Upload
duonglien
View
214
Download
0
Embed Size (px)
Citation preview
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
1
RISK RESEARCH FOR SAFETY CRITICAL SYSTEMS AT THE TECHNICAL UNIVERSITY OF DENMARK
Igor Kozine, Senior researcher [email protected]
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
2 12 July 2016
Ris National Laboratory
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
Technical University of Denmark
3
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
4 12 July 2016
Reliability and Risk Research Academic milestones
Reliability of technical systems Stochastic uncertainty
Generalised reliability models to intervals Epistemic uncertainty
Models of likelihood of accidents Epistemic uncertainty
Models of human performance in safety critical systems Discrete event simulation
Organisational factors and risk Quality of maintanence of safety barriers
Systems resilience Capabilities based approach
Risk identification in cyber-physical systems Multilevel multidimensional HAZOP
Integrated models of risk assess: physical systems and humans Discrete event simulation
TIME
TIME
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
5 12 July 2016
Reliability and Risk Research Domains
Nuclear power generation
Wind power generation (onshore-offshore)
Oil and gas transportation
Shale gas production
Offshore oil and gas production
Maritime Railway Bridges and tunnels
Hydrogen-driven vehicles, transportation and distribution
Water supply Etc.
Chemical
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
6 12 July 2016
From Risk to Resilience
Marie-Valentine Florin, shown at NATO Workshop 26-29 June, Azores
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
7 12 July 2016
Capabilities-based approach for assessing the resilience of critical infrastructure Resilience capabilities are defined as enablers of activities and functions that serve the resilience goals.
A resilience capability is further broken down into three related compounds: assets, resources, and practices/routines.
http://www.read-project.eu/
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
8 12 July 2016
Capabilities-based approach for assessing the resilience of critical infrastructure
The approach is being developed in the framework of the EU financed project Resilience Capacities Assessment for Critical Infrastructures Disruptions (READ).
The strategy of the capabilities-based planning is to prepare for a large variety of threats and risks instead of simply preparing for specific scenarios.
Creating Resilience Capability against Critical
Infrastructure Disruptions: Foundations, Practices
and Challenges
IDA Conference Center, Copenhagen, Denmark
13 April, 2015
WELCOME TO INTERNATIONAL CONFERENCE!
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
10 12 July 2016
Risks identification in cyber-physical systems
An approach is being developed based on Hazard and Operability Studies (HAZOP). Focal points of the approach are:
identifying appropriate system representations (respecting the designers choice of formalism)
identifying relevant system parameters and deviation guidewords for hazard identification
A distributed maintenance management system inside a nuclear power plant has been so far to demonstrate the approach.
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
11 12 July 2016
Offshore Platform Hydrocarbon Risk Assessment OPHRA: Feasibility study of an alternative method for Quantitative Risk Assessment using Discrete Event Simulation
Physical phenomena
Detection & response
Escape & evacuation
Impact & consequence
Time
Each process is modelled separately and sends feed-back to the others providing interaction between processes
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
12 12 July 2016
Simulation based tool for risk assessment and mitigation in complex systems with strategic components
Risk modelling tools for cyber-physical systems are limited to systems with non-strategic component while accounting for strategic component behaviour is essential.
These systems often exhibit externalities that may have significant effect on the systemic risks. Selfish or/and malicious components are potential risk contributors and the severity of their consequences should be attempted to being modelled.
We can hardly expect that the assessment of consequences can be amenable to analytic evaluation.
We suggest research towards incorporating strategic component behaviour into simulation based tools for risk analysis and mitigation.
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
13 12 July 2016
Reliability and Risk Research Generalizing reliability models to interval probabilities
Football example The three possible outcomes are win (W), draw (D) and loss (L) for the home team. Your beliefs about the match are expressed through the following simple probability judgements X1: chance to win is less than 50% X2: win is at least as probable as draw X3: draw is at least as probable as loss X4: the odds against loss are no more than 4 to 1
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
14 12 July 2016
Generalizing reliability models to interval probabilities Parallel-series systems
Components connected in series
in parallel
in series-parallel
If reliability information on components is provided in the form of upper and/or lower bounds on probabilistic reliability characteristics, upper and lower bounds of systems reliability can be calculated.
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
15 12 July 2016
Generalizing reliability models to interval probabilities Markov chains
When state and transition probabilities are given as intervals, a solution to propagation of state probabilities was provided
00,20,40,60,8
1
1 4 7 10 13 16 190
0,20,40,60,8
1
1 4 7 10 13 16 19
0
0.2
0.4
0.6
0.8
1
1 4 7 10 13 16 19
)( 2 kb
)(2 kb
)( 1 kb
)(1 kb )( 3 kb
{ } { }0.27 0.29; ;21.0)0( =jb { } { }0.4 0.52; ;31.0)0( =jb
0.2 0.88 0.1 0.2 0.77 0.3 0.25 0.29 9.0
=ija0.1 0.7 0.02 0.08 0.6 0.15 0.01 0.05 7.0
=ija
Chart12
0.210.31
0.21350.432
0.239410.54646
0.2528670.617669
0.2595250.662048
0.2627240.689705
0.2641950.706941
0.2648240.717683
0.2650580.724377
0.2651170.728549
0.2651060.731149
0.2650730.73277
0.2650380.733779
0.2650080.734409
0.2649850.734801
0.2649680.735045
0.2649560.735198
0.2649480.735293
0.2649430.735352
0.2649390.735389
0.2649370.735412
Markov
00.210.3100000.2900000.520.2700000.400000
10.21350.4320000.4565000.71320.0637000.215500
20.239410.5464600.3687700.6912250.0510340.221600
30.2528670.6176690.3045500.6794590.0427680.227323
40.2595250.6620480.2645590.6736290.0376190.230883
50.2627240.6897050.2396360.6708250.0344090.233102
60.2641950.7069410.2241030.6695340.0324090.234485
70.2648240.7176830.2144230.668980.0311620.235347
80.2650580.7243770.2083910.6687730.0303850.235884
90.2651170.7285490.2046310.6687190.0299010.236219
100.2651060.7311490.2022880.6687280.0296000.236427
110.2650730.7327700.2008280.6687560.0294120.236557
120.2650380.7337790.1999180.6687860.0292940.236638
130.2650080.7344090.1993510.6688120.0292210.236689
140.2649850.7348010.1989970.6688320.0291760.236720
150.2649680.7350450.1987770.6688470.0291470.236740
160.2649560.7351980.1986400.6688570.0291300.236752
170.2649480.7352930.1985540.6688640.0291190.236760
180.2649430.7353520.1985010.6688680.0291120.236765
190.2649390.7353890.1984680.6688720.0291080.236768
200.2649370.7354120.1984470.6688740.0291050.236769
Markov
Upper
Upper probability
Chart14
0.290.52
0.45650.7132
0.368770.691225
0.304550.679459
0.2645590.673629
0.2396360.670825
0.2241030.669534
0.2144230.66898
0.2083910.668773
0.2046310.668719
0.2022880.668728
0.2008280.668756
0.1999180.668786
0.1993510.668812
0.1989970.668832
0.1987770.668847
0.198640.668857
0.1985540.668864
0.1985010.668868
0.1984680.668872
0.1984470.668874
Upper probability
Markov
00.210.3100000.2900000.520.2700000.400000
10.21350.4320000.4565000.71320.0637000.215500
20.239410.5464600.3687700.6912250.0510340.221600
30.2528670.6176690.3045500.6794590.0427680.227323
40.2595250.6620480.2645590.6736290.0376190.230883
50.2627240.6897050.2396360.6708250.0344090.233102
60.2641950.7069410.2241030.6695340.0324090.234485
70.2648240.7176830.2144230.668980.0311620.235347
80.2650580.7243770.2083910.6687730.0303850.235884
90.2651170.7285490.2046310.6687190.0299010.236219
100.2651060.7311490.2022880.6687280.0296000.236427
110.2650730.7327700.2008280.6687560.0294120.236557
120.2650380.7337790.1999180.6687860.0292940.236638
130.2650080.7344090.1993510.6688120.0292210.236689
140.2649850.7348010.1989970.6688320.0291760.236720
150.2649680.7350450.1987770.6688470.0291470.236740
160.2649560.7351980.1986400.6688570.0291300.236752
170.2649480.7352930.1985540.6688640.0291190.236760
180.2649430.7353520.1985010.6688680.0291120.236765
190.2649390.7353890.1984680.6688720.0291080.236768
200.2649370.7354120.1984470.6688740.0291050.236769
Markov
Upper
Upper probability
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
16 12 July 2016
Generalizing reliability models to interval probabilities Stress-strength reliability models under incomplete information
Y is a random variable describing the strength of a system
X is a random variable describing the stress applied to the system
The reliability of the system is determined as R=Pr(X
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
17 12 July 2016
Generalizing reliability models to interval probabilities: Stress-strength reliability models under incomplete information
Y is a random variable describing the strength of a system
X is a random variable describing the stress applied to the system
The reliability of the system is determined as R=Pr(X
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
18 12 July 2016
Generalizing reliability models to interval probabilities Other results
Interval-Valued Structural Reliability Models Based on Statistical Inference (Imprecise Dirichlet Model)
Combining Unreliable Judgements and Deriving Probability Parameters of Interest
Improving Imprecise Reliability Models by Employing Constraints on Probability Density Functions, Failure Rate and other. (Use of the calculus of variations and automated control theory.)
Constructing Imprecise Probability Models
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
19 12 July 2016
Project risk management The potentials of post-probabilistic uncertainty and risk quantification for (running PhD project)
Alternative approaches for representing and quantifying uncertainty and risk in the management of large engineering projects are investigated:
1. Imprecise probability
2. Dempster-Shafer theory of evidence
3. Possibility theory, which is formally a special case of the imprecise probabilities, so we wont discuss it separately
4. Semi-quantitative representations including the NUSAP tool.
Two cases:
Construction of off-shore wind turbine farms, and
Construction of the fixed link between Denmark and Germany (20 km submersible tunnel)
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
20 12 July 2016
Discrete event simulation for the analysis of human performance and risks of socio-technical systems: Simulation of Human Performance in Time-Pressured Scenarios
The model of human performance can be presented as a queuing system
Tasks Executed tasks
Source of tasks
Queuing system
Queue Actor
)(tf
)(tf 2
1
2 1 Time available,
Execution time,
Mean execution time
Probability of execution failure
The probability of failure is defined as the probability of execution time exceeding time available
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
21 12 July 2016
Discrete event simulation for the analysis of human performance and risks of socio-technical systems: Simulation of Human Performance in Time-Pressured Scenarios
First, a task analysis is done
Teamwork
Detect Turbine disturbances
Inform that Turbine Shutdown Occurred
Perform Manual Scram
- 6 min 0
5
Detect valve 311VB51 does not close
Detect the pumps do not start automatic
Inform that containment isolation occurred within 20 s
Close valve 311VB51 from CR
Start failing pumps from CR
Send out FO to start the failing pumps manually
10
Discuss possible actions with reference to the current situation
Start program for depressurisation
15
Make a clear description of the plant-state and give the order to bring the plant to cold shutdown
20 min
Restart cooling system
Pre-initiator phase Early responses to IE Stabilisation phase
Start scenario
Actions
Detection
Time (minutes) Leakage inside reactor vessel
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
22 12 July 2016
Discrete event simulation for the analysis of human performance and risks of socio-technical systems: Other reference projects
1. Reliability of a gas supply to customers. Financed by Swedegas, owner and operator the gas pipeline Dragr, DK Gutherborg, SV
2. Safe manning of merchant ships. Financed by the Danish Maritime Foundation
3. Train driver performance modelling (developing engineering models for usability studies). Being performed in the framework of the Halden Project
4. Operational risk of assets for a Water Utility Company. Supported by Kbenhavns Energi and Reliasset A/S
5. Risk analysis of a generic hydrogen refuelling station. Internal financing
6. Optimizing the rating of offshore and onshore transformers for an offshore wind farm. Internal financing
7. Powering stochastic reliability models (Markov models) by discrete event simulation. Internal financing
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
23 12 July 2016
Unforeseen events with high impacts: validation of practices and models for predictability Research project proposal
A recent study of risk analysis results for 103 oil, gas and chemical plants carried out over a 36-year period demonstrates that 20% of the accidents that affected these plants were found to have been due to unforeseen accident scenarios.
6
5
4
2
2
7
0 1 2 3 4 5 6 7 8
NOT PREDICTABLE WITH PRESENT TECHNIQUES
EMPLOYEE IGNORED OR DID NOT KNOW SAFETY
RECOMMENDATION IMPLEMENTED BUT THEN
HAZARD INTRODUCED AFTER QRA, NO MOC
MANAGEMENT REFUSED TO IMPLEMENT RISK
MANAGEMENT FAILED TO IMPLEMENT
Hypotheses. (1) worst-case scenarios seem to take place more frequently than foreseen in the risk analyses applied, (2) lack of predictability is major source of risk that is left unattended and that is often comparable with or greater than the predicted risk, and (3) all this happens because of deficiencies in risk identification practices and models of prediction of rare events.
Engineering Systems Division, DTU Management Engineering, Technical University of Denmark
DTU Management Engineering
24 13 July 2016
Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Creating Resilience Capability against Critical Infrastructure Disruptions: Foundations, Practices and ChallengesIDA Conference Center, Copenhagen, Denmark13 April, 2015Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Slide Number 20Slide Number 21Slide Number 22Slide Number 23Slide Number 24