Design Requirements for an Integrated Task Support ...

Fourth American Nuclear Society International Topical Meeting on Nuclear Plant Instrumentation, Controls and Human-Machine Interface Technologies (NPIC&HMIT 2004), Columbus, Ohio, September, 2004

Design Requirements for an Integrated Task Support System for Advanced Human–System Interfaces Jacques Hugo PBMR (Pty) Ltd 1267 Gordon Hood Avenue, Centurion 0046, South Africa [email protected] Keywords: Task Support Systems, Human-System Interface, Control Rooms, Cognitive Complexity, Situation Awareness, Operational Control System 1. ABSTRACT Task Support Systems (TSS) are at the cutting edge of Human Factors Engineering (HFE), in industrial environments in general, and in Nuclear Power Plant (NPP) control room design in particular. As one of the leading new NPP designs, the Pebble Bed Modular Reactor (PBMR) will employ a state-of-the-art Control System. One of the most important innovations of this system will be the Human-System Interface (HSI), featuring an integrated TSS. This TSS will be vital to the operability and usability of the HSI, facilitating the simplified abstraction of system processes, the reduction of complexity and volume of information, and the availability of procedural support during non-routine conditions. In this paper, the key concepts underlying the design and development of a TSS as an integral part of the PBMR HSI are described. The components and core functionality of a TSS required to achieve the main objective of ensuring peak operator performance, safety and optimal system effectiveness during all operational conditions are also described. 2. THE PROBLEM 2.1 The effect of automation on the operator’s task Although nuclear power technology and processes have become more complex, advanced digital control system technology has the potential to simplify the representation of plant processes in the control room. The reduction of physical controls and analog instruments to computer-based controls and output devices has reduced the operator’s view on operational information to just a few computer screens. These displays are now typically mapped abstractly to processes, and not spatially to the physical plant as was customary in many older designs. In hybrid control rooms (that is, where existing plants are upgraded to a combination of digital and analog control system technology with both hard and soft controls in the control room), this has produced the so-called “keyhole effect”. This is due to the complex interface navigation caused by the mapping of the mass of information from existing processes, onto a limited display space. The result is that operators still need to view hundreds of different displays on just a few screens. However, with advanced computer-based designs, this approach is a valid complexity-reduction strategy, as long as it can be shown that the information architecture follows a task orientation and matches the operator’s mental model. In addition, this approach will ensure that the correct level of information is available during upset conditions.

(1)


2.2 Task complexity Automation is not only intended to make the operation of the plant safer, more economical and more reliable, it can also simplify the operator’s task significantly. The high level of automation in next-generation NPPs removes the operator even further from controlling discrete processes and even discrete machines, to rather managing overall plant performance and detailed diagnosis of performance to ensure investment protection and output optimization. This should simplify the operator’s job during normal operations. However, the danger of presenting abstract plant information in non-routine situations (that is, information not directly related to the behavior of machines) is that it can easily force the operator to search for discrete system information, thereby losing the big picture and failing to deal with the real cause of the problem. Although skilled operators have an innate ability to cope with complexity, research has shown that under unforeseen circumstances they find it difficult to use the facilities designed to access information in a structured manner to control the system (Rasmussen and Lind, 1981, p.9-15). To handle the difficulty of non-routine situations, the HSI must reduce the amount of information that the operator needs to access, while still ensuring accurate assessment of the cause of the condition and enabling rapid access to detail information when required. At the same time, the HSI must also support the distribution of tasks and responsibilities in the control room. This will satisfy the key objective of the design of the HSI for advanced control rooms: to support the operator’s primary task of monitoring and controlling the plant, without imposing an excessive workload associated with using the HSI (O’Hara et al., 2003, p. A-1). Designing the TSS without this understanding may easily create a task environment where the link between “information space” and “activity space” (operational information, tasks and procedures) during upset conditions becomes so tenuous that it may lead to breakdowns in situation awareness, with resulting errors and other mishaps (Benyon, 2001). 3. THE CASE FOR TASK SUPPORT 3.1 What is a TSS? Gloria Gery defines an “Electronic Performance Support System” (EPSS) as “an electronic system that provides integrated, on-demand access to information, advice, learning experiences, and tools to enable a high level of job performance with a minimum of support from other people” (Gery, 1991). A TSS is the industrial version of an EPSS and its implementation for the PBMR HSI is designed to help operators find and choose superior solutions to operational requirements. It can manipulate large amounts of task-related information in order to provide both a problem solving capability as well as learning and referencing opportunities. This will augment operators’ performance in the control room by providing information and concepts in either a linear or a non-linear way, as and when they are required, or prompted by the operational control system. The learning and referencing aspects in particular serve to enhance and reinforce the formal training conducted in the training simulator. 3.2 TSS research and development To date there has been limited work on true industrial task support systems. This work has evolved from the groundbreaking work in the early 1990s by Gloria Gery on EPSSs. Several

(2)


cognitive principles had been formulated at an early stage, notably the valuable contributions by Rasmussen and Lind (1981), Parasuraman and Mouloua (1996) and Sheridan (2002). One important concept that this early work had established was that the difficulty of a task is determined by the balance between the need for intrinsic skills and knowledge and the availability of extrinsic task aids. This is an oversimplification, but it means that the more a person is required to depend on long-term memory, procedural skills and motoric skills without the support of appropriate tools, the more the task is prone to inefficient execution and error. An extrinsic task aid thus aims to relieve the cognitive or physical burden imposed by the need for intrinsic skills and knowledge. There has, however, not been much research and development in advanced TSSs, and hardly any structural formalisms have resulted from this work. Formal guidance that exists to date for NPP TSSs is the limited information in Appendix A of NUREG-0700 Rev. 1, and Section 9 of Rev. 2. Most of this information has evolved from a considerable amount of research on Computer-based Procedure systems (CBPs) (e.g. NUREG/CR-6634 or NUREG/CR6749). Valuable guidance was also provided by research into operator support required during accident management as part of the Accident Management Support Project (see Wach, 1995). A number of important developments on computer-based operator support systems were undertaken, or are under way, but to date these have focused primarily on CBPs, for example the work done at the Halden Reactor Project and at the Korean Next Generation Reactor. 3.3 Why is task support important? The importance of TSSs derives from three trends associated with the need to design advanced HSIs: 1. Implementation of advanced digital technology in process control and control rooms, coupled

to a partial or complete elimination of hard controls, in favour of computer-based, or soft controls. 2. The exploding amount of technical information available to perform detailed analyses of plant performance, and the corresponding attempts to reduce the amount of information through abstraction. 3. The need to ensure plant and human safety and improve plant productivity and costeffectiveness. This includes ensuring effective operator performance during accident management. These three trends all lead to one single question: how can control room operators be supported to help them perform effectively under all operational conditions? The simple answer is that operators need facilities that offer the ability to select the resolution of representation and focus for any given operational state (Rasmussen and Lind (1981). This implies that the underlying operational control system should process operational data in such a way that a process can be represented in terms of its relationship to the overall plant state, and not only in the form of process flow or single failures. In this way, the operator is not burdened with the complexities of the HSI itself, but is able to deal with the plant in a structured, goal-directed way. This approach is vital to ensure that the operator is not burdened with unnecessary interface management tasks (see NUREG/CR-6690).

(3)


However, it is not enough to know the state of the plant or process. Because of the complexity of the goal structure associated with plant processes and procedures, it is impossible for an operator to keep the prescribed mitigating responses for low-frequency events in long-term memory (for example, procedures for an event that happens only once every six years, let alone events postulated to happen only once in 1 000 years!). The need to look up and perform the correct procedure in itself causes a significant cognitive load, which is one of the key arguments for a TSS. Rasmussen and Lind (1981) also point out that the situation is aggravated when such task-centric displays do not accurately match the system state, because the cognitive complexity immediately increases when the operator has to evaluate the HSI’s information processes (see also NUREG/CR-6690). 4. CHARACTERISTICS OF THE PBMR TSS 4.1 Plant characteristics The PBMR is a gas-cooled reactor that utilizes helium as the heat transport medium in a closed-loop Brayton cycle. This means that very few processes in this plant bear any resemblance to light water reactors. However, the essential control room operations do not differ significantly from conventional plants. Like most familiar NPPs, they are still characterized by operations ranging from simple and routine, to complex and exceptional, including: •

Controlling plant processes

•

Plant performance monitoring

•

Fault detection and diagnosis

•

Safety function monitoring

•

Core monitoring

•

Diagnosing unforeseen maintenance problems, etc.

4.2 The PBMR operator Although the generic tasks of a PBMR operator are very similar to those at conventional plants, at a lower level the tasks and corresponding information are very different due to the technology. These differences are characterized by the varying amount, type, frequency and semantic content of information generated by specific processes at different levels of automation (e.g. the energy conversion processes and the complex relationship between helium inventory, control rod position, thermal power and electrical power). These characteristics require a welldesigned combination of automation and operator intervention to ensure optimal electricity production and equipment protection. In addition, the low frequency of anticipated events and long intervals between planned events mentioned earlier clearly indicate that the operator needs support for long-term memory demands. 4.3 The PBMR TSS 4.3.1 Objectives of the TSS As described in NUREG-0700 Rev. 1, Appendix A, the principles underlying the design of a TSS address the characteristics of the HSI that support its use by control room operators, (4)


with particular reference to how tasks can be accomplished in more than one way, depending on the experience, frame of reference of a particular user, or operational conditions. A TSS integrated into the HSI offers an ideal solution to performance problems in modern control rooms, because of its five key objectives: 1. As an extrinsic task aid, it aims to improve operator performance and reliability by enabling

2.

3. 4. 5.

them to pay attention to higher-level objectives during normal operations, as well as safe state recovery during abnormal conditions (Wach, 1995b). A TSS comes into its own especially in low-frequency, non-routine tasks, particularly those anticipated in Beyond Design Basis Events or accident management, when the operator experiences extreme pressure to make accurate decisions to ensure human and environmental safety and protection of equipment. It supports the collection, synthesis, creation and communication of task-oriented information. It enables operators to get more done while making fewer mistakes. It optimizes the functionality of the automation system through a more rational allocation of tasks.

4.3.2 TSS requirements A study of the sources mentioned in this paper produced the following requirements for the PBMR TSS: •

Ensure that all operators in the control room are able to maintain optimum situation awareness by keeping them fully informed of plant state and trends at all times, including the state of automated processes at various levels of detail.

•

Assist operators in diagnosing faults and other occurrences.

•

Assist operators in executing procedures for effective process control and event management.

•

Assist operators in performing preventive and corrective maintenance tasks.

•

Assist operators in recovering from both planned and unplanned events.

•

Provide facilities for operators to monitor their own performance as well as for audit purposes.

These requirements apply in general to human factors engineering for control rooms. Like the rest of the HSI, the development of the TSS must also be based on a thorough Task Analysis. In addition, task simulations using a discrete event simulator such as Micro Saint should be performed and validated in the training simulator. 4.3.3 Essential functions A functional analysis of these requirements produced the following functions (refer to Table 1) that are considered essential for effective operator performance: Table 1: TSS Essential characteristics Function User interface

Description Intuitive, task-oriented interface design.

(5)


Domain-specific knowledge bases

Basic support functions Error prevention

Task-oriented menu/system structures and processes Consistent HSI component identification Consistent notification of system state Display and navigation metaphors

Knowledge base on NPP operations. Computer-based learning modules are included when the TSS is used in the training simulator. Task prompts, on-line reference facilities, computer-based procedures and user interface help. Rigorous validation of data entry, with extensive response judging and autocorrecting. Includes rule-based checking of operational rules as well as process feedback on mitigating actions. Interface architecture designed to match the task and mental model of the operator. Descriptive screens, field/label names, display, process, component and procedure identification. Intelligent, context-sensitive screen response and feedback. One of the most effective ways to avoid fragmentation of tasks and information is to use navigation metaphors that are closely associated with the operators’ mental model of the plant and processes to help visualize modes, states, components, processes and procedures wherever possible. The underlying principles of this concept are: •

Employ state-based as well as symptom-based procedures and high-level displays to ensure optimum situation awareness.

•

Reduce the amount of information displayed necessary to monitor system status.

Enable easy access to any part of the system with a minimum of operator interaction. The procedures and tasks corresponding to each active mode or state are displayed concurrently on the TSS display. Expert system- or neural network-based advisory systems (for example incorporating operational rules). Automatic updating of the knowledge base with information from every event. Support for the operator in maintaining effective communication with other staff. Also templates for reports, etc. •

Operational advice Knowledge base maintenance Communication support

4.3.4 TSS essential components The PBMR TSS is described as a separate system, but it is in fact so tightly integrated with the overall HSI that no such distinction is made from the operator’s point of view. In the normal use of the HSI, the operator may be presented with, or may manually invoke, any of the TSS functions listed above. Implementation of the principles and functions described above results in a number of support layers embedded in the HSI (the triangular shape in Figure 1 represents the proportional scope of the relevant layer):

(6)


HSI (Task & Control Environment)

On-line reference

r ito

Manual

Context-sensitive Procedure Guidance

n Mo ce

Automatic/ manual

Context-sensitive HSI Help layer

n ma fo r er

Automatic/ manual

UI Prompt layer P sk Ta

Operational Control System

Activation method

Automatic activation

Task Support Levels

Embedded Task Support System layers

Operational Advisory

Hardware controllers

Figure 1: Integration of task support into the HSI The TSS support layers correspond to the following six modules that could be used independently or integrated, depending on the particular needs of the operator and the plant: Table 2: Task support modules Module Name 1. UI Prompts 2. Context-sensitive HSI Help

3. Context-sensitive Process & Procedure Guidance

4. Operational Advisory System

5. On-line Reference System

Description Automatic display (prompt line) of information about the current active object on the interface. Information on the structure and use of the HSI, linked to the active mode, process, system or object. This level can either be invoked by the operator, or automatically invoked by certain HSI operations (as determined by the configuration in the HSI Operator Profile). This comprises the core of the Computer-based Procedures. It provides structured, context-sensitive guidance on operational procedures. This includes display of process paths (e.g. plant modes and states or Piping and Instrumentation Diagrams [P&IDs]) and the corresponding procedure steps. The module provides a drill-down facility to display progressively more information, as well as a zoom-in and zoom-out facility, or expanding and collapsing of levels of detail. This is a software agent-based module that provides knowledge-based advice as well as operational rules and policy. This module will enable the operator to engage in a human-like interaction with plant systems in order to elicit more complete information about the plant condition. Specific functions include signal validation and accident management guidance. This is a database of hypertext (cross-referenced and cross-linked) online documentation (operating manuals, technical manuals, etc.) with a powerful search engine and query facility.

(7)


Module Name 6. Task Performance Monitoring System

Description This optional subsystem monitors the operator’s performance according to task performance criteria as set up by the Supervisor or Senior Reactor Operator. It also tracks HSI usage and provides reports as determined by the supervisor. Part of this facility also handles the operator’s own performance and preference profiles, depending on permissions set up by the supervisor.

4.3.5 TSS architecture Although the TSS contains task-oriented advice, support and procedural examples, and although it can be used in the training simulator for HSI training, none of this can replace the formal operational training in the training simulator. The task support components broaden the focus to understanding the nature of the on-the-job operational requirements and the appropriate safety- or productivity-oriented responses. It also includes knowing how to optimally use the HSI support resources at the operator’s disposal. The integration of the task aids and peripheral support mechanisms described above in the HSI and the control system architecture can be depicted as shown in Figure 2:

Reports

SUPERVISOR

Maintain

Operator Personal Knowledge Base

6. Performance analyser (optional)

Expert operator productivity tools

Performance profiler

Performance Database

OPERATOR TSS Components 1. UI Prompts

TSS Knowledge Base

2. HSI Help subsystem

4. Advisory subsystem

3. Procedure Guidance subsystem

5. Reference subsystem

HSI Main Graphical User Interface (Process Portal + ActiveX components)

Human-System Interface

Data Sheets, Specifications, Operating Procedures Drawings, etc.

Figure 2: Integrated TSS architecture

(8)

External process/ plant/grid info

Aspect Server

Connectivity Server

Expert Optimizer (Neural Network)

OCS

Plant

Controllers


This architecture will not be discussed in detail, but it should be mentioned that it is based on the integration of certain custom features into an ABB OperateIT® architecture. 4.3.6 Adaptive support One of the characteristics of advanced NPP processes that further emphasizes the need for a different approach to the design of the HSI, is the need to keep the operator in the loop in the design of systems. The “operator-in-the-loop” notion is an obvious oversimplification, and should rather be considered within the framework of the overall automation philosophy. PBMR’s automation philosophy states that processes should be automated as far as practicable, with due consideration of the role of human factors, environmental conditions, safety requirements, and psychological requirements.

TSS Levels

2. Decision support & procedural guidance

Control Modes

Autonomous: Decide, select function and execute

1

2

3

4

5 Monitor only

-

1. Diagnostic support and operational guidance Veto system decision

Wait for operator 1 (manual)

3. Prompts and limited procedural guidance

Concur with system recommendation, give permission

Prompt for action 2

4. Decision rule prompts & Help only

Select option and execute

Recommend action 3

Semi-automatic control mode

Select function, 4 request permission

5. UI prompts only

Remote manual mode

Automation System Role: Level of Automation

Automatic: Select 5 function & execute

Local manual mode

+

Automatic control mode

At the highest level of operation, the PBMR HSI will follow the modes-and-states concept of operations. The PBMR HSI Operations Concept states that the operator’s role will be determined largely by the operational state of the plant (Normal Power Operation, Standby, Shutdown, Fuelled Maintenance, etc.). For the PBMR HSI we have therefore adopted the scheme of human involvement described by Sheridan (2002, p.62) in the definition of the TSS Interaction Modes. At every automation level, which generally corresponds to the plant’s operational state, there will be a corresponding operator role, with a corresponding level of task support. While a full description of this model is beyond the scope of this paper, the concept can be represented graphically as shown in Figure 3:

+

Level of Operator Autonomy Operator Role

Figure 3: Relationship between automation role, operator role and task support

(9)


Figure 3 shows that the more autonomous the operator role, the more task support is required, especially for non-routine operations. In contrast, the more autonomous the automation system, the smaller the role of the operator, and therefore less task support is required. 4.3.7 Future work Task Support Systems are relatively new in industrial environments, and extensive, very empirical research needs to be done on their true impact on operational effectiveness and the ideals of adaptive automation. Future implementations of TSSs also need to make provision for advanced concepts such as predictive simulation, inclusion of neural networks and intelligent operator response evaluation. In addition, it appears that current HSI development tools are hopelessly inadequate and they need some serious attention to usability. What is needed is a tool that makes provision for task-oriented navigation and seamless integration of modular TSS components into the HSI. Options for future, more advanced versions of TSS may include the capability to for operators to produce and refine their own, experience-based knowledge base that can be incorporated into the organizational information systems and applied and re-refined by the rest of the organization. At PBMR this system is still under development and will be subject to rigorous testing and evaluation in the training simulator. These tests will be conducted with competent operators to ensure that the TSS integrates seamlessly with the HSI and the operator’s task, and improves task effectiveness and efficiency. The system will also be evaluated after implementation during actual operations. These evaluations should serve as valuable feedback to designers of similar systems in advanced NPPs. 5. CONCLUSIONS This paper illustrates that the principles of task support are not really new; they are basically an evolution of the familiar concepts formulated for computer-based procedures and advanced HSIs. However, traditional approaches to the design of HSIs have clearly not yet succeeded in achieving these superior usability and performance ideals. They need to go far beyond the facilities currently offered. It is emphasized that thorough task analyses are essential to determine how the critical support functions will help to improve the effectiveness, efficiency and satisfaction with which control room operators can perform their tasks. The development of a TSS for the PBMR HSI opens up new possibilities for exploring the contribution of such facilities to the usability of the HSI, the improvement of operator performance, and overall plant performance and safety. ACKNOWLEDGMENTS The present work was performed as part of the design of the HSI for the Pebble Bed Modular Reactor for PBMR (Pty) Ltd. I wish to thank my colleagues Tim Norris, Leslie Bolton, Jan van der Westhuizen, Jan van Tonder, Brand Blignaut, Hein Engela, Denise Ansell and Brian Wigdorowitz for their expert advice and review of the paper.

(10)


REFERENCES Benyon, D.R. 2001. The new HCI? Navigation of Information Space, in Knowledge-based Systems, 14, 425-430. Børlo, T.J. and Berg, Ø. 1996. Use of computer-based operator support systems in control room upgrades and new control room designs for nuclear power plants. Proceedings of the ANS International Topical Meeting on Nuclear Instrumentation, Control and Human Machine Interface Technologies (NPIC&HMIT’96), Pennsylvania, USA, 1996. Bye, A., Berg, Ø. and Øwre, F. 1992. Operator Support Systems for Status Identification and Alarm Processing at the OECD Halden Reactor Project – Experience and Perspectives for Future Development. Proceedings of NEA/IAEA International Symposium on Nuclear Power Plant Instrumentation and Control, Tokyo, Japan, 1992. Gery, Gloria. 1991. Electronic Performance Support Systems. Ziff Institute, New York. O’Hara, J.M., Higgins, J.C. and Kramer, J. 2000. Automation Of Emergency Operating Procedures: Finding The Right Balance. International Topical Meeting on Nuclear Plant Instrumentation, Controls, and Human-Machine Interface Technologies (NPIC&HMIT 2000), Washington, DC, November, 2000. Parasuraman, R. and Mouloua, M. 1996. Automation and Human Performance. Lawrence Erlbaum, Mahwah, NJ. Rasmussen, J. & Lind, M. 1981. Coping with complexity. European Conference on Human Decision and Manual Control, 1981. Delft, The Netherlands. NUREG-0700: Human System Interface Design Review Guidelines, Rev. 1, 2. (O’Hara, J.M, Brown, W.S., Lewis, P.M. and Persensky, J.J. 2003). U.S. Nuclear Regulatory Commission, NY. NUREG/CR-6749: Integrating Digital and Conventional Human-System Interfaces: Lessons Learned from a Control Room Modernization Program. U.S. Nuclear Regulatory Commission, NY. NUREG/CR-6634: Computer-based Procedure Systems, Technical Basis and Human Factors Review Guidance (O’Hara, J.M, Higgins, J.C., Stubler, W.F. and Kramer, J. 2000). U.S. Nuclear Regulatory Commission. NUREG/CR-6690: The effects of interface management tasks on crew performance and safety in complex, computer-based systems: Detailed Analysis. (O’Hara, J.M, Brown, W.S., Lewis, P.M. and Persensky, J.J. 2002) U.S. Nuclear Regulatory Commission. Sheridan, T.B. 2002. Humans and Automation System Design and Research Issues. Wiley, Santa Monica, CA Wach, D. 1995. RCA Project Accident Management Support (AMS). Final Report, ISTec-A-135. Wach, D. 1995b. Variety of Tasks, Methods and Tools for Accident Management Support – Progress made in the AMS Project. AMS Final Report, 1995

(11)