Safety and Dependability of Autonomous Systems in Container

Terminals: Challenges and Research Directions

Eetu Heikkilä

, Timo Malm

, Risto Tiusanen

and Toni Ahonen

VTT Technical Research Centre of Finland Ltd., Tampere, Finland

Keywords: Autonomous Port, Autonomous Systems, Container Logistics.

Abstract: Increasing use of autonomous machine systems is a major trend in port logistics, especially in container

handling. Over the past decades, large seaports have automated parts of their operations. Currently, also

smaller ports are looking to apply automated and autonomous solutions. This is expected to increase efficiency

and safety, but also to introduce new mixed-traffic situations between humans, manual machines and

machines of different levels of autonomy. This is likely to introduce safety risks and dependability challenges

for system development and operation. In this paper, we discuss selected key challenges that need to be solved

to ensure that autonomous container handling solutions can be implemented safely and profitably. We also

present topical research directions that are planned and ongoing to solve these challenges.

1 INTRODUCTION

Container terminals consist of different functional

areas and various container handling systems and

equipment. In the design of terminals, one key aspect

to consider is the potential for automation in the

different operations using a variety of machinery

types (Brinkmann, 2011). Over the past decades,

especially large seaports have been investing in

automation to increase efficiency of operations. To do

so, they often aim to automate large parts of terminal

operations at once, creating autonomous operating

zones that are physically isolated from manual

operations. Thus, the safety aspects can be controlled

with relative ease, as all access to the operating zone

of autonomous machines can be prevented.

In the future, also smaller terminals look for

increases in efficiency and safety through use of

automation and increasingly autonomous systems. In

smaller terminals, however, it is not usually feasible

to completely fence off the areas where autonomous

machines would operate. This potentially creates a

number of new scenarios where machinery of various

levels of autonomy may work simultaneously in the

same area with humans and different forms of

transportation. This kind of mixed-traffic operation

https://orcid.org/0000-0001-8259-0996

https://orcid.org/0000-0003-1612-3139

https://orcid.org/0000-0002-8717-7727

https://orcid.org/0000-0002-8735-7701

introduces many opportunities for increasing the

efficiency of operations, but it also brings along a

number of risks that need to be considered in

development. In this paper, we discuss selected key

challenges in developing autonomous port

machinery, and describe topical activities in research

towards solving these challenges.

1.1 Autonomous Systems for Port

Operations

Currently, there is no single agreed definition for

autonomy in the logistics or mobile machinery

sectors, but typically the term is defined based on the

system’s ability to achieve goals and operate

independently. Key characteristics for an autonomous

system are the ability to perceive surroundings using

sensors, plan actions according to the situational

awareness created by the sensor data, decide further

actions and act accordingly (Pendleton et al., 2017).

In many industries, categorizations have been

created to define different levels of autonomy. The

most widely known of such categorizations are the

ones described in automotive industry for road

vehicles, such as the driving automation levels

defined by SAE (2018). Based on the SAE levels for

528

Heikkilä, E., Malm, T., Tiusanen, R. and Ahonen, T.

Safety and Dependability of Autonomous Systems in Container Terminals: Challenges and Research Directions.

DOI: 10.5220/0009472505280534

In Proceedings of the 6th International Conference on Vehicle Technology and Intelligent Transport Systems (VEHITS 2020), pages 528-534

ISBN: 978-989-758-419-0

driving automation, a categorization has also been

proposed for container terminal automation as

described in Table 1 (Hämäläinen et al., 2018).

Table 1: Automation levels proposed for machinery in

container terminals (adopted and modified from

Hämäläinen et al., 2018).

Level

Description

Level 0: Manual

operation with

process

automation

Human driver controls

machinery, but other

terminal processes are

improved using automation,

e.g. container identification

and tracking.

Level 1: Remote

control

Operator controls all

machinery moves from a

control centre. One operator

can control several

machines.

Level 2:

Supervised

automatic moves

Machines can perform some

defined moves automatically

under the continuous

supervision of a human

operator.

Level 3: Semi-

automated

operation

Most moves are automatic

and require less supervision,

only truck lane operations

and exception handling are

done by remote control.

Level 4: Fully

automated

operation

All operations are automated

and the human operator is

only needed for exception

handling.

In container handling, different concepts for

implementing automation systems of various levels

have been proposed and developed (PEMA, 2016).

These range from partial automation to fully

automated terminals. Electrification of machinery

also plays a major part in these developments. A

typical implementation of a current automated

container terminal is presented in Figure 1. The

system consists of machinery for loading and

unloading the ship, horizontal transport of the

containers to the actual container yard where the

containers are rearranged as needed. Additionally,

there are facilities for transferring the containers to

and from land transport, which may include both rail

and road transport.

In the future, increasingly autonomous machines

may be used flexibly to allow different layouts and

combinations of machines to achieve optimal

performance. For example, new machine types may

emerge that are able to conduct tasks in various parts

of the terminal. In most cases, it is likely that a human

remote operator will remain in a supervisory role

even when the level of autonomy increases (Tähtinen,

2018). In addition to the container handling

operations within the terminal, the interfaces to ship,

road and rail traffic also need to be considered in these

developments (Fiedler et al., 2019).

There are several benefits that are expected from

the use of autonomous machinery in small and mid-

sized terminals. For instance, it may enable

continuous operations whereas currently small

terminals may only work in specific shifts.

Figure 1: A simplified schematic of functions in a typical

automated container terminal. In small terminals, the

functions could be implemented differently, e.g. the amount

of different machine types utilized may be drastically

smaller.

Machine system developers aiming for

autonomous systems face a number of challenges

related to capabilities of designing and implementing

safe autonomous functionality (Vuorimaa, 2019). In

this paper, we introduce selected key safety and

dependability challenges machinery developers face

when aiming for increased level of autonomy

especially in mixed-traffic operations for container

handling. Specifically, we focus on the following

challenges identified by the authors in the ongoing

AUTOPORT (2020) project:

▪ Lack of safety standardization for

autonomous machinery in container

terminals (section 2.1).

▪ Identification and assessment of new

autonomy related uncertainties and safety

risks (section 2.2).

Safety and Dependability of Autonomous Systems in Container Terminals: Challenges and Research Directions

529

▪ Challenges in availability of enabling

technology, focusing especially on available

safety certified sensor technology for

outdoor use (section 2.2.1).

▪ Safety and dependability challenges caused

by the increasing software intensity of

machinery (section 2.2.2).

We also review some of the research directions

and solution proposals that are currently being

investigated within research & development activities

in the field of port logistics to pave the way towards

increasingly autonomous systems.

2 CHALLENGES OF

AUTONOMOUS SYSTEMS IN

CONTAINER TERMINALS

Autonomous systems introduce several new

challenges that need to be considered in different

phases of product development (Tiusanen, et al.,

2019a). In the following, we focus mainly on the

challenges related to the early concept design phases

of autonomous container handling machinery.

2.1 Safety Standards for Autonomous

Mobile Machinery

Lack of domain-specific standardization is a major

issue in development of autonomous machinery for

container handling. This can be seen to increase the

responsibility of the machine manufacturers, as

manufacturers need to be able find a suitable

framework of standards and methods to assure the

safety of new technologies.

Heath, T. (2018) has stated that the two main

aspects in the overall safety of machine autonomy

are: the lack of applicable standards, legislation and

guidelines regarding the autonomy of machines and

vehicles; and the paradox that arises from balancing

the desired level of autonomy with the needed level

of safety. This means that complex and advanced

autonomous machines are already technically

achievable, but they lack a common and thorough

method for ensuring an adequate level of safety.

One approach to compensate for the lack of

domain-specific standardization is to follow relevant

standards from other fields with similar

characteristics – mostly mobile machinery in other

types of outdoor environments. The available

standards, however, are not concise in their

approaches. Instead, different safety strategies are

preferred in different domains (Tiusanen et al.

2019b).

As an example of a standard specifically aimed

for autonomous systems, ISO 17757 is directed at

autonomous machine system safety in earth-moving

machinery. The basic principle presented in this

standard is that the autonomous area is restricted from

manual vehicles, but access control may allow

persons or manual machines to enter automated area

in special occasions. The special occasions are

defined and include e.g. tagged vehicles.

For driverless trucks there is also a standard and

a standard proposal, which describe autonomous

systems aimed for indoors use. In this case, the

autonomous system can be open (free access), but the

system is well defined and, in the open case, speed

limit is sufficiently low to enable stopping the

machine before collision.

For container handling, the challenge is that the

need is often somewhere between the closed and open

system. In port environment there are many actors

and the areas can be large, and therefore it is difficult

to have completely closed system. On the other hand

the open system requires good on-board sensors to

detect objects before collision.

2.2 Identification of New Autonomy

Related Uncertainties and Safety

Risks

Autonomous machinery systems are emerging and

they are essential for enabling new automated

material handling and autonomous transportation in

sea ports and other terminals. Autonomous

technologies will be a huge step towards safer and

more efficient terminal operations, but the software

solutions and advanced control systems in various

system levels also involve complexities that pose

challenges to identification and control of new

functional failures, safety issues, and security

concerns (Ramos et al. 2019).

Autonomous container handling system

represent one specific domain of autonomous and

cooperating systems and they can also be thought of

as Systems of Systems (SoS) in nature (Čaušević

(2017). Autonomous container handling system can

be connected to public or semi-public communication

networks in the port area, they typically involve

multiple stakeholders, have dynamic system

reconfigurations, and they are operated in an

unpredictable operating environment

Čaušević (2017) also expressed that a common

challenge concerning all autonomous systems refers

to safety, reliability and security goals. Reliable

VEHITS 2020 - 6th International Conference on Vehicle Technology and Intelligent Transport Systems

530

autonomous system executes an action each time

perfectly right but, in conjunction with unexpected

external circumstances, such a reliable action can lead

to an accident.

According to Baudin et al. (2007) hazards

related to the operation of autonomous machinery can

be separated into endogenous and exogenous hazards.

Endogenous hazards are caused by faults introduced

in the machine itself, such as design failures or

component failures. Exogenous hazards are

operational hazards including faults due to external

interference, operators’ unsafe actions or unforeseen

events in the operating environment.

One of the complexities that, in general,

characterize autonomous systems is the strong

interaction among its different components. The

component here mean equipment, software, computer

hardware and the human operator or supervisor, when

applicable. Software malfunctioning, and cyber

threats are different types of risks compared with

risks caused by hardware failures and human errors.

Past failures do not indicate future behaviour which

means that calculation of the expected likelihood or

frequency is not feasible. (Ramos et al. 2019)

In general, it can be said that autonomous

machinery can introduce hazardous situations not

normally encountered on conventional manned

worksites (ISO 17757:2017).

According to Ramos et al. (2019) the complex

human-technology interaction is one of the main

challenges for safety risk assessment of autonomous

systems. Most current quantitative assessment

methods used in conventional risk and safety

assessments rely on the separation principle. System

components are assumed to be independent of each

other and are often analyzed separately. Ramos et al.

(2019) emphasize that the interaction among

components and emerging complexity is often

neglected or reduced to a minimum. This makes it

possible to use proven methods; however, complex

systems may be abstracted and not sufficiently

represented.

Risk identification and assessment in unique

autonomous container handling applications should

be understood as a top-down process wherein upper

work site level assessment results represent input and

requirements for the next level, ensuring that the

system-safety requirements and risk-reduction

solutions are based on the actual site specific factors

involved. The risk estimation methods and risk-

evaluation practices need to be appropriate for the

specific needs of risk assessment activities at the

various levels of systems engineering and in the

individual phases in the system life cycle. (Tiusanen,

2014)

Some qualitative systemic methods like STPA

(System Theoretic Process Analysis) (Leveson, 2012)

or FRAM (Functional Resonance Analysis Method)

(Hollnagel, 2012) include the different system

elements and system interactions, and assess also the

emerging properties of the system elements.

According to Ramos et al. (2019) these methods,

while providing useful qualitative analysis, are still

very limited in unravelling complex failure modes

and mechanisms in addition to being qualitative and

of limited value in prioritizing risks and risk reducing

measures.

2.3 Technology Development

Challenges

2.3.1 Challenges in Sensor Technology

Availability

Sensors are developing continuously, but for safety

purposes there seems to be limits. During 2019, the

first two safety sensors capable of operating in

outdoor environment, came to the European market.

One of these is a laser scanner (SICK outdoorScan3)

and the other is a radar (Inxpect LBK System). The

laser scanner is accurate, but it is still sensitive to dust,

moisture and rain. The radar, on the other hand, is not

so sensitive to the environmental conditions, but the

detection angle is not so accurate.

In heavy rain, snow or fog the sensors are not

applicable, but on the other hand, the port operations

would be difficult or dangerous also for manual

operators in such conditions. The safe detection range

for the sensors is currently about 4 m, but it may

increase in the next few years up to 7 m. The indoors

safety sensors have often a detection range of 9 m.

The laser scanners for outdoors use differ from

indoors laser scanners in the capability to emit a lot

of beams. The idea is that, by having a lot of beams,

some beams could navigate between raindrops and

detect a distant object. The outdoors sensors need to

differentiate objects and raindrops and, in general,

bad weather or operating conditions.

In addition to challenges with detection range,

there are specific cases that are difficult for on-board

sensors. Sensors cannot see behind corners or objects.

Also objects beside a container or objects with

dimensions at high (e.g. reach stacker) or low heights

can be very difficult to detect. Thus, there are

challenges to detect objects in the port environment

in all conditions.

Instead of on-board sensors, it is also possible to

apply a central tracking system, which knows the

positions of all moving objects within a specified

Safety and Dependability of Autonomous Systems in Container Terminals: Challenges and Research Directions

531

area. This requires tagging of objects and the

uncertainty of position correctness needs to be

handled with a safety system. This kind of approach

seems promising from safety point of view, but it

lacks some properties related to freedom.

2.3.2 Challenges of Increasing Software

Intensity

Autonomous systems differ from traditional

machinery systems especially in terms of the amount

of software used. Sophisticated software is needed to

interpret the vast amounts of sensor data collected and

to make decisions based on the situational awareness

created. Additional software elements are also

required e.g. for communications and functions

related to remote monitoring and operation.

As software complexity increases, the amount of

software errors typically increases as well. In

complex software, errors are always present, which

requires that sufficient error handling measures are in

place. A majority of software errors can be traced

back to the requirements specification phase. (Malm

et al., 2011)

To develop high-quality software, concept design

phase and systematic requirements management

during it play a central role. Focus should be placed

on identification of the critical areas of the software

as early as possible to prevent costly fixes later in the

product development process. It should also be noted

that cybersecurity shall be considered as an integral

part of the development process when designing

autonomous machine systems (Pentikäinen, et al.,

2019).

For software, the assessment of safety, reliability

and security aspects is more difficult to establish.

Reliability of software is approximated by such

measures as the remaining amount of errors in the

software, which does not clarify how the software

may fail. In the context of large automation systems

the interaction of different software modules and

components, from different suppliers, is challenging.

(Ramos et al. 2019)

As a relatively new type of software element,

autonomous systems usually employ various machine

learning based artificial intelligence (AI) elements,

for example in recognizing objects from sensor data,

as well as in various condition monitoring and

optimization tasks. From the dependability point of

view, such systems may be highly effective: they can

improve predictability of machine performance and

can be used to optimize operational parameters and

maintenance tasks. On the other hand, these

technologies are fairly new and lack a background of

demonstrated use in industrial environments. Thus,

the importance of data quality and procedures for

design and verification of AI systems becomes

increasingly important also from the safety and

dependability point of view. Additionally, the

systems may lack the transparency that is needed to

assure that the system operates correctly in all

plausible operational scenarios. (Heikkilä & Välisalo,

2018)

Increasing software intensity can be seen as a

broad systems engineering issue. In the context of

port equipment, safety is one of the main issues to be

considered. From the perspective of safety analyses,

the increasing software intensity calls for means to

describe the system in a way that support in managing

the complexity. In all cases, thorough hazard

identification needs to take place. As a new approach

in hazard identification, systems-theoretic methods

have been proposed to facilitate hazard analysis of

complex systems. Their use in the context of port

automation, however, is largely unexplored.

3 CONCLUSIONS AND

RESEARCH DIRECTIONS FOR

AUTONOMOUS CONTAINER

HANDLING SYSTEMS

Autonomous port logistics face several challenges.

Currently, single technical solutions for autonomous

machine fleet safety systems in port environment

seem to be challenging. Apparently, several means

are need to implement a safe autonomous system. In

all cases, a thorough risk assessment is needed, where

the specific conditions of the automated fleet solution

are taken into consideration.

In the AUTOPORT project, research is

conducted to solve some of the challenges that have

been identified and were described in this paper.

Based on the initial findings, key research directions

that support the development of safe and reliable

autonomous port logistics can be identified:

▪ Development of reliability, availability,

maintainability and safety (RAMS) related

design procedures so that the effects of

autonomy can be addressed. This includes

specification of data models for a database-

centric approach to support RAMS

management.

▪ There is clearly a need for a joint functional

safety, reliability and security approaches

for risk assessment. A holistic approach is

VEHITS 2020 - 6th International Conference on Vehicle Technology and Intelligent Transport Systems

532

required for the assessment of safety,

reliability and security risks of autonomous

logistic systems. Special focus should be put

on considering the interactions between

subsystem and their potential outcomes and

implications. Knowledge on Cyber Physical

Systems (CPS) and Systems of Systems

(SoS) theories is important in handling the

system complexity.

▪ Application of systems-theoretic approaches

to support safety assessments of new

autonomous technologies. This will support

especially the identification of software-

based safety issues and issues in challenging

mixed traffic situations.

▪ Application of relevant standards from other

domains to account for the lack of domain-

specific standardization for port machinery.

The challenges presented in this paper cover only a

part of the larger number of socio-technical and

economic challenges that need to be solved to enable

increasing automation in small and mid-size

terminals. In addition to the mostly technical safety

and dependability aspects presented in this paper, the

entire business case and various operational and asset

management strategies need to be considered to form

a comprehensive understanding of the effects of

autonomy. Solving these challenges could lead to

major advances in container logistics, increasing

efficiency and safety within the terminal, but also

helping in optimization of the entire logistics chain.

ACKNOWLEDGEMENTS

The work presented in this paper is part of the

AUTOPORT project funded by Business Finland

under the Smart Mobility programme.

REFERENCES

AUTOPORT, 2020. Project website. Available:

https://autoport.fi/

Baudin, É, Blanquart, J., Guiochet, J. & Powell, D. 2007.

Independent Safety Systems for Autonomy: State of the

Art and Future Directions, LAAS-CNRS.

Brinkmann B., 2011. Operations Systems of Container

Terminals: A Compendious Overview. In: Böse J. (ed)

Handbook of Terminal Planning. Operations

Research/Computer Science Interfaces Series, vol 49.

Springer.

Čaušević, A. 2017. A risk and threat assessment approaches

overview in autonomous systems of systems. 2017

XXVI International Conference on Information,

Communication and Automation Technologies (ICAT),

Sarajevo, 2017, pp. 1-6.

Fiedler, R., et al., 2019. Autonomous vehicles' impact on

port infrastructure requirements. Fraunhofer Center for

Maritime Logistics and Services CML.

Hämäläinen, J., Yli-Paunu, P. & Peussa, P., 2018.

Automated container terminals and self-driving cars:

Industry outlook. Cargotec Kalmar white paper.

Available:

https://www.kalmarglobal.com/48eaed/globalassets/m

edia/215590/215590_White-paper-Autonomous-cars-

web.pdf

Heath, T., 2018. Autonomous Industrial Machines and the

Effect of Autonomy on Machine Safety. M.Sc Thesis.

Tampere University of Technology.

Heikkilä, E., & Välisalo, T. (2018). A methodological

framework to support the design of safe and secure

autonomous systems. In 9th International Conference

on Safety of Industrial Automated Systems, SIAS 2018:

Proceedings, pp. 110-115. inrs.

Hollnagel, E., 2012. FRAM: The functional resonance

analysis method: Modelling complex socio-technical

systems. Ashgate Publishing Ltd.

ISO 17757:2017. Earth-moving machinery and mining —

Autonomous and semiautonomous machine system

safety. 44 p.

Leveson, N. (2012). Engineering a safer world: Systems

thinking applied to safety. MIT Press.

Malm, T., Vuori, M., Rauhamäki, J., et al., 2011. Safety-

critical software in machinery applications. VTT

Technical Research Centre of Finland. VTT Research

Notes, No. 2601.

PEMA, 2016. Container Terminal Automation.

PEMA information paper. Available:

https://www.pema.org/wp-

content/uploads/downloads/2016/06/PEMA-IP12-

Container-Terminal-Automation.pdf

Pendleton, S., et al. 2017. Perception, Planning, Control,

and Coordination for Autonomous Vehicles. Machines.

5(1), 6.

Pentikäinen, H., Malm, T., & Heikkilä, E., 2019.

Cybersecurity in Autonomous Machine Systems

Development. VTT Technical Research Centre of

Finland. VTT Research Report, No. VTT-R-01087-19

Ramos, M.A., Thieme, C., Utne, I.B. & ; Mosleh, A.

Autonomous Systems Safety – State of the Art and

Challenges. In the Proceedings of the First International

Workshop on Autonomous Systems Safety (IWASS).

11-13 March, 2019, Trondheim Norway. Norwegian

University of Science and Technology (NTNU)

Trondheim, Norway ISBN: 978-82-691120-2-3

SAE-J3016, 2018. Taxonomy and Definitions for Terms

Related to Driving Automation systems for On-Road

Motor Vehicles. SAE International.

Tiusanen, R., Heikkilä, E., Malm, T., & Ronkainen, A.,

2019a. System safety engineering approach and

concepts for autonomous work-machine applications.

In 2019 World Congress: Resilience, Reliability and

Safety and Dependability of Autonomous Systems in Container Terminals: Challenges and Research Directions

533

Asset Management: Conference proceedings (pp. 144-

147). Future Resilient Systems (FRS).

Tiusanen, R., Malm, T. & Ronkainen, A., 2019b. An

overview of current safety requirements for

autonomous machines – review of standards.

Automaatiopäivät23 extended abstracts. Available:

https://www.automaatioseura.fi/site/assets/files/1896/2

3_au-23_paper_23ea.pdf

Tiusanen, R., 2014. An approach for the assessment of

safety risks in automated mobile work-machine

systems. Dissertation. VTT Technical Research Centre

of Finland.

Tähtinen, O., 2018. Safety Requirements of Remote

Operating Station for Container Handling Equipment.

Bachelor’s thesis. Tampere University of Applied

Sciences.

Vuorimaa V, 2019. Readiness Assessment of Engineering

Practices for Designing Autonomous Industrial Mobile

Machinery. M.Sc. (Tech.) thesis. Tampere University.

VEHITS 2020 - 6th International Conference on Vehicle Technology and Intelligent Transport Systems

534