Improved Hazard Analysis for Novel Vehicle Configurations Using the Systems-Theoretic Process Analysis

Urban mobility is in the midst of a revolution, driven by the convergence of technologies such as artificial intelligence, on-demand ride services, and Internet-connected and self-driving vehicles. Technological advancements often lead to new hazards. Coupled with the increased levels of automation and connectivity in the new generation of autonomous vehicles, cybersecurity is emerging as a key threat affecting these vehicles. Traditional hazard analysis methods treat safety and security in isolation and are limited in their ability to account for interactions among organizational, sociotechnical, human, and technical components. In response to these challenges, the cybersafety method, based on System Theoretic Process Analysis (STPA and STPA-Sec), was developed to meet the growing need to holistically analyze complex sociotechnical systems. We applied cybersafety to coanalyze safety and security hazards, as well as identify mitigation requirements. The results were compared with another promising method known as Combined Harm Analysis of Safety and Security for Information Systems (CHASSIS). Both methods were applied to the Mobility-as-a-Service (MaaS) and Internet of Vehicles (IoV) use cases, focusing on over-the-air software updates feature. Overall, cybersafety identified additional hazards and more effective requirements compared to CHASSIS. In particular, cybersafety demonstrated the ability to identify hazards due to unsafe/unsecure interactions among sociotechnical components. This research also suggested using CHASSIS methods for information lifecycle analysis to complement and generate additional considerations for cybersafety. Finally, results from both methods were backtested against a past cyber hack on a vehicular system, and we found that recommendations from cybersafety were likely to mitigate the risks of the incident.

Download Full-text

A Novel Hazard Analysis and Risk Assessment Approach for Road Vehicle Functional Safety through Integrating STPA with FMEA

Applied Sciences ◽

10.3390/app10217400 ◽

2020 ◽

Vol 10 (21) ◽

pp. 7400

Author(s):

Lei Chen ◽

Jian Jiao ◽

Tingdi Zhao

Keyword(s):

Risk Assessment ◽

Process Analysis ◽

Hazard Analysis ◽

International Standards ◽

Functional Safety ◽

Road Vehicles ◽

Effect Analysis ◽

Automotive Safety ◽

Safety Requirements ◽

Assessment Approach

ISO26262: 2018 is an international functional safety standard for electrical and/or electronic (E/E) systems within road vehicles. It provides appropriate safety requirements for road vehicles to avoid unreasonable residual risk according to automotive safety integrity levels (ASILs) derived from hazard analysis and risk assessment (HARA) required in the ISO26262 concept phase. Systems theoretic process analysis (STPA) seems to be designed specifically to deal with hazard analysis of modern complex systems, but it does not include risk evaluation required by most safety related international standards. So we integrated STPA into Failure Mode and Effect Analysis (FMEA) template to form a new method called system theoretic process analysis based on an FMEA template, STPAFT for shot, which could not only meet all the requirements of the concept phase in ISO26262, but also make full use of the advantages of the two methods. Through the focus of FMEA on low-level components, STPAFT can obtain more detailed causal factors (CFs), which is very helpful for derivation of safety goals (SGs) and the functional safety requirements (FSRs) in the concept phase of ISO26262. The application of STPAFT is described by the case study of fuel level estimation and display system (FLEDS) to show how the concept phase of ISO26262 could be supported by STPAFT.

Download Full-text

System-Theoretic Process Analysis (STPA) for Hazard Analysis in Complex Systems: The Case of “Demand-Side Management in a Smart Grid”

Systems ◽

10.3390/systems8030033 ◽

2020 ◽

Vol 8 (3) ◽

pp. 33 ◽

Cited By ~ 1

Author(s):

Stylianos Karatzas ◽

Athanasios Chassiakos

Keyword(s):

Smart Grid ◽

Complex Systems ◽

Energy Management ◽

Demand Response ◽

Energy Demand ◽

Process Analysis ◽

Hazard Analysis ◽

Energy Market ◽

System Modelling ◽

Home Energy Management

Inelasticity of demand along with the distributed energy sources and energy market democratization pose significant challenges which have considerable negative impacts on overall grid balance. The need for increased capacity and flexibility in the era of energy market digitalization has introduced new requirements in the energy supply network which could not be satisfied without continuous and costly local power network upgrades. Additionally, with the emergence of Smart Homes (SHs) and Home Energy Management (HEM) systems for monitoring and operating household appliances, opportunities have arisen for automated Demand Response (DR). DR is exploited for the modification of the consumer energy demand, in response to the specific conditions within the electricity system (e.g., peak period network congestion). In order to optimally integrate DR in the broader Smart Grid (SG) system, modelling of the system parameters and safety analysis is required. In this paper, the implementation of STPA (System-Theoretic Process Analysis) structured method, as a relatively new hazard analysis technique for complex systems is presented and the feasibility of STPA implementation for loss prevention on a Demand Response system for home energy management, and within the complex SG context, is examined. The applied method delivers a mechanism useful in understanding where gaps in current operational risk structures may exist. The STPA findings in terms of loss scenarios can be used to generate a variety of safeguards to ensure secure operational control and in implementing targeted strategies through standard approaches of risk assessment.

Download Full-text

Comparison of Diesel-Electric with Hybrid-Electric Propulsion System Safety Using System-Theoretic Process Analysis

10.3940/rina.ppa.2019.08 ◽

2019 ◽

Author(s):

V Bolbot ◽

G Theotokatos ◽

E Boulougouris ◽

D Vassalos

Keyword(s):

Electric Propulsion ◽

Process Analysis ◽

Hazard Analysis ◽

Propulsion System ◽

Cruise Ship ◽

Propulsion Systems ◽

Electric Propulsion System ◽

Automation And Control ◽

Hybrid Electric ◽

And Control

Cruise ship industry is rapidly developing, with both the vessels size and number constantly growing up, which renders ensuring passengers, crew and ship safety a paramount necessity. Collision, grounding and fire are among the most frequent accidents on cruise ships with high consequences. In this study, a hazard analysis of diesel-electric and hybrid-electric propulsion system is undertaken using System-Theoretic Process Analysis (STPA). The results demonstrate significant increase in potential hazardous scenarios due to failures in automation and control systems, leading to fire and a higher number of scenarios leading to propulsion and power loss in hybrid-electric propulsion systems than on a conventional cruise-ship propulsion system. Results also demonstrate that STPA enhancement is required to compare the risk of two propulsion systems.

Download Full-text

A Novel System-Theoretic Matrix-Based Approach to Analysing Safety and Security of Cyber-Physical Systems

Telecom ◽

10.3390/telecom2040030 ◽

2021 ◽

Vol 2 (4) ◽

pp. 536-553

Author(s):

Lin-Shen Liew ◽

Giedre Sabaliauskaite ◽

Nandha Kumar Kandasamy ◽

Choong-Yew William Wong

Keyword(s):

Process Analysis ◽

Hazard Analysis ◽

Cyber Physical Systems ◽

Monitoring And Control ◽

Residential Energy ◽

Monitoring And Control System ◽

Physical Systems ◽

Safety Risks ◽

Analysis Technique ◽

And Control

Cyber-Physical Systems (CPSs) are getting increasingly complex and interconnected. Consequently, their inherent safety risks and security risks are so intertwined that the conventional analysis approaches which address them separately may be rendered inadequate. STPA (Systems-Theoretic Process Analysis) is a top-down hazard analysis technique that has been incorporated into several recently proposed integrated Safety and Security (S&S) analysis methods. This paper presents a novel methodology that leverages not only STPA, but also custom matrices to ensure a more comprehensive S&S analysis. The proposed methodology is demonstrated using a case study of particular commercial cloud-based monitoring and control system for residential energy storage systems.

Download Full-text

Improving Hazard Analysis of Integrated Modular Avionics System based on System-Theoretic Process Analysis

2018 Aviation Technology, Integration, and Operations Conference ◽

10.2514/6.2018-3052 ◽

2018 ◽

Author(s):

Hao Rong

Keyword(s):

Process Analysis ◽

Hazard Analysis ◽

Integrated Modular Avionics

Download Full-text

How Completely and Similarly Do Safety Authorities Address Hazards Posed by New Technology? A Paradigm from Small-drone Operations

Journal of Safety Studies ◽

10.5296/jss.v2i2.10442 ◽

2016 ◽

Vol 2 (2) ◽

pp. 79 ◽

Cited By ~ 1

Author(s):

Anastasios Plioutsias ◽

Nektarios Karanikas ◽

Maria Mikela Chatzimichailidou

Keyword(s):

Gap Analysis ◽

Process Analysis ◽

Hazard Analysis ◽

New Technology ◽

End User ◽

Continuous Increase ◽

Market Growth ◽

The Public ◽

Safety Requirements ◽

Regulatory Frameworks

<p class="Default">The continuous increase of accident and incident reports has indicated the potential of drones to threaten public safety. The published regulatory framework for small drones is not visibly based on a comprehensive hazard analysis. Also, a variety in the constraints imposed by different regulatory frameworks across the globe might impede market growth and render small-drone operations even more complicated since light drones might be easily transferred and operated in various regions with diverse restrictions. In our study we applied the Systems-Theoretic Process Analysis (STPA) method to small-drone operations and we generated a first set of Safety Requirements (SR) for the authority, manufacturer, end-user and automation levels. Under the scope of this paper, we reviewed 56 drone regulations published by different authorities, and performed (1) a gap analysis against the 57 SRs derived by STPA for the authority level, and (2) Intra-Class Correlations in order to examine the extent of their harmonization. The results suggest that the regulations studied satisfy 5.3% to 66.7% of the SRs, and they are moderately similar. The harmonization is even lower when considering the range of values of various SRs addressed by the authorities. The findings from the drones’ case show that regulators might not similarly and completely address hazards introduced by new technology; such a condition might affect safety and impede the distribution and use of products in the international market. A timely and harmonized standardization based on a systematic hazard analysis seems crucial for tackling the challenges stemmed from technological advancements, especially the ones available to the public.</p>

Download Full-text

A Comparison of Hazards and Efficiencies of Conventional and Adaptive Control Algorithms Using Systems-Theoretic Process Analysis

MATEC Web of Conferences ◽

10.1051/matecconf/201927302006 ◽

2019 ◽

Vol 273 ◽

pp. 02006

Author(s):

Sveinung Johan Ohrem ◽

HyungJu Kim ◽

Mary Ann Lundteigen ◽

Christian Holden

Keyword(s):

Control System ◽

Control Systems ◽

Oil And Gas ◽

Process Analysis ◽

Hazard Analysis ◽

Hazard Identification ◽

Pid Controllers ◽

Test Case ◽

Operating Region ◽

Mixed Oil

Control systems are an important and increasingly complex part of most industrial and non-industrial systems. As such, identifying and handling associated risks is increasingly important. Systems- Theoretic Process Analysis (STPA) is a relatively new hazard identification method developed to analyze modern, complex control systems. While traditional hazard analysis methods mainly focus on the failures of a system, STPA focuses on interactions among control commands and environmental conditions, so that potential non-failure problems, mainly caused by unsafe control actions, can be identified. Proportional-Integral-Derivative (PID) controllers are the most common conventional controllers (CCs) and are widely used in industry due to their simplicity. PID controllers are tuned for operation and based on the system behaviour, in a certain limited operating region. If the behavior and/or operating region of a system changes over time, the PID controller requires retuning to perform as desired and prevent loss of production, or accidents, due to inadequate control. Adaptive controllers (ACs) are able to self-adjust and adapt to changes in the system parameters and operating region, such that the overall control task is performed without the need for continuous re-tuning by an operator. The tuning of an AC is done once, at the time of implementation. This can be very helpful for both the efficiency and the safety of the control system. The interactions between the operator and the control system are reduced when the controller is able to self-adjust, potentially reducing the number of hazards. On the other hand, the complexity of ACs may introduce new kinds of hazards that do not exist when using CCs. In this paper, we compare CCs and ACs from both a control and a safety perspective using STPA. As a test case, we compare the efficiencies and hazards of a CC, and an AC applied to a pipeline-riser system subject to slug flow, a hazardous phenomenon occurring in mixed oil and gas pipes. This phenomenon is difficult to control since the behaviour changes drastically with different flow conditions.

Download Full-text

Hazard Analysis of Complex Spacecraft Using Systems-Theoretic Process Analysis

Journal of Spacecraft and Rockets ◽

10.2514/1.a32449 ◽

2014 ◽

Vol 51 (2) ◽

pp. 509-522 ◽

Cited By ~ 51

Author(s):

Takuto Ishimatsu ◽

Nancy G. Leveson ◽

John P. Thomas ◽

Cody H. Fleming ◽

Masafumi Katahira ◽

...

Keyword(s):

Process Analysis ◽

Hazard Analysis

Download Full-text

A comparison of hazard analysis methods capability for safety requirements generation

Proceedings of the Institution of Mechanical Engineers Part O Journal of Risk and Reliability ◽

10.1177/1748006x211003463 ◽

2021 ◽

pp. 1748006X2110034

Author(s):

Nanda Anugrah Zikrullah ◽

Hyungju Kim ◽

Meine JP van der Meulen ◽

Gunleiv Skofteland ◽

Mary Ann Lundteigen

Keyword(s):

Process Analysis ◽

Hazard Analysis ◽

Functional Requirements ◽

Critical System ◽

Safety Requirements ◽

Safety Critical System ◽

Analysis Methods ◽

Resilience Management ◽

Requirements Generation ◽

Software Intensive

A safety-critical system comprising several interacting and software-intensive systems must be carefully analyzed to detect whether new functional requirements are needed to ensure safety. This involves an analysis of the systemic properties of the system, which addresses the effect of the interaction between systems and system parts. The paper compares two hazard analysis methods, which are often considered well-suited for such software-intensive systems: the Functional Hazard Analysis (FHA) and Systems-Theoretic Process Analysis (STPA). The focus is on the selection and improvement of the best methods, based on the lesson learned from the comparison of FHA and STPA. The analyses cover the hazard analysis processes, systemic properties, and the criteria of requirements. The paper concludes that STPA is the better choice over FHA. Insights are obtained to align both STPA and FHA methods with the broader topic on risk management, that is, hazard analysis method improvement, cautionary thinking, uncertainty management, and resilience management.

Download Full-text