PhD Throwback Series

Previously...

Part #1 was about the big picture of my research. In that article, I explained the relationship between socio-technical systems, safety and risk awareness, draw architectures of repetitive control loops to model complex socio-technical systems and introduced RiskSOAP; a multivariable indicator for the quantitative assessment of systems performance.

Part #2 - Road Tunnel Safety

In this article, I briefly present the results of the application of RiskSOAP to a road tunnel and compare them against different configurations of the same system.

Intro

Complex socio-technical systems can be designed and developed with specific elements that positively impact the capability of their agents (i.e. decision makers/ process controllers) to recognise imminent threats or vulnerabilities, also known as risk Situation Awareness (SA) capability.

The main research objective is to test the soundness and applicability of RiskSOAP in transport infrastructure systems, which are advanced in terms of technology, human interaction and safety requirements imposed by national and international regulatory bodies.

The case study

RiskSOAP is applied to an existing road tunnel located in a non-urban mountain area in Greece. The value of the indicator is calculated twice: (a) for the ‘as-is’ system configuration, which only complies with elementary tunnel safety requirements and (b) for the configuration, incorporating the most recent European safety standards and PIARC (World Road Association) recommendations.

The derived values reflect the extent to which, for each configuration, the agent is aware of the threats and vulnerabilities according to the elements each system configuration consists of. The analysis shows that the tunnel version that complies with the European safety standards and PIARC recommendations has enhanced risk SA and safety compared to the system as-is. There is still, however, room to enrich the safe design and better plan for the maintenance of the road tunnel.

A systems-theoretic methodology

RiskSOAP is a methodology for measuring the system’s capability to sense and comprehend its threats and vulnerabilities and, in turn, deter accidents. It is based on the comparison between system configurations that differ in the elements that affect the risk SA capability.

The methodology goes through three main stages: (1) define the ‘ideal’ design version of the system, (2) identify the real/as-is version, (3) employ a comparative analysis to calculate the distance between the two and interpret the value obtained. Figure 1 provides an overview of the three phases that make up RiskSOAP.

Figure 1. The RiskSOAP phases

The methodology is founded on three existing approaches, though combined in a unique way; these are: (1) the STAMP Based Process Analysis (STPA) (Leveson 2011) and (2) the Early Warning Sign Analysis based on the STPA (EWaSAP) approach (Dokas et al. 2013), which both define the elements and the characteristics that a system should ideally incorporate, and (3) a binary dissimilarity measure (Zhang and Srihari 2003) to depict the distance between the different system designs.

The safety control structure

In Figure 2, the black dashed arrows emanating from the one system element to the other depict the control actions that controllers at higher hierarchical levels (e.g. Road Tunnel Manager & Safety Officer) impose on controllers being lower than them (e.g. Tunnel Operator). There are also awareness actions, for example, the Tunnel Operator transmits warnings about the presence of signs of fire to the Emergency Services via warning transmitters. The arrows with the continuous line represent feedback actions, which assist controllers in maintaining accurate process models and being aware of the ongoing situation in a timely manner.

Figure 2. Control structure for a typical road tunnel

The considered tunnel integrates three system controllers, located in three different hierarchical levels: (a) the Road Tunnel Manager & Safety Officer at the higher hierarchical level, (b) the Tunnel Operator in the middle, and (c) the SCADA/TMS (Supervisory Control And Data Acquisition/ Telecoms Monitoring Systems), which is the only automated controller and operates at the lower hierarchical level. There is also a remote controller, which belongs to the outer environment of the tunnel and comes into service only in case of an emergency, i.e. the Emergency Services. Traffic signals and jet fans are the actuators of the tunnel and execute the commands coming either from the Tunnel Operator or the SCADA/TMS. Their purpose is to bring the tunnel conditions under control; that is, the controlled process is the traffic within and close to the road tunnel. Finally, the sensors provide appropriate data to the controllers. The complex links of responses and feedback are important in preserving the system’s risk SA.

Findings

For all three controllers, 113 safety requirements and 78 sensor characteristics are identified by taking the STPA and EWaSAP steps respectively. The total of 191 system elements comprise the ideal system configuration, which is then compared against (a) the system configuration designated by the European safety standards and PIARC recommendations and (b) the as-is system. The results of the analysis are summarised in Table 1.

Table 1. Overall quantitative results for the different tunnel configurations

RiskSOAP is a normalised dissimilarity measure with the minimum dissimilarity being 0, i.e. indicator value inversely proportional to the risk SA capability. Accordingly, when the dissimilarity of the two compared binary vectors tends to 1, then the vectors are almost completely dissimilar.

For more details on the analysis you can read:

Chatzimichailidou, M.M. and Dokas, I.M., 2016. RiskSOAP: Introducing and applying a methodology of risk self-awareness in road tunnel safety. Accident Analysis & Prevention, 90, pp.118-127.

Conclusions

The RiskSOAP value obtained after comparing the ideal system vector to the original is 0.6007, while the value obtained after comparing the ideal vector to the one suggested by the European Directive and PIARC is equal to 0.3319. A general conclusion to be drawn is that both system configurations have less enhanced risk SA capabilities compared to the 1st one, as they both deviate from the ideal 0 value.

Another direct conclusion is that the tunnel design recommended by the European Directive and PIARC has a more enhanced risk SA capability than the original one. The practical meaning of this is that the controllers of the system abiding by the European Directive and PIARC is more capable of detecting and preventing a hazard than the controllers of the original system. In other words, the as-is system is the most vulnerable due to its low risk SA, as the two RiskSOAP values differ by 0.2688 (last row Table 1).

Added value

RiskSOAP offers safety practitioners a new perspective on safety-driven design, operation and maintenance. The indicator can be used as a selection criteria between alternative design configurations of road tunnels or any other transportation system and complex socio-technical system in general. The design that scores the lowest RiskSOAP value has the greatest potential for selection, as it has the highest risk SA capability. RiskSOAP can also serve as a decision-making tool between design options and system improvements. For instance, a deterioration in the value of the indicator over the operation period of the system is an early warning that modifications in the system’s composition are required in order to rectify the degradation of the risk SA and safety. Simply put, the more the indicator increases, the closer the system gets to an unwelcome situation. Thus, modifications to the system’s composition may hinder accidents/incidents and accelerate the system ‘s recovery from perturbations.

References

[1] Dokas, I. M., Feehan, J., & Imran, S. (2013). EWaSAP: An early warning sign identification approach based on a systemic hazard analysis. Safety Science, 58, 11-26.

[2] European Commission (2004). Directive 2004/54/EC of the European Parliament and of the Council of 29 April 2004 on minimum safety requirements for tunnels in the Trans-European Road Network, OJ L 167 of 30/04/2004 p. 39 corrigendum OJ L 201 of 07/06/2004, p. 56. European Commission, Brussels.

[3] Leveson, N. (2011). Engineering a safer world: Systems thinking applied to safety. Mit Press.

[4] PIARC, 2007, Integrated Approach to Road Tunnel Safety, World Road Association (PIARC), France.

[5] PIARC, 2008a. Risk Analysis for Road Tunnels. World Road Association (PIARC), France.

[6] PIARC, 2008b, Human factors and road tunnel safety regarding users, World Road Association (PIARC), France.

[7] Zhang, B., & Srihari, S. N. (2003, September). Properties of binary vector dissimilarity measures. In Proc. JCIS Int’l Conf. Computer Vision, Pattern Recognition, and Image Processing, (Vol. 1).