Timed Fault Tree Models of the China Yongwen Railway Accident

Safety is an essential requirement for railway transportation. There are many methods that have been developed to predict, prevent and mitigate accidents in this context. All of these methods have their own purpose and limitations. This paper presents a new useful analysis technique: timed fault tree analysis. This method extends traditional fault tree analysis with temporal events and fault characteristics. Timed Fault Trees (TFTs) can determine which faults need to be eliminated urgently, and it can also provide a safe time window to repair them. They can also be used to determine the time taken for railway maintenance requirements, and thereby improve maintenance efficiency, and reduce risks. In this paper, we present the features and functionality of a railway transportation system based on timed fault tree models. We demonstrate the applicability of our framework via a case study of the China Yongwen line railway accident

Management issues in systems engineering

When applied to a system, the doctrine of successive refinement is a divide-and-conquer strategy. Complex systems are sucessively divided into pieces that are less complex, until they are simple enough to be conquered. This decomposition results in several structures for describing the product system and the producing system. These structures play important roles in systems engineering and project management. Many of the remaining sections in this chapter are devoted to describing some of these key structures. Structures that describe the product system include, but are not limited to, the requirements tree, system architecture and certain symbolic information such as system drawings, schematics, and data bases. The structures that describe the producing system include the project's work breakdown, schedules, cost accounts and organization

Developing a risk assessment model using fuzzy logic to assess groundwater contamination from hydraulic fracturing

Technological advances in directional drilling has led to rapid exploitation of onshore unconventional hydrocarbons using a technique known as hydraulic fracturing. This process took off initially in the US, with Canada following closely behind, but brought with it controversial debates over environmental protection, particularly in relation to groundwater contamination and well integrity failure. Prospective shale gas regions lie across areas in Europe but countries such as the UK are facing public and government turmoil surrounding their potential exploitation. This extent of energy development requires detailed risk analysis to eliminate or mitigate damage to the natural environment. Subsurface energy activities involve complex processes and uncertain data, making comprehensive, quantitative risk assessments a challenge to develop. A new, alternative methodology was applied to onshore hydraulic fracturing to assess the risk of groundwater contamination during well injection and production. The techniques used deterministic models to construct failure scenarios with respect to groundwater contamination, stochastic approaches to determine component failures of a well, and fuzzy logic to address insufficiency or complexity in data. The framework was successfully developed using available data and regulations in British Columbia (BC), Canada. Fuzzy Fault Tree Analysis (FFTA) was demonstrated as a more robust technique compared with conventional Fault Tree Analysis (FTA) and implemented successfully to quantify cement failure. A collection of known risk analysis methods such as Event Tree Analysis (ETA), Time at Risk Failure (TRF) and Mean Time To Failure (MTTF) models were successfully applied to well integrity failure during injection, with the novel addition of quantifying cement failures. An analytical model for Surface Casing Pressure (SCP) during well production highlighted data gaps on well constructions so a fuzzy logic model was built to a 93% accuracy to determine the location of cement in a well. This novel application of fuzzy logic allowed the calculation of gas flow rate into an annulus and hence the probability of well integrity failure during production using ETA. The framework quantified several risk pathways across multiple stages of a well using site-specific data, but was successfully applied to a UK case study where there existed significant differences in geology, well construction and regulations. The application required little extra work and demonstrated the success and limitations of the model and where future work could improve model development. This research indicated that risks to groundwater from hydraulic fracturing differ substantially depending on well construction. Weighing up the risk to groundwater compared with financial gain for well construction will be essential for decision-makers and policy. To reduce the social anxiety of hydraulic fracturing in the UK, decision-makers who face criticism must ensure information is disseminated properly to the public with a well-defined risk analysis which can be interpreted easily without prerequisite knowledge. Finally, although this research is based on onshore hydraulic fracturing, the risk assessment techniques are generic enough to allow application of this research to other subsurface activities such as CO2 sequestration, waste injection disposal and geothermal energy.Engineering and Physical Sciences Research Council (EPSRC

A Survey on Trust Metrics for Autonomous Robotic Systems

This paper surveys the area of Trust Metrics related to security for autonomous robotic systems. As the robotics industry undergoes a transformation from programmed, task oriented, systems to Artificial Intelligence-enabled learning, these autonomous systems become vulnerable to several security risks, making a security assessment of these systems of critical importance. Therefore, our focus is on a holistic approach for assessing system trust which requires incorporating system, hardware, software, cognitive robustness, and supplier level trust metrics into a unified model of trust. We set out to determine if there were already trust metrics that defined such a holistic system approach. While there are extensive writings related to various aspects of robotic systems such as, risk management, safety, security assurance and so on, each source only covered subsets of an overall system and did not consistently incorporate the relevant costs in their metrics. This paper attempts to put this prior work into perspective, and to show how it might be extended to develop useful system-level trust metrics for evaluating complex robotic (and other) systems

Historical review of fire safety at NPP and application of fire PSA to Westinghouse PWR NPP in the frame of risk-informed decision making by

The importance of fire as a potential initiator of multiple-system failures took on a new perspective after the cable-tray fire at Browns Ferry in 1975 The review have shown that the first generation Nuclear Power Plant (NPP) fire safety was not factored as high risk area that needed to be effectively assessed and quantified. This resulted in development of peculiar fire safety regulations, standards and expensive backfits. Lack of appropriate regulations and effective methods of fire risk assessment, prescriptive, difficult and expensive retrofit regulations were instituted in USA. The alternative risk-informed performance based regulation was established in USA to resolve the challenges of the prescriptive rules. The review have revealed that both the prescriptive and risk-informed performance based approaches will not represent adequate design basis for new Nuclear Power Plants. The Japanese were pulled in the path of renew fire safety regulations and risk quantification after the Fukushima accident. It has been recognized that effective fire safety assessment, and culture, in concert with countermeasures to prevent, detect, suppress, and mitigate the effect of fires if they occur, will minimized NPP fire risk. Among the numerous recommendation the fire safety at NPP must be planned and engineered before construction begin using the state-of-the-arts technology. Also, the methods of fire risk assessment must integrate the state-of-the-arts deterministic and probabilistic approaches. Two methods are presented which serve to incorporate the fire-related risk into the current practices in nuclear power plants with respect to the assessment of configurations. The first method is a fire protection systems and key safety functions Unavailability Matrix (UM) which is developed to identify structures, systems, and components significant for fire-related risk. The second method is a fire zones and key safety functions (KSFs) fire risk matrix which is useful to identify fire zones which are candidates for risk management actions. The UM is an innovative tool to communicate fire risk. The Monte Carlo method has been used to assess the uncertainty of the UM. The analysis shows that the uncertainty is sufficiently bounded. The significant fire-related risk is localized in six KSF representative components and one fire protection system which should be included in the maintenance rule. The unavailability of fire protection systems does not significantly affect the risk. The fire risk matrix identifies the fire zones that contribute the most to the fire-related risk. These zones belong to the control building and electric penetrations building. The aggregation of Internal Events PSA model and Fire PSA model have shown that the Fire PSA contributes 38.4% to the Risk increase. The feasibility of developing Fire-related Risk Monitor from the FIRE PSA for the Spanish NPP was carried out. One of the main challenges is that RiskSpectrum® fire PSA has 384 fire cases and 384 CDF but in Risk Monitor one CDF is required. However, CAFTA is unable to convert a Sequential Fault Tree structure of the internal Event tree in the Fire PSA. The conversion fails to implement neither all of the sequences leading to core damage nor the Fault Tree selection of the frequency of fire. The proposal is to suppress exchange events and introduce the alignment of the consequences so that a unique result of core damage can be quantified. The detection and fire suppression Event Trees in the reference model were replaced by detection and fire extinction Fault trees. The frequency of each Fire Case of the conversion model and the reference model are quantified and the frequencies compared. The results shows that 90% of the cases are valid, however, the rest have challenges with MCS. A unique CDF of 7.65x10-7 is quantified compared with 9.83×10-6 of the reference. The conversion of the new model in CAFTA was not successful due to software incompatibility.La importància del incendi com un potencial iniciador de sistema múltiples fallides van agafar una nova perspectiva després del incendi al cable-safata de Browns Ferry el 1975. La revisió ha mostrat que la primera generació de seguretat contra incendis de centrals d'Energia Nuclear (NPP) no va ser àrea de alt risc, àrea que necessitava ser efectivament avaluada i quantificada. Això va resultar en el desenvolupament de normes de seguretat de incendi peculiar, estàndards i cares revisions. La manca d'una reglamentació adequada i mètodes eficaços d'avaluació de risc d'incendi, va fer que als USA foren instituïts mètodes d'adaptació de normativa preceptius, difícils i costós. L'alternativa de regulació informada per el risc es va establir als USA per resoldre els reptes de la regulació preceptiva. La revisió ha mostrat que tant als enfocaments de normativa preceptiva i regulació informada per el risc no representen bases de disseny adequades per a noves NPP. Ha estat reconeguda que la efectiva avaluació de seguretat al incendi i la cultura en concert amb mesures per prevenir, detectar, suprimir i mitigar l'efecte d'incendis, si es produeixen, minimitzarà el risc d'incendi en una NPP. Entre les nombroses recomanacions la seguretat contra incendis a una NPP s'hauran previst i dissenyat abans de començar la construcció i utilitzant estat del art de la tecnologia. També, els mètodes d'avaluació del risc d'incendi tindran que integrar el estat del art en els enfocaments de determinista i probabilístics. Dos mètodes són presentats que serveixen per incorporar el risc relacionats amb el foc a les pràctiques actuals en centrals nuclears en respecte a l'avaluació de configuracions. El primer mètode és un sistema de protecció contra incendis i una matriu de indisponiblitats de les funcions clau de seguretat (MU) que es desenvolupa per a identificar estructures, sistemes i components significatius per riscos relacionats amb els incendis. El segon mètode és zones de focs i matriu de risc d'incendi i funcions (KSFs) clau de seguretat que és útil identificar les zones de foc que són candidats per a les accions de gestió de risc. La MU és una eina innovadora per comunicar el risc d'incendi. El risc significatiu relacionats amb el incendi està localitzat en sis components representatius KSF i un sistema de protecció de foc que cal que figuri en la regla de manteniment. La manca de sistemes de protecció contra incendis no afecta significativament al risc. La matriu de risc d'incendi identifica les zones de foc que mes contribueixen al risc relacionats amb el incendi. Aquestes zones pertanyen a l'edifici de control i edifici de penetracions elèctriques. L'agregació del model de PSA de esdeveniments interns i model de incendis PSA han demostrat que el PSA de incendis aporta 38.4% a l'augment de risc. S'ha desenvolupat la viabilitat del Monitor de risc de incendis a partir del PSA de incendis per a una central nuclear espanyola. Un dels reptes principals és que RiskSpectrum® incendis PSA te 384 casos de incendis i te 384 CDF però en risc Monitor és necessària una CDF. Tanmateix, el CAFTA és incapaç de convertir una estructura seqüencial de arbre de fallida de l'arbre esdeveniment interna en el PSA de incendis. La conversió fracassa al posar en pràctica totes les seqüències de danys al nucli i la selecció de l'arbre de fallida de la freqüència de incendi. La descoberta i supressió de arbres de l'esdeveniment de incendi en el model de referència es van substituir per detecció i els arbres de fallades d'extinció d'incendi. La freqüència de cada cas de incendi del model de conversió i el model de referència son quantificades i les freqüències son comparades. Els resultats demostra que el 90% dels casos són vàlid, no obstant això, la resta té reptes amb MCS. Un únic CDF de 7.65x10-7 s'ha quantificat en comparació amb 9.83 × 10-6 de la referència. La conversió del nou model a CAFTA no va tenir èxit a causa de la incompatibilitat del programari

Nuclear safety policy working group recommendations on nuclear propulsion safety for the space exploration initiative

An interagency Nuclear Safety Working Group (NSPWG) was chartered to recommend nuclear safety policy, requirements, and guidelines for the Space Exploration Initiative (SEI) nuclear propulsion program. These recommendations, which are contained in this report, should facilitate the implementation of mission planning and conceptual design studies. The NSPWG has recommended a top-level policy to provide the guiding principles for the development and implementation of the SEI nuclear propulsion safety program. In addition, the NSPWG has reviewed safety issues for nuclear propulsion and recommended top-level safety requirements and guidelines to address these issues. These recommendations should be useful for the development of the program's top-level requirements for safety functions (referred to as Safety Functional Requirements). The safety requirements and guidelines address the following topics: reactor start-up, inadvertent criticality, radiological release and exposure, disposal, entry, safeguards, risk/reliability, operational safety, ground testing, and other considerations

Object-Oriented Bayesian Networks (OOBN) for Aviation Accident Modeling and Technology Portfolio Impact Assessment

The concern for reducing aviation safety risk is rising as the National Airspace System in the United States transforms to the Next Generation Air Transportation System (NextGen). The NASA Aviation Safety Program is committed to developing an effective aviation safety technology portfolio to meet the challenges of this transformation and to mitigate relevant safety risks. The paper focuses on the reasoning of selecting Object-Oriented Bayesian Networks (OOBN) as the technique and commercial software for the accident modeling and portfolio assessment. To illustrate the benefits of OOBN in a large and complex aviation accident model, the in-flight Loss-of-Control Accident Framework (LOCAF) constructed as an influence diagram is presented. An OOBN approach not only simplifies construction and maintenance of complex causal networks for the modelers, but also offers a well-organized hierarchical network that is easier for decision makers to exploit the model examining the effectiveness of risk mitigation strategies through technology insertions

Issues of the Seismic Safety of Nuclear Power Plants

Seismic safety of nuclear power plants became an eminent importance after the Great Tohoku earthquake on 11th of March, 2011 and subsequent disaster of the Fukushima Dai-ichi nuclear power plant. Intensive works are in progress all over the world that include review of the site seismic hazard assessment, revision of the design bases, evaluation of vulnerability, and development of accident management capabilities of the plants. The lessons learned from the Fukushima-accident changed the paradigm of the design. Preparedness to the impossible, i.e. the development of means and procedures for ensuring the plant safety in extreme improbable situations became great importance. Main objective of the Chapter is to provide brief insight into the actual issues of seismic safety of nuclear power plants, provide interpretation of these issues, and show the possible solutions and scientific challenges. The “specific-to-nuclear” aspects of the characterisation of seismic hazard, including fault displacement are discussed. The actual design requirements, safety analysis procedures are briefly presented with main focus on the design extension situations. Operation aspects and problems for restart after earthquake are also discussed. The Chapter is more focusing on seismic safety of the inland plants, located on soil sites, in low-to-moderate (diffuse) seismicity regions