Human-Computer Interaction The designers had no intention of ignoring the human factor. But the technological questions became so overwhelming that they commanded the most attention John Fuller ath by robot Possible Roles for Computers in Control Loops Computer reads and interprets sensor data for operator splays computer k sensors operator controls H actuators Computer provides information and advice to operator displays computer operator k---- process controls
c ��������������������� ����� Human−Computer Interaction [The designers] had no intention of ignoring the human factor ... But the technological questions became so overwhelming that they commanded the most attention. John Fuller Death by Robot c ��������������������� ����� Possible Roles for Computers in Control Loops Computer reads and interprets sensor data for operator ������������� ��������������� ����������������� ������������� ��������������� ������������� �������������� Computer provides information and advice to operator ������������� ��������������� ��������������� �������������� ������������� ����������������� �������������
eveson -243 More Roles for Computers in Control Loops Computer interprets and displays data for operator and issues commands; operator makes varying levels of decisions operator computer ocess controls d actuators Computer assumes complete control with operator providing advice or high-level supervision or simply monitoring Role of Humans in Automated systems The human as monitor Task may be impossible Dependent on information provided State of information more indirect Failures may be silent or masked Little active behavior can lead to lower alertness and vigilance, complacency, and overreliance
�� c ��������������������� ����� More Roles for Computers in Control Loops Computer interprets and displays data for operator and issues commands; operator makes varying levels of decisions. ����������������� ������������� ������������� ��������������� �������������� ��������������� ������������� Computer assumes complete control with operator providing advice or high−level supervision or simply monitoring. c ��������������������� ����� Role of Humans in Automated Systems The Human as Monitor Task may be impossible Dependent on information provided State of information more indirect Failures may be silent or masked Little active behavior can lead to lower alertness and vigilance, complacency, and overreliance
eveson -245 Role of Humans in Automated Systems(con't ● The Human as Backup May lead to lowered proficiency and increased reluctance to intervene Fault intolerance may lead to even larger errors May make crisis handling more difficult The Human as partner may be left with miscellaneous tasks Tasks may be more complex and new tasks added By taking away easy parts, may make difficult parts harder HMI Design Simple solution is to automate as much as possible, but is this the best solution Different is not necessarily better Need to consider conflicts between HMI design qualities Norman: Appropriate design should assume the existence of error Continually provide feedback Continually interact with operators in an effective manner llow for the worst situation possible
c ��������������������� ����� Role of Humans in Automated Systems (con’t.) �� �� The Human as Backup May lead to lowered proficiency and increased reluctance to intervene Fault intolerance may lead to even larger errors May make crisis handling more difficult The Human as Partner May be left with miscellaneous tasks Tasks may be more complex and new tasks added By taking away easy parts, may make difficult parts harder c ��������������������� ����� HMI Design Simple solution is to automate as much as possible, but is this the best solution? Different is not necessarily better. Need to consider conflicts between HMI design qualities. Norman: Appropriate design should: Assume the existence of error. Continually provide feedback. Continually interact with operators in an effective manner. Allow for the worst situation possible
Oeveson-247 HMI Design Process Perform a system hazard analysis to identify high-risk tasks and safety-critical operator errors Identify HCl safety requirements and constraints Design the HMI with requirements Validate design and hazards in mind Establish operational information Perform a hazard analysis on the sources and feedback loops design to identify residual hazards Use feedback from incident and Redesign and implement accident reports and feedback loops for changes and redesign Matching tasks to human characteristics Tailor systems to human requirements instead of vice versa Design to withstand normal, expected human behavior Design to combat lack of alertness Design for error tolerance Help operators monitor themselves and recover from errors Provide feedback about actions operators took and their effects Allow for recovery from erroneous actions
c ��������������������� ����� HMI Design Process Validate design loops for changes and redesign. Use feedback from incident and accident reports and feedback design to identify residual hazards. Design the HMI with requirements Identify HCI safety requirements Establish operational information sources and feedback loops. and hazards in mind. Perform a hazard analysis on the Redesign and implement. and constraints. safety−critical operator errors. to identify high−risk tasks and Perform a system hazard analysis c ��������������������� ����� Matching Tasks to Human Characteristics Tailor systems to human requirements instead of vice versa. Design to withstand normal, expected human behavior. Design to combat lack of alertness. Design for error tolerance: Help operators monitor themselves and recover from errors. Provide feedback about actions operators took and their effects. Allow for recovery from erroneous actions
Approach Seat belt ON Cont Ignition ON Anti-skid N Altimeters 4 ON Fuel boost pumps Air speed bugs Pressurization Approach checklist COMPLETE Allocating Tasks Design considerations · Failure detection Making allocation decisions Emergency shutdown
c ��������������������� ����� Altimeters Fuel boost pumps Air speed bugs Pressurization Approach checklist COMPLETE 4 ON ON Cont Ignition Seat Belt ON ON Approach Anti−skid Allocating Tasks Design considerations. Failure detection. Making allocation decisions. Emergency shutdown. c ��������������������� ����� .
eveson -251 Reducing Human Errors Make safety enhancing actions easy, natural, and difficult to omit or do wrong Stopping an unsafe action or leaving an unsafe state should require one keystroke Make dangerous actions difficult or impossible Potentially dangerous commands should require two or more unique actions Provide references for making decisions Reducing Human Errors(2) Follow human stereotypes Make sequences dissimilar if need to avoid confusion between them Make errors physically impossible or obviou Use physical interlocks(but be careful about this)
c ��������������������� ����� Reducing Human Errors Make safety enhancing actions easy, natural, and difficult to omit or do wrong. Stopping an unsafe action or leaving an unsafe state should require one keystroke. Make dangerous actions difficult or impossible. Potentially dangerous commands should require two or more unique actions. Provide references for making decisions. c ��������������������� ����� Reducing Human Errors (2) Follow human stereotypes. Make sequences dissimilar if need to avoid confusion between them. Make errors physically impossible or obvious. Use physical interlocks (but be careful about this)
Providing Information and Feedback Analyze task to determine what information is needed · Provide feedback About effect of operators actions To detect human errors About state of system To update mental models To detect system faults Provide for failure of computer displays(by alternate sources of information Instrumentation to deal with malfunction must not be disabled by the malfunction Providing Information and Feedback(2 Inform operators of anomalies, actions taken, and current system state Fail obviously or make graceful degradation obvious to operator Making displays easily interpretable is not always best Feedforward assistance Predictor displays Procedural checklists and guides(be careful)
c ��������������������� ����� Providing Information and Feedback Analyze task to determine what information is needed. Provide feedback: About effect of operator’s actions To detect human errors About state of system To update mental models To detect system faults Provide for failure of computer displays (by alternate sources of information. Instrumentation to deal with malfunction must not be disabled by the malfunction. c ��������������������� ����� Providing Information and Feedback (2) Inform operators of anomalies, actions taken, and current system state. Fail obviously or make graceful degradation obvious to operator. Making displays easily interpretable is not always best. Feedforward assistance: Predictor displays Procedural checklists and guides (be careful)
veson -255 Alarms Issues Overload Incredulity response Relying on as primary rather than backup(management by exception) · Guidelines Keep spurious alarms to a minimum Provide checks to distinguish correct from faulty instruments Provide checks on alarm system itself Distinguish between routine and critical alarms Indicate which condition is responsible for alarm Provide temporal information about events and state changes Require corrective action when necessary eveson-256 Training and Maintaining skills May need to be more extensive and deep Required skill levels go up(not down) with automation Teach how the software works Teach about safety features and design rationale Teach for general strategies rather than specific responses
c ��������������������� Alarms ����� Issues: Overload Incredulity Response Relying on as primary rather than backup (management by exception) Guidelines: Keep spurious alarms to a minimum. Provide checks to distinguish correct from faulty instruments. Provide checks on alarm system itself. Distinguish between routine and critical alarms. Indicate which condition is responsible for alarm Provide temporal information about events and state changes. Require corrective action when necessary. c ��������������������� ����� Training and Maintaining Skills May need to be more extensive and deep. Required skill levels go up (not down) with automation. Teach how the software works. Teach about safety features and design rationale. Teach for general strategies rather than specific responses
Mode confusion General term for a class of situation awareness errors High tech automation changing cognitive demands on operators Supervising rather than directly controlling More cognitively complex decision making Complicated, mode-rich systems Increased need for cooperation and communication Human-factors experts complaining about technology-centered automation Designers focus on technical issues, not on supporting operator tasks Leads to"clumsy"automation Errors are changing, e.g. errors of omission Vs. commission eveson Mode Confusion(2) Early automated systems had fairly small number of modes Provided passive background on which operator would act by entering target data and requesting system operations Also had only one overall mode setting for each function performed Indications of currently active mode and of transitions between modes could be dedicated to one location on display Consequences of breakdown in mode awareness fairly small Operators seemed able to detect and recover from erroneous actions relatively quickly
c ��������������������� ����� Mode Confusion General term for a class of situation−awareness errors High tech automation changing cognitive demands on operators Supervising rather than directly controlling More cognitively complex decision making Complicated, mode−rich systems Increased need for cooperation and communication Human−factors experts complaining about technology−centered automation Designers focus on technical issues, not on supporting operator tasks Leads to "clumsy" automation Errors are changing, e.g. errors of omission vs. commission ��������������������� ����� Mode Confusion (2) Early automated systems had fairly small number of modes. Provided passive background on which operator would act by entering target data and requesting system operations. Also had only one overall mode setting for each function performed. Indications of currently active mode and of transitions between modes could be dedicated to one location on display. Consequences of breakdown in mode awareness fairly small. Operators seemed able to detect and recover from erroneous c actions relatively quickly
Mode Confusion (3) eveson-259 Flexibility of advanced automation allows designers to develop more complicated, mode-rich systems Result was numerous mode indications spread over multiple displays each containing just that portion of mode status data corresponding to a particular system or subsystem Designs also allow for interactions across modes Increased capabilities of automation create increased delays between user input and feedback about system behavior. These changes have led to: Increased difficulty of error or failure detection and recovery Challenges to humans ability to maintain awareness of active modes armed modes interactions between environmental status and mode behavior interactions across modes Mode Confusion Analysis Identify"predictable error forms accidents and incidents simulator studies Model blackbox software behavior Identify modeled software behavior likely to lead to operator error Reduce probability of error occurring Redesign the automation Design appropriate HCl Change operational procedures and training
Mode Confusion (3) c ��������������������� ����� Flexibility of advanced automation allows designers to develop more complicated, mode−rich systems. Result was numerous mode indications spread over multiple displays each containing just that portion of mode status data corresponding to a particular system or subsystem. Designs also allow for interactions across modes. Increased capabilities of automation create increased delays between user input and feedback about system behavior. These changes have led to: Increased difficulty of error or failure detection and recovery Challenges to human’s ability to maintain awareness of active modes armed modes interactions between environmental status and mode behavior interactions across modes c ��������������������� ����� Mode Confusion Analysis Identify ‘‘predictable error forms’’ accidents and incidents simulator studies Model blackbox software behavior Identify modeled software behavior likely to lead to operator error. Reduce probability of error occurring: Redesign the automation Design appropriate HCI Change operational procedures and training