Professional Documents
Culture Documents
Safety Science
journal homepage: www.elsevier.com/locate/ssci
a r t i c l e i n f o a b s t r a c t
Article history: Subway system is a critical and fundamental urban infrastructure and provides essential transport ser-
Received 15 April 2015 vices for promoting economic development and social stability. Due to the serious result of operation
Received in revised form 7 July 2015 interruption and accident, it is increasingly important for risk management to be proactive, targeted,
Accepted 24 July 2015
and effective. In this paper, a new framework based on network theory and FMECA method is proposed
Available online 6 August 2015
to study the vulnerability of subway system, in the form of analyzing network efficiency by network the-
ory and risk matrix in FMECA method. Then, a case study is used to demonstrate the effectiveness and
Keywords:
feasibility of the framework in identifying the vulnerable and critical functional module in subway sys-
Subway
Vulnerability analysis
tem and assessing severity of its failure modes. In the end, an organizational structure is put forward from
Network analysis three aspects of operation, research, and manufacturer for improving the subway safety level. This
FMECA research would be conducive to provide recommendations and suggestions regarding safety provisions
Failure mode for subway operation to reduce the occurrence of accidental failures.
Ó 2015 Elsevier Ltd. All rights reserved.
http://dx.doi.org/10.1016/j.ssci.2015.07.019
0925-7535/Ó 2015 Elsevier Ltd. All rights reserved.
128 Y. Deng et al. / Safety Science 80 (2015) 127–134
and mutually dependent along with the development of scientific (ABM) (Acosta-Michlik and Espaldon, 2008), System Dynamics
technologies. Due to interdependences inside the subway system, (SD) (Mirchi et al., 2012), object-oriented modeling (OOM)
the failure of one component may affect the normal function of (Eusgeld et al., 2009; Zhang and Yang, 2014), and network theory
other components or even diffuse directly or indirectly to the (Hearnshaw and Wilson, 2013). Among these existing vulnerability
whole system (Colombi et al., 2013). Hence, component failure methods, network theory has the obvious advantage of describing
may lead to operation interruptions or accidents and cause the properties of complex infrastructure systems due to its adja-
tremendous economic, social, and physical disruption, amplifying cency matrix being able to completely characterize relationships
negative consequences and affecting unforeseeable and haphazard between network nodes. It has been applied in many infrastructure
sets of users. An example is the subway collision occurred on 27 systems, such as power grid system (Koç et al., 2013) and pipeline
September 2011 in Shanghai, which left 284 people injured and system (Ouyang et al., 2008). However, in current studies, almost
95 hospitalized, was caused by a single small failure in a subway all network models assume a fixed topological structure or inde-
station power supply. As it stands, the source of this accident is a pendent relationships. Most of the infrastructures involved have
component failure in power system, then spreads to signal system, an obvious network topology structure, and with relatively clear
and diffuses to train system in the end, which directly leads to this basic elements (i.e. nodes and edges) in the network. Only a few
accident. The whole process looks like a domino phenomenon. As studies take into account interface topologies (physical connec-
this example indicates, the occurrence of component failures tions) across infrastructure systems to minimize the consequences
may not only cause damage to a single subsystem, but also spread of component failure (Ouyang and Dueñas-Osorio, 2011). The
to the other function related subsystems. It is apparent that physical properties of infrastructure components are inevitably
increasing complexities and interconnectivities are making sub- ignored in the modeling process. In addition, the functional rela-
way system more in need of systematic vulnerability analysis. tionships between infrastructure elements may not be well cap-
Considering the crucial role of subway in the development of tured in the network models.
the entire society, it is increasingly important for risk management The network analysis is a powerful tool to identify and assess
to be proactive, as failures or breakdowns often result in great the vulnerable components in infrastructure system from system-
losses in many aspects (Mu et al., 2014). According to a statistics atic view. However, it is argued that component failure is the root
of Beijing subway operation accidents from 2008 to 2011, it indi- cause of system vulnerability. In reality, various events can lead to
cates that about 70% operation accidents are caused by the occur- failures during the subway operation, such as random incidents,
ring of various component failures. Thus it can be seen that the natural hazards and sabotage. Many studies have been carried
physical fault is the main cause of subway operation interruption out to understand these failure mechanisms and develop models
and accident. Vulnerability and risk analysis are essential tools and methods for effectively analyzing systems in order to provide
for proactive risk and crisis management (Johansson and Hassel, protective measures (Kutlu and Ekmekçioğlu, 2012; Sause et al.,
2010). Hence, it is necessary to discern potential risks and vulner- 2012). To summarize, there are two main approaches, i.e., predic-
abilities and formulate corresponding coping strategies, which is tive approach and empirical approach (Johansson and Hassel,
very important to improve the safety level of subway operation. 2010).
The paper is organized as follows: a literature review is summa- The predictive approach mainly involves modeling or simulat-
rized on the theme of vulnerability research and hazard analysis in ing the characteristics of a particular infrastructure system. The
Section 2. Then, Section 3 describes the methodology in this model is a reasonable simplification of the real infrastructure sys-
research, including an analytical framework, modeling approach, tem and is analyzed by a corresponding software platform. An
network theory, and FMECA method. Next, in Section 4, a case study example is the inoperability input–output method (IIM) based on
is presented in which the subway network’s vulnerable functional 1973 Nobel laureate Wassily Leontief’s input–output economic
modules are identified in terms of network efficiency, and the fail- model. This uses a linear matrix equation to express the inability
ure modes are assessed based on risk matrix analysis. In the end, of a system to achieve its designed function. Oliva et al. have devel-
conclusions and suggestions concerning possible implementation oped an extension of IIM that expresses expert knowledge con-
issues and future study are provided in the final Section 5. cerning infrastructure dependencies, involving a dynamic
inoperability input–output model to provide valuable insights into
the risk assessment and management of interdependent infras-
2. Literature review tructure systems (Oliva et al., 2011). Used in this way, the IIM
approach is a great help in understanding how perturbations prop-
Vulnerability is a term with different meanings in different agate among interconnected infrastructure systems and how to
research areas. Its definition is often ambiguous and sometimes mitigate their effects (Crowther and Haimes, 2010). The empirical
misleading (Jönsson et al., 2008). In the present context, the approach, on the other hand, its main purpose is to discern pat-
research literature contains two related interpretations. The first terns relating to the propagation of failures and their consequences
is that vulnerability is a global system characteristic that expresses for society. It mainly aims to gain experience or knowledge
the magnitude of serious consequences following the occurrence of through the analysis of past accidents or near misses, as learning
a specific hazardous event (Eusgeld et al., 2011). The other inter- from previous failure experiences is a valued and relatively
pretation is that vulnerability applies to a system component or pain-less process. McDaniels et al. (2007), for example, take an
an aspect of a system (Aven, 2007). The term vulnerability is used empirical approach by using major electrical power outages to
here to describe a system property according to the first interpre- understand how extreme events result in failures of infrastructure
tation. There are also three important perspectives of vulnerability systems.
analysis: global vulnerability analysis (Johansson et al., 2007), crit- The Failure Mode, Effects and Criticality Analysis (FMECA)
ical component analysis and critical geographical locations analy- method is a typical empirical approach, which is very useful
sis (Wang et al., 2013). Considering infrastructures are always method to propose improvement measures through the analysis
distributed in a wide spatial range, Johansson et al. (2011) propose of potential failures and their effects on equipment, which
geographical vulnerability analysis to study the spatially oriented appeared during the sixties in aviation industry and achieved good
vulnerability involved. effect. The systematic application of this method has an important
Many models and methods have been implemented to study significance for failure mode diagnosis and location and system
the vulnerability of systems, such as agent-based modeling vulnerability improvement. It is a powerful tool for early
Y. Deng et al. / Safety Science 80 (2015) 127–134 129
degrees, in which the most serious degree is degree I, and the Table 4
degree IV is relatively not serious. The failure mode degrees were FMECA analysis table.
confirmed synthetically through professional discussion in the spe- Train Failure a (%) b k (%)/ Severity/ Grade
cial meeting. To sum up, the FMECA analysis table is shown in subsystem mode 103 km 103 km
Table 4. Bogie system SAOL 30.71 0.5111 7.42 1.1646 III
Comprehensive considering the probability and severe degree, WSP 33.82 0.6611 7.42 1.6505 II
the risk matrix could be drawn as Fig. 5. The x-axis is probability ASF 7.47 0.4944 7.42 0.2743 IV
GBOL 11.83 0.6500 7.42 0.5685 III
of the severity of the failure mode and the y-axis is severe degree AV 7.26 0.5611 7.42 0.3018 III
of failure mode. In this figure, distribution point on the diagonal– JENF 5.60 0.5278 7.42 0.2192 IV
vertical projection could be got by constructing the perpendicular RRD 3.32 0.4611 7.42 0.1139 IV
of diagonal line through the coordinate point of every failure mode.
The far the distance from the origin of coordinate system, the more
dangerous the failure mode is. The hazard analysis indicates that
the risk order of these failure modes is WSP, SAOL, GBOL, AV, Cm/103km
ASF, JENF, and RRD. The wheel size problem is the most dangerous 1.659
failure mode in bogie system. WSP
1
5. Discussion and conclusion
SAOL
Criticality
In this paper, an analytical framework is proposed to study vul-
nerability of subway physical system based on its characteristics, 2
and it is proved to be effective and feasible. The proposed network
3
modeling approach is a useful tool for establishing network model
of infrastructure system. According to the research result of net- 4
GBOL
work analysis, train is the most vulnerable functional module in
subway system. Optical fiber system, clock system, and automatic 65
fare collection system are also very vulnerable. Then, bogie system, 7 ASF AV
the subsystem of train system, is selected to do FMECA analysis in JENF
order to identify the critical failure mode, which may lead to seri- RRD
ous accident in daily operation. It is discovered that the wheel size IV III II I
Severe degree
1 Fig. 5. Bogie system risk matrix.
31 2
30 3
29 4
28 5
problem is the most serious failure mode, followed by shock absor-
27 6 ber oil leakage and gear box oil leakage.
26 7 The vulnerability research can be used as a significant founda-
tion for improving the safety level of subway operation. In brief,
25 8 it is anticipated to enhance subway safety in three aspects. First,
Vulnerability network analysis will help in discovering the vulnerable and criti-
24 9 cal functional modules in subway system with quantitative
23 10 method, which provides a good basis on the hierarchical manage-
ment of equipment safety. More safety resources could be allo-
22 11 cated to the vulnerable and critical equipment in daily safety
21 12 management. Second, FMECA could be very useful in supporting
safety risk analysis, for instance, as a qualitative tool for identifying
20 13
the important failure mode and assessing the running status of
19 14
18 15 equipment. Third, vulnerability research results could provide
17 16
basic data for manufacturers to improve subway equipment per-
Fig. 4. The network vulnerability of subway physical module. formance and raise operational reliability.
Network theory is a powerful tool to research the vulnerability
of network model. The proposed modeling approach is a promising
method to model complex infrastructure system without fixed
Table 3 topological structure. The most important point is establishing a
Severe degree of failure mode. reasonable network model in accordance with the research object.
It is apparent that exploring vulnerabilities requires a detailed
Severe degree Description
knowledge of the global structure of the subway physical network,
Degree I May lead to loss of system functionality, endanger
but, it is very difficult to acquire such knowledge entirely and accu-
operation safety, and cause casualties
Degree II May lead to performance degradation of main components,
rately due to the complexity of the subway system. Hence, empir-
influence driving safety, and cannot repair in a short time ical system decomposition is used to abstract the real subway
Degree III Little impact on safety, may lead to train stopped, could be system into nodes and edges, which represent functional modules
repaired in a short time and functional relationships respectively. In FMECA analysis part,
Degree IV Almost no effect on safety, no need to replace parts, could
considering the diversity and complexity of failure modes, it is also
be repaired easily
impossible to do FMECA analysis on all the functional modules.
Y. Deng et al. / Safety Science 80 (2015) 127–134 133
References
Supervise
Acosta-Michlik, L., Espaldon, V., 2008. Assessing vulnerability of selected farming
te communities in the Philippines based on a behavioral model of agent’s
Co
adaptation to global environmental change. Global Environ. Change 18 (4),
ora
llab
554–563.
llab
Aven, T., 2007. A unified framework for risk and vulnerability analysis covering both
ora
Co
te
Metro safety Calida, B.Y., Katina, P.F., 2012. Regional industries as critical infrastructures: a tale of
two modern cities. Int. J. Crit. Infrastruct. 8 (1), 74–90.
t As
sis sis Catelani, M., Ciani, L., Cristaldi, L., Faifer, M., Lazzaroni, M., 2013. Electrical
As t performances optimization of photovoltaic modules with FMECA approach.
Research Equipment Measurement 46 (10), 3898–3909.
institution Collaborate manufacturer Colombi, C., Angius, S., Gianelle, V., Lazzarini, M., 2013. Particulate matter
concentrations, physical characteristics and elemental composition in the
Milan underground transport system. Atmos. Environ. 70, 166–178.
Crowther, K.G., Haimes, Y.Y., 2010. Development of the multiregional inoperability
Fig. 6. The proposed organization structure. input–output model (MRIIM) for spatial explicitness in preparedness of
interdependent regions. Syst. Eng. 13 (1), 28–46.
Eusgeld, I., Kröger, W., Sansavini, G., Schläpfer, M., Zio, E., 2009. The role of network
theory and object-oriented modeling within a framework for the vulnerability
Therefore, train is selected as an example to do FEMCA analysis analysis of critical infrastructures. Reliab. Eng. Syst. Saf. 94 (5), 954–963.
Eusgeld, I., Nan, C., Dietz, S., 2011. ‘‘System-of-systems’’ approach for
based on the data collected from Nanjing subway operation com- interdependent critical infrastructures. Reliab. Eng. Syst. Saf. 96 (6), 679–686.
pany, including statistical data, questionnaire data, and expert Giardina, M., Morale, M., 2015. Safety study of an LNG regasification plant using an
opinion. In short, although involving some simplification of reality, FMECA and HAZOP integrated methodology. J. Loss Prev. Process Ind. 35, 35–45.
Hearnshaw, E.J., Wilson, M.M., 2013. A complex network approach to supply chain
the modeling and analytical approaches are reliable and the result network theory. Int. J. Oper. Prod. Manage. 33 (4), 442–469.
is intuitively sound. In addition, it is demonstrated that using net- Johansson, J., Hassel, H., 2010. An approach for modelling interdependent
work theory and FMECA method to study subway systems may be infrastructures in the context of vulnerability analysis. Reliab. Eng. Syst. Saf.
95 (12), 1335–1344.
a fruitful direction for vulnerability analysis of infrastructure sys-
Johansson, J., Jonsson, H., Johansson, H., 2007. Analysing the vulnerability of electric
tems in future. distribution systems: a step towards incorporating the societal consequences of
Based on this research, an organization structure is proposed in disruptions. Int. J. Emerg. Manage. 4 (1), 4–17.
Johansson, J., Hassel, H., Cedergren, A., 2011. Vulnerability analysis of
order to decrease the subway physical vulnerability, as shown in
interdependent critical infrastructures: case study of the Swedish railway
Fig. 6. Subway operation unit is directly in charge of subway daily system. Int. J. Crit. Infrastruct. 7 (4), 289–316.
operation, it plays a key role in ensuring the subway safety. The Jönsson, H., Johansson, J., Johansson, H., 2008. Identifying critical components in
subway operation company is responsible for organizing patrol technical infrastructure networks. Proc. Inst. Mech. Eng., Part O: J. Risk Reliab.
222 (2), 235–243.
inspection and maintenance on vulnerable and critical instruments Kadri, F., Birregah, B., Châtelet, E., 2014. The impact of natural disasters on critical
and devices and making complete running and maintenance infrastructures: a domino effect-based study. J. Homel. Secur. Emerg. Manage.
records, which is the fundamental data for research institution to 11 (2), 217–241.
Koç, Y., Warnier, M., Kooij, R.E., Brazier, F.M., 2013. An entropy-based metric to
implement related research work. It could be in the form of a man- quantify the robustness of power grids against cascading failures. Saf. Sci. 59,
agement consultancy to help the subway operation company in 126–134.
improving operation safety. For example, the research institution Kutlu, A.C., Ekmekçioğlu, M., 2012. Fuzzy failure modes and effects analysis by using
fuzzy TOPSIS-based fuzzy AHP. Expert Syst. Appl. 39 (1), 61–67.
could offer suggestions on modifying the management regulations Li, N., Xu, Z., Zhai, L., Li, Y., Fan, F., Zheng, J., Xu, P., He, F., 2014. Rapid development of
and preventing the operation risks. In addition, equipment manu- proteomics in China: from the perspective of the human liver proteome project
facturer is also a critical role because it manufactures and supplies and technology development. Sci. China Life Sci. 57 (12), 1162–1171.
Lu, Y., Li, Q.M., Xiao, W.J., 2013. Case-based reasoning for automated safety risk
the subway equipment. The equipment manufacturer, therefore,
analysis on subway operation: case representation and retrieval. Saf. Sci. 57,
could use the statistical data of subway operation company and 75–81.
research results of research institution to analyze the failure modes Martínez, L.M.G., Viegas, J.M., 2012. The value capture potential of the Lisbon
Subway. J. Transp. Land Use 5 (1), 65–82.
that are occurring and help identify their root causes to improve
McDaniels, T., Chang, S., Peterson, K., Mikawoz, J., Reed, D., 2007. Empirical
technical design standards and manufacturing processes. framework for characterizing infrastructure failure interdependencies. J.
In future research, a detailed failure knowledge database is Infrastruct. Syst. 13 (3), 175–184.
needed, with case-based reasoning to analyze safety risks. Meyer, A., Vaquer, G., Birebent, B., Gautier, E., Segier, J.M., Gouby, J., Rouard, H.,
2015. The failure mode, effects and criticality analysis (FMECA) method: a
Meanwhile, a real-time early warning system could be developed useful approach for risk management plan in advanced therapy medicinal
based on the characteristics of equipment failure modes, which products manufacturing. Cytotherapy 17 (6), S11.
will be great help to improve subway safety level. In addition, Mirchi, A., Madani, K., Watkins Jr., D., Ahmad, S., 2012. Synthesis of system
dynamics tools for holistic conceptualization of water resources problems.
how to establish the cooperation and coordination mechanism Water Resour. Manage 26 (9), 2421–2442.
among subway operation unit, research institution, and equipment Mu, S., Cheng, H., Chohr, M., Peng, W., 2014. Assessing risk management capability
manufacturer is also deserved to make a thorough study. of contractors in subway projects in mainland China. Int. J. Project Manage. 32
(3), 452–460.
Nash, C., with contributions from partners, 2003. Project UNITE (UNIfication of
Accounts and Marginal Costs for Transport Efficiency). Final Technical Report,
Acknowledgments Fifth Framework Competitive and Sustainable Growth (Growth) Programme,
Commissioned by European Commission, DG TREN. <www.its.leeds.ac.uk/
UNITE>.
The research described in this paper is supported by the
Oliva, G., Panzieri, S., Setola, R., 2011. Fuzzy dynamic input–output inoperability
National Science Foundation of China (Grant No. 51178116) and model. Int. J. Crit. Infrastruct. Prot. 4 (3), 165–175.
the Humanities and Social Sciences Youth Foundation of China’s Ouyang, M., 2014. Review on modeling and simulation of interdependent critical
Education Ministry (13YJCZH120), the Priority Academic Program infrastructure systems. Reliab. Eng. Syst. Saf. 121, 43–60.
Ouyang, M., Dueñas-Osorio, L., 2011. An approach to design interface topologies
Development of Jiangsu Higher Education Institutions (PAPD) and across interdependent urban infrastructure systems. Reliab. Eng. Syst. Saf. 96
Postgraduates’ Science and Innovation Foundation of Jiangsu (11), 1462–1473.
134 Y. Deng et al. / Safety Science 80 (2015) 127–134
Ouyang, M., Yu, M.H., Huang, X.Z., Luan, E.J., 2008. Emergency response to disaster- Wang, S., Hong, L., Chen, X., 2012. Vulnerability analysis of interdependent
struck scale-free network with redundant systems. Physica A: Stat. Mech. Appl. infrastructure systems: a methodological framework. Physica A: Stat. Mech.
387 (18), 4683–4691. Appl. 391 (11), 3323–3335.
Sause, M.G.R., Müller, T., Horoschenkoff, A., Horn, S., 2012. Quantification of failure Wang, S., Hong, L., Ouyang, M., Zhang, J., Chen, X., 2013. Vulnerability analysis of
mechanisms in mode-I loading of fiber reinforced plastics utilizing acoustic interdependent infrastructure systems under edge attack strategies. Saf. Sci. 51
emission analysis. Compos. Sci. Technol. 72 (2), 167–174. (1), 328–337.
Shen, G.X., Sun, S.G., Zhang, Y.Z., Wang, Z.Q., Chen, B.K., Ma, C., 2014. System failure Zanin, M., Lillo, F., 2013. Modelling the air transport with complex networks: a short
analysis based on DEMATEL–ISM and FMECA. J. Cent. South Univ. Technol. 12 review. Eur. Phys. J. Spec. Top. 215 (1), 5–21.
(21), 4518–4525. Zhang, Y., Yang, N., 2014. Development of a mitigation strategy against the
Tirachini, A., Hensher, D.A., Rose, J.M., 2014. Multimodal pricing and optimal design cascading propagation of risk in R&D network. Saf. Sci. 68, 161–168.
of urban public transport: the interplay between traffic congestion and bus Zhou, A., Yu, D., Zhang, W., 2015. A research on intelligent fault diagnosis of wind
crowding. Transp. Res. Part B: Methodol. 61, 33–54. turbines based on ontology and FMECA. Adv. Eng. Inform. 29 (1), 115–125.
Wang, Y.M., Chin, K.S., Poon, G.K.K., Yang, J.B., 2009. Risk evaluation in failure mode
and effects analysis using fuzzy weighted geometric mean. Expert Syst. Appl. 36
(2), 1195–1207.