STPA-based Model of Threat and Error Management in Dual Flight Instruction

Similar documents
STPA Applied to Automotive Automated Parking Assist

System Theoretic Process Analysis of a Pharmacovigilance Signal Management Process

When communication breaks down. The case of flight AF 447

UPRT in FSTDs and Aeroplanes

What s That Beeping? What s that beeping.mp4 video

Studying the psychology of decision making during unstable approaches and why go-around policies are ineffective.

(Aircraft) CASE STUDY

Measuring Distribution of Attention as a Part of Situational Awareness - a Different Approach

Fatigue Risk Management

Managing Vigilance, Distraction, & Boredom in the Cockpit

THE STAMP PYRAMID: Vertical Thinking for Leverage in a Horizontally Focused World. April 19, 2012 STAMP/STPA Workshop

Improving flight safety through analysis of spatial disorientation incidents

Psychological tests for pilots

Inspiring the Decision to Go Around

THE CHALLENGES OF MANAGING CONCURRENT AND DEFERRED TASKS. Dr. R. Key Dismukes NASA Ames Research Center Moffett Field, CA

Research Review: Multiple Resource Theory. out in multi-task environments. Specifically, multiple display layout and control design

COPING WITH OVERLOAD

HUMAN PERFORMANCE & LIMITATIONS

Applying Human Mental Model to STAMP/STPA

Emergency Descent Plans, Procedures, and Context

COMMENT RESPONSE DOCUMENT

Pre-Flight Briefing (Helicopters) Student Pilot s Work Book

Applying STPA to the Artificial Pancreas for People with Type 1 Diabetes

PDF created with FinePrint pdffactory Pro trial version

INDIVIDUAL PILOT FACTORS PREDICT DIVERSION MANAGEMENT DURING A SIMULATED CROSS- COUNTRY VFR FLIGHT

A COMPARATIVE ANALYSIS OF SAGAT AND SART FOR EVALUATIONS OF SITUATION AWARENESS

Operational investigation of TCAS reports by pilots

mycopter: Enabling Technologies for Personal Aerial Transportation Systems

See highlights on pages 1-4

Standards Manager Web Standards List JAA-Joint Aviation Authorities

RandoxTesting Services & The Aviation Industry. Gary McCutcheon RTS General Manager

The Human as Hero and Hazard. Human Factors

Early Interventions After Critical Incidents Application

INVESTIGATING ISSUES OF DISPLAY CONTENT VS. CLUTTER DURING AIR-TO-GROUND TARGETING MISSIONS

Post Incident Support for Air Crew An Operator s Experience

Pilot Decision Making

Hazard Perception and Reporting

COGNITIVE ERGONOMICS IN HIGHLY RELIABLE SYSTEMS

Implementation from an Airline Perspective: Challenges and Opportunities

IMPROVING SAFETY: FATIGUE RISK MANAGEMENT

Designing for Situation Awareness -the world behind the glass- EUROCONTROL scientific seminar January 21, 2011 prof dr ir Max Mulder

Eurocopter Maintenance Failure:

HOW HUMAN-MACHINE TEAMS CREATE, EXPLAIN, AND RECOVER FROM COORDINATION BREAKDOWNS: A SIMULATOR STUDY OF DISTURBANCE MANAGEMENT ON MODERN FLIGHT DECKS

Common Procedural Execution Failure Modes during Abnormal Situations

Managing Startle & Surprise PACDEFF 2016 Edzard Boland. A KLM and NLR project, commissioned by EASA

Acknowledgements. Would you fly with this pilot/cabin crew (HIV) Dr Ewan Hutchison (UK) Dr Ries Simons (Netherlands) Dr Teresa Bassey (Nigeria)

What should we look at and what should we learn from? A Resilience Engineering / Safety-II perspective

Running head: PERSONALITY ASSESSMENTS AS PREDICTORS

Shift Work, Sleep, Health, Safety, and Solutions. Prof Philippa Gander PhD, FRSNZ Sleep/Wake Research Centre Massey University

Fatigue Risk Management at easyjet a case study. By Scott Derbyshire and Phil Barton

Risk Perception Among General Aviation Pilots

Robson Forensic Engineers, Architects, Scientists & Fire Investigators

Fatigue and Its Effect on Cabin Crew Member Performance

The Role of Checklists on Improving Safety in Radiation Oncology. Luis E. Fong de los Santos, Ph.D.

The Canadian National System for Incident Reporting in Radiation Treatment (NSIR-RT) Taxonomy March 11, 2015

The Correlation between Sex, Age, Educational Background, and Hours of Service on Vigilance Level of ATC Officers in Air Nav Surabaya, Indonesia

I just didn t see it It s all about hazard perception. Dr. Robert B. Isler Associate Professor School of Psychology University of Waikato Hamilton

Advisory Circular. U.S. Department of Transportation Federal Aviation Administration

Application of ecological interface design to driver support systems

Crew Resource Management

ERGONOMICS FORUM. Gavin McKellar 4

Claude Preitner FRNZCGP FACASM

SUPPORTING TIMESHARING AND INTERRUPTION MANAGEMENT THROUGH MULTIMODAL INFORMATION PRESENTATION

Dr Claude Preitner. Senior Medical Officer Civil Aviation Authority of New Zealand

Identification of human factors criteria to assess the effects of level crossing safety measures

On Preventing Telephony Feature Interactions which are Shared-Control Mode Confusions

SPECIALIZED MAINTENANCE ACTIVITIES: WELDING AND NON DESTRUCTIVE TESTING OF AERONAUTICAL PRODUCTS

CS-25 AMENDMENT 20 CHANGE INFORMATION

Comparison of the FMEA and STPA safety analysis methods a case study

DIRECCION DE PERSONAL AERONAUTICO DPTO. DE INSTRUCCION PREGUNTAS Y OPCIONES POR TEMA

Flightfax R Online newsletter of Army aircraft mishap prevention information

Telephone (603) Facsimile (603)

Personal Aerial Vehicles A world in motion

Dissonance Between Multiple Alerting Systems Part I: Modeling and Analysis

Implementing Fatigue Risk Management System

The organisational (departmental) responsibilities include standards for rest facilities and a rating scale for rest culture. For each of these:

Human Performance Improvement Through a Just Culture. Joel E. Heim Manager, Training & Development

Using Statistical Intervals to Assess System Performance Best Practice

Explaining Sarter & Woods Classical Results. The Cognitive Complexity of Pilot-Autopilot Interaction on the Boeing 737-EFIS.

What is a control? What are critical controls?

The Effects of Age and Distraction on Reaction Time in a Driving Simulator

Automatic Fault Tree Derivation from Little-JIL Process Definitions

RAA Convention Fatigue Science Initiatives

Critical Flight into Emotional Terrain

A Valid and Reliable Safety Scale for Passenger s Perceptions of Airport Safety

CONCURRENT TASK MANAGEMENT AND PROSPECTIVE MEMORY: PILOT ERROR AS A MODEL FOR THE VULNERABILITY OF EXPERTS

The effects of stress on pilot reactions to unexpected, novel, and emergency events

Prevention of Medical Errors: Concepts and Tools. Perry Johnson, PhD April 30, 2016

Role of Stimulus Control in OBM

Elmendorf Aero Club May 2007 Rev 1 CESSNA 182 TEST. 2. The engine is a Continental O-470-U and rated at what horsepower?

Office of Aerospace Medicine

Adaptation of Airline Crew Resource Management Principles and Checklists to Dentistry. Mark Pinsky DDS 29 May 2015

OBJECTIVE EVALUATION OF HUMAN PILOT OPERATIONS IN WIND SHEAR USING PSYCHOPHYSIOLOGICAL MEASUREMENTS

Fatigue Risk Management

The use of a simulator for the treatment of the fear of flying

Optimum Body and Leg Extension Selection in PLS CADD

Data Collection Best Practices How to Manage Common Missteps

German Air Force Aeromedical Service

Human Factors. Session Objectives

Getting Kirkpatrick Evaluation Right Case Examples and Tips from Practitioners

Transcription:

STPA-based Model of Threat and Error Management in Dual Flight Instruction Ioana Koglbauer Graz University of Technology, Austria koglbauer@tugraz.at

Threat and Error Management (TEM) Currently the Authorities (EASA, 2011; ACG, 2014) identify TEM as a key ability of: Pilots Flight instructors Flight examiners

The framework of Threat and Error Management (Helmreich, Klinect & Wilhelm, 1999) 3

Threat and Error Management (TEM) in Practice (Klinect, 2005) N=2612 Observations (10 Airlines) Average Freq. Range (10 Airlines) Number of errors Frequent error types Flight Crew Errors 80% 62-95% 7257 Use of automation (25% of flights) Systems/Instruments/Radio (24%) Checklist (23%) Manual aircraft handling (22%) Crew communication with others(22%) Error Mismanagement 27% 18-47% 1825 Manual handling (79% mismanaged) Ground navigation (61%) Automation (37%) Systems/Instruments/Radio (37%) Checklist (15%) Dr. Ioana Koglbauer 4 STAMP Workshop MIT 2017

TEM in Practice (Klinect, 2005) N=2612 Observations (10 Airlines) Undesired Aircraft State Average Freq. Range (10 Airlines) No. of errors Frequent errors types (across 10 airlines) 34% 24-51% 1347 Incorrect systems configuration (9% of flights) Incorrect automation configuration (6%) Speed deviations (high speed) (6%) Unstable approach (5%) Vertical deviations (3%) Undesired Aircraft State Mismanagement 13% 5-20% 175 Unstable approach/no go-around (98% mismanaged) Incorrect systems configuration (8% of flights) Incorrect automation configuration (8%) Incorrect flight controls configuration (8%) Lateral deviation (7%) Dr. Ioana Koglbauer 5 STAMP Workshop MIT 2017

STPA-based model of TEM in flight instruction Goal: provide effective flight training Accident: injury, loss of life, damage of aircraft or property Hazards: Maneuvering the aircraft outside the safety envelope (undesired aircraft state) Violating separation from other aircraft, terrain, obstacles Safety constraints: The aircraft must be maneuvered within the safety envelope Separation from other aircraft, terrain, obstacles must be maintained The FI must assist the trainee in enforcing these safety constraints The FI must take over the control to enforce these safety constraints if necessary Dr. Ioana Koglbauer 6 STAMP Workshop MIT 2017

STPA-based model of TEM in flight instruction (Koglbauer, 2016) Higher Level Controller Process Model Control actions Information/ feedback Instructor Mental Model Control Actions Trainee Mental Model Automation Process Model Information/ Feedback Other controllers Flight Operation Disturbances Time Space Dr. Ioana Koglbauer 7 STAMP Workshop MIT 2017

Generic unsafe control actions (UCAs) (Koglbauer, 2016) Control Action CA causes hazard Lack of CA causes hazard CA too early/ too late/ wrong sequence CA too long or too short causes hazard Instructor UCAs Conflicting or uncoordinated control inputs; Does not provide a CA or does not take over the control Provides control inputs too late; Takes over the control too late; Provides too short or too long CA Trainee UCAs Provides inadequate CAs Does not perform a required CA; Does not follow the instructor s command Provides CA too early, too fast, too late or in the wrong sequence; Provides too short or too long control inputs; Other controllers CA causes hazard Lack of CA causes hazard CA too early/ too late/ wrong sequence CA too long or too short 8

Categories of multiple CAs (Leveson, 2011) Higher Level Controller Process Model Control actions Instructor Mental Model Information/ feedback Only one safe control action is provided (e.g., FI gives a command, the trainee does not act or the trainee manages the attitude but the automation does not add thrust) Control Actions Other controllers Trainee Mental Model Automation Process Model Flight Operation Disturbances Information/ Feedback Time Space Multiple safe control actions are provided (e.g., stick inputs) Both safe and unsafe control actions are provided (e.g., go-around attitude and inadequate thrust) Only unsafe control actions are provided (e.g., the trainee is flying below the glide path and the FI commands a go-around too late) Dr. Ioana Koglbauer 9 STAMP Workshop MIT 2017

STPA-based TEM model for flight instruction (Koglbauer, 2016) Higher Level Controller (In)adequate Process Model (In)adequate control actions (In)adequate information/ feedback (In)adequate, missing, delayed, verbal instructions or direct actions (Un)coordinated, conflicting control actions (In)adequate, missing, delayed, communication or control actions Control inputs too early, too late, too short, too long, out of sequence (In)adequate, missing, delayed, control actions Flight Instructor (In)correct Mental Model Trainee (In)correct Mental Model Automation (In)correct Process Model (In)adequate, missing, incomplete, incorrect, delayed information/ feedback (In)adequate, missing, incomplete, incorrect, delayed information/ feedback (In)adequate, missing, incomplete, incorrect, delayed information/ feedback Other controllers Conflicting Uncoordinated CAs Flight Operation Disturbances Time Space 10

How control actions can be uncoordinated (Leveson, 2011) Misconception of the situation Miscommunication between FI, trainee, other controllers FI s overconfidence in automation, trainee Unclear responsibility Delayed control under pressure/ desire to let the trainee fly Satisfaction by other controllers actions (e.g., CA initiated, does not check for feedback) Confusion by other controllers unexpected control actions Etc. Dr. Ioana Koglbauer 11 STAMP Workshop MIT 2017

Scenario 1: The FI takes over the control too late (Koglbauer, 2016) Ex. go-around This scenario could occur in following situations: The FI relies too much on inadequate feedback received from the trainee and detects too late that trainee s CAs do not have the expected effect, The FI has an inadequate feedback from automation, believes that the automation will handle some parameters and detects too late that it does not, or The FI has an inadequate mental model for anticipating the trainee s errors, The FI has an inadequate mental model of the parameters which require her/ his intervention during a mismanaged unstable approach; The FI is confused by unexpected control actions of the trainee or of the automation The FI is distracted, fatigued 12

Example: Measures for avoiding scenario 1 (Koglbauer, 2016) The FI monitors the flight situation, instruments, automation and the trainee and avoids distraction; The FI double-checks the information and feedback provided by the trainee and automation; The FI is trained to anticipate trainees errors; The FI specifies or receives from her/ his organization procedures that specify parameters for taking over the control The FI considers factors that could delay her/ his CAs (e.g. fatigue, high workload) and reacts earlier than usual (e.g., go-around at 600 or 700 ft instead of 500ft) The FI receives recurrent training on these tasks The management re-evaluates the procedures over time 13

Scenario 2: The trainee provides too short CA and brings the aircraft in a hazardous state For example the trainee stops too soon to reduce thrust, resulting in an unstable approach. This scenario could occur in following situations: The trainee does not monitor the instrument indications for feedback because she or he uses an inadequate scanning pattern, or is distracted, or The trainee has an inadequate mental model: of how to adequately apply the control inputs for anticipating the effects of her/ his control inputs, or of the required parameters for the approach, or of automation and believes that the automation will handle some parameters when it does not (Koglbauer, 2016) Dr. Ioana Koglbauer 14 STAMP Workshop MIT 2017

Example: how can scenario 2 be avoided? (Koglbauer, 2016) The FI provides information, checks and gives feedback about the trainees : scanning pattern anticipation of effects of her/ his control inputs knowledge of the flight parameters used in approach mental model of the automation used in the particular type of aircraft The instructor repeats the above actions until the trainee consistently demonstrates an appropriate behavior The FI manages the learning environment: long and short briefings, debriefings, simulators (e.g., cockpit simulator, flight simulator, simulation of scenarios of unstable approaches and practices the necessary corrections with the trainee), flight training area, altitude etc. 15

Conclusions The STPA-based model of TEM for flight instruction is more comprehensive and gives a new perspective to the whole instruction process Addressing safety issues with STPA has a positive effect on the training quality The FI candidates like the STPA-based model this the first time I see a model which is really useful Future work with the STPA-based TEM model: Refine the scenarios Develop training programs in a research project with the management Identify complex scenarios for pilot, instructor, and examiner, CRM training 16

Literature ACG AustroControl (2014). Flight Examiner s Manual for Aeroplanes and Helicopters. Doc. HB LSA PEL 002, Version 5.0. EASA (2011). Acceptable Means of Compliance and Guidance Material to Part FCL. Helmreich, R. L., Klinect, J. R., & Wilhelm, J. A. (1999). Models of threat, error, and CRM in flight operations. In R. Jensen (Ed.) Proceedings of the 10th International Symposium on Aviation Psychology. Columbus, OH: The Ohio State University, 677-682. Klinect, J.R. (2005). Line Operations Safety Audit: A cockpit observation methodology for monitoring commercial airline safety performance. Dissertation Thesis, University of Texas, Austin. Koglbauer, I. (2016). A System-Theoretic Model of Threat and Error Management in Flight Instruction. In V. Chis & I. Albulescu (Eds.) The European Proceedings of Social & Behavioural Sciences, 241-248. Leveson, N. (2011). Engineering a safer world. Cambridge, MIT Press.

2024 © healthdocbox.com Privacy Policy | Terms of Service | Feedback