Survivability shall be a major design criteria for all mission critical
equipment. Survivability features include the ability to withstand battle
damage (graceful degradation), to be maintained at maximum readiness during an
engagement (reconfiguration), and to permit rapid repairs following any
casualties (modularity).
4.2.1.1 Battleshort. Interlock bypass circuits shall be provided to override
personnel safety and maintenance interlocks. Interlocks provided for protection
against catastrophic faults shall not be bypassed. Interlock bypass circuits
shall be provided to override equipment interlocks used to protect against
continuously degrading faults and stable degraded faults. Interlock bypass
circuits shall latch so the loss of power does not disable the battleshort mode.
The use of battleshort accepts the potential damage to equipment as a trade-off
for its operation during battle.
4.2.1.1.1 Battleshort indication. Visual indication shall be provided when
the equipment is in the battleshort mode. Indicator lights shall be located in a
position clearly visible to personnel, and on the chassis of the equipment that
is in the battleshort mode. An audible alarm shall be provided to indicate when
personnel hazards exist while in the battleshort mode. Consideration shall be
given to providing a means for manually disabling the audible alarm. The means
for manually disabling the audible alarm shall be such that the audible alarm
will be re-enabled when the alarm signal has been removed. Means shall also be
provided for remote indication of the battleshort mode at supervisory
stations.
4.2.1.1.2 Activation of battleshort. The equipment shall be provided with
means for remote activation of the battleshort mode. The remote feature shall be
so that spurious signals do not disable the battleshort mode. The equipment
shall also be provided with a maintenance switch for disabling of the
battleshort feature, and means for remote indication of the switch position.
Where applicable, the battleshort feature shall be disabled when equipment is in
the training mode. Where equipment has both manual and automatic restart modes,
the equipment shall go into the automatic restart mode when battleshort has been
enabled.
4.2.1.1.3 Catastrophic fault indication. Interlocks for protection against
catastrophic faults shall include provisions to indicate the cause of equipment
shutdown when in the battleshort mode. The indication circuitry shall be so that
status indication will be maintained through power interruptions of up to 8
hours. The intent of this requirement is to identify cause of shutdown following
ship shock trials, or under casualty conditions, when inadvertent loss of power
has occurred. Circuitry used during ship shock trials to meet the foregoing
requirements consisted of a voltage detector which trigger a silicone controlled
thyristor (SCR). This SCR was series connected with a capacitor, resistor, and
light emitting diode (LED). The SCR, when triggered, latches to the "on" state,
and the capacitor discharges through the LED, providing an indication that the
voltage detector has operated.
4.2.1.2 Smart loadshed. Equipment rated 5 kilowatt (kW) or more shall be
provided with a means for being placed in a low power mode when loadshed has
been activated from a remote location. This may include reduced capability,
standby, or turn-off. The low power mode shall be so that the equipment will
automatically resume full specified performance when loadshed has been
deactivated. As an alternative, units may be provided with an uninterruptable
power supply (UPS).
4.2.1.3 Systems monitoring and control. Systems and equipment shall be
designed for supervisory monitoring and control from a central location, for
implementation of a total ship mission readiness assessment and reporting
system. To ensure adequate capabilities, the following information shall be
available: Equipment operational status, battleshort indication, EMCON
condition, interface operations, and capability level. Control capabilities
include the ability to perform smart loadshed, central setting of battleshort,
EMCON, and combat system reconfiguration control. For equipment that does not
have a local area network (LAN) interface and requires low volume
communications, the monitoring and control capabilities may be incorporated
using a North Atlantic Treaty Organization (NATO) Low Level Serial interface in
accordance with MIL-STD-1397. Specifications for equipment level communications
devices are provided in the appendix of MIL-STD-1397. For submarine
applications, specific guidance shall be provided by OP-02 in conjunction with
Naval Sea Systems Command (NAVSEASYSCOM)(SEA-08).
4.2.1.4 Redundancy and enclaving. Redundancy criteria shall be determined
from the operating requirements and includes multiple independent signal paths,
parallel processing, auxiliary/standby components, and backup controls to
eliminate single points of failure. Modularizing and enclaving shall be utilized
to improve the equipment survivability and to reduce MTTR. Modularizing should
incorporate the use of SEM, SPS, and SES (see 4.1.2.1 ).
4.2.1.5 Special considerations. Although the combatant's mission priority may
be simultaneous engagement of multiple threats and other tactical offensive
capabilities, the equipment designer shall also consider soft kills that may be
inflicted by lightly armed adversaries, for example gunboats. The concern is
secondary damage (fragmentation, water and heat) resulting from otherwise
inconsequential hostile fire. Also, a higher level of survivability is needed
for point defense and maneuverability subsystems for a damaged combatant to
safely withdraw and effect repairs.
