December 21, 2025, https://www.reddit.com/r/SelfDrivingCars/comments/1pry5vh/waymo_temporarily_suspends_service_in_sf_amid/

5. Teleoperation: cellular coverage and why one modem is not enough - DriveU.auto, accessed December 21, 2025, https://driveu.auto/blog/why-one-modem-is-not-enough-for-teleoperation-of-robots-and-autonomous-vehicles/

6. Bugs and blackouts: what are the risks for high-tech cities? - The World Economic Forum, accessed December 21, 2025, https://www.weforum.org/stories/2015/01/bugs-and-blackouts-what-are-the-risks-for-high-tech-cities/

7. Teleoperation - Can Remote Driving be the Savior to Autonomous Driving? - Soliton - Blog, accessed December 21, 2025, https://blog.solitonsystems.com/blog/the-answer-to-remote-driving-vehicles-0

8. Navigating the Last Mile: A Stakeholder Analysis of Delivery Robot Teleoperation - MDPI, accessed December 21, 2025, https://www.mdpi.com/2071-1050/17/13/5925

9. Will autonomous cars work in the dark? - Akins Ford, accessed December 21, 2025, https://www.akinsford.com/blog/will-autonomous-cars-work-in-the-dark/

10. Evaluation of Roadside LiDAR-Based and Vision-Based Multi-Model All-Traffic Trajectory Data - ResearchGate, accessed December 21, 2025, https://www.researchgate.net/publication/371406116_Evaluation_of_Roadside_LiDAR-Based_and_Vision-Based_Multi-Model_All-Traffic_Trajectory_Data

11. Are We Self-Driving Our Way Over a Cliff? - Recall Masters, accessed December 21, 2025, https://www.recallmasters.com/are-we-self-driving-our-way-over-a-cliff/

12. Compare and Contrast LiDAR and Non-LiDAR Technology in an Autonomous Vehicle: Developing a Safety Framework - Scirp.org, accessed December 21, 2025, https://www.scirp.org/journal/paperinformation?paperid=127473

13. Why LiDAR Surpasses Cameras and Radar for ITS - Insights | Outsight, accessed December 21, 2025, https://insights.outsight.ai/transforming-its-the-impact-of-lidar-cameras-and-radar-on-transportation/

14. Thermal Camera Integration for Low Light Visibility | Imagry News, accessed December 21, 2025, https://imagry.co/news-events/night-driving-challenges-in-autonomous-driving-addressed-by-imagry/

15. Client Alert: New Backup Power Mandates for California Communications Companies, accessed December 21, 2025, https://www.jenner.com/en/news-insights/publications/client-alert-new-backup-power-mandates-for-california-communications-companies

16. Network Performance and Public Safety - California Public Utilities Commission - CA.gov, accessed December 21, 2025, https://www.cpuc.ca.gov/industries-and-topics/internet-and-phone/network-performance-and-public-safety

17. Network Latency in Teleoperation of Connected and Autonomous Vehicles: A Review of Trends, Challenges, and Mitigation Strategies - MDPI, accessed December 21, 2025, https://www.mdpi.com/1424-8220/24/12/3957

18. Making Cellular Networks Crisis-Proof: Towards Island-Ready, Resilient-By-Design 6G Communication Networks - arXiv, accessed December 21, 2025, https://arxiv.org/html/2512.04346

19. Level 4 autonomous networks achieve resilience, optimisation and agility in live operator deployments - Telecoms, accessed December 21, 2025, https://www.telecoms.com/partner-content/level-4-autonomous-networks-achieve-resilience-optimisation-and-agility-in-live-operator-deployments

20. 5G providers reject mandates for backup power at cell sites - Light Reading, accessed December 21, 2025, https://www.lightreading.com/security/5g-providers-reject-mandates-for-backup-power-at-cell-sites

21. 5G providers reject mandates for backup power at cell sites - Urgent Communications, accessed December 21, 2025, https://urgentcomm.com/power/5g-providers-reject-mandates-for-backup-power-at-cell-sites

22. Federal Communications Commission FCC 21-99 1, accessed December 21, 2025, https://docs.fcc.gov/public/attachments/FCC-21-99A1.pdf

23. AB 2765 (Pellerin) - the Committee on Communications and Conveyance, accessed December 21, 2025, https://acom.assembly.ca.gov/system/files/2024-04/ab-2765-pellerin-analysis.pdf

24. CPUC Decision 20-07-011 - California Governor’s Office of Emergency Services, accessed December 21, 2025, https://www.caloes.ca.gov/wp-content/uploads/PSC/Documents/11h-CPUC-decision-20-07-011.pdf

25. ASSESSMENT OF EU TELECOM SECURITY LEGISLATION - ENISA, accessed December 21, 2025, https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Report%20-%20Assessment%20of%20EU%20Telecom%20Security%20Legislation.pdf

26. THE TELECOM SECTOR’S CONTRIBUTION TO EUROPE’S SECURITY AND RESILIENCE, accessed December 21, 2025, https://connecteurope.org/sites/default/files/2025-10/Resilience%20and%20security%20study_CopenhagenEconomics%20for%20Connect%20Europe_Oct2025.pdf

27. Starlink Business | Fixed Site, accessed December 21, 2025, https://starlink.com/al/business/fixed-site

28. Do Starlink ground stations have backup power? - Reddit, accessed December 21, 2025, https://www.reddit.com/r/Starlink/comments/y8y236/do_starlink_ground_stations_have_backup_power/

29. Starlink Business | Land Mobility, accessed December 21, 2025, https://starlink.com/business/mobility

30. How Satellites Can Strengthen Your Digital Resilience - ThousandEyes, accessed December 21, 2025, https://www.thousandeyes.com/blog/how-satellites-can-strengthen-your-digital-resilience

31. Guide to Smart Building Technology in 2025 - Understanding the Future - Coram AI, accessed December 21, 2025, https://www.coram.ai/post/smart-building-technology

32. Leveraging Data for Smart Building Solutions with Nantum AI | OnLogic, accessed December 21, 2025, https://www.onlogic.com/customer-stories/nantum-ai/

33. Aethon | Autonomous Mobile Robots, accessed December 21, 2025, https://aethon.com/

34. Aethon TUG Robot highlighted in Automation World, accessed December 21, 2025, https://aethon.com/aethon-highlighted-in-automation-world/

35. Fail Safe vs. Fail Secure in Access Control - Verkada, accessed December 21, 2025, https://info.verkada.com/compare/fail-safe-vs-fail-secure/

36. Fail Safe vs Fail Secure - And What Most People Get Wrong! - Kisi, accessed December 21, 2025, https://www.getkisi.com/blog/fail-safe-vs-fail-secure

37. Fail Safe vs Fail Secure: Which Lock is Right for Your Needs - ProdataKey, accessed December 21, 2025, https://www.prodatakey.com/single-post/fail-safe-vs-fail-secure

38. Access Control Power Failure: What You Must Know - Security Surveillance System, accessed December 21, 2025, https://www.ssscamera.com/access-control-power-failure-what-happens-next/

39. Cybersecurity challenges in IoT-connected smart city infrastructure - World Journal of Advanced Research and Reviews, accessed December 21, 2025, https://wjarr.com/sites/default/files/WJARR-2021-0048.pdf

40. Blog: Systems Thinking and WES - Matthews Automation Solutions, accessed December 21, 2025, https://matthewsautomation.com/systems-thinking-wes/

41. Unleashing Warehouse Potential: How Robotics and Automation Eliminate Critical Bottlenecks - Honeywell, accessed December 21, 2025, https://www.honeywell.com/us/en/news/featured-stories/2025/04/unleashing-warehouse-potential-robotics-automation

42. Automated Guided Vehicle - bremsenergie.de, accessed December 21, 2025, https://bremsenergie.de/en/applications/automated-guided-vehicle/

43. ROBOTIC PARKING SYSTEMS, INC., accessed December 21, 2025, https://www.stratus.com/wp-content/uploads/CS-Robotic-Parking.pdf

44. Advantages And Disadvantages of Automatic Parking Systems, accessed December 21, 2025, https://etekparking.com/advantages-and-disadvantages-of-automatic-parking-systems/

45. How Will the GPS Outage on May 10 Affect US Farm Profitability? - farmdoc daily, accessed December 21, 2025, https://farmdocdaily.illinois.edu/2024/05/how-will-the-gps-outage-on-may-10-affect-us-farm-profitability.html

46. Geomagnetic Storm Affecting GPS Signals - May 2024 - LandMark Implement, accessed December 21, 2025, https://landmarkimp.com/news/news/blog/geomagnetic-storm-affecting-gps-signals--may-2024/

47. The solar storm knocked out GPS equipment on farms — and it could happen again - CBC, accessed December 21, 2025, https://www.cbc.ca/radio/asithappens/solar-storm-farm-gps-1.7207999

48. Farming: Satellite failure ‘cripples’ farmers as GPS-guided tractors grind to a halt - Reddit, accessed December 21, 2025, https://www.reddit.com/r/Surveying/comments/12ubn74/farming_satellite_failure_cripples_farmers_as/

49. Unmanned Aircraft System (UAS) Traffic Management (UTM) - Federal Aviation Administration, accessed December 21, 2025, https://www.faa.gov/sites/faa.gov/files/2022-08/UTM_ConOps_v2.pdf

50. Unmanned Aircraft Systems Traffic Management (UTM) – A Common Framework with Core Principles for Global Harmonization Edition 4 - ICAO, accessed December 21, 2025, https://www.icao.int/sites/default/files/left-menu-pdfs/UTM%20Framework%20Edition%204.pdf

51. Unmanned Aircraft Systems (UAS) Traffic Management (UTM) Concept of Operations v1.0 - NASA, accessed December 21, 2025, https://www.nasa.gov/wp-content/uploads/2024/04/2018-utm-conops-v1-0-508.pdf?emrc=94dcbb

52. Engineering Standards for Grade Crossing Warning Systems Used at Restricted Grade Crossings - Transports Canada, accessed December 21, 2025, https://tc.canada.ca/sites/default/files/2021-01/tce52e.pdf

53. Sound Transit requirements manual, accessed December 21, 2025, https://www.soundtransit.org/sites/default/files/documents/st-requirements-manual.pdf

54. Positive Train Control (PTC) Monitoring and Analysis of the Integrated Network (MAIN) – Phase 1 - Federal Railroad Administration, accessed December 21, 2025, https://railroads.dot.gov/sites/fra.dot.gov/files/2019-12/PTC%20MAIN%20Phase%201.pdf

55. UNITED STATES DEPARTMENT OF TRANSPORTATION FEDERAL RAILROAD ADMINISTRATION DOCKET NO. FRA-2023-0064 POSITI - ASLRRA, accessed December 21, 2025, https://www.aslrra.org/aslrra/document-server/?cfp=aslrra/assets/File/public/news/2025/AAR-ASLRRA%20Comment%20on%20PTC%20Systems%20NPRM.pdf

56. 49 CFR Part 236 Subpart I -- Positive Train Control Systems - eCFR, accessed December 21, 2025, https://www.ecfr.gov/current/title-49/subtitle-B/chapter-II/part-236/subpart-I

57. IALA Recommendation O-139 on The Marking of Man-Made Offshore Structures Edition 2 December 2013 - VASAB, accessed December 21, 2025, https://vasab.org/wp-content/uploads/2018/06/2013_IALA_Marking-of-Man-Made-Offshore-Structures.pdf

58. IALA RECOMMENDATION R0126 (A-126) THE USE OF THE AUTOMATIC IDENTIFICATION SYSTEM (AIS) IN MARINE AIDS TO NAVIGATION SERVICES Edi - Navcen.USCG.gov, accessed December 21, 2025, https://navcen.uscg.gov/sites/default/files/pdf/AIS/IALA_R0126_A126_Use_AIS_Marine_Aids_Nav_Services_Ed2_0.pdf

59. PowerBuoy® - Ocean Power Technologies, accessed December 21, 2025, https://oceanpowertechnologies.com/products/powerbuoys/

60. ASHRAE TC9.9 Data Center Power Equipment Thermal Guidelines and Best Practices, accessed December 21, 2025, https://www.ashrae.org/file%20library/technical%20resources/bookstore/ashrae_tc0909_power_white_paper_22_june_2016_revised.pdf

61. How To Ensure Your Data Center Cooling System Can Ride Out a Power Failure, accessed December 21, 2025, https://blog.se.com/datacenter/architecture/2014/09/25/ensure-data-center-cooling-system-can-ride-power-failure/

62. Failure Analysis of Direct Liquid Cooling System in Data Centers | J. Electron. Packag., accessed December 21, 2025, https://asmedigitalcollection.asme.org/electronicpackaging/article/140/2/020902/367988/Failure-Analysis-of-Direct-Liquid-Cooling-System

63. Optimizing Edge AI with Advanced Thermal Management in Embedded Systems, accessed December 21, 2025, https://www.embedded.com/optimizing-edge-ai-with-advanced-thermal-management-in-embedded-systems-2/

64. Impact of Thermal Throttling on Long-Term Visual Inference in a CPU-Based Edge Device, accessed December 21, 2025, https://www.mdpi.com/2079-9292/9/12/2106

65. Impact of Thermal Throttling on Long-Term Visual Inference in a CPU-based Edge Device, accessed December 21, 2025, https://arxiv.org/abs/2010.06291

66. Tesla versus Waymo: Two Very Different Roads to Full Autonomy. : r/teslamotors - Reddit, accessed December 21, 2025, https://www.reddit.com/r/teslamotors/comments/1l7rm0h/tesla_versus_waymo_two_very_different_roads_to/

67. Elon Musk delusionally claims Waymo ‘never had a chance’ against Tesla | Electrek, accessed December 21, 2025, https://electrek.co/2025/12/10/elon-musk-waymo-never-had-chance-against-tesla/