Posted in Rail Safety, Systems of Systems, tagged AS 4292, catenary wire failure, Dynamic brake, integration, interface hazards, Systems of systems on 07/03/2012 | Leave a Comment »
In the MIL-STD-882 lexicon of hazard analyses there’s one called a System Hazard Analysis which according to the standard is intended to identify interaction and interface related hazards.
This sounds wonderful in theory and I’ve certainly seen a number toy examples touted in various text books on what it look like. But, to be honest, I’ve never really been convinced by the examples given. So the subject of this post is to give a real world example.
Posted in fail safe, nuclear weapons safety, Safety, Uncertainty, tagged assumption, Epistemically risk, fundamental safety on 31/01/2012 | 2 Comments »
One of the canonical design principles of the nuclear weapons safety community is to base the behaviour of safety devices upon fundamental physical principles.
Posted in Common cause failures, Nuclear Power Safety, organisational safety cultures, System architecting, tagged disaster response, Fukushima on 17/01/2012 | Leave a Comment »
In an article published in the online magazine Spectrum Eliza Strickland has charted the first 24 hours at Fukushima. A sobering description of the difficulty of the task facing the operators in the wake of the tsunami. Her article identified a number of specific lessons about nuclear plant design, so in this post I thought [...]
Posted in Aerospace Safety, Fault tolerance, Uncategorized, tagged arithmetic, geometric, Population statistics, QF 72, spiky data on 23/12/2011 | 1 Comment »
In an earlier post I commented that in the QF72 incident the use of a geometric mean (1) instead of the arithmetic mean when calculating the aircrafts angle of attack would have reduced the severity of the subsequent pitch over. Which leads into the more general subject of what to do when the real world [...]
Posted in Aerospace Safety, Complexity, Epistemic Risk, fail safe, Uncertainty, tagged AC 25.1309-1 (1988), DO-178B, FAR Part 25, Fukushima, IEC 61508, John Downer, Myth of Mechanical Objectivity, Possibilistic, Probabilistic, Risk on 11/12/2011 | 3 Comments »
I’ve recently been reading John Downer on what he terms the Myth of Mechanical Objectivity. To summarise John’s argument he points out that once the risk of an extreme event has been ‘formally’ assessed as being so low as to be acceptable it becomes very hard for society and it’s institutions to justify preparing for it.
Posted in Cognitive psychology, System architecting, The human machine interface, tagged cognitive engineering, glass cockpit, HMI on 19/09/2011 | 3 Comments »
Why We Automate Failure A recent post on the interface issues surrounding the use of side-stick controllers in current generation passenger aircraft led me to think more generally about the the current pre-eminence of software driven visual displays and why we persist in their use even though there may be a mismatch between what they [...]
Posted in Climate risk, Systems of Systems, tagged fluvial pressure, glacial retreat, Mississippi river floods, National infrastructure, Old River Control Structure, single point of failure, US Army Corp. of Engineers on 28/08/2011 | Leave a Comment »
The Mississippi River’s Old River Control Structure, a National Single Point of Failure? Given the recent events in Fukushima and our subsequent western cultural obsession with the radiological consequences, perhaps it’s appropriate to reflect on other non-nuclear vulnerabilities. As a case in point what about the Old River Control Structure erected by those busy chaps [...]
Posted in Affordances, Cognitive psychology, Human error, Technology, Traffic safety, tagged Cultural cliche, false affordance, information hazard, NSW RTA, pedestrian crossings, pedestrian safety, road safety on 10/08/2011 | 2 Comments »
How the marking of a traffic speed hump provides a classic example of a false affordance and an unintentional hazard.
Posted in Complexity, Simplicity, Space exploration safety, System architecting, tagged architectural safety, Buran Shuttle, New Scientist, Oleg Kotov, Shuttle safety on 09/07/2011 | Leave a Comment »
Soviet Shuttle was safer by design According to veteran russian cosmonaut Oleg Kotov, quoted in a New Scientist article the soviet Buran shuttle (1) was much safer than the American shuttle due to fundamental design decisions. Kotov’s comments once again underline the importance to safety of architectural decisions in the early phases of a design.
Posted in Aerospace Safety, Safety culture, Technology, tagged DDAAFS, RAAFSafe, Rail Safety 2011, safety culture, safety management system on 05/07/2011 | 1 Comment »
I attended the annual Rail Safety conference for 2011 earlier in the year and one of the speakers was Group capt Alan Clements, the Director Defence Aviation Safety and Air Force Safety. His presentation was interesting in both where the ADO is going with their aviation safety management system as well as providing some historical perspective, and statistics.
Posted in Systems of Systems, tagged AIAA Reno 2006, emergent behaviour, Paper, Systems of systems on 02/07/2011 | 1 Comment »
Just discovered a paper I co-authored for the 2006 AIAA Reno Conference on the Risk & Safety Aspects of Systems of Systems. A little disjointed but does cover some interesting problem areas for systems of systems.
Posted in Aerospace Safety, Common cause failures, Heuristics & Biases, System architecting, tagged Apollo 13, architectural decision, O2 tank rupture, space shuttle replacement on 16/05/2011 | Leave a Comment »
A near disaster in space 40 years ago serves as a salutory lesson on common cause failure.
Posted in Aerospace Safety, Common cause failures, System architecting, tagged A380, ABC 4 corners, QF32 on 29/03/2011 | Leave a Comment »
The ABC’s treatment of the QF 32 incident treads familiar and slightly disappointing ground While I thought that the ABC 4 Corners programs treatment of the QF 32 incident was a creditable effort I have to say that I was unimpressed by the producers homing in on a (presumed) Rolls Royce production error as the casus [...]
Posted in Aerospace Safety, Common cause failures, System architecting, tagged AA B767 N330AA, Complexity, fail safe, QF32, rotor burst, single point of failure on 22/01/2011 | Leave a Comment »
On June 2, 2006, an American Airlines B767-223(ER), N330AA, equipped with General Electric (GE) CF6-80A engines experienced an uncontained failure of the high pressure turbine (HPT) stage 1 disk2 in the No. 1 (left) engine during a high-power ground run for maintenance at Los Angeles International Airport (LAX), Los Angeles, California.
To provide a better appreciation of aircraft level effects I’ve taken the NTBS summary description of the damage sustained by the aircraft and illustrated it with pictures taken of the accident by bystanders and technical staff.
Posted in Aerospace Safety, Assumptions, Common cause failures, Logic of Scientific Discovery, System architecting, tagged A380, AirBus, ARP 4761, certification basis, common cause failures, jet engine unconfined failures, particular hazard analysis, Qantas, QF 32, Singapore, zonal hazard analysis on 11/01/2011 | Leave a Comment »
A report by the AIA on engine rotor bursts and their expected severity raises questions about the levels of damage sustained by QF 32.
Posted in Aerospace Safety, Assumptions, fail safe, tagged A380, AC 20-128A, AirBus, assumptions, certification basis, QF 32, rotor burst, single point of failure, SPOF on 07/01/2011 | Leave a Comment »
It appears that the underlying certification basis for aircraft safety in the event of a intermediate power turbine rotor bursts is not supported by the rotor failure seen on QF 32.
Posted in Aerospace Safety, Common cause failures, Risk Assessment, System architecting, tagged A380, ARP 4761, certification basis, common cause failures, jet engine unconfined failures, particular hazard analysis, Qantas, Singapore, zonal hazard analysis on 06/11/2010 | Leave a Comment »
The first major A380 incident offers an illustrative example of the risks that common cause failures pose to aerospace systems.
Posted in Dissimilar Redundancy, fail safe, tagged A380, B-777, diversity, independence, n version software, software safety on 18/04/2010 | Leave a Comment »
How do ya do and shake hands, shake hands, shake hands. How do ya do and shake hands and state your name and business… Tweedle Dum & Dee (Through the Looking Glass) Lewis Carrol You would have thought after the Leveson and Knights experiments that the theory that independently written software would only contain independent faults [...]
I tend towards the integrative rather than reductionist view of engineering and science. I'm interested in emergence, networks, relationships and interfaces as they apply to safety.
