DFT analysis of Ship pilotage risk based on A.D. Hall models

. Based on A pilot station more than 10 years of pilotage safety accident database, from three angles, including time, link and space, the statistical of ship pilotage safety accident risk is analysis, from which obtain the pilotage safety accident characteristics, and provide the basic data for the risk assessment and risk analysis model. By using the improved A.D. Hall model, based on the study of accident database, a 3D model of ship pilotage risk assessment is established, which is from the time dimension, logic and resource dimension angle. From the point of view of resource dimension, the dynamic fault tree model is established considering the dynamic relationship between events, and the model is analysed by dynamic fault tree analysis (DFT). Based on the analysis results, measures to reduce pilotage risk are proposed. the of to the of ship pilotage, identification of the risk classification.


Introduction
Pilotage, defined in the Regulations refers to the guidance of ship navigation, berthing and shifting activities.
In the whole process of ship pilotage, it is analysed in terms of human, material and environment, can be decomposed into the pilot, the cited ship, and the external environment of ship pilotage three key factors, which need to be considered.
Vessel pilotage, defined in the law, refers to the activities that lead the ship to sail, berth, berth and berth.
In the whole process of ship pilotage, it is analysed in terms of human, material and environment.
With the development of large-scale ships, the tonnage and main dimensions of vessels are becoming larger and larger, and the difficulty of piloting ships is increasing gradually; The rapid development of the port, the number of daily arriving ship will continue to increase, the pilot ships will increase year by year, the pilot work intensity is increasing year by year; With the increasing volume of old port operations, the gradual development of new ports and the pilot operation environment become strange.
The above three aspects increase the potential safety risk of pilotage.
The risk assessment of ship pilotage has been analysed for many years. Fang Quan Gen (2006) proposed risk matrix and risk criteria, which based on ship pilotage accident [1].Wu Yong Jun ,Ma Fei and Xuan Shao Yong use FTA methods to analyse system failures and risks [2][3][4]. Fang Cheng (2008) used the Bayesian method to forecast the risk of ship pilotage risk, which is based on the analysis of the actual situation and the accident [5]. Zhou Lili (2008) used the grey comprehensive evaluation model to sort the correlation degree of the ship pilotage risk [6]. Fan Hong (2004) used the evidence theory to evaluate the system risk, when the underlying factors are subjective judgments due to the lack of data [7]. Chen Zheng Hua (2005) made a more comprehensive and accurate assessment of the risk situation in the pilot area and the ship's navigation [8]. Xue Yi dong (2005) made a detailed analysis of human error, which based on the case of ship pilot accident [9]. XI Yong Tao established the index system and evaluated the safety risk of the ship's pilotage by the unknown measure model and the confidence identification criterion [10]. Lin Tie Liang used the FTA method to analyse the risk of the bridge collision [11]. Zhang Qing and Bai Xu use the FMEA and FTA methods to analyse system failures and risks, and propose solutions based on the results for the corresponding risks [12][13]. Ji Changming use the A.D. Hall models to do the system analysis [14].HU Shen ping and Q Fang use Synergy-based mode to study the management risk of marine traffic [15] [16].In this paper the A.D. Hall models is improved to assessment of ship pilotage risk, which is from the time dimension, logic and resource dimension angle. DFTA is used to make a comprehensive and accurate assessment of ship pilotage.

Pilotage safety accident database
The statistics of pilotage risk accidents is based on a pilot station for more than 10 years. The accident time, historical information, link information and spatial location information is statistically analysed.
Through time history analysis of accidents, the average of every 10,000 pilot ships occurred in various types of security incidents 7.6 times (including cars, pilot the logic dimension risk identification risk analysis risk control risk response boats, ships). The average probability of occurrence of pilot accidents is 0.08%. According to the occurrence of the link, the accidents contain two links, which are the process of the pilot reaching the pilot site and beginning pilot operation.
In this two links, there are three categories including ship accidents, car accidents, pilot boats accidents and ship piloting accidents. All of the pilotage risk accidents, ships accidents accounted for 40%, followed by the pilot boats accidents accounted for 31%, cars accidents accounted for 28%. Ship piloting operation is the main link of the pilot accident, ship piloting accident occurred in the average probability of 0.03%.
According to the location of the ships, the accidents are divided into three categories including port, channel and anchor. According to the analysis of the piloting t accident report, 62% of the ship accidents occurred in the port area; 25% of accidents occurred on the channel; 13% occurred in the anchorage.

Identification of risk
On the basis of full understanding of risk characteristics, identify potential risks and specific risk factors of these risks. Risk identification can generally be carried out by imagination and by the use of standard analysis techniques. Imagination must not be based solely on the identification of hindsight or existing dangers, but should also take full account of the anticipated dangers that may or may not be present.
The risk factors, according to the boundary division of risk, can be divided into internal and external risks, the internal risk refers to the events in the internal organization, and external risk refers to the risk of occurrence in the main external organization. According to this classification method, pilotage risk is divided into two categories, internal risk and external risk.
The internal risk includes the pilot process by pilot and pilot organization internal security management risk management. The pilot's own analysis of the situation, including health, fatigue, emotional control, safety awareness and quality of mind. The pilot and pilot experience, including the laws and regulations, familiar with the pilot program and emergency plan making, the state of the environment, cited the ship and tug the cognitive level and the pilot operating conditions of degree. The risk management of the internal safety management of pilotage institutions includes the risk of the managers involved in the pilot accident.
For external risks, it includes the risk factors of the ship and the risk factors of the external environment. Among them, the risk factors of ships can be divided into the risks of the cited vessels and the risks of tugs, as well as the risks of other ship equipment on the pilotage accidents, as well as the risks of the crew members and captains of the ship being cited. The risk factors of the external environment and environment factors, detailed for the waterway anchorage risk, dock risk, the risk of traffic (that is caused by the density of ships on the route of accident factors), risk information sharing, the other ships risk (the ship around the ship non normal sailing accident caused by the risk. Especially the accident caused by dredging and fishing boats crossing route) and pilotage accident natural factors influence risk factors.

The risk assessment model
Risk is the impact of uncertainty. Usually the effect is to deviate from expectations, can be positive or negative. Uncertainty is the state of the lack of understanding or knowledge of an event, or even a partial result or possibility. Typically, the risk is presented as a potential event and a consequence or a combination of both. Generally, the risk is expressed in terms of the combination of the consequences of an event, including the change of the situation and the likelihood of occurrence.
How to control the risk? According to Systematic perspective, prefer "risk management" than "accident response". Risk management should focus on the prevention of accidents; Combined with Synergy-based mode risk copying an improved A.D. Hall 3D structure chart is established, the risk assessment and analysis is carried out. The model consists of three coordinates, which are logical dimension, time dimension and resource dimension.
Thus from logic dimension, time dimension and resource dimension, the pilotage A.D. Hall risk management structure model is constructed.

The logic dimension
In accordance with the logic dimension, risk assessment contain risk identification, risk analysis, risk control and risk response. In Figure 1, system risk management must first determine the risk of affecting the ability to achieve goals. Identify risk sources through risk identification; Conduct risk analysis, monitoring, measurement, analysis and evaluation of risks and opportunities; Take steps to address risks and opportunities to ensure that activities are implemented, increase the ability to cope with risks.
Risk identification: Risk identification is the risk factor that may exist in the defined system, and what impact these factors have on the system. Risk analysis Risk analysis is on the basis of risk identification, the corresponding index system and evaluation standard, to classify the degree of risk, reveal the key risk factors affecting the security of the system, according to the key risk factors, take preventive measures, to reduce the risk and improve the existing security situation. At the same time, through this assessment, relevant risks can be kept within the acceptable range as much as possible.
Risk control The risk control scheme is based on the risk identification and risk assessment, the paper puts forward the corresponding measures of risk reduction, risk control scheme and according to these measures feasible, including the formulation and revision of some regulations. In the risk control plan should carefully consider the known risks and in danger of "recognition" and "risk analysis" risk identification in step two, we should be fully aware of the risk as a result of new technology or update the operation method of the cause, so as to fully implement the risk control scheme for all risk.
Risk response Risk response should be based on the risk control scheme, take corresponding emergency measures and take specific emergency measures for the risks that have occurred or have occurred.

The time dimension
Pilotage service according to the time dimension contains accepting the pilot application, making the pilot plan and implementation of the pilot scheme. In Figure 2, system risk management penetrates the full process of pilot activities. Carry out pilot production, understand the pilot external and internal conditions, fully consider the ship navigation environment, meteorological and hydrological conditions, wharf and navigation facilities and other potential risk factors, and formulate the pilot plan. Time dimension refers to the system engineering, from acceptance to execution can be divided into 3 stages: After accept the pilot task, formulate pilot program, and implement the pilot scheme.
Acceptance of pilotage application: the pilot ship applies for pilotage to the pilotage institution, and the pilotage institution accepts and provides pilotage service in accordance with the regulations.
Pilotage plan formulation and Implementation: pilotage organization according to the application formulation pilot plan and implementation plan.
The formulation and implementation of the pilot scheme: according to the plan of pilotage scheme, and assigned to the pilot operation, the specific implementation of pilot scheme.

The resource dimension
Pilotage service according to the resource dimension, contains: Software, hardware (natural objects, man-made objects, such as facilities, equipment), environmentconditions, human. In Figure 3, the relationship between human and objects-state, these three aspects are organically combined to form a dynamic risk system.
Human factors mainly refer to the pilots and other personnel, including human behaviour and cognitive judgment operation. Factors of objects mainly include, ship, natural conditions, navigation traffic conditions. Factors of the relationship between human and object include information communication and organization management.
Software: Usually refers to system management, including information exchange between organizations, between the object, the planning policy, emergency response program. In this paper, including information exchange with the piloting ship contact with the other ship contact with tug and emergency plan Hardware: Usually refers to objects (natural objects, man-made objects, such as facilities, equipment). In this paper, including the cited ship and passage past ship.
Environment: Usually refers to External natural conditions, including environmental and climatic factors. In this paper, including visibility wind and flow conditions.
Human: Usually refers to human factor including Human-behaviour and perception.
The realization of security needs to prevent, control and eliminate the risk from three aspects of above three aspects content.

Dynamic fault tree construction method
The establishment of fault tree can rely on joint research of experts, which can also be combined with the database and refer to other industry establishment methods. In this paper, the ship pilotage failure case database is used to construct the DFT. Consider the fault tree consisting of n basic events, and the basic events are independent of each other. The state parameter i X represents the basic event, and represents the state parameter of the top event. Fault tree structure function DFT is developed on the basis of static fault tree, which is an extension of static fault tree. In DFT, due to the dynamic characteristics of the system, researchers need to take into account the interaction between the components and the order of events, which is the content of the static fault tree cannot be achieved. Because the failure mode has sequence problem, therefore the cut sets cannot be used, but the sequence cut sets can be used.
The resolution of a DFT is much different than the one of the SFT, because temporal and cross dependencies cannot be modelled and solved through Boolean algebra [17].
The DFT are using dynamic logic gates, namely Priority And Gate(PAND),The Spare Gate(SP) and The Functional Dependency gate(FDEP),Sequence enforcing gate(SEQ) [18].
In this paper the failure of a Priority-AND(PAND) ,Functional Dependency gate(FDEP) and Sequence enforcing gate(SEQ) have been used as the dynamic logic gates.
In these paper the dynamic fault tree is converted to Markov chain which can be used to solve the dynamic the sequence cut sets of the fault tree .
All the failure modes and propagation paths can get from the state transition graph of the dynamic fault tree, which is represented by a sequence cut set. In a Markov state transition diagram, each step corresponds to transfer a part of the fault system, if a final state Markov chain for system failure, the sequential chain of all transfer plus the ordinal relation becomes a system failure mode [19].
Therefore, in order to express the order relation, a new method for representing the failure mode is introduced. Such as: failure mode A first fault, B after the failure, system failure can be expressed in AB. The C is the top event, A and B are the bottom events, and the sequence cut set in figure can be represented as {A, B} [19].

Dynamic fault tree analysis
According to the logical dimension of pilotage system, the main purpose of fault tree analysis is to identify the cause of the pilot failure, by the risk analysis, find out the weak link of pilotage activity. And then carry out the control measures.
The fault tree analysis was used to determine the top event as collision. The cause of the collision was analysed by the method of system analysis, from risk control of resource dimension. Taking the collision as the top event, the fault tree was constructed .Detailed see Table 5 Fault tree table and Appendix Figure 7 Fault tree figure.

Dynamic sub trees analysis
According to the dynamic logic gate, the fault tree diagram can be divided into three dynamic sub trees. From left to right, followed by FDEP SEQ and PAND three pairs of trees, respectively, using Markov chain method to solve the sequence cut set. In Figure 4, the logic gates have 8 state chains in the process of transforming into Markov chains, and only 4 chains correspond to failure Through Boolean transport of logical gates or gates, a sequential cut set in Table 1 is obtained by combining the Markov chain transformation of Fig. 4.  In Figure 5, the logic gates have 24 state chains in the process of transforming into Markov chains, and only 1 chains correspond to failure As shown in Figure 5, the top 1 The other 23 is not failure As shown in Figure 5, the middle 1 and the next 1, the other 21 are not drawn in A transport of logical gates or gates, a sequential cut set in Table 2 is obtained by combining the Markov chain transformation of Fig. 5. In Figure 6 The logic gates have 2 State chains in the process of transforming into Markov chains, the input events A and B in the 2 chains represent two input events in Figure 7 Fault tree figure, respectively, corresponding to logical gates or gates, and No.23. Through Boolean transport of logical gates or gates, a sequential cut set in Table 3 is obtained by combining the Markov chain transformation of Fig. 6.

Subtree synthesis analysis
Based on the above results, the synthesis of three sub trees can be used to get the risk mode of the top event of the ship pilot fault tree: From the above results, in Table 4,we can see that the dynamic fault tree have 17 sequence cut sets, and there are 17 ways to lead to the top fault event. 17 sequence cut sets concentrated {No.304} ,which contains the least number from the qualitative analysis, the structure importance of bottom events will be the most important, which should be strengthen security measures to avoid incidents.

Conclusion
In this paper, based on the collected ship pilotage failure case database, analysis of statistical characteristics of ship pilotage accident, identify potential risk sources causing ship pilotage failure.
Through the internal and external risk identification, using improved A.D.Hall model in logic dimension, time