Cyber-resilience is an increasing concern for autonomous navigation of marine vessels. This paper scrutinizes cyber-resilience properties of marine navigation through a prism with three edges: multiple sensor information fusion, diagnosis of not-normal behaviours, and change detection. It proposes a two-stage estimator for diagnosis and mitigation of sensor signals used for coastal navigation. Developing a Likelihood Field approach, the first stage extracts shoreline features from radar and matches them to the electronic navigation chart. The second stage associates buoy and beacon features from the radar with chart information. Using real data logged at sea tests combined with simulated spoofing, the paper verifies the ability to timely diagnose and isolate an attempt to compromise position measurements. A new approach is suggested for high level processing of received data to evaluate their consistency, which is agnostic to the underlying technology of the individual sensory input. A combined generalized likelihood ratio test using both parametric Gaussian modelling and Kernel Density Estimation is suggested and compared with a detector using only either of two. The paper shows how the detection of deviations from nominal behaviour is possible when the navigation sensor is under attack or defects occur.
Digital Twins have much attention in the shipping industry, attempting to support all phases of a vessel’s life cycle. With several tools appearing in Digital Twin software suites, high-quality manoeuvring and performance prediction remain cornerstones. Propulsion efficiency is in focus while in service. Simulator-based training is in focus to ensure safety of manoeuvring in confined waters and harbours. Prediction of ships’ velocity and turn rate are essential for correct look and feel during training, but phenomena like dynamic inflow to propellers, bank and shallow water effects limit simulators’ accuracy, and master mariners often comment that simulations could be in better agreement with actual behaviours of their vessel. This paper focuses on digital twin enhancements to better match reality. Using data logged during in-service operation, we first consider a system identification perspective, employing a first-principles model structure. Showing that a complete firstprinciples model is not identifiable under the excitation met in service, we employ a Recurrent Neural Network to predict deviations between measured velocities and the model output. The outcome is a hybrid of a first-principles model with a machine learning generic approximator add-on. The paper demonstrates significant improvements in prediction accuracy of both in-harbour manoeuvring and shallow water passage conditions.
Highly reliable situation awareness is a main driver to enhance safety via autonomous technology in the marine industry. Groundings, ship collisions and collisions with bridges illustrate the need for enhanced safety. Authority for a computer to suggest actions or to take command, would be able to avoid some accidents where human misjudgement was a core reason. Autonomous situation awareness need be conducted with extreme confidence to let a computer algorithm take command. The anticipation of how a situation can develop is by far the most difficult step in situation awareness, and anticipation is the subject of this article. The IMO International Regulations for Preventing Collisions
at Sea (COLREGS), describe the regulatory behaviours of marine vessels relative to each other, and correct interpretation of situations is instrumental to safe navigation. Based on a breakdown of COLREGS rules, this article presents a framework to represent manoeuvring behaviours that are expected when all vessels obey the rules. The article shows how nested finite automata can segregate situation assessment from decision making and provide a testable and repeatable algorithm. The suggested method makes it possible to anticipate own ship and other vessels’ manoeuvring in a multi-vessel scenario. The framework is validated using scenarios from a full-mission simulator.
Autonomous marine surface vehicles rely on computer systems with computer intelligence making decisions to assist or replace the navigating officer. A fundamental requirement for the design and implementation of such a cyber-physical system is seamless, predictable, and secure interoperability between vendor-specific hardware and software subsystems. The article describes a system design that includes mechanisms to mitigate the risks and consequences of software defects, individual component malfunction, and harmful cyber interference. It addresses international regulations in the field and demonstrates a system design that can meet the requirements for safe behaviour in foreseeable events while also having the ability to call for human assistance if the autonomous system is unable to handle a situation. The paper presents a design for highly automated vessels with several inherent risk-reducing features, including the ability to isolate and encapsulate abnormal behaviours, built-in features to support resilience to unexpected events, and mechanisms for internal defence against cyber-attacks. The article shows how this is provided by a novel middleware that supports risk mitigation, dependability, and resilience.
Highly reliable situation awareness is a main driver to enhance safety via autonomous technology in the marine industry. Groundings, ship collisions and collisions with bridges illustrate the need for enhanced safety. Authority for a computer to suggest actions or to take command, would be able to avoid some accidents where human misjudgement was a core reason. Autonomous situation awareness need be conducted with extreme confidence to let a computer algorithm take command. The anticipation of how a situation can develop is by far the most difficult step in situation awareness, and anticipation is the subject of this article. The IMO International Regulations for Preventing Collisions
at Sea (COLREGS), describe the regulatory behaviours of marine vessels relative to each other, and correct interpretation of situations is instrumental to safe navigation. Based on a breakdown of COLREGS rules, this article presents a framework to represent manoeuvring behaviours that are expected when all vessels obey the rules. The article shows how nested finite automata can segregate situation assessment from decision making and provide a testable and repeatable algorithm. The suggested method makes it possible to anticipate own ship and other vessels’ manoeuvring in a multi-vessel scenario. The framework is validated using scenarios from a full-mission simulator.
In this paper existing guidelines to predict wave overtopping on rubble mound breakwaters and coastal structures are modified and improved with respect to the influence of the roughness and crest width. Data from recently made model tests and existing data are combined to demonstrate the need for modifying these formulations in EurOtop. A new reduction factor γcw for the crest width is established and is an improvement of the method by Besley. The influence of the roughness of the slope normally also includes an influence of the breaker parameter when it is larger than a certain limit (EurOtop suggest ξm-1.0 > 5). The present study shows that the breaker parameter is not the ideal dimensionless parameter describing the influence of the wave period for breakwaters with steep slopes, as for such structures the front slope has much less influence on the overtopping than the wave steepness. Thus slope angle and wave steepness have been uncoupled to describe the influence of the armor roughness on wave overtopping. The improvement in the overtopping prediction compared to EurOtop is significant, specifically for the new data sets that have data outside the range of the calibration data used for influence of roughness in EurOtop. The proposed improved methods enlarge the range of applicability with respect to crest width and wave steepness.
This chapter is about emergent safety hazards in engineering systems. These
hazards are those that emerge from a system without arising from any part of the
system alone, but because of interactions between parts. We distinguish two
approaches to analysing engineering systems: one is to view them as sociotechnical, and the other is to consider them as cyber-physical systems. We
illustrate a great deal of emergent hazardous behaviours and phenomena due to
unknown accident physics, malign actions, chemistry, and biology and due to
deficiencies in managements and organisations. The method that follows the
socio-technical view consists in the representation of a system by sequential
functionally unrelated processes that can in reality influence the performance of each other via sneak paths. The method that follows the cyber-physical systems
view focuses on the analysis of control loops (feedback, feedforward, positive,
and negative) and, especially, interrelated loops. The chapter explores also the
realm of security threats due to malign actions that can trigger safety-threatening events. And finally it gives general guidance for avoiding and eliminating safety hazards when designing engineering systems.
Unmanned autonomous cargo ships may change the maritime industry, but there are issues regarding reliability and maintenance of machinery equipment that are yet to be solved. This article examines the applicability of the Reliability Centred Maintenance (RCM) method for assessing maintenance needs and reliability issues on unmanned cargo ships. The analysis shows that the RCM method is generally applicable to the examination of reliability and maintenance issues on unmanned ships, but there are also important limitations. The RCM method lacks a systematic process for evaluating the effects of preventive versus corrective maintenance measures. The method also lacks a procedure to ensure that the effect of the length of the unmanned voyage in the development of potential failures in machinery systems is included. Amendments to the RCM method are proposed to address these limitations, and the amended method is used to analyse a machinery system for two operational situations: one where the vessel is conventionally manned and one where it is unmanned. There are minor differences in the probability of failures between manned and unmanned operation, but the major challenge relating to risk and reliability of unmanned cargo ships is the severely restricted possibilities for performing corrective maintenance actions at sea.
A conceptual design framework for collision and grounding analysis is proposed to evaluate the crashworthiness of double-hull structures. This work attempts to simplify the input parameters needed for the analysis, which can be considered as a step towards a design-oriented procedure against collision and grounding. Four typical collision and grounding scenarios are considered: (1) side structure struck by a bulbous bow, (2) side structure struck by a straight bow, (3) bottom raking, (4) bottom stranding. The analyses of these scenarios are based on statistical data of striking ship dimensions, velocities, collision angles and locations, as well as seabed shapes and sizes, grounding depth and location. The evaluation of the damage extent considers the 50- and 90-percentile values from the statistics of collision and grounding accidents. The external dynamics and internal mechanics are combined to analyse systematically the ship structural damage and energy absorption under accidental loadings.
Autonomous systems strive to obtain salient features that include computer intelligence for obtaining situation awareness, decision support to a human navigator, or for facilitating autonomous decision-making in unmanned vehicles. This paper considers the case of autonomous marine surface vehicles, where high-quality decision support will be instrumental for obtaining a periodically unattended bridge and for approval of unmanned bridge operation with fallback through remote operation. The proposed design focuses on a sovereign-based architecture that facilitates safety, resilience and cyber-security. We address central elements of risk in the development and approval of autonomous systems; we analyze the challenges associated with testing, commissioning and maintenance of a highly complex cyber-physical system, and describe design principles for the sovereign agents architecture.