Upload
doanmien
View
237
Download
0
Embed Size (px)
Citation preview
SST.2012.5.2-5: Grant no. 314286 E-guided vessels: The 'autonomous' ship
Risk assessment of the unmanned ship
MUNIN Final Event June 10th 2015, Hamburg, Germany
Ørnulf Jan Rødseth, M. Sc. Senior Scientist
MARINTEK
http://www.unmanned-ship.org
Contents
Industrial autonomous systems
The design methodology
Risk assessment
Conclusion and further work
2
Industrial autonomous systems
Safe
Real world environment
Commercial value
Cost-effective
3
An autonomous vehicle that can operate safely and effectively in a real world environment while doing operations of direct
commercial value and which can be manufactured, maintained, deployed, operated and retrieved at an acceptable cost.
How to handle trade-off between complexity, capabilities and costs?
Modify system design.
Modify operational mode.
Modify operational scenarios.
5
What to do is dependent on the problem one wants to solve!
Development methodology objectives
Ensure an acceptable safety and security level for own and other ships
and the international shipping community in general.
Minimize uncertainty in the missions’ intended outcome as well as in
unintended side effects.
Develop a cost effective system that can compete at a level field in a
commercial operational environment.
6
Contents
Industrial autonomous systems
The design methodology
Risk assessment
Conclusion and further work
7
Methodology
Iterative method
Partly based on Unified Modelling Language (UML)
Partly based on Formal Safety Assessment (FSA)
8
Scenario building
Use casesHazId
Risk Control,
CBA
Hypothesis
test
Systems
description
Design
verification
Methodology
Select scenarios based on functional
divisions and voyage phases
Divide into use cases and describe
sequences of operations
9
Scenario building
Use casesHazId
Risk Control,
CBA
Hypothesis
test
Systems
description
Design
verification
Autonomous ship requested for SAR participation
Collision detection and deviation by ASC
Communication failure
Flooding detection
GNSS (GPS/GLONASS) breakdown
Manoeuvring mode with malfunctions
Manoeuvring mode without malfunctions
On board system failure and problem resolution
Periodic status updates from vessel to shore control
Periodic updates of navigational data
Pilot unavailable, remote control to confined waters
Piracy, boarding and ship retrieval
Release vessel FROM autonomous operation
Release vessel TO autonomous operation
Rope in propeller
Sea mode with malfunction
Sea mode without malfunctions
Small object detection
Weather routing
Methodology
Definition of SCC
Dividing
responsibilities
Defining
modules
10
Autonomous
Ship
Controller
ASC
Advanced sensor
module - ASM
Dedicated
LOS Com.
systems
AIS, GMDSS
Ship Automation
Systems
Shore Control
Centre
SCCIntegrated bridge
systemRendezvous
Control Unit
RCU
New
sensors
Other ships, recovery crew and shore infrastructure
Radar
Methodology
Identifying main hazards
Classify
Prioritize
Control
11
Hzd Risk control
1 Avoid heavy traffic
Object detection and classification
Deep sea navigation module
SCC and VHF communication with ships
2 Improved maintenance routines
Improved condition monitoring
Redundancy in propulsion (water jet)
3 Radar and AIS integrated in object detection
SCC notification when in doubt
4 Weather routing
SCC indirect control
5 FLIR camera and high resolution CCTV
SCC notification when in doubt
Methodology
Design all tests of functionality as
tests of hypothesis
Test both positively and the
negated assumption.
Only accept if both are true.
12
Main hypothesis W
Sub-hypotheses S1 to Sn
Design and conduct test for Si
S ˄ ¬ (¬S)
Test Si and ¬Si
next W not ok
noyes
for each i
Methodology
To some degree in other phases of
the design.
Ship must also be under a approval
regime similar to todays ships.
Not part of MUNIN.
13
Contents
Industrial autonomous systems
Impacts on reliability and complexity
The design methodology
Risk assessment
Conclusion and further work
14
Hazard identification
HazId workshops based on function
groups and scenarios.
Immediate analysis of "quick fix", based
on existing knowledge.
Conversion to risks and prioritization of
remaining hazards into non-acceptable,
ALARP and acceptable.
15
Function Group
Voyage
Sailing
Observations
Safety, emergencies
Security
Crew, passenger
Cargo, stability, strength
Technical
Special functions
Administration
Technical problems
Need for technical maintenance
and routine repair
17
Accidents or system breakdown
"Autonomy assisted accidents"
19
First radar assisted collision: Andrea Doria and Stockholm off Nantucket in 1956
Maritime Accidents
New
Avoided
Some new accident types are probably unavoidable.
Main risk 1
Interaction with other ships, whether they follow COLREGS or not, is a
critical issue.
21
Main risk 2
Propulsion system breakdown will render the ship unable to move. This
can cause groundings and collisions or blocking fairways.
22
Main risk 3
Failure in object detection, particularly in low visibility, can cause
powered collisions.
23
Main risk 5
Errors in detection and classification of small to medium size objects is
critical as it may be wreckage, persons, life boats or other objects that
need to be reported to authorities.
25
Risk Control Options
Operational
Technical
Organizational
Modularization
Procedural
26
Hzd Risk control
1 Avoid heavy traffic
Object detection and classification
Deep sea navigation module
SCC and VHF communication with ships
2 Improved maintenance routines
Improved condition monitoring
Redundancy in propulsion (water jet)
3 Radar and AIS integrated in object detection
SCC notification when in doubt
4 Weather routing
SCC indirect control
5 FLIR camera and high resolution CCTV
SCC notification when in doubt
Contents
Industrial autonomous systems
Impacts on reliability and complexity
The design methodology
Risk assessment
Conclusion and further work
27
Conclusions
Identified hazards and risks seem to be controllable.
Hypothesis tests confirm this up to now.
"As low as reasonably practicable" (ALARP) have been analyzed to some
degree, but not fully.
Cost-benefit analysis remains
28
Work will continue on the design methodology
29
Iteratively look at the operational issues in the context of the system design and vice versa.
Risk reduction principle covering both operation and design.
Validation through hypothesis testing.