Supervision and Safety of Complex Systems E-Book

Table of Contents

Foreword

Introduction

PART 1. INDUSTRIAL ISSUES

Chapter 1. Safety and Performance of Electricity Production Facilities

Chapter 2. Monitoring of Radioactive Waste Disposal Cells in Deep Geological Formation

2.1. Context

2.2. Monitoring of the environment

2.3. Monitoring of geological repository structures

2.4. Conclusion and perspectives

Chapter 3. Towards Fourth-generation Nuclear Reactors

3.1. Context

3.2. Surveillance and acoustic detection

3.3. Inspection during operation

3.4. Conclusion

PART 2. SUPERVISON AND MODELING OF COMPLEX SYSTEMS

Chapter 4. Fault-tolerant Data-fusion Method: Application on Platoon Vehicle Localization

4.1. Introduction

4.2. Review

4.3. Bayesian network for data fusion

4.4. Localization of a single vehicle: multisensor data fusion with a dynamic Bayesian network

4.5. Multi-vehicle localization

4.6. Conclusions and perspectives

4.7. Bibliography

Chapter 5. Damage and Forecast Modeling

5.1. Introduction

5.2. Preliminary study of data

5.3. Construction of the deterioration indicator

5.4. Estimation of the residual life span (RUL)

5.5. Conclusion

5.6. Bibliography

Chapter 6. Diagnosis of Systems with Multiple Operating Modes

6.1. Introduction

6.2. Detection of faults for a class of switching systems

6.3. Analytical method to obtain a multiple model

6.4. Detection of switching and operating mode recognition without the explicit use of model parameters

6.5. Modeling, observation and monitoring of switching systems: application to a multicellular converter

6.6. Bibliography

Chapter 7. Multitask Learning for the Diagnosis of Machine Fleet

7.1. Introduction

7.2. Single-task learning of one-class SVM classifier

7.3. Multitask learning of 1-SVM classifiers

7.4. Experimental results

7.5. Conclusion

7.6. Acknowledgements

7.7. Bibliography

Chapter 8. The APPRODYN Project: Dynamic Reliabilit Approaches to Modeling Critical Systems

8.1. Context and aims

8.2. Brief overview of the test case

8.3. Modeling using a stochastic hybrid automaton approach

8.4. Modeling using piecewise deterministic Markov processes

8.5. Modeling using stochastic Petri nets

8.6. Preliminary conclusion and perspectives

8.7. Bibliography

PART 3. CHARACTERIZING BACKGROUND NOISE, IDENTIFYING CHARACTERISTIC SIGNATURES IN TEST CASES AND DETECTING NOISE REACTORS

Chapter 9. Aims, Context and Type of Signals Studied

Chapter 10. Detection/Classification of Argon and Water Injections into Sodium into an SG of a Fast Neutron Reactor

10.1. Context and aims

10.2. Data

10.3. Online (sequential) detection-isolation

10.4. Offline classification (non-sequential)

10.5. Results and comments

10.6. Conclusion

10.7. Bibliography

Chapter 11. A Dynamic Learning-based Approach to the Surveillance and Monitoring of Steam Generators in Prototype Fast Reactors

11.1. Introduction

11.2. Proposed method for the surveillance and monitoring of a steam generator

11.3. Results

11.4. Conclusion and perspectives

11.5. Bibliography

Chapter 12. SVM Time-Frequency Classification for the Detection of Injection States

12.1. Introduction

12.2. Preliminary examination of the data

12.3. Detection algorithm

12.4. Role of sensors

12.5. Experimental results

12.6. Bibliography

Chapter 13. Time and Frequency Domain Approaches for the Characterization of Injection States

13.1. Introduction

13.2. Analyzing the statistical properties of spectral power densities

13.3. Analysis of the filtering characteristics

13.4. Conclusion on frequential and temporal approaches

13.5. Bibliography

PART 4. HUMAN, ORGANIZATIONAL AND ENVIRONMENTAL FACTORS IN RISK ANALYSIS

Chapter 14. Risk Analysis and Management in Systems Integrating Technical, Human, Organizational and Environmental Aspects

14.1. Aims of the project

14.2. State of the art

14.3. Integrated risk analysis

14.4. Accounting for uncertainty in risk analysis

14.5. Modeling risk for a quantitative assessment of risk

14.6. Conclusions and future perspectives

14.7. Bibliography

Chapter 15. Integrating Human and Organizational Factors into the BCD Risk Analysis Model: An Influence Diagram-based approach

15.1. Introduction

15.2. Introduction of the BCD (benefit-cost-deficit) approach

15.3. Analysis model for human actions

15.4. Example application

15.5. Conclusion

15.6. Acknowledgements

15.7. Bibliography

Conclusion

Bibliography

List of Authors

First published 2012 in Great Britain and the United States by ISTE Ltd and John Wiley & Sons, Inc.

Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms and licenses issued by the CLA. Enquiries concerning reproduction outside these terms should be sent to the publishers at the undermentioned address:

ISTE Ltd27-37 St George’s RoadLondon SW19 4EUUK

John Wiley & Sons, Inc.111 River StreetHoboken, NJ 07030USA

www.iste.co.uk

www.wiley.com

© ISTE Ltd 2012

The rights of Nada Matta, Yves Vandenboomgaerde, Jean Arlat to be identified as the author of this work have been asserted by them in accordance with the Copyright, Designs and Patents Act 1988.

Library of Congress Cataloging-in-Publication Data

Supervision and safety of complex systems / edited by Nada Matta, Yves Vandenboomgaerde, Jean Arlat. pages cm Includes bibliographical references and index. ISBN 978-1-84821-413-2 1.System safety. I. Matta, Nada. II. Vandenboomgaerde, Yves. III. Arlat, Jean. TA169.7.S87 2012 658.20028′9--dc23

2012024378

British Library Cataloguing-in-Publication Data A CIP record for this book is available from the British Library ISBN: 978-1-84821-413-2

Foreword

With the development of science and technology, our societies ask for increasingly sophisticated systems that are optimized to better meet our needs while controlling costs. At the same time, our societies should beware of the drawbacks these systems may present, particularly of the risk they can pose to both people and the environment. Society demands that the safety of these complex systems be guaranteed in a normal situation and in the case of an incident or accident.

These issues involve several areas of industry. They obviously concern nuclear electricity generation, which society watches very carefully. France has created legislation on the continuing improvement of nuclear safety, thanks to specially periodic safety controls that take into account the evolution of knowledge. The accident in Fukushima reminded us that the simultaneous occurrence of events that are considered individually very unlikely is possible. Through the additional safety evaluations undertaken by the nuclear safety authority, the lessons are learned from this accident.

Research in safety is therefore essential, and I am delighted by the quality of the results gathered in the present book. I am particularly happy about the active participation of all the nuclear operators, including those who are in charge of the management of radioactive waste, the innovative nature of which is too often underestimated.

Eric BESSON

Former French Minister of Industry, Energy and Digital Economy

Foreword

Small is beautiful…

The world's population growth and its increasing needs, technological progress, the evolution of the economy, the “shortening” of space and time, etc. - i.e. the “globalization” of life and activities - have led to the development of large cities, to advanced optimizations of manufacturing processes implemented in increasingly large factories and to the daily use of equipment (public transport, nuclear power plants, thermal power plants, etc.) to its full extent. This can lead to the increased risks of large-scale accidents caused by a design issue, through the use of a facility outside its operating range, through human error, or through an act of sabotage.

Our society is currently very “fragile” and we have to do everything in our power, from the facility design-stage onwards to detect a slight drift from the operating parameters, to analyze its causes and the potential danger, thus enabling solutions to be implemented at the earliest possible time. Similar operational strategies must be carried out. The supervision of systems and the processing of collected information are not always straightforward. Finally, for all of the main problems that might occur, we must create an operational plan to be put in place in case of a major accident. French and European authorities, in particular, are working towards that goal.

Several university laboratories are leading research projects in the area of supervision and several aspects linked to safety and security. They also consider the role of human error in these projects. “GIS Surveillance, Sureté et Sécurité”, founded in 2007, gathers together several university laboratories and other research and industrial organizations to analyze and study approaches to the supervision, safety and security of complex systems by using complementary approaches. This book gathers together most of the studies they have led in the first four years of GIS.

There is no such thing without risk…

Christian LERMINIAUX

President of GIS 3 SGS

Introduction1

The “supervision, safety and security of large systems” theme is currently present at all levels, particularly at the European and national levels. It is relevant to every large facility, infrastructure or organization, whether public or private. It appears, however, that public and private research facilities currently tackle this theme from different angles and in a “scattered” way. This scattering can be explained by the strongly multidisciplinary nature of this area, which does not come under the umbrella of an academic subject. The gathering together of these structures and the industrialists concerned is the best response that can be taken for France to play a leading role in the worldwide development of this major and rapidly emerging field. It is within this framework that at the end of April 2007, MESR (Ministère de l'Enseignement supérieur et de la Recherche - French Ministry of Higher education and Research) founded the scientific interest group: “surveillance, sûreté et sécurité des grands systèmes” (supervision, safety and security of large systems) - GIS 3SGS.

This foundation was prompted by several university laboratories that had noticed that research on models of safety and security assessment is usually contextual, i.e. associated with an industrial object. Scientific initiatives are therefore not really structured around these themes: there is a true scientific challenge to create coherence between global models representing a system and models developed at the scale of a component or subsystem, the latter being necessary because of the source of industrial specifications and maintenance policies. These two scales are necessary, but strongly dependant.

The scientific problems in the area of surveillance, safety and security of large systems, which pose a high risk in the long term, are in constant evolution because of:

– the evolution and replacement of the systems currently in operation;

– the constant complexity of systems;

– the increasing demands in terms of industrial safety;

– the availability constraints; and

– the evolution of information and communication technologies.

All this requires the development of new methodologies, the design of new models, the implementation of new simulation methods, the diffusion of new knowledge, etc.

The supervision approach

Supervision plays a leading role in the operation of large systems. From the realtime analysis of data collected online, it requires quick decision-making and thereby implies the consideration of the time variable. Faced with the complexity of large systems, surveillance has to be robust in relation to the uncertainties and errors that are associated with both the models and the data. The surveillance methods need to be integrated to the systems of control and command (remote machine monitoring) and need to be improved by using information on the reliability of components as well as on the maintenance operations.

The increasing use of systems including software and digital data requires total control of all aspects of safety and security, often already required by current regulations. These aspects play a leading role in the adoption of digital systems in the economic, legal and the societal context, and are an essential factor for innovation, and hence for economic development.

The merging of the currently independent approaches towards surveillance issues (automatics, signal and computer science) requires the cooperation of actors from these different communities.

The safety approach

The control of risks requires a systemic approach when large complex systems are involved. Methods relating to operating safety are developed with this goal in mind and allow for this control from the point of view of the reliability, maintainability and security of large systems.

The development of models and methods of assessment and the optimization of the safety of large systems is therefore organized around several structuring themes:

– “Human factor” (HF) models that are adapted to large systems and/or supporting studies upstream from their design: the operator is a potential source of an undesirable event, but he or she is also a fundamental element in the control or recovery chain following such an event. It is therefore necessary to improve the existing HF models, in particular to help designers at the time of the upstream studies.

– The analysis of positive feedback (APF), or precursors, needs to be developed to make the system effective and efficient. In systems where several components interact that are based at different geographical localizations (several separate rooms, physical separation, etc.), the coexistence of varied human activities requires the use of models enabling us to ensure a common representation of the state of the facility or system. Such tools have yet to be created from an operational point of view. Similarly, the development of models and industrial tools enabling the a priori simulation of risky operations should be encouraged (for instance, studies such as decentralized multifactor operations).

– Modeling of the damage and ageing of systems and optimization of maintenance: the surveillance/maintenance interaction (conditional or predictive maintenance, health monitoring) where maintenance decisions are based on a diagnostic or prognosis of the state of the system, established from surveillance data.

– Safety of instrumented/programmed systems of security and command and control: safety, assessment and certification of software and systems, particularly in the case of embedded systems, in order to obtain fault-tolerant systems, amongst other things.

– Study of fault-tolerant systems with the intention of suggesting new methodologies for the reconfiguration of system control laws subjected to failures: the modeling and development of methods for reliable systems by using (semi)formal methods and demonstration tools in order to define the proven development cycle of a system with a predominant software from a specification, to design a system integrating software elements whose safety or security properties are guaranteed by design, forward-looking maintenance and collaborative maintenance (multiagent systems) for e-maintenance strategies.

The security approach

The issue of the security of large systems integrating software plays a leading role in the adoption of digital systems. The systems that are of interest to us can be “software”, “hardware” or “hybrid” based, as in the case of process control systems. The security of systems is of increasing importance in the prevention of and protection against hacking by the incorporation of confidentiality, access control or anonymity, and by controlling the information flow and its coherence with respect to individual freedom and national constraints.

To address issues regarding security, it is essential to define security policies and their mechanisms of implementation. The definition of a security policy is important since it determines an acceptable level of security. The actions will concern the proven security of services, secured protocols, cryptography, computer virology, the validation of services, the management of certifications and revocations. Particular attention should be paid to the control strategies of resources dependent on economic models, without forgetting the methods of identification and authentication and the control of information management.

The concepts of surveillance, safety and security are complementary and strongly interact. There are tight links between aspects of security (resistance to acts of sabotage) and safety, whose operation is validated against unintentional faults. These links must be developed. The problems of the two systems are often interwoven. As an example, coding errors are taken advantage of to create security breaches: it is therefore also necessary to formally prove the correction and robustness of security. On the other hand, the plans for the continuity of activity are essential. Their design emphasizes a necessary link between safety and security.

The contributions of this area to global security are characterized by two aspects. The first concerns the adaptation of risk analysis methods for the identification and assessment of risks associated with threats of human origin (sabotage). The second aspect is the use of probabilistic and scenario approaches, in order to evaluate the “security” performances of systems (integrated security system).

The scope and organization of GIS 3SGS

The following university laboratories are working with GIS 3SGS in order to cover all of the scientific and technical areas to be implemented within the GIS 3SGS framework:

– CRAN, Nancy research center for automatics (Nancy University, CNRS);

– CReSTIC, Research center for information and communication sciences and technologies (URCA, Reims Champagne-Ardenne University);

– Heudiasyc Laboratory for the heuristics and diagnostics of complex systems (UTC, University of Technology of Compiègne, CNRS);

– ICD, Charles Delaunay Institute (University of technology of Troyes, CNRS);

– LAGIS, laboratory of automatics, computer science engineering and signaling (University of sciences and technologies of Lille, Ecole Centrale de Lille, CNRS);

– LAMIH, Laboratory for automatics, mechanics, and industrial and human computer science (University of Valenciennes and Hainaut-Cambrésis, CNRS);

– LORIA, Laboratory of Lorraine for research in computer science and its applications (Henri Poincaré University, Institut National Polytechnique de Lorraine, INRIA, Research institute in computer science and automatics, CNRS).

The industrial problems have, mainly, been suggested by EDF (Electricity of France), the CEA (French Atomic Commission) and ANDRA (the National Radioactive Waste Management Agency), who are founding members of GIS.

Let us mention that, besides MESR and CNRS, INRIA and the General Council of Aube have also contributed to the running of GIS 3SGS. DGA (the General Army Agency) and SGDSN (the Agency for Defense and National Safety) have also provided constant support.

From a practical point of view, GIS 3SGS has worked under the supervision of a gathering council, led by Christian Lerminiaux, director of the University of Technology of Troyes, and with the help of a very active scientific council, initially led by Sylviane Gentil (INPG), then by Jean Arlat, director of the Laboratory of Systems Analysis and Architecture at Toulouse University (CNRS).

GIS 3SGS aims to make the approaches relative to the research on safety, surveillance and security of large systems transversal and complementary. Within this framework, it has been a breeding ground for collaborative projects between industry and research laboratories in the following application areas: energy, transport, information and digital systems, networks and critical infrastructures. The actions and projects led by GIS 3SGS include:

– call on different methods and complementary disciplines;

– the use of a generic methodology applicable to different areas;

– the favoring of flexibility: small projects have led to more ambitious projects, dealing with complex problems; and

– the implementation of collaborations between laboratories and favoring laboratory/industry networks.

This book presents the research projects carried out within the framework of this scientific interest group, particularly those on surveillance and operating safety. All of the projects supported by GIS 3SGS started as a problem suggested by an industrialist and at least two different university teams had to be assembled. They concerned several novel aspects of supervision, the predictive assessment of maintenance operations, diagnostic and prognosis methods, operating in faulty mode, reliability, performance, command and control, reconfiguration, and uncertainties. This was achieved by using dynamic or probabilistic modeling and by taking into account human factors, environmental factors and feedback.

Organization of the book

Part 1: the presentation of three industrial problems relating to nuclear energy:

– the first being related to aspects of the maintenance of a nuclear power plant in operation;

– the second to the surveillance of the operation of the steam generators of fourth-generation nuclear reactors that are currently being studied (sodium-cooled fast reactors);

– the third to the optimization of the distribution of the instrumentation of an underground nuclear waste storage in space and time.

Part 2: a presentation of research projects carried out within the framework of six projects on the supervision and modeling of complex systems in the areas of transport and energy. The results obtained (fault indicators, tolerance to faults, reliability model for complex, hybrid and dynamic systems) are applicable in many other industrial areas.

Part 3: the presentation of prospective studies of surveillance and analysis relating to the means of operation of a steam generator within the framework of studies of a fourth-generation nuclear reactor. The research re-analyzes the acoustic signals recorded in 1994 in the steam generators of the PFR Scottish reactor during the deliberate injections of gas into the liquid sodium.

Part 4: the presentation of tools and methods enabling us to simultaneously analyze organizational, human, technical and environmental factors and their interdependence; and to identify the factors whose conjunction can weaken the defense system (accidents/incidents on large systems). The research carried out applies to two industrial problems - a methodology enabling us to apprehend the systems according to the organizational levels: “action” (the human operator) and technical.

1 Introduction written by Yves VANDENBOOMGAERDE, Christian LERMINIAUX and Nada MATTA.

PART 1Industrial Issues

Chapter 1Safety and Performance of Electricity Production Facilities1

In an increasingly demanding regulatory, legal and social context, power utilities always look for the improvement of the safety and performance of their plants. In the long term they do this by preserving, or even extending the lifetime of their industrial assets. For instance from EDF's (Electricité de France) point of view, this leads to three challenges.

The first challenge is complexity, the complexity of a nuclear, hydraulic or thermal power plant, of an electricity transport network, etc. Risk assessment and management requires understanding a sociotechnical system at every level and in every dimension: the component (itself constituted of elementary components), the equipment (made up of components), the technical system, (combination of pieces of equipment), the individuals and teams organized in complex structures who design or run the system and, last but not least, the environment of the system (natural, technological, organizational, regulation, etc.)

For this challenge, our research projects deal with the methods and tools for the assessment of the risks of a system run by humans, for the design of work situations adapted to humans, and for the organizational diagnostic of the safety and resilience of an organization.

The second challenge is uncertainty. It is everywhere: in physical phenomena and associated hazards, in their measure, their modeling, and in any human activity.

To manage uncertainty, we have to decrease its sources (with more observations, and data) or its consequences (by taking conservative margins), and to use reference methodologies to evaluate all the sources and consequences of uncertainties.

The third challenge is decision-making and action. Here we have the difficulty of managing potential antagonisms inherent to industrial goals. The most obvious, for instance, involves safety and performance, in order to increase at once the short-term performance and durability of the facility. The decision must be made based on a problem that is properly defined and associated with an exhaustive analysis of the stakes carried by the different parties involved. It must also be based on a shared process that associates the parties involved in the decision (experts, managers, external parties etc.), and which accounts for the diversity of risk appraisal.

The GIS 3SGS has enabled developments that will contribute to these challenges being taken up. It is about developing methods, models and tools enabling the probabilistic evaluation of safety and reliability before making a decision, or guiding and justifying the choices of maintenance and investments during operation. It also involves the multicriteria modeling or the cost-benefit approach, bringing together strong and opposable decision elements for the management of industrial risks.

Among the projects presented in this book, we will mention for instance APPRODYN, DEPRADEM and MARATHON.

APPRODYN contributes to the challenge of complexity. It is about experimenting and comparing approaches of dynamic reliability to model the availability of critical systems in a probabilistic way. It focuses in particular on the complex interactions between the physical processes (modeled by continuous variables) and command and control (modeled by discrete variables), in the presence of (stochastic) faults or rare contexts.

MARATHON contributes to the challenge of uncertainty. It focuses on a methodology of risk analysis that enables us to prioritize the risks of sociotechnical systems interacting strongly with their environment. The goal is to identify the different types of uncertainties linked to the knowledge created in this type of analysis (coming from operating experience and experts' claims) and to choose the best method adapted to this integration approach from between the methods of propagation of uncertainties.

The DEPRADEM project focuses on modeling the damage and prognostics in a decision-aid related to maintenance. Its goal is to integrate quantitative data in the maintenance decisions by implementing methods that are able to consider damage mechanisms, their effects and the efficiency of the actions undertaken. It is about introducing rationality to the choices made through a better prediction of the results of maintenance strategies on pieces of equipment in operation. The purpose is to fulfill the safety, security, availability, sustainable development and economic efficiency requirements. The study lies at the interfaces between damage/prognostic and prognostic/decision of maintenance. It is about identifying the methodological adaptations and the tools to be developed so that the prognostics can take into account the results of damage models, and maintenance can take into account the results from a prognostic process.

1 Chapter written by Gilles DELEUZE, Jean PRIMET, Philippe KLEIN, Carole DUVAL and Antoine DESPUJOLS.

Chapter 2Monitoring of Radioactive Waste DisposalCells in Deep Geological Formation1

2.1. Context

The French agency for radioactive waste management (Andra) is in charge of the long-term management of radioactive waste generated in France. Within the framework of this mission, it uses its expertise and its know-how to enable the state to implement safe management solutions for all French radioactive waste in order to protect the current and future generations from the risk this waste represents. Andra manages two disposal facilities in operation in the Aube district accepting very low-level radioactive waste to low- and intermediate-level short-lived radioactive waste, as well as a closed center in the monitoring phase in the Manche district.

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!

Lesen Sie weiter in der vollständigen Ausgabe!