16.422 Human Supervisory Control Human-Centered Systems Engineering Design Approaches Traditional Systems Engineering Process Model* 16.422 Product Use, Phaseout, and Disposal Production and/or Construction Detail Design and Development Conceptual- Preliminary Design ACQUISITION PHASE UTILIZATION PHASE N E E D ? Operational requirements drive technical performance measures which drive human factors requirements….. – Human considerations often are low priority *Blanchard, B. S., & Fabrycky, W. J. (1998). Systems Engineering and Analysis (3rd ed.). Upper Saddle River, NJ: Prentice Hall. The Spiral Systems Engineering Process Model* 16.422 Three Mile Island 16.422 ?March 28 th , 1979 ? Main feedwater pump failure, caused reactor to shut down ? Relief valve opened to reduce pressure but became stuck in the open position – No indication to controllers – Valve failure led to a loss of reactant coolant water ? No instrument showed the coolant level in the reactor ? Operators thought relief valve closed & water level too high – High stress – Overrode emergency relief pump Three Mile Island ? Automation worked correctly ? Confirmation bias: people seek out information to confirm a prior belief and discount information that does not support this belief – At TMI, operators selectively filtered out data from other gauges to support their hypothesis that coolant level was too high 16.422 Human Systems Engineering* 16.422 (Courtesy of Aptima, Inc. Used with permission.) General Principles for Design of Human-Centered Automation* 16.422 ? The human operator must be in command. ? The operator must be in involved. ? Human operator must be informed. ? Automated systems must be predictable. ? Automated systems should monitor the human. ? System agents should have intentional knowledge of other agents ? Training, learning and operation of automation should be simple ? Only automate functionalities if there is a need. *Billings, 1997 Alert systems integration? Specific Design Requirements for Human-Centered Automation* 16.422 ? Automation systems should be comprehensible. ? Automation should ensure operators are not removed from command role. ? Automation should support situation awareness. ? Automation should never perform or fail silently. ? Management automation should improve system management ? Designers must assume that operators will become reliant on reliable automation. *Billings, 1997 FAA Human Factors Design Standard 16.422 ? Basic design elements – Durability, proper function allocation, user testing, reliability ? Simplicity ? Consistency – Be consistent with user mental model. ? Standardization – Maintain identical interfaces for identical functions. ? Safety – Provide a fail-safe design and make it error tolerant ? User-centered perspective – Maximize human performance but minimize training requirements ? Support ? Maintenance Designing automation to support information processing 16.422 Human Sensory Processing Response Selection Decision Making Perception/ Working Memory Information Acquisition Action Implementation Decision & Action Selection Information Analysis Automation *Parasuraman, Sheridan, Wickens, 2000 A Model of Types and Levels of Automation* Information Acquisition Action Implementation Decision & Action Selection Information Analysis What should be automated? Identify types of automation Identify levels of automation Apply primary evaluative criteria: Human Performance Consequences ? Mental workload ? Situation awareness ? Complacency ? Skill degradation Initial types & levels of automation Final types & levels of automation Apply secondary evaluative criteria: ? Automation reliability ? Costs of action outcomes Low (manual) High (full automation) *Parasuraman, Sheridan, Wickens, 2000 Sheridan and Verplank’s 10 Levels of Automation of Decision and Action Selection 16.422 Automation Level Automation Description 1 The computer offers no assistance: human must take all decision and actions. 2 The computer offers a complete set of decision/action alternatives, or 3 narrows the selection down to a few, or 4 suggests one alternative, and 5 executes that suggestion if the human approves, or 6 allows the human a restricted time to veto before automatic execution, or 7 executes automatically, then necessarily informs humans, and 8 informs the human only if asked, or 9 informs the human only if it, the computer, decides to. 10 The computer decides everything and acts autonomously, ignoring the human. Information Acquisition Action Implementation Decision & Action Selection Information Analysis What should be automated? Identify types of automation Identify levels of automation Apply primary evaluative criteria: Human Performance Consequences ? Mental workload ? Situation awareness ? Complacency ? Skill degradation Initial types & levels of automation Final types & levels of automation Apply secondary evaluative criteria: ? Automation reliability ? Costs of action outcomes Low (manual) High (full automation) A Model of Types and Levels of Automation* *Parasuraman, Sheridan, Wickens, 2000