Search Results (33)

The intrinsic hazards associated with high-pressure hydrogen, combined with electromechanical interactions in hybrid architectures, pose significant challenges in predicting potential system risks during the conceptual design phase. In this paper, a risk analysis methodology integrating systems theoretic process analysis (STPA), D-S evidence theory, and Bayesian networks (BN) is established. The approach employs STPA to identify unsafe control actions and analyze their loss scenarios. Subsequently, D-S evidence theory quantifies the likelihood of risk factors, while the BN model’s nodal uncertainties to construct a risk network identifying critical risk-inducing events. This methodology provides a comprehensive risk analysis process that identifies systemic risk elements, quantifies risk probabilities, and incorporates uncertainties for quantitative risk assessment. These insights inform risk-averse design decisions for hydrogen–electric hybrid powered aircraft. A case study demonstrates the framework’s effectiveness. The approach bridges theoretical risk analysis with early-stage engineering practice, delivering actionable guidance for advancing zero-emission aviation. Full article

Enhancing the safety standards of autonomous ships is a shared objective of all stakeholders involved in the maritime industry. Since the existing hazard analysis work for autonomous ships often exhibits a degree of subjectivity, in the absence of data support, the verification of hazard analysis results has become increasingly challenging. In this study, a formal verification method in a risk-based assessment framework is proposed to verify the hazard analysis results for autonomous ships. To satisfy the characteristics of high time sensitivity, time automata are adopted as a formal language while model checking based on the formal verification tool UPPAAL is used to complete the automatic verification of the liveness of system modeling and correctness of hazard analysis results derived from extended System-Theoretic Process Analysis (STPA) by traversing the finite state space of the system. The effectiveness of the proposed method is demonstrated through a case study involving a remotely controlled ship. The results indicate that the timed automata network model for remotely controlled ships, based on the control structure, has no deadlocks and operates correctly, which demonstrates its practicability and effectiveness. By leveraging the verification of risk analysis results based on model checking, the framework enhances the precision and traceability of these inputs into RBAT. The results disclose the significance of the collaborative work between safety and system engineering in the development of autonomous systems under the definition of human–computer interaction mode transformation. These findings also hold reference value for other intelligent systems with potential hazards. Full article

This study addresses threat scenario identification and quantitative evaluation in the context of the information security risk assessment process for airborne networks. A method integrating an improved system-theoretic process analysis (STPA) and the technique for order preference by similarity to an ideal solution (TOPSIS) is proposed. A safety control interaction structure is first established based on the system-level loss definition to identify unsafe control actions and derive STPA-Sec threat conditions. Then, the opinion aggregation method based on the weakest t-norm is introduced to address the uncertainty from insufficient expert consensus and opinion deviation. To address the intrinsic correlations among evaluation indicators, the criteria importance through intercriteria correlation (CRITIC) method is applied to determine indicator weights. These weights are subsequently incorporated into the TOPSIS framework to assess the identified threat scenarios. Comparative analysis confirms the effectiveness of the proposed approach. The results show that the improved STPA-TOPSIS method enables the reliable identification of security threats in airborne networks and supports the prioritization of threat scenarios by severity, facilitating the implementation of targeted mitigation strategies. Full article

An increasing demand can be observed in ship-to-ship (STS) liquefied natural gas (LNG) bunkering operations, and the failures involved may lead to considerable casualties or environmental damage. For this purpose, a comprehensive methodology is proposed in this study to identify and assess these failure modes. In detail, the STS LNG bunkering process is first decomposed to develop a hierarchical structure according to systems-theoretic process analysis (STPA), the results of which serve to identify potential failure modes and their causes. Then, all the failure modes are evaluated by experts in terms of occurrence, severity, and detectability to develop a fuzzy confidential matrix, which is then transferred as an explicit confidential matrix to be weighted and normalized. Finally, the risk levels of these failure modes are analyzed by relative closeness obtained from the technique for order preference by similarity to an ideal solution (TOPSIS). This study determines nine failure modes, all of which are ranked in terms of risk level. “High pressure in vapor return line”, and “High flow rate and leakage of LNG” are determined as the top two failure modes, with risk closeness values of 0.5791 and 0.5728, respectively. “Power failure for emergency valves” is ranked as the last one, with the risk closeness value being 0.5444. Finally, suggestions are proposed according to bunkering operation guidelines to prevent or control these failure modes. Full article

To address the need for an in-depth exploration of traffic accidents involving intelligent vehicles and to elucidate the influence mechanism of road environment interference factors on both assisted driving systems and human drivers during such accidents, a comprehensive analysis has been conducted using the System-Theoretic Process Analysis (STPA) framework. This analysis focuses on road static facilities, traffic dynamic characteristics, and instantaneous weather conditions in automobile traffic accidents that occur under the human-machine co-driving paradigm with integrated assisted driving functions. Based on these insights, an interference model tailored to road environment factors in traffic accidents of assisted driving vehicles has been constructed.Utilizing recent traffic accident cases in China, the Accident Map (AcciMap) methodology was employed to systematically classify and analyze all accident participants across six levels. Through this rigorous process, 59 accident factors were refined and optimized, culminating in a method for assessing the degree of interference posed by road environment factors in traffic accidents involving assisted driving vehicles. The ultimate objective of this research is to enhance the investigation of road environment interference factors following accidents that occur with diverse assisted driving functions in human-machine co-driving scenarios. By providing a structured and analytical approach, this study aims to support future research endeavors in developing effective traffic accident prevention countermeasures tailored to assisted driving vehicles. Full article

The European building stock is aging and needs renovation. Holistic renovation approaches, including Vertical Forest (VF) systems, are emerging as sustainable alternatives to demolition and reconstruction. This paper reviews and defines missing reliable damage and hazard intensity measures for the holistic renovation of existing reinforced concrete (RC) buildings with VF systems. Based on an extensive literature review and preliminary studies, including empirical multiparametric system evaluation assessments, Monte Carlo simulations, and System-Theoretic Process Analysis (STPA), combined structural, non-structural, vegetation, and human comfort components are examined. Key damage indicators are identified, including interstory drift ratio, residual deformation, concrete and reinforcement strains/stresses, and energy dissipation, and their applicability to VF-integrated structures are evaluated. Green modifications are found to have higher risk profiles than traditional RC buildings (mean scores from Monte Carlo method: 9.72/15–11.41/15 vs. 9.47/15), with moisture management and structural integrity as critical concerns. The paper advances the understanding of hazard intensity measures for seismic, wind, and rainfall impacts. The importance of AI-driven vegetation monitoring systems with 80–99% detection accuracy is highlighted. It is concluded that successful VF renovation requires specialized design codes, integrated monitoring systems, standardized maintenance protocols, and enhanced control systems to ensure structural stability, environmental efficiency, and occupant safety. Full article

China is actively advancing offshore oil and gas exploration and development, focusing on addressing the technical challenges associated with resource extraction in shallow waters. The shallow-water subsea tree development model has gradually been applied in such environments, alleviating some construction difficulties. However, it still poses well control risks that require systematic analysis and quantitative evaluation. Given that the blowout preventer (BOP) is located on the platform and the shallow-water subsea tree is only used during certain drilling stages, this study divided the drilling process into two phases: the first three sections and the fourth section. Based on the “man–machine–material–environment” analytical framework and an improved system-theoretic process analysis (STPA), a control model for the construction phases was developed. Fault tree analysis (FTA) was then employed to identify comprehensively the potential risks from the platform to the wellbore in both phases. Subsequently, the decision-making trial and evaluation laboratory (DEMATEL) method were used to assess quantitatively the well control risks. Using the average weight as the evaluation criterion, high-risk factors exceeding the average weight in each phase were identified. The results indicate that in the shallow-water subsea tree development model, well control risks in the first three drilling sections primarily stem from human errors and equipment failures, while risks in the fourth section are mainly caused by damage to the subsea tree itself. The identified risk factors provide a theoretical basis for enhancing well control safety management in the shallow-water subsea tree development model. Full article

This paper presents the fuzzy real-time safety level (Fuzzy RealTSL) methodology. It aims to address the data uncertainties resulting from a lack of sensors in complex sociotechnical systems and reduce the need for the determination of their safety level in real-time during their operation. To achieve this, the methodology utilizes: (1) safety constraints from STPA (systems theoretic process analysis) analysis and EWaSAP (early-warning-signs analysis process), (2) fuzzy logic as the mathematical backbone to identify the degree of confidence about the occurrence of unsafe system states, (3) a modified centroid point and spread ordering to enable ordering sequences of unsafe system states that can lead to accidents according to how detrimental they are to the system safety. The RealTSL methodology is presented through its step-by-step application to the panel alignment system of a solar park utilizing rotating solar arrays. This paper aims to open a new perspective on the STAMP literature for discussions of uncertainties from a lack of information about the system’s state and to make it easier to measure its safety level. Knowing the safety level of a system in real-time is crucial for the systems in question as it enables proactive risk management and enhances decision-making by providing immediate insights into potential hazards, thus safeguarding against accidents. Full article

The remote control ship is considered to be the most likely implementation of maritime autonomous surface ships (MASS) in the near-term future. With collaborative control from onboard controllers and operators ashore, ships may operate in three navigation control modes (NCMs), manual, autonomous, and remote control, based on different levels of control authority. The scientific selection of the appropriate NCM for MASS under multiple driving modes is crucial for ensuring ship navigation safety and holds significant importance for operators and regulatory authorities overseeing maritime traffic within specific areas. To aid in selecting the proper NCM, this study introduces a risk-based comparison method for determining optimal control modes in specific scenarios. Firstly, safety control paths and processes for MASS under different NCMs are constructed and analyzed using system-theoretic process analysis (STPA). By analyzing unsafe system control actions, key Risk Influencing Factors (RIFs) and their interrelationships are identified. Secondly, a Hidden Markov Model (HMM) process risk assessment model is developed to infer risk performance (hidden state) through measuring RIF states. Cloud modeling with expert judgments is utilized to parameterize the HMM while addressing inherent uncertainty. Lastly, the applicability of the proposed framework was verified through simulation case studies. Typical navigation scenarios of conventional ships in coastal waters were chosen, and real-time data collected by relevant sensors during navigation were used as simulation inputs. Results suggest that in the same scenario, process risks differ among the analyzed NCMs. Traffic complexity, traffic density, and current become the primary factors influencing navigation risks, and it is necessary to select the appropriate NCM based on their real-time changes. Full article

In the maritime domain, hydrogen fuel cell propulsion and autonomous vessels are two important issues that are yet to be implemented together because of a few challenges. It is obvious that there are several individual safety studies on Maritime Autonomous Surface Ships and hydrogen storage as well as fuel cells based on various risk assessment tools but the combined safety studies that include hydrogen fuel cells on autonomous vessels with recent risk analysis methods are extremely limited. This research chooses the “System-Theoretic Process Analysis” (STPA) method which is a recent method for potential risk identification and mitigation. Both hydrogen and autonomous vessels are analyzed and assessed together with the STPA method. Results are not speculative but rather flexible compared to conventional systems. The study finds a total of 44 unsafe control actions (UCAs) evolved from human and central control unit controllers through STPA. Further, the loss scenarios (LS) are identified that lead to those UCAs so that loss scenarios can be assessed and UCAs can be mitigated for safe operation. The objective of this study is to ensure adequate safety for hydrogen fuel cell propulsion on autonomous vessels. Full article

Rapid urbanization in developing countries poses challenges such as rising crime rates and resource scarcity. Unmanned Aircraft Systems (UAS) offer a promising solution to enhance public safety, but their integration requires addressing specific challenges. This study employs the Systems-Theoretic Accident Model and Processes (STAMP) and System-Theoretic Process Analysis (STPA) methodologies to identify potential hazards and requirements for integrating UAS into public safety systems in urban environments. The research objectives include identifying hazards and challenges, developing safety requirements and guidelines, and proposing strategies for efficient infrastructure investment. The proposed framework, based on STAMP/STPA, includes additional steps to consider early-stage systems and maintain stakeholder traceability. A risk matrix approach is utilized to prioritize risk mitigation measures for cost-effectiveness. The findings of this study provide valuable insights for policymakers and urban planners in developing countries seeking to harness the potential of UAS technology for enhancing public safety while addressing the unique challenges posed by rapid urbanization. Full article

Experience-based methods like reinforcement learning (RL) are often deemed less suitable for the safety field due to concerns about potential safety issues. To bridge this gap, we introduce STPA-RL, a methodology that integrates RL with System-Theoretic Process Analysis (STPA). STPA is a safety analysis technique that identifies causative factors leading to unsafe control actions and system hazards through loss scenarios. In the context of STPA-RL, we formalize the Markov Decision Process based on STPA analysis results to incorporate control algorithms into the system environment. The agent learns safe actions through reward-based learning, tracking potential hazard paths to validate system safety. Specifically, by analyzing various loss scenarios related to the Platform Screen Door, we assess the applicability of the proposed approach by evaluating hazard trajectory graphs and hazard frequencies in the system. This paper streamlines the RL process for loss scenario identification through STPA, contributing to self-guided loss scenarios and diverse system modeling. Additionally, it offers effective simulations for proactive development to enhance system safety and provide practical assistance in the safety field. Full article

A cyber-physical system (CPS) integrates communication and automation technologies into the operational processes of physical systems. Nowadays, as a complex CPS, an intelligent connected vehicle (ICV) may be exposed to accidental functional failures and malicious attacks. Therefore, ensuring the ICV’s safety and security is crucial. Traditional safety/security analysis methods, such as failure mode and effect analysis and attack tree analysis, cannot provide a comprehensive analysis for the interactions between the system components of the ICV. In this work, we merge system-theoretic process analysis (STPA) with the concept phase of ISO 26262 and ISO/SAE 21434. We focus on the interactions between components while analyzing the safety and security of ICVs to reduce redundant efforts and inconsistencies in determining safety and security requirements. To conquer STPA’s abstraction in describing causal scenarios, we improved the physical component diagram of STPA-SafeSec by adding interface elements. In addition, we proposed the loss scenario tree to describe specific scenarios that lead to unsafe/unsecure control actions. After hazard/threat analysis, a unified risk assessment process is proposed to ensure consistency in assessment criteria and to streamline the process. A case study is implemented on the autonomous emergency braking system to demonstrate the validation of the proposed method. Full article

The autonomous shipping industry is increasingly focusing on enhancing the safety and reliability of software-based systems. Conducting a risk assessment is a requirement for demonstrating the safety equivalence of autonomous ships based on such systems to conventional vessels. Traditional risk assessment models, however, primarily focus on hardware failures, often overlooking potential software-related failures and functional inadequacies. This study proposes a framework integrating Software Failure Mode and Effects Analysis (FMEA), System–Theoretic Process Analysis (STPA), and Bayesian Network (BN) for risk identification of autonomous ship software systems. The results of a case study reveal that the framework sufficiently addresses the multifaceted nature of risks related to software in autonomous ships. Based on the findings of this study, we suggest the need for standardization of software architecture development in the autonomous ship industry and highlight the necessity for an enhanced understanding of AI-specific risks and the development of tailored risk assessment methodologies. Full article

In drinking water catchments, exploiting ecosystem services provided by stream buffers has the potential to complement conventional engineering solutions such as water treatment and reduce the overall public health risks to consumers. These stream buffers interrupt the movement of contaminants and sediments from non-point source sources, such as agricultural land, to surface waters. Effectively managing stream buffers can be challenging due to the complexity and diversity of factors that can directly and indirectly impact efficacy. This study uses System Theoretic Process Analysis (STPA) and Early Warning Signal Analysis based on STPA (EWaSAP) methodology to systematically examine the sociotechnical structures for managing stream buffers in surface water catchments using a theoretical scenario representative of typical surface water supplies. The combination of STPA and EWaSAP provides a practical approach for developing requirements for stream buffers in drinking water catchments, focusing on hazard assessment and management measures. The evaluation considers the complex management arrangements for land uses within catchment areas. The performance and effectiveness of these actions can be tracked through the selected sensors and early warning measures. As a practical matter, this approach would help specify requirements for catchment management and drinking water source protection that can be systematically integrated into relevant management strategies. Full article