This post is the first one in a two-part series. It is inspired by the continuous stream of news about fires of electric vehicles (EVs) and energy storage systems (ESS) with Li-ion cells.
In this article, I apply Rasmussen's model of operational boundaries to the domain of battery engineering. I first shortly introduce Rasmussen's model and discuss its application to cell and battery manufacturing. Then, I present a modified version of that model: the model of cell and battery engineering boundaries. These boundaries are safety, cost/energy efficiency/life-cycle impacts, and performance.
I then explore the various tradeoffs between safety, cost, and performance in the cell and battery design space.
Finally, I identify an important design challenge: the huge time delay between the moments when engineering decisions are made and the consequences of these decisions: battery fires.
In the next article, I'll discuss some effective strategies for coping with the delayed safety feedback that battery manufacturers can use to reduce the incidence of battery fires.
Note: I use the words "engineering" and "design" interchangeably throughout this article.
Rasmussen created the model of operational boundaries for environments where people take many big and small actions, and some of these actions could potentially lead to failure. Examples of such environments are a hospital with doctors and nurses, airline operations with pilots and flight managers, and an internet service with site reliability engineers who run it.
There are three "forces" in this model that determine "gradients" that affect people's behaviour: economic/efficiency, workload/fatigue, and safety culture, and the three corresponding boundaries. Please refer to Rasmussen's paper "Risk Management in a Dynamic Society" for more explanations.
However, battery accidents usually happen because of unpredictable and unavoidable cell failures and not because electric vehicle or energy storage owners or operators did something wrong with their batteries. Cell engineers, people who are involved in cell manufacturing (including end-of-line testing), battery engineers, people in battery manufacturing, and fleet managers have more agency in reducing the incidence of battery fires than vehicle operators.
Rasmussen's model directly applies to the environment of cell and battery manufacturing floor. Due to the long working hours and the limited time that factory workers are permitted to spend on each batch of cells and each battery produced (pushed by the market pressure to make batteries cheaper), workers could forget to do or consciously skip some "unnecessary" checks. Testers could overlook some suspicious test results or monitoring data. Thus, some defects could make their way into the final product: cells or batteries. These defects could eventually become the cause of a battery fire.
The safety of the factory workers themselves is an even more classical application of Rasmussen's model. In this context, accidents are the situations when the workers are exposed to hazardous chemicals or electric shock, for example, because they are too tired or don't have enough time to follow all the necessary safety procedures.
I don't focus on these two contexts in this writing. Occupational safety has been studied for more than 100 years. Production quality control is a younger field of study though, plus the gigafactory scale together with the Industry 4.0 level of automation open a new perspective and call for new methods and practices. Still, since I haven't worked closely with production, other people will write about the quality control of cell and battery manufacturing better than I can.
For the domains of cell and battery engineering, I use the basic structure of Rasmussen's model, but change most of the specifics. First of all, while Rasmussen maps out the practice/behaviour/operational space, which means that the points in that space are different sets of practices and actions that people actually do in their work, I model cell/battery design space, i. e. the points on the picture below are different cell and battery designs.
