Running head: HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 1

Hazard Analysis Techniques Performed on the M109 Howitzers Fire Control System

Name

Institution
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 2

Table of Contents

Executive Summary ........................................................................................................................ 3

Introduction ..................................................................................................................................... 4

Description of M109 Howitzer Fire Control System ...................................................................... 4

Vehicle Reference Unit (VRU) ................................................................................................... 5

Commander's Control and Display Unit & Tactical Computer (CDU&TC) .............................. 6

Gunner's Display Unit (GDU) .................................................................................................... 6

Muzzle Velocity Radar (MVR) .................................................................................................. 7

Vehicle Motion Sensor (VMS) ................................................................................................... 7

Methodology ................................................................................................................................... 7

Findings and Analysis ..................................................................................................................... 9

Conclusion and Recommendations ............................................................................................... 12

References ..................................................................................................................................... 15
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 3

Executive Summary

This paper details the hazard analysis of the M109 Howitzer fire control system. The

hazard assessment has been accomplished using the Hazard Analysis Types and Techniques

(PHL, PHA, SSHA, SHA, HHA, O&SHA, and SRCA).The system comprises of different

elements, including Vehicle Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion

Sensor (VMS), Commander's Control and Display Unit & Tactical Computer (CDU&TC) and

the Muzzle Velocity Radar (MVR). The assessment has revealed the existence of various hazards

that exist at different levels (see the filled-in Excel sheet attached alongside this document).

Every element, including hardware, system functions, energy sources, software, hazardous

operation and hazardous material has some inherent hazard factors. It is recommended that the

most appropriate measure of assuring health and safety is managing the systems to minimize

risks focusing on two levels: system management and personnel management. It is also

important to develop a checklist tailored to these areas. Monitoring and evaluation using tools

such as Root-cause analysis (RCA) are also critical for the M109 Howitzer fire control system

sustainable health and safety protocols.

HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 4

Introduction

M109 is self-propelled howitzer with a155 mm turret (Department of the Army, 1994). It

continues to serve as one of the most common indirect fire support weapons owned by armored

and mechanized infantry maneuver brigade divisions. The artillery often comprises of six crew

members: the driver, the section chief, two ammunition handlers, the gunner and assistant

gunner. The role of the gunner is to focus the cannon through movement, while the assistant gun

focuses the cannon through vertical movement. Since its introduction, M109 howitzer has now

undergone various system upgrades to increase its capability (Military Today, 2017). One of the

critical components in the M109 howitzer is the fire control systems. In acknowledgement of the

severe restrictions of operation that are placed on the modern combat machines by the traditional

methods of deployment and survey systems, part of the focus of the military engineers have been

to develop modular artillery fire control systems that are aimed at providing the highly adaptive

and effective solutions to keep abreast with the modern deployment environment. M109

howitzer is now fitted with the modular artillery fire control systems. The aim of this paper is to

perform a hazard analysis of M109 howitzer, focusing on its fire control systems.

Description of M109 Howitzer Fire Control System

The M109 Howitzer Fire Control System is designed to provide a computer-supported fire

operation, starting from preparation, identification of firing direction and controlling the fire

(Astronautics, 2018). It also provides digital integration for various fire support systems. The

system is defined by various essential technical specifications. These specifications include

mission planning and firing in digital environment, gun heading measurements and continuous

gun location supported by the Inertial Navigation Systems, accurate and rapid ballistic

calculations, displays of combat area on a digital map, precise and automated gun laying,
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 5

communication system supported by digital radios, mission-oriented graphical-user interfaces

and fire command displays derived from ballistic calculation. The system can also use

information derived from Muzzle Velocity Radar to support muzzle velocity management and it

is integrated with NATO Armaments Ballistic Kernel that computes and provides firing

commands (ASELSAN, 2018).

The M109 Howitzer Fire Control System comprises of various components. The key

components include the Vehicle Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion

Sensor (VMS), Commander's Control and Display Unit & Tactical Computer (CDU&TC) and

the Muzzle Velocity Radar (MVR). The figure 1 below illustrates the key components of the

M109 Howitzer Fire Control System. The functions of these components are described in

sections as follows.

Figure 1: the key components of the M109 Howitzer Fire Control System (Astronautics, 2018).

Vehicle Reference Unit (VRU)

The Vehicle Reference Unit comprises of the inertial navigation unit with either

embedded or external GPS receivers. This component is installed on the gun’s elevating mass
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 6

and functions to provide a precise output of the attitude and position of the weapons. The

purpose of the VRU component is performing all the attitude, navigation, north finding and

pointing functions.

Commander's Control and Display Unit & Tactical Computer (CDU&TC)

The Commander's Control and Display Unit & Tactical Computer components provide

the man-machine interface. This system is often used by the gun’s commander. The gunner is

also provided with the similar unit to support the aiming functions. The component comprises of

a powerful computer process that provides overall system control, fire control computation, and

management. CDU&TC have high brightness backlights, the programmable keys for

manipulating functions and color liquid crystal displays to support user-machine interface. The

display is designed to allow a wide-angle viewing area, yet it also provides a high-resolution

image supported by high brightness rays to support sunlight readability. The system has buttons

that are placed on the front bezel to support menu-driven operations. In essence, the CDU&TC

offers different types of system management, as well as M109 Howitzer Fire Control System’s

task processing. The system level functions that this component discharges can be listed as the

generation of graphic display, ballistic computation, the on-board technical fire control and the

overall system mode control. The system is incorporated with software that allows customization

for flexible operations.

Gunner's Display Unit (GDU)

The gunner is also provided with a unit similar to the Commander's Control and Display

Unit & Tactical Computer to support the aiming functions. Like the CDU&TC, the component
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 7

comprises of a powerful computer process that provides overall system control, fire control

computation, and management.

Muzzle Velocity Radar (MVR)

The M109 Howitzer Fire Control System is designed in a way that allows it to accept and

read inputs from the Muzzle Velocity Radar, which provides continuous monitoring of the gun

wear effects in a manner that is predictive, and thereby support the improvement of the ballistic

computation. The processing units of the Muzzle Velocity Radar, including the antennae, are

implanted in front of the cradle to enhance efficiency. The measurements derived from the MVR

kit are featured in the ballistic computation process, aided by a predictive algorithm. This feature

enables the M109 Howitzer Fire Control System to improve the effectiveness of the weapon

deployment on first-round, eliminating the need for traditional calibration rounds.

Vehicle Motion Sensor (VMS)

The M109 Howitzer Fire Control System is fitted with Vehicle Motion Sensors. This

component can be installed in the engine or planted in the gear transmission compartment. The

functions of the component are to provide the measurements of the wheels or tracking the speeds

of the Vehicle Reference Unit on course of the gun and vehicle movement. This feature is aimed

at providing optimal system performance.

Methodology

The hazard assessment of the M109 Howitzer Fire Control System was accomplished

using the Hazard Analysis Types and Techniques (PHL, PHA, SSHA, SHA, HHA, O&SHA, and

SRCA), based on the pre-designated system design building upon the preliminary hazard list

created in fulfillment of Project 3 requirements of EGR/ASEM-610. In essence, the hazard

HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 8

analysis was conducted in accordance with the PHL methodology presented by Ericson, (2016),

which guides that hazard analysis should be systematic; it should start with identifying the

potential hazard by drawing a preliminary hazard list, and then proceed to analyze the nature and

form of vulnerabilities as dictated by different hazard analysis types and techniques through

PHA, SSHA, SHA, HHA, O&SHA, and SRCA. The table below summarizes the definitions of

these hazard analysis techniques.

Hazard Analysis Technique Full Name Focus

PHL The Preliminary Hazard List Identifies various

vulnerabilities inherent to

system components

PHA Preliminary Hazard Analysis Analyzes the hazards

identified by the PHL

SSHA Subsystem and System Hazard Analyzes the general and

Analyses subsystem component hazards

SHA System Hazard Analyses Analyzes the general system

hazards

HHA Health Hazard Analysis Analyses the health hazards

posed by the general system

O&SHA, Operating and Support Hazard Analyzes the hazards

Analysis association with human

factors

SRCA Safety Requirements Criteria Analyzes the hazards

Analysis associated with safety and

HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 9

criteria requirements

The list components that informs the scope of the analyses are varied and include: cannon

tube, subsystem cannon tube, breech bore evacuator, muzzle brake, thrust collar, travel lock,

hydraulic subsystem, rammer variable recoil, cannon equilibrator, power pack, actuating valve,

tray handle, blocking valve, cylinder valve, sighting subsystem, elbow telescope, panoramic

telescope, panoramic telescope, ballistic cover, alignment device, collimator, and dial sight. The

assessment task was to identify the hazards inherent to these components by filing the excel

sheet.

The scope of subsequent PHA, SSHA, SHA, HHA, O&SHA, and SRCA was further

limited to hardware, system functions, energy sources, software, hazardous operation and

hazardous material. Thus, the analysis work largely entailed identifying the hazards, analyzing

them and filling the 7 HAT worksheets corresponding to these areas.

Findings and Analysis of PHA, SSHA, SHA, HHA, O&SHA, and SRCA

The M109 Howitzer Fire Control System analysis based on PHA, SSHA, SHA, HHA,

O&SHA, and SRCA presents different forms of multi-faceted hazards, which have different

magnitudes of effects to the system, as well as the operating personnel and the successfulness of

the mission (see the filled-in Excel sheet attached along this paper). These different forms of

hazard can be broadly divided into five areas: hazardous components, hazardous functions,

Energy sources, hazardous operation and hazardous material. These areas are discussed in the

corresponding section.

Hazardous Components

The PHA, SSHA, SHA, HHA, O&SHA, and SRCA analysis reveals various hazardous

functions associated with the M109 Howitzer Fire Control System, which poses different health
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 10

and safety risks. The associated risks largely have to do with likelihood of mission failure,

system destruction and causing injury to the personnel. The examples of hazards and associated

risks include the variable recoil system hitting the personnel that results either injury or damage

to the system itself. Another example of the hazard is failure of the M82 primer or M4 Series

Propelling Charges that results in the minute delay in the mission or possible mission failure.

Other examples of hardware hazards that could result in similar problems are computer button

failure, radio failure and monitor failure, among others. The M109 Howitzer Fire Control System

also relies on the computer to integrate the functions of Vehicle Reference Unit, Gunner's

Display Unit (GDU), Vehicle Motion Sensor (VMS), Commander's Control and Display Unit &

Tactical Computer (CDU&TC) and the Muzzle Velocity Radar (MVR). The computer works

based on the programmable software. The failure of the software can result in a number of risks,

including harming the personnel and destruction of system translating to mission failure. The

software is vulnerable to problems such as the virus and errors in programming that slows the

system or causes total failure. Software error could result cause the computer to displays

incorrect data or unreadable data, resulting in round landing off target, causing loss of personnel

and equipment. The unreadable computer display can also result in mission failure due to digital

communications.

Hazardous Functions

The PHA, SSHA, SHA, HHA, O&SHA, and SRCA analysis of system function presents

various hazards associated with the M109 Howitzer Fire Control System. The effects of these

system hazards are also varied, including the harming the personnel, destruction of system and

mission failure. All the M109 Howitzer Fire Control Systems, which include Vehicle Reference

Unit, Gunner's Display Unit (GDU), Vehicle Motion Sensor (VMS), Commander's Control and
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 11

Display Unit & Tactical Computer (CDU&TC) and the Muzzle Velocity Radar (MVR) are

subject to hazards inherent to system components, material, hardware and software that could

either harm the personnel or cause malfunction.

Energy Sources

Based on PHA, SSHA, SHA, HHA, O&SHA, and SRCA analysis, the M109 Howitzer

Fire Control System is presented with various hazardous energy sources. One of the energy

sources of the system is diesel, which is burnt to generate the system power. The system is also

fitted with a battery to provide energy to ignition circuit systems and power some operations.

The combustion of oil can by accompanied by the production of harmful gases such as carbon

monoxide that can cause illness, permanent neurological damage, loss of life. The battery can

also malfunction and cause the failure of the entire system and failure. A similar problem can be

caused by the malfunctioned generators.

Hazardous Operation

The M109 Howitzer Fire Control System is subject to various hazardous operations that

are revealed in PHA, SSHA, SHA, HHA, O&SHA, and SRCA. For example, the GDU can fail

to display correct data, denying the crew the needed information to perform the mission. The

premature or late functioning of fuze up to 1 sec could cause the Round to detonate as close as

300 meters from tube, resulting in the injury to personnel and equipment. The loss

communication during fire mission can cause failure to receive emergency voice commands

resulting in failed mission. The propellant may fail to ignite properly in a cook off, which could

cause a blowback. This problem could lead to the potential injury or loss of life to personnel and

damage to the equipment. The operation failures are also associated with different human

factors. For example, the failure to inspect ammunition could result in unnecessary ammunition
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 12

malfunctions, which could cause bodily injury. The improper lay for elevation will result in

round impacting left or right of the target causing possible loss of life, while the wrong fuze

settings will result in premature or late round exploding, which could cause injury or loss of life

to personnel.

Hazardous Material

The M109 Howitzer Fire Control System also entails interaction to various hazardous

materials that could either harm the personnel or destroy system and limit the mission success, as

revealed by PHA, SSHA, SHA, HHA, O&SHA, and SRCA. For example, tritium gas escaping

from the broke valves could be inhaled by operating personnel. This contact could cause

different health problems depending on exposure. It could also cause the system to fail to

illuminate and result in mission failure. The propellant charge disposal requires burning of

charges, and can lead to damage to environment or cause injuries to personnel and destruction to

the equipment. Diesel fuel spill during refueling could cause injury to eyes, skin, lungs and it is

an environmental hazard, too. Hydraulic fluid spill may cause swelling and redness to the skin.

It can also cause intestinal problems which could ultimately lead to death and presents an

environmental pollutant. Radiator coolant (Anti-freeze) spillage is poisonous to humans and

other animals. If ingested can lead to severe diarrhea, vomiting, kidney failure and death.

Conclusion and Recommendations

In conclusion, the aim of this paper was to perform a hazard analysis of the M109

Howitzer, focusing on its fire control system. This analysis has been motivated by the

acknowledgement of the severe restrictions of operation that are placed on the modern combat

machines by the traditional methods of deployment and survey systems, which necessitates

questioning and assessing whether the artillery fire control systems are well placed to provide the
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 13

highly adaptive and effective solutions that keep abreast with the modern deployment

environment.

M109 Howitzer Fire Control System comprises of different elements, including Vehicle

Reference Unit, Gunner's Display Unit (GDU), Vehicle Motion Sensor (VMS), Commander's

Control and Display Unit & Tactical Computer (CDU&TC) and the Muzzle Velocity Radar

(MVR). The hazard assessment has been accomplished using the Hazard Analysis Types and

Techniques (PHL, PHA, SSHA, SHA, HHA, O&SHA, and SRCA). The PHL was interested in

hazards inherent to components of the subsystems, while the subsequent PHA, SSHA, SHA,

HHA, O&SHA, and SRCA narrowed on issues pertaining to hardware, system functions, energy

sources, software, hazardous operation and hazardous material.

The assessment has revealed the existence of various hazards that exist at different levels

(see the attached filled-in Excel sheet). As can be inferred, every element, including hardware,

system functions, energy sources, software, hazardous operation and hazardous material has

some underlying hazard factors. More importantly, all the identified hazards have the potential of

causing serious health and safety risks such as fire explosions, environmental pollution,

personnel injury, poisoning and system destruction.

In light of these issues, several recommendations can be put forth. Firstly, the safety

management team will need to first recognize that most hazards cannot be completely eliminated

because they are inherent to system components. Therefore, the most appropriate ramification

measures should include managing the systems to minimize risks. This process should be done at

two levels: system management and personnel management. In this case, the system

management level concerns itself with all the measures facing M109 Howitzer Fire Control

System, which include maintaining and upgrading systems to foster efficiency and reduce faults.
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 14

In contrast, personnel management focuses on addressing the human factor risks, which include

training and development of the human resource to improve their skills and capacity to assure

efficiency and shun personnel-related health and safety risks.

It will also important for the safety team to develop healthy and safety checklist tailored

to these areas. Monitoring and evaluation of system health and safety should also be continuous

and objective. Incidents and accidents should also be objectively documented to inform

corrective and preventative actions. The safety management team is presented with techniques

such as Root-cause analysis (RCA) for managing and preventing mishaps. Root-cause analysis

(RCA) spans processes, approaches, techniques, and tools that seek to identify and address the

cause of a problem to prevent it from recurring (Sue, 2017). In other words, RCA can be

conceived as an integrated approach that breaks down processes and systems and studies to

establish nonconformities, guided by questions such as what happened, why the incidents happen

and the changes that ought to be taken to prevent the problem. The model rightly assumes that

problems that occur in systems may be varied but traces to certain main causes that, if addressed,

would prevent other problems from happening. It then also rightly recognizes that system

components are so holistically related that they should be approached using an integrated system

approach. Like RCA, other tools such Failure Mode and Effect Analysis (FMEA) also present

comprehensive and systematic steps for identifying and addressing the causes of errors that

compromise the health and safety (Dubale, Suleman, & Gurmesa, 2017). Evidently, the process

of managing health and safety within the M109 Howitzer Fire Control System can be seen to be

relatively demanding to the extent that it can be inferred to particularly count on informed

management.
HOWITZERS FIRE CONTROL SYSTEM HAZARD ANALYSIS 15

References

ASELSAN. (2018). Fire Control Systems. Retrieved from http://www.aselsan.com.tr/en-

us/press-room/Brochures/Command-Control-Comm-Computer-

Systems/FIRE_CONTROL_SYSTEMS_ENG.pdf

Astronautics (2018). Artillery Fire Control System. Retrieved from

http://www.astronautics.co.il/land/artillery-fire-control-system

Department of the Army (1994). Operator’s Manual For Howitzer, Medium, Self-

Propelled,155mm. BAE Systems Land & Armaments, L.P. Unlimited Government

Rights

Dubale, S., Suleman, S., & Gurmesa, A. (2017). Failure Mode and Effect Analysis (FMEA) of

IV-Medication Process in Mettu Karl Hospital, Mettu Town, Oromiya Regional State,

South West Ethiopia. Retrieved from https://sciforschenonline.org/journals/clinical-

research/article-data/CLROA-3-118/CLROA-3-118.pdf

Ericson, C. A. (2016). Hazard Analysis Techniques for System Safety (2nd ed.). Hoboken: John

Wiley & Sons Inc.

Military Today (2017). M109: 155 mm self-propelled artillery system. Retrieved from

http://www.military-today.com/artillery/m109.htm

Sue, A. (2017). Root Cause Analysis (RCA) Getting to the Reasons for the Problem. 2017

NCALA Symposium People, Purpose and Passion Winston-Salem, NC October 10, 2017