Quantification of risks in the Hyperloop

No item, service or system is completely safe. Everything is accompanied by a certain amount of risk. Like any other transportation system, the Hyperloop has hazards as well. Many risks and hazards are similar to those present in current modes of transportation. However, the Hyperloop is a revolutionary mode of transportation with characteristics, such as the high speed of travel, the propulsion and suspension mechanisms, and the near-vacuum sealed-off environment. These characteristics result in hazards unique to the Hyperloop system. Therefore, an extensive analysis of potential threats and dangers to the system is required to create a safe mode of transportation. A collaboration between Delft Hyperloop and Deloitte was established to investigate the risks and hazards in the Hyperloop system.

The process of identifying and analysing risks and hazards is complex and consists of two components, namely the qualitative and quantitative analysis. The qualitative study is necessary to identify and have a clear understanding of the risks, which are then further analysed in the quantitative analysis to determine the likelihood and impact. These two analyses are crucial in the overarching safety analysis of the Hyperloop system. They give an indication as to the extra safety measures and controls that need to be implemented to suppress the consequences that risks have on the system.

Crown jewel assessment

To conduct the qualitative analysis, assets of the Hyperloop system first need to be defined. Assets are components that are of value to the greater system. The Hyperloop system and its assets can be divided in various ways. During the identification process the assets were categorized as follows: mobile, fixed, cyber, systems, processes, people, services and organization. Each asset is assessed based on the impact of the asset failing, giving an indication as to its importance. Safety, environmental, reputational, operation and regulatory impact were chosen as criteria. In a semi-quantitative ranking the most important assets are identified. These are called the crown jewels of the Hyperloop, which are crucial for Hyperloop operations and have a significant impact if failure occurs. The crown jewels range from security clearances and emergency procedures, to database servers and to pod-to-pod communication.

Risk assessment

Risk is defined as the combination of the probability of an event and the magnitude of the consequences. A certain risk can be quantified by the product of the probability of the event occurring and the expected damage given that the event occurs (Fischhoff, Watson & Hope, 1984). Historical data of failures can be used to quantify the likelihood and impact. However, for a new mode of transportation such as the Hyperloop, this data is not available. As a result, a semi-quantitative approach is applied whereby each failure mode of an asset is assessed based on likelihood and impact. Likelihood gives an indication as to the occurrence probability. Impact is assessed in terms of fatalities, injuries, financial damage, operational downtime and system damage. The risks are plotted in a likelihood-impact graph, as shown in figure 1. Each number corresponds with a failure mode of the Hyperloop system. A description of the failure modes can be found in table 1 at the bottom of this article.

Figure 1: likelihood vs. impact graph of failure modes in Hyperloop system

The failure modes that have a high score (the red area) pose a large risk for the system and can be found in the top right of figure 1. These risks are deemed unacceptable and have to be lowered to an acceptable level (the green area). Using the results from the semi-quantitative risk assessment, appropriate control measures can be implemented to lower the risks in the Hyperloop system. This will bring future travelers closer to a safe and reliable mode of transportation.

The goal of the collaboration between Delft Hyperloop and Deloitte was to quantify the risks of the Hyperloop. Deloitte is a company that provides its clients with a range of services, one of which being risk management. Through the collaboration between Delft Hyperloop and this branch of Deloitte, both parties were able to apply their expertise and people to share the future of mobility, thereby keeping the Netherlands moving and enable seamless travel for people and goods in a sustainable way. To be able to tackle the complex process of quantifying risks, extensive contact was maintained between Delft Hyperloop and Deloitte. Multiple meetings were held to discuss all components of the process, such as the method, assessment criteria and the scope of the investigation. After, a brainstorm session was held at Delft Hyperloop with almost 30 colleagues from Deloitte and 5 from Delft Hyperloop to identify the risks in the Hyperloop. Using these findings, the quantification of the risks was possible.

References

Fischhoff, B., Watson, S.R., & Hope, C. (1984). Defining risk. Policy sciences, 17(2), 123-139.

Digit in figure 1Failure modeAsset
1Critical bugs (no workaround and affects critical functionality)Software
2Minor bugs (affects functionality, has easy workaround)Software
3RansomwareSoftware
4Unauthorized breachNetworks
5Incorrect anomaly detectionAnomaly detection
6Anomaly without detectionAnomaly detection
7Damage to power cablesTransportation of energy
8Broken pumpVacuum pumps
9Compromised componentOff-the-shelf components
10Broken componentsOff-the-shelf components
11Sensors brokenEnvironmental control system
12Loss of safe pod environmentEnvironmental control system
13Data leakData protection
14Backup compromise
15Remote 0-day exploit
16Insider threat
17(Un)intentional damage to passengersPassenger pod
18Perishable/dangerous goodsFreight pod
19Attack of fellow passengersPassengers
20Damage to pod interiorPassengers
21Exits unable to offer protection to passengersEmergency exits
22Emergency exits not accessibleEmergency exits
23Power failurePower/communication
24Remote attack on communicationsPower/communication
25Physical attack on power gridPower/communication
26Natural disasterPower/communication
27Electromagnetic interferencePower/communication
28Airlock gets breachedStation/tunnels
29People entering depressurization chamberStation/tunnels
30Tunnel collapsesStation/tunnels
31Structural integrity of station failsStation/tunnels
32EMP attackBattery control system
33Solar stormsBattery control system
34Overheating of batteriesBattery control system
35Reduction of effectiveness of security checksSecurity checks
36Lines disrupting turn-up-and-go systemSecurity chekcs
37Malfunctioning toiletsToilets
38Permanent magnets losing strenghtLevitation
39Electromagnets lose powerLevitation
40Feedback loop fails and levitation height becomes too smallLevitation
41Hole in the tube which causes a local implosion of the tubeVacuum environment
42Hole in the pod which causes the loss of breathable airVacuum environement
43Airlock malfunctionVacuum environment
44Failure of pod authorizationCommunication
45Failure of pod communicationCommunication
46Interference of external broadcasting signalsCommunication
47Failure of pod positioningCommunication
48Braking system fails to workBraking
49Braking system engages at the wrong timeBraking
50Braking system engages too fastBraking
51Disturbance in communicationP2P/P2I communication
52Breach in communication systemP2P/P2I communication
53Malfunctioning electronicsMagnetic fields
54Damaged personal devicesMagnetic fields
55Malfunctioning health devicesMagnetic fields
56Wrong ticket pricingTicket sale
57Data breachTicket sale
58Inefficient staffTraining
59Staff unable to act during emergency situationsTraining
60Corporate espionage
61Broken sensorsSystem monitoring
62Objects in tubeMaintenance
63Incorrect maintenanceMaintenance
64Worried passengersPassengers
65Incompetent employeesEmployees
66Unmotivated employeesEmployees
67Bad job fitEmployees
68Staff not present at places where neededSupport staff
69Invalid/incorrect maintenanceMaintenance staff
70Too many false positivesSecurity staff
71Too many false negativesSecurity staff
72BlackmailingSystem integrity
73Data sharingSystem integrity
74Malicious intentSystem integrity
75Incorrect schedulingScheduling
Table 1: Legend accompanying figure 1

Leave a Reply