Ergonomics Society Annual Meeting Proceedings of ...

Proceedings of the Human Factors and Ergonomics Society Annual Meeting http://pro.sagepub.com/ Panel Discussion: New Directions in Human Reliability Analysis for Oil & Gas, Cybersecurity, Nuclear, and Aviation Harold S. Blackman, Ronald Boring, Julie L. Marble, Ali Mosleh and Najmedin Meshkati Proceedings of the Human Factors and Ergonomics Society Annual Meeting 2014 58: 601 DOI: 10.1177/1541931214581118 The online version of this article can be found at: http://pro.sagepub.com/content/58/1/601 Published by: http://www.sagepublications.com

On behalf of:

Human Factors and Ergonomics Society

Additional services and information for Proceedings of the Human Factors and Ergonomics Society Annual Meeting can be found at: Email Alerts: http://pro.sagepub.com/cgi/alerts Subscriptions: http://pro.sagepub.com/subscriptions Reprints: http://www.sagepub.com/journalsReprints.nav Permissions: http://www.sagepub.com/journalsPermissions.nav

>> Version of Record - Oct 17, 2014 What is This?

Downloaded from pro.sagepub.com at HFES-Human Factors and Ergonomics Society on October 23, 2014

Proceedings of the Human Factors and Ergonomics Society 58th Annual Meeting - 2014

601

Panel Discussion: New Directions in Human Reliability Analysis for Oil & Gas, Cybersecurity, Nuclear, and Aviation Harold S. Blackman, Boise State University, Ronald Boring, Idaho National Laboratory, Julie L. Marble, Office of Naval Research, Ali Mosleh, University of California Los Angeles (UCLA), Najmedin Meshkati, University of Southern California (USC) This panel will discuss what new directions are necessary to maximize the usefulness of HRA techniques across different areas of application. HRA has long been a part of Probabilistic Risk Assessment in the nuclear industry as it offers a superior standard for risk-based decision-making. These techniques are continuing to be adopted by other industries including oil & gas, cybersecurity, nuclear, and aviation. Each participant will present his or her ideas concerning industry needs followed by a discussion about what research is needed and the necessity to achieve cross industry collaboration. Drilling for Better Methods: Application of HRA to Oil and Gas Ronald Laurids Boring, PhD Idaho National Laboratory

Copyright 2014 Human Factors and Ergonomics Society. DOI 10.1177/1541931214581118

The human contribution to the safety of petroleum installations has long been a concern for the industry. In order to effectively manage risks and barriers, it is necessary to systematically evaluate human reliability. How can we identify these critical human actions? How can we predict the likelihood that they are carried out successfully, and thereby assure the integrity of the functional barriers? How can we identify conditions and scenarios under which these human actions are likely to fail? How can we make sure that risk information, including the human contribution to system dependability, is adequately considered when making operational and maintenance decisions? In the petroleum industry, quantitative risk analysis (QRA) has been used in order to predict the likelihood of failure. However, this has mainly been applied to events covering consequences of hydrocarbon releases and has been focused on technical barriers, even though existing risk analysis standards do require an analysis of human and organizational barriers. However, there has been no standardized method for how an HRA is performed, nor how human error probability (HEP) data should be integrated in the QRA. Even if a QRA method produces a risk quantification, quantification alone has little value for risk mitigation, since this needs to be based on qualitative findings. As part of the Petroleum-HRA project funded by the Norwegian Research Council and Statoil, we have begun exploring human HRA methods for analyzing the human contribution to safety. These methods have been developed within the nuclear industry to support probabilistic safety or risk analyses (PSA/PRA). They have also been applied in aviation and the medical domain. Recent application of HRA in oil and gas has revealed limitations of the approach, in part because the methods were developed specifically for nuclear applications. Despite these limitations, the HRA’s emphasis on human safety and human error make it a good candidate

for further use in the petroleum industry. The primary objective of this project is to test, evaluate and adjust HRA methods for use in quantifying the likelihood of human error and identifying the impact of human actions on the postinitiator barriers in the main accident scenarios in the petroleum industry. In my presentation, I will discuss lessons learned to date and provide an inventory of changes that are being made to HRA to make it compatible with petroleum applications.

HRA and Cybersecurity for DoD Julie L. Marble and Rebecca Goolsby Office of Naval Research Human reliability analysis is primarily used to identify vulnerabilities and give input into system design in high risk, highly complex environments, where the impact of human error can have significant consequences. These areas have primarily been nuclear power, medicine, aviation and space exploration. However, there is an area in which the impact of what could be termed human error and human inability to foresee the impact of actions is growing. In this area, human “error” is the greatest source of vulnerability, and the unintended impacts of human actions can have far reaching effects on multiple DoD systems, including Navy ships, surface operations, Unmanned Systems, as well as commercial impacts on SCADA systems, television and media, and even transportation. Currently, vulnerabilities are identified and exploited in part through human behavioral modeling, both complex as well as hit and miss tactics. Unlike the high-risk environments that are the focus of HRA, humans often do not accurately perceive the level of risk when they work in these environments. These environments are cyberspace and social media, and the complex system is cybersecurity. Traditional approaches to cybersecurity have focused on development on “bigger and better” intrusion detection systems. Yet, humans are the greatest source of cyber threats – users create vulnerabilities due to lack of situation awareness, and humans create threats to capitalize on user habits,



expectations, and ignorance. HRA techniques and tools could be used to identify which types of phishing tactics are most effective against sailors, when these tactics are most effective, and determine measures and tools that assist in reducing the vulnerability of the sailors to the tactics beyond broad application of policy or reduction in computer capabilities through the application and use of models of cognition and human reliability identify tools, methods, and techniques to counter the effectiveness of those tactics on decision makers. This research would need to expand beyond typical HRA assessment of sources of risk to leverage existing research on the identification of patterns of activity indicative of cyber tactics, to identify how those patterns appear to the decision maker (the operator on the watchfloor), and how these patterns can be made more salient to watchstanders. HRA to determine what makes phishing successful and to assist in the development of tools to support watchstander situation awareness would allow development of tools to reduce the vulnerabilities that derive from human error. This would assist in the narrowing of application of policy to true vulnerabilities, selection of more effective countermeasures, and increased rigor in decisions regarding cybersecurity. Cyber tactics happen in a context: location, time, the tactic’s, a user or defender’s past behaviors, and other cues such hypothesized network vulnerabilities provide valuable information and may help define and/or constrain possible intentions and their relative likelihoods. The Next Generation of HRA for Nuclear Applications Ali Mosleh University of California, Los Angeles (UCLA) A recurring concern with human reliability analysis in the nuclear industry lies in the sheer numbers of methods and the potential for variability that exists among them. Efforts are underway to develop new approaches that will directly address these concerns. Dynamic simulation-based approaches are one example of a probabilistic rusk assessment. Dynamic simulation-based approaches offer several key advantages over traditional “static” techniques such as traditional event tree-fault tree based methods. For example, dynamic simulation approaches can more realistically represent event sequence and timing, provide a better representation of thermal hydraulic success criteria, and permit more detailed modeling of operator response. One such method will be discussed and illustrated to highlight how dynamic methods can augment the insights obtained from a more traditional static risk assessment. We will point out how these methods are a more realistic treatment of operator actions and timing, as well as better supporting understanding of complex plant dependencies. Human Reliability in Aviation Safety

602

Najmedin Meshkati University of Southern California (USC) Human Reliability Analysis has been applied in a variety of ways to improve aviation safety. This includes classic analysis conducted examining procedures and crew performance in the cockpit. HRA also has a role to play in understanding the causes of the runway incursion accidents across the world. The applicability of the methods to better understand the major contributing human factors causes of runway incursions will be discussed. Improvements needed to the methods, data implications and the possibility for continued development of simulations will be discussed. Nevertheless, drawing upon my many years of teaching and conducting research on risk reduction and reliability enhancement of complex technological systems, including nuclear power, petrochemical and transportation industries, as well as teaching at the USC’s world-renowned 62-year old Aviation Safety and Security Programs, I am convinced that the impact of the socio-cultural milieu of commercial aviation on HRA in this industry is much more critical (and possibly, sometimes even vital) than at any other industry. I can name five severe aviation accidents with more than 950 combined fatalities wherein cultural factors were implicated as a major contributing factor [Tenerif - Runway Incursion – Canary Island, Sprain - 1977 (583 fatalities); Avianca 052 – Crash - New York – 1990 (73 fatalities); Korean Air 801 – Crash - Guam – 1997 (228 fatalities); The Überlingen mid-air collision – Switzerland – 2002 (71 fatalities); Asiana 214 – Crash - San Francisco -2013 (3 fatalities)] A seminal study by the FAA Human Factors Team on Interfaces between Flight Crews and Modern Flight Deck Systems, in 1996, has identified several “vulnerabilities” in flightcrew management of automation and situation awareness which are caused by a number of interrelated deficiencies in the current aviation system, such as: “Insufficient understanding and consideration of cultural differences in design, training, operations, and evaluation” (p. 4). This report’s recommendations for further studies (under the title of “Cultural and Language Differences”) include pilots’ understanding of automation capabilities and limitations; differences in pilot decision regarding when and whether to use different automation capabilities; and the effects of training, and the influence of organizational and national cultural background on decisions to use automation. The impact of cultural effects on aviation safety, e.g., crew resources management, cockpit automation, and cockpit-ATC interactions should be investigated and vigorously addressed, especially in light of the fact that major international airlines, such as Singapore, Emirates, and Etihad cockpits crews are increasingly drawn from many nationalities with different cultures . Understanding how systematically cultural factors



affect pilots’ reactions to flight deck automation and crew resources management, and their decisive impact on HRA will undoubtedly help aviation industry to improve safety of future flights.


603