Designing ISHM modules concurrently with the systems they will be used for will result in significant increases in system reliability and robustness. We can leverage formal methodologies for conceptual design and risk analysis to seamlessly incorporate ISHM design into system design work practices.
We envision a software design environment to aid engineers in understanding the advantages and costs of Integrated Systems Health Management (ISHM), and in using ISHM technologies to our best advantage. The design environment will include specialized risk and design analysis tools that are built around ISHM goals and engineering work practices. Use of these tools will streamline the design process by helping design engineers decide when and how to incorporate ISHM into a design without consulting outside experts.
ISHM will be a critical capability for all space, lunar and planetary exploration vehicles and systems. Fundamental ISHM roles include automated spacecraft and vehicle health self-assessment, on-demand vehicle maintenance scheduling, and crew emergency response advisory. Monitoring and managing the health state of diverse components, subsystems, and systems is a difficult task that will become more challenging when implemented for long-term, evolving deployments. Besides exploration, applications include any complex system that demands high reliability and ISHM integration.
We focus on tools for early stage design, especially conceptual design, because this early stage presents the best opportunity to cost effectively catch and prevent potential failures and anomalies. During early stage design, many decisions and tasks are still open, including sensor and measurement point selection, modeling and model-checking, and diagnosis, signature and data fusion schemes. Using appropriate formal methods, the design team can systematically explore risks without committing to design decisions too early. In addition, hardware and software architectures, interfaces and standards will be developed for ISHM systems.
NASA currently employs a number of reliability tools and methods, including FMEA, FTA and PRA, and design engineers have used them successfully for designing reliable and safe systems. But these methods have drawbacks that limit their applicability to early phase design and design for ISHM. As we study the particular goals for ISHM design, we can select and extend risk and reliability methods to suit those goals. We have already begun developing failure analysis methods that determine failure modes during the early stages of functional design.
Applied haphazardly, ISHM may provide benefits but also add significant costs to a system. We employ risk analysis methods to optimize the use of the ISHM system, finding the best balance between cost, performance, safety and reliability throughout the system lifecycle (Figure 1). Risk analysis aids decision-making at two levels. When studying a particular system, risk analysis identifies and prioritizes risks and then points out those risks where ISHM technologies provide the optimal mitigation strategy. When studying a large space of system designs with IVHM integration, risk analysis aids in understanding the cost-benefit trade of applying ISHM mitigation strategies. In our work, we will incorporate risk analysis into a “design for ISHM” methodology and develop supporting risk analysis tools.
Right: Figure 1. Specialized risk analysis tools balance the cost of ISHM integration throughout lifecycle.
We also pursue design methodologies based on functional-models of systems. Previous work on the Elemental Function-Failure Design Method enables systematic failure analysis during conceptual design, before any physical design choices have been hardened (Figure 2). To extend this method for application to ISHM design, we can incorporate other ISHM innovations such as schemes for intelligent sensor selection and placement.
Computer tools to support these design methods will be incorporated into our ISHM design environment. The ISHM specific risk and failure modes analysis tools will have the following characteristics:
Right: Figure 2. Function models and formal methods enable failure identification and prevention early in design.
Despite significant improvements in health management solutions, simply retrofitting ISHM systems into existing systems is not always effective. Last-minute retrofits result in unreliable systems, ineffective solutions, and excessive costs (e.g., Space Shuttle TPS monitoring which was considered only after 110 flights and the Columbia disaster). High false alarm or false negative rates due to substandard implementations hurt the credibility of the ISHM discipline.
NASA’s new exploration theme poses stringent demands on vehicles and systems that will be relied upon for day-to-day operations in space. ISHM systems must be integrated with new systems starting from the early design stages. Currently, we lack tools and processes for integrating ISHM into the vehicle system/subsystem design. There are several challenges to widespread ISHM implementation and use today: