Safety Verification for Autonomous Ships

Autonomous and unmanned ships are approaching reality. One of several unsolved challenges related to these systems is how to perform safety verification. Although this challenge represents a many-faceted problem, which must be addressed at several levels, it seems likely that simulatorbased testing of high-level computer control systems will be an important technique. In the field of reliability verification and testing, design verification refers to the process of verifying that specified functions are satisfied over the life of a system. A basic requirement for any autonomous ship is that it has to be safe. In this paper, we propose to use the Systems-Theoretic Process Analysis (STPA) to (i) derive potential loss scenarios for autonomous ships and safety requirements to prevent them from occurring, and (ii) to develop a safety verification program, including test cases, intended to verify safety. Loss scenarios and associated safety requirements are derived using STPA. To derive a safety verification program, these unsafe scenarios and safety requirements are used to identify key variables, verification objectives, acceptance criteria and a set of suitable verification activities related to each scenario. The paper describes the proposed methodology and demonstrates it in a case study. Test cases for simulator-based testing and practical sea-trials are derived for autonomous ships. The case study shows that the proposed method is feasible as a way of generating a holistic safety verification program for autonomous ships

A novel risk assessment process : application to an autonomous inland waterways ship

Effectively addressing safety, security and cyber-security challenges is quintessential for progressing the development of next generation maritime autonomous shipping. This study aims at developing a novel hybrid, semi-structured process for the hazardous scenarios identification and ranking. This method integrates the operational and functional hazard identification approaches, whilst considering the safety, security and cybersecurity hazards. This method is applied to comprehensively assess the safety of an autonomous inland waterways ship at a preliminary design phase. The hazardous scenarios are identified and ranked by a number of experts participating in a series of sessions. The identified hazards risk is estimated considering the frequency and severity indices, whereas their uncertainty is estimated by employing the standard deviations in these two indices among the experts ranking results. Epistemic uncertainty is also considered during ranking. Risk control measures are proposed to de-risk the critical hazards. The results reveal that the most critical hazards from the safety, security and cybersecurity perspectives pertain to the situation awareness, remote control and propulsion functions. Based on the derived results, design enhancements along with high-level testing scenarios for the investigated autonomous ship are also proposed

A novel method for safety analysis of Cyber-Physical Systems - Application to a ship exhaust gas scrubber system

Cyber-Physical Systems (CPSs) represent a systems category developed and promoted in the maritime industry to automate functions and system operations. In this study, a novel Combinatorial Approach for Safety Analysis is presented, which addresses the traditional safety methods’ limitations by integrating System Theoretic Process Analysis (STPA), Events Sequence Identification (ETI) and Fault Tree Analysis (FTA). The developed method results into the development of a detailed Fault Tree that captures the effects of both the physical components/subsystems and the software functions’ failures. The quantitative step of the method employs the components’ failure rates to calculate the top event failure rate along with criticality analysis metrics for identifying the most critical components/functions. This method is implemented for an exhaust gas open loop scrubber system safety analysis to estimate its failure rate and identify critical failures considering the baseline system configuration as well as various alternatives with advanced functions for monitoring and diagnostics. The results demonstrate that configurations with SOx sensor continuous monitoring or scrubber unit failure diagnosis/prognosis lead to significantly lower failure rate. Based on the analysis results, the advantages/disadvantages of the novel method are also discussed. This study also provides insights for better safety analysis of the CPSs

Analyzing the Interdiction of Sea-Borne Threats Using Simulation Optimization

Worldwide, maritime trade accounts for approximately 80% of all trade by volume and is expected to double in the next twenty years. Prior to September 11, 2001, Ports, Waterways and Coastal Security (PWCS) was afforded only 1 percent of United States Coast Guard (USCG) resources. Today, it accounts for nearly 22 percent of dedicated USCG resources. Tactical assessment of resource requirements and operational limitations on the PWCS mission is necessary for more effective management of USCG assets to meet the broader range of competing missions. This research effort involves the development and validation of a discrete-event simulation model of the at-sea vessel interdiction process utilizing USCG deepwater assets. A discrete-event simulation model of the interdiction, control and boarding, and inspection processes has been developed and validated. Through a simulation optimization approach, our research utilizes the efficiency of a localized search algorithm interfaced with the simulation model to allocate USCG resources in the interception, boarding, and inspection processes with the objective of minimizing overall process time requirements. The model is tested with actual USCG data to gain insight on the development of efficient and effective interdiction operations

QUANTITATIVE SAFETY ASSESSMENT OF AIR TRAFFIC CONTROL SYSTEMS THROUGH SYSTEM CONTROL CAPACITY

Quantitative Safety Assessments (QSA) are essential to safety benefit verification and regulations of developmental changes in safety critical systems like the Air Traffic Control (ATC) systems. Effectiveness of the assessments is particularly desirable today in the safe implementations of revolutionary ATC overhauls like NextGen and SESAR. QSA of ATC systems are however challenged by system complexity and lack of accident data

A novel framework for enhancing marine dual fuel engines environmental and safety performance via digital twins

The Internet of Things (IoT) advent and digitalisation has enabled the effective application of the digital twins (DT) in various industries, including shipping, with expected benefits on the systems safety, efficiency and environmental footprint. The present research study establishes a novel framework that aims to optimise the marine DF engines performance-emissions trade-offs and enhance their safety, whilst delineating the involved interactions and their effect on the performance and safety. The framework employs a DT, which integrates a thermodynamic engine model along with control function and safety systems modelling. The DT was developed in GT-ISE© environment. Both the gas and diesel operating modes are investigated under steady state and transient conditions. The engine layout is modified to include Exhaust Gas Recirculation (EGR) and Air Bypass (ABP) systems for ensuring compliance with ‘Tier III’ emissions requirements. The optimal DF engine settings as well as the EGR/ABP systems settings for optimal engine efficiency and reduced emissions are identified in both gas and diesel modes, by employing a combination of optimisation techniques including multi-objective genetic algorithms (MOGA) and Design of Experiments (DoE) parametric runs. This study addresses safety by developing an intelligent engine monitoring and advanced faults/failure diagnostics systems, which evaluates the sensors measurements uncertainty. A Failure Mode Effects and Analysis (FMEA) is employed to identify the engine safety critical components, which are used to specify operating scenarios for detailed investigation with the developed DT. The integrated DT is further expanded, by establishing a Faulty Operation Simulator (FOS) to simulate the FMEA scenarios and assess the engine safety implications. Furthermore, an Engine Diagnostics System (EDS) is developed, which offers intelligent engine monitoring, advanced diagnostics and profound corrective actions. This is accomplished by developing and employing a Data-Driven (DD) model based on Neural Networks (NN), along with logic controls, all incorporated in the EDS. Lastly, the manufacturer’s and proposed engine control systems are combined to form an innovative Unified Digital System (UDS), which is also included in the DT. The analysis of marine (DF) engines with the use of an innovative DT, as presented herein, is paving the way towards smart shipping.The Internet of Things (IoT) advent and digitalisation has enabled the effective application of the digital twins (DT) in various industries, including shipping, with expected benefits on the systems safety, efficiency and environmental footprint. The present research study establishes a novel framework that aims to optimise the marine DF engines performance-emissions trade-offs and enhance their safety, whilst delineating the involved interactions and their effect on the performance and safety. The framework employs a DT, which integrates a thermodynamic engine model along with control function and safety systems modelling. The DT was developed in GT-ISE© environment. Both the gas and diesel operating modes are investigated under steady state and transient conditions. The engine layout is modified to include Exhaust Gas Recirculation (EGR) and Air Bypass (ABP) systems for ensuring compliance with ‘Tier III’ emissions requirements. The optimal DF engine settings as well as the EGR/ABP systems settings for optimal engine efficiency and reduced emissions are identified in both gas and diesel modes, by employing a combination of optimisation techniques including multi-objective genetic algorithms (MOGA) and Design of Experiments (DoE) parametric runs. This study addresses safety by developing an intelligent engine monitoring and advanced faults/failure diagnostics systems, which evaluates the sensors measurements uncertainty. A Failure Mode Effects and Analysis (FMEA) is employed to identify the engine safety critical components, which are used to specify operating scenarios for detailed investigation with the developed DT. The integrated DT is further expanded, by establishing a Faulty Operation Simulator (FOS) to simulate the FMEA scenarios and assess the engine safety implications. Furthermore, an Engine Diagnostics System (EDS) is developed, which offers intelligent engine monitoring, advanced diagnostics and profound corrective actions. This is accomplished by developing and employing a Data-Driven (DD) model based on Neural Networks (NN), along with logic controls, all incorporated in the EDS. Lastly, the manufacturer’s and proposed engine control systems are combined to form an innovative Unified Digital System (UDS), which is also included in the DT. The analysis of marine (DF) engines with the use of an innovative DT, as presented herein, is paving the way towards smart shipping

Systems approach to creating test scenarios for automated driving systems

Increased safety has been advocated as one of the major benefits of the introduction of Automated Driving Systems (ADSs). Incorporation of ADSs in vehicles mean that associated software has safety critical application, thus requiring exhaustive testing. To prove ADSs are safer than human drivers, some work has suggested that they will need to be driven for over 11 billion miles. The number of test miles driven is not, by itself, a meaningful metric for judging the safety of ADSs. Rather, the types of scenarios encountered by the ADSs during testing are critically important. With a Hazard Based Testing approach, this paper proposes that the extent to which testing miles are ‘smart miles’ that reflect hazard-based scenarios relevant to the way in which an ADS fails or handles hazards is a fundamental, if not pivotal, consideration for safety-assurance of ADSs. Using Systems Theoretic Process Analysis (STPA) method as a foundation, an extension to the STPA method has been developed to identify test scenarios. The approach has been applied to a real-world case study of a SAE Level 4 Low-Speed Automated Driving system (a.k.a. a shuttle). This paper, discusses the STPA analysis and a newly-developed test scenarios creation method derived from STPA

A combinatorial safety analysis of cruise ship Diesel-Electric Propulsion plant blackout

Diesel-Electric Propulsion (DEP) has been widely used for propulsion of various ship types including cruise ships. Considering the potential consequences of blackouts, especially on cruise ships, it is essential to design and operate the ships power plants for avoiding and preventing such events. This study aims at implementing a comprehensive safety analysis for a cruise ship Diesel-Electric Propulsion (DEP) plant focusing on blackout events. The Combinatorial Approach to Safety Analysis (CASA) method is used to develop Fault Trees considering the black out as the top event, and subsequently estimate the blackout frequency as well as implement importance analysis. The derived results demonstrate that the overall blackout frequency is close to corresponding values reported in the pertinent literature as well as estimations based on available accident investigations. This study deduces that the blackout frequency depends on the number of operating Diesel Generators (DG) sets, the DG sets loading profile, the amount of electrical load that can be tripped during overload conditions and the plant operation phase. In addition, failures of the engine auxiliary systems and the fast-electrical load reduction functions as well as the power generation control components are identified as important. This study demonstrates the applicability of the CASA method to complex marine systems and reveals the parameters influencing the investigated system blackout frequency, thus providing better insights for these systems safety analysis and enhancement

The University Defence Research Collaboration In Signal Processing

This chapter describes the development of algorithms for automatic detection of anomalies from multi-dimensional, undersampled and incomplete datasets. The challenge in this work is to identify and classify behaviours as normal or abnormal, safe or threatening, from an irregular and often heterogeneous sensor network. Many defence and civilian applications can be modelled as complex networks of interconnected nodes with unknown or uncertain spatio-temporal relations. The behavior of such heterogeneous networks can exhibit dynamic properties, reflecting evolution in both network structure (new nodes appearing and existing nodes disappearing), as well as inter-node relations. The UDRC work has addressed not only the detection of anomalies, but also the identification of their nature and their statistical characteristics. Normal patterns and changes in behavior have been incorporated to provide an acceptable balance between true positive rate, false positive rate, performance and computational cost. Data quality measures have been used to ensure the models of normality are not corrupted by unreliable and ambiguous data. The context for the activity of each node in complex networks offers an even more efficient anomaly detection mechanism. This has allowed the development of efficient approaches which not only detect anomalies but which also go on to classify their behaviour