Content uploaded by Douglas Lee Van Bossuyt
Author content
All content in this area was uploaded by Douglas Lee Van Bossuyt on Feb 28, 2019
Content may be subject to copyright.
Page 5The Journal of RMS in Systems Engineering Winter 2018–19
Douglas L. Van Bossuyt
Bryan M. O’Halloran
Nikolaos Papakonstantinous
Summary & Conclusions
is paper presents a method of assessing cable routing for systems
with signicant cabling to help system engineers make risk-in-
formed decisions on cable routing and cable bundle management.
We present the Cable Routing Failure Analysis (CRFA) method of
cable routing planning that integrates with system architecture tools
such as functional modeling and function failure analysis. CRFA
is intended to be used during the early conceptual stage of system
design although it may also be useful for retrots or overhauls of
existing systems.
While cable raceway res, cable bundle severing events, and
other common cause cable failures (e.g., rodent damage, chemical
damage, fraying and wear-related damage, etc.) are known to be
a serious issue in many systems, the protection of critical cabling
infrastructure and separation of redundant cables is often not taken
into account until late in the systems engineering process. Cable
routing and management often happens after signicant system
architectural decisions have been made. If a problem is uncovered
with cable routing, it can be cost-prohibitive to change the system
architecture or conguration to x the issue and a system owner may
have to accept the heightened risk of common cause cable failure.
Given the nature of cables where energy and signal functions are
shared between major subsystems, the potential for failure propaga-
tion is signicant.
A System Design Method
to Reduce Cable Failure
Propagation Probability
in Cable Bundles
Page 6The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
rough a more complete understand-
ing of power and data cabling requirements
during system architecting, a system de-
sign can be developed that minimizes the
potential for collocation of critical cable
infrastructure. Reductions in critical ca-
bling collocation may lead to a reduction in
potential failure propagation pathways. e
CRFA method presented in this paper relies
on functional failure propagation probability
calculation methods to identify and avoid
potential high-risk cable routing choices.
e implementation of the CRFA method
may help system engineers to design systems
and facilities that protect against cabling
failure propagation events (cable raceway
res, cable bundle severing events, etc.)
during system architecture. Implementing
CRFA in the system architecture phase of
system design may help practitioners to
increase system reliability while reducing
system design costs and system design time.
1. Background
e CRFA method presented in this pa-
per relies upon several key areas of existing
research and industry methods including
complex system design, Functional Failure
Modeling (FFM), and Probabilistic Risk
Assessment (PRA). e important aspects
of each area necessary to understand and
make use of the CRFA method are reviewed
in this section.
With increasing system complexity,
design methods used for relatively sim-
ple product design are replaced by design
methodologies specically suited for com-
plex systems [1, 2]. Functional modeling
is often used in the early conceptual phase
of system design (generally referred to as
system architecture although this denition
is not universally accepted) [3]. Functional
models represent basic system functions
and the basic ows of information, material,
or energy transferred between individual
functions and through the system boundary
[1]. Individual functions perform actions on
energy, material, or information ows [4].
Functional modeling as generally practiced
in system architecting eorts often only
analyzes nominal system congurations and
states. Extensions to functional modeling
have been developed over the last decade to
analyze potential failure propagation paths
and determine mitigation strategies [5].
Function Failure Identication Propagation
(FFIP) was developed to model failure ows
propagating through system functions and
the resulting system-level failure outcomes
[3, 6]. FFIP can be used to predict failure
propagation paths and failure outcomes.
However, FFIP cannot account for failures
that cross functional boundaries or most
common cause failures. e Function Failure
Design Method (FFDM) provides a Failure
Modes and Eects Analysis (FMEA)-style
failure analysis tool to be used with func-
tional modeling [7, 8, 9, 10]. FFDM can
be used to nd a large variety of potential
failure modes for individual functions but
FFDM cannot analyze failure propagations
across non-nominal ow paths or com-
mon cause failure events. e Uncoupled
Failure Flow State Reasoner (UFFSR) was
developed to address the issue of analyzing
uncoupled failure ow propagation in FFM
[11, 12]. e UFFSR provides a geometric
basis for analyzing failure ow propagation
across uncoupled functions. An extension
of UFFSR was developed to model failure
ow arrestor functions in functional mod-
eling. e Dedicated Failure Flow Arres-
tor Function (DFFAF) method replicates
placing physical barriers between redundant
systems to prevent a failure in one system
from crossing an air gap to the other sys-
tem [13]. Other methods such as Function
Flow Decision Functions (FFDF) [14], a
Page 7The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
method of developing prognostic and health
management systems via functional fail-
ure modeling [15], the Time Based Failure
Flow Evaluator (TBFFE) method [16], and
methods to understand potential functional
failure inputs to systems that are hard to
predict [17] have added additional capabil-
ities to FFM in an eort to develop a more
complete FFM toolbox for practitioners.
PRA is a well-established discipline of
risk analysis with over 50 years of heritage
for complex systems used in a variety of
industries including aerospace, petroleum,
automotive, and civilian nuclear power,
among other areas. System failure models
are developed using event and fault trees
where event trees generally show the pro-
gression of a failure through systems and
fault trees generally show the progression of
failure within systems. Probabilistic fail-
ure data is attached to basic failure events
and through Bayesian statistical methods
and Boolean algebra, a probabilistic system
failure rate can be calculated. However, PRA
in its basic form does not capture emer-
gent system behavior during failure events.
Instead, specic methodologies are used to
assess specic emergent system behavior
such as during re or ood events in civilian
nuclear reactors [18, 19, 20, 21, 22, 23, 24,
25]. While many emergent system behav-
iors are identied by re and ood analysis,
other emergent system behaviors can remain
hidden from analysts [26, 19, 27, 28].
Common cause failure in particular
has had signicant attention paid over
the course of PRA methodological devel-
opment. Failure inducing events such as
maintenance errors across a series of identi-
cal, redundant valves can lead to a common
cause failure of all maintained valves. Fire
and ood events often can become common
cause failures, causing failure of every system
in a specic area of a system. Other exam-
ples include explosive, toxic, or radioactive
gas clouds; salt mine or hard rock tunnel
collapse; airplane, space debris, meteor, and
other impacts; and explosive deconstruc-
tion of rotating turbomachinery sending
out shrapnel. Several methods have recently
been developed to address common cause
failure in functional modeling [29, 30, 31,
32, 33, 34, 35, 36]. However, no method cur-
rently exists in the FFM toolbox to address
the issue of common cause failure events
destroying or disabling multiple cables rout-
ed through the same cable pathways, ducts,
raceways, bulkhead or wall penetrations, or
other cable routing methods. Most eorts
in cable management to prevent common
cause failures focus on separating redundant
and backup system cabling; isolating control,
motive power, and instrumentation cabling
from one another; and ensuring adequate
breaker coordination to prevent ground fault
wire ignition events in cable raceways. ese
eorts are typically performed after system
architecting eorts have been completed and
ignore potential benets of analyzing and
planning cable routing and bundling in the
early phases of design.
2. Methodology & Case Study
e CRFA method presented in this sec-
tion provides practitioners a useful method
to develop a better understanding of cable
routing and management during system
architecture from a risk-based perspective.
is section details the CRFA methodology
and presents a case study of cable routing
in a simplied Pressurized Water Reactor
(PWR) nuclear power plant primary coolant
loop pumping room where three redun-
dant pumping systems are co-located. Two
pumps are required to be active at all times
for proper core cooling with the third pump
acting as a “swing” pump for maintenance
purposes or coming online during a failure
Page 8The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
event involving one of the other pumps.
Step 1 of the CRFA method is to devel-
op a functional model. Figure 1 shows the
functional model of the pump room.
Step 2 involves calculating the system
failure probabilities and failure ow paths
using FFIP or other related FFMs as de-
sired. Here we use FFIP to calculate the
failure rate of the system. In the case study,
the system failure rate is calculated using
FFIP at 5.3E-4/yr.
Step 3 associates failure probabilities
with individual cables failing leading to a
potential common cause failure event of all
co-located cables. A practitioner used to the
FFIP methodology can think of this step
as adding another functional block into the
functional model to represent a cable, rather
than using a functional ow to represent the
transmission of signal, energy, or material.
For those who are more familiar with PRA,
this is similar to adding a basic event of a
common cause failure to a fault tree. For the
purposes of the case study presented to illus-
trate CRFA method presented here, cables
are dened as any electrical physical con-
veyance device which is generally referred to
as a cable, wire, conductor, etc. e authors
have found that CRFA can also be used
with optical cables, pneumatic and hydraulic
hoses and hard piping, and some bulk ma-
terial transport systems (e.g., conveyor belts,
pneumatic tubes, slurry chutes, etc.). In the
case study, individual cable failure rates were
chosen from an appropriate and proprietary
generic cabling failure database.
Step 4 determines all possible cable group-
ings. In this step, the practitioner can identify
any specic cables that cannot be located next
to other cables for regulatory or other reasons,
and any specic cables that must be co-located.
For example, if three cables are being analyzed,
there are nine total possible cable combina-
tions. e case study has a total of 12 cables
with 516 possible combinations.
Step 5 analyzes system failure probability
when two or more cables are co-located in a
raceway. e cable failure probabilities from
Step 3 are used to determine if all cables in a
cable bundle may fail simultaneously. FFIP is
run with each potential cable grouping iden-
tied in Step 4. Results for each cable group-
ing are kept separate and rank ordered from
highest to lowest system failure probability.
Step 6 sets the maximum threshold for
system failure probability. e authors advise
that the threshold be set above the base
FFIP calculation as FFIP does not gener-
ally take into account common cause cable
failure. en all cable groupings that exceed
the threshold value are marked as unaccept-
CABLE GROUPS
Cable group: Group331
CONTROL_SIGNAL_2
POWER_BUS_1
POWER_BUS_2
POWER_BUS_3
Group failure probability: 0.0077
System fails: true
Cable group: Group415
CONTROL_SIGNAL_3
POWER_BUS_1
POWER_BUS_2
POWER_BUS_3
Group failure probability: 0.0077
System fails: true
Cable group: Group252
CONTROL_SIGNAL_2
CONTROL_SIGNAL_3
POWER_BUS_1
POWER_BUS_2
Group failure probability: 0.0074
System fails: true
Table 1: Representative CRFA results including cable groupings
with highest system failure probabilities for the primary coolant
loop pumping room case study.
Page 9The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
able congurations from a risk perspective.
All cable groupings that were not marked as
unacceptable congurations are thus accept-
able from a risk perspective and can be used,
assuming no other mitigating circumstanc-
es, in physical system design. If no cable
conguration is acceptable, this indicates a
redesign of the functional model is needed.
Additional redundant systems or redundant
cables may also be warranted. Table 1 pres-
ents partial results from the case study where
a total of 516 potential cable groupings were
identied, 210 groupings were rejected due
to co-location exclusions (Step 4), and 313
groupings were eliminated due to exceeding
the maximum threshold set in Step 6, re-
sulting in 38 potential cable routing cong-
urations meeting all criteria identied in the
CRFA method.
e CRFA method is now complete.
Periodically through the rest of the concep-
tual design phase, CRFA should be re-run
to verify that appropriate cable groupings
and separations are maintained to meet fail-
ure probability expectations. When moving
from system architecture and early system
design into physical system design and lay-
out, the information from CRFA can then
be used to develop cable raceways and locate
individual cables.
3. Discussion
e CRFA method presented in the pre-
vious section has been implemented in
software and automated. Figure 2 presents
the Graphical User Interface (GUI) of the
CRFA software tool that the authors de-
veloped. e case study in this paper was
prepared using the software implementation
of CRFA. In the future, the CRFA software
is slated for integration with a larger eort
to develop a complete FFM software toolkit.
In the authors’ experience, evidence of
the success of CRFA can often be seen in
redundant systems cabling being isolated
from one another. Often this is because
of Step 4 identifying cables that cannot
be co-located. However, the authors have
observed CRFA identifying on its own that
redundant system cabling should not be
co-located due to increased system failure
probability. It is also possible that if the
maximum threshold set in Step 6 is su-
ciently high, redundant system cabling isola-
tion may not be observed. is is potentially
indicative of too high of a threshold being
set or may also indicate that redundant sys-
tem cabling is unnecessary. It is recommend-
ed that further review of the results and a
deeper understanding of why certain cables
are more or less isolated is sought before
moving forward if either case is identied.
Figure 2: The GUI of the software implementation of CRFA.
Page 10The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
While small-scale cable routing stud-
ies can be conducted using PRA tools and
larger complex system cable routing analysis
can be performed using specialized meth-
ods, the method presented in this paper
integrates cable routing failure analysis with
other FFMs, allowing a more holistic and
integrated approach to system risk analysis.
CRFA also provides the capability of ana-
lyzing common cause cable failures much
earlier in the system design process during
system architecture than existing methods
allow. Shifting the analysis of common cause
failures from cable routing to earlier in the
system design process may save both time
and money in the design process.
In the case where PRA is used to analyze
cable failures without analyzing re, ood,
or missile (turbomachinery shrapnel) com-
mon cause failure, the PRA results will likely
underestimate failure probability. Even when
analyzing the re, ood, or missile common
cause failure sources, the results will likely
not present as full and accurate of a picture of
cable grouping failure risks as CRFA does.
CRFA has been used to conduct analysis
on a variety of systems including civilian nu-
clear power plants of several types, aerospace
systems, automotive systems, and defense
systems. e results are promising and have
been useful for practitioners to understand
how cable routing and management can be
greatly impacted by system architectural de-
cisions. Feedback from some users of CRFA
indicate a desire for CRFA to be integrated
into commonly used model based systems
engineering (MBSE) tools.
Further development of CRFA is antic-
ipated including a more nuanced approach
to cable bundling. CRFA assumes that all
cables co-located in a raceway will all fail
simultaneously when a common cause fail-
ure event occurs. However, not all common
cause failure events will cause all cables to
fail. For instance, a very hungry rat will not
simultaneously eat through all data cables
in a large bundle. A potential extension of
CRFA may be to include aspects of TBFFE
in the modeling of cable bundle failures to
represent failure of cables in a bundle over
time. us, CRFA is a conservative meth-
od in this regard. Another area of future
improvement for CRFA is integrating the
method with uncoupled failure ow meth-
ods such as UFFSR. Uncoupled failure ows
can be accounted for to some degree in Step
3 by assigning failure probabilities for com-
mon cause cable failures from potential un-
coupled sources such as missiles or oods (of
cable insulation-eating liquids). However,
some sources of uncoupled failure ow may
be missed without integration of UFFSR.
Further future work includes adding
the ability to the software implementation
of CRFA to automatically add redundant
cabling. For instance, civilian nuclear power
plants often contain three redundant sensors
with three redundant cables where a func-
tional model may only show one functional
block to represent the three redundant sen-
sors and cables. Additional automation may
provide the practitioner with a more rapid
development process.
4. Conclusion
e CRFA method presented here provides
a novel way of analyzing cable routing and
determining cable routing schemes that are
below a desired system failure probability
threshold. Protecting critical cabling infra-
structure and separating redundant cables is
vitally important to ensuring that a common
cause failure does not cause a system-level
failure event. Cable routing and planning
currently happens late in the design process
after major architectural decisions have been
made and during physical system design.
e CRFA method brings the analysis and
Page 11The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
design of cable raceways and cable sepa-
ration to the system architecting phase of
system design using FFM as a basis for
further analysis. By having a more complete
understanding of cable requirements during
the early phases of system design, a system
architecture and design can emerge that
minimizes critical cabling infrastructure
co-location and identies the need for addi-
tional redundant cabling needs. Implement-
ing CRFA may help engineering practi-
tioners design complex systems and facilities
that guard against cable failure propagation
events that could disable or destroy the core
functionality of the system. us, system
reliability is expected to be increased while
driving down system risks that may other-
wise have gone unaddressed.
5. Acknowledgements
is research was partially supported by
United States Nuclear Regulatory Com-
mission Grant Number NRC-HQ-84-
14-G-0047 and by the Naval Postgraduate
School. Any opinions or ndings of this
work are the responsibility of the authors,
and do not necessarily reect the views of
the sponsors or collaborators. e case study
or example presented in this paper may not
be used or construed as an analysis of a spe-
cic system or plant and is only provided for
illustrative purposes of the method.
References
1. R. B. Stone and K. L. Wood, "Development of a Functional
Basis for Design," ASME Journal of Mechanical design, vol.
122, no. 4, pp. 359-370, 2000.
2. D. L. Van Bossuyt, I. Y. Tumer and S. D. Wall, "A case for
trading risk in complex conceptual design trade studies,"
Research in Engineering Design, vol. 24, no. 3, pp. 259-275,
2013.
3. D. Jensen, T. Kurtoglu and I. Y. Tumer, "Flow State Logic
(FSL) for Analysis of Failure Propagation in Early Design,"
in ASME International Design Engineering Technical Con-
ference IDETC/CIE, San Diego, CA, 2009.
4. J. Hirtz, R. Stone, D. McAdams, S. Szykman and K. Wood, "A
Functional Basis for Engineering Design: Reconciling and
Evolving Previous Eorts," Research in Engineering Design,
vol. 13, no. 2, pp. 65-82, 2002.
5. I. Y. Tumer and R. B. Stone, "Mapping Function to Failure
Mode During Component Development," Research in Engi-
neering Design, vol. 14, no. 1, pp. 25-33, 2003.
6. T. Kurtoglu and I. Y. Tumer, "A Graph-Based Fault Identifica-
tion and Propagation Framework for Functional Design of
Complex Systems," ASME Journal of Mechanical Design,
vol. 130, no. 5, 2008.
7. M. Stock, R. B. Stone and I. Y. Tumer, "Going Back in Time
to Improve Design: The Function-Failure Design Method,"
in ASME Design Engineering Technical Conference DTM,
Chicago, Il, 2003.
8. K. G. Lough, R. B. Stone and I. Y. Tumer, "Function Based
Risk Assessment: Mapping Function to Likelihood," in
ASME International Design Engineering Technical Confer-
ence DET, Long Beach, CA, 2005.
9. M. Stock, R. B. Stone and I. Y. Tumer, "Linking Product
Functionality to Historic Failure to Improve Failure Analysis
in Design," Research in Engineering Design, 2005.
10. R. A. Roberts, R. B. Stone and I. Y. Tumer, "Deriving Func-
tion-Failure Information for Failure-Free Rotocraft Com-
ponent Design," in ASME Design Engineering Technical
Conference DETC, Montreal, Canada, 2002.
11. I. Ramp and D. L. Van Bossuyt, "Toward an Automated
Model-Based Geometric Method of Representing Function
Failure Propagation Across Uncoupled Functions," in ASME
International Mechanical Engineering Congress and Expo-
sition IMECE, Montreal, Canada, 2014.
12. Bryan M. O'Halloran, N. Papakonstantinou and D. L. Van
Bossuyt, "Modeling of Function Failure Propagation Across
Uncoupled Systems," in Reliability and Maintainability
Symposium (RAMS), Palm Harbor, FL, 2015.
13. M. R. Slater and D. L. Van Bossuyt, "Toward a Dedicated
Failure Flow Arrestor Function Methodology," in ASME
International Design Engineering Technical Conference and
Computers in Information Conference, Boston, MA, 2015.
14. A . R. Short and D. L. Van Bossuyt, "Rerouting Failure Flows
Using Logic Blocks in Functional Models for Improved Sys-
tem Robustness: Failure Flow Decision Functions," in ASME
International Design Engineering Technical Conference and
Computers and Information in Engineering Conference,
Boston, MA, 2015.
15. G. L'Her, D. L. Van Bossuyt and B. M. O'Halloran, "Prognos-
tic systems representation in a function-based Bayesian
model during engineering design," International Journal
of Prognostics and Health Management, vol. 8, no. 2, p. 23,
2017.
16. J. Dempere, N. Papakonstantinou, B. O'Halloran and D. Van
Bossuyt, "Risk Modeling of Variable Probability External
Initiating Events in a Functional Modeling Paradigm," The
Journal of Reliability, Maintainability, and Supportability in
Systems Engineering, 2018.
17. D. L. Van Bossuyt, B. M. O'Halloran and R. M. Arlitt, "Irra-
tional System Behavior in a System of Systems," in IEEE
System of Systems Engineering Conference, Paris, 2018.
18. M. Stamatelatos and D. Homayoon, Probabilistic Risk
Assessment Procedures Guide for NASA Managers and
Practitioners, NASA, 2011.
19. US Nuclear Regulatory Commission, "Standard Review Plan
for the Review of Safety Analysis Reports for Nuclear Pow-
er Plants: LWR Edition - Severe Accidents (NUREG-0800,
Chapter 19)," US NRC, 2012.
20. D. L. DeMott, "PRA as a Design Tool," in Reliability and
Maintainability Symposium (RAMS), 2011.
21. W. E. Vesely, "Extended Fault Modeling Used in the Space
Shuttle PRA," in Reliability and Maintainability Symposium
(RAMS), 2004.
22. L. Meshkat, "Probabilistic Risk Assessment for Decision
Making During Spacecraft Operations," in Reliability and
Maintainability Symposium (RAMS), 2009.
23. L. L. Lydia, A. J. Ingegneri, L. Ming and D. F. Everett, "Prob-
abilistic Risk Assessment: A Practical and Cost Eective
Approach," in Reliability and Maintainability Symposium,
Page 12The Journal of RMS in Systems Engineering Winter 2018–19
A System Design
Method to Reduce
Cable Failure
Propagation
Probability in
Cable Bundles
2007.
24. J. Zamanali, "Probabilistic Risk Assessment Applications in
the Nuclear Power Industry," IEEE Transactions on Reliabili-
ty, vol. 47, no. 3, 1998.
25. T.-Y. Hsiao and C.-N. Lu, "Risk Informed Design Refinement
of a Power System Protection Scheme," IEEE Transactions
on Reliability, vol. 57, no. 2, pp. 311-321, 2008.
26. C. Dunglinson and H. Lambert, "Interval Reliability for Ini-
tiating and Enabling Events," IEEE Transactions on Reliabili-
ty, vol. 32, no. 2, pp. 150-163, 1983.
27. M. Garvey, F. Joglar and E. P. Collins, "HRA for Detection
and Suppression Activities in Response to Fire Events," in
Reliability and Maintainability Symposium (RAMS), 2014.
28. US Nuclear Regulatory Commission, "PRA Procedures
Guide: A Guide to the Performance of Probabilistic Risk As-
sessments for Nuclear Power Plants (NUREG/CR-2300),"
US NRC, 1983.
29. S. Sierla, B. O'Halloran, T. Karhela, N. Papakonstantinou
and I. Y. Tumer, "Common Cause Failure Analysis of
Cyber-Physical Systems Situated in Constructed Environ-
ments," Research in Engineering Design, vol. 24, no. 4, pp.
375-394, 2013.
30. M. Myrsky, H. Nikula, S. Sierla, J. Saarinen, N. Papakonstan-
tinou, V. Kyrki and B. O'Halloran, "Simulation-Based Risk
Assessment of Robot Fleets in Flooded Environments," in
IEEE Conference on Emerging Technologies and Factory
Automation (ETFA), 2013.
31. N. Papakonstantinou, S. Sierla, D. C. Jensen and I. Y. Tumer,
"Simulation of Interactions and Emergent Failure Behavior
During Complex System Design," Journal of Computing and
Information Science in Engineering, vol. 12, no. 3, 2012.
32. R. P. Hughes, "A New Approach to Common Cause Failure,"
Reliability Engineering, vol. 17, no. 3, pp. 211-236, 1987.
33. K. N. Fleming, A. Mosleh and R. K. Deremer, "A Systematic
Procedure for the Incorporation of Common Cause Events
into Risk and Reliability Models," Nuclear Engineering and
Design, vol. 93, no. 2, pp. 245-273, 1986.
34. W. E. Vesely, "Estimating Common Cause Failure Probabili-
ties in Reliability and Risk Analyses: Marshall-Olkin Specal-
izations," Nuclear Systems Reliability Engineering and Risk
Assessment, pp. 314-341, 1977.
35. H. W. Lewis, R. J. Budnitz, W. D. Rowe, H. C. Kouts, F.
Von Hippel, W. B. Loewenstein and F. Zachariasen, "Risk
Assessment Review Group Report to the US Nuclear Regu-
latory Commission," IEEE Transactions on Nuclear Science,
vol. 26, no. 5, pp. 4686-4690, 1979.
36. Idaho National Engineering and Environmental Laboratory,
"Common-Cause Event Failure Insights NUREG/CR-6819,"
2003.
37. B. M. O'Halloran, N. Papakonstantinou and D. L. Van
Bossuyt, "Cable routing modeling in early system design to
prevent cable failure propagation events," in IEEE Reliabili-
ty and Maintainability Symposium (RAMS), 2016.