Conversion of the FTs into BNs

The FTs are converted into BNs. All FTs representing the causes of the deviating states of the same section are converted in a unique network. In a similar way as for the water tank system, the top event is converted into a node representing the deviating section states, while the basic events are root nodes in the networks. The basic events in the FT are component failures. As each component can have many failure modes, the number of nodes and links in the BN can be minimised by creating for each component a node whose states are the working plus the failed states.

For the main tank, a BN is created for each section in all system phases. The choice of different BNs depending on the phase of the system is motivated by the fact that it is not necessary to include the BN for which evidence will not be given. For example, if the system is in phase 4, flow is expected at the sensor FT0110 in section 1, therefore the BNs that

will be considered are the ones that relate to the FTs whose top events are Low Flow and Partial Flow when flow is expected. It would still be possible to create BNs that include all possible working modes, but they are larger and they carry no extra information for a particular system phase.

The section relating to the drainage line remains unchanged for all phases of the ACTIVE mode, as no flow is always expected. In this case, two FTs are included in the network: High Flow and Partial Flow. The top events are converted into the fault nodes (at the top in figure 5.7), and the components of the section are the root nodes at the bottom. There are only 5 components in the drainage line: 2 sections of pipework, a valve and a controller. Figure 5.7 shows the structure of the BN.

The next figure, figure 5.8, shows the BN for fuel line L1 in phase 4 of the ACTIVE mode. Two FTs are included in this BN and it is already quite large. If all deviating states would be included, representing all phases of the system, four FTs would be converted into the BN and this would double its size. Figures 5.9 and 5.10 represent separately the two subnetworks that form figure 5.8. These are included for a better reading.

The choice of representing the networks now upside down with respect to the previous ones is simply motivated by the fact that having the fault nodes at the top and the component failures at the bottom with the links pointing upward can make the conversion and the comparison with the original FTs easier. However this graphical scheme does not make any difference to the logical meaning and the probability structure of the BNs.

Figure 5.9– BN for the event No Flow in line L1 of the main tank in phase 4.

Appendix B contains all the BNs for the main tank.

Redundant Sections

When building the FTs and BNs for the fuel rig system, it was clear that some of their logic structure, which models how the component failures cause the symptoms, are repeated many times. For example, line L1 and line L2 are very similar, as well as recycle line L1 and recycle line L2. This is true for the sections that provide the system with redundancy, but it can be observed for the entire sub-systems. BNs allow these similarities to be used in order to avoid a repetition of the same logic. It is the same principle as for the repeated basic events in the FTs that appear only once in the BN structure.

For example, the BNs relating to the recycle line L2 has the same logic structure as the BN for recycle line L1 with the replacement of the following components:

- P0107 instead of P0101, - P0108 instead of P0102, - P0118 instead of P0115, - P0119 instead of P0116, - P0120 instead of P0117, - PP0120 instead of PP0110, - PSV0110 instead of PSV0120.

The sensor FT0121 in the recycle line L2 has the same role as sensor FT0111 in recycle line L1. As all BNs representing the sections belong to a same class collection, a BN for recycle line L2 can be created including the BN for recycle line L1 as in figure 5.11. The fault nodes at the bottom representing the deviating sensor states of the recycle line L2 are linked to the fault nodes in the external BN for the recycle line L1. Similarly the input nodes representing the components in the recycle line L2 link to the components belonging to recycle line L1. In this way, the input nodes assume the same probability as for the nodes in the external BN. This procedure can be done for the sections of the system or for entire sub-systems. For example, the main tank in phase 4 has the same expected behaviour as the wing tank in phase 2. The BN created for the main tank sub-system for phase 4 will be identical to the BN for the wing tank sub-system for phase 2 with the replacement of the correct components and the sensors labels. This will be shown in more details when all BNs relating to the sections are connected together.

Figure 5.11– BN for recycle line L2 created using the BN for recycle line L1.