A Control Theoretic Approach to the Resilient Design of Extra-Terrestrial Habitats
Space habitats will involve a complex and tightly coupled combination of hardware, software, and humans, while operating in challenging environments that pose many risks, both known and unknown. It will not be possible to design habitats that are immune to failure, nor will it be possible to foresee all possible failures. Rather than aiming for designs where “failure is not an option”, habitats must be resilient to disruptions. We propose a control-theoretic approach to resilient design for space habitats based on the concept of safety controls from system safety engineering. We model disruptions using a state and trigger model, where the space habitat is in one of three distinct states at each time instance: nominal, hazardous, or accident. The habitat transitions from a nominal state to hazardous states via disruptions, and further to hazardous and accident states via triggers. We develop an approach for identifying safety controls that considers these disruptions, hazardous states, and identifies control principles and their possible control flaws. We use safety controls as ways of preventing a system from entering or remaining in a hazardous or accident state. We develop a safety control option space for the habitat, from which designers can select the set of safety controls that best meet resilience, performance, and other system goals. We show how our approach for identifying safety controls drives our control-theoretic approach for resilient design, and how that fits into the larger system safety engineering process. To identify and assess hazards, we use a database and create a network format that stores the relationships between different disruptions and hazardous states for an example space habitat. We use this database in combination with traditional hazard assessment techniques to prioritize control of possible disruptions and hazardous states. To mitigate hazards, we develop a safety control option space that contains safety controls that either prevent transition to hazardous states or return the habitat to a nominal state. We use generic safety controls, or the principle of control, to generate new safety controls as our set of disruptions and hazardous states grows, and store these in the database. Lastly, we evaluate our mitigation techniques using our control effectiveness metric, a metric intended to assess how well a safety control addresses the hazardous state or disruption that it is designed for. Our control-theoretic approach is one way in which we can complete the system safety engineering process for a space habitat system and can provide design guidance for the development of resilient space habitats.