A. Mancusoa,b, M. Compareb, A. Saloa, E. Ziob,c A Bayesian approach for dynamic portfolio optimization of safety barriers A. Mancusoa,b, M. Compareb, A. Saloa, E. Ziob,c Systems Analysis Laboratory, Department of Mathematics and Systems Analysis - Aalto University Laboratory of Signal and Risk Analysis, Dipartimento di Energia - Politecnico di Milano Chair on Systems Science and the Energetic Challenge - École Centrale Paris and Supelec December 22, 2017

Risk-informed decision making in safety critical context Based on Probabilistic Risk Assessment (PRA) Fault Tree 𝑅𝑅𝑊 𝐺𝑒𝑛 = 𝑅(𝑁𝑜 𝑙𝑖𝑔ℎ𝑡) 𝑅(𝑁𝑜 𝑙𝑖𝑔ℎ𝑡|𝑁𝑜 𝑔𝑒𝑛𝑒𝑟𝑎𝑡𝑜𝑟 𝑓𝑎𝑖𝑙𝑢𝑟𝑒) 𝑅𝑅𝑊 𝐿𝑎𝑚𝑝 = 𝑅(𝑁𝑜 𝑙𝑖𝑔ℎ𝑡) 𝑅(𝑁𝑜 𝑙𝑖𝑔ℎ𝑡|𝑁𝑜 𝑙𝑎𝑚𝑝 𝑓𝑎𝑖𝑙𝑢𝑟𝑒) 𝑅𝑅𝑊 𝑆𝑤𝑖𝑡𝑐ℎ = 𝑅(𝑁𝑜 𝑙𝑖𝑔ℎ𝑡) 𝑅(𝑁𝑜 𝑙𝑖𝑔ℎ𝑡|𝑁𝑜 𝑠𝑤𝑖𝑡𝑐ℎ 𝑓𝑎𝑖𝑙𝑢𝑟𝑒) Concerns Experts interpret these importance measures and choose actions Action costs and feasibility constraints considered only afterwards The results can be sub-optimal

Proposed methodology Portfolio optimization identifies portfolios of risk management actions for the whole system, which minimize the residual risk of the system and the total cost of actions. The methodology accounts for risk, budget and other feasibility constraints. Methodology steps: Step 1: Failure scenario modeling Step 2: Definition of failure probabilities Step 3: Specification of actions Step 4: Optimization model

Step 1: Failure scenario modeling Mapping of Fault Tree (FT) into Bayesian Network. Advantages Multi-state modeling Extension of concepts of AND/OR gates Combining expert judgement and quantitative knowledge to estimate the risk. Reference: Khakzad N., Khan F., Amyotte P., “Dynamic safety analysis of process systems by mapping bow-tie into Bayesian network”, Process Safety and Environmental Protection 91 (1-2), pp. 46-53 (2013).

Step 1: Failure scenario modeling The final outcome of accident scenarios can depend on the order, timing and magnitude of the component failures. If the risk analysis does not account for the dynamic behaviour of the system, it may fail to consider severe accident scenarios. We model time-dependent accident scenarios through Dynamic Bayesian Networks, which generalize Bayesian Networks by connecting nodes over successive time steps. Reference: Zio E., “Integrated deterministic and probabilistic safety analysis: concepts, challenges, research directions”, Nuclear Engineering and Design 280, pp. 413-419 (2014).

Step 2: Definition of failure probabilities Information sources Information provided by AND/OR gates in Fault Tree and Event Tree Statistical analyses Expert elicitation The probabilities of events are defined as follows: Initiating events  failure probabilities of system components Intermediate and top events  conditional probability tables

Step 3: Specification of actions Parameters of actions: Impact on the prior and conditional probabilities at each time step Annualized cost Action 𝑎 on event 𝑋 𝑖 (τ) modifies the probability of occurrence of state 𝑠. 𝑃 𝑋 𝑖 (𝜏) 𝑠 𝑃 𝑋 𝑎 𝑖 (𝜏) 𝑠 𝑠 𝑠

Step 4: Optimization model Action portfolio #1 Action portfolio #2 Risk acceptability Action portfolio #3 Implicit enumeration algorithm to identify the optimal portfolios of risk management actions. The resulting portfolios are globally optimal: they minimize the failure risk of target events (instead of selecting actions that target the riskiness of the single components). Action portfolio #4 Action portfolio #5 Budget constraints Action portfolio #6 Action portfolio #7 Select the Pareto optimal frontier Action portfolio #8 Action feasibility Action portfolio #9 Action portfolio #10 Action portfolio #11 Action portfolio #12

Application: Mixing tank mechanical system Accident scenario of a vapor cloud ignition at Universal Form Clamp, Illinois, US on June 14 2006. In that occasion, a flammable vapor cloud of heptane and mineral spirits overflowed from an open top mixing and heating tank. The vapor cloud ignited as it met unknown ignition sources, leading to one death, two injuries and significant business interruption. What portfolios of risk management actions minimize the residual system risk for different total cost of risk management actions?

Step 1: Failure scenario modeling To analyze the failure scenarios, the Fault Tree is mapped into a Dynamic Bayesian Network.

Dynamic framework The DBN accounts for 6 time steps for the nodes following the Top Event Vapor due to the fast dynamics of the accident scenario in case of vapor overflow. The squared number 𝑟 = 1 on the arc connecting Sprinkler to Ignition indicates the conditional dependency of Ignition at time 𝜏 to the activation of Sprinkler at time 𝜏−1.

Application: Mixing tank mechanical system Actions improve the reliability of the components, thus they mitigate the residual risk of the overall system. Alarm Action Cost Prob Semi conductor sensor 60 0.2 Catalytic gas sensor 80 0.15 Electrochemical cells 0.1

Results Minimum residual risk for the optimal portfolios of actions at different budget levels. Larger budget  more effective actions  lower residual risk at each time step

Results The core index 𝐶𝐼(𝑎) is defined as the share of non-dominated portfolios that include the safety measure 𝑎. The analysis of the core indexes helps identify those safety measures that should be selected or rejected.

Future research Develop computationally tractable solutions for large systems. Develop a further extension to account for safety actions that can be activated on time according to the occurring events. Possible collaboration with nuclear power plants with regard to inspection of fire protection barriers.

Thank you for your attention! Alessandro Mancuso System Analysis Laboratory, School of Science, Aalto University, Finland Laboratory of Signal and Risk Analysis, Department of Energy, Politecnico di Milano, Italy alessandro.mancuso@aalto.fi

Results By setting the budget to 600k€, the optimization model computes three non-dominated solutions. Portfolio 𝑧 1 dominates the other two solutions at time steps 𝜏≥1, but at the initial time step 𝜏=0 it shows a higher risk. If these increases are not deemed to be significant, then portfolio 𝑧 1 could be recommended as the optimal solution. 0.13% 0.45%