Sociotechnical systems resilience:a dissonance engineering point of view
1 like541 views
Resilience deals with the capacity to adjust itself face disturbing events, to cope with unforeseeable conditions. Resilience is based upon the dynamic process of visual piloting. The gap between the specified task and the done activity generates dissonance between beliefs and representations. In many cases, such as silent migration or normalization of deviance, management of dissonance is hazardous. The proposition of this article deals with a resilient management of dissonance. The case study expresses the management of dissonance in the context of railway accident.
Sociotechnical systems resilience:a dissonance engineering point of view
- 1. "Symposium on Analysis, Design, and Evaluation of Human- Machine Systems " - August 11-15 2013 Sociotechnical systems resilience: a dissonance engineering point of view Jean-Ren辿 Ruault Fr辿d辿ric Vanderhaegen Christophe Kolski surname.name@univ-valenciennes.fr
- 2. Summary Running outside the specified domain About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 2
- 3. Context, train crashes Lac-M辿gantic (Canada), 6 July 2013 50 dead Br辿tigny sur Orge (France), 12 July 2013 7 dead 9 gravely injured Santiago de Compostela (Spain), 24 July 2013 80 dead 130 injured Granges-pr竪s-Marnand (Switzerland), 29 July 1 dead 25 injured Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 3
- 4. Road map Running outside the specified domai About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 4
- 5. Running outside the specified domain Dynamic representation of barriers bypassing Time A B C D 1 3 2 Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 5 Accident E Legend: Specified path: Actual path: Specified local variability: Actual local variability: Situation point: Safety margin: Barriers : Barrier bypassing Deviation X 1
- 6. Road map Running outside the specified domain About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 6
- 7. Four main resilience functions (1) 1. Avoidance (capacity for anticipation) 2. Resistance (capacity for absorption) 3. Adaptation (capacity for reconfiguration) 4. Recovery (capacity for restoration) This paper deals with: 1. Avoidance 2. Adaptation 1. D. Luzeaux: Engineering Large-scale Complex Systems in D. Luzeaux, J.-R. Ruault J.-L. Wippler, Complex Systems and Systems of Systems Engineering, ISTE Ltd and John Wiley Sons Inc, 2011 Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 7
- 8. Road map Running outside the specified domain About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 8
- 9. Dissonance engineering At least, two conflicting beliefs and behaviours Beliefs of designers, managers and evaluators Beliefs of operators Task oriented and activity oriented points of view (Leplat 1985) Task / work-as-designed: prescribed, Activity / work-as-done: actual, function of the situation Two different meanings to understand situation and events The gap between prescribed and done work is an error and must be resolved applying prescribed procedure (designer point of view) Work is done function of the actual situation and operators interpretation of this situation Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 9
- 10. Road map Running outside the specified domain About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 10
- 11. Modelling variability and the gap between work-as-designed and work-as-done Functional Resonance Analysis Method1 Modelling variability ; the first step in order to assess the gap between work-as-designed and work-as-done Activity / function T I C P R O F2 I O F1 F3 F4 C Resilience function: Adaptation 1. Hollnagel, E. (2012). FRAM: The Functional Resonance Analysis Method. Ashgate, Hampshire, Great Britain. Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 11
- 12. Management of the dissonance Hazardous management Resilient management Silent migration Clear and relevant shared situation awareness Normalization of deviance Simulation of possible or incredible accident scenarios Search of scapegoat System design update based upon evolutions assessment Not biased BCD analysis Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 12
- 13. Mistake-proving device for resilient management of dissonance Assess the variability and the gap between both paths Enlighten this difference and exhibit it to stakeholders, both operators and managers Severity Probability Catastrophic Critical Marginal Negligible Frequent High Probable High High Serious Medium High Serious Medium Occasional High Serious Medium Low Remote Serious Medium Medium Low Improbable Medium Medium Medium Low Eliminated Eliminated Resilience function: Avoidance Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 13
- 14. Foreseeable possible or incredible accident Simulation scenarios of possible or incredible accident Enhancement of shared situation awareness Opportunity to foresee potential accident Detect out-of-range variability (FRAM) Models of system as-designed Actual field data, including trend drift Accident cases base that may happen soon Display possible /incredible accident scenarios Operators Managers Generate possible / incredible accidental scenarios (inferential engine) Resilience function: Avoidance Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 14
- 15. Road map Running outside the specified domain About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 15
- 16. Zoufftgen accident case study Context of the accident: 2 trains collided head on near Zofftgen, on the boundary between Luxembourg and France 6 deaths, 1 wounded Report direct and indirect causes of the accident1 Mistake issuing the pass-through order Failure of attempts to rectify the situation Insufficient knowledge of the central control post staff Unrealistic division of tasks Laissez-faire approach to monitoring staff 1. BEA TT (Land Transport Accident Investigation Bureau) (2009). Technical Investigation Report on the Train Collision that occurred on 11 October 2006 on the French/Luxembourg Border at Zoufftgen (Moselle). Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 16
- 17. Hazardous management of the dissonance contributing to the accident Barriers removal Traffic Controller did not carry out all the prescribed preliminary checks before issuing a pass-through order Normalization of deviant behaviours This omission seemed to occur fairly often at the Bettembourg CCP since the wrong-track working fixed equipment display is not in the Traffic Controllers visual field when he is looking at the check lights for the tracks towards France 107 written orders to pass through a Main Fixed Signal were issued over the three-month period, before the accident Silent migration Violation of staff handover procedure, due to poor procedure usability At 11h30, the Morning Traffic Controller wanted to leave but the Evening Traffic Controller had not yet arrived This quite common practice is contrary to the regulations In addition to the oral handover, the Morning Traffic Controller gave a sheet of scrap paper to the Evening Train Announcer Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 17
- 18. Functional resonance model of the accident Violation of staff procedure / barrier removal O High frequency of signal faults Lateness of traffic controller/ barrier removal Insufficient check T C Traffic control activity P R Poor usability of procedure and HCI Pass-through order Dual task reducing attention resources I Resilience function: Adaptation Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 18
- 19. Mistake-proving device Restoring the capability of visual piloting Such trends, as issuing written orders have to be detected, expressed to all stakeholders in order to be fixed Severity Probability Catastrophic Critical Marginal Negligible Frequent High Accident High Serious Medium Probable High High Serious Medium Occasional High Serious Medium Low Remote Serious Medium Medium Low Improbable Medium Medium Medium Low Eliminated Eliminated Resilience function: Avoidance Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 19
- 20. Expressing foreseeable or incredible accidents to operators Simulation complements the visual display expressing explicitly the current migration Simulation expresses to operators the accident that should happen soon within the actual context For instance, inlayed augmented reality Maintaining the capability to rectify the situation Secure equipment reliability Relevant and well known skills to cut off traction power, Knowing the perimeter and the limits of the button (marshalling yard track), to phone to the operators who are able to cut off the traction power Resilience function: Avoidance Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 20
- 21. Road map Running outside the specified domain About resilience About dissonance engineering Proposition : dissonance Management for resilient systems design Railway case study Conclusion and perspectives Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 21
- 22. Conclusion and perspective Conclusion Resilient management of dissonance: expressing this gap and enhancing shared situation awareness in order to restore visual piloting capacity Perspective Enhance FRAM in order to model trend and express the two kinds of variability (normal and out-of-range) Enhance visual piloting Express foreseeable or incredible accidents to operators Prepare an open-ended experiment Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 22
- 23. References Barrier bypassing / barrier removal: VANDERHAEGEN F. (2010). Human-error-based design of barriers and analysis of their uses. Cognition, Technology and Work, 12(2), pp. 133-142. Resilience: ZIEBA S., POLET P., VANDERHAEGEN F., DEBERNARD S. (2010). Principles of adjustable autonomy: a framework for resilient human machine cooperation. Cognition, Technology and work, 12 (3), pp. 193-203. OUEDRAOGO K-A., ENJALBERT S., VANDERHAEGEN F. (2013). How to learn from the resilience of HumanMachine Systems?. Engineering Applications of Artificial Intelligence, volume 26, issue 1, pp. 24-34. Dissonance engineering: VANDERHAEGEN F. (2012). Dissonance Engineering for Risk Analysis. Workshop: Risk Management in Life Critical Systems, Human- Centered Design Institute, Florida Institute Of Technology, Melbourne, FL, USA, mars. VANDERHAEGEN F. (2013). Dissonance engineering for risk analysis: a theoretical framework. International Summer School on Risk Management in Life Critical Systems, Valenciennes, France, July 1-5 2013. Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 23
- 24. References Dominique Luzeaux Jean- Ren辿 Ruault Systems of Systems ; Wiley, 2010 Dominique Luzeaux, Jean-Ren辿 Ruault Jean- Luc Wippler Complex Systems and Systems of Systems Engineering ; Wiley, 2011 Symposium on Analysis, Design, and Evaluation of Human-Machine Systems August 11-15 2013 24
- 25. THANK YOU VERY MUCH FOR YOUR ATTENTION Symposium on Analysis, Design, and Evaluation of Human-Machine Systems 25 August 11-15 2013 25