One of the fundamental principles of the nuclear weapons safety community is to base their safety devices upon fundamental physical principles.
Posted in fail safe, nuclear weapons safety, Safety, Uncertainty | Tagged assumption, Epistemically risk, fundamental safety | Leave a Comment »
In an article published in the online magazine Spectrum Eliza Strickland has charted the first 24 hours at Fukushima. A sobering description of the difficulty of the task facing the operators in the wake of the tsunami.
Her article identified a number of specific lessons about nuclear plant design, so in this post I thought I’d look at whether more general lessons for high consequence system design could be inferred in turn from her list.
Posted in Common cause failures, Nuclear Power Safety, organisational safety cultures, System architecting | Tagged disaster response, Fukushima | Leave a Comment »
The UK Track Operatives Strategic Safety Action Statement for 2009-2011 is now available here. They don’t get much better than this 
Posted in Humour | Tagged Safety plans, TOSSAS, UK Rail | Leave a Comment »
A330 Right hand (1 & 3) AoA probes (Image source: ATSB)
In an earlier post I commented that in the QF72 incident the use of a geometric mean (1) instead of the arithmetic mean when calculating the aircrafts angle of attack would have reduced the severity of the subsequent pitch over.
Which leads into the more general subject of what to do when the real world departs from our assumption about the statistical ‘well formededness’ of data.
Posted in Aerospace Safety, Fault tolerance, Uncategorized | Tagged arithmetic, geometric, Population statistics, QF 72, spiky data | Leave a Comment »
I’ve recently been reading John Downer on what he terms the Myth of Mechanical Objectivity. To summarise John’s argument he points out that once the risk of an extreme event has been ‘formally’ assessed as being so low as to be acceptable it becomes very hard for society and it’s institutions to justify preparing for it (Downer 2011).
Posted in Aerospace Safety, Complexity, Epistemic Risk, fail safe, Uncertainty | Tagged AC 25.1309-1 (1988), DO-178B, FAR Part 25, Fukushima, IEC 61508, John Downer, Myth of Mechanical Objectivity, Possibilistic, Probabilistic, Risk | 1 Comment »
Why We Automate Failure
A recent post on the interface issues surrounding the use of side-stick controllers in current generation passenger aircraft led me to think more generally about the the current pre-eminence of software driven visual displays and why we persist in their use even though there may be mismatches between what they can provide and operators needs.
Posted in Cognitive psychology, System architecting, The human machine interface | Tagged cognitive engineering, glass cockpit, HMI | 1 Comment »
Airbuses side stick improves crew comfort and control, but is there a hidden cost?
The Airbus FBW side stick flight control has vastly improved the comfort of aircrew flying the Airbus fleet, much as the original Airbus designers predicted (Corps, 188). But the implementation also expresses the Airbus approach to flight control laws and that companies implicit assumption about the way in which humans interact with automation and each other. Here the record is more problematic.
Posted in Aerospace Safety, Cognitive psychology, Human error, The human machine interface, Violations | Tagged AF 447, AirBus, ATSB, crew coordination, FBW, NTSB, side stick controller | 2 Comments »
Did the designers of the japanese seawalls consider all the factors?
In an eerie parallel with the Blayais nuclear power plant flooding incident it appears that the designers of tsunami protection for the Japanese coastal cities and infrastructure hit by the 2011 earthquake did not consider all the combinations of environmental factors that go to set the height of a tsunami.
Posted in Assumptions, Uncertainty | Tagged coastal defences, earthquake, japanese 2011 tsunami, overtopping, seawalls, subsidence, tsunami | Leave a Comment »
The Mississippi River’s Old River Control Structure, a National Single Point of Failure?
Given the recent events in Fukushima and our subsequent western cultural obsession with the radiological consequences, perhaps it’s appropriate to reflect on other non-nuclear vulnerabilities.
As a case in point what about the Old River Control Structure erected by those busy chaps the US Army Corp of Engineers to control the path of the Mississippi to the sea? Yes, well as it turns out maybe trapping the Mississippi wasn’t really such a good idea…
Posted in Climate risk, Systems of Systems | Tagged fluvial pressure, glacial retreat, Mississippi river floods, National infrastructure, Old River Control Structure, single point of failure, US Army Corp. of Engineers | Leave a Comment »
Out of the loop, aircrew and unreliable airspeed at high altitude
The BEA’s third interim report on AF 447 highlights the vulnerability of aircrew when their usually reliable automation fails in the challenging operational environment of high altitude flight.
This post is part of the Airbus aircraft family and system safety thread.
Posted in Aerospace Safety, Cognitive psychology, Uncertainty | Tagged attentional tunneling, automation cost, Bayesian reasoning\, cry wold effect, human error, perceptual biases | 2 Comments »
A false affordance causes a real hazard
The picture above is of a speed hump near where I work. As you can see from the the picture the edges of the speed hump have also been piano keyed to provide an indication to drivers. On first examination one might think that this was a reasonable visual warning to drivers who miss the associated traffic sign.
Well maybe not, notice the pedestrian fences? Now ask yourself the next logical question why were these fences put up?
Posted in Affordances, Cognitive psychology, Human error, Technology, Traffic safety | Tagged Cultural cliche, false affordance, information hazard, NSW RTA, pedestrian crossings, pedestrian safety, road safety | 2 Comments »
What the engineers at Airbus and Harland & Wolff have in common
Thinking about the unintentional and contra-indicating stall warning signal of AF 447 I was struck by the common theme between the AF 447 crash and the Titanic’s sinking. In both we see a system being operated in a way unanticipated by the designers, with this unanticipated operation subverting their design’s safety barriers.
In the case of the Titanic it was the decision by the OOW to put the helm hard over that negated the watertight subdivisions of Harland and Wolff that were predicated on a head on collision. In the case of AF 447 it was the aircrews flight into a deep stall with it’s low forward air speed that negated the stall warning protection.
In neither case were these implicit assumption about how the system should be operated clearly communicated from the designers to the operators. As a result the operators had no idea that their actions would have the consequences that they did. Had these assumptions been made visible one can imagine the interesting discussion that might have ensued.
Posted in Aerospace Safety, Assumptions | Tagged AF 447, AirBus, assumptions, Titanic | Leave a Comment »
The BEA third interim report on the AF 447 accident raises questions
So I’ve read the BEA report from one end to the other and overall it’s a solid and creditable effort. The report will probably disappoint those who are looking for a smoking gun, once again we see a system accident in which the outcome is derived from a complex interaction of system, environment, circumstance and human behavior.
However I do consider that the conclusions, and therefore recommendations, are hasty and incomplete.
This post is part of the Airbus aircraft family and system safety thread.
Posted in Aerospace Safety, Errors | Tagged AF 447, airbus aircraft, attensity, BEA Investigation, BEA report, crew resources, human factors, safety management system, safety thread, stall recovery | Leave a Comment »
Perhaps the pre-eminent example of a design authority, Robert Oppenheimer the father of the atomic bomb and guiding force behind the Manhatten project
Who’s a Design Authority and What’s a Design Agent?
In any significant design program a fundamental strategy for controlling the design effort is establishing a single entity, independent of the ‘agency of design’ itself, in whom authority over the design resides.
As the name implies there are two aspects to ‘design authority’. The first is possessing technical expertise in the field of design interest. The second is possessing power over the design activity itself.
Without both technical competence and the power to direct the design, in my (humble) opinion you don’t have a credible design authority.
Posted in Completely Off Topic | Tagged design authority, design control, design management, Robert Oppenheimer | 2 Comments »
Sometimes just doing ‘bloody nothing’ in response to a ‘near miss’ event like, oh I don’t know, the latest failed terrorist plot is the appropriate response.
So everyone let’s take a deep breath and remember that despite the occasional tragic accident air travel is still very safe, terrorism is less of a threat than lightning, no no one has died from radiation sickness at Fukushima and dealing with climate change will not mean the end of modern life as we know it.
Posted in Humour, Risk | Tagged Keep Calm and Carry On, risk averse | 1 Comment »
Why something as simple as control stick design can break an aircrew’s situational awareness
One of the less often considered aspects of situational awareness in the cockpit is the element of knowing what the ‘guy in the other seat is doing’. This is a particularly important part of cockpit error management because without a shared understanding of what someone is doing it’s kind of difficult to detect errors.
This post is part of the Airbus aircraft family and system safety thread.
Posted in Aerospace Safety, Human error, The human machine interface | Tagged AF447, AirBus, centre stick controller, cockpit error management, crew resource management, Risk, Safety, side stick controller | 3 Comments »
Requirements Completeness and the AF447 Stall Warning
Reading through the BEA’s precis of the data contained on Air France’s AF447 Flight Data Recorder you find that during the final minutes of AF447 the aircrafts stall warning ceased, even though the aircraft was still stalled and remained so until impact with the sea.
This lost warning removed a significant cue to the aircrew that they had flown the aircraft into a deep stall, undoubtedly adding to their confusion.
This post is part of the Airbus aircraft family and system safety thread.
Posted in Aerospace Safety, Human error, The human machine interface | Tagged AF447, Air France, design assumptions, design paradigm, epistemic risk, James Reason, never give up design strategy, requirements incompleteness, Software latent fault, stall warning | 3 Comments »
The reality of designing for functional reach in a complex interface (Martin Marietta Dyna Soar mockup)
People are complex, and not just their behaviour…
A recurring human factors design task is laying out the controls at a seated workstation so that they are reachable by the operator. Should be simple right? Wrong.
Posted in Complexity, The human machine interface | Tagged conceptual design tool, ergonomics, functional reach, hand grip, human factors, NASA-STD-3000, seated workstation design | 1 Comment »
Good and bad in the design of a Human Machine Interface (HMI)
When I was a very junior naval officer I was set to work in the engineering department of the Australian Oliver Hazard Perry class frigates HMAS Sydney and Canberra. My job then as an officer under training was to learn the various watchkeeping tasks and work my way up through the watchkeeping organisation to obtain my Engineering Officer of the Watch ticket. Continue Reading »
Posted in Human error, The human machine interface | Tagged FFG 7, functional versus sequential grouping, human errors, MIL-STD-1472, mirrored controls, PCC, refractory | Leave a Comment »
A small question for the ATSB
According to the preliminary ATSB report the crew of QF32 took approximately 50 minutes to process all the Electronic Centralised Aircraft Monitor (ECAM) messages. This was despite this normal crew of three being augmented by a check captain in training and a senior check captain.
So there are two obvious questions, first would the normal three man crew have been able to handle the ECAM checklist work as readily? Second should the checklist processing have taken 50 minutes which is a very, very, long time in a mid air emergency? (1)
This post is part of the Airbus aircraft family and system safety thread.
Posted in Aerospace Safety, Cognitive psychology, The human machine interface | Tagged ATSB, automated checklists, cognitive limitations, ECAM, multiple failures, QF32 | Leave a Comment »
I tend towards the integrative rather than reductionist view of engineering and science. I'm interested in emergence, networks, relationships and interfaces as they apply to safety.what are the facts?
-
blog stats
- 48,001 hits
my dark matters
- Safety Systems http://t.co/9jwGYPnB Tweeted: 1 day ago
- 24 Hours at Fukushima http://t.co/4dCM94K9 Tweeted: 2 weeks ago
- UK Track Operatives Strategic Safety Action Statement 2009 - 2011 http://t.co/xlIYv9YK Tweeted: 2 weeks ago
- Spiky Data, Means and Memes http://t.co/j3oqXLEE Tweeted: 1 month ago
- Peter Ladkin on QF 72. http://t.co/hPXRU917 Tweeted: 1 month ago
-
what’s new
-
inexplicably popular...
Categories
- Cognitive psychology (39)
- Affordances (1)
- Decision making (15)
- Heuristics & Biases (13)
- Human error (13)
- Errors (1)
- Violations (2)
- Safety culture (1)
- Completely Off Topic (6)
- Complexity (52)
- Humour (6)
- organisational safety cultures (4)
- Philosophy (14)
- Ethics (1)
- Logic of Scientific Discovery (8)
- Assumptions (6)
- Risk (35)
- ALARP Principal (2)
- Climate risk (7)
- Communication (4)
- Epistemic Risk (1)
- Risk Assessment (9)
- Risk Perception (1)
- Uncertainty (17)
- Safety (77)
- Aerospace Safety (51)
- Analysis (1)
- Bushfire Safety (4)
- Nuclear Power Safety (5)
- nuclear weapons safety (2)
- Rail Safety (3)
- Space exploration safety (2)
- Traffic safety (1)
- Technology (33)
- fail safe (4)
- System architecting (16)
- Fault tolerance (1)
- Systems of Systems (2)
- Uncategorized (2)
- Cognitive psychology (39)
