Framing the MH17 disaster – more heat than light?

Despite the reductionist analyses produced by politicians and the Fourth Estate, the loss of Malaysia Airlines Flight MH17 was a systems accident – a product of the interactions between the actants that compose the commercial aviation system network-space. As an antidote to reductionism’s ‘fundamental attribution error’, this paper presents a systems-thinking-informed analysis of the MH17 disaster. To this end it draws on Actor-Network Theory and the work of Reason, Toft, Dekker, Hollnagel and other systems-thinking advocates. Whether intentional or not, politicians’ reductionist analyses generated political capital. European Union and American finger-pointing distracted from aviation authorities’ and airlines’ ill-advised routing policies. Russian finger-pointing distracted from that country’s economic dysfunction and adventurism. The risk-management community must redouble its efforts to publicise the benefits of the systems-thinking approach to risk assessment and accident investigation

Envisioning patient safety in Telehealth: a research perspective

This article explores the need for research into patient safety in large-scale Telehealth systems faced with the perspective of its development extended to healthcare systems. Telehealth systems give rise to significant advantages in improving the quality of healthcare services as well as bringing about the possibility of new types of risk. A theoretical framework is proposed for patient safety for its approach as an emerging property in complex socio-technical systems (CSTS) and their modelling in layers. As regards this framework, the differential characteristic Telehealth elements of the system have been identified, with a greater emphasis on the level of Telehealth system and its typical subsystems. The bases of the analysis are based on references in the literature and the experience accumulated by the researchers in the area. In particular, a case describing an example of Telehealth to control patients undergoing treatment with oral anticoagulants is used. As a result, a series of areas of research into and topics regarding Telehealth patient safety are proposed to cover the detectable gaps. Both the theoretical and practical implications of the study are discussed and future perspectives are reflected on.This research has been partially supported by grants FISPI09-90110 ‘Innovation Platform in new services based on telemedicine and e-health for chronic and dependent patients -PITES’ from the Ministry of Health & Consumer Affairs; and FISPI13-00508 ‘Innovation platform in new services based on Telemedicine and e- Health: definition, design and development of tools for interoperability, patient safety and support to decision (PITES-ISA)’ from the Ministry of Economy and Competitiveness (Secretary of State of Research, Development and Innovation). The funders had no role in the study, decision to publish, or drafting of the manuscript.S

Challenges in Autonomous Vehicle Testing and Validation

Abstract Software testing is all too often simply a bug hunt rather than a wellconsidered exercise in ensuring quality. A more methodical approach than a simple cycle of system-level test-fail-patch-test will be required to deploy safe autonomous vehicles at scale. The ISO 26262 development V process sets up a framework that ties each type of testing to a corresponding design or requirement document, but presents challenges when adapted to deal with the sorts of novel testing problems that face autonomous vehicles. This paper identifies five major challenge areas in testing according to the V model for autonomous vehicles: driver out of the loop, complex requirements, non-deterministic algorithms, inductive learning algorithms, and failoperational systems. General solution approaches that seem promising across these different challenge areas include: phased deployment using successively relaxed operational scenarios, use of a monitor/actuator pair architecture to separate the most complex autonomy functions from simpler safety functions, and fault injection as a way to perform more efficient edge case testing. While significant challenges remain in safety-certifying the type of algorithms that provide high-level autonomy themselves, it seems within reach to instead architect the system and its accompanying design process to be able to employ existing software safety approaches

basic concepts on systems of systems

A System of System (SoS) stems from the integration of existing systems (legacy systems), normally operated by different organizations, and new systems that have been designed to take advantage of this integration

Reasoning with qualitative preferences for optimization of component-based system development

A component-based system is a set of entities that work together in well-defined ways to satisfy a given requirement specified by the stakeholders for the system. This requirement can be modeled as a set of combinations of traits, which represent acceptable alternatives for providing the required functionality. A system satisfies its requirement if and only if it provides one of the required sets of traits in its entirety. Beyond the requirement, system stakeholders may also have preferences with respect to optional functionality that could be provided by a system, tradeoffs between non-functional properties, or other system design options. This work focuses on integrating support for both qualitative preference reasoning and formal verification into the component-based system design process in order to choose a set of components for the system that, when composed, will (1) satisfy the stakeholders\u27 requirement for the system and (2) provide a set of traits that is optimal with respect to the given preferences. Our primary research objective is to develop a generic, modular, end-to-end framework for developing component-based systems of any type which are correct according to the system requirement and most preferred with respect to the stakeholders\u27 preferences. Applications of the framework to problems in Web service composition, goal-oriented requirements engineering, and other areas will be discussed, along with future work toward integrating multi-stakeholder preference reasoning and partial satisfaction of traits into the framework

Testing the effects of violating component axioms in validation of complex aircraft systems

This thesis focuses on estimating faults in complex large-scale integrated aircraft systems, especially where they interact with, and control, the aircraft dynamics. A general assumption considered in the reliability of such systems is that any component level fault will be monitored, detected and corrected by some fault management capability. However, a reliance on fault management assumes not only that it can detect and manage all faults, but also that it can do so in sufficient time to recover from any deviation in the aircraft dynamics and flight path. Testing for system-level effects is important to ensure better reliability of aircraft systems. However, with existing methods for validation of complex aircraft systems, it is difficult and impractical to set up a finite test suite to enable testing and integration of all the components of a complex system. The difficulty lies in the cost of modelling every aspect of every component given the large number of test cases required for sufficient coverage. Just having a good simulator, or increasing the number of test cases is not sufficient; it is also important to know which simulation runs to conduct. For this purpose, the thesis proposes simulating faults in the system through the violation of “axiomatic conditions” of the system components, which are conditions on the functioning of these components introduced during their development. The thesis studies the effect, on the aircraft dynamics, of simulating such faults when reference models of the components representing their key functions are integrated.M.S

Cyber-Physical Systems of Systems: Foundations – A Conceptual Model and Some Derivations: The AMADEOS Legacy

Computer Systems Organization and Communication Networks; Software Engineering; Complex Systems; Information Systems Applications (incl. Internet); Computer Application

Intégration de la sûreté de fonctionnement dans les processus d'ingénierie système

L'intégration de diverses technologies, notamment celles de l'informatique et l'électronique, fait que les systèmes conçus de nos jours sont de plus en plus complexes. Ils ont des comportements plus élaborés et plus difficiles à prévoir, ont un nombre de constituants en interaction plus important et/ou réalisent des fonctions de plus haut niveau. Parallèlement à cette complexification des systèmes, la compétitivité du marché mondial impose aux développeurs de systèmes des contraintes de coût et de délais de plus en plus strictes. La même course s'opère concernant la qualité des systèmes, notamment lorsque ceux-ci mettent en jeu un risque en vies humaines ou un risque financier important. Ainsi, les développeurs sont contraints d'adopter une approche de conception rigoureuse pour répondre aux exigences du système souhaité et satisfaire les diverses contraintes (coût, délais, qualité, sûreté de fonctionnement,...). Plusieurs démarches méthodologiques visant à guider la conception de système sont définies par l'intermédiaire de normes d'Ingénierie Système. Notre travail s'appuie sur la norme EIA-632, qui est largement employée, en particulier dans les domaines aéronautique et militaire. Il consiste à améliorer les processus d'ingénierie système décrits par l'EIA-632, afin d'intégrer une prise en compte globale et explicite de la sûreté de fonctionnement. En effet, jusqu'à présent la sûreté de fonctionnement était obtenue par la réutilisation de modèles génériques après avoir étudié et développé chaque fonction indépendamment. Il n'y avait donc pas de prise en compte spécifique des risques liés à l'intégration de plusieurs technologies. Pour cette raison, nous proposons de nous intéresser aux exigences de Sûreté de Fonctionnement au niveau global et le plus tôt possible dans la phase de développement, pour ensuite les décliner aux niveaux inférieurs, ceci en s'appuyant sur les processus de la norme EIA-632 que nous étoffons. Nous proposons également une méthode originale de déclinaison d'exigences de sûreté de fonctionnement à base d'arbres de défaillances et d'AMDEC, ainsi qu'un modèle d'information basé sur SysML pour appuyer notre approche. Un exemple issu du monde aéronautique permet d'illustrer nos propositions.The integration of various technologies, including computer and electronics, makes the nowadays designed systems increasingly complex. They have behaviors which are more elaborate and difficult to predict, they have a greater number of components in interaction and/or perform highest level functions. Parallel to this increasing complexity of these systems, the competitive of the global market imposes strong constraints of cost and time to the system developers. Other strong constraints deal with the quality of these systems, especially when they involve human risks or significant financial risks. Thus, developers are forced to adopt a rigorous design approach to meet the desired system requirements and satisfy the various constraints (cost, time, quality, dependability...). Several methodological approaches to guide the system design are defined through system engineering standards. Our work is based on the EIA-632 standard, which is widely used, especially in the aeronautical and military fields. It is to improve the systems engineering process described by the EIA-632, in order to incorporate a global and explicit consideration of dependability. Indeed, till now the dependability was achieved by reusing generic models after having studied and developed independently each function. So there was no specific consideration of the risks associated with the integration of several technologies. For this reason, we propose to concern ourselves with the dependability requirements at the global level and as early as possible in the development phase. Then, these requirements will be decline to lower levels. We based our approach on the processes of the EIA-632 standard that we expand. We also propose an original method for the declination of the dependability requirements based on fault trees and FMEAC, and an information model based on SysML in order to support our approach. An example from the aeronautical field illustrates our proposals

Process Resilience Analysis Framework for Design and Operations

Process plants are complex socio-technical systems that degrade gradually and change with advancing technology. This research deals with exploring and answering questions related to the uncertainties involved in the process systems, and their complexity. It aims to systematically integrate resilience in process design and operations through three different phases of prediction, survival, and recovery using a novel framework called Process Resilience Analysis Framework (PRAF). The analysis relies on simulation, data-driven models and optimization approach employing the resilience metrics developed in this research. In particular, an integrated method incorporating aspects of process operations, equipment maintenance, and process safety is developed for the following three phases: •Prediction: to find the feasible operating region under changing conditions using Bayesian approach, global sensitivity analysis, and robust simulation methods, •Survival: to determine optimal operations and maintenance strategies using simulation, Bayesian regression analysis, and optimization, and •Recovery: to develop a strategy for emergency barriers in abnormal situations using dynamic simulation, Bayesian analysis, and optimization. Examples of a batch reactor, and cooling tower operations process unit are used to illustrate the application of PRAF. The results demonstrate that PRAF is successful in capturing the interactions between the process operability characteristics, maintenance, and safety policy. The prediction phase analysis leads to good dynamic response and stability of operations. The survival phase helps in the reduction of unplanned shutdown and downtime. The recovery phase results in in reduced severity of consequences, and response time and overall enhanced recovery. Overall, PRAF achieves flexibility, controllability and reliability of the system, supports more informed decision-making and profitable process systems