A Tool for Global Resilience Analysis of Water Distribution Systems

This is a joint publication in collaboration with Centre for Water Systems at University of Exeter. This research is based on my previous work for Prof. Butler's project of "Safe and SuRe: A New Paradigm for Urban Water Management".A comprehensive assessment of resilience requires consideration of system performance under exceptional conditions, including those that are unforeseen, and can be achieved using a previously developed methodology called ‘global resilience analysis’ (GRA). GRA captures the effects of both probable and highly improbable (unknown probability) system failures and requires no knowledge of threats. Here, a simple, user-friendly tool that automates the simulations required for GRA of a water distribution system and assists comprehension of the results is presented. Provided the user can supply an Epanet .inp file for the system and that this contains demand data (an understanding of Epanet and system failure modelling is not necessary), the tool can be used to quantify the resilience of the system to pipe failure, pump failure, demand increase and contaminant intrusion. An interactive results explorer allows the user to easily identify critical system components based on the selected level of service type and failure measure (e.g. pressure, supply or contamination and failure magnitude or duration). A map of the network can be used to either color-code components based on their criticality in a single component failure analysis or to identify specific combinations of components which result in the greatest level of service failure magnitude or duration when failed simultaneously. ‘Stress-strain’ type response curves can also be automatically generated and key findings automatically extracted. Additionally, the tool enables systems to be compared on a like-for-like basis, enabling the effects of proposed interventions on resilience to be quantified and visualized

A Fault Tolerant System for an Integrated Avionics Sensor Configuration

An aircraft sensor fault tolerant system methodology for the Transport Systems Research Vehicle in a Microwave Landing System (MLS) environment is described. The fault tolerant system provides reliable estimates in the presence of possible failures both in ground-based navigation aids, and in on-board flight control and inertial sensors. Sensor failures are identified by utilizing the analytic relationships between the various sensors arising from the aircraft point mass equations of motion. The estimation and failure detection performance of the software implementation (called FINDS) of the developed system was analyzed on a nonlinear digital simulation of the research aircraft. Simulation results showing the detection performance of FINDS, using a dual redundant sensor compliment, are presented for bias, hardover, null, ramp, increased noise and scale factor failures. In general, the results show that FINDS can distinguish between normal operating sensor errors and failures while providing an excellent detection speed for bias failures in the MLS, indicated airspeed, attitude and radar altimeter sensors

Intelligent Novel Methods for Identifying Critical Components and Their Combinations for Hypothesized Cyber-physical Attacks Against Electric Power Grids

As a revolutionary change to the traditional power grid, the smart grid is expected to introduce a myriad of noteworthy benefits by integrating the advanced information and communication technologies in terms of system costs, reliability, environmental impacts, operational flexibility, etc. However, the wider deployment of cyber networks in the power grid will bring about important issues on power system cyber security. Meanwhile, the power grid is becoming more vulnerable to various physical attacks due to vandalism and probable terrorist attacks. In an envisioned smart grid environment, attackers have more entry points to various parts of the power grid for launching a well-planned and highly destructive attack in a coordinated manner. Thus, it is important to address the smart grid cyber-physical security issues in order to strengthen the robustness and resiliency of the smart grid in the face of various adverse events. One key step of this research topic is to efficiently identify the vulnerable parts of the smart grid. In this thesis, from the perspective of smart grid cyber-physical security, three critical component combination identification methods are proposed to reveal the potential vulnerability of the smart grid. First, two performance indices based critical component combination recognition methods are proposed for more effectively identifying the critical component combinations in the multi-component attack scenarios. The optimal selection of critical components is determined according to the criticality of the components, which can be modeled by various performance indices. Further, the space-pruning based enumerative search strategy is investigated to comprehensively and effectively identify critical combinations of multiple same or different types of components. The pruned search space is generated based on the criticality of potential target component which is obtained from low-order enumeration data. Specifically, the combinatorial line-generator attack strategy is investigated by exploring the strategy for attacking multiple different types of components. Finally, an effective, novel approach is proposed for identifying critical component combinations, which is termed search space conversion and reduction strategy based intelligent search method (SCRIS). The conversion and reduction of the search space is achieved based on the criticality of the components which is obtained from an efficient sampling method. The classic intelligent search algorithm, Particle Swarm Optimization (PSO), is improved and deployed for more effectively identifying critical component combinations. MATLAB is used as the simulation platform in this study. The IEEE 30, 39, 118 and Polish 2383-bus systems are adopted for verifying the effectiveness of the proposed attack strategies. According to the simulation results, the proposed attack strategies turn out to be effective and computationally efficient. This thesis can provide some useful insight into vulnerability identification in a smart grid environment, and defensive strategies can be developed in view of this work to prevent malicious coordinated multi-component attacks which may initiate cascading failures in a cyber-physical environment

Bulk Power Grid Risk Analysis: Ranking Infrastructure Elements According to their Risk Significance

Disruptions in the bulk power grid can result in very diverse consequences that include economic, social, physical, and psychological impacts. In addition, power outages do not affect all end-users of the system in the same manner. For these reasons, a risk analysis of bulk power systems requires more than determining the likelihood and magnitude of power outages; it must also include the diverse impacts power outages have on the users of the system. We propose a methodology for performing a risk analysis on the bulk power system. A power flow simulation model is used to determine the likelihood and extent of power outages when components within the system fail to perform their designed function. The consequences associated with these failures are determined by looking at the type and number of customers affected. Stakeholder input is used to evaluate the relative importance of these consequences. The methodology culminates with a ranking of each system component by its risk significance to the stakeholders. The analysis is performed for failures of infrastructure elements due to both random causes and malevolent acts

System analysis and integration studies for a 15-micron horizon radiance measurement experiment

Systems analysis and integration studies for 15-micron horizon radiance measurement experimen

Study of fault-tolerant software technology

Presented is an overview of the current state of the art of fault-tolerant software and an analysis of quantitative techniques and models developed to assess its impact. It examines research efforts as well as experience gained from commercial application of these techniques. The paper also addresses the computer architecture and design implications on hardware, operating systems and programming languages (including Ada) of using fault-tolerant software in real-time aerospace applications. It concludes that fault-tolerant software has progressed beyond the pure research state. The paper also finds that, although not perfectly matched, newer architectural and language capabilities provide many of the notations and functions needed to effectively and efficiently implement software fault-tolerance

Resilience Evaluation and Enhancement in Mobile Ad Hoc Networks

Understanding network behavior that undergoes challenges is essential to constructing a resilient and survivable network. Due to the mobility and wireless channel properties, it is more difficult to model and analyze mobile ad hoc networks under various challenges. We provide a comprehensive model to assess the vulnerability of mobile ad hoc networks in face of malicious attacks. We analyze comprehensive graph-theoretical properties and network performance of the dynamic networks under attacks against the critical nodes using both synthetic and real-world mobility traces. Motivated by Minimum Spanning Tree and small-world networks, we propose a network enhancement strategy by adding long-range links. We compare the performance of different enhancement strategies by evaluating a list of robustness measures. Our study provides insights into the design and construction of resilient and survivable mobile ad hoc networks

Preliminary candidate advanced avionics system for general aviation

An integrated avionics system design was carried out to the level which indicates subsystem function, and the methods of overall system integration. Sufficient detail was included to allow identification of possible system component technologies, and to perform reliability, modularity, maintainability, cost, and risk analysis upon the system design. Retrofit to older aircraft, availability of this system to the single engine two place aircraft, was considered

Historical review of fire safety at NPP and application of fire PSA to Westinghouse PWR NPP in the frame of risk-informed decision making by

The importance of fire as a potential initiator of multiple-system failures took on a new perspective after the cable-tray fire at Browns Ferry in 1975 The review have shown that the first generation Nuclear Power Plant (NPP) fire safety was not factored as high risk area that needed to be effectively assessed and quantified. This resulted in development of peculiar fire safety regulations, standards and expensive backfits. Lack of appropriate regulations and effective methods of fire risk assessment, prescriptive, difficult and expensive retrofit regulations were instituted in USA. The alternative risk-informed performance based regulation was established in USA to resolve the challenges of the prescriptive rules. The review have revealed that both the prescriptive and risk-informed performance based approaches will not represent adequate design basis for new Nuclear Power Plants. The Japanese were pulled in the path of renew fire safety regulations and risk quantification after the Fukushima accident. It has been recognized that effective fire safety assessment, and culture, in concert with countermeasures to prevent, detect, suppress, and mitigate the effect of fires if they occur, will minimized NPP fire risk. Among the numerous recommendation the fire safety at NPP must be planned and engineered before construction begin using the state-of-the-arts technology. Also, the methods of fire risk assessment must integrate the state-of-the-arts deterministic and probabilistic approaches. Two methods are presented which serve to incorporate the fire-related risk into the current practices in nuclear power plants with respect to the assessment of configurations. The first method is a fire protection systems and key safety functions Unavailability Matrix (UM) which is developed to identify structures, systems, and components significant for fire-related risk. The second method is a fire zones and key safety functions (KSFs) fire risk matrix which is useful to identify fire zones which are candidates for risk management actions. The UM is an innovative tool to communicate fire risk. The Monte Carlo method has been used to assess the uncertainty of the UM. The analysis shows that the uncertainty is sufficiently bounded. The significant fire-related risk is localized in six KSF representative components and one fire protection system which should be included in the maintenance rule. The unavailability of fire protection systems does not significantly affect the risk. The fire risk matrix identifies the fire zones that contribute the most to the fire-related risk. These zones belong to the control building and electric penetrations building. The aggregation of Internal Events PSA model and Fire PSA model have shown that the Fire PSA contributes 38.4% to the Risk increase. The feasibility of developing Fire-related Risk Monitor from the FIRE PSA for the Spanish NPP was carried out. One of the main challenges is that RiskSpectrum® fire PSA has 384 fire cases and 384 CDF but in Risk Monitor one CDF is required. However, CAFTA is unable to convert a Sequential Fault Tree structure of the internal Event tree in the Fire PSA. The conversion fails to implement neither all of the sequences leading to core damage nor the Fault Tree selection of the frequency of fire. The proposal is to suppress exchange events and introduce the alignment of the consequences so that a unique result of core damage can be quantified. The detection and fire suppression Event Trees in the reference model were replaced by detection and fire extinction Fault trees. The frequency of each Fire Case of the conversion model and the reference model are quantified and the frequencies compared. The results shows that 90% of the cases are valid, however, the rest have challenges with MCS. A unique CDF of 7.65x10-7 is quantified compared with 9.83×10-6 of the reference. The conversion of the new model in CAFTA was not successful due to software incompatibility.La importància del incendi com un potencial iniciador de sistema múltiples fallides van agafar una nova perspectiva després del incendi al cable-safata de Browns Ferry el 1975. La revisió ha mostrat que la primera generació de seguretat contra incendis de centrals d'Energia Nuclear (NPP) no va ser àrea de alt risc, àrea que necessitava ser efectivament avaluada i quantificada. Això va resultar en el desenvolupament de normes de seguretat de incendi peculiar, estàndards i cares revisions. La manca d'una reglamentació adequada i mètodes eficaços d'avaluació de risc d'incendi, va fer que als USA foren instituïts mètodes d'adaptació de normativa preceptius, difícils i costós. L'alternativa de regulació informada per el risc es va establir als USA per resoldre els reptes de la regulació preceptiva. La revisió ha mostrat que tant als enfocaments de normativa preceptiva i regulació informada per el risc no representen bases de disseny adequades per a noves NPP. Ha estat reconeguda que la efectiva avaluació de seguretat al incendi i la cultura en concert amb mesures per prevenir, detectar, suprimir i mitigar l'efecte d'incendis, si es produeixen, minimitzarà el risc d'incendi en una NPP. Entre les nombroses recomanacions la seguretat contra incendis a una NPP s'hauran previst i dissenyat abans de començar la construcció i utilitzant estat del art de la tecnologia. També, els mètodes d'avaluació del risc d'incendi tindran que integrar el estat del art en els enfocaments de determinista i probabilístics. Dos mètodes són presentats que serveixen per incorporar el risc relacionats amb el foc a les pràctiques actuals en centrals nuclears en respecte a l'avaluació de configuracions. El primer mètode és un sistema de protecció contra incendis i una matriu de indisponiblitats de les funcions clau de seguretat (MU) que es desenvolupa per a identificar estructures, sistemes i components significatius per riscos relacionats amb els incendis. El segon mètode és zones de focs i matriu de risc d'incendi i funcions (KSFs) clau de seguretat que és útil identificar les zones de foc que són candidats per a les accions de gestió de risc. La MU és una eina innovadora per comunicar el risc d'incendi. El risc significatiu relacionats amb el incendi està localitzat en sis components representatius KSF i un sistema de protecció de foc que cal que figuri en la regla de manteniment. La manca de sistemes de protecció contra incendis no afecta significativament al risc. La matriu de risc d'incendi identifica les zones de foc que mes contribueixen al risc relacionats amb el incendi. Aquestes zones pertanyen a l'edifici de control i edifici de penetracions elèctriques. L'agregació del model de PSA de esdeveniments interns i model de incendis PSA han demostrat que el PSA de incendis aporta 38.4% a l'augment de risc. S'ha desenvolupat la viabilitat del Monitor de risc de incendis a partir del PSA de incendis per a una central nuclear espanyola. Un dels reptes principals és que RiskSpectrum® incendis PSA te 384 casos de incendis i te 384 CDF però en risc Monitor és necessària una CDF. Tanmateix, el CAFTA és incapaç de convertir una estructura seqüencial de arbre de fallida de l'arbre esdeveniment interna en el PSA de incendis. La conversió fracassa al posar en pràctica totes les seqüències de danys al nucli i la selecció de l'arbre de fallida de la freqüència de incendi. La descoberta i supressió de arbres de l'esdeveniment de incendi en el model de referència es van substituir per detecció i els arbres de fallades d'extinció d'incendi. La freqüència de cada cas de incendi del model de conversió i el model de referència son quantificades i les freqüències son comparades. Els resultats demostra que el 90% dels casos són vàlid, no obstant això, la resta té reptes amb MCS. Un únic CDF de 7.65x10-7 s'ha quantificat en comparació amb 9.83 × 10-6 de la referència. La conversió del nou model a CAFTA no va tenir èxit a causa de la incompatibilitat del programari