Re: [SystemSafety] power plant user interfaces

From: Gergely Buday < >
Date: Mon, 13 Jul 2015 07:30:05 +0200


> You don't say what you have in mind with TMI.

Stone, Jarrett, Woodroffe and Minocha's book User Interface Design and Evaluation writes:

The Three Mile Island Nuclear Power Plant Disaster One of the most discussed issues during the early 1980s was the Three Mile Island nuclear power plant disaster. The incident nearly resulted in a meltdown
of the nuclear reactor. The cause of the incident was never conclusively deter-
mined, but experts, official bodies, and the media all blamed a combination of
operator error and bad interface design. In particular, much media attention and several official reports focused on the design of the control panels in the
process plant. The incident could have been prevented if the control panels had been designed to provide the operators with the necessary information to enable them to perform their tasks efficiently and correctly. The following are
just some of the interface problems that were identified: • A light indicated that a valve had been closed when in fact it had not. • The light indicator was obscured by a caution tag attached to another valve
controller.
 The control room alarm system provided audible and visual indication for more than 1500 alarm conditions. Evidently this number of alarms was intended to facilitate control of the entire plant during normal operating conditions. However, the layout and grouping of controls on the control panel had not been well thought out and so enhanced, rather than minimized,  operator error (Brookes, 1982; cited in Leveson, 1995). • A single “acknowledge” button silenced all the alarms at the same time, but
it was not used because the operators knew they would lose information if they silenced some of the alarms. There was simply no way for the operators to cancel the less important signals so that they could attend to the important  ones.
The root of the problem, therefore, seemed to be that the control panels did not support the task of serious error and incident recovery. The control panels
misinformed the operators. They did not indicate to the operators the true state
of affairs in the reactor plant, and they did not provide the necessary informa-
tion in a form that the operators could understand and use to rectify the situation.

--

So I look for papers on these bad designs and how to do it better.

- Gergely

On 13 July 2015 at 06:22, Peter Bernard Ladkin <ladkin_at_xxxxxx
wrote:


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 2015-07-12 21:00 , Gergely Buday wrote:
> > what is the basic literature on power plant user interfaces, especially
> if it is a nuclear
> > power plant?
>
> There is a sizeable literature on Human-Machine Interaction, HMI. It is an
> entire
> multidisciplinary field. Some people like to call it Engineering
> Psychology, some people Cognitive
> Science, others just Human Factors. There is a Human Factors and
> Ergonomics Society, which has
> members from all over the world, and runs an annual European conference
> https://www.hfes.org//Web/Default.aspx Its journal, Human Factors, has
> been established for many
> decades. Just for computers (HCI), there are ACM Transactions and an
> annual ACM conference. There
> is an annual UK BCS conference. In aviation, there is
>
> Besides Don Norman's classic, which is not a text, Chris Wickens has a
> well-established text on
> Engineering Psychology which is also not domain specific. Harold Thimbleby
> has a prize-winning
> text on HCI called Press On. Harold works primarily with medical devices,
> not process control.
>
> > I have learned that the Three Mile Island accident was partly due to
> errors in the control
> > interface.
>
> The word "error" is value-laden. If there is not an "error" then
> everything is alright - not......
>
> You don't say what you have in mind with TMI. There were features that
> contributed to the
> operators' misunderstanding the actual situation. There can be plenty of
> those without overt errors.
>
> One of the classics in plant control is putting key indicators in a
> position where an operator
> sitting at hisher intended position (usually a "console") cannot see them.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of
> Bielefeld, 33594 Bielefeld, Germany
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319 www.rvs.uni-bielefeld.de
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBCAAGBQJVozzxAAoJEIZIHiXiz9k+0bwH/0CNfhJAM4l0rkXvrXlCTeWW
> knmjf9AQ5UUMDJoAhJ1wAEA+h3cXbKWzJ9SiHwFtQH/ifEFF5M+Ck3cOLO+AqXMc
> 4VbIZIZawjn0eU3E+mGEwnB9s10fMS4RVHZl12kPqL4lBYmdn9+310hnVnnEE6bE
> 4h2si+hMqcluXM6BHqt24YVVyHZOMqPR/l/I0byZizDN9+emNhGNloBsk5Eb6RMv
> IX7lgemRArZI719PbZVUksGFvUkKyOaAtoBi2xLF6oVxlBq3K+Y2kBsq+azWAA5t
> LLBpeRp8V4ZFBIxhxKn1kLAIgrDl4Z+48aaMNymqE/vWYd4jUzrtTvqI5lVkvKE=
> =Qjfk
> -----END PGP SIGNATURE-----
> _______________________________________________
> The System Safety Mailing List
> systemsafety_at_xxxxxx >

_______________________________________________ The System Safety Mailing List systemsafety_at_xxxxxx
Received on Mon Jul 13 2015 - 07:30:16 CEST

This archive was generated by hypermail 2.3.0 : Thu Apr 25 2019 - 19:17:08 CEST