《人类监控自动化系统》英文版 16.422 Human Supervisory Control

16.422 Human Supervisory Control Human-Centered Systems Engineering Design Approaches Massachusetts Institute of Technology

16.422 Human Supervisory Control Human-Centered Systems Engineering Design Approaches

Traditional Systems Engineering Process model 16.422 ACQUISITION PHASE UTILIZATION PHASE N E Conceptual- Detail Design andProduction Product Use. Phaseout and E Preliminary Design Development land/or Construction D Operational requirements drive technical performance measures which drive human factors requirements Human considerations often are low priority Blanchard,B. s, Fabrycky, w.J(1998). Systems Engineering and Analysis(3rd ed. ) Upper Saddle river, NJ: Prentice Hall

Traditional Systems Engineering Process Model* 16.422 Product Use, Phaseout, and Disposal Production and/or Construction Detail Design and Developme nt Conceptual￾Preli minary Design ACQUISITION PHASE UTILIZATION PHASE N E E D • Operational requirements drive technical performance measures which drive human factors requirements….. – Human considerations often are low priority *Blanchard, B. S., & Fabrycky, W. J. (1998). Syste ms Engineering and Analysis (3rd ed.). Upper Saddle River, NJ: Prentice Hall

The Spiral Systems Engineering Process modelx 16.422 esolve r Risk nalysis Commit to an Operational alternatives approach for analysis analysis, START Prototype ype 3 Review Partition Requirements Simulations plan, lifecycle Concept of models peration Software benchmarks ments Software Plan the next IntegrationDesign validation and test plan and verification and test Ac deliverables for the Release iteration and verify that they are correct

The Spiral Systems Engineering 16.422 Process Model*

Three mile island 16.422 March 28th 1979 Main feedwater pump failure, caused reactor to shut down Relief valve opened to reduce pressure but became stuck in the open position No indication to controllers Valve failure led to a loss of reactant coolant water No instrument showed the coolant level in the reactor B perators thought relief valve closed water level too g h High stress Overrode emergency relief pump

Three Mile Island 16.422 • M a r c h 2 8th, 1979 • Main feedwater pump failure, caused reactor to shut down • Relief valve opened to reduce pressure but became stuck in the open position – No indication to controllers – Valve failure led to a loss of reactant coolant water • No instrument showed the coolant level in the reactor • Operators thought relief valve closed & water level too high – High stress – Overrode emergency relief pump

Three mile island 16.422 Automation worked correctly Confirmation bias: people seek out information to confirm a prior belief and discount information that does not support this belief At TMI, operators selectively filtered out data from other gauges to support their hypothesis that coolant level was too high

Three Mile Island • Automation worked correctly • Confirmation bias: people seek out information to confirm a prior belief and discount information that does not support this belief – At TMI, operators selectively filtered out data from other gauges to support their hypothesis that coolant level was too high 16.422

Human Systems engineering* 16.422 CVisi Syster m/Software re Cser sunvey, needs analysis, et Feasibiity assessment Artifact amd liwe system eval atio Aenbm arce and usablity regs rotative canoes允r next versio? release Installation System/Software Preliminary Desig Fraize customer support Need s and tasw analysis Corded or-se assessm et Acquisition Cycle Storyboards and dew on statons m aterials Integration Test Detailed design Aan per an7o加丈 le soy? tradeo and modrow analysis Detailed t designs and prototypes Devebp training m aterial Unit Development Cn-lwne help and documentato? HE heuristic re view Devine perm ance ad erect tene ss criteria L心 abity evaluation of prototypes (Courtesy of Aptima, Inc. Used with permission

Human Systems Engineering* 16.422 (Courtesy of Aptima, Inc. Used with permission.)

General Principles for design of Human-Centered Automation% 16.422 The human operator must be in command The operator must be in involved Human operator must be informed Automated systems must be predictable Automated systems should monitor the human System agents should have intentional knowledge of other agents Training learning and operation of automation should be simple Only automate functionalities if there is a need Alert systems integration? Billings. 1997

General Principles for Design of Human-Centered Automation* 16.422 • The human operator must be in command. • The operator must be in involved. • Human operator must be informed. • Automated systems must be predictable. • Automated systems should monitor the human. • System agents should have intentional knowledge of other agents • Training, learning and operation of automation should be simple • Only automate functionalities if there is a need. *Billin g s, 1997 Alert systems integration?

Specific Design Requirements for Human-Centered Automation* 16.422 Automation systems should be comprehensible Automation should ensure operators are not removed from command role Automation should support situation awareness Automation should never perform or fail silently Management automation should improve system management Designers must assume that operators will become reliant on reliable automation Billings. 1997

Specific Design Requirements for Human-Centered Automation* 16.422 • Automation systems should be comprehensible. • Automation should ensure operators are not removed from command role. • Automation should support situation awareness. • Automation should never perform or fail silently. • Management automation should improve system management • Designers must assume that operators will become reliant on reliable automation. *Billin g s, 1997

FAA Human Factors Design Standard 16.422 Basic design elements Durability, proper function allocation, user testing, reliability Simplicity Consistency Be consistent with user mental model Standardization Maintain identical interfaces for identical functions Safety Provide a fail- safe design and make it error tolerant Us ser-centered perspective Maximize human performance but minimize training requirements S upp · Maintenance

FAA Human Factors Design Standard 16.422 • Basic design elements – Durability, proper function allocation, user testing, reliability • Simplicity • Consistency – Be consistent with user mental model. • Standardization – Maintain identical interfaces for identical functions. • Safety – Provide a fail-safe design and make it error tolerant • User-centered perspective – Maximize human performance but minimize training requirements • Support • Maintenance

Designing automation to support Information processing 16.422 Human Perception Sensor Decision R response Processing Working Memory Making Selection automation Information Information Decision Action action cquisition Analysis Implementation Selection *Parasuraman Sheridan Wickens. 2000

Designing automation to support information processing 16.422 Human Sensory Processing Response Selection Decision Making Perception/ Working Memory Information Acquisition Action Implementation Decision & Action Selection Information Analysis Automation *Parasuraman, Sheridan, Wickens, 2000