Affiliation:
1. Department of Aeronautics and Astronautics, Massachusetts Institute of Technology, Cambridge, MA, USA
Abstract
As systems grow increasingly complex, the likelihood of mode confusion regarding automation and system processes also increases. Mode confusion stems from inaccurate mental models that lead operators to execute inappropriate control actions that result in losses. System Theoretic Process Analysis (STPA) is a holistic risk analysis method that examines the emergent properties of complex systems with interacting components. Such components may include humans, software, organizations, safety culture, and more. By allowing users to clearly understand controllers’ process models, STPA provides a methodology to identify sources of mode confusion and generate requirements to eliminate them. This paper presents an approach to conducting STPA that is tailored to issues of mode confusion in systems with interactions between human and automated controllers. Additionally, an example STPA is applied to the Boeing 777 autopilot system to illustrate how inappropriate feedback and mode confusion can be identified and prevented in complex systems.
Subject
General Medicine,General Chemistry
Reference10 articles.
1. Air Accident Investigation Sector. (2020). Air accident investigation sector accident final report AAIS case no: AIFN/0008/2016 Runway Impact during Attempted Go-Around (AIFN/0008/2016). https://reports.aviation-safety.net/2016/20160803-0_B773_A6-EMW.pdf
2. Safety-relevant mode confusions—modelling and reducing them
3. Federal Aviation Administration. (2022). Special Airworthiness Information Bulletin: Autopilot Flight Director System: ALT HOLD Engaged on Takeoff on Boeing Model 777/787 Common Fleets. https://ad.easa.europa.eu/blob/AIR-22-09R1.pdf/SIB_AIR-22-09R1_1
4. Engineering a Safer World
5. Designing automation to reduce operator errors