A Safety Analysis of LNG Ship-to-ship Transfer System Based on a STAMP/STPA Model
-
摘要: 针对LNG船对船过驳作业具有高危险性和高复杂性的特点, 探究在作业过程中其复杂系统部件发生异常交互的安全性问题, 基于系统理论和控制理论构建LNG船对船过驳系统的STAMP控制关联模型, 将船对船过驳系统拆分为多个层次结构, 形成约束控制和反馈, 并采用系统理论过程分析STPA方法, 识别过驳作业中的系统级事故、系统级危险, 以及潜在的不安全控制行为, 构建考虑了人工控制器的过驳系统致因场景分析模型, 从系统控制缺陷、反馈缺陷和协调缺陷3个方面提出了系统中的22个致因因素。结果表明, LNG过驳系统中潜在致因因素众多, 传感器系统失效、控制阀失效和操作员人为因素等是引发多个系统级危险的重要原因, 并从致因因素出发提出安全控制措施。该方法应用于具有人、软件、设备等大量交互的船舶过驳动态作业中, 不仅克服了仅关注关键部件故障和不能包含系统动态行为的局限性, 同时还考虑到系统中未发生故障组件之间的不安全交互相关问题。Abstract: Given the high risk and complexity of LNG ship-to-ship transfer operations, the safety problem of abnormal interaction of complex system components during operation is studied. A system-theoretic accident model and process(STAMP)control association model of the LNG ship-to-ship transfer system is constructed based on system theory and control theory splitting the ship-to-ship transfer system into multiple hierarchical structures to form constrained control and feedback. The system theoretic process analysis(STPA)method is adopted to identify system-level accidents, system-level hazards, and potential unsafe control behaviors in transfer operations. A causal scenario analysis model considering manual controllers is developed, and 22 causal factors in this system are proposed from system control defect, feedback defect, and coordination defect. The results show many potential causes in the LNG transfer system. Sensor system failure, control valve failure, and operator human factors are important causes of multiple system-level hazards, and safety control measures are proposed from the causal factors.This method is applied to the dynamic operation of ship transfer with a large number of interactions among people, software, and equipment, considering the non-faulty components in the system and overcoming the limitation of focusing on the failure of key components and excluding the dynamic behavior of the system.
-
Key words:
- transport safety /
- LNG ship /
- STS transfer /
- safety analysis /
- STAMP model /
- STPA analysis
-
图 5 LNG船对船过驳系统压力控制过程模型的控制结构图
Figure 5. Control structure of the pressure control process model of the LNG ship-to-ship transfer system
表 1 LNG船对船过驳作业过程的系统级事故
Table 1. System-level accidents during LNG ship-to-ship transfer operation
序号 事故 A-1 人员受伤或死亡 A-2 船体受损 A-3 传输系统受损 
下载: 导出CSV
表 2 LNG船对船过驳系统的系统级危险
Table 2. System-level hazards of the LNG ship-to-ship transfer system
序号 系统级危险 系统级事故 H-1 管内压力过高 A-1,A-2,A-3 H-2 管内流速过高 A-1,A-2,A-3 H-3 液货舱液位超过液货舱最高限制液位 A-1,A-2 H-4 系统内高温 A-1,A-2,A-3 H-5 LNG泄漏 A-1,A-2,A-3
下载: 导出CSV
表 3 LNG船对船过驳系统中不安全控制行为
Table 3. Unsafe control behaviors in the LNG ship-to-ship transfer system
控制行为 没有提供控制导致危险 提供了不充分控制导致危险 过早/过晚提供控制导致危险 控制过早停止或控制时间过长 对应系统级危险 启动泄压阀 当压力/温度超过最大限值时泄压阀门没有激活 当压力/温度超过最大限值时,泄压阀打开不充分 在监测到高温/高压后,泄压阀门打开过晚 没有危险 H-1 检查法兰密封性 未进行法兰的密封性的常规维修检查 法兰检查疏忽 N/A N/A H-5 启动ERS 泄漏发生没有启动ERS应急切断软管 N/A LNG泄漏发生后,ERS启动过晚 N/A H-1, H-2, H-3, H-5 启动ESD系统 紧急情况发生没有启动ESD系统 N/A 应急情况发生后,ESD启动过晚 N/A H-1, H-2, H-3, H-5 检查传感器 未进行传感器功能的常规维修检查 检查传感器疏忽 N/A N/A H-1, H-2, H-3, H-4 启动灭火系统 失火时火灾保护系统没有激活 没有危险 失火后,火灾保护系统激活过晚 火灾熄灭之前火灾保护系统关闭 H-4, H-5 检查管道的绝缘 绝缘法兰未检查导致未起到保护作用 检查法兰疏忽 N/A N/A H-5 检查阀门 未进行阀门的常规维修检查 检查阀门疏忽 N/A N/A H-1, H-2 控制泵的流速 泵的速度没有控制 泵的速度未控制到位 流速超过限定范围时泵控制过晚 N/A H-2 检查系统的泄漏 未检查系统的泄露情况 检查泄漏疏忽 N/A N/A H-5 防止系统泄漏 没有泄漏保护措施 泄漏保护措施不充分 泄漏保护措施提供过晚 泄漏未停止,保护措施提前结束 H-5 调节控制阀 流速超过限定范围时控制阀没有控制流速 流速控制不到位 流速超过限定范围时流速控制过晚 没有危险 H-2
下载: 导出CSV
表 4 管内高压致因因素和场景
Table 4. Causes and scenarios of high pressures in the pipe
不安全控制行为 致因因素 致因场景分析模型中的位置 管内压力超过最高限制,泄压阀未激活 压力传感器失效 传感器 泄压阀失效 执行器 信息传递错误 控制过程 自动激活系统关闭 逻辑控制器 决断错误 操作室控制器 电力系统断电 控制过程 由于工作压力操作员没有操作 操作室控制器 现场操作人员无法看见/听见传感器信息 传感器 现场操作员未能按流程操作 现场控制器
下载: 导出CSV
表 5 致因因素分析结果
Table 5. Cause analysis results
序号 致因因素 对应系统级危险 序号 致因因素 对应系统级危险 1 传感器系统失效 H-1, H-2, H-3, H-4 12 操作员未能按流程操作 H-1, H-2, H-3, H-4, H-5 2 控制阀失效 H-1, H-2, H-4, H-5 13 维修检查手册范围不足 H-1, H-2, H-3, H-4, H-5 3 潜液泵机械故障 H-2, H-3, H-4 14 管道腐蚀 H-5 4 ESD系统失效 H-1, H-2, H-3, H-5 15 管道老化 H-5 5 ERS失效 H-1, H-2, H-3, H-5 16 操作人员疏忽检查工作 H-1, H-3, H-4, H-5 6 自动激活系统关闭 H-1, H-2, , H-4, H-5 17 操作训练不到位 H-1, H-3, H-4, H-5 7 逻辑控制器故障 H-1, H-2, H-3, H-4 18 信息传递错误 H-1, H-2, H-3, H-4 8 操作员决断错误 H-1, H-2, H-3, H-4 19 设备维修不到位 H-1, H-2, H-4, H-5 9 电力系统断电 H-1, H-3, H-4, H-5 20 保护措施不到位 H-5 10 传感器信息无法获取 H-1, H-2, H-3, H-4 21 灭火系统故障 H-4, H-5 11 操作员压力大 H-1, H-2, H-3, H-4 22 监督不足 H-1, H-2, H-3, H-4, H-5
下载: 导出CSV
-
[1] OUDDAI R, CHABANE H, BOUGHABA A, et al. The skikda LNG accident: losses, lessons learned and safety climate assessment[J]. International Journal of Global Energy Issues, 2012, 35(6): 518-533. doi: 10.1504/IJGEI.2012.051691 [2] SUN B, GUO K, PAREEK V K. Hazardous consequence dynamic simulation of LNG spill on water for ship-to-ship bunkering[J]. Process Safety and Environmental Protection, 2017(107): 402-413. http://www.onacademic.com/detail/journal_1000039847562710_e5d7.html [3] XIE C, DENG J, ZHUANG Y, et al. Estimating oil pollution risk in environmentally sensitive areas of petrochemical terminals based on a stochastic numerical simulation[J]. Marine Pollution Bulletin, 2017, 123(1/2): 241-252. http://www.sciencedirect.com/science/article/pii/S0025326X1730721X [4] 程康, 甘少炜, 范洪军, 等. LNG运输船船对船过驳安全性评估[J]. 船海工程, 2017, 46(6): 54-57. doi: 10.3963/j.issn.1671-7953.2017.06.012CHENG Kang, GAN Shaowei, FAN Hongjun, et al. Study on safety assessment method of LNG ship to ship transfer[J]. Ship and Ocean Engineering, 2017, 46(6): 54-57. (in Chinese). doi: 10.3963/j.issn.1671-7953.2017.06.012 [5] 张文芬, 严新平. 基于事故树法的船舶动力电池充换电安全分析[J]. 交通信息与安全, 2018, 36(6): 39-46. doi: 10.3963/j.issn.1674-4861.2018.06.006ZHANG Wenfen, YAN Xinping. A study of chargingsafety of battery-powered ship based on fault tree analysis[J]. Journal of Transport Information and Safety, 2018, 36(6): 39-46. (in Chinese). doi: 10.3963/j.issn.1674-4861.2018.06.006 [6] VANEM E, ANTAO P, ØSTVIK I, et al. Analysing the risk of LNG carrier operations[J]. Reliability Engineering & System Safety, 2008, 93(9): 1328-1344. http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=9FC3817F32D639FDABF279D0E2264A6F?doi=10.1.1.670.3303&rep=rep1&type=pdf [7] 陈星星. 基于故障树理论的LNG船舶装卸货泄漏事故风险评估[D]. 舟山: 浙江海洋大学, 2017.CHEN Xingxing. Risk assessment of LNG carriers leakage during loading and unloading operation based on FTA[D]. Zhoushan: Zhejiang Ocean University, 2017. (in Chinese). [8] 张帆, 周涂强. 基于FSA的LNG燃料动力船过闸安全性[J]. 中国航海, 2016, 39(2): 82-86. doi: 10.3969/j.issn.1000-4653.2016.02.019ZHANG Fan, ZHOU Tuqiang. Safety assessment of LNG fuel ship passing through Three Gorges Dam lock based on FSA[J]. Navigation of China, 2016, 39(2): 82-86. (in Chinese). doi: 10.3969/j.issn.1000-4653.2016.02.019 [9] 郑磊, 胡剑波. 基于STAMP/STPA的机轮刹车系统安全性分析[J]. 航空学报, 2017, 38(1): 241-251. https://www.cnki.com.cn/Article/CJFDTOTAL-HKXB201701022.htmZHENG Lei, HU Jianbo. Safety analysis of wheel brake system based on STAMP/STPA[J]. Acta Aeronautica et Astronautica Sinica, 2017, 38(1): 241-251. (in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-HKXB201701022.htm [10] 孟祥坤, 陈国明, 张肖锦, 等. 深水井控STAMP/STPA安全性分析[J]. 中国石油大学学报(自然科学版), 2019, 43(2): 131-139. doi: 10.3969/j.issn.1673-5005.2019.02.016MENG Xiangkun, CHEN Guoming, ZHANG Xiaojin, et al. Safety analysis of deepwater well control based on STAMP/STPA[J]. Journal of China University of Petroleum(Edition of Natural Science), 2019, 43(2): 131-139. (in Chinese). doi: 10.3969/j.issn.1673-5005.2019.02.016 [11] CHEN J, ZHANG S, LU Y, et al. STPA-based hazard analysis of a complex UAV system in take-off[C]. 2015 International Conference on Transportation Information and Safety(ICTIS), Wuhan, China: IEEE, 2015. [12] 刘炳琪, 胡剑波, 刘畅, 等. 飞机差动刹车纠偏过程的STAMP/STPA安全性分析[J]. 哈尔滨工业大学学报, 2020, 52(4): 66-73. https://www.cnki.com.cn/Article/CJFDTOTAL-HEBX202004010.htmLIU Bingqi, HU Jianbo, LIU Chang, et al. STAMP/STPA safety analysis of aircraft differential braking correction process[J]. Journal of Harbin Institute of Technology, 2020, 52(4): 66-73. (in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-HEBX202004010.htm [13] LEVESON N. A new accident model for engineering safer systems[J]. Safety Science, 2004, 42(4): 237-270. doi: 10.1016/S0925-7535(03)00047-X [14] DONG A. Application of CAST and STPA to railroad safety in China[D]. Cambridge: Massachusetts Institute of Technology, 2012. [15] THOMAS J, SUO D. STPA-based method to identify and control feature interactions in large complex systems[J]. Procedia Engineering, 2015, 128: 12-14. doi: 10.1016/j.proeng.2015.11.499 [16] 刘宏杰, 唐涛, 金夏垚, 等. 基于STPA方法的平交道口安全需求分析[J]. 北京交通大学学报, 2018, 42(2): 84-90. https://www.cnki.com.cn/Article/CJFDTOTAL-BFJT201802012.htmLIU Hongjie, TANG Tao, JIN Xiayao, et al. A safety requirements analysis approach for level crossing based on STPA[J]. Journal of Beijing Jiaotong University, 2018, 42(2): 84-90. (in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-BFJT201802012.htm [17] LEVESON N G. Engineering a safer world: systems thinking applied to safety[M]. Cambridge: The MIT Press, 2016. [18] 曾广芳. LNG船液货装卸系统的仿真研究[D]. 上海: 上海海事大学, 2007.ZENG Guangfang. Simulation research on liquid cargo loading and unloading system of LNG ship[D]. Shanghai: Shanghai Maritime University, 2007. (in Chinese). [19] 汪亮, 干蜀毅, 杨庆喜, 等. 超声技术真空管道检测模拟分析与研究[J]. 真空科学与技术学报, 2020, 40(12): 1219-1224. https://www.cnki.com.cn/Article/CJFDTOTAL-ZKKX202012018.htmWANG Liang, GAN Shuyi, YANG Qinxi, et al. Ultrasonic detection of leakage spot in vacuum pipeline: A simulation and analytical study[J]. Chinese Journal of Vacuum Science and Technology, 2020, 40(12): 1219-1224. (in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-ZKKX202012018.htm -
点击查看大图
图(5) / 表(5)
计量
- 文章访问数: 1080
- HTML全文浏览量: 580
- PDF下载量: 27
- 被引次数: 0