Sandia LabNews

Sandians take new approach to studying human failure in engineered systems


NEW APPROACH -- Chris Forsythe and Caren Wenner (12323) have come up with a new approach to studying how and why engineered systems fail due to the actions or inaction of humans.
NEW APPROACH — Chris Forsythe and Caren Wenner (12323) have come up with a new approach to studying how and why engineered systems fail due to the actions or inaction of humans.

Taking a lesson from nuclear weapons surety, Chris Forsythe and Caren Wenner of Sandia’s Statistics and Human Factors Dept. 12323 have come up with a new approach to studying how and why engineered systems fail due to the actions or inaction of humans.

“Instead of systematically trying to determine all the possible things a person might do wrong — the traditional method — we are looking at identifying the conditions and environmental factors that make any one of the universe of potential human failures more probable,” Chris says. “Mitigating these factors can lead to enhanced surety of engineered systems, such as nuclear weapons.”

The idea for the new way of studying human involvement in an engineered system — any system designed by humans to operate in a certain way and encompassing all combinations of hardware, software, and people, including systems that consist entirely of people — came to Chris and Caren last year while Chris was participating in the Labs’ Surety Textbook Project. That project has brought together people from across the Labs who work in areas of high consequence systems to determine nuclear weapons surety principles that cut across different environments.

“Surety involves assuring nuclear weapons safety, security, and reliability without precisely characterizing all possible threats,” Chris says. “It occurred to us that a similar approach might work for studying why people make mistakes when working in engineered systems.”

And since much of Sandia’s work involves engineered systems, understanding what causes people to fail when working in them is crucial.

The standard human factors technique for figuring out how to prevent error is to conduct a detailed analysis that attempts to establish a near-exhaustive list of everything that is likely to go wrong.

“After you’ve done this a long time, you get good at it,” says Chris, who has a PhD in cognitive psychology. “But it can be labor intensive. Also, you always miss some things. The problem that humans bring to systems is the infinite number of ways they can fail. You can never hope to anticipate all that can go wrong.”

Instead of focusing on the output, the errors, Chris and Caren are concentrating on input, what causes failure. Their goal is to identify and correct the conditions that make errors more likely to occur.

They call their method the Organic Model — organic because an engineered system grows, changes, and becomes more vulnerable with each human interaction. They recognize that the introduction of humans in an engineered system actually causes the entire system to take on organic properties (properties that are associated with all living systems) and that to fully evaluate the performance, safety, and security of a system, these properties must be considered.

“All engineered systems have a human footprint,” Chris says. “Humans design, build, and maintain the system. There’s no getting the human factor out of an engineered system.”

In studying engineered systems and the methods employed by engineers and laypersons to understand and explain their failures, they’ve noted a number of common misconceptions concerning the humans’ role in a system. One of the more common misconceptions is that humans operate like machines. And like simple machines, their potential failures may be determined through a systematic step-by-step analysis. This creates the illusion that the human component of an engineered system is easily understood, much like deducing the failure modes of a simple gear shaft or electrical circuit.

“The truth is that humans — with their emotions, intelligence, cognitive processes, and social behaviors — are the most complex and least understood part [of an engineered system], susceptible to a more diverse range of failure modes than any other component,” Caren says. “The result is that you can never know for sure how a human may contribute to a system’s failure. However, the human factors community does have a good understanding of human limitations and external conditions that make such failures more likely to occur.” Another misconception is that certain failures are random. For example, in tightening a series of 28 screws, why was the tenth screw overlooked and not the 15th or 20th? Or after five years driving to work by the same route, why would one suddenly, unconsciously get in the wrong lane, turn on the turn signal, and make a wrong turn?

“These types of errors occur for no apparent reason and create an impression that they are unexplainable, a consequence of a random behavioral process,” Caren says.

An assumption that these acts are random may mask systemic problems. Also, while the exact same behavior may never reoccur, other completely different unintended behaviors may follow as a result of the same systemic problems.

Yet another implicit assumption often observed is that people are constant and that their level of performance is constant, again, much like a machine. In reality people are biological entities, and like other organic systems they exhibit constant fluctuations and are susceptible to perturbations. Caren and Chris see this in the variation in performance across the course of a day and the effects of emotional events on behavior.

Taking into account that a primary effect of humans on an engineered system is the introduction of variability to the system, Caren and Chris ask two fundamental questions — what are factors that cause variability and when is a system intolerant of variability? In addition, although the goal is obviously to reduce the potential for error, it is equally important to understand the potential impact of errors that do occur, and to mitigate this impact where possible, Caren says.

For example, Caren and Chris might go to a production site to assess a system’s vulnerability. While their analysis will pinpoint many likely human errors, much of their attention will focus on conditions that make human error more probable in general. Simple examples might include consideration of the number of people working rotating shifts in critical areas, overtime hours, and if the work is externally or self-paced — all factors that could contribute to any one of a million possible mistakes by humans.

Caren and Chris are building on work started more than 20 years ago by Sandian Alan Swain, who wrote the Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications, which has become a basic guide for many in the human factors field. This was one of the first publications in human factors to focus on conditions in the environment that make people fail, and not exclusively on how to improve human performance, making it faster and better. Since the 1970s, human reliability has remained a core competency at Sandia.

Chris says their new approach is causing excitement among those in the human factors field. It is recognized as innovative. Chris and Caren have received invitations to discuss this work in professional arenas and have plans to conduct a workshop at the Annual Human Factors and Ergonomics Society Meeting in San Diego. In fact, an organic perspective on humans may be the next big paradigm shift in human factors, he says.

“In the 1980s the human factors field saw a paradigm shift moving to a focus on cognitive processes, where before it primarily focused on perceptual-motor skills,” he says. “It appears the next big shift will be to focus attention on the human as a biological entity.”

Last modified: January 26, 2000