16.422
Human Supervisory Control
Human-Centered
Systems Engineering
Design Approaches
Traditional Systems Engineering
Process Model*
16.422
Product Use, Phaseout, and
Disposal
Production
and/or Construction
Detail Design and
Development
Conceptual-
Preliminary Design
ACQUISITION PHASE UTILIZATION PHASE
N
E
E
D
? Operational requirements drive technical
performance measures which drive human factors
requirements…..
– Human considerations often are low priority
*Blanchard, B. S., & Fabrycky, W. J. (1998). Systems Engineering and Analysis (3rd ed.). Upper Saddle River, NJ: Prentice Hall.
The Spiral Systems Engineering
Process Model*
16.422
Three Mile Island
16.422
?March 28
th
, 1979
? Main feedwater pump failure, caused reactor to shut
down
? Relief valve opened to reduce pressure but became
stuck in the open position
– No indication to controllers
– Valve failure led to a loss of reactant coolant water
? No instrument showed the coolant level in the reactor
? Operators thought relief valve closed & water level too
high
– High stress
– Overrode emergency relief pump
Three Mile Island
? Automation worked correctly
? Confirmation bias: people seek out information to
confirm a prior belief and discount information that
does not support this belief
– At TMI, operators selectively filtered out data from other
gauges to support their hypothesis that coolant level was
too high
16.422
Human Systems Engineering*
16.422
(Courtesy of Aptima, Inc. Used with permission.)
General Principles for Design of
Human-Centered Automation*
16.422
? The human operator must be in command.
? The operator must be in involved.
? Human operator must be informed.
? Automated systems must be predictable.
? Automated systems should monitor the human.
? System agents should have intentional knowledge of
other agents
? Training, learning and operation of automation
should be simple
? Only automate functionalities if there is a need.
*Billings, 1997
Alert systems integration?
Specific Design Requirements for
Human-Centered Automation*
16.422
? Automation systems should be comprehensible.
? Automation should ensure operators are not removed
from command role.
? Automation should support situation awareness.
? Automation should never perform or fail silently.
? Management automation should improve system
management
? Designers must assume that operators will become
reliant on reliable automation.
*Billings, 1997
FAA Human Factors Design Standard
16.422
? Basic design elements
– Durability, proper function allocation, user testing, reliability
? Simplicity
? Consistency
– Be consistent with user mental model.
? Standardization
– Maintain identical interfaces for identical functions.
? Safety
– Provide a fail-safe design and make it error tolerant
? User-centered perspective
– Maximize human performance but minimize training requirements
? Support
? Maintenance
Designing automation to support
information processing
16.422
Human
Sensory
Processing
Response
Selection
Decision
Making
Perception/
Working
Memory
Information
Acquisition
Action
Implementation
Decision
& Action
Selection
Information
Analysis
Automation
*Parasuraman, Sheridan, Wickens, 2000
A Model of
Types and
Levels of
Automation*
Information
Acquisition
Action
Implementation
Decision
& Action
Selection
Information
Analysis
What should be automated?
Identify types of automation
Identify levels of automation
Apply primary evaluative criteria:
Human Performance Consequences
? Mental workload
? Situation awareness
? Complacency
? Skill degradation
Initial types & levels of automation
Final types & levels of automation
Apply secondary evaluative criteria:
? Automation reliability
? Costs of action outcomes
Low (manual) High (full automation)
*Parasuraman,
Sheridan,
Wickens, 2000
Sheridan and Verplank’s 10 Levels of
Automation of Decision and Action Selection
16.422
Automation
Level
Automation Description
1
The computer offers no assistance: human must take all decision and actions.
2 The computer offers a complete set of decision/action alternatives, or
3 narrows the selection down to a few, or
4 suggests one alternative, and
5 executes that suggestion if the human approves, or
6
allows the human a restricted time to veto before automatic execution, or
7
executes automatically, then necessarily informs humans, and
8
informs the human only if asked, or
9
informs the human only if it, the computer, decides to.
10
The computer decides everything and acts autonomously, ignoring the human.
Information
Acquisition
Action
Implementation
Decision
& Action
Selection
Information
Analysis
What should be automated?
Identify types of automation
Identify levels of automation
Apply primary evaluative criteria:
Human Performance Consequences
? Mental workload
? Situation awareness
? Complacency
? Skill degradation
Initial types & levels of automation
Final types & levels of automation
Apply secondary evaluative criteria:
? Automation reliability
? Costs of action outcomes
Low (manual) High (full automation)
A Model of
Types and
Levels of
Automation*
*Parasuraman,
Sheridan,
Wickens, 2000