Applying reliability models to ship safety assessment

Evangelos Mennis, Ioannis N. Lagoudis, Nikitas Nikitakos,

Department of Shipping Trade and Transport, University of the Aegean, Chios - Greece
Agapios Platis
Department of Financial and Management Engineering, University of the Aegean, Chios - Greece

ABSTRACT: During the last decades human activity has been the source of ecological disasters. The ship-
ping industry shares part of this responsibility with accidents such as the “Exxon Valdez” and “Prestige” out-
standing. Nevertheless the shipping community has taken a series of actions in order to minimize such events
via international bodies like the International Maritime Organisation (I.M.O.). Characteristic examples of
such actions are the implementation of regulations which define specific processes and activities, following
the philosophy of accident prevention. With the use of static models (such as event and fault trees) a number
of studies have intended to forecast possible causes-events that can cause serious accidents, which can lead to
environmental pollution. In this paper we propose Reliability Models of Markov Theory in order to simulate
reality and estimate reasons that can result in accidents.

1 INTRODUCTION model methodologies such as fault trees and event

Environmental catastrophe is a phenomenon that the
research community is dealing during the last
decades. Sea pollution constitutes a significant part
of this catastrophe thus a number of efforts have
taken place for its limitation. As presented in Table
1 the 30 per cent of the pollution of the seas is due to
shipping activity whereas for the rest 70 per cent
other factors are responsible. In order to control and
minimize the effects from the pollution caused by
ships, organizations such as the IMO have been
founded, aiming at the safe transportation of goods
via the assistance and cooperation of national gov-
ernments. A characteristic example of measures that
have been created by the IMO and accepted by the
world community is the Formal Safety Assessment.
Table 1 – “Sources” of oil pollution into the sea
Source: Ventikos (2003)
Recorded “sources” Distribution (%)
Industrial waste, urban runoffs, etc 60.7
Refineries/terminals 1.2
Natural sources 10.3
Tanker operations 6.6
Tanker accidents 4.7
Other shipping 14.4
Offshore production 2.1
Total 100
trees. In this study dynamic modeling along with
Markov theory are used since it is believed that ben-
efits can be gained from their application to shipping
management companies’ operations systems.
The purpose of the study is to illustrate the advan-
tages of the adopted methodology for modeling fail-
ure states for a ship’s systems. We define and use a
specific failure which takes place in a vessel’s sys-
tem and under specific circumstances can lead to an
accident. Once the problem has been defined in de-
tailed, we model the processes with the assistance of
Markov theory in order to illustrate the way the spe-
cific problem can be prevented.
We examine the case of a vessel’s main engine
cooling system. In modern vessels two such systems
exist; the main one and the auxiliary which starts
when the first fails. If both main and auxiliary cool-
ing systems fail to operate then the possibility that
the main engine will be damaged or even stopped is
big. This event under difficult conditions (i.e. bad
weather conditions) is likely to cause a serious acci-
dent with possible water pollution. Finally, we aim
to examine the contribution of Markov modeling in
the reliability improvement of the ship’s mechanical
parts.

A number of studies appear in the literature aim-

ing at the minimization of accidents using statistical
 2 METHODOLOGY ANALYSIS
2.1 Markov Theory
A number of different methodologies have been
used in reliability studies such as event trees, fault
trees for static models or Markov for dynamic mod-
els. Fault trees are considered as a simple and effi-
cient method in dependability assessment of com-
plex systems. The method has been applied to vari-
ous industries (aerospace, nuclear etc). However
fault trees are based on the assumption that there is
independence among the components of the system
and sometimes this can be unrealistic.
Considering systems with component dependen-
cies dynamic models are more appropriate solution.
Among the dynamic models Markov dispose special
mathematical properties. This is why they are used
broadly. Especially a case of shared components can
be solved by Markov modeling, while fault trees or
block diagrams are used for non-shared components.
The knowledge of Markov theory and stochastic
science makes it possible to compute the dynamic
evolution of a system. In terms of the current state,
the state transition rule (differential equation), and
the time increment in appropriate units. On the other
hand in complex systems is very difficult to use
Markov models because the graph may be extremely
complicated and susceptible to modeling errors
The state-space method is a useful method for
system reliability evaluation. A system is described
by its states and by possible transitions between
these states. The system states and the possible
transitions are illustrated by a state-space diagram,
which is also known as a Markov diagram. The vari-
ous system states are defined by the states of the
components comprising the system. By the state-
space method the components are not restricted to
having only two possible states.
The apposed components may have a number of
different states such as functioning, in standby, com-
pletely failed, and under maintenance. The various
failure modes may also be defined as states. The
transitions between the states are caused by various
mechanisms and activities such as failures, repairs,
replacements, and switching operations. The state-
space method is not restricted to only two possible
states of the components. The method can be used to
model rather complicated repair and switching
strategies. Common cause failures may also be mod-
elled by the state-space method.
The nascent Markov techniques intend to adopt
realistic, detailed probabilistic models for further
carrying out of sensitivity analysis owing to these
techniques:
• The repairs of the components can be taken
into account
• The reliability and availability computa-
tions can be carried out.
• The normal/standby operating sequences
and, more generally, all the changes in the
configuration of the system under study
can be considered.
• Multi-step system operating sequences
can be taken into account.
Dealing with Markov graphs, allows the visualiz-
ation of the progress of alternate failures and repairs
as time passes, leading to system failure, and the
computation of the probability of measures being
taken before the complete loss of the system. On the
other hand, using Markov techniques is uneasy due
to the complexity of the graphs to be processed in
case of complex systems. The techniques applied for
state aggregation, which aim at the minimization of
the number of states or sequential computations in
order to build simplify the graph, generally permit
the problem to be reduced to a reasonable size. The
association of costs with each state allows the access
to performability modeling.
The ramification of Markov models is presented
below: Platis et. Al (1998). The simplest, and the
most commonly used is the Homogeneous Markov
Chain (HMC) which is characterized by the fact that
the transition rates between the states are constant. A
more complex type is the Non-Homogeneous
Markov Chain (NHMC) where the transition rates
between states are functions of a global “clock”
(elapsed mission time for instance). Finally, the most
complex type of Markov model is the semi-Markov,
where the transition rates are functions of “local
clocks” that may depend on a time spent in a state
(sojourn time). To illustrate these differences, let us
consider the following simple example:
Figure 1: State transition diagram of a component
λ
A state transition diagram is represented in Figure
1. It includes a component with two states denoted
Up and Down. The transition rate from Up state to
the Down state is the failure rate while from Down
state to theUpUp state is the repair rate.
DownFor a HMC,
we would have constant rates λ, μ, whereas for
NHMC, we would have global time dependent rates
λ(t), μ(t), for instance transition rates that are in the
μ
 form of the Weibull hazard rate function, or transi-
tion rates that depend on the external environment
such as the working hours of the repairman that fixes
the component, or any other rates provided that they
are function of the global time or mission time. In
our example we use Homogeneous Continuous Time
Markov Chains.
2.2 What is Formal Safety Assessment
The main aim of FSA is to intensify maritime safety,
by protecting human lives, health and marine envi-
ronment. The procedure uses risk and cost/benefit
assessments. FSA has been designed to be used as
tool in order to help evaluating regulations or mak-
ing comparison between existing and possibly im-
proved regulations. The perspective is to achieve a
balance for the technical and operational issues, in-
cluding the human element, and between safety and
costs.
FSA is consistent with the current IMO decision-
making process and provides a basis for making de-
cisions in accordance with resolutions A.500(XII)
"Objectives of the Organisation in the 1980's", and
A.777(18) "Work Methods and Organisation of
Work in Committees and their Subsidiary Bodies".
The decision makers at IMO, through FSA, will
be able to appreciate the effect of proposed regula-
tory changes in terms of benefits (e.g. expected re-
duction of lives lost or pollution) and related costs
incurred for the industry as a whole. FSA should fa-
cilitate development of regulatory changes equitable
to the various parties, thus aiding the achievement of
consensus.
The Formal Safety Assessment consists of five
steps:
1. Identification of hazards.
2. Assessment of risks.
3. Risk control option.
4. Cost benefit assessment.
5. Recommendations for decision-making.
The application of the FSA facilitates a transpar-
ent decision making process and provides a proac-
tive mean enabling to avoid serious accidents by
highlighting potential hazards. Our model intends to
improve the FSA methodology with the use of relia-
bility models.
3 CASE STUDY
3.1 Description of the model
The model refers to a ship’s engine cooling system
which includes a main and a back-up system. The
back-up system is put in use only for the time that
the main system is out of service, since it does not
have the same power as the main one. The cooling
system is considered as one of the vessel’s critical
systems, since a possible operational failure leads to
the main engine’s malfunction with unforeseen con-
sequences.
Generally we could assume that the failure rate of
the engine’s cooling system follows a standard bath-
tube curve. However, we consider that the system is
functioning under the useful life period (wear out
period is avoided by preventive maintenance and in-
fant mortality period is avoided by preliminary test-
ing). Hence the failure rate is considered constant
(random failures) and can be modeled by the expo-
nential distribution. Repair (restoration rates) are
also assumed to be constant and therefore can be
modeled by the exponential distribution.
The model details are as follows:
 S1: Is the main cooling system used
for the controlling of the engine’s temperature.
 S2: Is the back-up cooling system
which is activated in a possible failure of S1 ei-
ther automatically (A1) or manually.
 A1: A device that activates S2 in case
of S1 breakdown.
 λS1,λS2:: Is the sequence of failure of
the main and the back-up system.
 γΑ1:: Is the probability of failure for
the automatic back-up system operation.
 μrestore1:: Is the rate the system is re-
stored to each initial state. Practically the engine
is in a state without cooling system for a very
short period of time.
 μrestore2:: Is the rate the system is re-
stored to each initial state when the automatic
system fails to operate.
 μrepairS1:: Is the rate of repair of the S1
system which is the same for S2. Both S1 and
S2 can be repaired in parallel.
The different states that the under study system
can reach in the case of failures is presented in Fig-
ure 2 (page 6). In reference to the automatic system
A1, it is assumed that there is a back-up one, which
implies that the time of repair in the case of failure is
practically close to zero.
In state one, S1 functions properly while S2 is
used as back-up. This is due to the safety require-
ments of the system. In state two there is a failure on
the S1 and the automatic system A1 is put in opera-
tion. In state three there is a parallel failure in S1 and
in A1. In both cases (state two and state three) the
S2 system is put in operation in order to cool the en-
gine with the difference that in state three the time
for the system’s restoration is longer. It is evident
that states two and three are temporary and last until
the states four and five are reached, where S2 func-
tions properly.
During the operation of the S2, S1 is repaired
with the same rate until the initial state one is
reached. None the less there is a possibility that dur-
 ing states four and five, S2 fails too. In this case the
temperature of the ship’s main engine could be in-
creased significantly having as a result either the en-
gine to stop from operating in order to avoid any
damage or it can result in a serious damage, if the
engine is not put out of operation on time.
States six and seven represent the above possibili-
ties which under certain circumstances could lead to
an accident with significant consequences to the en-
vironment. Since the model under examination in
this paper belongs to the non-shared (independent)
repair category the rate of restoration rate towards
state one is 2μrepairS1.
3.2 Results
The data used for the purposes of this study was de-
rived from interviews with experts in the maritime
industry. The following table presents the values of
the variables which are used in this model.
Based on these values the steady states were cal-
culated, which indicate the probability a certain
process will be at a certain state after a long period
of time.
Table 2: Data about failures and restorations
Variable Frequency
λS1,λS2 3 times per
year
γΑ1 2‰
μrestore1 2 minutes
μrestore2 4 minutes
μrepairS1 4 working
hours for 3 per-
sons
By using the data collected with the assistance of
experts, we calculate the quantitative change of the
probability for pollution with the assistance of the
Markov model. In table 4 we can see the comparison
of the change from three failures per year, to one or
two failures per year. As it is presented the alteration
oscillates from 32% to 78%. Conclusively we can
reduce the probability of pollution in a high percent-
age if we lower the frequency of failure from three
to one failure per year.
Table 4: Percentage change of probability if we decrease the
failure rate λS1
From 3 to 2 fail- From 3 to 1
ures / year failure / year
State6 33% 66%
State7 61% 78%
Further research can be conducted in the financial
damage of the shipping company if the engine of the
ship remains out of order in states six and seven. To-
day according to “Livanos SA” shipping company
the freight rate for a panamax bulk carrier is at about
$30.000 per day thus the per hour freight is about
$1250. Taking into account the steady states for the
sixth and seventh state the cost C for every hour the
engine is out of order is given from the next figure:
Cλs1=n = [prob (state6) + prob(state7)] * cost per hour (1)
Substituting the given data we have:
Cλs1=3 = $ 0,0025 per hour
Cλs1=1 = $ 0,00086 per hour

Where Q = [qij] is the n by n generator matrix,

4 CONCLUSIONS
with qij denoting the transition rate from state i to
state j and n denoting the number of states (n = 0, 1,
In this study the contribution of reliability models in
2) Smith (1998), Trivedi (1993).
the assurance of safety conditions in shipping opera-
Table 3 presents the steady state results for one,
tions has been intended aiming at the prevention of
two and three failures per year. As can seen by com-
sea polluting events. In order to validate our model
paring them, the more we decrease the failure fre-
we used experimental data based on assessments
quency the more the probability to remain in safe
from experts. It will be purposeful to conduct sensi-
state is increased. Nevertheless we are interested in
tivity analysis on real data in our future study.
states six and seven, which represent the contin-
Continuous time Markov chains have been used
gency of polluting the sea.
in modeling the failures of a ship’s engine cooling
Table 3: Steady states for different failure rate of λS1
system, which is considered one of the main operat-
3 Failures / year 2 Failures/year 1 Failure/year
ing systems for the proper operation of any vessel.
State1 9,9895E-01 9,9930E-01 9,9965E-01
The results have shown the percentage change of
State4 2,0485E-05 1,3662E-05 6,8332E-06
steady states if there is decrease in the failure rate.
State2 9,1224E-08 6,0838E-08 3,0429E-08
Further research can focus on the costs deriving
State5 1,0232E-03 6,8262E-04 3,4154E-04
from the time the ship remains idle due to the en-
State6 2,0504E-06 1,3679E-06 6,8443E-07
gines breakdown (states six and seven) with the as-
State3 5,2563E-07 2,3377E-07 5,8484E-08
sistance of semi-markov models, which may support
State7 1,2032E-09 4,6846E-10 2,6714E-10
a more detailed analysis for every state according to
the time.
 REFERENCES

[1] N.P. Ventikos, H. Psaraftis Spill accident modeling: a criti-

cal survey of the event-decision network in the context of
IMO’s formal safety assessment. Journal of Hazardous Ma-
terials – 2003
[2] A.N. Platis, N.E. Limnios, M.Le Du, Asymptotic Availabil-
ity of Systems Modeled by Cyclic Non-Homogeneous
Markov Chains - 1998
[3] M. Konstantinidou, E. Mennis, A. Platis, Comparison of
Modeling Methodologies for the Formal Safety Assessment
in Shipping Transportation. ESREL 2004
[4] Smith R. M., Trivedi K. S., Rameshi A. M 1998, “Perform-
ability analysis: Measures, an algorithm and a case study”,
IEEE Transactions on Computers, vol. C-37, No.4, pp. 406-
417
[5] Trivedi K. S., Giardo G., Malhorta M. Sahner R. A. 1993,
“Dependability and Performability analysis”, Performance
Evaluation of Computer and Communication Systems, Lec-
ture Notes in Computer Science, L. Dontatiella, R. Nelson
(eds), pp.587-612
[6] Delautre S., Aksu S., Tuzcu C., Mikelis N., Papanikolaou
A. 2005 «Hazard identification & Risk Rating of Aframax
Tankers by expert judgement » Maritime Transportation
and Exploitation of Ocean and Coastal Resources pp. 1512-
1519
[7] Papanikolaou A., Eliopoulou E., Alissafaki A. 2005 « Sys-
tematic Analysis and Review of Aframax Tankers Inci-
dents » pp : 1573 – 1581
[8] Bouissu M., Bon J.L., 2003 “A new formalism that com-
bines advantages of fault-trees and Markov models: Bool-
ean logic driven Markov processes” Reliability Engineering
and System Safety pp: 149 - 163
 S1 Failure λS1(1- γΑ1) λS1 γΑ1 S1 Failure
A1 Activation A2 Failure
μrestore2

μrestore1 (3)
(2)

S1 Repair
S1 Oper A1 Repair
S1 Repair S2 Stand By S2 oper
S2 Oper (manually)

(1)
(5)
μrepairS1 λS1
(4)
μrepairS1

λS1
S2 Failure
S2 Failure 2μrepairS1 2μrepairS1 Repair S1,S2,A1
S1,S2 Repair ENGINE
ENGINE STOPS
STOPS
(7)
(6)

Figure 2: Representation of the graph