Systems of Systems Engineering – a problem for Systems...

1 SWISSED 2014: Henshaw

Systems of Systems Engineering – a

problem for Systems Engineers?

Professor Michael Henshaw

Loughborough University, UK

© Loughborough University, 2014

SWISSED14 +


Professor Michael Henshaw

Slides copyright 2013 Loughborough University

Head of Systems Division, Loughborough University

Group Leader: ESoS

Engineering Systems of Systems

BSc. (Hons), PhD – Applied Physics, U. of Hull, MBA

– U. Lincoln & Humberside

British Aerospace (later BAE Systems): 1989-2006

Professor of Systems Engineering, Loughborough

University: 2006-

[email protected]

mailto:[email protected]


Acknowledgements

Andrew Kinder, Steve Hinsley, Luminita Ciocoiu,

Sofia Ahlberg-Pilfold, Huseyin Dogan

Mo Jamshidi, Dan Delaurentis, Sharon Henson,

Vishal Barot, Carys Siemieniuch, Murray Sinclair,

Cornelius Ncube, Soo Ling Lim

ROAD2SOS team: Christian Albrecht, Meike

Reimann, Ursula Rauschecker



Content

A Story

SoS Definition and characteristics

Technical Governance – and example of

SoS issue

Research challenges in SoS

Who are the researchers in SoSE



Content

A Story



SoS issue





A Story


Created from article in International Business Times, September 08 2011 9:58 PM Information in this story drawn from the above report


Some of the entities involved in this story

Western Electricity Coordinating Council (WECC): RC

Imperial Irrigation District (IID): TOP, TP, BA

Arizona Public Service (APS) TOP, BA

Western Area Power Administration – Lower

Colorado (WALC): TOP, PC, BA

San Onofre Nuclear Generating Station

(SONGS): owned by SCE and SDG&E

California Independent System Operator

(CAISO): PC, BA, TOP

Balancing Authority (BA), Transmission Operator (TOP), Planning Coordinator (PC), Transmission

Planner (TP), Reliability Coordinator (RC)

Southern California Edison (SCE): TOP

San Diego Gas and Electric (SDG&E): TOP

Comision Federal de Electricidad – Baja

California Control Area (CFE): TO, TOP, BA

Areas for Utility

coverage (approx)


Three Parallel Corridors – simplified diagram of interconnections

Based on figure 3 from FERC/NERC Staff Report

on the September 8, 2011 Blackout, April 2012

CFE (Comision Federel de Electricidad –

Mexican state-owned electric utility)

SDG&E (San

Diego Gas &

Electricity)

WAPA (Western

Area Power

Administration –

Lower Colorado)

WECC (Western Electricity Coordinating Council) both a Reliability

Coordinator and a Regional Entity

San Onofre

Nuclear

Generating

Station

230 kV 230 kV 161 kV

500 kV

500 kV

500 kV


Sequence of Events – 8th September 2011


Path

44

• Hot day with some generation and

transmission outages for maintenance

purposes.

• Loss of Coachella Valley (CV)

transformer 1 not observed by operator

• Several units tripped in different areas

• APS technician carries out switching of

capacitor bank at Hassayampa N-Gila

• Technician misses the step to bypass

the capacitor bank

Disconnect

switch arcs

15 27 39

• H-NG trips

• Arizona Public Service (APS)

operators think they can restore H-

NG quickly

• Tell CAISO this – unaware that

technically not possible

• Therefore WECC have incorrect

information

• H-NG flow redistributed to Path 44

• CV 2 overloads & trips

15 28 16

5,900 A

15 32 10

6,700 A

• Sever low voltage in Western

Area Power Admin. Lower

Colorado (WALC) due to loss of

CV transformers

• Triggers reactive demand

• Overloading of Ramon

transformer (connecting IID to

SDG&E)

• Ramon transformer trips and

• Flow redistributed to Path 44

15 35 40

7,200A

• Ramon transformer set to trip at 207%

normal load instead of 120% - gave 4

minutes extra time

• Ramon trip caused cascade of

distribution feeder and transmission

trips

• 444MW of IID load shed (>200 MW

within 10 secs of Ramon trip)

• Path 44 peaks at 7,800 A, settles at

7,200 A

Power failure

15 37 55

7,800A

• Gila and Yucca transformers tripped

• Various load pockets created (i.e.

Not enough power to meet demand)

• Various requests from WALC,

CAISO fornew generators to be

brought online; but cannot be

started in time

• Load on Path 44 increases to 7,800

A (near to 8,000A separation load

for SONGS)

15 38 21

9,500 A

• IID’s El-Centro-Pilot Knob line

tripped, all IID’s southern 92kV

systems draws from SDG&E

• Generation in Imperial Valley

trips; S Line trips, isolating IID

from SDG&E

• SONGS Separation scheme

operates (closing down power)

• Separation occurs at 8,000 amps

10 SWISSED 2014: Henshaw © Loughborough University, 2014


Sequence of events last phase

15:38:38

Under frequency load

shedding , but not able to

prevent SDG&E, CFE,

Yuma island from collapsing

SONGS nuclear unit

shutdown

Complete blackout in San

Diego and CFE

Further power loss in APS,

WALCSDG&E, IID


2.7M customers without

power for up to 12 hours


Interconnections and Dependencies


2.7M customers

without power Area

affected

Traffic jams

for hours

Businesses

and schools

closed

Flights and public

transport disrupted

Sewerage pumping

stations lost power Beaches closed due

to sewerage spills

Millions

without air

conditioning

on a hot day

11-minute system

disturbance in

Pacific Southwest

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&uact=8&docid=Gai4DwJjbCnO7M&tbnid=FIpAdaFPRauxGM:&ved=0CAUQjRw&url=http://www.nasa.gov/audience/forstudents/k-4/dictionary/Continent.html&ei=5KbiU970L8iV7Aae3oG4Dg&bvm=bv.72676100,d.ZGU&psig=AFQjCNHENnlDHiUG2eounrTQge-DZc9JZQ&ust=1407449177562803


Some Key findings from FERC/NERC Report

System not operated in N-1 state

Requires system to remain in a reliable condition

with occurrence of a single contingency

Inadequate situational awareness among operators

Lack of awareness of impact of neighbours failures

Lack of awareness of effect on neighbours of internal

failures and changes

Lack of accurate real time models

Inadequate planning for contingencies

Failed to recognise interconnection reliability

operations limits

Variation in setting of trip limits



Summarising

Each operation managed differently

E.g. different limits for trips

Each operator optimised their own system

Called on neighbours to backfill lack of generation

capacity

Localised predictions did not predict the overall

emergent behaviour

Operators were unaware of what was happening

in the wider system

Misinformation even between neighbours



Content

A Story



SoS issue





SoS(E)

A SoS is an integration of a finite number of constituent systems which are independent

and operatable, and which are networked together for a period of time to achieve a

certain higher goal. (Jamshidi, 2009)

• Operational independence of component

systems

• Managerial independence of component

systems

• Geographical distribution

• Emergent behaviour

• Evolutionary development processes

(Maier, 1996)

Directed Acknowledged Collaborative Virtual

Based on Dahmann & Baldwin, 2008

Dahmann, J. & Baldwin, K., 2008. Understanding the Current State of US Defense Systems of Systems and the Implications for Systems Engineering. Montreal, Canada, s.n.

Jamshidi, M., 2009. Ch. 1.. In: Systems of Systems Engineering - Principles and Applications. Boca Raton, FL, USA: CRC Press, p. 1.

Maier, M. W., 1996. Architecting principles for system-of-systems. Boston, MA, USA, July, pp. 567-574.


Maier’s Characteristics of SoS

• Operational

independence of

component systems

• Managerial

independence of

component systems

• Geographical

distribution

• Emergent behaviour

• Evolutionary

development processes


Based on: “Towards an Integrated Transport System – Freight Focus: Research contributing to

integration and interoperability across Europe “, Transport Research Knowledge Centre (TRKC)

consortium, 2010.

Maier, M. W., 1996. Architecting principles for system-of-systems. Boston, MA, USA, July, pp. 567-574.


Additional Characteristics from Dan Delaurentis

Inter-disciplinary Study

Note that this also implies

multi-disciplinary study

Heterogeneity of Systems

Component systems are

different from each other

and may be of different

types and scales

Networks of Systems

Emphasises the information

aspect of SoS


DeLaurentis D., ‘Systems of Systems Engineering’, College of Engineering, Purdue University, 2007

Based on: “Towards an Integrated Transport System – Freight Focus: Research contributing to

integration and interoperability across Europe “, Transport Research Knowledge Centre (TRKC)

consortium, 2010.


Lexicon for describing SoS (DeLaurentis, et. al., 2011)

Hierarchy of systems

α-level: base level, no further decomposition

β-level collections of α-level organised as a network

γ-level collections of β-level organised as a network


α-level systems

β-level systems

γ-level system Systems may be technological,

human, enterprise, service,...

from: DeLaurentis, D., Crossley, W.A., Mane, M., "Taxonomy

to Guide Systems-of-Systems Decision-Making in Air

Transportation Problems", AIAA Journal of Aircraft, Vol. 48,

No. 3, 2011, pp. 760-770


The problem with SoS

From the single-system community’s

perspective, its part of the SoS

capability represents additional

obligations, constraints and

complexities. Rarely is participation in a

SoS seen as a net gain from the

viewpoint of single-system stakeholders Rebovich, G., (2009), Enterprise Systems of Systems, Ch. 6, pg. 169, in M.

Jamshidi, Systems of Systems Engineering - Principles and Applications,

Boca Raton, FL, USA, CRC Press.

Image of San Diego in Blackout, photo by Kris Hanson, featured on blog:

http://www.ecoronado.com/profiles/blog/list?tag=power+outage


Characterisation based on System of Interest (Kinder et. al., 2012)

Component systems

Systems types

Classification

SoS type after Dahmann &

Baldwin (2008)

Interactions

Types

Nature of interactions

Types (e.g. peer-to-peer,

hierarchical

Lifecycle

Phases/system states

Variability

Frequency/rapidity of change

Functions

Specific and generic functions

available

System owners and operators

Concept of use, operation, or

employment

Problem of drawing a

boundary defining the

system of interest


Kinder, A, Barot, B., Henshaw, M., Siemieniuch, C. System of Systems: “Defining the System of

Interest”, proc. 7th IEEE Conf. Systems of Systems Eng. Genoa, It., 16-19 July 2012


Characterisation based on SoI (Kinder et. al., 2012)


Kinder, A, Barot, B., Henshaw, M., Siemieniuch, C. System of Systems: “Defining the System of

Interest”, proc. 7th IEEE Conf. Systems of Systems Eng. Genoa, It., 16-19 July 2012


Focus of SoSE


α-level systems

β-level systems

γ-level system

Managerial

independence

Operational

independence

Emergence

Evolutionary

Geographic

Distribution

So

SE

S

E Single

systems

So

SE

Pro

ble

m

Sp

ac

e

After from: DeLaurentis, D., Crossley, W.A., Mane, M.,

"Taxonomy to Guide Systems-of-Systems Decision-Making in

Air Transportation Problems", AIAA Journal of Aircraft, Vol. 48,

No. 3, 2011, pp. 760-770


Content

A Story



SoS issue





Corporate Governance must be complemented by

Technical and Engineering Governance (TEG)

Are we doing the right things?

Are we doing those things right?

How do we know?

With increasingly interconnected systems and

more complicated dependencies: need to ensure

(and assure) SoS is safe, ethical, effective, and

efficient

Technical and Engineering Governance


The first step in developing a Governance Model is to decompose

governance into smaller, more manageable pieces

Stavros, RW, Dettman, MB, Albrant, J. Engineering Governance, 2007,

http://nesipublic.spawar.navy.mil/docs/misc/Engineering_Governance_

v1pt0-06Dec07.pdf

But what about Governing those pieces?

Example of Governance model

Engineering

Governance

Compliance Execution

Regulation

http://nesipublic.spawar.navy.mil/docs/misc/Engineering_Governance_v1pt0-06Dec07.pdf






Multiple legacy and

incompatible

processes

Supply chain changes

over lifecycles – loss

of critical knowledge

Organisations

collaborate on

multiple projects (each

with subtly different

processes)

THE LOSS OF RAF NIMROD XV230

A FAILURE OF LEADERSHIP, CULTURE AND PRIORITIES

Charles Haddon Cave – The NIMROD Review An independent review into the broader issues surrounding the loss of the RAF Nimrod MR2 Aircraft XV230 in Afghanistan in 2006

http://www.official-documents.gov.uk/document/hc0809/hc10/1025/1025.pdf

Challenge is distributed responsibilities

Example


Knowledge of interoperable systems


Robustness

The degree to which a system or component can function correctly in the presence of invalid inputs or stressful environmental conditions. IEEE Standard Glossary of Software Engineering Terminology,

IEEE Std 610.12-1990.

Resilience

(e.g.) The capability of a system to maintain its functions and structure in the face of internal and external change and to degrade gracefully when it must. Allenby, B. and Fink, J. 2005, "Toward inherently secure and

resilient societies," Science , vol. 309

But …. Who is architecting what in a SoS (Directed, Acknowledged, Collaborative, Virtual) ?

Architect for Robustness and Resilience


Manage multiple lifecycles of SoS

Properly accommodate changes to component

systems (e.g. legislative induced)

Engineering functions open to and adaptive to

change

Harmony between engineering function and other

components of enterprise

Awareness of SoSE risk

Understand key decision making roles

Aims of TEG


Content

A Story



SoS issue





T-AREA-SoS: 12 Main themes

Characterisation and

Description of SoS

Theoretical Foundations

for SoS

Emergence

Multi-level Modelling of

SoS

Measurement and Metrics

for SoS

Evaluation of SoS

Definition & Evolution of

SoS Architecture

Prototyping SoS

Trade-off in SoS

Security in SoS

Human Aspects of SoS

Energy Efficient SoS

https://www.tareasos.eu/index.php




ROAD2SOS – Priority Themes

Overview of technological Priority Themes identified in Road2SoS

Derived from combined

roadmap for

• Transport

• Energy

• Manufacturing

• Emergency response

Deliverable No. 5.1 & 5.2

Report on Commonalities in the Four

Domains and Recommendations for

Strategic Action, Dec. 2013


ROAD2SOS – Implementation Barriers

Overview of potential implementation barriers identified in ROAD2SOS





http://www.road2sos-project.eu/cms/front_content.php


ROAD2SOS Implementation Barriers

Overview of potential implementation barriers identified in ROAD2SOS





From

http://www.mcqthinking.c

om/banksy-mobile-lovers-

power-unsettle/


Content

A Story



SoS issue





Who are the researchers in Systems of Systems?

(c) toonpool.com

Technological, human, and

organisational matters are very

different from each other.


Who are the SoSE researchers/developers? - term multiplicity


A ? is an integration of a

finite number of constituent

systems which are

independent and operatable,

and which are networked

together for a period of time

to achieve a certain higher

goal. (Jamshidi, 2009)

Whole

systems

Family of

systems

System of

systems

From: Barot, V., et. al.

(2014)


Research Challenges I

Embrace the dynamic nature of SoS

What are the methods and tools for those

managing (coping with) SoS?

Don’t just focus on design, research the operation

of SoS

Research how to incentivise SoS behaviour

Consider the capability that the SoS enables

Value chain perspective

Values are … HUMAN attributes



Research Challenges II

Techno-Socio or Socio-Techno?

Get the right disciplines involved

Every discipline that is relevant: hard and soft science

and engineering

Educate other researchers in SoS and get their

contribution

Amateur psychologists and sociologists are …

amateurs!



Paraphrasing Gerard Hoffnung!

All my artistic friends think I

am a great musician, and all

my musical friends think I am a

great artist

Gerard Hoffnung in one of his shows!

The SoS Engineer!

All my sociological friends think I am a great

technologist, and all my technological friends think I

am a great sociologist

http://www.last.fm/mu

sic/Gerard+Hoffnung/

+images/25809639

Systems of Systems Engineering – a problem for Systems...

Documents

Transcript of Systems of Systems Engineering – a problem for Systems...