Accident models GOAL: Provide a framework for classifying factors leading to accidents and a system engineering methodology for handling them Some causes of dysfunctional interactions Asynchronous evolution · Inconsistent models inadequate or missing feedback time lags adequate engineering design activities etc Inadequate coordination among controllers and decision makers Boundary areas Overlap areas Accident Models Control Flaws Leading to Hazards Inadequate control actions(enforcement of constraints) Unidentified hazards Inappropriate, ineffective, or missing control actions for identified hazards o Design of control algorithm(process)does not enforce constraints o Process models inconsistent, incomplete, or incorrect (lack of linkup) Flaw(s)in creation process Flaws(s)in updating process(asynchronous evolution) Time lags and measurement inaccuracies not accounted for o Inadequate coordination among controllers and decision-makers (boundary and overlap areas) nadequate Execution of Control Action Communication flaw Inadequate actuator operation Inadequate or missing feedback Not provided in system design Communication flaw Inadequate sensor operation (incorrect or no information providedc ✎✞✝✞✏✄✝✞✍●☛✞✟☞✑❢❏✞❏❑❾ ￾✂✁✄✁✄☎✆✞✝✞✟✞✠✞✡☞☛✞✆✞✝✞✌✍ GOAL: Provide a framework for classifying factors leading to accidents and a system engineering methodology for handling them. Some causes of dysfunctional interactions: Asynchronous evolution Inconsistent models inadequate or missing feedback time lags inadequate engineering design activities etc. Inadequate coordination among controllers and decision makers Boundary areas Overlap areas c ✎✞✝✞✏✄✝✞✍●☛✞✟☞✑❢❏✞❏❑❿ ￾✂✁✄✁✄☎✆✞✝✞✟✞✠✞✡☞☛✞✆✞✝✞✌✍ Control Flaws Leading to Hazards Inadequate control actions (enforcement of constraints) Unidentified hazards Inappropriate, ineffective, or missing control actions for identified hazards Design of control algorithm (process) does not enforce constraints Process models inconsistent, incomplete, or incorrect (lack of linkup) Flaw(s) in creation process Flaws(s) in updating process (asynchronous evolution) Time lags and measurement inaccuracies not accounted for Inadequate coordination among controllers and decision−makers (boundary and overlap areas) Inadequate Execution of Control Action Communication flaw Inadequate actuator operation Time lag Inadequate or missing feedback Not provided in system design Communication flaw Time lag Inadequate sensor operation (incorrect or no information provided)