risk research for safety critical systems … · 13 12 july 2016 reliability and risk research ....

Engineering Systems Division, DTU Management Engineering, Technical University of Denmark

1

RISK RESEARCH FOR SAFETY CRITICAL SYSTEMS AT THE TECHNICAL UNIVERSITY OF DENMARK

Igor Kozine, Senior researcher [email protected]


2 12 July 2016

Ris National Laboratory


Technical University of Denmark

3


4 12 July 2016

Reliability and Risk Research Academic milestones

Reliability of technical systems Stochastic uncertainty

Generalised reliability models to intervals Epistemic uncertainty

Models of likelihood of accidents Epistemic uncertainty

Models of human performance in safety critical systems Discrete event simulation

Organisational factors and risk Quality of maintanence of safety barriers

Systems resilience Capabilities based approach

Risk identification in cyber-physical systems Multilevel multidimensional HAZOP

Integrated models of risk assess: physical systems and humans Discrete event simulation

TIME

TIME


5 12 July 2016

Reliability and Risk Research Domains

Nuclear power generation

Wind power generation (onshore-offshore)

Oil and gas transportation

Shale gas production

Offshore oil and gas production

Maritime Railway Bridges and tunnels

Hydrogen-driven vehicles, transportation and distribution

Water supply Etc.

Chemical


6 12 July 2016

From Risk to Resilience

Marie-Valentine Florin, shown at NATO Workshop 26-29 June, Azores


7 12 July 2016

Capabilities-based approach for assessing the resilience of critical infrastructure Resilience capabilities are defined as enablers of activities and functions that serve the resilience goals.

A resilience capability is further broken down into three related compounds: assets, resources, and practices/routines.

http://www.read-project.eu/


8 12 July 2016

Capabilities-based approach for assessing the resilience of critical infrastructure

The approach is being developed in the framework of the EU financed project Resilience Capacities Assessment for Critical Infrastructures Disruptions (READ).

The strategy of the capabilities-based planning is to prepare for a large variety of threats and risks instead of simply preparing for specific scenarios.

Creating Resilience Capability against Critical

Infrastructure Disruptions: Foundations, Practices

and Challenges

IDA Conference Center, Copenhagen, Denmark

13 April, 2015

WELCOME TO INTERNATIONAL CONFERENCE!


10 12 July 2016

Risks identification in cyber-physical systems

An approach is being developed based on Hazard and Operability Studies (HAZOP). Focal points of the approach are:

identifying appropriate system representations (respecting the designers choice of formalism)

identifying relevant system parameters and deviation guidewords for hazard identification

A distributed maintenance management system inside a nuclear power plant has been so far to demonstrate the approach.


11 12 July 2016

Offshore Platform Hydrocarbon Risk Assessment OPHRA: Feasibility study of an alternative method for Quantitative Risk Assessment using Discrete Event Simulation

Physical phenomena

Detection & response

Escape & evacuation

Impact & consequence

Time

Each process is modelled separately and sends feed-back to the others providing interaction between processes


12 12 July 2016

Simulation based tool for risk assessment and mitigation in complex systems with strategic components

Risk modelling tools for cyber-physical systems are limited to systems with non-strategic component while accounting for strategic component behaviour is essential.

These systems often exhibit externalities that may have significant effect on the systemic risks. Selfish or/and malicious components are potential risk contributors and the severity of their consequences should be attempted to being modelled.

We can hardly expect that the assessment of consequences can be amenable to analytic evaluation.

We suggest research towards incorporating strategic component behaviour into simulation based tools for risk analysis and mitigation.


13 12 July 2016

Reliability and Risk Research Generalizing reliability models to interval probabilities

Football example The three possible outcomes are win (W), draw (D) and loss (L) for the home team. Your beliefs about the match are expressed through the following simple probability judgements X1: chance to win is less than 50% X2: win is at least as probable as draw X3: draw is at least as probable as loss X4: the odds against loss are no more than 4 to 1


14 12 July 2016

Generalizing reliability models to interval probabilities Parallel-series systems

Components connected in series

in parallel

in series-parallel

If reliability information on components is provided in the form of upper and/or lower bounds on probabilistic reliability characteristics, upper and lower bounds of systems reliability can be calculated.


15 12 July 2016

Generalizing reliability models to interval probabilities Markov chains

When state and transition probabilities are given as intervals, a solution to propagation of state probabilities was provided

00,20,40,60,8

1

1 4 7 10 13 16 190

0,20,40,60,8

1

1 4 7 10 13 16 19

0

0.2

0.4

0.6

0.8

1

1 4 7 10 13 16 19

)( 2 kb

)(2 kb

)( 1 kb

)(1 kb )( 3 kb

{ } { }0.27 0.29; ;21.0)0( =jb { } { }0.4 0.52; ;31.0)0( =jb

0.2 0.88 0.1 0.2 0.77 0.3 0.25 0.29 9.0

=ija0.1 0.7 0.02 0.08 0.6 0.15 0.01 0.05 7.0

=ija

Chart12

0.210.31

0.21350.432

0.239410.54646

0.2528670.617669

0.2595250.662048

0.2627240.689705

0.2641950.706941

0.2648240.717683

0.2650580.724377

0.2651170.728549

0.2651060.731149

0.2650730.73277

0.2650380.733779

0.2650080.734409

0.2649850.734801

0.2649680.735045

0.2649560.735198

0.2649480.735293

0.2649430.735352

0.2649390.735389

0.2649370.735412

Markov

00.210.3100000.2900000.520.2700000.400000

10.21350.4320000.4565000.71320.0637000.215500

20.239410.5464600.3687700.6912250.0510340.221600

30.2528670.6176690.3045500.6794590.0427680.227323

40.2595250.6620480.2645590.6736290.0376190.230883

50.2627240.6897050.2396360.6708250.0344090.233102

60.2641950.7069410.2241030.6695340.0324090.234485

70.2648240.7176830.2144230.668980.0311620.235347

80.2650580.7243770.2083910.6687730.0303850.235884

90.2651170.7285490.2046310.6687190.0299010.236219

100.2651060.7311490.2022880.6687280.0296000.236427

110.2650730.7327700.2008280.6687560.0294120.236557

120.2650380.7337790.1999180.6687860.0292940.236638

130.2650080.7344090.1993510.6688120.0292210.236689

140.2649850.7348010.1989970.6688320.0291760.236720

150.2649680.7350450.1987770.6688470.0291470.236740

160.2649560.7351980.1986400.6688570.0291300.236752

170.2649480.7352930.1985540.6688640.0291190.236760

180.2649430.7353520.1985010.6688680.0291120.236765

190.2649390.7353890.1984680.6688720.0291080.236768

200.2649370.7354120.1984470.6688740.0291050.236769

Markov

Upper

Upper probability

Chart14

0.290.52

0.45650.7132

0.368770.691225

0.304550.679459

0.2645590.673629

0.2396360.670825

0.2241030.669534

0.2144230.66898

0.2083910.668773

0.2046310.668719

0.2022880.668728

0.2008280.668756

0.1999180.668786

0.1993510.668812

0.1989970.668832

0.1987770.668847

0.198640.668857

0.1985540.668864

0.1985010.668868

0.1984680.668872

0.1984470.668874

Upper probability

Markov

00.210.3100000.2900000.520.2700000.400000

10.21350.4320000.4565000.71320.0637000.215500

20.239410.5464600.3687700.6912250.0510340.221600

30.2528670.6176690.3045500.6794590.0427680.227323

40.2595250.6620480.2645590.6736290.0376190.230883

50.2627240.6897050.2396360.6708250.0344090.233102

60.2641950.7069410.2241030.6695340.0324090.234485

70.2648240.7176830.2144230.668980.0311620.235347

80.2650580.7243770.2083910.6687730.0303850.235884

90.2651170.7285490.2046310.6687190.0299010.236219

100.2651060.7311490.2022880.6687280.0296000.236427

110.2650730.7327700.2008280.6687560.0294120.236557

120.2650380.7337790.1999180.6687860.0292940.236638

130.2650080.7344090.1993510.6688120.0292210.236689

140.2649850.7348010.1989970.6688320.0291760.236720

150.2649680.7350450.1987770.6688470.0291470.236740

160.2649560.7351980.1986400.6688570.0291300.236752

170.2649480.7352930.1985540.6688640.0291190.236760

180.2649430.7353520.1985010.6688680.0291120.236765

190.2649390.7353890.1984680.6688720.0291080.236768

200.2649370.7354120.1984470.6688740.0291050.236769

Markov

Upper

Upper probability


16 12 July 2016

Generalizing reliability models to interval probabilities Stress-strength reliability models under incomplete information

Y is a random variable describing the strength of a system

X is a random variable describing the stress applied to the system

The reliability of the system is determined as R=Pr(X


17 12 July 2016

Generalizing reliability models to interval probabilities: Stress-strength reliability models under incomplete information

Y is a random variable describing the strength of a system

X is a random variable describing the stress applied to the system

The reliability of the system is determined as R=Pr(X


18 12 July 2016

Generalizing reliability models to interval probabilities Other results

Interval-Valued Structural Reliability Models Based on Statistical Inference (Imprecise Dirichlet Model)

Combining Unreliable Judgements and Deriving Probability Parameters of Interest

Improving Imprecise Reliability Models by Employing Constraints on Probability Density Functions, Failure Rate and other. (Use of the calculus of variations and automated control theory.)

Constructing Imprecise Probability Models


19 12 July 2016

Project risk management The potentials of post-probabilistic uncertainty and risk quantification for (running PhD project)

Alternative approaches for representing and quantifying uncertainty and risk in the management of large engineering projects are investigated:

1. Imprecise probability

2. Dempster-Shafer theory of evidence

3. Possibility theory, which is formally a special case of the imprecise probabilities, so we wont discuss it separately

4. Semi-quantitative representations including the NUSAP tool.

Two cases:

Construction of off-shore wind turbine farms, and

Construction of the fixed link between Denmark and Germany (20 km submersible tunnel)


20 12 July 2016

Discrete event simulation for the analysis of human performance and risks of socio-technical systems: Simulation of Human Performance in Time-Pressured Scenarios

The model of human performance can be presented as a queuing system

Tasks Executed tasks

Source of tasks

Queuing system

Queue Actor

)(tf

)(tf 2

1

2 1 Time available,

Execution time,

Mean execution time

Probability of execution failure

The probability of failure is defined as the probability of execution time exceeding time available


21 12 July 2016

Discrete event simulation for the analysis of human performance and risks of socio-technical systems: Simulation of Human Performance in Time-Pressured Scenarios

First, a task analysis is done

Teamwork

Detect Turbine disturbances

Inform that Turbine Shutdown Occurred

Perform Manual Scram

- 6 min 0

5

Detect valve 311VB51 does not close

Detect the pumps do not start automatic

Inform that containment isolation occurred within 20 s

Close valve 311VB51 from CR

Start failing pumps from CR

Send out FO to start the failing pumps manually

10

Discuss possible actions with reference to the current situation

Start program for depressurisation

15

Make a clear description of the plant-state and give the order to bring the plant to cold shutdown

20 min

Restart cooling system

Pre-initiator phase Early responses to IE Stabilisation phase

Start scenario

Actions

Detection

Time (minutes) Leakage inside reactor vessel


22 12 July 2016

Discrete event simulation for the analysis of human performance and risks of socio-technical systems: Other reference projects

1. Reliability of a gas supply to customers. Financed by Swedegas, owner and operator the gas pipeline Dragr, DK Gutherborg, SV

2. Safe manning of merchant ships. Financed by the Danish Maritime Foundation

3. Train driver performance modelling (developing engineering models for usability studies). Being performed in the framework of the Halden Project

4. Operational risk of assets for a Water Utility Company. Supported by Kbenhavns Energi and Reliasset A/S

5. Risk analysis of a generic hydrogen refuelling station. Internal financing

6. Optimizing the rating of offshore and onshore transformers for an offshore wind farm. Internal financing

7. Powering stochastic reliability models (Markov models) by discrete event simulation. Internal financing


23 12 July 2016

Unforeseen events with high impacts: validation of practices and models for predictability Research project proposal

A recent study of risk analysis results for 103 oil, gas and chemical plants carried out over a 36-year period demonstrates that 20% of the accidents that affected these plants were found to have been due to unforeseen accident scenarios.

6

5

4

2

2

7

0 1 2 3 4 5 6 7 8

NOT PREDICTABLE WITH PRESENT TECHNIQUES

EMPLOYEE IGNORED OR DID NOT KNOW SAFETY

RECOMMENDATION IMPLEMENTED BUT THEN

HAZARD INTRODUCED AFTER QRA, NO MOC

MANAGEMENT REFUSED TO IMPLEMENT RISK

MANAGEMENT FAILED TO IMPLEMENT

Hypotheses. (1) worst-case scenarios seem to take place more frequently than foreseen in the risk analyses applied, (2) lack of predictability is major source of risk that is left unattended and that is often comparable with or greater than the predicted risk, and (3) all this happens because of deficiencies in risk identification practices and models of prediction of rare events.


DTU Management Engineering

24 13 July 2016

Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Creating Resilience Capability against Critical Infrastructure Disruptions: Foundations, Practices and ChallengesIDA Conference Center, Copenhagen, Denmark13 April, 2015Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24

risk research for safety critical systems … · 13 12 july 2016 reliability and risk research ....

Documents