Geraint Evans, Business Manager at leading engineering consultancy Frazer-Nash looks at whether emergent risks associated with complex combat and mission systems are truly being identified and managed.
Within the field of combat or mission systems it is imperative that every piece of equipment in use is fully assessed for safety, and a solid safety case put in place; these safety cases provide assurance that each equipment is inherently safe.
As equipments come together to form systems, safety must be re-assessed; the focus at this point must be at the system level and not the equipment level. It is widely recognised that the interactions between the different equipments within the newly created system may create additional risks, but it should also be recognised that the emergent behaviours and functionality of the overall system may also present developing risks which need to be addressed.
As the systems being assessed become larger and more complex, so do the emergent risks. In this hierarchy of systems there is a progression from predominantly physical safety at the equipment level to functional safety and operational risk as systems become more complex, as illustrated in figure 1. This principle follows all the way up to a final platform such as an entire naval vessel.
Consequently there is also a need to consider the complex system risks within the context of the real use of the system, e.g. as part of the whole platform subject to a set of operational imperatives.
Without identifying these emergent complex system risks at an early stage, and without assessing them in the correct context, effective risk reduction cannot be implemented in the system design. The result is a system where the risks are managed through constraints and limitations imposed on operating procedures; less than ideal when you wish to realise the full potential of your combat system.
Clearly then, when dealing with a complex system, having a collection of safety cases for all the individual equipments (a ‘bottom up’ approach) is not sufficient. So how do you ensure that emergent complex system risks are identified and managed such that combat system capability can be maximised?
At Frazer-Nash, we tackle this issue in a different way by adopting a ‘top down’ approach, which considers the overarching combat system safety within the operational context of the platform, ensures that the emergent risks are identified and more comprehensively understood. Not only does this enable effective risk reduction to be implemented, but it also enables the completeness of the evidence supporting the overall safety argument to be reviewed. In doing so it adds a level of assurance that the standard bottom up approach cannot provide.
Ideally a top down approach is applied in the concept phase, which supports the derivation and flow down of a complete and robust set of safety requirements to the sub-systems and individual equipments. As the combat system is brought together fulfilment of these requirements can be tested at each level, reducing the integration risks and costs throughout the process.
Even if a top down approach has not been applied at the concept phase, undertaking this approach at a later point in the lifecycle can increase confidence in the safety argument and highlight areas of weakness which need to be addressed. Similarly when combat systems are modified or enhanced with new equipment, the top down approach can be applied to support safe and effective integration without incurring unnecessary costs or delays to the programme for implementing the enhanced operational capability.
Frazer-Nash recently applied the top down approach to the Sea Viper weapon system on behalf of the Ministry of Defence’s, Defence, Equipment and Support. The Sea Viper system comprises several sub-systems all of which had safety cases that had been accepted. The Maritime and Air Weapons Project Team had some doubts over the safety of the over