As systems grow increasingly complex, the likelihood of mode confusion regarding automation and system processes also increases. Mode confusion stems from inaccurate mental models that lead operators to execute inappropriate control actions that result in losses. System Theoretic Process Analysis (STPA) is a holistic risk analysis method that examines the emergent properties of complex systems with interacting components. Such components may include humans, software, organizations, safety culture, and more. By allowing users to clearly understand controllers’ process models, STPA provides a methodology to identify sources of mode confusion and generate requirements to eliminate them. This paper presents an approach to conducting STPA that is tailored to issues of mode confusion in systems with interactions between human and automated controllers. Additionally, an example STPA is applied to the Boeing 777 autopilot system to illustrate how inappropriate feedback and mode confusion can be identified and prevented in complex systems.
Read full abstract