You are currently viewing: Articles



Apr-2016

Risk analysis of wired vs wireless communication

Wired or wireless? The tools and methods of risk analysis can be applied to these communication systems for objective evaluation.

GARY HAWKINS, Emerson Process Management
ED MARSZAL, Kenexis Consulting Corporation
Viewed : 3196
Article Summary
Is wireless transmission as reliable as wired transmission for communication among instruments and automation systems in process plants? This question has been around since the dawn of wireless communications. There are many factors that can both positively and negatively influence either mode of transmission.

This article will demonstrate a framework to analyse wired versus wireless installations using quantitative tools, allowing the user to include as many causes of disrupted communication as desired as a means to conveniently and reproducibly document decisions. An example analysis of wired versus wireless transmission modes is provided, with some common failures and estimated probabilities.

While many organisations may have initially instituted policies limiting the applications of wireless measurements in their facilities, it should be noted that no industry standard bans the use of wireless transmission, including for critical systems. Furthermore, as users gain experience with the technology, wireless transmission is used for more functions within the organisation and their own policies evolve accordingly.

Risk analysis tools
Risk analysis tools can be classified as either qualitative or quantitative. One popular qualitative tool in use is the layer of protection analysis (LOPA). LOPA, like most methods, looks at order of magnitude differences in risk, but it has a limited set of different logical types available to relate the increased risk reduction provided by each layer. Many process and automation engineers are also familiar with probability and severity matrices, as these qualitative tools have been used for years for tasks ranging from reliability centred maintenance to risk based inspection to hazard and operability studies.

When performing any analysis, outcomes can vary from site to site. This is not only possible, it is to be expected because different sites have different equipment configurations, maintenance programmes and stresses on the installation such as weather extremes. Situations that might occur on one site might not occur in another site, necessitating modifications to the failure modes and the perceived rates at which any of the failures are likely to occur.

Qualitative methods are well suited to meet the needs of a single location but quantitative methods such as fault tree analysis offer the benefit of describing the structure of the problem with respect to what failures can occur, then the probabilities of initiating causes can be easily adjusted as new or improved information is available. This allows the structure to be applicable across different sites, with probabilities adjusted accordingly. For example, a site with new instrument wiring infrastructure would have a lower probability to fail than a more mature site in a marine environment – the probabilities change, but the types of failure remain the same.

That is why quantitative analysis is chosen for this discussion, as a tool to describe the failure mechanism that can be easily shared and modified, allowing an engineer to document the analysis to assist a facility determine an appropriate action – in this case, if wireless transmission of measured variables may be appropriate for their situation.

Simplified fault tree analysis
Fault tree analysis (see Figure 1) begins with basic initiating fault events defined by the user and can be expanded into more detail as needed for the analysis. In the analysis of communication loss we can choose initiating events such as wire breaks without examining the various ways the wire can break, unless this was felt to add more value to the analysis. Thus, simplified fault tree analysis provides the flexibility to expand into more detail or collapse into less detail as needed.

Other initiating events leading to loss of communication may be component failures or loss of battery power. The basic initiating events are typically quantified as either probabilities or frequencies. The assignment of these probability values can be made based on statistical analysis of conditions at site, or by using reliability engineering equations to calculate probabilities. Space does not permit a detailed explanation of these calculations, but the techniques are fairly common. The key point to remember is that although the method is quantitative, one must keep in mind that the probabilities are not exact – that there is no universally acceptable data for probability of failure of devices. That is, although tempting, since the probabilities are only estimates the user should not assume that the results are more accurate than qualitative methods because the results can be displayed with more significant digits.

Both quantitative and qualitative methods can be considered to be within an order of magnitude of the ‘actual’ number. But simplified fault tree analysis provides a tool to frame the problem, to define the sequence of events of all known failure modes and assign a probability to the initiating cause. Then the probabilities can be altered from site to site to suit the specific situation at each site.

Basic events can be related to each other with either ‘and’ gates or ‘or’ gates. The logical relation can be modelled using probability mathematics. To simplify the problem, in an ‘or’ gate you simply add the probabilities together to calculate the probability of the event. For an ‘and’ gate you multiply the probabilities together. This approach is continued all the way up the tree until the top event, which yields quantification of the failure or event of interest.

Revealed or overt failures are failures that announce themselves. For wired or wireless transmission, almost all these failures announce themselves as a loss of communications. These types of failures can be easily dealt with as the automation system has notice of communication failure and can be programmed to react accordingly and even inform operators. Depending on the nature of the failure, a slowdown in production may be sufficient, or even an orderly shutdown of the process may occur.

Another main type of failure is an unrevealed or covert failure. These failures do not announce themselves, but lie in wait until a demand is placed on the system and it cannot respond. For example, in the context of a logic system with mechanical relays, if the contacts on a mechanical relay were ‘welded’ closed, this may not be apparent until the relay is de-
energised and the contacts do not open as expected.

A covert failure is often dangerous because the system cannot respond to the hazardous condition as designed. Safety instrumented systems are designed to account for covert failures through testing and logic to reduce the risk below the site’s maximum tolerable level of risk.

For this article, we are primarily concerned with revealed or overt failures because failures in communications systems are generally overt. By analogy with safety instrumented systems, if the system loses a wired connection opening a circuit, the system may be programmed to de-energise the final element of the safety instrumented function, causing the plant to go to a safe state.

The same is similar for a wireless system because the safety is not in the medium by which the signal is sent but is instead in the protocol for sending and receiving that signal. Logic on the sending end packages the information in packets to be sent to the receiver, and intelligence on the receiving end makes sure the data that is received is timely and valid. If the data received by a final element – or any receiving device – is not timely and valid, it is very easy to detect and can cause the system to respond to communication loss in such a way that it moves to a safe state.
Current Rating :  3

Add your rating:



Your rate: 1 2 3 4 5