SYSTEM ANALYSIS IN DEPENDABILITY AND SAFETY
Aim. To promote a better understanding, a wider and more correct application of the effectiveness retention ratio. That is the measure that is best suited for assessing the dependability of complex technical systems, in which partial failures are possible that put a system into intermediate states between complete up and down ones.
Methods. The paper uses the methods of the probability theory and comparative analysis of texts of interstate (Euro-Asian), Russian and international dependability-related standards.
Results. The principal contribution of Russian researchers to the creation and development of methods for applying effectiveness indicators to estimating the dependability of complex systems is pointed out. Shortcomings were identified in the basic dependability-related standards as regards the effectiveness retention ratio and related concepts. Namely, in terminology standard GOST 27.002–2015, the phrases that require improvement are indicated. They relate to the concepts of partial failure, partial up state and partial down state. A broader and more ac[1]curate definition of partial failure is suggested. It is noted that the relationship between partially up and partially down states are to be discussed and clarified. GOST 27.003–2016 that establishes the content and general rules for specifying dependability requirements contains wording errors in the classification of items according to the number of possible (taken into consideration) states and in the examples of possible variants of the effectiveness retention ratio in various branches of technology that are probabilities of task completion, etc. The paper suggests corrections to the appropriate wordings. It has been established that although the effectiveness retention ratio is not referred to in the international dependability-related terminology standard (IEC 60050-192:2015), it implicitly appears in two IEC standards (IEC 61703:2016 and IEC 62673:2013), in which it is assigned to availability measures.
Conclusion. The paper’s findings will be useful to experts involved in the assessment and standardization of complex technical system dependability. Their implementation will help improve interstate, Russian and international dependability-related standards.
Introduction. Industrial pipeline transportation systems are complex, potentially hazardous engineering facilities that ensure the delivery of specified amounts of a target product to consumers. The development of emergencies associated with the transition to the down state of a certain number of pipelines may result in the disconnection of some or all the product consumers from the source. If the system’s linear elements transition to the down state in a random order, such a change of the network structure is called a progressive damage. A progressive damage is especially hazardous if, in the course of maintenance activities, a part of the system or a set of process pipelines is disconnected.
The Aim of the work is to identify the change patterns of pipeline system resilience when affected by progressive damage and to develop practical recommendations for ensuring the resilience of such systems in operation and during maintenance operations.
Methods of research. The resilience of systems as the capability to resist progressive damage was evaluated with an indicator that represents the average fraction of pipelines whose transition into the down state causes the disconnection of all consumers from the source of the product. The resilience values were defined by means of computer simulation. The network structure and the nature of the existing intersystem communications were defined using an adjacency matrix.
Results. Damage to a transportation network structure is regarded as a result of a two-stage process. At the stage of target transformation, linear elements are purposefully excluded from a full graph-based structure, bringing the network to a certain initial state. At the second stage, the original structure is transformed according to the mechanism of progressive damage. Such approach allows correctly assessing the changes in the resilience of complex network structures and their ability to resist the development of the processes of damage. The paper sets forth calculated characteristics that allow predicting the behaviour of pipeline networks affected by emergencies. The existence of limit network structures is demonstrated that prove to be very vulnerable to the development of progressive damage.
Conclusions. As the process of targeted transformation goes on, the ability of newly formed network structures to resist the development of progressive damage progressively diminishes. The lowest level of pipeline system resilience against the development of the process of progressive damage can be observed as the structure of the network nears the limit state. When preparing maintenance activities with scheduled exclusion of a number of linear elements from an active pipeline system, the proximity of the newly built network structure to the limit state should be assessed along with the resilience of the restored system to possible development of progressive damage.
Aim. In today’s major cities, increased utilization and capacity of the rapid transit systems (metro, light rail, commuter trains with stops within the city limits) – under condi[1]tions of positive traffic safety – is achieved through smart automatic train traffic management. The aim of this paper is to choose and substantiate the design principles and architecture of such system.
Methods. Using systems analysis, the design principles and architecture of the system are substantiated. Genetic algorithms allow automating train traffic planning. Methods of the optimal control theory allow managing energy-efficient train movement patterns along open lines, assigning individual station-to-station running times following the principle of mini[1]mal energy consumption, developing energy-efficient target traffic schedules. Methods of the automatic control theory are used for selecting and substantiating the train traffic algorithms at various functional levels, for constructing random disturbance extrapolators that minimize the number of train stops between stations.
Results. Development and substantiation of the design principles and architecture of a centralized intelligent hierarchical system for automatic rapid transit traffic management. The distribution of functions between the hierarchy levels is described, the set of subsystems is shown that implement the purpose of management, i.e., ensuring traffic safety and comfort of passengers. The criteria are defined and substantiated of management quality under compensated and non-compensated disturbances. Traffic management and target scheduling automation algorithms are examined. The application of decision algorithms is demonstrated in the context of uncertainty, use of disturbance prediction and genetic algorithms for the purpose of train traffic planning automation. The design principles of the algorithms of traffic planning and management are shown that ensure reduced traction energy consumption. The efficiency of centralized intelligent rapid transit management system is demonstrated; the fundamental role of the system in the digitalization of the transport system is noted.
Conclusion. The examined design principles and operating algorithms of a centralized intelligent rapid transit management system showed the efficiency of such systems that ensured by the following: increased capacity of the rapid transit system; improved energy efficiency of train traffic planning and management; improved train traffic safety; assurance of operational traffic management during emergencies and major traffic disruptions; improved passenger comfort.
DISCUSSION OF DEPENDABILITY TERMINOLOGY
Aim. To harmonize the definitions of errors, faults, failures in the Russian and English languages. The Object of the paper is one of the most important subject matters of the dependability theory and functional safety. The Subject of the paper is the concepts and definitions of failures, errors, faults.
Results of the research: analysis of the definitions of the concepts describing the dependability and functional safety of items in the Russian and international standards, such as GOST 27.002-2015, GOST R/IEC 61508-2012, IEC 60050, DIN 40041, as well as in publications by a number of authors. The analysis shows that failure is always associated with the loss of function, i.e., the ability to perform as required by all standards. It should be noted that wrong user expectation does qualify as failure. A failure should be distinguished from unintended functions. A fault is defined as a system’s inability to perform the required operation to the full extent that, under certain conditions, may escalate into a failure. An error as a discrepancy between a calculated, observed or measured value or condition and a true, specified or theoretically correct value or condition is a deviation that is present and, under certain conditions, would probably turn into a failure. A typical example is non-critical software errors. The so-called systematic failures are actually errors that can turn into critical errors (failures). Let us note that the definitions in the IEC 60050 international electrotechnical vocabulary can be used, as they show general agreement, which is not surprising for an international standard.
Aim. This article aims to eliminate the shortcomings associated with the application of the conventional, yet insufficiently substantiated terms in the GOST 27.002-2015 interstate standard. Correct understanding and use of terms are of great significance for the activities of dependability experts.
Methods. Shortcomings in terminology are eliminated by clarifying the definitions of the used terms. Several terms used in this standard were submitted to logical and terminological analysis that is based on statutory requirements and the semantic meanings of such terms. The premises were set forth in [8].
Findings and conclusions. Definitions of several new terms, as well as those that do not meet the identified requirements are suggested: “dependability theory”, “dependability estimation”, “dependability calculation”, etc. The expressed considerations could provide the foundation for the adoption of agreed (com[1]promise) solutions.
SAFETY. RISK MANAGEMENT. THEORY AND PRACTICE
The Aim of the paper is to consider approaches to the analysis of a safety model of complex multi-loop transportation systems comprising not completely supervised subsystems.
Method. For the description of a safety model, the paper uses systems theoretic process analysis (STPA) methods and the principles specified in ISO/PAS 21448:2019 (SOTIF).
Result. The paper shows drawbacks of the FTA and FMEA local risk analysis methods and demonstrates a demand for some universal approach based on the combination of STPA and control theory. It gives an overview of the major stages of such analysis for the safety model of complex transportation systems exemplified by the Moscow Central Circle, which provide a feedback for safety evaluation of a transport control system under development. The paper analyzes the feasibility of using a virtual model for control purposes in the form of a so-called “supervised artificial neural network”.
Conclusion. Today, railways are actively testing autonomous systems (with no driver onboard) that apply as their subsystems automatic perception modules using machine learning. The introduction of the latter into the control loop complicates the task of hazard analysis and safety evaluation of such systems using conventional FTA and FMEA methods. The construction of a safety model of such complex multi-loop transportation systems comprising not completely supervised subsystems that use machine learning methods with not completely predictable behavior requires the application of a systems approach to the analysis of unsafe scenarios along with the compilation of a scenario library and the formalization of a hazard model’s description, pertaining to the boundaries of various control loops as well, in order to reduce the regions of unknown unsafe scenarios for autonomous transportation systems under development.
Aim. To suggest an approach to identifying the common features of statistical series containing information on the time, place and external conditions of the development and propagation of emergency situations associated with fires and ammunition explosions at fixed storage facilities, to synthesize the function of partial risk indicator of such situations, i.e., the energy susceptibility to external effects of ammunition storage systems.
Methods. The paper uses methods of mathematical analysis of statistical series and probability theory. For the first time ever, individual external conditions of emergency situations involving ammunition are analysed using statistical series (rate of insolation).
Results. The paper has collected and classified statistical data on emergencies involving fires and explosions in ammunition storage facilities that took place in the current century in a number of countries of the world, whose emergency nature was confirmed by extensive media coverage. Using statistical series analysis, an exponential relationship has been established between the rate of fires and explosions and the total power saturation of the ammunition storage system.
Conclusions. The frequency of emergencies involving fires and explosions depends on the overall power saturation of the storage system that is defined by the solar intensity in the area of the ammunition storage facility that depends on its latitude and season. The suggested approach allows, by analysing empirical data on the time and place of emergencies, identifying the specific survivability values of a hazardous storage facility characterizing the energy susceptibility of the system to the effects that trigger explosions and fires.
Aim. Today, the development and operation of weapons and military equipment is characterized by fast-growing customer requirements, which, in turn, leads to their increased technical complexity and cost. It is obvious that maintaining the required physical and operational characteristics of high-technology weapons and military equipment by the users is not always possible due to a number of reasons, including insufficient capabilities of the service units that do not have the required personnel, assets and competences. In turn, the manufacturers involved in the delivery of the government defence order are also interested in shaping long-term relations with the customer allowing to build a platform for sound progress. One of the possible solutions for such interaction between the customer and the contractor used worldwide and in Russia is public-private partnership in the form of life cycle contracts. Despite the obvious advantages, its introduction into the practice of weapons and military equipment life cycle is hampered by a number of adverse factors (insufficiencies in the regulatory framework and technical standards, poor level of information technology deployment in LC management) that need to be overcome in terms of both scientific and practical considerations. It is perfectly clear that developing a tool that would allow mitigating a full spectrum of problems as part of this study would be an extremely challenging task. Given the above, the paper aims to examine risks as one of the aspects of this complex problem that implies the development of a new approach to the interaction of the parties involved in a life cycle contract for weapons and military equipment, taking into account the current conditions, interests, goals and objectives. It involves comprehensive analysis of uncertainty and the whole spectrum of possible risks associated with the weapons and military equipment life cycle processes.
Methods. The managerial decision-making is based on the decision tree method that allows dividing the complex decision-making problem into component tasks and obtaining quantitative risk estimates, thus developing an adequate system of measures for the prevention of event risks and reduction of their negative consequences.
Results. Based on the proposed methodological framework, a risk management algorithm has been developed, a matrix has been defined for assessing risks and their impact on the temporal and technical characteristics, as well as the costs of a project.
Conclusion. The suggested approach is universally applicable and can be used by both the officials of military authorities in the process of scientific support of LCC implementation, and by the management of defense contractors as they develop their interaction with the military authorities responsible for the creation and operation of weapons and military equipment.