Dependability

The operating phase of a ship’s Integrated Power System (IPS) is characterized by two fundamental aspects: service and safety. The former can be defined as the set of functions performed by the IPS, while the latter can be defined as the ability of the IPS to not damage people, things, or the environment.

Safety is a matter of top priority, as can be seen from the release of the Safe Return to Port (SRtP) standard.

The correct service of an IPS is defined as the service that the IPS is expected to perform. Deviations from correct service lead to service degradation, with adverse consequences for the system operations.

In recent times, designers and builders have paid more attention to providing correct service, especially in industry and transportation applications, in which fault and failure impacts are significant.

The correlation between safety and correct service is clear and evident. These two topics have thus been unified in the dependability theory. This theory makes it possible to state the level of trust that can be placed in the system’s correct service. It is more complex than considering only the safety aspect: it gives comprehension greater understanding of how the system behaves.

Partial decomposition of a ship’s IPS using the “piece numbers” hypothesis.

Dependability has not yet been formally defined as a theory. Specialized literature is extensive, but it is restricted to safety-critical systems (such as space exploration, nuclear and chemical plants or air transportation) and tends to develop different definitions depending on the area of application.

The system’s dependability level is reduced by threats, called faults and failures, occurring during IPS operation. Various fault and failure types can happen in an IPS. They vary from a single component fault (normally caused by ageing), to a complete subsystems failure (normally caused by flooding or fire). Flooding and fire are the most critical threats, because they have a significant impact on navigation safety. Due to that, these two threats are considered carefully in the standards and rules, which establish guidelines to mitigate or remove the harmful consequences.

However, even a single-component fault could compromise the correct service of the entire system. In order to deal organically and systemically with these events and counteract their effects, procedures and operations recommended by the dependability theory have to be applied. These have the aim of assuring service continuity, or at least a downgraded service sufficient to conclude the ship’s mission.

The dependability level is measured through probabilistic parameters, called attributes, of which reliability is the most widely used.

Dependability-improving techniques can be applied directly during the design process (if the dependability approach is chosen at an early stage), during the design verification (if the dependability approach is chosen at a late stage), or after the system’s construction (if the scope is the dependability evaluation of an existing system).

If the dependability rules are applied during the design phase, significant improvements can be gained, thanks to the drastic interventions that can be made on the IPS. This requires the complete revision of the design procedure, by carrying out the following additional activities:

1. analysis of the IPS conceptual scheme;
2. decomposition of the IPS structure into elementary components, organized in layers according to a functional dependence logic;
3. identification of the possible threats, based both on the designer experience and on fault history statistics (if existing);
4. qualitative analysis of the fault propagation and its aftermath;
5. quantitative determination of the IPS dependability level (for example by assessing the system reliability), starting from the elementary components’ failure rates;
6. identification of threats to the system’s dependability, paying attention to their functional correlation with the other elements in the various layers;
7. choice of the improvement techniques, based on fault prevention and fault tolerance techniques;
8.  verification of the dependability level of the modified IPS, achieved by recalculating the system’s reliability and/or other dependability attributes.

The activities developed during the MVDC Large Ship project focused on the above points. The specific actions analysed are those illustrated in points a, b, c, d, e, and f (partially).

The aim of this section of the project was to guide the designers through their first exploration of the dependability theory. This was done by showing them the fundamentals of dependability, analysis and improvement techniques, and showing them how to apply their new knowledge to a ship’s IPS .

Fault Tree of a ship’s power station.

After the analysis of a notional IPS (point a), a decomposition technique was proposed (point b), until the so-called “piece numbers” were reached. Some of the faults were hypothesized (point c) and various analysis techniques were examined and applied to the decomposed IPS. In particular, two qualitative techniques were used: the “Fault Tree Analysis” (FTA) and the “Failure Mode and Effect Analysis” (FMEA) (point d). Two quantitative techniques were also studied: the “Reliability Block Diagram” (RBD) and the “Dynamic Reliability Block Diagram” (DRBD), used to determine the dependability level (point e).

This dependability-oriented design process illustrates how to detect dependability threats, and how to operate on the IPS in such a way as to obtain an adequate IPS dependability level. As a consequence, the safety of the IPS can also be assured. This is achieved by avoiding the propagation of faults and failures from a single component to the entire IPS. Restricting the effects of a fault to a limited area will prevent the launch of major safety procedures (like SRtP), which could compromise the ship’s mission.