On-orbit risk analysis and control method for large manned spacecraft assembly

Abstract

This invention relates to a method for on-orbit risk analysis and control of large manned spacecraft complexes, comprising: dividing on-orbit risk management into a four-level risk control architecture of system, module, subsystem, and key unit affecting on-orbit missions; each level conducting systematic planning for the organization, responsibilities, procedures, methods, judgment criteria, acceptance criteria, risk response strategies, and risk control methods of on-orbit risk analysis and control; each level conducting a comprehensive risk assessment of the entire process and all elements based on the mission requirements and product characteristics of the large manned spacecraft complex in on-orbit operation; identifying risk items, proposing countermeasures to eliminate, reduce, transfer, or accept risk items, and reporting to the next higher level, while dynamically monitoring the risk management process information at each level. This method solves the problems of complex systems, numerous internal and external interfaces, and diverse on-orbit mission types in large manned spacecraft complexes, which prevent the direct application of risk management methods to on-orbit missions.

Description

Technical Field

[0001] This invention belongs to the field of overall design technology for manned spacecraft, and relates to a method for on-orbit risk analysis and control of large manned spacecraft assemblies. Background Technology

[0002] For large manned spacecraft complexes, such as manned space stations, the mission objectives for spacecraft operations in orbit are "ensuring the long-term reliable operation of the complex, the long-term healthy stay of astronauts in orbit, and the efficient operation of national space laboratories."

[0003] On-orbit risk analysis and control are crucial throughout the entire lifecycle of large manned spacecraft assemblies. However, traditional risk management methods, primarily applied during the spacecraft development phase, cannot be directly applied. Large manned spacecraft assemblies are complex systems with numerous internal and external interfaces and diverse on-orbit mission types. Long-term operation presents a high-risk and complex engineering challenge, posing significant challenges to risk management. To effectively identify and control risks and meet the long-life, high-reliability, and high-safety on-orbit flight requirements of large manned spacecraft assemblies, it is necessary to develop effective preventative measures and control strategies for various on-orbit risks, building upon the fundamental principles and content of risk management for aerospace models, to ensure the steady progress of on-orbit missions.

[0004] Therefore, it is essential to design a method for on-orbit risk analysis and control of large manned spacecraft assemblies. Summary of the Invention

[0005] The technical problem solved by this invention is to overcome the shortcomings of the prior art and propose an on-orbit risk analysis and control method for large manned spacecraft combinations. This method addresses the problems of the complexity of large manned spacecraft combinations, the complexity of internal and external interfaces, the variety of on-orbit mission types, and the fact that existing risk management methods are applicable to the spacecraft development stage but cannot be directly applied to on-orbit missions.

[0006] The solution of this invention is: a method for on-orbit risk analysis and control of large manned spacecraft assemblies, comprising the following steps:

[0007] The full-cycle risk management in orbit will be divided into a four-level risk control architecture: system, module, subsystem, and key single unit that affects the in-orbit mission.

[0008] Each level systematically plans its on-orbit risk analysis and control work, including judgment criteria, acceptance criteria, risk response strategies, and risk control methods;

[0009] Based on the results of the system planning, each level conducted a comprehensive risk assessment covering the entire process and all elements, according to the mission requirements and product characteristics of the large manned spacecraft assembly during its on-orbit operation.

[0010] Based on the comprehensive risk assessment results, each level identifies risky items and proposes targeted countermeasures to eliminate, reduce, transfer, or accept these risky items.

[0011] Obtain comprehensive risk assessment results and response measures for risky projects at all levels, report to the next higher level, and dynamically monitor the risk management process information at the current level.

[0012] Furthermore, the aforementioned comprehensive risk assessment covering the entire process and all elements includes:

[0013] The entire process refers to all stages covering the baseline state of the manned spacecraft assembly in orbit, the transition from the baseline state to the special mission, the execution of the special mission, and the return to the baseline state.

[0014] "Full elements" refers to covering risk factors as well as risk factors in various professional and technical fields;

[0015] Each level organizes qualitative and quantitative assessments of identified risk projects to determine the severity of the consequences, the likelihood of occurrence, and the overall risk level, and to create a list of risk projects at each level.

[0016] Furthermore, the specific tasks include: manned spacecraft launch and return, cargo spacecraft launch and return, astronaut extravehicular activities, cargo extravehicular activities, propellant replenishment, upgrades of important functions, and providing services for payloads.

[0017] Furthermore, a comprehensive risk assessment involving all factors specifically includes:

[0018] Analysis of mission characteristics, new missions, new technologies, new devices and materials, new equipment, new research and development units, new research and development processes, identification of key characteristics and quantitative analysis of allowable margins, coordination and matching analysis of product interfaces at all levels, comprehensiveness, sufficiency and effectiveness analysis of test verification and simulation analysis, environmental adaptability analysis, sufficiency and control effectiveness analysis of single-point failure mode identification, effectiveness analysis of single-event protection and power supply safety measures, impact analysis of changes in technical status, data over-envelope and criticality analysis, zero-out inspection of quality problems, and sufficiency and verification analysis of fault contingency plans.

[0019] Furthermore, determining the severity of the consequences of a risky project, its likelihood of occurrence, and its overall risk level includes:

[0020] 1) Classify the severity level of risk consequences:

[0021] Risks that do not significantly affect the achievement of space station mission objectives and do not pose a threat to astronauts are classified as minor, denoted by degree A.

[0022] Minor injuries to astronauts or minor damage to systems, including situations where platform equipment is undamaged or can still function normally after damage, and minor injuries to astronauts that can be recovered without treatment, are classified as mild, denoted by degree B.

[0023] The risk of moderate injury to astronauts, moderate damage to systems, or partial failure of the mission is classified as medium level, denoted by degree C.

[0024] The risk of serious injury to astronauts or serious damage to the space station that prevents the mission from being completed is classified into severity levels, denoted by degree D.

[0025] The risk of astronaut injury or death or the loss of the entire space station is classified into disaster levels, denoted by degree E.

[0026] 2) Classify the likelihood of risk occurrence:

[0027] Risks with an occurrence probability p < 0.01% are classified into extremely rare levels, denoted by degree a;

[0028] Risks with an occurrence probability of 0.01% ≤ p < 0.1% are classified into very low levels, denoted by degree b;

[0029] Risks with an occurrence probability of 0.1% ≤ p < 1% are classified into several levels, denoted by degree c;

[0030] Risks with a probability of occurrence of 1% ≤ p < 10% are classified into possible levels, denoted by degree d;

[0031] Risks with a probability of occurrence p ≥ 10% are classified as very likely, denoted by degree e.

[0032] 3) Multiply the severity of the consequences of each type of risk by the probability of its occurrence to construct a comprehensive risk assessment matrix: Ad, Ac, Ab, Aa, Bc, Bb, Ba, Cb, and Ca are low-risk; Ae, Be, Bd, Cd, Cc, Dc, Db, Da, Eb, and Ea are medium-risk; and Ce, De, Dd, Ee, Ed, and Ec are high-risk.

[0033] The comprehensive risk level of Aa, Ab, Ac, Ba, Bb, and Ca in the low-risk category is assessed as Level 1; the comprehensive risk level of Ad, Bc, and Cb in the low-risk category is assessed as Level 2; the comprehensive risk level of all medium-risk categories is assessed as Level 3; the comprehensive risk level of Ce, Dd, and Ec in the high-risk category is assessed as Level 4; and the comprehensive risk level of De, Ed, and Ee in the high-risk category is assessed as Level 5. The risk level increases from Level 1 to Level 5.

[0034] Furthermore, the risks of moderate injury to astronauts, moderate damage to systems, or partial mission failure include: astronauts injured but able to receive timely and effective treatment in orbit; space station system platforms slightly damaged but able to switch to backup operation, faulty equipment replaceable through in-cabin maintenance, and sufficient on-orbit maintenance spare parts; and risks that lead to the failure of space technology experiment missions but do not affect the normal on-orbit flight of the space station, the on-orbit residence of astronauts, and the rotation of manned and cargo spacecraft.

[0035] Furthermore, the risks that could result in serious injury to astronauts or serious damage to the space station, preventing the mission from being completed, include: the space station platform being severely damaged and unable to complete the mission, but still able to continue flying in orbit, or able to be restored to function through repair, but the repair process is very difficult and dangerous; the failure of the manned environment control inside the space station's sealed cabin, making it impossible to establish a manned environment, resulting in the astronauts being unable to continue staying and needing to be sealed off and isolated; and the risk that an astronaut is injured and can return to Earth in time for treatment.

[0036] Furthermore, the risks of astronaut injury or death or the loss of the entire space station include: failure of critical functions of the space station that cannot be repaired, resulting in the space station being unable to continue its flight in orbit, and astronauts being unable to evacuate the space station and dying; failure of critical functions of the system that cannot be repaired, resulting in the core module being unusable and being sealed off and isolated, and the entire space station being unable to continue its flight due to the loss of the core module and the inability to replenish propellant; and astronauts being seriously injured and needing to return to Earth immediately for treatment, with the risk of disability after treatment.

[0037] Furthermore, the proposed targeted measures to eliminate, reduce, transfer, or accept risky projects include:

[0038] For high-risk projects, develop response measures to eliminate or reduce risks, establish an independent risk project control table, comprehensively describe relevant information about risk projects, clarify risk mitigation or control measures, risk control plans, risk control results and inspection methods, and the responsible parties for risk control, and implement these measures in all stages of the combined spacecraft's long-term operation in orbit; use calculation, analysis, ground tests, and on-orbit testing to verify the effectiveness of risk control measures, strengthen the evaluation of implementation effects, and re-evaluate the comprehensive risk rating of projects after the measures have been implemented;

[0039] For medium-risk projects, they should be treated as key points in quality control and milestone reviews, closely monitored, and closely watched in all stages of long-term on-orbit operation. Effective measures should be taken in conjunction with each mission profile to ensure the long-term reliable operation of the assembly.

[0040] For low-risk projects, necessary monitoring should be conducted to track and record subsequent changes in their status, in order to prevent the risk level from rising.

[0041] The beneficial effects of this invention compared to the prior art are:

[0042] (1) This invention has developed an on-orbit risk analysis and control method for large manned spacecraft assemblies, which can be extended to the on-orbit risk analysis and control of complex system spacecraft assemblies in various fields; it solves the problem that existing risk management methods are only applicable to the spacecraft development stage and cannot be directly applied to on-orbit missions.

[0043] (2) This invention ensures the effective prevention and response to various risks during the on-orbit operation of large manned spacecraft assemblies, and ensures the steady progress of on-orbit missions of large manned spacecraft assemblies. It is applicable to various risk assessments and controls in scenarios where large manned spacecraft assemblies have complex systems, numerous internal and external interfaces, and a variety of on-orbit mission types. Attached Figure Description

[0044] Figure 1 This is a flowchart of the on-orbit risk analysis and control method for large manned spacecraft assemblies according to the present invention;

[0045] Figure 2 This is a key project for on-orbit risk analysis and control of large manned spacecraft assemblies involved in the specific embodiments of the present invention;

[0046] Figure 3 This is an example of the severity, probability, comprehensive risk assessment, and rating criteria of the risks and consequences of manned space stations involved in specific embodiments of the present invention. Detailed Implementation

[0047] To address the challenges posed by the complexity of large manned spacecraft systems, their intricate internal and external interfaces, and the diverse types of on-orbit missions, and the fact that existing risk management methods are applicable only to the spacecraft development phase and cannot be directly applied to on-orbit missions, this invention proposes an on-orbit risk analysis and control method for large manned spacecraft systems. This method includes the project content, implementation procedures, and implementation requirements for on-orbit risk analysis and control of large manned spacecraft systems composed of multiple modules, and is used for full-cycle on-orbit risk management of these systems. This approach ensures the effective prevention and response to various risks during the on-orbit operation of large manned spacecraft systems, guaranteeing the steady progress of on-orbit missions.

[0048] like Figure 1 This invention proposes an on-orbit risk analysis and control method for large manned spacecraft assemblies, comprising the following steps:

[0049] Step 1: Divide the full-cycle risk management in orbit into a four-level risk control architecture: system, module, subsystem, and key single unit affecting in-orbit mission;

[0050] Step 2: Each level shall conduct systematic planning for on-orbit risk analysis and control, including judgment criteria, acceptance criteria, risk response strategies, and risk control methods;

[0051] Step 3: Based on the results of the system planning, each level shall conduct a comprehensive risk assessment covering the entire process and all elements, according to the mission requirements and product characteristics of the large manned spacecraft assembly during its on-orbit operation.

[0052] Step 4: Based on the comprehensive risk assessment results, each level identifies and determines the risk items and proposes targeted countermeasures to eliminate, reduce, transfer, or accept the risk items.

[0053] Step 5: Obtain the comprehensive risk assessment results and response measures for risky projects at all levels, report to the next higher level, and at the same time, dynamically monitor the risk management process information at your own level.

[0054] In Step One: On-orbit full-cycle risk management is conducted according to a four-level risk control architecture: system, module, subsystem, and key unit affecting on-orbit mission. As the responsible entity for on-orbit risk analysis and control of the manned spacecraft assembly, the system overall manager is responsible for organizing the implementation of on-orbit risk analysis and control. Each module overall manager, subsystem, and key unit is responsible for the risks at its respective level and implements relevant work based on the mission requirements and product characteristics of the manned spacecraft assembly during on-orbit operation.

[0055] In step two: Each level systematically plans the organization, responsibilities, procedures, methods, judgment criteria, acceptance criteria, risk response strategies, and risk control methods for on-orbit risk analysis and control. A risk analysis and control work planning report is prepared and incorporated into the on-orbit operation management plan of the manned spacecraft assembly. Based on a full understanding of the differences between Earth and space, and the long-term on-orbit stay of astronauts, each level, in conjunction with its own mission characteristics and product functionalities, consults with higher-level users to specifically determine the risk judgment criteria and acceptance criteria.

[0056] In step three: Each level conducts a comprehensive risk identification and assessment based on the mission requirements and product characteristics of the large manned spacecraft assembly during its on-orbit operation. "Comprehensive process" refers to covering all stages of the manned spacecraft assembly's on-orbit operation: the baseline state, transitioning from the baseline state to the specific mission, executing the specific mission, and returning to the baseline state. Taking the manned space station as an example, specific missions include manned spacecraft launch and return, cargo spacecraft launch and reentry, astronaut extravehicular activities (EVAs), cargo EVA, propellant replenishment, and upgrades to important functions. "Comprehensive elements" refers to covering risk factors and risk factors in various professional and technical fields (see...). Figure 2 Each level organizes qualitative and quantitative assessments of identified risk projects to determine the severity of consequences, likelihood of occurrence, and overall risk level, forming a list of risk projects at each level and developing control measures. Taking the manned space station as an example, the severity of risk consequences, likelihood of occurrence, overall risk assessment, and rating criteria are detailed below. Figure 3 .

[0057] like Figure 2 As shown, taking a manned space station as an example, the usage of all elements is explained in detail:

[0058] 1) Task Characteristics Analysis

[0059] To ensure the long-term stable operation of the space station complex in orbit and its various specialized missions, this study analyzes the constraints and operating environments of each mission, identifying the key challenges and difficulties in the execution of tasks by various functions and products of the space station. Based on this analysis, it identifies and analyzes inherent risks and key risk factors that may affect the achievement of mission objectives, and formulates risk management measures to ensure mission feasibility and safety. These specialized missions include, but are not limited to: manned spacecraft launch and return, cargo spacecraft launch and return, extravehicular activities (EVAs), cargo EVA, propellant replenishment, upgrades to critical functions, and providing services to payloads.

[0060] 2) New Task Analysis

[0061] To meet the long-term flight requirements of the space station complex, numerous specialized missions have been carried out, including manned spacecraft launches and returns, cargo spacecraft launches and evacuations, extravehicular activities (EVAs), cargo loading and unloading, propellant replenishment, and upgrades of key functions. However, a comprehensive analysis of factors such as technological maturity, technological complexity, and technical status control reveals that no two missions are entirely identical, and no two missions utilize the same technological transition platforms.

[0062] 3) New technology analysis

[0063] For key engineering and system-level technologies that remain unresolved and subject to repeated verification during the space station assembly and construction phase, a re-identification of technical risks will be conducted. For risk items that could impact subsequent on-orbit missions, on-orbit usage strategies and risk control plans will be developed.

[0064] 4) Analysis of new devices and materials

[0065] In light of the need for future on-orbit capability expansion and the localization of devices / materials, the selection of new devices and materials that have not been flight-tested should be tested and verified to ensure that the verification is sufficient, the selection is reasonable, and the use is correct.

[0066] 5) New Equipment Analysis

[0067] Analyze whether the functions and performance of the new equipment (ground) can meet the mission requirements of supporting the space station's on-orbit operation, and confirm the compliance of the equipment (ground) in terms of quality assurance, reliability, and safety.

[0068] 6) Analysis of the new research and development unit

[0069] Based on the needs for expanding the space station's on-orbit capabilities and the need for domestic production of components / materials, this study analyzes whether the units newly participating in the development of subsequent modules, functions, and products of the space station meet the qualifications and capabilities to participate in the subsequent operation missions of the space station, from aspects such as organizational structure and management, engineering organization and coordination capabilities, infrastructure and equipment, human resources, quality assurance capabilities, schedule assurance capabilities, and mission undertaking capabilities.

[0070] 7) New Personnel Analysis

[0071] In light of the long-term on-orbit safe operation and capability expansion needs of the space station, we will identify and assess whether there are risks arising from unclear job responsibilities or inadequate training for new personnel in key positions, operational staff, and uplink product development personnel.

[0072] 8) New process analysis

[0073] In response to the new process of research and development and on-orbit missions, this paper compares the process with the traditional product development process and analyzes the technical risks brought about by the comprehensiveness of the work items and their matching with the overall mission plan.

[0074] 9) Key feature identification and allowance quantification analysis

[0075] Based on telemetry data, image data, and various anomalies obtained from long-term flights, the key characteristics and allowable margins of the system, modules, subsystems, and critical units are re-identified. The main tasks include key characteristic identification and margin quantification analysis.

[0076] 10) Analysis of the coordination and compatibility of product interfaces at all levels

[0077] Based on the telemetry data, image data, and various anomalies obtained during the long-term flight of the space station, the coordination and compatibility of interfaces between functional elements at the system, subsystem, or product levels are re-identified.

[0078] 11) Analysis of the comprehensiveness, sufficiency, and effectiveness of testing, verification, and simulation analysis.

[0079] Based on the telemetry data, image data, and various anomalies obtained during the long-term flight of the space station, a re-analysis will be conducted on the comprehensiveness, sufficiency, and effectiveness of the functional verification tests, qualification tests, special tests (including reliability, long life, and safety) and simulation analyses carried out during the development phase. Weaknesses in ground test verification caused by factors such as differences between space and ground and long-term astronaut stays will be identified. The feasibility of supplementing verification through on-orbit testing will be studied, and advance planning will be made for the tests and simulations required for subsequent development.

[0080] 12) Environmental adaptability analysis

[0081] For newly developed products aimed at expanding the capabilities of the space station, conduct environmental adaptability analysis and risk identification and control work.

[0082] 13) Analysis of the sufficiency of single-point failure mode identification and the effectiveness of control

[0083] Based on telemetry data, image data, and various anomalies obtained during long-term space station flights, the single-point failure modes of this class of products will be reviewed and reconfirmed, with a focus on the sufficiency and accuracy of failure mode identification. Risk control work will be carried out by optimizing usage patterns and developing on-orbit contingency plans.

[0084] 14) Analysis of the effectiveness of single-particle protection and power supply safety measures

[0085] For key components, considering the orbital environment of the space station, a re-analysis of the impact of the space environment on single-event sensitive devices (large-scale FPGAs, DSPs, CPUs, etc.) is conducted based on on-orbit data and observations. For potential risks, re-protection design against single-event effects is carried out at three levels: device selection, circuit design, and overall system design, using hardware, software, and fault-tolerant methods. Ground verification of the implemented measures is also organized.

[0086] 15) Impact Analysis of Technical Status Changes

[0087] Technical risk control measures should be formulated in accordance with the "five criteria" for controlling changes in technical status. The results of these control measures should be verified, and review points should be established before technical status verification, using risk analysis conclusions as a key basis for review. The "five criteria" are: sufficient justification, consensus from all parties, experimental verification, complete approval process, and effective implementation.

[0088] 16) Data superenvelope and critical analysis

[0089] Make full use of the data envelopment line of successful flights to analyze abnormal data, find the reasons for data deviation, analyze the changing trends and technical risks of critical data terms, and form clear analytical conclusions.

[0090] 17) Zero-tolerance and comprehensive inspection and analysis of quality problems.

[0091] For quality issues that arise during long-term on-orbit operation, strictly check the thoroughness of zeroing, and check whether there are risks of inadequate understanding or incomplete zeroing from the perspective of usage mode and scope.

[0092] 18) Analysis of the adequacy of the contingency plan and its verification.

[0093] Clearly define the initial state of the space station's long-term operation in orbit and its various special missions, the main actions during events, and the flight parameters that need to be closely monitored. Based on functional and temporal sequences, anticipate potential failures, formulate handling strategies, corresponding failure handling procedures (instructions or command chains), the timing and duration of failure handling, and the determination of failure handling results. Propose the necessary support conditions and issues to be noted during failure handling.

[0094] Furthermore, based on the usage methods of all the above elements, such as Figure 3 As shown, the method for conducting a comprehensive risk assessment is as follows:

[0095] (1) Classify the severity level of risk consequences:

[0096] Risks that do not significantly affect the achievement of space station mission objectives and do not pose a threat to astronauts are classified as minor, denoted by degree A.

[0097] Minor injuries to astronauts or minor damage to systems, including situations where platform equipment is undamaged or can still function normally after damage, and minor injuries to astronauts that can be recovered without treatment, are classified as mild, denoted by degree B.

[0098] The risk of moderate injury to astronauts, moderate damage to systems, or partial mission failure, including: astronauts injured but able to receive timely and effective treatment in orbit; space station system platforms slightly damaged but able to switch to backup operation, faulty equipment replaceable through in-cabin maintenance, and sufficient on-orbit maintenance spare parts; and risks that lead to the failure of space technology test missions but do not affect the normal on-orbit flight of the space station, the on-orbit residence of astronauts, and the rotation of manned and cargo spacecraft, are classified as medium level, denoted by degree C.

[0099] Risks that could result in serious injury to astronauts or severe damage to the space station, preventing mission completion, include: severe damage to the space station platform rendering the mission impossible, but allowing it to continue in orbit or be repaired and restored to function, although the repair process is highly difficult and dangerous; failure to control the manned environment within the space station's sealed cabin, making it impossible to establish a manned environment, thus preventing astronauts from continuing their stay and requiring cabin isolation; and risks that could result in astronauts being injured but able to return to Earth in a timely manner for treatment. These risks are classified as severity level, denoted by degree D.

[0100] This could result in astronaut casualties or the loss of the entire space station, including: the failure of critical functions of the space station that cannot be repaired, causing the space station to be unable to continue its orbital flight, resulting in the death of astronauts who failed to evacuate the space station; the failure of critical functions of the system that cannot be repaired, causing the core module to become unusable and be sealed off and isolated, and the entire space station being unable to continue its flight due to the loss of the core module and the inability to replenish propellant; and serious injuries to astronauts requiring immediate return to Earth for treatment, with the risk of disability after treatment classified as a disaster level, denoted by degree E.

[0101] (2) Classify the probability of risk occurrence:

[0102] Risks that are almost impossible to occur, with a probability of occurrence p < 0.01%, are classified as extremely rare, denoted by degree a;

[0103] Risks that are rare and have a probability of occurrence of 0.01% ≤ p < 0.1% are classified as rare, denoted by degree b.

[0104] Risks that occur occasionally and have a probability of occurrence of 0.1% ≤ p < 1% are classified into minor levels, denoted by degree c;

[0105] Risks that occur frequently and have a probability of occurrence of 1% ≤ p < 10% are classified into possible levels, denoted by degree d.

[0106] Risks that are very likely to occur, with a probability of occurrence p ≥ 10%, are classified as very likely levels, denoted by degree e.

[0107] (3) Construct a comprehensive risk evaluation matrix by multiplying the severity of various risk consequences by the probability of each risk occurring; such as Figure 3 Ad, Ac, Ab, Aa, Bc, Bb, Ba, Cb, and Ca are considered low-risk; Ae, Be, Bd, Cd, Cc, Dc, Db, Da, Eb, and Ea are considered medium-risk; and Ce, De, Dd, Ee, Ed, and Ec are considered high-risk.

[0108] Furthermore, the overall risk level is assessed as Level 1 for Aa, Ab, Ac, Ba, Bb, and Ca (low risk); Level 2 for Ad, Bc, and Cb (low risk); Level 3 for all medium risk categories; Level 4 for Ce, Dd, and Ec (high risk); and Level 5 for De, Ed, and Ee (high risk). The risk level increases from Level 1 to Level 5.

[0109] In step four: Based on the comprehensive risk assessment results, each level identifies high-risk, medium-risk, and low-risk projects, and proposes targeted countermeasures to eliminate, reduce, transfer, or accept risky projects, ensuring that the risk response measures are sufficient, effective, and reasonable.

[0110] For risks reduced or eliminated after measures are taken, a closed-loop process should be implemented promptly. Newly identified risks should be added to the risk item list in a timely manner to ensure that every risk control measure is implemented. For high-risk projects, the responsible parties and risk-related stakeholders of the assembly should develop response measures to eliminate or reduce risks, establish an independent risk item control table, comprehensively describe relevant information about the risk item, clarify risk mitigation or control measures, risk control plans, risk control results and inspection methods, and the responsible parties for risk control, and implement these measures throughout all stages of the assembly's long-term on-orbit operation. The effectiveness of risk control measures should be verified through calculation, analysis, ground testing, and on-orbit testing, and the evaluation of implementation effects should be strengthened. The project should be re-evaluated for comprehensive risk assessment after measures are taken. For medium-risk projects, the responsible parties and risk-related stakeholders of the assembly should treat them as key points in quality control milestone reviews, closely monitor them throughout all stages of long-term on-orbit operation, and take effective measures in conjunction with each mission profile to ensure the long-term reliable operation of the assembly. For low-risk projects, the responsible parties and risk-related stakeholders should conduct necessary monitoring, track and record subsequent changes in their status, and prevent the risk level from escalating.

[0111] In step five: comprehensively collect and grasp information on the status of risk projects, risk trends, risk response measures and their implementation effects at all levels, report to the next higher level, and at the same time, dynamically monitor the risk management process information at the current level.

[0112] First, all levels complete risk analysis and control assessments for the long-term stable operation of the manned spacecraft assembly in orbit, establishing a baseline. The overall system then reviews the risk analysis and control assessment reports prepared by each level. Next, dynamic risk assessments are conducted based on major mission milestones, including different flight phases and modes of the manned spacecraft assembly in orbit. Taking the manned space station as an example, dynamic missions include spacecraft launch and return, extravehicular activities (EVAs), cargo EVA, propellant replenishment, and upgrades to critical functions. Before executing dynamic missions, the overall system of the manned spacecraft assembly reviews the iteratively updated risk analysis and control assessment reports at each level. For residual risks that do not reach an acceptable level, the relevant responsible parties develop on-orbit contingency plans, which undergo specialized review.

[0113] The present invention will be further described below with reference to the embodiments.

[0114] Example 1

[0115] This will be illustrated using the risk of space debris impacts during long-term manned space station operations as an example:

[0116] 1) Risk planning: After the space station was fully completed, the space station system planned the "Requirements for On-orbit Risk Analysis and Control of Space Station Complex", and formulated the project content and implementation procedures for on-orbit risk analysis and control of space station complex.

[0117] 2) Risk Identification and Assessment: During the "Environmental Adaptability Analysis," it was found that space debris has become increasingly severe in recent years, with multiple incidents of critical extravehicular equipment being struck by debris while on the space station. NASA's latest ORDEM3.2 space debris model shows a significant change in debris flux compared to the ORDEM2000 model used during the development phase, exceeding 10 times in some cases, seriously threatening the operational safety of the space station. This risk is classified as high risk, with a probability level of d, a severity level of D, and an overall rating of IV.

[0118] 3) Propose and implement multiple countermeasures:

[0119] a) Astronauts install additional protective structures in orbit.

[0120] The space station system re-identified high-risk areas and vulnerable points for extravehicular debris (EVD) impacts. For each vulnerable area, supplementary EWD protection plans were developed and implemented through extravehicular activities (EVAs). Based on these plans, an EWD mission plan was formulated, and the task of installing protective structures during the EWD was carried out.

[0121] b) Establish an astronaut photo inspection mechanism

[0122] The practice of astronauts using high-definition cameras inside the cabin to photograph and inspect important equipment outside the cabin through the porthole has been included in the routine inspection work every three months. In addition, the extravehicular activity (EVA) photography mission will be reasonably arranged into subsequent EVA missions, and the external condition will be inspected regularly.

[0123] c) Subsequent measures will include developing ultra-high-definition inspection cameras, on-orbit 3D printing of protective structures, and establishing a space debris environment monitoring system. These measures will be combined with systemic measures such as the repair of important extravehicular equipment and the production of spare parts to reduce risks.

[0124] 4) Dynamically monitor risks.

[0125] The space station system conducts a risk identification and analysis every six months. Based on the recent performance of on-orbit missions, the probability level of this risk has been downgraded to c, the severity level to c, and the overall rating to level III, indicating a medium risk that requires continued monitoring.

[0126] Although the present invention has been disclosed above with reference to preferred embodiments, it is not intended to limit the present invention. Any person skilled in the art can make possible changes and modifications to the technical solutions of the present invention by utilizing the methods and techniques disclosed above without departing from the spirit and scope of the present invention. Therefore, any simple modifications, equivalent changes and alterations made to the above embodiments based on the technical essence of the present invention without departing from the content of the technical solutions of the present invention shall fall within the protection scope of the technical solutions of the present invention.

[0127] The contents not described in detail in this specification are common knowledge to those skilled in the art.

Claims

1. A method for on-orbit risk analysis and control of a large manned spacecraft assembly, characterized in that, Includes the following steps: The full-cycle risk management in orbit will be divided into a four-level risk control architecture: system, module, subsystem, and key single unit that affects the in-orbit mission. Each level systematically plans its on-orbit risk analysis and control work, including judgment criteria, acceptance criteria, risk response strategies, and risk control methods; Based on the results of the system planning, each level conducted a comprehensive risk assessment covering the entire process and all elements, according to the mission requirements and product characteristics of the large manned spacecraft assembly during its on-orbit operation. Based on the comprehensive risk assessment results, each level identifies risky items and proposes targeted countermeasures to eliminate, reduce, transfer, or accept these risky items. Obtain comprehensive risk assessment results and response measures for risky projects at all levels, report to the next higher level, and dynamically monitor the risk management process information at the current level.

2. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 1, characterized in that, The aforementioned comprehensive risk assessment covering the entire process and all elements includes: The entire process refers to all stages covering the baseline state of the manned spacecraft assembly in orbit, the transition from the baseline state to the special mission, the execution of the special mission, and the return to the baseline state. "Full elements" refers to covering risk factors as well as risk factors in various professional and technical fields; Each level organizes qualitative and quantitative assessments of identified risk projects to determine the severity of the consequences, the likelihood of occurrence, and the overall risk level, and to create a list of risk projects at each level.

3. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 2, characterized in that, The specific missions include: manned spacecraft launch and return, cargo spacecraft launch and return, astronaut extravehicular activities, cargo extravehicular activities, propellant replenishment, upgrades of important functions, and providing services for payloads.

4. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 2, characterized in that, A comprehensive risk assessment encompasses the following elements: Analysis of mission characteristics, new missions, new technologies, new devices and materials, new equipment, new research and development units, new research and development processes, identification of key characteristics and quantitative analysis of allowable margins, coordination and matching analysis of product interfaces at all levels, comprehensiveness, sufficiency and effectiveness analysis of test verification and simulation analysis, environmental adaptability analysis, sufficiency and control effectiveness analysis of single-point failure mode identification, effectiveness analysis of single-event protection and power supply safety measures, impact analysis of changes in technical status, data over-envelope and criticality analysis, zero-out inspection of quality problems, and sufficiency and verification analysis of fault contingency plans.

5. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 2, characterized in that, The determination of the severity of the consequences of a risky project, its likelihood of occurrence, and its overall risk level includes: 1) Classify the severity level of risk consequences: Risks that do not significantly affect the achievement of space station mission objectives and do not pose a threat to astronauts are classified as minor, denoted by degree A. Minor injuries to astronauts or minor damage to systems, including situations where platform equipment is undamaged or can still function normally after damage, and minor injuries to astronauts that can be recovered without treatment, are classified as mild, denoted by degree B. The risk of moderate injury to astronauts, moderate damage to systems, or partial failure of the mission is classified as medium level, denoted by degree C. The risk of serious injury to astronauts or serious damage to the space station that prevents the mission from being completed is classified into severity levels, denoted by degree D. The risk of astronaut injury or death or the loss of the entire space station is classified into disaster levels, denoted by degree E. 2) Classify the likelihood of risk occurrence: Risks with an occurrence probability p < 0.01% are classified into extremely rare levels, denoted by degree a; Risks with an occurrence probability of 0.01% ≤ p < 0.1% are classified into very low levels, denoted by degree b; Risks with an occurrence probability of 0.1% ≤ p < 1% are classified into several levels, denoted by degree c; Risks with a probability of occurrence of 1% ≤ p < 10% are classified into possible levels, denoted by degree d; Risks with a probability of occurrence p ≥ 10% are classified as very likely, denoted by degree e. 3) Multiply the severity of the consequences of each type of risk by the probability of its occurrence to construct a comprehensive risk assessment matrix: Ad, Ac, Ab, Aa, Bc, Bb, Ba, Cb, and Ca are low-risk; Ae, Be, Bd, Cd, Cc, Dc, Db, Da, Eb, and Ea are medium-risk; and Ce, De, Dd, Ee, Ed, and Ec are high-risk. The comprehensive risk level of Aa, Ab, Ac, Ba, Bb, and Ca in the low-risk category is assessed as Level 1; the comprehensive risk level of Ad, Bc, and Cb in the low-risk category is assessed as Level 2; the comprehensive risk level of all medium-risk categories is assessed as Level 3; the comprehensive risk level of Ce, Dd, and Ec in the high-risk category is assessed as Level 4; and the comprehensive risk level of De, Ed, and Ee in the high-risk category is assessed as Level 5. The risk level increases from Level 1 to Level 5.

6. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 5, characterized in that, The risks of moderate injury to astronauts, moderate damage to systems, or partial mission failure include: astronaut injuries that can be treated promptly and effectively in orbit; minor damage to the space station system platform that can be switched to backup operation, faulty equipment that can be replaced through in-cabin maintenance, and sufficient on-orbit maintenance spare parts; and risks that could lead to the failure of space technology experiment missions, but would not affect the normal on-orbit flight of the space station, the on-orbit residence of astronauts, or the rotation of manned and cargo spacecraft.

7. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 5, characterized in that, The risks that could result in serious injury to astronauts or serious damage to the space station, preventing the mission from being completed, include: serious damage to the space station platform that prevents the mission from being completed, but which can continue to fly in orbit or can be restored to function through repair, but the repair process is very difficult and dangerous; failure of manned environment control inside the space station's sealed cabin, making it impossible to establish a manned environment, resulting in the astronauts being unable to continue staying and needing to be sealed off and isolated; and the risk that astronauts are injured and can return to Earth in time for treatment.

8. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 5, characterized in that, The risks that could result in astronaut injury or death or the loss of the entire space station include: the failure of critical functions of the space station that cannot be repaired, causing the space station to be unable to continue its flight in orbit, and the astronauts being unable to evacuate the space station and dying; the failure of critical functions of the system that cannot be repaired, causing the core module to become unusable and be sealed off and isolated, and the entire space station being unable to continue its flight due to the loss of the core module and the inability to replenish propellant; and astronauts being seriously injured and needing to return to Earth immediately for treatment, with the risk of disability after treatment.

9. The method for on-orbit risk analysis and control of a large manned spacecraft assembly according to claim 5, characterized in that, The proposed targeted measures to eliminate, reduce, transfer, or accept risky projects include: For high-risk projects, develop response measures to eliminate or reduce risks, establish an independent risk project control table, comprehensively describe relevant information about risk projects, clarify risk mitigation or control measures, risk control plans, risk control results and inspection methods, and the responsible parties for risk control, and implement these measures in all stages of the combined spacecraft's long-term operation in orbit; use calculation, analysis, ground tests, and on-orbit testing to verify the effectiveness of risk control measures, strengthen the evaluation of implementation effects, and re-evaluate the comprehensive risk rating of projects after the measures have been implemented; For medium-risk projects, they should be treated as key points in quality control and milestone reviews, closely monitored, and closely watched in all stages of long-term on-orbit operation. Effective measures should be taken in conjunction with each mission profile to ensure the long-term reliable operation of the assembly. For low-risk projects, necessary monitoring should be conducted to track and record subsequent changes in their status, in order to prevent the risk level from rising.

Images