Table of Contents
Executive Summary
This paper details the hazard analysis of the M109 Howitzer fire
control system. The hazard assessment has been accomplished using the Hazard
Analysis Types and Techniques (PHL, PHA, SSHA, SHA, HHA, O&SHA, and SRCA).The
system comprises of different elements, including Vehicle Reference Unit,
Gunner's Display Unit (GDU), Vehicle Motion Sensor (VMS), Commander's Control
and Display Unit & Tactical Computer (CDU&TC) and the Muzzle Velocity
Radar (MVR). The assessment has
revealed the existence of various hazards that exist at different levels (see
the filled-in Excel sheet attached alongside this document). Every element,
including hardware, system functions, energy sources, software, hazardous
operation and hazardous material has some inherent hazard factors. It is
recommended that the most appropriate measure of assuring health and safety is
managing the systems to minimize risks focusing on two levels: system
management and personnel management. It is also important to develop a checklist
tailored to these areas. Monitoring and evaluation using tools such as
Root-cause analysis (RCA) are also critical for the M109 Howitzer fire control
system sustainable health and safety protocols.
Introduction
M109 is self-propelled howitzer with
a155 mm turret (Department of the Army, 1994). It continues to serve as one of
the most common indirect fire support weapons owned by armored and mechanized
infantry maneuver brigade divisions. The artillery often comprises of six crew
members: the driver, the section chief, two ammunition handlers, the gunner and
assistant gunner. The role of the gunner is to focus the cannon through
movement, while the assistant gun focuses the cannon through vertical movement.
Since its introduction, M109 howitzer has now undergone various system upgrades
to increase its capability (Military Today, 2017). One of the critical
components in the M109 howitzer is the fire control systems. In acknowledgement
of the severe restrictions of operation that are placed on the modern combat
machines by the traditional methods of deployment and survey systems, part of
the focus of the military engineers have been to develop modular artillery fire
control systems that are aimed at providing the highly adaptive and effective
solutions to keep abreast with the modern deployment environment. M109 howitzer
is now fitted with the modular artillery fire control systems. The aim of this
paper is to perform a hazard analysis of M109 howitzer, focusing on its fire
control systems.
Description of M109 Howitzer Fire Control System
The M109 Howitzer Fire Control System is designed to provide a
computer-supported fire operation, starting from preparation, identification of
firing direction and controlling the fire (Astronautics, 2018). It also provides
digital integration for various fire support systems. The system is defined by
various essential technical specifications. These specifications include
mission planning and firing in digital environment, gun heading measurements
and continuous gun location supported by the Inertial Navigation Systems,
accurate and rapid ballistic calculations, displays of combat area on a digital
map, precise and automated gun laying, communication system supported by
digital radios, mission-oriented graphical-user interfaces and fire command
displays derived from ballistic calculation. The system can also use
information derived from Muzzle Velocity Radar to support muzzle velocity
management and it is integrated with NATO Armaments Ballistic Kernel that
computes and provides firing commands (ASELSAN, 2018).
The M109 Howitzer Fire Control
System comprises of various components. The key components include the Vehicle
Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion Sensor (VMS),
Commander's Control and Display Unit & Tactical Computer (CDU&TC) and
the Muzzle Velocity Radar (MVR). The figure 1 below illustrates the key
components of the M109 Howitzer Fire Control System. The functions of these
components are described in sections as follows.
Figure 1: the key components of the M109
Howitzer Fire Control System (Astronautics, 2018).
Vehicle Reference Unit (VRU)
The Vehicle
Reference Unit comprises of the inertial navigation unit with either embedded
or external GPS receivers. This component is installed on the gun’s elevating
mass and functions to provide a precise output of the attitude and position of
the weapons. The purpose of the VRU component is performing all the attitude,
navigation, north finding and pointing functions.
Commander's Control and Display Unit & Tactical Computer (CDU&TC)
The Commander's Control and Display Unit & Tactical
Computer components provide the man-machine interface. This system is often
used by the gun’s commander. The gunner is also provided with the similar unit
to support the aiming functions. The component comprises of a powerful computer
process that provides overall system control, fire control computation, and
management. CDU&TC have high brightness backlights, the programmable keys
for manipulating functions and color liquid crystal displays to support
user-machine interface. The display is designed to allow a wide-angle viewing
area, yet it also provides a high-resolution image supported by high brightness
rays to support sunlight readability. The system has buttons that are placed on
the front bezel to support menu-driven operations. In essence, the CDU&TC
offers different types of system management, as well as M109 Howitzer Fire
Control System’s task processing. The system level functions that this
component discharges can be listed as the generation of graphic display,
ballistic computation, the on-board technical fire control and the overall
system mode control. The system is incorporated with software that allows
customization for flexible operations.
Gunner's Display Unit (GDU)
The gunner is also provided with a unit similar to the
Commander's Control and Display Unit & Tactical Computer to support the
aiming functions. Like the CDU&TC, the component comprises of a powerful
computer process that provides overall system control, fire control computation,
and management.
Muzzle Velocity Radar (MVR)
The M109 Howitzer Fire Control
System is
designed in a way that allows it to accept and read inputs from the Muzzle
Velocity Radar, which provides continuous monitoring of the gun wear effects in
a manner that is predictive, and thereby support the improvement of the
ballistic computation. The processing units of the Muzzle Velocity Radar,
including the antennae, are implanted in front of the cradle to enhance
efficiency. The measurements derived
from the MVR kit are featured in the ballistic computation process, aided by a predictive
algorithm. This feature enables the M109 Howitzer Fire Control System to improve
the effectiveness of the weapon deployment on first-round, eliminating the need
for traditional calibration rounds.
Vehicle Motion Sensor (VMS)
The
M109 Howitzer Fire Control System is fitted with Vehicle Motion Sensors. This
component can be installed in the engine or planted in the gear transmission
compartment. The functions of the
component are to provide the measurements of the wheels or tracking the speeds
of the Vehicle
Reference Unit on course of the gun and vehicle movement. This feature is aimed
at providing optimal system performance.
Methodology
The hazard assessment of the M109 Howitzer Fire Control System was
accomplished using the Hazard Analysis Types and Techniques (PHL, PHA, SSHA,
SHA, HHA, O&SHA, and SRCA), based on the pre-designated system design
building upon the preliminary hazard list created in fulfillment of Project 3
requirements of EGR/ASEM-610. In essence, the hazard analysis was conducted in
accordance with the PHL methodology presented by Ericson, (2016), which guides
that hazard analysis should be systematic; it should start with identifying the
potential hazard by drawing a preliminary hazard list, and then proceed to
analyze the nature and form of vulnerabilities as dictated by different hazard
analysis types and techniques through PHA, SSHA, SHA, HHA, O&SHA, and SRCA.
The table below summarizes the definitions of these
hazard analysis techniques.
|
Hazard Analysis Technique
|
Full Name
|
Focus
|
|
PHL
|
The Preliminary Hazard List
|
Identifies various vulnerabilities inherent to system components
|
|
PHA
|
Preliminary Hazard Analysis
|
Analyzes the hazards identified by the PHL
|
|
SSHA
|
Subsystem and System Hazard Analyses
|
Analyzes the general and subsystem component hazards
|
|
SHA
|
System Hazard Analyses
|
Analyzes the general system hazards
|
|
HHA
|
Health Hazard Analysis
|
Analyses the health hazards posed by the general system
|
|
O&SHA,
|
Operating and Support Hazard Analysis
|
Analyzes the hazards association with human factors
|
|
SRCA
|
Safety Requirements Criteria Analysis
|
Analyzes the hazards associated with safety and criteria
requirements
|
The list components
that informs the scope of the analyses are varied and include: cannon tube,
subsystem cannon tube, breech bore evacuator, muzzle brake, thrust collar,
travel lock, hydraulic subsystem, rammer variable recoil, cannon equilibrator,
power pack, actuating valve, tray handle, blocking valve, cylinder valve,
sighting subsystem, elbow telescope, panoramic telescope, panoramic telescope,
ballistic cover, alignment device, collimator, and dial sight. The assessment task was to identify the hazards
inherent to these components by filing the excel sheet.
The scope of subsequent PHA, SSHA, SHA, HHA, O&SHA, and SRCA was further limited to
hardware, system functions, energy sources, software, hazardous operation and
hazardous material. Thus, the analysis work largely entailed identifying the
hazards, analyzing them and filling the 7 HAT worksheets corresponding to these
areas.
Findings and Analysis of PHA, SSHA, SHA, HHA, O&SHA, and SRCA
The M109 Howitzer Fire Control System
analysis based on PHA, SSHA, SHA, HHA, O&SHA, and SRCA presents different
forms of multi-faceted hazards, which have different magnitudes of effects to
the system, as well as the operating personnel and the successfulness of the
mission (see the filled-in Excel sheet attached along this paper). These different forms of hazard can be
broadly divided into five areas: hazardous components, hazardous functions,
Energy sources, hazardous operation and hazardous material. These areas are
discussed in the corresponding section.
Hazardous
Components
The
PHA, SSHA, SHA, HHA, O&SHA, and SRCA analysis reveals various hazardous
functions associated with the M109 Howitzer Fire Control System, which poses
different health and safety risks. The associated risks largely have to do with
likelihood of mission failure, system destruction and causing injury to the
personnel. The examples of hazards and associated risks include the variable
recoil system hitting the personnel that results either injury or damage to the
system itself. Another example of the hazard is failure of the M82 primer or M4
Series Propelling Charges that results in the minute delay in the mission or
possible mission failure. Other examples of hardware hazards that could result
in similar problems are computer button failure, radio failure and monitor
failure, among others. The M109 Howitzer Fire Control System also relies on the
computer to integrate the functions of Vehicle Reference Unit, Gunner's Display
Unit (GDU), Vehicle Motion Sensor (VMS), Commander's Control and Display Unit
& Tactical Computer (CDU&TC) and the Muzzle Velocity Radar (MVR). The computer works based on the
programmable software. The failure of the software can result in a number of
risks, including harming the personnel and destruction of system translating
to mission failure. The software is
vulnerable to problems such as the virus and errors in programming that slows
the system or causes total failure. Software error could result cause the computer
to displays incorrect data or unreadable data, resulting in round landing off
target, causing loss of personnel and equipment. The unreadable computer
display can also result in mission failure due to digital communications.
Hazardous
Functions
The
PHA, SSHA, SHA, HHA, O&SHA, and SRCA analysis of system function presents
various hazards associated with the M109 Howitzer Fire Control System. The
effects of these system hazards are also varied, including the harming the
personnel, destruction of system and mission failure. All the M109 Howitzer
Fire Control Systems, which include Vehicle Reference Unit, Gunner's Display
Unit (GDU), Vehicle Motion Sensor (VMS), Commander's Control and Display Unit
& Tactical Computer (CDU&TC) and the Muzzle Velocity Radar (MVR) are
subject to hazards inherent to system components, material, hardware and
software that could either harm the personnel or cause malfunction.
Energy
Sources
Based on PHA, SSHA, SHA, HHA,
O&SHA, and SRCA analysis, the M109 Howitzer Fire Control System is
presented with various hazardous energy sources. One of the energy sources of
the system is diesel, which is burnt to generate the system power. The system is also fitted with a battery to
provide energy to ignition circuit systems and power some operations. The
combustion of oil can by accompanied by the production of harmful gases such as
carbon monoxide that can cause illness, permanent neurological damage, loss of
life. The battery can also malfunction and cause the failure of the entire
system and failure. A similar problem can be caused by the malfunctioned
generators.
Hazardous
Operation
The M109 Howitzer Fire Control System is
subject to various hazardous operations that are revealed in PHA, SSHA, SHA,
HHA, O&SHA, and SRCA. For example, the GDU can fail to display correct
data, denying the crew the needed information to perform the mission. The
premature or late functioning of fuze up to 1 sec could cause the Round to
detonate as close as 300 meters from tube, resulting in the injury to personnel
and equipment. The loss communication during fire mission can cause failure to
receive emergency voice commands resulting in failed mission. The propellant
may fail to ignite properly in a cook off, which could cause a blowback. This
problem could lead to the potential injury or loss of life to personnel and
damage to the equipment. The operation failures are also associated with
different human factors. For example, the failure to inspect ammunition could
result in unnecessary ammunition malfunctions, which could cause bodily injury.
The improper lay for elevation will result in round impacting left or right of
the target causing possible loss of life, while the wrong fuze settings will
result in premature or late round exploding, which could cause injury or loss
of life to personnel.
Hazardous
Material
The
M109 Howitzer Fire Control System also entails interaction to various hazardous
materials that could either harm the personnel or destroy system and limit the
mission success, as revealed by PHA, SSHA, SHA, HHA, O&SHA, and SRCA. For
example, tritium gas escaping from the broke valves could be inhaled by
operating personnel. This contact could
cause different health problems depending on exposure. It could also cause the
system to fail to illuminate and result in mission failure. The propellant
charge disposal requires burning of charges, and can lead to damage to
environment or cause injuries to personnel and destruction to the equipment.
Diesel fuel spill during refueling could cause injury to eyes, skin, lungs and
it is an environmental hazard, too. Hydraulic
fluid spill may cause swelling and redness to the skin. It can also cause intestinal problems which
could ultimately lead to death and presents an environmental pollutant.
Radiator coolant (Anti-freeze) spillage is poisonous to humans and other animals. If ingested can lead to severe diarrhea,
vomiting, kidney failure and death.
Conclusion and Recommendations
In conclusion, the aim of this paper was to perform a hazard
analysis of the M109 Howitzer, focusing on its fire control system. This analysis
has been motivated by the acknowledgement of the severe restrictions of
operation that are placed on the modern combat machines by the traditional
methods of deployment and survey systems, which necessitates questioning and
assessing whether the artillery fire control systems are well placed to provide
the highly adaptive and effective solutions that keep abreast with the modern
deployment environment.
M109 Howitzer Fire Control System comprises of different elements,
including Vehicle Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion
Sensor (VMS), Commander's Control and Display Unit & Tactical Computer
(CDU&TC) and the Muzzle Velocity Radar (MVR). The hazard assessment has been accomplished using the Hazard
Analysis Types and Techniques (PHL, PHA, SSHA, SHA, HHA, O&SHA, and SRCA).
The PHL was interested in hazards inherent to components of the subsystems, while the subsequent PHA, SSHA, SHA,
HHA, O&SHA, and SRCA narrowed on issues pertaining to hardware, system
functions, energy sources, software, hazardous operation and hazardous
material.
The assessment has revealed the existence of various hazards that
exist at different levels (see the attached filled-in Excel sheet). As can be
inferred, every element, including hardware, system functions, energy sources,
software, hazardous operation and hazardous material has some underlying hazard
factors. More importantly, all the identified hazards have the potential of
causing serious health and safety risks such as fire explosions, environmental
pollution, personnel injury, poisoning and system destruction.
In light of these issues, several recommendations can be put
forth. Firstly, the safety management team will need to first recognize that
most hazards cannot be completely eliminated because they are inherent to
system components. Therefore, the most appropriate ramification measures should
include managing the systems to minimize risks. This process should be done at two
levels: system management and personnel management. In this case, the system management
level concerns itself with all the measures facing M109 Howitzer Fire Control
System, which include maintaining and upgrading systems to foster efficiency
and reduce faults. In contrast, personnel management focuses on addressing the
human factor risks, which include training and development of the human
resource to improve their skills and capacity to assure efficiency and shun
personnel-related health and safety risks.
It will also important for the safety team to develop healthy and
safety checklist tailored to these areas. Monitoring and evaluation of system
health and safety should also be continuous and objective. Incidents and
accidents should also be objectively documented to inform corrective and
preventative actions. The safety management team is presented with techniques
such as Root-cause analysis (RCA) for managing and preventing mishaps. Root-cause
analysis (RCA) spans processes, approaches, techniques, and tools that seek to
identify and address the cause of a problem to prevent it from recurring (Sue,
2017). In other words, RCA can be conceived as an integrated approach that
breaks down processes and systems and studies to establish nonconformities,
guided by questions such as what happened, why the incidents happen and the
changes that ought to be taken to prevent the problem. The model rightly
assumes that problems that occur in systems may be varied but traces to certain
main causes that, if addressed, would prevent other problems from happening. It
then also rightly recognizes that system components are so holistically related
that they should be approached using an integrated system approach. Like RCA, other
tools such Failure Mode and Effect Analysis
(FMEA) also present comprehensive and systematic steps for identifying and
addressing the causes of errors that compromise the health and safety (Dubale,
Suleman, & Gurmesa, 2017). Evidently, the process of managing health and
safety within the M109 Howitzer Fire Control System can be seen to be
relatively demanding to the extent that it can be inferred to particularly
count on informed management.
References
ASELSAN. (2018). Fire
Control Systems. Retrieved from
http://www.aselsan.com.tr/en-us/press-room/Brochures/Command-Control-Comm-Computer-Systems/FIRE_CONTROL_SYSTEMS_ENG.pdf
Astronautics (2018). Artillery
Fire Control System. Retrieved from
http://www.astronautics.co.il/land/artillery-fire-control-system
Department of the Army (1994). Operator’s Manual For Howitzer, Medium,
Self-Propelled,155mm. BAE Systems Land & Armaments, L.P.
Unlimited Government Rights
Dubale, S., Suleman, S., & Gurmesa, A. (2017). Failure Mode and Effect Analysis (FMEA) of
IV-Medication Process in Mettu Karl Hospital, Mettu Town, Oromiya Regional
State, South West Ethiopia. Retrieved from https://sciforschenonline.org/journals/clinical-research/article-data/CLROA-3-118/CLROA-3-118.pdf
Ericson, C. A. (2016). Hazard
Analysis Techniques for System Safety (2nd ed.). Hoboken: John Wiley &
Sons Inc.
Military Today (2017). M109: 155 mm self-propelled artillery system. Retrieved from
http://www.military-today.com/artillery/m109.htm
Sue, A. (2017). Root Cause Analysis (RCA) Getting to the Reasons
for the Problem. 2017 NCALA Symposium
People, Purpose and Passion Winston-Salem, NC October 10, 2017
No comments:
Post a Comment