Rongyao Cai,Xiao Xv,Zhengming Lu,Kexin Zhang,Yong Liu

DOI: https://doi.org/10.1109/isas61044.2024.10552597

2024-01-01

Abstract:Fault tree analysis is the most commonly used methodology in industrial safety analysis to predict the probability or frequency of system failure. Although fault tree analysis has been proposed for more than six decades, the assumptions used in most commercial fault tree analysis codes have not changed significantly, which limits the ability of the method to represent design, operation, and maintenance characteristics in the context of the increasing complexity and specialization of modern industrial systems. The basic setup of traditional fault trees is unable to include dependencies between events, time-varying failures, and repair rate realities to explain complex maintenance strategies. To address the above shortcomings, we propose a fusion tree model combining fault tree and attack tree, and simplify the causal structure of the fusion tree by modularization, and utilize the dynamic Markov model to represent the complex coupling relationship between components or nodes. Finally, we demonstrate the calculation process of fusion tree in pressure vessel systems with temporal control.

Yukun Tian,Jianghai Li,Xiaojin Huang

DOI: https://doi.org/10.1115/icone29-93395

2022-01-01

Abstract:Abstract Cyber security risk analysis can identify and assess factors that may damage to the system such as digital instrumentation and control system of nuclear power plants. Performing cyber security risk analysis is important for instrumentation and control system of nuclear power plants because it could assess overall impacts of risks and help to identify vulnerabilities to determine next steps to address security risks. With the integration of information system and physical system, cyber security of information system and functional safety of physical system interact with each other, resulting in a type of new comprehensive security problem and introducing serious security risks. Most of the existing cyber security risk analysis methods pay more attention to cyberattacks like attack tree analysis method, Petri net method, and Bayesian network method. STPA-SafeSec is a top-down security risk analysis method focusing on the system itself based on system theory, which starts from unacceptable losses of the system and pays attention to the causal factors that produce unsafe control. In this paper, STPA-SafeSec is applied to the primary circuit pressure control system of high temperature gas-cold reactors in order to perform the hazard analysis of integrated risk assessment for both functional safety and cyber security. The application details are given and a part of the hazardous scenarios tree is obtained for the formulation of mitigation strategies.

Shaharyar Khan,Stuart Madnick,Stuart E Madnick

DOI: https://doi.org/10.1109/tdsc.2021.3093214

2021-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Recent cyber-physical attacks, such as Stuxnet, Triton etc., have invoked an ominous realization about the vulnerability of critical infrastructure, including water, power and gas distribution systems. Traditional IT security-biased protection methods that focus on improving cyber hygiene are largely impotent in the face of targeted attacks by advanced cyber-adversaries. Thus, there is an urgent need to analyze the safety and security of critical infrastructure in a holistic fashion, leveraging the physics of the cyber-physical system. System-Theoretic Accident Model & Processes (STAMP) offers a powerful framework to analyze complex systems; hitherto, STAMP has been used extensively to perform safety analyses but an integrated safety and cybersecurity analysis of industrial control systems (ICS) has not been published. This paper uses the electrical generation and distribution system of an archetypal industrial facility to demonstrate the application of a STAMP-based method – called Cybersafety – to identify and mitigate cyber-vulnerabilities in ICS. The key contribution of this work is to differentiate the additional steps required to perform a holistic cybersecurity analysis for an ICS of significant size and complexity and to present the analysis in a structured format that can be emulated for larger systems with many interdependent subsystems.

computer science, information systems, software engineering, hardware & architecture

Yong-zhong BAI,Guang-wen ZHANG,Jun-cheng JIANG

2013-01-01

Abstract:Process hazard analysis and control technology emphasize on using systematic approach to identify the hazardous,and take necessary measures to eliminate and reduce the hazards,or mitigate the accident consequences caused by the hazards.At present,the global energy and chemical enterprises all adopt characterized process hazard analysis and control technology for process safety management.In this study,an integrated process hazard analysis and control technology which included HAZOP,LOPA and Bow-Tie analysis was introduced.Taking a furnace as an example,the hazards existing in the equipments were fully analyzed and identified by HAZOP,the sufficiency of protection layers was determined by LOPA,and through Bow-Tie method,the efficient activities ensuring the designated control measures or emergency measures are still effective were identified.Therefore,the integrated process hazard analysis and control technology could change the process safety management of the enterprise from experience-based management system to systematic management system,so as to effectively avoid the occurrence of major process safety accident,and improve risk management level of enterprises.

Chenyu Jiang,Zhanyu He,Fengjun Li,Fei Xie,Licheng Zheng,Jun Yang,Ming Yang

DOI: https://doi.org/10.1002/qre.3196

2022-09-08

Quality and Reliability Engineering International

Abstract:Nowadays, the emerging digital technologies and digitalization trend in safety‐critical industrial process systems are bringing great opportunities for system performance improvements. However, new big challenges are also encountered in the reliability and safety evaluation of large complex industrial process systems due to its multi‐state, multi‐phase dynamic interactions, resilience on software and inter‐dependencies among digital components. The objectives of this study are i) to present an introductory overview of a hybrid computing framework as a supplementary to conventional fault tree analysis toolkit for risk‐oriented reliability analysis in dynamic probabilistic safety assessment context; ii) to illustrate how to combine the three methods of DDET, Markov/CCMT, and GO‐FLOW for integrated risk solutions by a case study of small‐break LOCA in nuclear power plants. Within the hybrid computing framework, the DDET model is implemented based on graph‐based search and sequence diagram refactoring by linking with Markov/CCMT and GO‐FLOW solver for branch probability estimation. The dynamic event tree model is adopted to represent the accident sequence of small‐break LOCA, where the heading events of system failure of digital RPS and phased‐mission ECCS in realization of safety‐critical functions of reactivity control and emergency core cooling are respectively modeled and analyzed by Markov chain and GO‐FLOW method. The demonstration results show that the failure analysis of complex dynamic process interactions together with time‐dependent mission reliability analysis of safety systems involved in accident prevention and mitigation can be easily implemented with accurate modeling and fast evaluation within the hybrid integration platform. The core algorithms and principles implemented for dynamic risk scenarios development by DDET, modeling, and analysis of dynamic process interactions by Markov/CCMT, time‐dependent and multi‐phase mission reliability analysis by GO‐FLOW as well as their integration to provide comprehensive solutions for the application of dynamic reliability in risk assessment are also discussed as open problems for future research.

engineering, industrial, multidisciplinary,operations research & management science

Yuchen He,Le Zhou,Zhiqiang Ge,Zhihuan Song

DOI: https://doi.org/10.1002/cjce.23102

2018-01-01

Abstract:Industrial process status can be modified according to continuous operations, which are required by different production specifications. Commonly, in a multimode process, attention was always paid to stable modes, while transitions were neglected. In a transition process, the process may be externally time varying or nonstationary so that the identification and the modelling are intractable to implement using traditional statistical methods. In this article, a transition identification and process monitoring method is proposed to handle the above problems based on a novel dynamic mutual information similarity (DMIS) analysis. Firstly, a multimode process is represented by a series of overlapping moving windows to consider the local information. In order to extract the corresponding dynamic information, each of these windows is modelled using the dynamic partial least squares (DPLS) method. Then, the mutual information algorithm is introduced to calculate the similarity between different latent variables. The hierarchical clustering method is employed to transfer the similarity information into a visualized dendrogram where the whole process, including a transition, is divided into several segments. The statistical characteristics in each segment are relatively stable and can be characterized by conventional multivariate statistical process control methods. Online identification and fault detection are then carried out for the multimode process through a series of DPLS models, established in the offline steps. The feasibility and effectiveness of the proposed method are validated by the Tennessee Eastman (TE) benchmark and a real process. The results of the proposed methods have shown superior performance compared to previous works.

Xiaoyu Jiang,Zhiqiang Ge

DOI: https://doi.org/10.1109/tai.2022.3145335

2022-01-01

IEEE Transactions on Artificial Intelligence

Abstract:With the rapid development of information technology, intelligent upgrading of the manufacturing industry has broken the closed environment of traditional industrial control systems (ICS); thus, the information security of ICS has been seriously threatened. As part of ICS, the process monitoring system (PMS) is heavily subject to external risks. Data-driven PMSs have been widely used as initial lines of defense to ensure ICS safety. Once the PMS is under attack, the consequences on the whole ICS will be unimaginable. Unfortunately, the safety issues of the PMS have received inadequate attention. This article reveals PMS’s vulnerabilities through effective attacks. A novel method called subspace transfer network (STN) is proposed to conduct adversarial and poisoning attacks on the PMS simultaneously. Then the attack task flow is defined and explained to make online adversarial attacks and data poisoning on PMS. Meanwhile, aiming at two poisoning goals, targeted and untargeted attacks of STN are designed, respectively. Finally, the PMS’s fragility is verified in two industrial benchmarks.

Sharmin Sultana,Peter Okoh,Stein Haugen,Jan Erik Vinnem

DOI: https://doi.org/10.1016/j.jlp.2019.04.005

IF: 3.916

2019-07-01

Journal of Loss Prevention in the Process Industries

Abstract:<h2>Abstract</h2><p>The process industry has experienced technological advances, such as automatic handling of hazardous substances, process equipment, and valves. High levels of automation, as well as system interactions at component and system levels, have brought new challenges to risk management. A modern process system involves multiple controllers. Even if each controller can control the process individually, an unexpected event may occur due to unintended interactions or insufficient attention to safety requirements and constraints. Recent accidents in Plymouth, UK, and Nigeria have attracted the attention of scientists, who have concluded that approaches currently being used are insufficient. A traditional hazard analysis tool, such as Hazard and Operability Studies (HAZOP) or simple reliability analysis methods such as Failure Mode and Effect Analysis (FMEA) cannot investigate the lack of complex systems properly. System Theoretical Process Analysis (STPA) is established with the aim of evaluating the safety of such complex systems. It has been used successfully in automated missiles and driving vehicles. However, the use of STPA in process industry applications is scarce. This paper is written to evaluate the feasibility of using STPA in process industry applications. A comparative analysis is conducted between STPA and HAZOP to determine whether STPA can replace traditional HAZOP or not with the help of a case study: Liquefied Natural Gas (LNG) Ship-to-Ship (STS) transfer. The results of the analysis show that STPA is complementary to traditional HAZOP. However, this conclusion is drawn based on only one specific case study (LNG STS transfer) and requires further analysis of other process applications for validation.</p>

engineering, chemical

Asim Abdulkhaleq,Stefan Wagner,Daniel Lammering,Hagen Boehmert,Pierre Blueher

DOI: https://doi.org/10.48550/arXiv.1703.03657

2017-03-10

Software Engineering

Abstract:Safety has become of paramount importance in the development lifecycle of the modern automobile systems. However, the current automotive safety standard ISO 26262 does not specify clearly the methods for safety analysis. Different methods are recommended for this purpose. FTA (Fault Tree Analysis) and FMEA (Failure Mode and Effects Analysis) are used in the most recent ISO 26262 applications to identify component failures, errors and faults that lead to specific hazards (in the presence of faults). However, these methods are based on reliability theory, and they are not adequate to address new hazards caused by dysfunctional component interactions, software failure or human error. A holistic approach was developed called STPA (Systems-Theoretic Process Analysis) which addresses more types of hazards and treats safety as a dynamic control problem rather than an individual component failure. STPA also addresses types of hazardous causes in the absence of failure. Accordingly, there is a need for investigating hazard analysis techniques like STPA. In this paper, we present a concept on how to use STPA to extend the safety scope of ISO 26262 and support the Hazard Analysis and Risk Assessments (HARA) process. We applied the proposed concept to a current project of a fully automated vehicle at Continental. As a result, we identified 24 system- level accidents, 176 hazards, 27 unsafe control actions, and 129 unsafe scenarios. We conclude that STPA is an effective and efficient approach to derive detailed safety constraints. STPA can support the functional safety engineers to evaluate the architectural design of fully automated vehicles and build the functional safety concept.

Asim Abdulkhaleq,Stefan Wagner,Nancy Leveson

DOI: https://doi.org/10.48550/arXiv.1612.03109

2016-12-09

Software Engineering

Abstract:Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis, to ensure that potential hazardous causes cannot occur. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach that has been developed to identify system hazards, including the software-related hazards. This paper presents a comprehensive safety engineering approach based on STPA, including software testing and model checking approaches for the purpose of developing safe software. The proposed approach can be embedded within a defined software engineering process or applied to existing software systems, allow software and safety engineers integrate the analysis of software risks with their verification. The application of the proposed approach is illustrated with an automotive software controller.

Yi Qi,Yi Dong,Siddartha Khastgir,Paul Jennings,Xingyu Zhao,Xiaowei Huang

2023-07-17

Abstract:Systems Theoretic Process Analysis (STPA) is a systematic approach for hazard analysis that has been used across many industrial sectors including transportation, energy, and defense. The unstoppable trend of using Machine Learning (ML) in safety-critical systems has led to the pressing need of extending STPA to Learning-Enabled Systems (LESs). Although works have been carried out on various example LESs, without a systematic review, it is unclear how effective and generalisable the extended STPA methods are, and whether further improvements can be made. To this end, we present a systematic survey of 31 papers, summarising them from five perspectives (attributes of concern, objects under study, modifications, derivatives and processes being modelled). Furthermore, we identify room for improvement and accordingly introduce DeepSTPA, which enhances STPA from two aspects that are missing from the state-of-the-practice: (i) Control loop structures are explicitly extended to identify hazards from the data-driven development process spanning the ML lifecycle; (ii) Fine-grained functionalities are modelled at the layer-wise levels of ML models to detect root causes. We demonstrate and compare DeepSTPA and STPA through a case study on an autonomous emergency braking system.

Software Engineering

Chris Carpenter

DOI: https://doi.org/10.2118/0824-0079-jpt

2024-08-01

Journal of Petroleum Technology

Abstract:_ This article, written by JPT Technology Editor Chris Carpenter, contains highlights of paper OTC 35396, “Industrial Cybersecurity, Process Safety, and Human Factors: A Comprehensive 360° Approach,” by Pedro F. Vieira, Lenissa P. Hilgert, and Ilton Majerowicz, Petrobras. The paper has not been peer reviewed. Copyright 2024 Offshore Technology Conference. _ The complete paper presents an integrated view of three key areas of knowledge that are typically addressed individually—cybersecurity, process safety, and human factors—from the perspective of cybersecurity. It discusses information technology (IT) and operations technology (OT) dimensions during the phases of a project: engineering design, procurement, construction and assembly, commissioning, and operation. It also proposes a strategy for implementing such an approach in the oil and gas industry. _ With the aim of forming a holistic safety and security vision, the authors propose a unified analysis integrating cybersecurity, process safety, and human factors, focusing on their interfaces and opportunities presented by risk analysis and the convergence of business procedures. This is referred to in the proposed approach as a high-level integration layer, or the “strategic (outer) circle.” The combination of two concentric circles—strategic (outer) and operational (inner)—forms what the authors term a 360° approach. The Strategic (Outer) Circle The outer circle illustrates the strategic-level interfaces between key processes of cybersecurity, process safety, and human factors from a cybersecurity perspective. Cybersecurity/Process Safety Interface. Integration of Cybersecurity Into Process Safety Management Risk Analyses. One of the most practical examples of integration of cyber/physical attack scenarios into classical risk analyses is the use of layers-of-protection analysis and awareness of degradation of safety integrity level (SIL) barriers. An SIL is used to determine the required performance level of safety-instrumented functions (SIFs) to achieve the required risk reduction. The SIL of an SIF produces a risk-reduction factor that helps calculate the final total risk of a given scenario. Another opportunity to make this integration visible from the beginning of the engineering design is during the hazard and operability (HAZOP) study. The HAZOP study uses guidewords, standardized terms used to stimulate thinking about possible deviations in the established process. The idea is to create new words related to cybersecurity issues in the industrial-automation substrate, such as “data uncertain” (the data may have been corrupted) or “data unavailable” (the last available data is old). Special Cybersecurity Zone for Production-Critical Equipment. It is advisable that the zone and conduit analysis within the ISA/IEC 62443 framework consider segregating assets into distinct cybersecurity zones based on their operational continuity significance within the facility. For instance, a gas-export compressor, typically lacking redundancy, can halt a plant’s production, requiring secondary shutdowns of other systems. Therefore, by establishing a production-critical systems zone within the cybersecurity analysis, the availability of critical equipment and general operational availability can be ensured, and potential secondary effects of shutdowns and restarts can be mitigated. Cyber/Physical Integrated Incident-Response Program. Typically, incident-response programs are disjointed between cybersecurity and process safety, resulting in delays in digital responses to issues that have physical consequences. The formal inclusion of cybersecurity as a technical discipline in any process-safety incident-response program is essential and should be achieved even if it is discarded in the beginning of the analysis of a particular incident.

Zhichao He,Chao Chen,Wenguo Weng

DOI: https://doi.org/10.1016/j.jlp.2021.104672

IF: 3.916

2022-01-01

Journal of Loss Prevention in the Process Industries

Abstract:Multi-hazard accidents in process industries, which can cause more severe consequences compared to individual accidents, have gained growing attention from administrators and scholars in recent years. With the development of process industries and the expansion of the urban area, high-risk zones may emerge in densely populated areas. Accurate risk assessment of the multi-hazard accidents in process industries is essential for protecting properties, human life, and the environment. This study reviews past studies on the risk assessment of three types of multi-hazard accidents in process industries: Natech events, domino effects, and concurrent hazards. The development trends of risk assessment of multi-hazard accidents are analyzed and the research gasps of past research are identified. Based on the identified gaps in previous research, future perspectives on multi-hazard research in process industries are discussed. To improve the assessment methods for multi-hazard risks, more advanced basic models and applicative risk analysis methods are required. Considering multi-hazard interactions and other factors are also important for process plants against multi hazards. This study can potentially contribute to developing better risk assessment models of multi-hazard accidents and therefore safer and resilient process industries.

Bulut Ozan Ceylan,Çağlar Karatuğ,Emre Akyuz,Yasin Arslanoğlu,Georgios Boustras

DOI: https://doi.org/10.1016/j.ssci.2023.106232

IF: 6.392

2023-06-29

Safety Science

Abstract:This paper is aimed to propose a hybrid accident analysis framework for complex engineering systems based on methods of the systems theoretic accident model and process (STAMP), failure modes and effects analysis (FMEA), and analytic hierarchy process (AHP). Within the scope of the proposed model, initially, an accident is qualitatively analyzed by identifying safety constraints, constructing a hierarchical control process, and specifying links between unsafe activities. As a second step, failure modes, their causes, and their consequences are determined. Lastly, the risk scores of each failure mode are calculated by analysis of obtained expert judgments. In this step, as different from the conventional FMEA, results are calculated based on the weight scores that are found according to the AHP approach of each accident factor. For the demonstration stage, a real case study is performed to present the effectiveness of the strategy. It is observed that the proposed approach allows analyzing the accident more specifically by defining each relationship between factors and root causes corresponding to the accident and prioritizing them based on the weights, which are assigned according to the accident's nature. In addition, it may be adapted for different complex engineering systems as well as it is a suitable and useful model for the accident analysis associated with smart ship concepts.

engineering, industrial,operations research & management science

Simon Diemert,Jens H. Weber

2023-04-02

Abstract:Self-adaptive systems are able to change their behaviour at run-time in response to changes. Self-adaptation is an important strategy for managing uncertainty that is present during the design of modern systems, such as autonomous vehicles. However, assuring the safety of self-adaptive systems remains a challenge, particularly when the adaptations have an impact on safety-critical functions. The field of safety engineering has established practices for analyzing the safety of systems. System Theoretic Process and Analysis (STPA) is a hazard analysis method that is well-suited for self-adaptive systems. This paper describes a design-time extension of STPA for self-adaptive systems. Then, it derives a reference model and analysis obligations to support the STPA activities. The method is applied to three self-adaptive systems described in the literature. The results demonstrate that STPA, when used in the manner described, is an applicable hazard analysis method for safety-critical self-adaptive systems.

Systems and Control,Software Engineering

Jinping Liu,Wuxia Zhang,Tianyu Ma,Zhaohui Tang,Yongfang Xie,Weihua Gui,Jean Paul Niyoyita

DOI: https://doi.org/10.1016/j.eswa.2020.113578

IF: 8.5

2020-11-01

Expert Systems with Applications

Abstract:<p>Industrial Cyber-physical systems (ICPSs), integrating communication, computation and control of industrial processes are referred to as a core technology to approach the <em>Industry 4.0</em>. Ensuring the ICPS security is of paramount importance in smart manufacturing. Considering the characteristics of large-scale, geographically-dispersed and multi-dimensional heterogeneous, federated and life-critical natures of ICPSs, this paper investigates a hierarchically distributed intrusion detection scheme that seeks to achieve the all-round safety protection of ICPSs according to the system structure and attacking types of each ICPS layer. For physical system-relevant perceptual executive layer, potential and covert attacks are detected by the clustered sensory system state residual anomaly monitoring based on a process noise and measurement noise-adaptive Kalman filter (PNMN-AKF). PNMN-AKF can perform a joint recursive estimation of dynamic system states, time-varying process and measurement noise covariance matrices by the variational Bayes approximation framework. In cyberspace, potential cyber-attacks are detected by the anomaly monitoring of the statistical distribution of the network transmission characteristics of data transmission layer by introducing a forgetting factor-induced recursive Gaussian mixture model (FF-RGMM). In the application control layer, a regularized sparse deep belief network model is introduced to characterize the misuse behavior for detecting potential attacks. Extensive validation and comparative experiments have been conducted on a numerical simulation system and a comprehensive ICPS simulation platform by using OPNET and a commonly-used benchmark simplified Tennessee Eastman process (STEP) based on Matlab/Simulink. Experimental results demonstrate that the proposed hierarchically distributed intrusion detection method can efficiently recognize potential and covert cyber-attacks in each ICPSs link with low false alarm rate and missing detection rate, which lays a foundation for the overall security monitoring of ICPSs.</p>

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Tao Liu,Bowen Yang,Qi Li,Jin Ye,Wenzhan Song,Peng Liu

DOI: https://doi.org/10.48550/arXiv.2109.12774

2021-09-27

Abstract:Information flows are intrinsic properties of an multi-stage manufacturing systems (MMS). In computer security, a basic information flow tracking technique is dynamic taint analysis (DTA). DTA tracks taint propagation from one data variable (e.g., a buffer holding a HTTP request) to another. Taint propagation paths are typically determined by data flows and implicit flows in a computer program. And the union of all the taint propagation paths forms a taint graph. It is clear that taints graphs could significantly enhance intrusion diagnosis. However, the existing DTA techniques cannot be directly used in an MMS, and a main reason is as follows: Without manufacturing-specific taint propagation rules, DTA cannot be implemented. In this work, we conduct a case study which (a) extends the existing DTA method with manufacturing-specific taint propagation rules, and (b) applies the extended method to perform preliminary intrusion diagnosis with a small-scale test-bed.

Cryptography and Security

Ji Ge,Yu-Yuan Zhang,Kai-Li Xu,Ji-Shuo Li,Xi-Wen Yao,Chun-Ying Wu,Shuang-Yuan Li,Fang Yan,Jin-Jia Zhang,Qing-Wei Xu

DOI: https://doi.org/10.48550/arXiv.2105.04340

2021-05-10

Abstract:Major accidents (e.g., the Space Shuttle Challenger disaster in the USA, the Bhopal Disaster in India, Fukushima nuclear accident in Japan, Tianjin Port fire and explosion accident in China) have occurred all over the world. Safety scientists are always trying to understand why these accidents happened and how to prevent these accidents. Accident models and theories form the basis for many safety research fields and practices such as investigation of accidents, design of a safer system and decision making on safety related field. There is no universally accepted model with useful elements relating to understanding accident causation, although many accident causation models exist. Based on STAMP and RMF, we proposed a new theory named the Interaction Theory of Hazard-Target System (ITHTS) that incorporate human, organisational and technological characteristics in the same framework. Accident analysis methods provide the necessary information to analysis the accident in a specific setting. In order to solve the issues that current accident analysis methods still face, we proposed a new systemic accident analysis method based on ITHTS and STPA. We choose Tianjin Port fire and explosion accident in China as a case study to demonstrate the viability of the Interaction Theory of Hazard-target System and the applicability of the new accident analysis method. It is concluded that ITHTS can explain the phenomena in safety practice and the new accident analysis method can be application in the explanation and analysis of major accident.

Systems and Control

Qianlin Wang,Shicheng Chen,Feng Chen,Jianwen Zhang,Liangchao Chen,Jinghai Li,Zhan Dou

DOI: https://doi.org/10.1016/j.cherd.2024.02.049

IF: 4.119

2024-04-01

Chemical Engineering Research and Design

Abstract:At present, chemical accidents have occurred frequently with disastrous consequences. In order to effectively prevent chemical accidents and their secondary disasters, it is urgent to develop detailed risk assessment for chemical processes. However, traditional methods tend to ignore the dynamic correlation coupling of chemical processes and devices; this results in the assessment results having poor accuracy. Therefore, a dynamic assessment method for risk evolution in chemical processes based on MFM-HAZOP-FDBN is proposed in this study. First, multilevel flow model (MFM) is established according to the transfer paths of material flow and energy flow in a chemical process, and further combined with hazard and operability analysis (HAZOP) to form the functional HAZOP technology. Second, risk identification results from the MFM-HAZOP are applied as the input of a fuzzy dynamic Bayesian network (FDBN); the device states and process errors are used as dynamic and static nodes of FDBN to present the risk propagation and evolution mechanism in the chemical process, respectively. Finally, the dynamic risk evolutionary trend throughout the chemical process is assessed quantitatively by determining the occurrence likelihood and consequence severity based on the risk matrix. The BP America (Texas City) refinery explosion is taken as a case study. Results show that the proposed method can provide a detailed characterization and dynamic assessment of risk evolution in the chemical process and the assessment results are more reasonable and effective.

engineering, chemical

Kaixing Huang,Chunjie Zhou,Yu-Chu Tian,Shuanghua Yang,Yuanqing Qin

DOI: https://doi.org/10.1109/tie.2018.2798605

IF: 7.7

2018-10-01

IEEE Transactions on Industrial Electronics

Abstract:Industrial cyber-physical systems (ICPSs) are widely applied in critical infrastructures such as chemical plants, water distribution networks, and power grids. However, they face various cyberattacks, which may cause physical damage to these industrial facilities. Therefore, ensuring the security of ICPSs is of paramount importance. For this purpose, a new risk assessment method is presented in this paper to quantify the impact of cyberattacks on the physical system of ICPSs. This method helps carry out appropriate attack mitigation measures. The method uses a Bayesian network to model the attack propagation process and infers the probabilities of sensors and actuators to be compromised. These probabilities are fed into a stochastic hybrid system (SHS) model to predict the evolution of the physical process being controlled. Then, the security risk is quantified by evaluating the system availability with the SHS model. The effectiveness of the proposed method is demonstrated with a case study on a hardware-in-the-loop simulation test bed.

automation & control systems,engineering, electrical & electronic,instruments & instrumentation