16. 422 Alerting Systems Prof, r, john hansman Acknowledgements to Jim Kuchar
System Supervisory Control Computer Interface Display Control Sensors Direct Observation 16.422 Alerting Systems Prof. R. John Hansman Acknowledgements to Jim Kuchar
口中 Consider Sensor System Display Or Threshold Sensor System Alert Radar Engine fire Detection Other
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Consider Sensor System Threshold System Display Or Alert Sensor y Radar y Engine Fire Detection y Other
Decision-Aiding /Alerting System Architecture Automation Sensors actuator Interface Actuator Human Information transduction Control/ Actuation Decision Making Courtesy: Jim Kuchar
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Decision-Aiding / Alerting System Architecture Sensors Displays Human Actuator Sensors Automation Actuator Environment Process Information Transduction Decision Making Control / Actuation Interface Courtesy: Jim Kuchar
Fundamental tradeoff in Alerting Decisions Uncertain current state azard · When to a|ert? a Too early a Unnecessary Alert Operator would have avoided hazard without alert Leads to distrust of system, delayed response O Too late missed Detection Incident occurs even with the alerting system Must balance Unnecessary Alerts and Missed Detections Courtesy: Jim Kuchar
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Fundamental Tradeoff in Alerting Decisions y When to alert? Too early ºUnnecessary Alert Operator would have avoided hazard without alert Leads to distrust of system, delayed response Too late º Missed Detection Incident occurs even with the alerting system y Must balance Unnecessary Alerts and Missed Detections Hazard Uncertain Future Trajectory Uncertain current state x1 x 2 Courtesy: Jim Kuchar�
The alerting Decision Examine consequences of alerting /not alerting O Alert is not issued: Nominal Trajectory(N a Alert is issued: Avoidance Trajectory (A) Hazard Hazard Current state Compute probability of Incident along each trajectory Courtesy: Jim Kuchar
System Supervisory Control Computer Interface Display Control Sensors Direct Observation The Alerting Decision y Examine consequences of alerting / not alerting Alert is not issued: Nominal Trajectory (N) Alert is issued: Avoidance Trajectory (A) A A Hazard Current State Hazard N Compute probability of Incident along each trajectory Courtesy: Jim Kuchar
口中 hreshold placement Ideal Alerting Syster 2 0030≥00 04 Threshold Locations Probability of False Alarm P(FA Courtesy: Jim Kuchar
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Threshold Placement 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 Probability of False Alarm P(FA) Probability of Successful Alert P(SA) Example Alerting Threshold Locations Ideal Alerting System 1 2 Courtesy: Jim Kuchar
Threshold placement Use specified P(FA)or P(MD) Alerting Cost Function: Define CFA, CMD as alert decision costs J=P(FA)CFA+P(MD)Cn P(FA)CFA+(1-P(CD)CMD Minimize Cost d= dP(FA)CFA-dP(CD) CMD=0 dP(CD) C FA dP(FA)C Slope of soc curve= cost ratio Threshold Location 040.6081.0 Courtesy: Jim Kuchar
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Courtesy: Jim Kuchar
Engine Fire Alerting TAT +15d. 380CRZ 口 FIRE ENG R 1380 C(FA) high on takeoff 1250 1250 Alerts suppressed during TO EPR 723 394 TOTAL FUEL 207. 7LBS X TEMP +10c Now lets take a quick look at non-normal checklists The 777 EICAS message list is similar to other Boeing EICAS airplanes For 747-400 operators: It doesn t use the"caret symbol to indicate a checklist with no QRH items, like the 747-400s do. J But it has an additional feature, called the"checklist icon. The icon is displayed next to an EICAS message whenever there is an ECL checklist that needs to be completed Once the checklist is fully complete, the icon is removed from display next to the message. This helps the crew keep track of which checklists remain to be complete W015.8
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Engine Fire Alerting 207.7 +10c LBS X 1000 TOTAL FUEL TEMP FIRE ENG R 1,250 1,380CRZ 723 394 1,250 1,380 723 394 EPR N1 EGT TAT +15c y C(FA) high on takeoff y Alerts suppressed during TO Now let’s take a quick look at non-normal checklists. The 777 EICAS message list is similar to other Boeing EICAS airplanes. [For 747-400 operators: It doesn’t use the “caret” symbol to indicate a checklist with no QRH items, like the 747-400s do.] But it has an additional feature, called the “checklist icon”. The icon is displayed next to an EICAS message whenever there is an ECL checklist that needs to be completed. Once the checklist is fully complete, the icon is removed from display next to the message. This helps the crew keep track of which checklists remain to be completed. W015.8
据中 Crew Alerting Levels Non-normal Procedures Time Operational condition that requires immediate crew awareness and immediate Critical ctIon Warning Operational or system condition that requires immediate crew awareness and definite corrective or compensatory action Caution Operational or system condition that requires immediate crew awareness and possible corrective or compensatory action Advisory Operational or system condition that requires crew awareness and possible corrective or compensatory action Alternate normal procedures Comm Alerts crew to incoming datalink communication Memo Crew reminders of the current state of certain manually selected normal conditions Source: Brian Kelly Boeing Don' t have time to discuss these levels mportant thing to know is that we rigorously define and defend these levels We apply them across all the systems The indications are consistent for all alerts at each level Thus the pilots instantly know the criticality and nature of an alert even before they know what the problem is
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Crew Alerting Levels Non-Normal Procedures Time Critical Operational condition that requires immediate crew awareness and immediate action Warning Operational or system condition that requires immediate crew awareness and definite corrective or compensatory action Caution Operational or system condition that requires immediate crew awareness and possible corrective or compensatory action Advisory Operational or system condition that requires crew awareness and possible corrective or compensatory action Alternate Normal Procedures Comm Alerts crew to incoming datalink communication Memo Crew reminders of the current state of certain manually selected normal conditions Source: Brian Kelly Boeing Don’t have time to discuss these levels. Important thing to know is that we rigorously define and defend these levels We apply them across all the systems. The indications are consistent for all alerts at each level. Thus the pilots instantly know the criticality and nature of an alert even before they know what the problem is
中 Boeing color use guides Red Warnings, warning level limitations Amber Cautions caution level limitations White Current status information Green Pilot selected data, mode annunciations Magenta Target information Cyan Background data gain, we don't have time to describe these definitions in detail The important thing to note is that our philosophy is definite, and as simple as practical It fits on one page in big font no less
System Supervisory Control Computer Interface Display Control Sensors Direct Observation Boeing Color Use Guides Red Warnings, warning level limitations Amber Cautions, caution level limitations White Current status information Green Pilot selected data, mode annunciations Magenta Target information Cyan Background data Again, we don’t have time to describe these definitions in detail. The important thing to note is that our philosophy is definite, and as simple as practical. It fits on one page, in big font no less