Systems-Theoretic Process Analysis (STPA) Applied to the Operation of Fully Autonomous Vessels
Abstract
The objective of this master thesis is to assess the feasibility of using the STPA for hazard identification and assessment of complex and fully autonomous operating systems. As a continuous work from autumn 2017, this article also assessed the possibility of using an improved STPA method for hazard identification of the autonomous vessel control system based on a case study and comparison with the FFMEA and CHAZOP. Since fully autonomous vessel is still in designed phase without any international regulations and standards, the corresponding risk analysis approaches are still incomplete and required further development. This report firstly provides an overview of autonomous operation in the fields of autonomous vessel. Industry states and standard framework in autonomy field are introduced to provide a basic research background. Then the motivation and the main steps of STPA are presented. The challenges left in specialization report are specifically discussed to seek for favorable solutions in the rest of the paper. For that reason, traditional hazard identification method FMEA and HAZOP, especially functional FMEA and control HAZOP for Guidance controller are conducted and documented. Specific limitations and opportunities in improving original STPA are identified and discussed particularly. Finally, an improved STPA implementation on fully autonomous vessel is carried out. During this process, additional unsafe control actions hidden in information communications are identified with control process guide words. It is also interesting to establish a scientific framework considering Communication, Hardware/Software and Mechanical items to scope the unsafe control actions scenarios. In this case, corresponding casual factors and mitigation measures can be systematically provided for each unsafe control action. The main result of this thesis is, by conducting FFMEA and CHAZOP approaches, two potential applications are identified which may improve original STPA method. The first application area is that, though STPA has default control command states which is Providing causes hazard, Not providing causes hazard, Applied too long/Stopped too soon causes hazard and wrong timing/order causes hazard , the level and content of the control command states is not unchangeable. Thus, by defining goal-oriented control command state at a desired level, certain UCAs can be identified with less time and efforts. Another result of this thesis is that, a scientific structure of scenarios identification framework is established. Since scenarios, casual factors and safety constraints are identified by an experienced group brainstorming in STPA step 2, it is unavoidable to omit certain cases. The situation goes even worse for an individual person due to time and experience limit. However, if we take advantages of FFMEA and CHAZOP by setting a scientific framework of scenarios categories, such as Communication, human factor, digital hardware/software and mechanic items , it can be a more systematic approach to STPA implementation by analyzing individual and interactive component failure.In conclusion, the proposed STPA approach, as a complementary activity to the original STPA method, seems to be feasible and beneficial because the it covers goal-oriented hazards with a scientific framework that are hardly covered by the original STPA approach. Further explanations can be found in discussions in this chapter.