Systems of Systems Engineering – a problem for Systems...
Transcript of Systems of Systems Engineering – a problem for Systems...
1 SWISSED 2014: Henshaw
Systems of Systems Engineering – a
problem for Systems Engineers?
Professor Michael Henshaw
Loughborough University, UK
© Loughborough University, 2014
SWISSED14 +
2 SWISSED 2014: Henshaw
Professor Michael Henshaw
Slides copyright 2013 Loughborough University
Head of Systems Division, Loughborough University
Group Leader: ESoS
Engineering Systems of Systems
BSc. (Hons), PhD – Applied Physics, U. of Hull, MBA
– U. Lincoln & Humberside
British Aerospace (later BAE Systems): 1989-2006
Professor of Systems Engineering, Loughborough
University: 2006-
3 SWISSED 2014: Henshaw
Acknowledgements
Andrew Kinder, Steve Hinsley, Luminita Ciocoiu,
Sofia Ahlberg-Pilfold, Huseyin Dogan
Mo Jamshidi, Dan Delaurentis, Sharon Henson,
Vishal Barot, Carys Siemieniuch, Murray Sinclair,
Cornelius Ncube, Soo Ling Lim
ROAD2SOS team: Christian Albrecht, Meike
Reimann, Ursula Rauschecker
© Loughborough University, 2014
4 SWISSED 2014: Henshaw
Content
A Story
SoS Definition and characteristics
Technical Governance – and example of
SoS issue
Research challenges in SoS
Who are the researchers in SoSE
© Loughborough University, 2014
5 SWISSED 2014: Henshaw
Content
A Story
SoS Definition and characteristics
Technical Governance – and example of
SoS issue
Research challenges in SoS
Who are the researchers in SoSE
© Loughborough University, 2014
6 SWISSED 2014: Henshaw
A Story
© Loughborough University, 2014
Created from article in International Business Times, September 08 2011 9:58 PM Information in this story drawn from the above report
7 SWISSED 2014: Henshaw
Some of the entities involved in this story
Western Electricity Coordinating Council (WECC): RC
Imperial Irrigation District (IID): TOP, TP, BA
Arizona Public Service (APS) TOP, BA
Western Area Power Administration – Lower
Colorado (WALC): TOP, PC, BA
San Onofre Nuclear Generating Station
(SONGS): owned by SCE and SDG&E
California Independent System Operator
(CAISO): PC, BA, TOP
Balancing Authority (BA), Transmission Operator (TOP), Planning Coordinator (PC), Transmission
Planner (TP), Reliability Coordinator (RC)
Southern California Edison (SCE): TOP
San Diego Gas and Electric (SDG&E): TOP
Comision Federal de Electricidad – Baja
California Control Area (CFE): TO, TOP, BA
Areas for Utility
coverage (approx)
8 SWISSED 2014: Henshaw
Three Parallel Corridors – simplified diagram of interconnections
Based on figure 3 from FERC/NERC Staff Report
on the September 8, 2011 Blackout, April 2012
CFE (Comision Federel de Electricidad –
Mexican state-owned electric utility)
SDG&E (San
Diego Gas &
Electricity)
WAPA (Western
Area Power
Administration –
Lower Colorado)
WECC (Western Electricity Coordinating Council) both a Reliability
Coordinator and a Regional Entity
San Onofre
Nuclear
Generating
Station
230 kV 230 kV 161 kV
500 kV
500 kV
500 kV
9 SWISSED 2014: Henshaw
Sequence of Events – 8th September 2011
© Loughborough University, 2014
Path
44
• Hot day with some generation and
transmission outages for maintenance
purposes.
• Loss of Coachella Valley (CV)
transformer 1 not observed by operator
• Several units tripped in different areas
• APS technician carries out switching of
capacitor bank at Hassayampa N-Gila
• Technician misses the step to bypass
the capacitor bank
Disconnect
switch arcs
15 27 39
• H-NG trips
• Arizona Public Service (APS)
operators think they can restore H-
NG quickly
• Tell CAISO this – unaware that
technically not possible
• Therefore WECC have incorrect
information
• H-NG flow redistributed to Path 44
• CV 2 overloads & trips
15 28 16
5,900 A
15 32 10
6,700 A
• Sever low voltage in Western
Area Power Admin. Lower
Colorado (WALC) due to loss of
CV transformers
• Triggers reactive demand
• Overloading of Ramon
transformer (connecting IID to
SDG&E)
• Ramon transformer trips and
• Flow redistributed to Path 44
15 35 40
7,200A
• Ramon transformer set to trip at 207%
normal load instead of 120% - gave 4
minutes extra time
• Ramon trip caused cascade of
distribution feeder and transmission
trips
• 444MW of IID load shed (>200 MW
within 10 secs of Ramon trip)
• Path 44 peaks at 7,800 A, settles at
7,200 A
Power failure
15 37 55
7,800A
• Gila and Yucca transformers tripped
• Various load pockets created (i.e.
Not enough power to meet demand)
• Various requests from WALC,
CAISO fornew generators to be
brought online; but cannot be
started in time
• Load on Path 44 increases to 7,800
A (near to 8,000A separation load
for SONGS)
15 38 21
9,500 A
• IID’s El-Centro-Pilot Knob line
tripped, all IID’s southern 92kV
systems draws from SDG&E
• Generation in Imperial Valley
trips; S Line trips, isolating IID
from SDG&E
• SONGS Separation scheme
operates (closing down power)
• Separation occurs at 8,000 amps
10 SWISSED 2014: Henshaw © Loughborough University, 2014
11 SWISSED 2014: Henshaw
Sequence of events last phase
15:38:38
Under frequency load
shedding , but not able to
prevent SDG&E, CFE,
Yuma island from collapsing
SONGS nuclear unit
shutdown
Complete blackout in San
Diego and CFE
Further power loss in APS,
WALCSDG&E, IID
© Loughborough University, 2014
2.7M customers without
power for up to 12 hours
12 SWISSED 2014: Henshaw
Interconnections and Dependencies
© Loughborough University, 2014
2.7M customers
without power Area
affected
Traffic jams
for hours
Businesses
and schools
closed
Flights and public
transport disrupted
Sewerage pumping
stations lost power Beaches closed due
to sewerage spills
Millions
without air
conditioning
on a hot day
11-minute system
disturbance in
Pacific Southwest
13 SWISSED 2014: Henshaw
Some Key findings from FERC/NERC Report
System not operated in N-1 state
Requires system to remain in a reliable condition
with occurrence of a single contingency
Inadequate situational awareness among operators
Lack of awareness of impact of neighbours failures
Lack of awareness of effect on neighbours of internal
failures and changes
Lack of accurate real time models
Inadequate planning for contingencies
Failed to recognise interconnection reliability
operations limits
Variation in setting of trip limits
© Loughborough University, 2014
14 SWISSED 2014: Henshaw
Summarising
Each operation managed differently
E.g. different limits for trips
Each operator optimised their own system
Called on neighbours to backfill lack of generation
capacity
Localised predictions did not predict the overall
emergent behaviour
Operators were unaware of what was happening
in the wider system
Misinformation even between neighbours
© Loughborough University, 2014
15 SWISSED 2014: Henshaw
Content
A Story
SoS Definition and characteristics
Technical Governance – and example of
SoS issue
Research challenges in SoS
Who are the researchers in SoSE
© Loughborough University, 2014
16 SWISSED 2014: Henshaw
SoS(E)
A SoS is an integration of a finite number of constituent systems which are independent
and operatable, and which are networked together for a period of time to achieve a
certain higher goal. (Jamshidi, 2009)
• Operational independence of component
systems
• Managerial independence of component
systems
• Geographical distribution
• Emergent behaviour
• Evolutionary development processes
(Maier, 1996)
Directed Acknowledged Collaborative Virtual
Based on Dahmann & Baldwin, 2008
Dahmann, J. & Baldwin, K., 2008. Understanding the Current State of US Defense Systems of Systems and the Implications for Systems Engineering. Montreal, Canada, s.n.
Jamshidi, M., 2009. Ch. 1.. In: Systems of Systems Engineering - Principles and Applications. Boca Raton, FL, USA: CRC Press, p. 1.
Maier, M. W., 1996. Architecting principles for system-of-systems. Boston, MA, USA, July, pp. 567-574.
17 SWISSED 2014: Henshaw
Maier’s Characteristics of SoS
• Operational
independence of
component systems
• Managerial
independence of
component systems
• Geographical
distribution
• Emergent behaviour
• Evolutionary
development processes
© Loughborough University, 2014
Based on: “Towards an Integrated Transport System – Freight Focus: Research contributing to
integration and interoperability across Europe “, Transport Research Knowledge Centre (TRKC)
consortium, 2010.
Maier, M. W., 1996. Architecting principles for system-of-systems. Boston, MA, USA, July, pp. 567-574.
18 SWISSED 2014: Henshaw
Additional Characteristics from Dan Delaurentis
Inter-disciplinary Study
Note that this also implies
multi-disciplinary study
Heterogeneity of Systems
Component systems are
different from each other
and may be of different
types and scales
Networks of Systems
Emphasises the information
aspect of SoS
© Loughborough University, 2014
DeLaurentis D., ‘Systems of Systems Engineering’, College of Engineering, Purdue University, 2007
Based on: “Towards an Integrated Transport System – Freight Focus: Research contributing to
integration and interoperability across Europe “, Transport Research Knowledge Centre (TRKC)
consortium, 2010.
19 SWISSED 2014: Henshaw
Lexicon for describing SoS (DeLaurentis, et. al., 2011)
Hierarchy of systems
α-level: base level, no further decomposition
β-level collections of α-level organised as a network
γ-level collections of β-level organised as a network
© Loughborough University, 2014
α-level systems
β-level systems
γ-level system Systems may be technological,
human, enterprise, service,...
from: DeLaurentis, D., Crossley, W.A., Mane, M., "Taxonomy
to Guide Systems-of-Systems Decision-Making in Air
Transportation Problems", AIAA Journal of Aircraft, Vol. 48,
No. 3, 2011, pp. 760-770
20 SWISSED 2014: Henshaw
The problem with SoS
From the single-system community’s
perspective, its part of the SoS
capability represents additional
obligations, constraints and
complexities. Rarely is participation in a
SoS seen as a net gain from the
viewpoint of single-system stakeholders Rebovich, G., (2009), Enterprise Systems of Systems, Ch. 6, pg. 169, in M.
Jamshidi, Systems of Systems Engineering - Principles and Applications,
Boca Raton, FL, USA, CRC Press.
Image of San Diego in Blackout, photo by Kris Hanson, featured on blog:
http://www.ecoronado.com/profiles/blog/list?tag=power+outage
21 SWISSED 2014: Henshaw
Characterisation based on System of Interest (Kinder et. al., 2012)
Component systems
Systems types
Classification
SoS type after Dahmann &
Baldwin (2008)
Interactions
Types
Nature of interactions
Types (e.g. peer-to-peer,
hierarchical
Lifecycle
Phases/system states
Variability
Frequency/rapidity of change
Functions
Specific and generic functions
available
System owners and operators
Concept of use, operation, or
employment
Problem of drawing a
boundary defining the
system of interest
© Loughborough University, 2014
Kinder, A, Barot, B., Henshaw, M., Siemieniuch, C. System of Systems: “Defining the System of
Interest”, proc. 7th IEEE Conf. Systems of Systems Eng. Genoa, It., 16-19 July 2012
22 SWISSED 2014: Henshaw
Characterisation based on SoI (Kinder et. al., 2012)
© Loughborough University, 2014
Kinder, A, Barot, B., Henshaw, M., Siemieniuch, C. System of Systems: “Defining the System of
Interest”, proc. 7th IEEE Conf. Systems of Systems Eng. Genoa, It., 16-19 July 2012
23 SWISSED 2014: Henshaw
Focus of SoSE
© Loughborough University, 2014
α-level systems
β-level systems
γ-level system
Managerial
independence
Operational
independence
Emergence
Evolutionary
Geographic
Distribution
So
SE
S
E Single
systems
So
SE
Pro
ble
m
Sp
ac
e
After from: DeLaurentis, D., Crossley, W.A., Mane, M.,
"Taxonomy to Guide Systems-of-Systems Decision-Making in
Air Transportation Problems", AIAA Journal of Aircraft, Vol. 48,
No. 3, 2011, pp. 760-770
24 SWISSED 2014: Henshaw
Content
A Story
SoS Definition and characteristics
Technical Governance – and example of
SoS issue
Research challenges in SoS
Who are the researchers in SoSE
© Loughborough University, 2014
25 SWISSED 2014: Henshaw
Corporate Governance must be complemented by
Technical and Engineering Governance (TEG)
Are we doing the right things?
Are we doing those things right?
How do we know?
With increasingly interconnected systems and
more complicated dependencies: need to ensure
(and assure) SoS is safe, ethical, effective, and
efficient
Technical and Engineering Governance
26 SWISSED 2014: Henshaw
The first step in developing a Governance Model is to decompose
governance into smaller, more manageable pieces
Stavros, RW, Dettman, MB, Albrant, J. Engineering Governance, 2007,
http://nesipublic.spawar.navy.mil/docs/misc/Engineering_Governance_
v1pt0-06Dec07.pdf
But what about Governing those pieces?
Example of Governance model
Engineering
Governance
Compliance Execution
Regulation
27 SWISSED 2014: Henshaw
Multiple legacy and
incompatible
processes
Supply chain changes
over lifecycles – loss
of critical knowledge
Organisations
collaborate on
multiple projects (each
with subtly different
processes)
THE LOSS OF RAF NIMROD XV230
A FAILURE OF LEADERSHIP, CULTURE AND PRIORITIES
Charles Haddon Cave – The NIMROD Review An independent review into the broader issues surrounding the loss of the RAF Nimrod MR2 Aircraft XV230 in Afghanistan in 2006
http://www.official-documents.gov.uk/document/hc0809/hc10/1025/1025.pdf
Challenge is distributed responsibilities
Example
28 SWISSED 2014: Henshaw
Knowledge of interoperable systems
29 SWISSED 2014: Henshaw
Robustness
The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions. IEEE Standard Glossary of Software Engineering Terminology,
IEEE Std 610.12-1990.
Resilience
(e.g.) The capability of a system to maintain its functions and structure in the face of internal and external change and to degrade gracefully when it must. Allenby, B. and Fink, J. 2005, "Toward inherently secure and
resilient societies," Science , vol. 309
But …. Who is architecting what in a SoS (Directed, Acknowledged, Collaborative, Virtual) ?
Architect for Robustness and Resilience
30 SWISSED 2014: Henshaw
Manage multiple lifecycles of SoS
Properly accommodate changes to component
systems (e.g. legislative induced)
Engineering functions open to and adaptive to
change
Harmony between engineering function and other
components of enterprise
Awareness of SoSE risk
Understand key decision making roles
Aims of TEG
31 SWISSED 2014: Henshaw
Content
A Story
SoS Definition and characteristics
Technical Governance – and example of
SoS issue
Research challenges in SoS
Who are the researchers in SoSE
© Loughborough University, 2014
32 SWISSED 2014: Henshaw
T-AREA-SoS: 12 Main themes
Characterisation and
Description of SoS
Theoretical Foundations
for SoS
Emergence
Multi-level Modelling of
SoS
Measurement and Metrics
for SoS
Evaluation of SoS
Definition & Evolution of
SoS Architecture
Prototyping SoS
Trade-off in SoS
Security in SoS
Human Aspects of SoS
Energy Efficient SoS
https://www.tareasos.eu/index.php
33 SWISSED 2014: Henshaw
ROAD2SOS – Priority Themes
Overview of technological Priority Themes identified in Road2SoS
Derived from combined
roadmap for
• Transport
• Energy
• Manufacturing
• Emergency response
Deliverable No. 5.1 & 5.2
Report on Commonalities in the Four
Domains and Recommendations for
Strategic Action, Dec. 2013
34 SWISSED 2014: Henshaw
ROAD2SOS – Implementation Barriers
Overview of potential implementation barriers identified in ROAD2SOS
Deliverable No. 5.1 & 5.2
Report on Commonalities in the Four
Domains and Recommendations for
Strategic Action, Dec. 2013
http://www.road2sos-project.eu/cms/front_content.php
35 SWISSED 2014: Henshaw
ROAD2SOS Implementation Barriers
Overview of potential implementation barriers identified in ROAD2SOS
Deliverable No. 5.1 & 5.2
Report on Commonalities in the Four
Domains and Recommendations for
Strategic Action, Dec. 2013
From
http://www.mcqthinking.c
om/banksy-mobile-lovers-
power-unsettle/
36 SWISSED 2014: Henshaw
Content
A Story
SoS Definition and characteristics
Technical Governance – and example of
SoS issue
Research challenges in SoS
Who are the researchers in SoSE
© Loughborough University, 2014
37 SWISSED 2014: Henshaw
Who are the researchers in Systems of Systems?
(c) toonpool.com
Technological, human, and
organisational matters are very
different from each other.
38 SWISSED 2014: Henshaw
Who are the SoSE researchers/developers? - term multiplicity
© Loughborough University, 2014
A ? is an integration of a
finite number of constituent
systems which are
independent and operatable,
and which are networked
together for a period of time
to achieve a certain higher
goal. (Jamshidi, 2009)
Whole
systems
Family of
systems
System of
systems
From: Barot, V., et. al.
(2014)
39 SWISSED 2014: Henshaw
Research Challenges I
Embrace the dynamic nature of SoS
What are the methods and tools for those
managing (coping with) SoS?
Don’t just focus on design, research the operation
of SoS
Research how to incentivise SoS behaviour
Consider the capability that the SoS enables
Value chain perspective
Values are … HUMAN attributes
© Loughborough University, 2014
40 SWISSED 2014: Henshaw
Research Challenges II
Techno-Socio or Socio-Techno?
Get the right disciplines involved
Every discipline that is relevant: hard and soft science
and engineering
Educate other researchers in SoS and get their
contribution
Amateur psychologists and sociologists are …
amateurs!
© Loughborough University, 2014
41 SWISSED 2014: Henshaw
Paraphrasing Gerard Hoffnung!
All my artistic friends think I
am a great musician, and all
my musical friends think I am a
great artist
Gerard Hoffnung in one of his shows!
The SoS Engineer!
All my sociological friends think I am a great
technologist, and all my technological friends think I
am a great sociologist
http://www.last.fm/mu
sic/Gerard+Hoffnung/
+images/25809639
42 SWISSED 2014: Henshaw