Increasing levels of automation, combined with increased system complexity, is leading to new types of safety problems—and the need for new ways of dealing with them, said Dr. Nancy Leveson, MIT professor of aeronautics, astronautics and engineering systems, in her keynote address to the Honeywell User Group Americas 2007 Symposium this morning.
“Increasingly, accidents are occurring even though nothing failed,” she explained. “Instead, problems arise in the system design and in the interaction of system components.” She attributed the growing problem to interactive complexity and increasingly tight coupling of system components—which is further compounded by computers and software.
In order to address this issue, industry needs to move beyond assuring safety through its traditional reliance on redundancy, and to treat safety not as a failure problem, but as a control problem.
“Safety is an emergent property that arises when components interact within a larger context,” Leveson said. “We need new approaches to hazards analysis,” she added, citing STAMP, or systems-theoretical accident model and process. STAMP is a basis for a more powerful, more encompassing hazards analysis methodology that extends risk analysis to cultural and organization factors, Leveson said. “It can help to find the leading indicators of risk.” She further characterized industry’s inability to effectively prevent accidents to a pervasive confusion between personal safety and process safety—the former having to do primarily with individual behavior, the latter with system design that ensures human safety.
We need new approaches to handle advanced technologies, system accidents and new types of human error, she added. “Using a control-based (vs. failure-based) model of causality expands our power to prevent process accidents.”
