Traditional hazard analysis techniques are grounded in reliability theory and analyze the human controller-if at all-in terms of estimated or calculated probabilities of failure. Characterizing sub-optimal human performance as "human error" offers limited explanation for accidents and is inadequate in improving the safety of human control in complex, automated systems such as today's aerospace systems. In an alternate approach founded on systems and control theory, Systems-Theoretic Process Analysis (STPA) is a hazard analysis technique that can be applied in order to derive causal factors related to human controllers within the context of the system and its design. The goal of this thesis was to extend the current human-controller analysis in STPA to benefit the investigation of more structured and detailed causal factors related to the human operator. Leveraging principles from ecological psychology and basic cognitive models, two new causalfactor categories-flawed detection and interpretation offeedback and the inappropriate affordance of action-were added to the human-controller analysis in STPA for a total of five categories. In addition, three of the five human-controller causal-factor categories were explicitly re-framed around those environmental and system properties that affect the safety of a control action-the process states. Using a proposed airspace maneuver known as In-Trail Procedure, a former STPA analysis was extended using this updated human-controller analysis. The updated analysis generated additional causal factors under a new categorical structure and led to new instances of specific unsafe control actions that could occur based on additional human factors considerations. The process, organization, and detail reflected in the resultant causal factors of this new human-controller analysis ultimately enhance STPA's analysis of the human operator and propose a new methodology structured around process states that applies equally as well to an automated controller. Thesis Supervisor: Nancy G. Leveson Title: Professor of Aeronautics and Astronautics and Engineering Systems
[1]
John R. Boyd,et al.
The Essence of Winning and Losing
,
2012
.
[2]
Jens Rasmussen,et al.
Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models
,
1983,
IEEE Transactions on Systems, Man, and Cybernetics.
[3]
P. King,et al.
Ten Questions About Human Error, A New View of Human Factors and System Safety - [Book reviews]
,
2005,
IEEE Engineering in Medicine and Biology Magazine.
[4]
J Reason,et al.
The contribution of latent human failures to the breakdown of complex systems.
,
1990,
Philosophical transactions of the Royal Society of London. Series B, Biological sciences.
[5]
Nancy G. Leveson,et al.
Engineering a Safer World: Systems Thinking Applied to Safety
,
2012
.
[6]
Sidney Dekker,et al.
The re-invention of human error
,
2001
.
[7]
Kurt Colvin,et al.
Is Pilots’ Visual Scanning Adequate to Avoid Mid-Air Collisions?
,
2005
.
[8]
Cody H. Fleming,et al.
Safety Assurance in NextGen
,
2012
.
[9]
Kim J. Vicente,et al.
An Ecological Approach to Interface Design
,
1998
.
[10]
Mark S. Young,et al.
The Field Guide to Understanding Human Error
,
2008
.
[11]
Alan D. Swain,et al.
Human reliability analysis: Need, status, trends and limitations
,
1990
.
[12]
Nancy G. Leveson.
Completeness in formal specification language design for process-control systems
,
2000,
FMSP '00.
[13]
William James,et al.
Essays in Radical Empiricism
,
1907
.
[14]
Emery R. Hayhurst,et al.
Industrial Accident Prevention, A Scientific Approach
,
1932
.
[15]
John P. Thomas,et al.
Extending and automating a systems-theoretic hazard analysis for requirements generation and analysis
,
2013
.
[16]
Sidney Dekker,et al.
Ten Questions About Human Error : A New View of Human Factors and System Safety
,
2004
.
[17]
Nancy G. Leveson.
Intent Specifications: An Approach to Building Human-Centered Specifications
,
2000,
IEEE Trans. Software Eng..