RI SK RESEARCH FOR SAFETY CRI TI CAL SYSTEMS AT THE TECHNI CAL UNI - - PowerPoint PPT Presentation

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 1

RI SK RESEARCH FOR SAFETY CRI TI CAL SYSTEMS AT THE TECHNI CAL UNI VERSI TY OF DENMARK I gor Kozine, Senior researcher igko@dtu.dk

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 2 12 July 2016

Risø National Laboratory

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark

Technical University of Denm ark

3

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 4 12 July 2016

Reliability and Risk Research

Academ ic m ilestones Reliability of technical systems

Stochastic uncertainty

Generalised reliability models to intervals

Epistem ic uncertainty

Models of likelihood of accidents

Epistem ic uncertainty

Models of human performance in safety critical systems

Discrete event sim ulation

Organisational factors and risk

Quality of m aintanence of safety barriers

Systems’ resilience

Capabilities based approach

Risk identification in cyber-physical systems

Multilevel – m ultidim ensional HAZOP

Integrated models of risk assess: physical systems and humans

Discrete event sim ulation

TIME TIME

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 5 12 July 2016

Reliability and Risk Research

Dom ains

Nuclear pow er generation W ind pow er generation ( onshore-offshore) Oil and gas transportation Shale gas production Offshore oil and gas production Maritim e Railw ay Bridges and tunnels Hydrogen- driven vehicles, transportation and distribution W ater supply Etc. Chem ical

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 6 12 July 2016

From Risk to Resilience

Marie-Valentine Florin, shown at NATO Workshop 26-29 June, Azores

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 7 12 July 2016

Capabilities-based approach for assessing the resilience of critical infrastructure

Resilience capabilities are defined as enablers of activities and functions that serve the resilience goals. A resilience capability is further broken down into three related compounds: assets, resources, and practices/ routines.

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 8 12 July 2016

Capabilities-based approach for assessing the resilience of critical infrastructure

The approach is being developed in the framework of the EU financed project ‘Resilience Capacities Assessment for Critical Infrastructures Disruptions’ (READ). The strategy of the capabilities-based planning is to prepare for a large variety of threats and risks instead of simply preparing for specific scenarios.

Creating Resilience Capability against Critical I nfrastructure Disruptions: Foundations, Practices and Challenges IDA Conference Center, Copenhagen, Denmark 13 April, 2015

W ELCOME TO I NTERNATI ONAL CONFERENCE!

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 10 12 July 2016

Risks identification in cyber-physical system s

An approach is being developed based on Hazard and Operability Studies (HAZOP). Focal points of the approach are:

• identifying appropriate system representations (respecting the designers’

choice of formalism)

• identifying relevant system parameters and deviation guidewords for

hazard identification A distributed maintenance management system inside a nuclear power plant has been so far to demonstrate the approach.

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 11 12 July 2016

Offshore Platform Hydrocarbon Risk Assessm ent – OPHRA: Feasibility study of an alternative m ethod for Quantitative Risk

Assessm ent using Discrete Event Sim ulation

Physical phenomena Detection & response Escape & evacuation Impact & consequence Tim e

Each process is modelled separately and sends feed-back to the

• thers providing interaction between processes

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 12 12 July 2016

Sim ulation based tool for risk assessm ent and m itigation in com plex system s w ith strategic com ponents

• Risk modelling tools for cyber-physical systems are limited to systems with non-

strategic component while accounting for strategic com ponent behaviour is essential.

• These systems often exhibit externalities that may have significant effect on the

systemic risks. Selfish or/ and malicious components are potential risk contributors and the severity of their consequences should be attempted to being modelled.

• We can hardly expect that the assessment of consequences can be amenable to

analytic evaluation.

• We suggest research towards incorporating strategic component behaviour into

simulation based tools for risk analysis and mitigation.

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 13 12 July 2016

Reliability and Risk Research

Generalizing reliability m odels to interval probabilities

Football example The three possible outcomes are win (W), draw (D) and loss (L) for the home team. Your beliefs about the match are expressed through the following simple probability judgements X1: chance to win is less than 50% X2: win is at least as probable as draw X3: draw is at least as probable as loss X4: the odds against loss are no more than 4 to 1

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 14 12 July 2016

Generalizing reliability m odels to interval probabilities

Parallel-series system s

Components connected in series in parallel in series-parallel

If reliability information on components is provided in the form

• f upper and/ or lower bounds on

probabilistic reliability characteristics, upper and lower bounds of system’s reliability can be calculated.

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 15 12 July 2016

Generalizing reliability m odels to interval probabilities

Markov chains

When state and transition probabilities are given as intervals, a solution to propagation of state probabilities was provided 0,2 0,4 0,6 0,8 1 1 4 7 10 13 16 19 0,2 0,4 0,6 0,8 1 1 4 7 10 13 16 19

0.2 0.4 0.6 0.8 1 1 4 7 10 13 16 19

) ( 2 k b ) (

2 k

b ) ( 1 k b ) (

1 k

b ) ( 3 k b

{ } {

}

0.27 0.29; ; 21 . ) ( =

j

b

{ } {

}

0.4 0.52; ; 31 . ) ( =

j

b 0.2 0.88 0.1 0.2 0.77 0.3 0.25 0.29 9 . =

ij

a

0.1 0.7 0.02 0.08 0.6 0.15 0.01 0.05 7 . =

ij

a

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 16 12 July 2016

Generalizing reliability m odels to interval probabilities

Stress-strength reliability m odels under incom plete inform ation

Y is a random variable describing the strength of a system X is a random variable describing the stress applied to the system The reliability of the system is determined as R= Pr( X< Y) Lack of knowledge about independence of X and Y Independent X and Y Partially known probability distributions Only n points of prob distribution of X are known and m points of Y Known moments of probability distributions Precise or imprecise moments of prob distributions of X and Y are known Probability distributions on nested intervals Nested intervals of X and Y with known probs of finding the true values inside them

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 17 12 July 2016

Generalizing reliability m odels to interval probabilities:

Stress-strength reliability m odels under incom plete inform ation

Y is a random variable describing the strength of a system X is a random variable describing the stress applied to the system The reliability of the system is determined as R= Pr( X< Y)

Example of results

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 18 12 July 2016

Generalizing reliability m odels to interval probabilities

Other results

• Interval-Valued Structural Reliability Models Based on Statistical

Inference (Imprecise Dirichlet Model)

• Combining Unreliable Judgements and Deriving Probability Parameters
• f Interest
• Improving Imprecise Reliability Models by Employing Constraints on

Probability Density Functions, Failure Rate and other. (Use of the calculus of variations and automated control theory.)

• Constructing Imprecise Probability Models

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 19 12 July 2016

Project risk m anagem ent

The potentials of post-probabilistic uncertainty and risk quantification for

( running PhD project)

Alternative approaches for representing and quantifying uncertainty and risk in the management of large engineering projects are investigated:

• 1. Imprecise probability
• 2. Dempster-Shafer theory of evidence
• 3. Possibility theory, which is formally a special case of the imprecise

probabilities, so we won’t discuss it separately

• 4. Semi-quantitative representations including the NUSAP tool.

Two cases: Construction of off-shore wind turbine farms, and Construction of the fixed link between Denmark and Germany (20 km submersible tunnel)

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 20 12 July 2016

Discrete event sim ulation for the analysis of hum an perform ance and risks of socio-technical system s:

Sim ulation of Hum an Perform ance in Tim e-Pressured Scenarios

The model of human performance can be presented as a queuing system

Tasks Executed tasks Source

• f tasks

Queuing system Queue Actor

) (t f ) (t f

2

τ

1

τ

2

τ

1

τ Time available, τ Execution time, θ Mean execution time Probability of execution failure

The probability of failure is defined as the probability of execution time exceeding time available

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 21 12 July 2016

Discrete event sim ulation for the analysis of hum an perform ance and risks of socio-technical system s:

Sim ulation of Hum an Perform ance in Tim e-Pressured Scenarios

First, a task analysis is done

Teamwork

Detect Turbine disturbances Inform that Turbine Shutdown Occurred Perform Manual Scram

• 6 min

5

Detect valve 311VB51 does not close Detect the pumps do not start automatic Inform that containment isolation

• ccurred within 20 s

Close valve 311VB51 from CR Start failing pumps from CR Send out FO to start the failing pumps manually

10

Discuss possible actions with reference to the current situation Start program for depressurisation

15

Make a clear description of the plant-state and give the order to bring the plant to cold shutdown

20 min

Restart cooling system

Pre-initiator phase Early responses to IE Stabilisation phase Start scenario Actions Detection

Time (minutes) Leakage inside reactor vessel

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 22 12 July 2016

Discrete event sim ulation for the analysis of hum an perform ance and risks of socio-technical system s:

Other reference projects

• 1. Reliability of a gas supply to customers. Financed by Swedegas,
• wner and operator the gas pipeline Dragør, DK – Gutherborg, SV
• 2. Safe manning of merchant ships. Financed by the Danish Maritime

Foundation

• 3. Train driver performance modelling (developing engineering models

for usability studies). Being performed in the framework of the Halden Project

• 4. Operational risk of assets for a Water Utility Company. Supported by

Københavns Energi and Reliasset A/ S

• 5. Risk analysis of a generic hydrogen refuelling station. Internal

financing

• 6. Optimizing the rating of offshore and onshore transformers for an
• ffshore wind farm. Internal financing
• 7. Powering stochastic reliability models (Markov models) by discrete

event simulation. Internal financing

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark 23 12 July 2016

Unforeseen events w ith high im pacts: validation of practices and m odels for predictability

Research project proposal

A recent study of risk analysis results for 103 oil, gas and chemical plants carried out

• ver a 36-year period demonstrates that 20% of the accidents that affected these

plants were found to have been due to unforeseen accident scenarios.

6 5 4 2 2 7 1 2 3 4 5 6 7 8 NOT PREDICTABLE WITH PRESENT TECHNIQUES EMPLOYEE IGNORED OR DID NOT KNOW SAFETY … RECOMMENDATION IMPLEMENTED BUT THEN … HAZARD INTRODUCED AFTER QRA, NO MOC MANAGEMENT REFUSED TO IMPLEMENT RISK … MANAGEMENT FAILED TO IMPLEMENT …

• Hypotheses. (1) worst-case scenarios seem to take place more frequently than

foreseen in the risk analyses applied, (2) lack of predictability is major source of risk that is left unattended and that is often comparable with or greater than the predicted risk, and (3) all this happens because of deficiencies in risk identification practices and models of prediction of rare events.

Engineering System s Division, DTU Managem ent Engineering, Technical University of Denm ark

DTU Managem ent Engineering

24 13 July 2016