Modelling of potential hazards in agent-based safety risk analysis

Similar documents
Human Reliability Assessment In ATM: the CARA tool

METHODOLOGY FOR SAFETY RISK ASSESSMENT IN FUTURE AIR TRAFFIC MANAGEMENT CONCEPT OF OPERATIONS

OJT INSTRUCTOR. Learning outcomes. Why study this course? Aim. ICAO Code 212

Blueprint. What is U-space?

First European Air traffic controller Selection Test (FEAST) package. Information to Candidates applying as Student Air Traffic Controllers

The Effect of a Highly Automated Environment on Human Behaviour

Life Cycle Assessment A product-oriented method for sustainability analysis. UNEP LCA Training Kit Module f Interpretation 1

ATC BASIC. Learning outcomes. Why study this course? Aim. ICAO Code 051

SESAR: a European initiative for an enhanced ATM system

The International Pilot Training Consortium (IPTC) IPTC Case Study: Pilot Competencies

The Search for Shared Situational Awareness for Enhanced Collaboration in Airport Systems

Master Plan edition 2

EUROPEAN COMMISSION DIRECTORATE-GENERAL FOR ENERGY AND TRANSPORT MANDATE TO CEN/CENELEC/ETSI FOR THE DEVELOPMENT OF

In search of positive emergent behaviour in Trajectory Based Operations

SESAR The European ATM Improvement Programme. Regional ANC 2012 Preparatory Symposium Michael STANDAR Moscow March 2012

Enhancing the role of Human Factors in Safety Investigation and Analysis

Safety Nets Safety Forum June 2016 Brussels:

Potential Operational Benefits of Multi-layer Point Merge System on Dense TMA Operation

Increasing ATM Efficiency with Assistant Based Speech Recognition (ABSR)

Conflict detection and resolution aid to controllers. Jean-Louis Garcia, DSNA

Situation Awareness, Automation & Free Flight

NAS-Wide Performance: Impact of Select Uncertainty Factors and Implications for Experimental Design

Project Overview: SMALL AIR TRANSPORT ROADMAP


Julie Evans HR Director Intelligent Energy Limited

VTOL UAV for Maritime ISR Role

Methods and Measurements for the Evaluation of ATM Tools in Real-Time Simulations and Field Tests

Concept and prototype of a ground handling vehicle management system. Steffen Loth (German Aerospace Center - DLR) Member of

SCHEDULE RISK ANALYSIS ESSENTIALS FOR PROJECT SUCCESS

People Make ATM Work

DELEGATION OF SEPARATION ASSURANCE TO AIRCRAFT: TOWARDS A FRAMEWORK FOR ANALYSING THE DIFFERENT CONCEPTS AND UNDERLYING PRINCIPLES

Air Traffic Management Capacity-Driven Operational Concept Through 2015

Measuring En Route Separation Assurance Performance. Ella Pinska, Brian Hickling

SESAR Progress. Specific focus on ATC related WPs (WP4, WP5,WP10) Prepared for ODT by Bernard Brunner 17th September 2009

Safety Risks in an Airworthiness Organisation

Human-in the-loop Simulation in ATM. Sven Kaltenhäuser, Marcus Biella, Michael Schultz. Institute of Flight Guidance DLR Braunschweig

Airport Collaborative Decision Making Enhancing Airport Efficiency

Improving ATC Efficiency through an Implementation of a Multi Sector Planner Position

The goal of the Flight Operations Risk Assessment System (FORAS)

MAPP - The Marketing Action Plan Process

Promoting a safety culture in maintenance

JOB DESCRIPTION HIAL AMSL DAL. Air Traffic Control Officer (fixed-term for 3 years) Senior Air Traffic Control Officer (SATCO)

EUROPEAN ORGANISATION FOR THE SAFETY OF AIR NAVIGATION EUROCONTROL EUROCONTROL EXPERIMENTAL CENTRE

SESAR Release 2 RESULTS

ADVISORY CIRCULAR FOR AIR OPERATORS

Aerodrome Safety Awareness

Man-Machine Teaming in Autonomous Technologies and Systems

Multi-Purpose Cockpit Display of Traffic Information: Overview and Development of Performance Requirements

Lima FDA Seminar Presented by Paul DUBOIS AIRBUS - Airline SMS & FDA Assistance ANALYSIS WORKFLOW

COSPACE HAZOP REPORT (combined controller and pilot)

Design of Aircraft Trajectories based on Trade-offs between Emission Sources

The AIRPORT CDM. Bahrain October 2015

Publishable Final Activity Report

Handling Difficult Project Situations. A Critical Skill for Every PM

Performing UAV Mission Planning, Design, & Optimization

Final Project Report. Abstract. Document information

Commission hearing on the preparation for RP3

PROBABILISTIC CONGESTION MANAGEMENT

A new framework for assessing systemic change in Katalyst: the pilot study in local agri-business network

Capacity Planning and Assessment Additional considerations

Practical Crew Resource Management (CRM) Standards: The Handy Guide

CEOC - EUROLAB IFIA INTERNATIONAL SAFETY SEMINAR 2014 HOW SAFE DO YOU THINK YOU ARE? WHY INDEPENDENT TESTING IS IMPORTANT.

ABSTRACT. (2) empirically assess the SA measure for use in investigating AA of various ATC

Low Cost Aerial Mapping Alternatives for Natural Disasters in the Caribbean

Project Planning & Management. Lecture 11 Project Risk Management

Understanding the factors contributing to human behaviour leads to systemic safety improvements

Human Factors of Unmanned Aviation: CERI 2006

UAVs for or against Flight Safety? Prof. Dr. Imre MAKKAY MZ NDU Aviation and Air Defense Institute

Modified Cooper Harper Scales (MCH)

Use of Controls Approaches for Verification, Validation and Certification of Distributed Mission Management Controls for Unmanned Systems

Application of the CARA HRA Tool to Air Traffic Management Safety Cases

Technical Standard Order

Literature Review. HALA!-PhD Management Plan. Deliverable D4. February 2012 HALA! RESEARCH NETWORK

Safety Training *Print or save this presentation if you want, by clicking here to load a.pdf of this handout.

Modeling Trust in Critical Systems with Möbius KEN KEEFE SENIOR SOFTWARE ENGINEER LEAD MOBIUS DEVELOPER

Human Failure. Overview. People are never 100% reliable. Andy Brazier. Types of human failure Slips Mistakes Violations

Designing HMIs for boat navigation

Project Management. Opportunity or Oxymoron? Stacy Munechika, PMP, PMI-ACP. PMI Rochester Chapter Professional Development Day May 2017

Executive summary. This initial paper looks at: The demands of finance profession and the challenges it faces

Engagement paper for Our Future Wellbeing Programmes

ADVISORY CIRCULAR TCAA-AC-OPS010B

Contextual note SESAR Solution description form for deployment planning

IDENTIFY RISK AND APPLY RISK MANAGEMENT PROCESSES CANDIDATE RESOURCE & ASSESSMENT BSBRSK401A

WHITE PAPER 6 ORGANIZATIONAL PRACTICES TO ADDRESS DISTRACTED DRIVING

Final Safety and Performance Requirements (SPR)

Safety Management. System. Building an SMS. Module 10 Phased approach to SMS Implementation. Module 8 SMS planning. Module 9 SMS operation

THE HR GUIDE TO IDENTIFYING HIGH-POTENTIALS

Airport Construction Project Risk Management. Presented by: Mindy Price- Direct Effect Solutions

DESIGN OF A PROCEDURE ANALYSIS TOOL (PAT) FOR AFFORDABLE HUMAN FACTORS CERTIFICATION OF AVIATION DEVICES

An Objectives-Driven Process for Selecting Methods to Support Requirements Engineering Activities

Preventing, reporting, evaluating, and mitigating Airside accidents and incidents at airports.

Challenges faced when taking strategic decisions. Results of 2010 Global Survey. Executive Summary

ICMA PRACTICES FOR EFFECTIVE LOCAL GOVERNMENT LEADERSHIP Approved by the ICMA Executive Board June 2017; effective November 2017

Clean Sky 2 Joint Undertaking. 5 th Call for Proposals (CFP05): List and full description of Topics. Call Text. - November

H2020-SESAR WA 1: Exploratory Research

Managing Human Factors in the Signalling Programme

Collaborative Decision Making (CDM) Update

Seven Principles for Performance

Transcription:

MAREA: Mathematical Approach towards Resilience Engineering in ATM Vrije Universiteit Amsterdam Modelling of potential hazards in agent-based safety risk analysis Henk Blom Sybert Stroeve Tibor Bosse NLR and Delft University of Technology NLR VU Amsterdam 10 th USA/Europe ATM R&D Seminar, Chicago, June 10-13, 2013 1

Modelling of potential hazards in agent-based safety risk analysis Agent-based safety risk analysis Potential hazards Identify model constructs Relation with models used in aviation Concluding remarks 2

Why Agent Based Modelling and Simulation? Powerful framework to model Complex Socio-Technical Systems Effective in partitioning the socio-technical system space Effective in modelling interactions and dependencies Capability to reveal and analyse emergent behaviour Proven to work in safety risk analysis of novel ATM ConOps: - TOPAZ (Traffic Organization and Perturbation AnalyZer) 3

Agent based safety risk analysis in TOPAZ (Traffic Organization and Perturnation AnalyZer) Modelling Semantics: Agent Based Modelling (ABM) Human performance modelling Modelling Syntax: Petri Net based Compositional Specification Risk Quantification: Rare Event Monte Carlo (MC) simulation Bias and Uncertainty Analysis: Differences between model and reality 4

Differences between model and reality Numerical precision Parameter values Aleatory uncertainty Epemistic uncertainty Model structural assumptions Hazards not modelled Operational concept differences 5

Bias & uncertainty analysis process Monte Carlo Simulation Model Risk sensitivities Risk point estimate Model-Reality Differences Bias & Uncertainty Assessment Risk expectation value Risk credibility interval Reality True risk

Pro s and Con s of modelling all hazards Pro: Emergent Behaviour is Captured through MC Con: Enlarges Model and Increases # of Parameters Optimal balance: Model hazards that influence emergent behaviour Else, consider to use Bias and Uncertainty analysis Development of an optimal approach requires understanding how to model each hazard in an agent based model! 7

Modelling of potential hazards in agent-based safety risk analysis Agent-based safety risk analysis Potential hazards Identify model constructs Relation with models used in aviation Concluding remarks 8

Identification of Hazards Hazard = Anything that may influence safety Events / conditions / performance aspects Humans / systems / environment Interactions TOPAZ Hazard Database Conducted safety assessments Hazard brainstorm sessions 4000+ hazards 9

A Set of Generalised Hazards 4000+ Selection of unique hazards Generalization of hazards Pilot mixes up ATC clearances Flight plans of ATC system and FMS differ Wrong waypoints in database Transponder sends wrong call-sign Risk of a conflict is underestimated Controller has wrong SA about intent of aircraft Contingency procedures have not been tested 525 Development (Set I) Validation (Set II) Weather forecast is wrong False alert of an airborne system Resolution of conflict leads to other conflicts Alert causes attentional tunneling Pilot validates without checking Track drop on controller HMI Animals on the runway 10

Clustering of Hazards Pilot performance 124 Controller performance 110 Speech-based communication 37 Traffic relations 33 Other 31 Aircraft systems 27 Surveillance system 27 Weather 27 ATC systems 25 ATC coordination 24 Infrastructure & environment 24 Datalink based communication 20 Navigation systems 16 11

Modelling of potential hazards in agent-based safety risk analysis Agent-based safety risk analysis Potential hazards Identify model constructs Relation with models used in aviation Concluding remarks 12

Matching Model Constructs to Hazards Adopt selected model constructs Phase 1: TOPAZ model constructs Phase 2: VU model constructs Phase 3: Novel model constructs Perform mental simulation of agent based model per hazard Each hazard tells a short story that should be mentally simulated Which model constructs are used in the mental simulation? Done by multiple experts in agent based modeling and simulation of socio-technical systems 2 from VU and 2 from NLR Iterate until the mental simulations of these experts coincide 13

TOPAZ Model Constructs C1 Human Information Processing C8 Human Error C2 Multi-Agent Situation Awareness C9 Decision Making C3 Task Identification C10 System Mode C4 Task Scheduling C11 Dynamic Variability C5 Task Execution C12 Stochastic Variability C6 Cognitive Control Mode C13 Contextual Condition C7 Task Load 14

Multi-Agent SA in ATM k ti, SA of agent i at time t about agent k Identity State Mode Intent k ti, k ti, k ti, k ti,

Multi-Agent SA Update types SA agent i Observation Communication SA agent k SA agent i SA agent k SA agent i Reasoning decision agent i 1

Multi Agent SA propagation

Hazard Example involving System Error (C10) and MA-SA (C2) Wrong waypoint in FMS database, e.g, due to update of FMS software, errors in database, outdated database Mental simulation Agents involved: Pilot and FMS Wrong waypoint in FMS database = System Mode Pilot enters Intent into FMS = Communication between agents FMS interprets this Intent using its database = MA-SA difference 18

TOPAZ Model Constructs Hazard Coverage Cultural differences between airlines... Controller is fatigued and sleepy... Lack of experience in degraded modes... Procedure change confusion Multi-agent SA Decision making... Not Covered Controller ignores an alert Multi-agent SA... Covered Partly 155 30 81 Controller makes a reading error Human error Multi-agent SA Failure of GPS system System mode Pilot reports wrong position Human error Multi-agent SA Pilots do not react to controller call due to high workload Task identification Task scheduling Cognitive control mode 19

VU Model Constructs MC1 Object-oriented Attention MC7 Trust MC2 Experience-based Decision Making MC8 Formal Organisations MC3 Operator Functional State MC9 Learning MC4 Information Presentation MC10 Goal-oriented Attention MC5 Safety Culture MC11 Extended Mind MC6 Complex Beliefs in Situation Awareness 20

VU Model Constructs Hazard Coverage A jolly atmosphere on the frequency... Icing of the wings... Aircraft picks up beacons with similar frequencies... Negotiation problems Pilot-ATC Trust... Not Partly 18 36 Pilots falling asleep Operator Functional State... Covered 212 Complex procedure causes R/T overload Operator Functional State Formal Organisation Controller is fatigued and sleepy Operator Functional State Clutter of audio messages Information Presentation Situation Awareness Controller has low confidence in validity of system alerts Trust 10 th USA/Europe ATM R&D Seminar (ATM2013), Chicago, June 10-13, 2013 21

New Model Constructs NM2 Unstabilised Approach NM32 Merging or Splitting ATC Sectors NM3 Handling Inconsistent Information by a Technical System NM33 Changes in Visibility NM7 Group Emotion NM34 Weather Forecast Wrong NM14 Surprise/Confusion due to Complex or Unclear Procedures NM15 Surprise/Confusion due to Changes in Procedures NM21 Deciding when to take action NM31 Access Rights to an Information System NM35 Turbulence NM36 Icing NM38 Influence of Many Agents on Flight Planning NM40 Uncontrolled Aircraft 22

New Model Constructs Hazard Coverage Security Intrusion... Unmanned Arial Vehicles... Military Aircraft Shoots a Civil Aircraft Down... Standard R/T not adhered to Confusion... 16 Strong variation in view Weather... 6 Not Partly Covered 244 A jolly atmosphere on the frequency Operator Functional State Emotion Contagion Icing of the Wings Icing Unstabilised Approach Approach Aircraft picks up beacons with similar frequencies Handling of Inconsistent Info by a Technical System 23

Modelling of potential hazards in agent-based safety risk analysis Agent-based safety risk analysis Potential hazards Identify model constructs Relation with models used in aviation Concluding remarks 24

Hazard % based ranking of model constructs 25

Top-15 Model constructs/types commonly in use in aviation studies (1/2) Rank 1 (41.4%): C2 Multi-Agent SA (MA-SA): Multi Agent extension of Endsley s (1995) SA model Allows to systematically capture SA differences between agents Complementary extension ranks 10: MC6 - Complex beliefs in SA Rank 2 (19.9%): C10 - System mode: RAMS: Reliability, Availability, Maintainability and Safety of technical systems Rank 3 (18.0%): C8 - Human error 1st generation Human Reliability Analysis (HRA): Slips, Lapses and Mistakes (Reason, 1990) 2nd generation HRA incorporates effects such as captured by model constructs at ranks 1,2,4,7,9, 11-15 26

Top-15 Model constructs/types commonly in use in aviation studies (2/2) Rank 4 (14.3%): C1 - Human Information Processing Human performance simulation MIDAS, Air-MIDAS, PUMA, ACT-R, IMPRINT/ACT-R, D-OMAR Other related model constructs are at ranks 6-9,11-15 Rank 5 (8.6%): C11 - Dynamic Variability Simulation of aircraft trajectories in Aircraft performance models Human-In-The-Loop simulations Fast Time simulations 27

Other Model constructs/types in use in aviation studies Rank 17 (3.4%): Rank 20 (3.0%): Rank 22 (2.6%): Rank 25 (1.9%): Rank 26 (1.9%): Rank 29 (0.4%): Rank 34-36 (0.4%) Rank 38 (0.4%): Formal Organization (MC8) Stochastic Variability (C12) Safety Culture (MC5) Task Load (C7) Extended Mind (MC11) Approach (NM2) Weather related (NM34-36) Uncontrolled aircraft (NM40) 28

Less common model constructs/types Rank 16 (3.4%): Rank 18 (3.4%): Rank 19 (3.0%): Rank 21 (3.0%): Rank 23 (2.6%): Rank 24 (2.3%): Rank 27 (0.8%): Rank 28 (0.8%): Rank 30 (0.4%): Rank 31 (0.4%): Rank 32 (0.4%): Rank 33 (0.4%): Visibility changes (NM33) Surprise / complex procedure (NM14) Surprise / changed procedure (NM15) Object Oriented Atttention (MC1) Learning (MC5) Information Presentation (MC4) Goal Oriented Attention (MC10) Access Rights (NM31) Tech. Syst. Handling Incons. Info (NM3) Group Emotion (NM7) Deciding when to take action (NM21) Merging or splitting ATC sectors (NM32) 29

Modelling of potential hazards in agent-based safety risk analysis Agent-based safety risk analysis Potential hazards Identify model constructs Relation with models used in aviation Concluding remarks 30

Wrap up of Model Constructs Identified 38 agent-based model constructs have been identified 13 TOPAZ model constructs 11 VU model constructs 14 new model constructs Result: considerable improvement in modelling hazards TOPAZ 81 Not Covered Covered Partly 155 30 + VU 36 18 Not Partly Covered 212 + NEW 6 16 Not Partly Covered 244 31

Summary of findings Hazard data base guided model construct search very well Model construct ranking 1 is a multi agent extension of Endley s SA model (ATM2003 paper) Model constructs ranking 2 through 5 are familiar: System Mode (RAMS) Human error (first generation HRA) Human Information Processing (Wickens) Dynamic Variability (aircraft dynamics simulation) 10 model constructs open new directions, e.g. Surprise, Learning, Access Rights, Group Emotion. 32

Agent based modelling follow up Further integration of model constructs Validation of model constructs Test the coverage on the 2nd hazard set Apply model constructs to accident scenarios Conduct interviews with pilots and controllers Develop a balanced agent based modelling approach Model hazards having emergent effects Bias and Uncertainty Assessment for all other hazards 33

Resilience directed follow up Aim: To extend agent based modelling with model constructs that capture the ways how pilots and controllers provide a key source of resilience in handling hazards First step: Understanding how Pilots and Controllers do this Conduct Interviews with Pilots and Controllers regarding their operational way of handling each hazard Conduct statistical analysis of these responses, in order to identify the nature of pilot and controller responses to hazards Follow up step: To capture this in agent-based modelling, e.g. coordination. 34

Questions?

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback