.GIF){kind=small}
EC ADVISES Research Training Network
Learning from Incidents Involving Electronic/Programmable Electronic Systems
NASA/ICASE Research `Fellowship' on Mishap Investigation
Elaboration of Guidelines for Air Traffic Management Occurence Reporting
Communication of Knowledge (about Accidents) from Synthesised Web Sites
I am coordinator of the European Commission's ADVISES Research Training
Network.
This bring together researchers from seven European countries in a three
year project to exchange techniques between human factors and human
computer interaction for safety-critical systems.
Here is the project
home page.
The engineering of interactive, safety-critical systems is an
inter-disciplinary endeavour. This creates a number of practical
problems for many different industries. Organisations must integrate
techniques and methods for many different disciplines. These range from
hardware engineering through to human factors and management. The
difficulty of achieving such integration stems in part from a mutual
ignorance about these complementary disciplines, in part from a lack of
methods in certain areas and in part from a failure to effectively
integrate existing methods and techniques. We believe that the only way
to solve such a problem is to have a tight integration of research
contributions from all the disciplines relevant to the problem, namely:
HSE/Adelard Project
IEC 61508 is a key stanbdard for both industry and the UK Health and
Safety Executive.
It sets out the requirements for E/E/PES systems within a generic
framework that defines the safety lifecycle and safety management
activities that should be followed.
One of these requirements is to learn from the experience of previous
failures.
In this project jointly organised between the HSE, Adelard and Bill
Black consulting wer are first interviewing the suppliers and users of
electronic programmable systems
to identify any existing incident reporting systems.
Based on the information gained from this elicitation system we will
prepare draft national guidelines for the development of such reporting
systems so that other
companies can benefit from the experience of other operators in this
area.
NASA Langley Research Centre Project
NASA operates several different mishap reporting systems.
These range from local applications that are operated by staff in each
centre through to the NASA Safety Reporting System that operates across
all facilities.
This fellowship will investigation techniques to support these and other
forms of mishap reporting within NASA.
The first strand of work involved a comparative evaluation of mishap
investigation and analysis techniques.
We focussed on lifecycle support throughout the course of an
investigation.
The second strand of research was more technical in nature and involved
an analysis of the problems that material implication can create when
mathematical, logic formalisms are used to reason about causation.
The third strand of research involved two independent analysts using
Leveson's STAMP methodology to analyse the causes of the SOHO mission
interruption.
EUROCONTROL contract
This project is intended to help Air Traffic Management (ATM) providers
implement and maintain mandatory and voluntary occurrence reporting
systems.
The output of this project will be a detailed set of guidelines that
European ATM providers can use to achieve the objectives set by
EUORCONTROL's ESARR2 requirements.
Our work focusses on a number of generic phases that are common across
many existing incident reporting systems.
Occurrence detection and notification is followed by data acquisition.
Data acquisition is
followed by
occurrence reconstruction. Occurrence reconstruction, in turn is
followed by incident analysis and criticality
assessment. Finally, the lessons that can be learnt from an occurrence
are fed back to personnel and
regulators. Each of these phases is considered in turn and a number of
recommended practices are identified.
UK EPSRC Grant No. GR/M98302
Web sites are increasingly replacing the dissemination of accident
reports through conventional, paper-based documents.
Unfortunately, most investigation authorities have insufficient
resources to best exploit the visualisation and presentation
opportunities of the new media.
They simply provide electronic versions of the text-based document.
Occasionally hypertext links are provided within single reports.
There are, as yet, no on-line examples of accident reports that
contain hypertext links between incidents.
This is a significant limitation because many people have argued that
designers must have a clear understanding of common causes between
multiple failure if they are to prevent future accident and incidents.
This proposal is predicated on the idea
that it is practical to separate, formally, the information content
of Web sites from their presentational form and to derive content
via automated synthesis.
This approach can yield reduced costs and new opportunities to improve
the presentation of electronic accident reports.
Chris Johnson,
Dave Robertson (1), John Lee (2), Corin Gurr (2),
UK EPSRC Grant No. GR/L27800
A number of techniques might be used to reason about the causes of operator 'error' during disasters. For instance, user models have been developed to represent the cognitive and perceptual features that characterise interaction with complex systems (Duke, Barnard, Duce and May, 1995).
Unfortunately, these models lack some of the precision that is required during accident enquiries that have both legal and regulatory consequences. In contrast, epistemic logics have been proposed as a precise and concise means of representing an individual's beliefs over time (Fagin, Halpern, Moses and Vardi, 1995).
The innovative idea behind this proposal is that epistemic logics provide a link between the formal methods of systems engineering and the user models that have been developed in cognitive psychology.
No previous attempts have been made to exploit this link or to apply epistemic logics to support accident investigations.
Chris Johnson
UK EPSRC Grant No. GR/K55042
Chris Johnson
Analysis Design and Validation of Interactive
Safety-critical and Error-tolerant Systems
This partners in this research and training network have recognised
expertise in each of the areas mentioned above.
Our main objective is to provide a multi-disciplinary research training
that can combat the impact of human error during the design, operation
and management of safety-critical, interactive systems.
Additionally, the exchange of knowledge, practices, tools and experience
between adjacent (but still too distinct) disciplines can lead to the
efficient integration of complementary research methods.
Ultimately, it is hoped that this will contribute to a new and more
unified research agenda for the developmentof safety-critical,
interactive systems.
Learning from Incidents Involving Electronic/Programmable Electronic
Systems
NASA/ICASE Research `Fellowship' in Mishap Investigation
Elaboration of Guidelines for Air Traffic Management Occurence
Reporting
Communication of Knowledge (about Accidents) from Synthesised Web Sites
Department of Computing Science, University of Glasgow.
johnson@dcs.gla.ac.uk.
(1) Division of Informatics, (2) Human Communication Research Centre,
University of Edinburgh.
dr@dai.ed.ac.uk, {john, corin}@cogsci.ed.ac.uk
Linking User and System Models to Analyse the Causes of Major Accidents
Department of Computing Science, University of Glasgow.
johnson@dcs.gla.ac.uk.
Principles For The Use Of Formal Notations During Accident Investigations
Accident reports are intended to ensure that the faults of previous systems are
not propagated into future applications.
They contain the analysis of many different experts: human factors specialists;
control engineers; meteorologists etc.
Unfortunately, the insights of these investigators are typically separated into
chapters that reflect the concerns and expertise of their authors.
This separation creates a number of problems.
For instance, critical incidents in one analysis may not appear in other chapter
s.
This makes it difficult to accurately trace the complex interactions that lead t
o major accidents.
This can obscure the fundamental causes of an accident
This project exploits temporal logic to address the problems described above.
A formal notation will be used to represent the events leading to major accident
s.
Executable temporal logics will then be used to animate the formal descriptions.
The resulting simulations are intended to provide a focus for further analysis b
y the various groups involved in accident analyses.
The innovative task in this proposal is to move from my previous analytical
application of formal methods to develop constructive techniques that support th
e production of accident reports.
Department of Computing Science, University of Glasgow.
johnson@dcs.gla.ac.uk.
Publications
Using Petri Nets To Support Natural Language In Accident Reports
Using Graphical Formalisms To Support Accident Investigations
The Formal Analysis Of Human-Computer Interaction During Accidents Investigati
ons
UK EPSRC Grant No. GR/J07686
Operator error has been cited as a contributory factor in many recent accidents.
It is, therefore, surprising that so little work has been done into the integrat
ion of human factors techniques within traditional systems engineering.
This project is addressing this short-coming.
We are investigating ways in which the products of probabilistic risk assessment
s can be used to guide and inform the development of human-machine interfaces to
safety-critical systems.
In particular, we have developed formal specification techniques that can be use
d to represent and then simulate critical traces of interaction with complex app
lication processes.
Chris Johnson
Department of Computing Science, University of Glasgow.
johnson@dcs.gla.ac.uk
Michael Harrison and Andy Dearden
Department of Computing Science, University of York.
{mdh,andyd}@minster.york.ac.uk.
EOLAS/British Council Grant No. 9284
Accident reports are intended to ensure that failures do not recur.
They contain the analysis of many different experts, including human factors and
systems engineers.
The insights of these investigators are often separated into chapters that refle
ct the particular concerns and expertise of their authors.
Such a separation often makes it difficult for readers to trace the ways in whic
h human and system `failures' combine to create the necessary conditions for an
accident.
This project is exploiting mathematically based modelling techniques to overcome
this problem.
It is hypothesised that the application of formal notations can be extended from
the domain of systems engineering in order to represent the findings of human f
actors analyses.
In particular, it is argued that Timed Petri Nets can be used to represent and r
eason
about the concurrent behaviour of multiple operators and their systems.
Tool support can be recruited to validate the resulting nets.
The sequences of events leading to an accident can be simulated and shown to hum
an
factors and systems engineers.
This, in turn, may elicit further observations about the causes of an accident.
A near collision analysed by the U.K. Department of Transport's Air Accident Inv
estigations
Branch (AAIB) are being used in order to evaluate this approach.
Chris Johnson
Department of Computing Science, University of Glasgow.
johnson@dcs.gla.ac.uk
Peter Wright
British Aerospace's Dependable Computing Systems Centre,
Department of Computing Science, University of York.
pcw@cs.york.ac.uk
John McCarthy
Applied Psychology Unit, University College Cork, Ireland.
mccarthyj@iruccvax.ucc.ie
johnson@dcs.gla.ac.uk