Your search keyword '"Alessandro Tugnoli"' showing total 27 results

1. Projectile perforation models for the vulnerability assessment of atmospheric storage tanks

Author

Matteo Iaiani, Riccardo Sorichetti, Alessandro Tugnoli, and Valerio Cozzani

Subjects

Environmental Engineering, General Chemical Engineering, Environmental Chemistry, Safety, Risk, Reliability and Quality

Published

2022

2. Identification of reference scenarios for security attacks to the process industry

Author

Matteo Iaiani, Alessandro Tugnoli, and Valerio Cozzani

Subjects

Environmental Engineering, General Chemical Engineering, Environmental Chemistry, Safety, Risk, Reliability and Quality

Published

2022

3. Integrated management of safety and security in Seveso sites - sociotechnical perspectives

Author

Marja Ylonen, Alessandro Tugnoli, Gabriele Oliva, Jouko Heikkila, Minna Nissila, Matteo Iaiani, Valerio Cozzani, Roberto Setola, Giacomo Assenza, Dolf van der Beek, Wouter Steijn, Nadezhda Gotcheva, Ernesto Del Prete, Marja Ylonen, Alessandro Tugnoli, Gabriele Oliva, Jouko Heikkila, Minna Nissila, Matteo Iaiani, Valerio Cozzani, Roberto Setola, Giacomo Assenza, Dolf van der Beek, Wouter Steijn, Nadezhda Gotcheva, and Ernesto Del Prete

Subjects

Cybersecurity, Sociotechnical, Integrated management, Samfunnsvitenskap: 200 [VDP], Public Health, Environmental and Occupational Health, Building and Construction, SDG 3 - Good Health and Well-being, Security, Seveso, Safety, Safety, Risk, Reliability and Quality, Safety Research

Abstract

The call for integrated management of safety and security (IMSS) derives from intensification of digitalisation development and the increased reliance on information communication technologies (ICT) in high-risk industries, such as the chemical and process industry. This development means tightened interconnectedness between industrial automation and control and information technology systems. As a result, the risk landscape is changed towards a stronger interconnectedness of safety, physical and (cyber)security risks, which may lead to major accidents. The objective of this paper is to examine the motivations for IMSS, the current state of IMSS, the cybersecurity-induced risks, including the actualisation of interconnected risks and some sociotechnical tools for IMSS in Seveso plants. They are plants where certain quantities of dangerous substances are present, which are subject to the requirements of the Seveso III Directive (2012/18/EU). The data considered is open source and related to cyber and physical security-induced accidents; interviews with the representatives of Seveso sites and regulators; and literature. The method is qualitative content analysis. The results show that, despite the ongoing development in IMSS at the Seveso sites, IMSS is still in its infancy. Indeed, cybersecurity is often handled in a separate IT department, and the communication with process-safety experts is often inadequate. Furthermore, safety and security risk identification and assessment are essentially undertaken separately. To achieve a real IMSS, we argue that the co-existence of technical and organisational, including structural, functional and cultural development is a fundamental aspect. The combination of such complementary aspects represents the main novelty of this study.

Published

2022

4. Multi-target Inherent Safety Indices for the Early Design of Offshore Oil&Gas Facilities

Author

Sarah Bonvicini, Anna Crivellari, Valerio Cozzani, Alessandro Tugnoli, Crivellari A., Bonvicini S., Tugnoli A., and Cozzani V.

Subjects

Environmental Engineering, Computer science, General Chemical Engineering, 0211 other engineering and technologies, 02 engineering and technology, 010501 environmental sciences, 01 natural sciences, Conceptual design, SAFER, Credibility, Process safety, Environmental Chemistry, Safety, Risk, Reliability and Quality, Inherently safer design, 0105 earth and related environmental sciences, 021110 strategic, defence & security studies, Key performance indicator, Hazard, Risk analysis (engineering), Major accident hazard, Oil&Gas operation, Offshore installation, Inherent safety, Metric (unit), Performance indicator

Abstract

Improved tools are needed to manage major accident hazard of progressively more complex offshore oil&gas systems in environmentally sensitive areas. Inherent safety principles provide a strategic opportunity to reduce major accident hazards since the early design phase, but a suitable metric to orient safer design choices is needed to apply such principles intro practice. This study aims at providing a systematic approach to the assessment of the hazard profile of alternative process designs in offshore oil & gas production facilities. A novel methodology providing a ranking of inherently safer solutions in conceptual design is described. The methodology is able to highlight the different contributors to the safety profile of the offshore oil & gas production system, linking them to the specific features of the design. The proposed approach, based on multi-criteria Key Performance Indicators (KPIs), addresses different targets (people, assets, environment) and provides a quantitative assessment of the safety score, accounting for both the possible accident consequences and their credibility. An application to a case study concerning an offshore facility for gas production is discussed to demonstrate the potential of the methodology.

Published

2021

5. Key performance indicators for environmental contamination caused by offshore oil spills

Author

Sarah Bonvicini, Valerio Cozzani, Anna Crivellari, Alessandro Tugnoli, Crivellari A., Bonvicini S., Tugnoli A., and Cozzani V.

Subjects

Environmental Engineering, business.industry, Environmental contamination, General Chemical Engineering, Environmental resource management, Fossil fuel, Oil installation, Context (language use), Contamination, Marine pollution, Offshore oil spill, Gas installation, Environmental Chemistry, Environmental science, Submarine pipeline, Performance indicator, Safety, Risk, Reliability and Quality, Risk assessment, business, Risk management, KPI

Abstract

Oil spills during offshore operations are likely to cause severe contamination of the sea. The identification of the environmental effects of accidental releases from offshore oil and gas facilities plays a crucial role in the prevention and mitigation of marine pollution. Key Performance Indicators (KPIs) are largely recognized as an effective tool to address and communicate multifaceted issues related to accidental events in the framework of risk management. In the context of Oil Spill Risk Assessment (OSRA) studies, this study proposes a set of KPIs addressing the potential environmental contamination caused by on-surface oil spills from offshore oil and gas installations. A layered approach was defined, based on three different levels of KPIs having an increasing complexity and providing an increasing amount of information. The environmental KPIs defined allow a preliminary quantitative assessment of the environmental contamination due to the oil spill scenarios defined in the ENVironmental hazards IDentification (ENVID) studies carried out for oil and gas installations, providing a preliminary ranking of the expected environmental effects of the spills and supporting their prioritization in order to select those which should undergo a more accurate Environmental Risk Assessment study (ERA).

Published

2021

6. Analysis of Cybersecurity-related Incidents in the Process Industry

Author

Valerio Cozzani, Alessandro Tugnoli, Sarah Bonvicini, Matteo Iaiani, IAIANI M., TUGNOLI A., BONVICINI S., and COZZANI V.

Subjects

major event, Process (engineering), Population, 0211 other engineering and technologies, 02 engineering and technology, Computer security, computer.software_genre, Industrial and Manufacturing Engineering, cybersecurity-related incident, Hazardous waste, security vulnerability assessment, Safety, Risk, Reliability and Quality, education, process industry, cyber-attack, Hacker, 021110 strategic, defence & security studies, education.field_of_study, 021103 operations research, business.industry, Seveso site, Automation, Identification (information), Damages, Cyber-attack, Past incident analysi, business, computer

Abstract

The digital transition in the process industry is characterized by a high level of automation and an increasing connection with external networks, which makes facilities vulnerable to cybers-threats. A cyber-attack, beside economic and reputational damages, can potentially trigger major events (e.g. releases of hazardous materials, fires, explosions) with severe consequences on workers, population, and the environment. In the present study, the cybersecurity-related incidents that occurred in the process industry and in similar industrial sectors (chemical, petrochemical, energy production, water/wastewater treatment) were investigated. The aim of the study is to frame a clear picture of the cyber-attacks on the automated control systems of process facilities and to issue lessons learnt from past incidents. The study is based on the development and analysis of a database of 82 cybersecurity-related incidents gathered from various sources. Time trend, geographical distribution, distribution among the industrial sectors, impacts of the incidents, and nature of the cyber-attacks (attacker, intentional/accidental type, system infected) were investigated. The analysis of a sub-set of more detailed incidents allowed the identification of the general steps of a cyber-attack on automated control systems of a process facility, the main hacking techniques used by the attackers and the more common cybersecurity countermeasures applicable to the prevention of a cyber-attack.

Published

2021

7. Outage and asset damage triggered by malicious manipulation of the control system in process plants

Author

Matteo Iaiani, Alessandro Tugnoli, Valerio Cozzani, Paolo Macini, Iaiani M., Tugnoli A., Macini P., and Cozzani V.

Subjects

Operability, System integrity, Computer science, Cyber-attack, 0211 other engineering and technologies, 02 engineering and technology, Asset (computer security), Industrial and Manufacturing Engineering, Business interruption, Safety, Risk, Reliability and Quality, Risk management, 021110 strategic, defence & security studies, 021103 operations research, business.industry, Work in process, Asset damage, Identification (information), Risk analysis (engineering), Hazard identification, Major accident hazard, Chemical and Process Industry, Safety instrumented system, Security, business

Abstract

Intentional acts consisting in remote (cyber) or physical manipulations of the BPCS (Basic Process Control System) and the SIS (Safety Instrumented System) of a process plant may result in severe consequences for the affected industrial facilities. Interruption of productivity, with or without asset damages, generally results in huge economic losses and, at times, in damages to reputation, people and the environment. Despite the existence of several international standards aimed at the assessment and management of cybersecurity of IT (Information Technology) and OT (Operational Technology) systems of a facility, only few contributions are present in the literature addressing the concrete connection between malicious manipulations of the BPCS and SIS systems and the impacts on the physical process system that can be initiated. In this panorama, the present work fills this gap by developing a systematic qualitative methodology supporting the identification of possible security events affecting the operability and/or system integrity of a process plant, of the malicious manipulations by which they may be initiated, and of the existing safeguards in place. The results can be used within the standard procedure for cyber risk management of the IT-OT system (e.g. ISA/IEC 62443), to support the identification of protection requirements and countermeasures. The methodology is complementary to current safety and security assessments and is intended for application to front-end design phase as well as to the security review of operating plants. The methodology was applied to a case study (an offshore Oil&Gas compression plant) to demonstrate the potential of the methodology and the results obtained.

Published

2021

8. Quantitative assessment of domino effect and escalation scenarios caused by fragment projection

Author

Giordano Emrys Scarponi, Valerio Cozzani, Alessandro Tugnoli, Giacomo Antonioni, Tugnoli A., Scarponi G.E., Antonioni G., and Cozzani V.

Subjects

Cascading event, Mathematical model, Computer science, Fragment impact probability, Fragment projection, Domino effect, computer.software_genre, Industrial and Manufacturing Engineering, Domino, Quantitative risk assessmen, Equipment failure, Fragment (logic), Major accident hazard, Quantitative assessment, Data mining, Safety, Risk, Reliability and Quality, Projection (set theory), Risk assessment, computer

Abstract

Fragment projection from equipment failure has been extensively recognized as a cause of cascading events and of severe domino scenarios. In recent years several mathematical models suitable for the quantitative assessment of risk due to domino effects and cascading events were developed and validated, but a systematic methodology for quantitative risk assessment caused by fragment projection and impact is still missing. In the present study, a step-by-step approach is proposed for the assessment of domino risk indices due to fragment projection. The approach builds on available sub-models for the quantitative assessment of fragment generation, impact and damage probabilities. Altogether, the proposed model supports a quantification of the risk due to escalation triggered by fragment impact that can be easily automated and integrated in risk assessment studies.

Published

2022

9. Analysis of events involving the intentional release of hazardous substances from industrial facilities

Author

Valeria Casson Moreno, Genserik Reniers, Valerio Cozzani, Alessandro Tugnoli, Matteo Iaiani, Iaiani M., Casson Moreno V., Reniers G., Tugnoli A., and Cozzani V.

Subjects

021110 strategic, defence & security studies, 021103 operations research, Computer science, Attack pattern, 0211 other engineering and technologies, 02 engineering and technology, Adversary, Permission, Computer security, computer.software_genre, Industrial and Manufacturing Engineering, Toolbox, Chemical and process industry, Hazardous waste, Security, Intentional act, Attack patterns, Ishikawa diagram, Past incident analysi, Safety, Risk, Reliability and Quality, Root cause analysis, Correspondence analysi, computer, Physical security

Abstract

Industrial infrastructures, in particular those where hazardous substances are stored or handled, may be the target of malicious acts aiming at the disruption of normal operations. In the present study a toolbox of complementary and synergic techniques (Correspondence Analysis (CA), Fishbone Diagrams, Cause-Consequence Chains, Adversary Sequence Diagram, Root Cause Analysis) was applied to the in-depth analysis of physical security- and cybersecurity-related events that affected the process industry. The unprecedented original set of information obtained provides novel insights concerning these events. Clear correlations among security threats, including cyber-threats, and specific industrial sectors, as well as among the final scenarios and the different security threats from which they originate were identified by CA. In particular, vandalism resulted strongly correlated with the transportation of hazardous substances, and theft of materials with oil and gas pipelines. When considering chemical and petrochemical sites, cyber-attacks and the use of improvised explosives resulted to be the most common attack modes performed by the threat actors. Personnel and vehicle gateways resulted key elements when designing the Physical Protection System (PPS) of a facility. Insiders having the permission to enter the site bypass such controls, and were responsible of several successful attacks. Overall, the results confirm the concreteness of security-related events in the process industry and provide an original structured and detailed insight on the attack patterns experienced to date. Moreover, the results and the data obtained provide a novel set of baseline information for the application of SVA (Security Vulnerability Assessment) or SRA (Security Risk Assessment) methodologies in facilities where hazardous substances are stored or processed.

Published

2021

10. HazMat transportation risk assessment: A revisitation in the perspective of the Viareggio LPG accident

Author

Valerio Cozzani, Sarah Bonvicini, M. Molag, Giacomo Antonioni, Gabriele Landucci, Alessandro Tugnoli, Landucci, G., Antonioni, G., Tugnoli, A., Bonvicini, S., Molag, M., and Cozzani, V.

Subjects

Risk, Hazardous materials transportation, Risk analysis, Engineering, Major accident hazards, General Chemical Engineering, Transportation risk analysis, Accident data analysis, 0211 other engineering and technologies, Energy Engineering and Power Technology, 02 engineering and technology, Management Science and Operations Research, Industrial and Manufacturing Engineering, Transport engineering, Accident data analysi, Hazardous waste, 0502 economics and business, Chemical Engineering (all), Safety, Risk, Reliability and Quality, Accident (philosophy), 050210 logistics & transportation, 021110 strategic, defence & security studies, business.industry, 05 social sciences, Perspective (graphical), Quantitative risk assessment, Control and Systems Engineering, Food Science, Risk analysis (engineering), Major accident hazard, Reliability and Quality, Safety, business, Risk assessment

Abstract

The Seveso accident triggered a virtuous process towards the development of methods, models and tools for safety and risk assessment and management. Among the more relevant results of such process was the stemming of methods and tools addressing the transportation of hazardous substances in the framework of a holistic approach to the control of major accident hazards related to dangerous substances. The present study aims at the analysis of reference procedures and tools available for the analysis of the risk in the transportation of dangerous substances in the light of the Viareggio accident. The Viareggio accident represents a paradigmatic event involving the transportation of dangerous substances. The accident, that took place in Italy in 2009, was analyzed in the perspective of current approaches to the analysis of risk in the transportation of hazardous materials. The results pointed out that the Viareggio scenario, although of particular severity, is comprised within those accounted in quantitative risk analysis.

Published

2017

11. Hazard identification for innovative LNG regasification technologies

Author

Alessandro Tugnoli, Nicola Paltrinieri, Valerio Cozzani, Nicola Paltrinieri, Alessandro Tugnoli, and Valerio Cozzani

Subjects

Regasification, Engineering, Process (engineering), business.industry, Safety and Loss Prevention, LNG regasification, EARLY WARNINGS, Hazard analysis, Civil engineering, Industrial and Manufacturing Engineering, Identification (information), Risk analysis (engineering), Atypical scenario, LNG, HAZARD IDENTIFICATION, Environmental impact assessment, Safety, Risk, Reliability and Quality, business

Abstract

Emerging risks may arise from process intensification and new scenarios due to the innovative technologies and higher potentialities of new LNG regasification facilities. In the conventional hazard identification process it is difficult to include new scenarios related to innovative technologies or facilities, for which limited or no operational experience is available. In the present study, a new technique for HAZard IDentification (HAZID), named Dynamic Procedure for Atypical Scenarios Identification (DyPASI), was applied to identify atypical accident scenarios in LNG terminals. The technique aims to make easier and more systematic the process of learning from early warnings and identify atypical accident scenarios otherwise disregarded by common HAZID techniques. The comparison with a survey of the accident scenarios typically considered in available Environmental Impact Assessment (EIA) studies evidences that DyPASI is a valuable tool to obtain a complete and updated overview of potential hazards in particular for new or innovative technologies, where limited operational experience is available.

Published

2015

12. Major accidents triggered by malicious manipulations of the control system in process facilities

Author

Matteo Iaiani, Sarah Bonvicini, Valerio Cozzani, Alessandro Tugnoli, Iaiani M., Tugnoli A., Bonvicini S., and Cozzani V.

Subjects

Automatic control, Exploit, Computer science, Process (engineering), Cyber-attack, 0211 other engineering and technologies, Poison control, 02 engineering and technology, Chemical and process industry, 021105 building & construction, 0501 psychology and cognitive sciences, Safety, Risk, Reliability and Quality, Remote attack, 050107 human factors, Chain of events (aeronautics), 05 social sciences, Public Health, Environmental and Occupational Health, Seveso sites, Identification (information), Hazard identification, Risk analysis (engineering), Major accident hazard, Security, Safety instrumented system, Safety Research

Abstract

Security threats on the industrial automated control systems (IACSs) are becoming a growing concern for all the industrial facilities, and in particular for those where large quantities of hazardous substances are stored or handled (e.g. Seveso sites in Europe). Remote (cyber) or physical malicious manipulations of the automated control system of Seveso sites may have consequences comparable to those of conventional major accidents due to internal causes (e.g. loss of containment of hazardous materials, fires, explosions). While consolidated approaches exist to manage and control the cybersecurity of IT and OT systems of a facility, there is an evident lack of procedures to assess the actual link between malicious manipulations of the safety and control systems and the major accidents that can be triggered. In the present study, a specific methodology (PHAROS) was developed to address the identification of major accident scenarios achievable by malicious manipulation of physical components of the plant through the control and safety instrumented systems. The methodology, which exploits a reverse-HazOp concept, also analyses the role of the existing safety barriers in contrasting the chain of events triggered by the malicious manipulation, and may support the definition of design specifications and/or possible IT protection requirements for such barriers. The methodology was applied to a demonstrative case study to understand the features of the results obtained and their potential towards the improvement of the security of the process facility.

Published

2021

13. Reference criteria for the identification of accident scenarios in the framework of land use planning

Author

Lorenzo Van Wijk, Alessandro Tugnoli, Gigliola Spadoni, Zsuzsanna Gyenes, Michalis Christou, Valerio Cozzani, Alessandro Tugnoli, Zsuzsanna Gyene, Lorenzo Van Wijk, Michalis Christou, Gigliola Spadoni, and Valerio Cozzani

Subjects

Engineering, business.industry, General Chemical Engineering, Energy Engineering and Power Technology, Land-use planning, Management Science and Operations Research, Major Accident Hazard, Risk Assessment, Hazardous Substances, Industrial and Manufacturing Engineering, Transport engineering, Accident Scenario, Identification (information), Accident (fallacy), Risk analysis (engineering), Control and Systems Engineering, Scale (social sciences), Land Use Planning, Relevance (information retrieval), Safety, Risk, Reliability and Quality, Risk assessment, business, Food Science

Abstract

Land use planning (LUP) around industrial sites at risk of major accidents requires the application of sound approaches in the selection of credible accident scenarios. In fact, the ‘technical’ phase of LUP is based on the identification and assessment of relevant accident scenarios. An improper choice of scenarios may critically affect both the ‘technical’ phase of risk assessment and the following ‘policy’ phase concerning decision making on land-use restrictions and/or licensing. The present study introduces a procedure aimed at the systematic identification of reference accident scenarios to be used in the gathering of technical data on potential major accidents, which is a necessary step for LUP around Seveso sites. Possible accident scenarios are generated by an improved version of the MIMAH methodology (Methodology for the Identification of Major Accident Hazards). The accident scenarios are then assessed for LUP relevance considering severity, frequency and time scale criteria. The influence of prevention and mitigation barriers is also taken into account. Two applications are used to demonstrate the proposed procedure. In both case-studies, the proposed methodology proved successful in producing consistent sets of reference scenarios.

Published

2013

14. Quantitative assessment of safety barrier performance in the prevention of domino scenarios triggered by fire

Author

Valerio Cozzani, Gabriele Landucci, Francesca Argenti, Alessandro Tugnoli, Landucci, G., Argenti, F., Tugnoli, A., and Cozzani, V.

Subjects

Engineering, Risk assessment, Domino effect, Layer of protection analysis, business.industry, Fire protection, Major-accident hazard, Quantitative risk assessment, Safety barrier, Domino effect, Fire, Industrial and Manufacturing Engineering, Domino, Reliability engineering, Escalation, Major accident hazard, Safety Integrity Level, Quantitative assessment, Quantitative risk assessment, Safety engineering, Safety, Risk, Reliability and Quality, Risk assessment, business, Layer of protection analysi

Abstract

The evolution of domino scenarios triggered by fire critically depends on the presence and the performance of safety barriers that may have the potential to prevent escalation, delaying or avoiding the heat-up of secondary targets. The aim of the present study is the quantitative assessment of safety barrier performance in preventing the escalation of fired domino scenarios. A LOPA (layer of protection analysis) based methodology, aimed at the definition and quantification of safety barrier performance in the prevention of escalation was developed. Data on the more common types of safety barriers were obtained in order to characterize the effectiveness and probability of failure on demand of relevant safety barriers. The methodology was exemplified with a case study. The results obtained define a procedure for the estimation of safety barrier performance in the prevention of fire escalation in domino scenarios. © 2015 Elsevier Ltd.

Published

2015

15. Release of hazardous substances in flood events: Damage model for horizontal cylindrical vessels

Author

Valerio Cozzani, Alessandro Tugnoli, Amos Necci, Gabriele Landucci, Giacomo Antonioni, Landucci, G., Necci, A., Antonioni, G., Tugnoli, A., and Cozzani, V.

Subjects

Engineering, Hazardous materials release, Flood myth, business.industry, Storage tanks, Pressure vessels, NaTech, Flood, Major accident hazard, Industrial and Manufacturing Engineering, Pressure vessel, Fragility, Hazardous waste, Storage tank, Forensic engineering, Safety, Risk, Reliability and Quality, business

Abstract

Severe accidents may be triggered by the impact of floods on process and storage equipment containing hazardous substances. The present study analyses the possible damage of horizontal cylindrical equipment, either operating at atmospheric or at higher pressures. A mechanical damage model was developed and validated by available literature data on past accidents. Simplified correlations were then obtained to calculate the critical flooding conditions leading to vessel failure. A fragility model was proposed for the straightforward assessment of equipment damage probability in the framework of the quantitative risk assessment of NaTech scenarios triggered by floods. A case-study was discussed to test the potentialities of the method.

Published

2014

16. Performance assessment of thermal protection coatings of hazardous material tankers in the presence of defects

Author

Alessandro Tugnoli, Giordano Emrys Scarponi, Gabriele Landucci, Valerio Cozzani, A. M. Birk, Scarponi, Giordano Emry, Landucci, Gabriele, Tugnoli, Alessandro, Cozzani, Valerio, and Birk, Albrecht Michael

Subjects

Risk, Hazardous material transportation, Environmental Engineering, Maintenance, General Chemical Engineering, Finite element analysi, 0211 other engineering and technologies, 02 engineering and technology, engineering.material, Civil engineering, Key performance indicators, 020401 chemical engineering, Coating, Hazardous waste, Environmental Chemistry, Chemical Engineering (all), 0204 chemical engineering, Safety, Risk, Reliability and Quality, Fireproofing, 021110 strategic, defence & security studies, business.industry, Finite element analysis, Thermal protection, Structural integrity, Key performance indicator, Major accident hazard, Finite element method, Containment, Reliability and Quality, engineering, Performance indicator, Safety, business, Marine engineering

Abstract

Fires following road or railway accidents may escalate and cause catastrophic loss of containment and extremely severe final scenarios when hazardous material tankers are engulfed in flames. A heat-resistant coating is usually adopted to protect such tankers. However, defects may form on the coating due to wear, erosion, or accidental failures, thereby affecting the effectiveness of the thermal protection. In the present study, a methodology was developed to assess the performance of thermal protection coatings in the presence of defects. A thermal model based on finite element modeling (FEM) was developed to reproduce the behavior of tankers coated with defective insulation when exposed to fires. Experimental data were used to validate the model, which allowed to determine the temperature profile of tank shell with respect to time under different fire conditions. Specific key performance indicators (KPIs), calculated on the basis of the results of FEM simulations, were defined. The KPIs allow the identification of threshold conditions in which fireproofing performance is degraded and jeopardizes the structural integrity of the protected vessel when involved in fire. An approach based on the KPIs was developed to support the implementation of on-condition inspection-based maintenance strategies of thermal coatings.

Published

2017

17. Comparison of UDM and CFD simulations of a time varying release of LPG in geometrical complex environment

Author

Marko Gerbec, Giacomo Antonioni, Alessandro Tugnoli, Valerio Cozzani, Romain Lelong, Mehdi Sbaouni, M. Pontiggia, Gerbec, M., Pontiggia, M., Antonioni, G., Tugnoli, A., Cozzani, V., Sbaouni, M., and Lelong, R.

Subjects

Engineering, Unified Dispersion Model, General Chemical Engineering, 0211 other engineering and technologies, Energy Engineering and Power Technology, 02 engineering and technology, Management Science and Operations Research, Computational fluid dynamics, Computational Fluid Dynamic, Industrial and Manufacturing Engineering, law.invention, Propane, 020401 chemical engineering, law, 0204 chemical engineering, Process simulation, Safety, Risk, Reliability and Quality, Dispersion (water waves), Roof, Flammability limit, 021110 strategic, defence & security studies, Jet (fluid), business.industry, Mechanics, Structural engineering, Atmospheric dispersion modeling, Dispersion, Ignition system, Control and Systems Engineering, Release modelling, business, Food Science

Abstract

The paper discusses the release and air dispersion modelling for the specific potential accident scenario case of a vertical impinging jet of propane (below the sun shade/rain roof) out of an over-filled car tanker. The main purpose was to assess the related uncertainties in impact distances downwind to the Lower Flammability Limit (LFL) and half the LFL (LFL/2) propane concentrations in the ambient air, due to the proximity of the site border (issue of the control over the ignition sources). The conventional Unified Dispersion Modelling (UDM) results were re-modelled using a dynamic process simulation (to simulate the pressure safety release valve) and dispersion modelling using a Computational Fluid Dynamic (CFD) model simulation. The CFD model enabled explicit consideration of the 3D objects and impinging jet. The comparison of the impact distances down to LFL and LFL/2 concentrations among UDM and CFD models revealed that the CFD model suggests the distances are about 2-3 times shorter, but the fire hazard (propane-air mixture) is present for approximately twice the time after cessation of the propane release. This means that conventional UDM derived results using the integrated models are to some extent conservative, while on the other hand, the duration of the fire hazard is underestimated. The results are important for risk analysts in terms of the consideration of the use of the UDM models out of the validated contexts (e.g., vertical impinging, obstacles), as well as for site managers in considering whether the ignition prevention measures (separation distances) are sufficient.

Published

2017

18. Mitigation of fire damage and escalation by fireproofing: A risk-based strategy

Author

T. Barbaresi, Valerio Cozzani, Annamaria Di Padova, F. Tallone, Alessandro Tugnoli, A. Tugnoli, V. Cozzani, A. Di Padova, T. Barbaresi, and F. Tallone

Subjects

fireproofing, Engineering, escalation, business.industry, Fire prevention, Structural integrity, Firefighting, passive fire protection, domino effect, Asset (computer security), Industrial and Manufacturing Engineering, Domino effect, Risk analysis (engineering), Major accident hazard, Passive fire protection, Fire protection, Forensic engineering, Safety, Risk, Reliability and Quality, business, Fireproofing

Abstract

Passive fire protection by the application of fireproofing materials is a crucial safety barrier in the prevention of the escalation of fire scenarios. Fireproofing improves the capacity of process items and of support structures to maintain their structural integrity during a fire, preventing or at least delaying the collapse of structural elements. Maintenance and cost issues require, however, to apply such protection only where an actual risk of severe fire scenarios is present. Available methodologies for fireproofing application in on-shore installation do not consider the effect of jet-fires. In the present study, a risk-based methodology aimed at the protection from both pool fire and jet fire escalation was developed. The procedure addresses both the prevention of domino effect and the mitigation of asset damage due to the primary fire scenario. The method is mainly oriented to early design application, allowing the identification of fireproofing zones in the initial phases of lay-out definition.

Published

2012

19. Quantitative assessment of domino and NaTech scenarios in complex industrial areas

Author

Gigliola Spadoni, Valerio Cozzani, Gabriele Landucci, Sarah Bonvicini, Giacomo Antonioni, Alessandro Tugnoli, Valerio Cozzani, Giacomo Antonioni, Gabriele Landucci, Alessandro Tugnoli, Sarah Bonvicini, and Gigliola Spadoni

Subjects

Engineering, Operations research, business.industry, Process (engineering), General Chemical Engineering, Energy Engineering and Power Technology, Quantitative risk assessment, Domino effect, Management Science and Operations Research, Industrial and Manufacturing Engineering, Domino, NaTech, Major accident hazard, Land-use planning, Work (electrical), Risk analysis (engineering), Control and Systems Engineering, Quantitative assessment, Safety, Risk, Reliability and Quality, business, Risk assessment, Food Science

Abstract

Since the late 80s the application of quantitative risk assessment to the issue of land-use planning with respect to major accident hazards emerged as a topic to be addressed within the safety assessment of chemical and process plants. However, in the case of industrial clusters or complex industrial areas specific methodologies are needed to deal with high-impact low-probability (HILP) events. In the present study, innovative methodologies developed for the quantitative assessment of risk due to domino and NaTech scenarios are presented. In recent years a set of models for the calculation of equipment damage probability were developed. A specific effort was dedicated to the improvement of models for the calculation of equipment damage probability in these accident scenarios. In the present study, the application of these models to case-studies was analyzed. The results of the improved models obtained for NaTech quantitative assessment were compared to previous results in the literature. A specific innovative approach was developed to multi-level quantitative assessment of domino scenarios, and its potential was analyzed. The results were examined also evidencing the role and the progress with respect to the pioneering work started on these topics by Franco Foraboschi.

Published

2014

20. Assessment of the hazard due to fragment projection: A case study

Author

Valerio Cozzani, Maria Francesca Milazzo, Giuseppe Maschio, Gabriele Landucci, Alessandro Tugnoli, Tugnoli, A., Milazzo, M.F., Landucci, G., Cozzani, V., and Maschio, G.

Subjects

Hazard (logic), General Chemical Engineering, Occupational disease, Energy Engineering and Power Technology, Fragment projection, Fragmentation patterns, Domino effect, Management Science and Operations Research, Case-study, Escalation, Vessel burst, Industrial and Manufacturing Engineering, Vessel burst, Probability distribution, Fragment (logic), Statistics, Range (statistics), Probability, Domino effect, Safety, Risk, Reliability and Quality, Projection (set theory), Simulation, Mathematics, Landing, Cumulative distribution function, Fragmentation (computing), Fragmentation pattern, Accident, Control and Systems Engineering, Trajectory, Industrial hygiene, Food Science

Abstract

Fragment projection following vessel burst is a possible cause of domino effects in industrial accidents. The projection of fragments from stationary equipment usually follows the catastrophic rupture of process equipment due to internal pressure exceeding design values. In recent years, a detailed model was developed to assess fragment impact probability. The model, based on the use of fragmentation patterns and of a simplified analysis of fragment trajectory, allows the calculation of impact probabilities considering different scenarios leading to vessel burst and fragment projection. In the present study a case-study was analyzed to assess model performance and to test the credibility of the model predictions for fragment number, shape and impact probability. The cumulative probability of fragment impact was found to be in good agreement with the actual distribution of the landing points experienced for the fragments formed in the accident. The maximum projection distance predicted by the model resulted comparable to the maximum landing distance experienced in the accident. The model tested thus seems to yield significant results, well in the range of those experienced in the case-study analyzed.

Published

2014

21. Supporting the selection of process and plant design options by Inherent Safety KPIs

Author

Ernesto Salzano, Valerio Cozzani, Gabriele Landucci, Alessandro Tugnoli, A. Tugnoli, G. Landucci, E. Salzano, and V. Cozzani

Subjects

Engineering, Process (engineering), General Chemical Engineering, Inherent safety, 0211 other engineering and technologies, Energy Engineering and Power Technology, 02 engineering and technology, Management Science and Operations Research, Hazard analysis, hazard identification, Industrial and Manufacturing Engineering, 020401 chemical engineering, 0204 chemical engineering, Safety, Risk, Reliability and Quality, Regasification, 021110 strategic, defence & security studies, business.industry, metric, Work in process, Reliability engineering, Identification (information), accident scenario, key performance indicator, Control and Systems Engineering, Performance indicator, Metric (unit), business, Food Science

Abstract

Effective support of inherent safety implementation in process design requires a quantitative metric for monitoring and communicating the expected safety performance of alternative design options. The Inherent Safety Key Performance Indicators (IS-KPIs) methodology was developed to provide both a flexible procedure for the identification of the hazards, and a sound consequence-based quantification of the safety performance. The integration of different hazard identification techniques yields the relevant accident scenarios for each unit in the plant. The calculation of credible damage distances by consolidate consequence simulation models provides a sound basis for the definition of the KPIs based on worst case effects. Specific indicators were devoted to hazards from external actions, as natural events and intentional malicious acts. The methodology was demonstrated by the comparison of alternative technological options for LNG regasification. The application evidenced the potential of the IS-KPI method in pinpointing the critical issues related to each alternative configuration.

Published

2012

22. Release of hazardous substances in flood events: Damage model for atmospheric storage tanks

Author

Giacomo Antonioni, Gabriele Landucci, Alessandro Tugnoli, Valerio Cozzani, G. Landucci, G. Antonioni, A. Tugnoli, and V. Cozzani

Subjects

Engineering, 020209 energy, 0211 other engineering and technologies, 02 engineering and technology, Industrial and Manufacturing Engineering, Environmental hazard, Hazardous waste, 0202 electrical engineering, electronic engineering, information engineering, Forensic engineering, Safety, Risk, Reliability and Quality, environmental hazard, 021110 strategic, defence & security studies, atmospheric tank, Vulnerability model, Flood myth, business.industry, fungi, food and beverages, hazardous materials release, damage models, Containment, 13. Climate action, major accident hazard, Storage tank, business, Risk assessment, NaTech

Abstract

The damage of storage tanks in flood events may lead to severe “natural-technological” (NaTech) accident scenarios due to the release of hazardous substances causing damage to people and environment. In the present study, damage of atmospheric storage tanks in floods was analyzed in detail. A mechanical damage model was developed and validated by available literature data on past accidents. Simplified correlations were then obtained to calculate the probability of loss of containment on the basis of severity parameters of the flood event. The tank vulnerability model was integrated in a comprehensive approach for the quantitative risk assessment of NaTech scenarios triggered by floods. A case-study was discussed to test the potentialities of the method.

Published

2012

23. The Viareggio LPG accident: Lessons learnt

Author

Valerio Cozzani, Gabriele Landucci, Marco Derudi, Valentina Busini, Renato Rota, Alessandro Tugnoli, G. Landucci, A. Tugnoli, V. Busini, M. Derudi, R. Rota, and V. Cozzani

Subjects

Engineering, Derailment, General Chemical Engineering, Rail freight transport, 0211 other engineering and technologies, Vulnerability, Energy Engineering and Power Technology, Poison control, Liquefied Petroleum Ga, 02 engineering and technology, Management Science and Operations Research, Liquefied petroleum gas, Industrial and Manufacturing Engineering, Robust decision-making, 020401 chemical engineering, 11. Sustainability, Past Accident Analysis, Forensic engineering, 0204 chemical engineering, Safety, Risk, Reliability and Quality, 021110 strategic, defence & security studies, Railway line, business.industry, Control and Systems Engineering, Damages, business, Flash-Fire, Food Science, Hazardous Material Transportation

Abstract

On June 29th, 2009 the derailment of a freight train carrying 14 LPG (Liquefied Petroleum Gas) tank-cars near Viareggio, in Italy, caused a massive LPG release. A gas cloud formed and ignited triggering a flash-fire that resulted in 31 fatalities and in extended damages to residential buildings around the railway line. The vulnerability of the area impacted by the flash-fire emerged as the main factor in determining the severity of the final consequences. Important lessons learnt from the accident concern the need of specific regulations and the possible implementation of safety devices for tank-cars carrying LPG and other liquefied gases under pressure. Integrated tools for consequence assessment of heavy gas releases in urban areas may contribute to robust decision making for mitigation and emergency planning. Language: en

Published

2011

24. Key Performance Indicators for Inherent Safety: Application to the Hydrogen Supply Chain

Author

Gabriele Landucci, Alessandro Tugnoli, Valerio Cozzani, A. Tugnoli, G. Landucci, and V. Cozzani

Subjects

Engineering, Process (engineering), business.industry, General Chemical Engineering, Supply chain, Process flow diagram, Work in process, Hazard, Reliability engineering, Inherent safety, Metric (unit), Performance indicator, Safety, Risk, Reliability and Quality, business

Abstract

The practice of inherent safety in process development and design asks for reliable and systematic assessment tools. In the present study, a novel quantitative approach developed for the inherent safety assessment of process flow diagrams in early design stages is presented. The output of the approach is a metric that quantifies the inherent safety fingerprint of the process scheme by a set of key performance indicators. Physical parameters are used for the quantification of the hazard deriving from materials, process conditions and equipment characteristics. The assessment resorts to the identification and modeling of credible accident consequences on humans and equipment. The adoption of tangible parameters based on consequence modeling yields a clear and sound picture of the inherent safety performance of a design option. An example of application focused on some envisaged options of the hydrogen supply chain (production, distribution, and utilization) is presented. © 2009 American Institute of Chemical Engineers Process Saf Prog, 2009

Published

2009

25. Inherent safety of substances: identification of accidental scenarios due to decomposition products

Author

Mauro Cordella, Gigliola Spadoni, Valerio Cozzani, Federica Barontini, Alessandro Tugnoli, M. Cordella, A. Tugnoli, F. Barontini, G. Spadoni, and V. Cozzani

Subjects

Hazard (logic), Chemical process, Engineering, business.industry, Process (engineering), General Chemical Engineering, Energy Engineering and Power Technology, Management Science and Operations Research, Contamination, Industrial and Manufacturing Engineering, Reliability engineering, Identification (information), Risk analysis (engineering), Control and Systems Engineering, Hazardous waste, Accidental, Inherent safety, Safety, Risk, Reliability and Quality, business, Food Science

Abstract

The hazard due to the unwanted formation of dangerous substances in the loss of control of a chemical industrial process is well known since the Seveso accident. The assessment of the inherent hazards related to the loss of control of a chemical process should include as well the identification of the hazards associated to the emission of possible products of unwanted reactions. This issue is among those that still need to be addressed in the design of inherently safe chemical processes. In the present study, a new approach was developed to screen the hazard profile of the unwanted products that may be formed as a consequence of process deviation from normal operating conditions. Three different categories of hazards were taken into account: acute and long-term hazard for humans, damage to ecosystems, environmental media contamination. The method allows the definition of a hazard footprint of the unwanted product mixture, and of four indices, each characterizing the potential impacts of release scenarios with respect to a specific category of hazards: acute toxicity, chronic toxicity, carcinogenicity and ecotoxicity. The four impact indices allow the identification of the more hazardous accidental scenarios that may derive from the loss of containment of the unwanted products during an accidental event. As confirmed by several case-studies, the application of the approach developed, coupled with an array of experimental protocols for the identification of the products formed under accidental conditions, results a useful tool for the screening of the potential hazards related to the formation and release of unwanted products in “out of control” conditions.

Published

2009

26. The development of an inherent safety approach to the prevention of domino accidents

Author

Alessandro Tugnoli, Ernesto Salzano, Valerio Cozzani, C.G. SOARES, E. ZIO, V. Cozzani, A. Tugnoli, and E. Salzano

Subjects

Hazard (logic), Engineering, Safety Management, Inherent safety, Hazard index, Human Factors and Ergonomics, Domino effect, Domino, Fires, Transport engineering, Escalation, Accidents, Occupational, Humans, Safety, Risk, Reliability and Quality, Safety distances, business.industry, Public Health, Environmental and Occupational Health, Models, Theoretical, Rule of thumb, Identification (information), Petroleum, Risk analysis (engineering), Chemical Industry, Metric (unit), Process industry, business

Abstract

The severity of industrial accidents in which a domino effect takes place is well known in the chemical and process industry. The application of an inherent safety approach for the prevention of escalation events leading to domino accidents was explored in the present study. Reference primary scenarios were analyzed and escalation vectors were defined. Inherent safety distances were defined and proposed as a metric to express the intensity of the escalation vectors. Simple rules of thumb were presented for a preliminary screening of these distances. Swift reference indices for layout screening with respect to escalation hazard were also defined. Two case studies derived from existing layouts of oil refineries were selected to understand the potentialities coming from the application in the methodology. The results evidenced that the approach allows a first comparative assessment of the actual domino hazard in a layout, and the identification of critical primary units with respect to escalation events. The methodology developed also represents a useful screening tool to identify were to dedicate major efforts in the design of add-on measures, optimizing conventional passive and active measures for the prevention of severe domino accidents.

Published

2007

27. Probabilistic analysis of cascading events triggered by fire

Author

Francesca Argenti, Gina Landucci, Valerio Cozzani, Alessandro Tugnoli, L. Podofillini, B. Sudret, B. Stojadinovic, E. Zio, W. Kröger, Landucci, G., Argenti, F., Tugnoli, A., and Cozzani, V.

Subjects

Risk, Computer science, Reliability and Quality, Probabilistic analysis of algorithms, Data mining, Safety, computer.software_genre, Safety, Risk, Reliability and Quality, computer

Abstract

Fires involving storage or process units were the most frequent initiating cause of severe cascading events in the chemical and petrochemical industry. Storage units were often the targets of escalation. Most industrial facilities adopt protection systems and procedural emergency measures to prevent escalation. Hence, the analysis of fire protection systems must be included in the assessment of escalation probability as well as in Quantitative Risk Assessment (QRA) procedures: the methodology illustrated in the present contribution was developed to the purpose. The methodology was based on a Layer Of Protection Analysis (LOPA) approach to account for implemented protection layers, whose performances were characterized in terms of both Probability of Failure on Demand (PFD) and effectiveness. Equipment vulnerability models were integrated with the LOPA results. Modified escalation probabilities, including the influence of safety barriers, were thus obtained. A case study was analyzed to exemplify the methodology implementation.