Table of
Contents
Executive Summary
This paper details the hazard analysis of the
M109 Howitzer fire control system. The hazard assessment has been accomplished
using the Hazard Analysis Types and Techniques (PHL, PHA, SSHA, SHA, HHA,
O&SHA, and SRCA).The system comprises of different elements, including
Vehicle Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion Sensor
(VMS), Commander's Control and Display Unit & Tactical Computer
(CDU&TC) and the Muzzle Velocity Radar (MVR). The assessment has revealed the existence of various hazards
that exist at different levels (see the filled-in Excel sheet attached
alongside this document). Every element, including hardware, system functions,
energy sources, software, hazardous operation and hazardous material has some
inherent hazard factors. It is recommended that the most appropriate measure of
assuring health and safety is managing the systems to minimize risks focusing
on two levels: system management and personnel management. It is also important
to develop a checklist tailored to these areas. Monitoring and evaluation using
tools such as Root-cause analysis (RCA) are also critical for the M109 Howitzer
fire control system sustainable health and safety protocols.
Introduction
M109 is
self-propelled howitzer with a155 mm turret (Department of the Army, 1994). It
continues to serve as one of the most common indirect fire support weapons
owned by armored and mechanized infantry maneuver brigade divisions. The
artillery often comprises of six crew members: the driver, the section chief,
two ammunition handlers, the gunner and assistant gunner. The role of the
gunner is to focus the cannon through movement, while the assistant gun focuses
the cannon through vertical movement. Since its introduction, M109 howitzer has
now undergone various system upgrades to increase its capability (Military
Today, 2017). One of the critical components in the M109 howitzer is the fire
control systems. In acknowledgement of the severe restrictions of operation
that are placed on the modern combat machines by the traditional methods of
deployment and survey systems, part of the focus of the military engineers have
been to develop modular artillery fire control systems that are aimed at
providing the highly adaptive and effective solutions to keep abreast with the
modern deployment environment. M109 howitzer is now fitted with the modular
artillery fire control systems. The aim of this paper is to perform a hazard
analysis of M109 howitzer, focusing on its fire control systems.
Description of M109 Howitzer Fire Control System
The M109 Howitzer Fire
Control System is designed to provide a computer-supported fire operation,
starting from preparation, identification of firing direction and controlling
the fire (Astronautics, 2018). It also provides digital integration for various
fire support systems. The system is defined by various essential technical
specifications. These specifications include mission planning and firing in
digital environment, gun heading measurements and continuous gun location
supported by the Inertial Navigation Systems, accurate and rapid ballistic
calculations, displays of combat area on a digital map, precise and automated
gun laying, communication system supported by digital radios, mission-oriented
graphical-user interfaces and fire command displays derived from ballistic
calculation. The system can also use information derived from Muzzle Velocity
Radar to support muzzle velocity management and it is integrated with NATO
Armaments Ballistic Kernel that computes and provides firing commands (ASELSAN,
2018).
The
M109 Howitzer Fire Control System comprises of various components. The key
components include the Vehicle Reference Unit, Gunner's Display Unit (GDU),
Vehicle Motion Sensor (VMS), Commander's Control and Display Unit &
Tactical Computer (CDU&TC) and the Muzzle Velocity Radar (MVR). The figure
1 below illustrates the key components of the M109 Howitzer Fire Control
System. The functions of these components are described in sections as follows.
Figure
1:
the key components of the M109 Howitzer Fire Control System (Astronautics,
2018).
Vehicle Reference Unit (VRU)
The
Vehicle Reference Unit comprises of the inertial navigation unit with either
embedded or external GPS receivers. This component is installed on the gun’s
elevating mass and functions to provide a precise output of the attitude and
position of the weapons. The purpose of the VRU component is performing all the
attitude, navigation, north finding and pointing functions.
Commander's Control and Display Unit & Tactical Computer (CDU&TC)
The Commander's Control and Display
Unit & Tactical Computer components provide the man-machine interface. This
system is often used by the gun’s commander. The gunner is also provided with
the similar unit to support the aiming functions. The component comprises of a powerful
computer process that provides overall system control, fire control computation,
and management. CDU&TC have high brightness backlights, the programmable
keys for manipulating functions and color liquid crystal displays to support
user-machine interface. The display is designed to allow a wide-angle viewing
area, yet it also provides a high-resolution image supported by high brightness
rays to support sunlight readability. The system has buttons that are placed on
the front bezel to support menu-driven operations. In essence, the CDU&TC
offers different types of system management, as well as M109 Howitzer Fire
Control System’s task processing. The system level functions that this
component discharges can be listed as the generation of graphic display,
ballistic computation, the on-board technical fire control and the overall
system mode control. The system is incorporated with software that allows
customization for flexible operations.
Gunner's Display Unit (GDU)
The gunner is also provided with a unit
similar to the Commander's Control and Display Unit & Tactical Computer to
support the aiming functions. Like the CDU&TC, the component comprises of a
powerful computer process that provides overall system control, fire control
computation, and management.
Muzzle Velocity Radar (MVR)
The M109
Howitzer Fire Control System is designed in a way that allows it to
accept and read inputs from the Muzzle Velocity Radar, which provides
continuous monitoring of the gun wear effects in a manner that is predictive,
and thereby support the improvement of the ballistic computation. The
processing units of the Muzzle Velocity Radar, including the antennae, are
implanted in front of the cradle to enhance efficiency. The measurements derived from the MVR kit are
featured in the ballistic computation process, aided by a predictive
algorithm. This feature enables the M109 Howitzer Fire Control System to improve
the effectiveness of the weapon deployment on first-round, eliminating the need
for traditional calibration rounds.
Vehicle Motion Sensor (VMS)
The M109 Howitzer Fire
Control System is fitted with Vehicle Motion Sensors. This component can be
installed in the engine or planted in the gear transmission compartment. The functions of the component are to provide
the measurements of the wheels or tracking the speeds of the Vehicle
Reference Unit on course of the gun and vehicle movement. This feature is aimed
at providing optimal system performance.
Methodology
The hazard assessment of the M109 Howitzer Fire
Control System was accomplished using the Hazard Analysis Types and Techniques
(PHL, PHA, SSHA, SHA, HHA, O&SHA, and SRCA), based on the pre-designated
system design building upon the preliminary hazard list created in fulfillment
of Project 3 requirements of EGR/ASEM-610. In essence, the hazard analysis was
conducted in accordance with the PHL methodology presented by Ericson, (2016),
which guides that hazard analysis should be systematic; it should start with
identifying the potential hazard by drawing a preliminary hazard list, and then
proceed to analyze the nature and form of vulnerabilities as dictated by
different hazard analysis types and techniques through PHA, SSHA, SHA, HHA,
O&SHA, and SRCA. The table below summarizes the
definitions of these hazard analysis techniques.
|
Hazard Analysis
Technique
|
Full Name
|
Focus
|
|
PHL
|
The Preliminary
Hazard List
|
Identifies various
vulnerabilities inherent to system components
|
|
PHA
|
Preliminary Hazard
Analysis
|
Analyzes the
hazards identified by the PHL
|
|
SSHA
|
Subsystem and
System Hazard Analyses
|
Analyzes the
general and subsystem component hazards
|
|
SHA
|
System Hazard
Analyses
|
Analyzes the
general system hazards
|
|
HHA
|
Health Hazard
Analysis
|
Analyses the health
hazards posed by the general system
|
|
O&SHA,
|
Operating and
Support Hazard Analysis
|
Analyzes the
hazards association with human factors
|
|
SRCA
|
Safety Requirements
Criteria Analysis
|
Analyzes the
hazards associated with safety and criteria requirements
|
The list components that informs the scope of the analyses
are varied and include: cannon tube, subsystem cannon tube, breech bore
evacuator, muzzle brake, thrust collar, travel lock, hydraulic subsystem,
rammer variable recoil, cannon equilibrator, power pack, actuating valve, tray
handle, blocking valve, cylinder valve, sighting subsystem, elbow telescope,
panoramic telescope, panoramic telescope, ballistic cover, alignment device,
collimator, and dial sight. The
assessment task was to identify the hazards inherent to these components by
filing the excel sheet.
The scope of subsequent PHA, SSHA, SHA, HHA, O&SHA, and SRCA was further limited to
hardware, system functions, energy sources, software, hazardous operation and
hazardous material. Thus, the analysis work largely entailed identifying the
hazards, analyzing them and filling the 7 HAT worksheets corresponding to these
areas.
Findings and Analysis of PHA, SSHA, SHA, HHA, O&SHA, and SRCA
The M109 Howitzer Fire Control System analysis based on
PHA, SSHA, SHA, HHA, O&SHA, and SRCA presents different forms of
multi-faceted hazards, which have different magnitudes of effects to the
system, as well as the operating personnel and the successfulness of the
mission (see the filled-in Excel sheet attached along this paper). These different forms of hazard can be
broadly divided into five areas: hazardous components, hazardous functions,
Energy sources, hazardous operation and hazardous material. These areas are
discussed in the corresponding section.
Hazardous Components
The PHA, SSHA, SHA, HHA, O&SHA,
and SRCA analysis reveals various hazardous functions associated with the M109
Howitzer Fire Control System, which poses different health and safety risks. The
associated risks largely have to do with likelihood of mission failure, system
destruction and causing injury to the personnel. The examples of hazards and
associated risks include the variable recoil system hitting the personnel that
results either injury or damage to the system itself. Another example of the
hazard is failure of the M82 primer or M4 Series Propelling Charges that
results in the minute delay in the mission or possible mission failure. Other examples
of hardware hazards that could result in similar problems are computer button
failure, radio failure and monitor failure, among others. The M109 Howitzer
Fire Control System also relies on the computer to integrate the functions of
Vehicle Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion Sensor
(VMS), Commander's Control and Display Unit & Tactical Computer
(CDU&TC) and the Muzzle Velocity Radar (MVR). The computer works based on the programmable software. The failure of
the software can result in a number of risks, including harming the
personnel and destruction of system translating to mission failure. The software is vulnerable to problems such
as the virus and errors in programming that slows the system or causes total
failure. Software error could result cause the computer to displays
incorrect data or unreadable data, resulting in round landing off target,
causing loss of personnel and equipment. The unreadable computer display can
also result in mission failure due to digital communications.
Hazardous Functions
The PHA, SSHA, SHA, HHA, O&SHA,
and SRCA analysis of system function presents various hazards associated with
the M109 Howitzer Fire Control System. The effects of these system hazards are
also varied, including the harming the personnel, destruction of system and
mission failure. All the M109 Howitzer Fire Control Systems, which include
Vehicle Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion Sensor
(VMS), Commander's Control and Display Unit & Tactical Computer
(CDU&TC) and the Muzzle Velocity Radar (MVR) are subject to hazards
inherent to system components, material, hardware and software that could
either harm the personnel or cause malfunction.
Energy Sources
Based on PHA, SSHA,
SHA, HHA, O&SHA, and SRCA analysis, the M109 Howitzer Fire Control System
is presented with various hazardous energy sources. One of the energy sources
of the system is diesel, which is burnt to generate the system power. The system is also fitted with a battery to
provide energy to ignition circuit systems and power some operations. The
combustion of oil can by accompanied by the production of harmful gases such as
carbon monoxide that can cause illness, permanent neurological damage, loss of
life. The battery can also malfunction and cause the failure of the entire
system and failure. A similar problem can be caused by the malfunctioned
generators.
Hazardous Operation
The M109 Howitzer Fire Control System is subject to various hazardous
operations that are revealed in PHA, SSHA, SHA, HHA, O&SHA, and SRCA. For
example, the GDU can fail to display correct data, denying the crew the needed
information to perform the mission. The premature or late functioning of fuze
up to 1 sec could cause the Round to detonate as close as 300 meters from tube,
resulting in the injury to personnel and equipment. The loss communication
during fire mission can cause failure to receive emergency voice commands
resulting in failed mission. The propellant may fail to ignite properly in a
cook off, which could cause a blowback. This problem could lead to the
potential injury or loss of life to personnel and damage to the equipment. The
operation failures are also associated with different human factors. For
example, the failure to inspect ammunition could result in unnecessary
ammunition malfunctions, which could cause bodily injury. The improper lay for
elevation will result in round impacting left or right of the target causing
possible loss of life, while the wrong fuze settings will result in premature
or late round exploding, which could cause injury or loss of life to personnel.
Hazardous Material
The M109 Howitzer Fire Control
System also entails interaction to various hazardous materials that could
either harm the personnel or destroy system and limit the mission success, as
revealed by PHA, SSHA, SHA, HHA, O&SHA, and SRCA. For example, tritium gas
escaping from the broke valves could be inhaled by operating personnel. This contact could cause different health
problems depending on exposure. It could also cause the system to fail to
illuminate and result in mission failure. The propellant charge disposal
requires burning of charges, and can lead to damage to environment or cause
injuries to personnel and destruction to the equipment. Diesel fuel spill during
refueling could cause injury to eyes, skin, lungs and it is an environmental
hazard, too. Hydraulic fluid spill may
cause swelling and redness to the skin.
It can also cause intestinal problems which could ultimately lead to
death and presents an environmental pollutant. Radiator coolant (Anti-freeze)
spillage is poisonous to humans and other animals. If ingested can lead to severe diarrhea,
vomiting, kidney failure and death.
Conclusion and Recommendations
In conclusion, the aim of this paper was to perform
a hazard analysis of the M109 Howitzer, focusing on its fire control system.
This analysis has been motivated by the acknowledgement of the severe
restrictions of operation that are placed on the modern combat machines by the
traditional methods of deployment and survey systems, which necessitates questioning
and assessing whether the artillery fire control systems are well placed to
provide the highly adaptive and effective solutions that keep abreast with the
modern deployment environment.
M109 Howitzer Fire Control System comprises
of different elements, including Vehicle Reference Unit, Gunner's Display Unit
(GDU), Vehicle Motion Sensor (VMS), Commander's Control and Display Unit &
Tactical Computer (CDU&TC) and the Muzzle Velocity Radar (MVR). The hazard assessment has been
accomplished using the Hazard Analysis Types and Techniques (PHL, PHA, SSHA,
SHA, HHA, O&SHA, and SRCA). The PHL was interested in hazards inherent to
components of the subsystems, while the
subsequent PHA, SSHA, SHA, HHA, O&SHA, and SRCA narrowed on issues
pertaining to hardware, system functions, energy sources, software, hazardous
operation and hazardous material.
The assessment has revealed the existence of
various hazards that exist at different levels (see the attached filled-in
Excel sheet). As can be inferred, every element, including hardware, system
functions, energy sources, software, hazardous operation and hazardous material
has some underlying hazard factors. More importantly, all the identified
hazards have the potential of causing serious health and safety risks such as fire
explosions, environmental pollution, personnel injury, poisoning and system
destruction.
In light of these issues, several
recommendations can be put forth. Firstly, the safety management team will need
to first recognize that most hazards cannot be completely eliminated because
they are inherent to system components. Therefore, the most appropriate
ramification measures should include managing the systems to minimize risks. This
process should be done at two levels: system management and personnel
management. In this case, the system management level concerns itself with all
the measures facing M109 Howitzer Fire Control System, which include
maintaining and upgrading systems to foster efficiency and reduce faults. In
contrast, personnel management focuses on addressing the human factor risks,
which include training and development of the human resource to improve their
skills and capacity to assure efficiency and shun personnel-related health and
safety risks.
It will also important for the safety team to
develop healthy and safety checklist tailored to these areas. Monitoring and
evaluation of system health and safety should also be continuous and objective.
Incidents and accidents should also be objectively documented to inform
corrective and preventative actions. The safety management team is presented
with techniques such as Root-cause analysis (RCA) for managing and preventing mishaps.
Root-cause analysis (RCA) spans processes, approaches, techniques, and tools
that seek to identify and address the cause of a problem to prevent it from
recurring (Sue, 2017). In other words, RCA can be conceived as an integrated
approach that breaks down processes and systems and studies to establish
nonconformities, guided by questions such as what happened, why the incidents
happen and the changes that ought to be taken to prevent the problem. The model
rightly assumes that problems that occur in systems may be varied but traces to
certain main causes that, if addressed, would prevent other problems from
happening. It then also rightly recognizes that system components are so
holistically related that they should be approached using an integrated system
approach. Like RCA, other tools such Failure Mode and Effect Analysis (FMEA) also present comprehensive and
systematic steps for identifying and addressing the causes of errors that
compromise the health and safety (Dubale, Suleman, & Gurmesa, 2017). Evidently,
the process of managing health and safety within the M109 Howitzer Fire Control
System can be seen to be relatively demanding to the extent that it can be
inferred to particularly count on informed management.
References
ASELSAN.
(2018). Fire Control Systems. Retrieved
from
http://www.aselsan.com.tr/en-us/press-room/Brochures/Command-Control-Comm-Computer-Systems/FIRE_CONTROL_SYSTEMS_ENG.pdf
Astronautics
(2018). Artillery Fire Control System.
Retrieved from http://www.astronautics.co.il/land/artillery-fire-control-system
Department
of the Army (1994). Operator’s Manual For Howitzer, Medium,
Self-Propelled,155mm. BAE Systems Land & Armaments, L.P.
Unlimited Government Rights
Dubale,
S., Suleman, S., & Gurmesa, A. (2017). Failure
Mode and Effect Analysis (FMEA) of IV-Medication Process in Mettu Karl
Hospital, Mettu Town, Oromiya Regional State, South West Ethiopia.
Retrieved from
https://sciforschenonline.org/journals/clinical-research/article-data/CLROA-3-118/CLROA-3-118.pdf
Ericson,
C. A. (2016). Hazard Analysis Techniques
for System Safety (2nd ed.). Hoboken: John Wiley & Sons Inc.
Military
Today (2017). M109: 155
mm self-propelled artillery system. Retrieved from
http://www.military-today.com/artillery/m109.htm
Sue, A.
(2017). Root Cause Analysis (RCA) Getting to the Reasons for the Problem. 2017 NCALA Symposium People, Purpose and
Passion Winston-Salem, NC October 10,
2017
No comments:
Post a Comment