A novel cyber-risk assessment method for ship systems

Recent advances in the maritime industry include research and development of new sophisticated ships with a number of smart functionalities and enhanced autonomy. The new functions and autonomy levels though come at the cost of increased connectivity. This results in increased ship vulnerability to cyber-attacks, which may lead to financial loss, environmental pollution, safety accidents. The aim of this study is to propose a novel method for cybersecurity risk assessment of ship systems. In this novel method, the Cyber-Preliminary Hazard Analysis method steps are enriched with new steps supporting the identification of cyber-attack scenarios and the risk assessment implementation. The proposed method is applied for the cyber-risk assessment and design enhancement of the navigation and propulsion systems of an inland waterways autonomous vessel. The results demonstrate that several critical scenarios can arise on the investigated autonomous vessel due to known vulnerabilities. These can be sufficiently controlled by introducing appropriate modifications to the systems design

A novel method for safety analysis of Cyber-Physical Systems - Application to a ship exhaust gas scrubber system

Cyber-Physical Systems (CPSs) represent a systems category developed and promoted in the maritime industry to automate functions and system operations. In this study, a novel Combinatorial Approach for Safety Analysis is presented, which addresses the traditional safety methods’ limitations by integrating System Theoretic Process Analysis (STPA), Events Sequence Identification (ETI) and Fault Tree Analysis (FTA). The developed method results into the development of a detailed Fault Tree that captures the effects of both the physical components/subsystems and the software functions’ failures. The quantitative step of the method employs the components’ failure rates to calculate the top event failure rate along with criticality analysis metrics for identifying the most critical components/functions. This method is implemented for an exhaust gas open loop scrubber system safety analysis to estimate its failure rate and identify critical failures considering the baseline system configuration as well as various alternatives with advanced functions for monitoring and diagnostics. The results demonstrate that configurations with SOx sensor continuous monitoring or scrubber unit failure diagnosis/prognosis lead to significantly lower failure rate. Based on the analysis results, the advantages/disadvantages of the novel method are also discussed. This study also provides insights for better safety analysis of the CPSs

Development of functional safety requirements for DP-driven servicing of wind turbines

The adage “prevention is better than cure” is at the heart of safety principles. However, effective accident prevention is challenging in complex, highly automated systems such as modern DP-driven vessels, which are supposed to safely transfer technicians in often unfavourable environmental conditions. FMEA analysis, which is required for DP-driven vessels, is helpful to build-in a necessary level of redundancy and thereby mitigate consequences of failures, but not particularly helpful to inform preventive measures, not least against functional glitches in controlling software. In this paper we develop a set of functional safety requirements which are aimed at prevention of causal factors behind drift-off, drive-off and other hazardous scenarios. For this purpose, we use a systemic hazard analysis by STPA, which delivers both failure and interaction-based (reliable-but-unsafe) scenarios. The functional requirements cover both design and operational (human element related) requirements, which are then ranked based on our proposed heuristic. The ranking is not predicated on statistics or expert option but instead it is proportional to the number of hazardous scenarios a requirement protects against, hence indicating the relative importance of the requirement. The paper also summarises the suggested areas of safety improvement for DP-driven vessels

Supplementing fault trees calculations with neural networks

The use of artificial intelligence algorithms is rapidly gaining ground in engineering applications, including safety engineering. In this paper, we investigate the possibility of using neural networks to supplement fault trees in the safety analysis for the estimation of reliability and importance metrics. For this aim, we employ data from an existing fault tree that models cruise ships blackouts to train a neural network that uses base-event probabilities as input and outputs the estimated top-event probability/frequency. This is done to reduce computational time, as the fault tree model has an extensive number of basic events and is thus computationally demanding. The information that is used as input to the Fault Tree is randomly sampled from a Sobol sequence and is used to estimate the top event probability. The resulting data cloud that corresponds to the fault tree's input-output pairs, is used to train the neural network. The two models, i.e. the probabilistic and the neural network model, are compared to each in other in terms of accuracy and computational cost correlated with the number of sampling points that is used. The Fault Tree is developed in Matlab/Simulink and the neural network in Python. For case where the Neural Network is trained using 10,000 points, a 350 times decrease in computational cost is observed compared to the fault tree model, while the mean absolute percentage error (MAPE) remains at under 15%. Based on the results, recommendations for the application and future improvement of the artificial intelligent algorithms in the specific context are made

A functional model-based approach for ship systems safety and reliability analysis – application to a cruise ship lubricating oil system

The lubricating oil systems are essential for ensuring the safe and reliable operation of the cruise ships power plants as demonstrated by recent incidents. The aim of this study is to investigate the safety enhancement of a cruise ship lubricating oil system by employing safety, reliability, availability and diagnosability analyses, which are based on the system functional modelling implemented in the MADe™ software. The safety analysis is implemented by combining a Failure Modes, Effects and Criticality Analysis and the systems functional Fault Tree Analysis. Subsequently, Reliability Block Diagrams are employed to estimate the system reliability and availability metrics. The MADe™ toolbox for determining sensors locations is employed for a more advanced diagnostic system development. A number of design modifications are proposed and the alternative configurations reliability metrics are estimated. The derived results demonstrate that the suction strainer and the lubricating oil pump are the most critical system components. Seven additional sensors are proposed to enhance the original system design. Compared with the original system design, the investigated alternative designs exhibit significantly lower probabilities of failure and higher values of availability

Model-based safety analysis and design enhancement of a marine LNG fuel feeding system

Recent regulatory requirements for shipping emissions control have led to the adoption of Liquefied Natural Gas (LNG) as a marine fuel and the design of LNG fuelled vessels. Considering the potential safety implications due to system failure/unavailability, this study aims at the safety analysis of a low-pressure LNG fuel feeding system using a novel model-based methodology. The proposed methodology is based on the functional system modelling, leading to the failure diagrams development, and combines the use of Failure Modes, Effects and Criticality Analysis (FMECA) and Fault Tree Analysis (FTA), which are performed in MADe™ and PTC Windchill software environments. The FMECA results are employed to identify the investigated system critical components and failures as well as specifying the top events for the subsequently performed FTA, which evaluates the top events failure rates. The system critical components identification leads to the system design modification targeting reduced safety metrics. This study results demonstrate that the evaporator, pressure build-up unit, sensors, and cryogenic valve assemblies are the most critical components of the investigated system, whilst the enhanced system design exhibits a failure rate reduced by 69% in comparison to the baseline system. This study reveals the advantages of the developed methodology along with some limitations of the employed tools and contributes to the quantitative safety analysis and design of ship complex systems

Revealing system variability in offshore service operations through systemic hazard analysis

As wind farms are moving farther offshore, logistical concepts increasingly include service operation vessels (SOVs) as the prime means of service delivery. However, given the complexity of SOV operations in hostile environments, their safety management is challenging. The objective of this paper is to propose a quantitative, non-probabilistic metric for the preliminary comparison of SOV operational phases. The metric is used as a conditional proxy for the incident likelihood, conditioned upon the presence of similar resources (manpower, time, skills, knowledge, information, etc.) for risk management across compared operational phases. The comparison shows that the three considered phases of SOV operation have rather comparable levels of variability, hence the likelihood for incidents. However, the interface between the SOV and turbine via the gangway system and the manoeuvring between turbines seem to show a higher potential for incidents and performance (work efficiency) shortfalls

Unravelling causal factors of maritime incidents and accidents

Lessons from maritime accidents are conventionally used to inform safety improvements in design and operation of ships. However, this process is only as good as the core understanding derived from accident analysis is. The current explanation of accidents is limited to direct and contributing causal factors, whereas the role of a wider socio-technical context that has given rise to causal mechanisms behind major maritime accidents in recent years is left unexplained. The paper describes analysis results of maritime incidents and accidents occurred over the last decade with passenger ships, with the purpose to illuminate the prevailing causal factors, not least the systemic ones. The results show where the weak links in maritime safety control are (e.g., interactions between ship operators and equipment manufacturers), what their role in accident causation is, and how they can be strengthened. The study seeks to provide valuable input for enhancements in overall maritime safety control and proactive safety management at the ship and shipping company levels

Safety related cyber-attacks identification and assessment for autonomous inland ships

Recent advances in the maritime industry include the research and development of new sophisticated ships including the autonomous ships. The new autonomy concept though comes at the cost of additional complexity introduced by the number of systems that need to be installed on-board and on-shore, the software intensiveness of the complete system, the involved interactions between the systems, components and humans and the increased connectivity. All the above results in the increased system vulnerability to cyber-attacks, which may lead to unavailability or hazardous behaviour of the critical ship systems. The aim of this study is the identification of the safety related cyber-attacks to the navigation and propulsion systems of an inland autonomous ship as well as the safety enhancement of the ship systems design. For this purpose, the Cyber Preliminary Hazard Analysis method is employed supported by the literature review of the system vulnerabilities and potential cyber-attacks. The Formal Safety Assessment risk matrix is employed for ranking of the hazardous scenarios. The results demonstrate that a number of critical scenarios can arise on the investigated autonomous vessel due to the known vulnerabilities. These can be sufficiently controlled by introducing appropriate modifications of the system design