safety Article A Combinatorial Safety Analysis of Cruise Ship Diesel–Electric Propulsion Plant Blackout Victor Bolbot 1,*, Gerasimos Theotokatos 1 , Evangelos Boulougouris 1 , George Psarros 2 and Rainer Hamann 3 1 Maritime Safety Research Centre, Department of Naval Architecture, Ocean and Marine Engineering, University of Strathclyde, Glasgow G4 0LZ, UK; [email protected] (G.T.); [email protected] (E.B.) 2 DNV Group Research & Development, Maritime Transport, DNV AS, 1363 Høvik, Norway; [email protected] 3 DNV Regulatory Affairs, DNV SE, 20457 Hamburg, Germany; [email protected] * Correspondence: [email protected] Abstract: Diesel–Electric Propulsion (DEP) has been widely used for the propulsion of various ship types including cruise ships. Considering the potential consequences of blackouts, especially on cruise ships, it is essential to design and operate the ships’ power plants for avoiding and preventing such events. This study aims at implementing a comprehensive safety analysis for a cruise ship Diesel– Electric Propulsion (DEP) plant focusing on blackout events. The Combinatorial Approach to Safety Analysis (CASA) method is used to develop Fault Trees considering the blackout as the top event, and subsequently estimate the blackout frequency as well as implement importance analysis. The derived results demonstrate that the overall blackout frequency is close to corresponding values reported in the pertinent literature as well as estimations based on available accident investigations. This study deduces that the blackout frequency depends on the number of operating Diesel Generator (DG) sets, the DG set’s loading profile, the amount of electrical load that can be tripped during overload Citation: Bolbot, V.; Theotokatos, G.; Boulougouris, E.; Psarros, G.; conditions and the plant operation phase. In addition, failures of the engine auxiliary systems and Hamann, R. A Combinatorial Safety the fast-electrical load reduction functions, as well as the power generation control components, are Analysis of Cruise Ship identified as important. This study demonstrates the applicability of the CASA method to complex Diesel–Electric Propulsion Plant marine systems and reveals the parameters influencing the investigated system blackout frequency, Blackout. Safety 2021, 7, 38. https:// thus providing better insights for these systems’ safety analysis and enhancement. doi.org/10.3390/safety7020038 Keywords: CASA method; cruise ships; blackout; diesel–electric propulsion plant; safety analysis Academic Editor: Raphael Grzebieta Received: 21 February 2021 Accepted: 19 April 2021 1. Introduction Published: 14 May 2021 The ship propulsion and electric power generating functions of modern cruise ships are realised using the Diesel-Electric Propulsion (DEP) plants [1–3]. In such cases, loss of Publisher’s Note: MDPI stays neutral electric power (blackout) during the ship sailing or manoeuvring may result in a number of with regard to jurisdictional claims in published maps and institutional affil- accidents such as collision, contact and grounding, which, in turn, may cause considerable iations. human losses of passengers and crew [4] also associated with severe environmental and reputational loss consequences. As the cruise ship industry has been rapidly developing in the last decade, with both the vessels’ size and the number constantly growing [5], ensuring that blackouts do not occur is a paramount necessity. According to the International Maritime Organisation (IMO), a modified version of the Copyright: © 2021 by the authors. Failure Modes and Effects Analysis (FMEA) is required for the availability assessment of Licensee MDPI, Basel, Switzerland. the propulsion and other systems on the cruise ships following a flooding or fire accident This article is an open access article distributed under the terms and to ensure the vessel’s safe return to port (Safe Return to Port regulations) [6]. Other studies conditions of the Creative Commons for ensuring the safety of cruise ship power plants involved dynamic simulations [7,8], Attribution (CC BY) license (https:// Reliability Block Diagrams [9–11], FMEA [12–14], Fault Tree Analysis (FTA) [15–17], FTA and creativecommons.org/licenses/by/ FMEA [18], the HiP-HOPS method [19,20], System-Theoretic Process Analysis (STPA) [21–24], 4.0/). Safety 2021, 7, 38. https://doi.org/10.3390/safety7020038 https://www.mdpi.com/journal/safety Safety 2021, 7, x FOR PEER REVIEW 2 of 24 Safety 2021, 7, 38 2 of 23 FTA and FMEA [18], the HiP-HOPS method [19,20], System-Theoretic Process Analysis (STPA) [21–24], combinatory methods [25], accident investigation data [26], reachability analysiscombinatory [27], and methods Markov [25 chains], accident [28]. investigation data [26], reachability analysis [27], and MarkovThe ships’ chains DEP [28]. plants are classified as complex marine Cyber-Physical Systems (CPSs) The[29] ships’and, thus, DEP their plants software-intensive are classified as character complex marineand dynamic Cyber-Physical reconfiguration Systems functions(CPSs) [need29] and, to be thus, considered their software-intensive in the safety analysis/assessment character and dynamic[30]. According reconfiguration to pre- viousfunctions accident need investigations, to be considered the control in the and safety automation analysis/assessment system faults are [30 important]. According con- to tributorsprevious to accidentblackouts investigations, in ships [31,32]. the Thus, control it is and essential automation to quantitatively system faults assess are the important DEP system’scontributors safety toperformance blackouts intaking ships into [31 a,32ccount]. Thus, the itemployed is essential software-based to quantitatively functions assess [33–35],the DEP as well system’s as to safetyestimate performance their importan takingce metrics into account to allow the for employed a cost-efficient software-based safety enhancementfunctions [33 [36,37].–35], as well as to estimate their importance metrics to allow for a cost-efficient safetyIn this enhancement respect, the [ 36present,37]. study aims to: (a) estimate the blackout frequency for the investigatedIn this cruise respect, ship the DEP present system study for vari aimsous to: operational (a) estimate phases; the blackout (b) carry frequency out an im- for portancethe investigated analysis to cruise identify ship the DEP critical system components, for various and; operational (c) demonstrate phases; the (b) carryCASA out ap- an plicabilityimportance to a analysiscomplex tosystem. identify The the classical critical safety components, analysis and;method’s (c) demonstrate deficiencies the are CASA ad- dressedapplicability by the CASA to a complex method, system. which: (a) The identifies classical Unsafe safety Control analysis actions method’s as it deficienciesencapsu- latesare the addressed STPA steps by the(thus CASA more method, effectively which: capturing (a) identifies the Cyber-Phys Unsafeical Control System’s actions (CPS) as it software-intensiveencapsulates the character); STPA steps (b) (thus considers more effectively the sequences capturing of the thepotential Cyber-Physical safety events System’s by employing(CPS) software-intensive event sequence analysis, character); and; (b) (c) considers provides thequantification sequences ofof thethe potentialfrequency safety (or probability)events by of employing the safety-related event sequence events by analysis, employing and; quantitative (c) provides FTA. quantification of the frequencyThe original (or probability) contribution of and the safety-relatednovelty of this events study byincludes: employing (a) the quantitative quantitative FTA. es- timationThe of originalthe blackout contribution frequency and for novelty a cruise of this ship study DEP includes: plant and (a) the the associated quantitative im- esti- portancemation analyses of the blackout in a number frequency of foroperation a cruise phases; ship DEP (b) plant blackout and the frequency associated estimation importance withanalyses varying in design a number and of operational operation phases; parameters (b) blackout such as frequencyvarying Maximum estimation Continuous with varying Ratingdesign and and the operational amount of parameterstripped load; such (c) asa number varying of Maximum adaptations Continuous used with Rating the CASA and the methodamount to ofapply tripped it to load;the investigated (c) a number DEP of adaptations system. used with the CASA method to apply it to the investigated DEP system. 2. DEP System Description and Case Studies Definition 2. DEP System Description and Case Studies Definition 2.1.2.1. System System Description Description TheThe simplified simplified single single line line diagram diagram and and a system a system control control structure structure diagram diagram are are pro- pro- videdvided in inFigures Figures 1 and1 and 2,2 respectively., respectively. Design Design data data were were retrieved retrieved from from the the operating operating and and maintenancemaintenance manuals manuals of the of thesystem system components components,, the associated the associated system system drawings drawings and rel- and evantrelevant literature literature [2,38–43] [2,38 an–43d] are and provided are provided in Table in Table 1. 1. FigureFigure 1. Description 1. Description of the of the reference reference crui cruisese ship ship DEP DEP plant plant architecture. architecture. TheThe engines engines (of (of the the DG DG sets)
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages23 Page
-
File Size-