Resilience Engineering Notes
Clone or download
Latest commit 82be1ab Jan 13, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md doyle summary Jan 13, 2019
STAMP.md numbering Dec 30, 2018
boundary.graffle add rasmussen stuff Dec 30, 2018
boundary.png add rasmussen stuff Dec 30, 2018
risk-management-framework.graffle add risk management framework Jan 1, 2019
risk-management-framework.png add risk management framework Jan 1, 2019

README.md

Resilience Engineering notes

This file contains notes about people active in resilience engineering, organized alphabetically. I'm using these notes to help me get my head around the different players and associated concepts.

For each person, I list concepts that they reference in their writings, along with some of their publications. The publications listed aren't comprehensive: they're ones I've read or have added to my to-read list.

John Allspaw

Allspaw is the former CTO of Etsy. He applies concepts from resilience engineering to the tech industry. He is one of the founders Adaptive Capacity Labs, a resilience engineering consultancy.

Selected publications

Lisanne Bainbridge

Bainbridge is (was?) a psychology researcher. (I have not been able to find any recent information about her).

Contributions

Ironies of automation

Bainbridge is famous for her Ironies of automation paper, which continues to be cited.

Concepts

  • automation
  • design errors
  • human factors/ ergonomics
  • cognitive modelling
  • cognitive architecture
  • mental workload
  • situation awareness
  • cognitive error
  • skill and training
  • interface design

Selected publications

Johan Bergström

Bergstrom is a safety research and consultant. He runs the Master Program of Human Factors and Systems Safety at Lund University.

Concepts

  • Analytical traps in accident investigation
    • Counterfactual reasoning
    • Normative language
    • Mechanistic reasoning

Selected publications

Videos

Todd Conklin

Conklin's books are on my reading list, but I haven't read anything by him yet. I have listened to his great Preaccident investigation podcast.

Selected publications

Richard I. Cook

Cook is a medical doctor who studies failures in complex systems. He is one of the founders Adaptive Capacity Labs, a resilience engineering consultancy.

Concepts

  • complex systems
  • degraded mode
  • sharp end / blunt end
  • Going solid
  • Cycle of error

Selected publications

Sidney Dekker

Contributions

Drift into failure

Dekker developed the theory of drift, characterized by five concepts:

  1. Scarcity and competition
  2. Decrementalism, or small steps
  3. Sensitive dependence on initial conditions
  4. Unruly technology
  5. Contribution of the protective structure

Concepts

  • Drift into failure
  • New view vs old view of human performance
  • Just culture
  • complexity
  • broken part
  • Newton-Descartes
  • diversity
  • systems theory
  • unruly technology
  • decrementalism

Selected publications

John C. Doyle

Doyle is a control systems researcher. He is seeking to identify the universal laws that capture the behavior of resilient systems, and is concerned with the architecture of such systems.

Concepts

  • Robust yet fragile
  • Universal laws and arcthitectures
  • conservation laws
  • universal architectures
  • layered architectures
  • Highly optimized tolerance
  • constraints that deconstrain

Selected publications

Anders Ericsson

Ericsson introduced the idea of deliberative practice as a mechanism for achieving high level of expertise.

Ericsson isn't directly associated with the field of resilience engineering. However, Gary Klein's work is informed by his, and I have a particular interest in how people improve in expertise, so I'm including him here.

Concepts

  • Expertise
  • Deliberative practice
  • Protocol analysis

Selected publications

Meir Finkel

Finkel is a Colonel in the Israeli Defense Force (IDF) and the Director of the IDF's Ground Forces Concept Development and Doctrine Department

Selected publications

Erik Hollnagel

Contributions

ETTO principle

Hollnagel proposed that there is always a fundamental tradeoff between efficiency and thoroughness, which he called the ETTO principle.

Safety-I vs. Safety-II

Safety-I: avoiding things that go wrong

  • looking at what goes wrong
  • bimodal view of work and activities (acceptable vs unacceptable)
  • find-and-fix approach
  • prevent transition from 'normal' to 'abnormal'
  • causality credo: believe that adverse outcomes happen because something goes wrong (they have causes that can be found and treated)
  • it either works or it doesn't
  • systems are decomposable
  • functioning is bimodal

Saefty-II: performance variability rather than bimodality

  • the system’s ability to succeed under varying conditions, so that the number of intended and acceptable outcomes (in other words, everyday activities) is as high as possible
  • performance is always variable
  • performance variation is ubiquitous
  • things that go right
  • focus on frequent events
  • remain sensitive to possibility of failure
  • be thorough as well as efficient

FRAM

Hollnagel proposed the Functional Resonance Analysis Method (FRAM) for modeling complex socio-technical systems.

Concepts

  • ETTO (efficiency thoroughness tradeoff) principle
  • FRAM (functional resonance analysis method)
  • Safety-I and Safety-II
  • things that go wrong vs things that go right
  • causality credo
  • performance variability
  • bimodality
  • emergence
  • work-as-imagined vs. work-as-done

Selected publications

Gary Klein

Klein studies how experts are able to quickly make effective decisions in high-tempo situations.

Concepts

  • naturalistic decision making (NDM)
  • intuitive expertise
  • cognitive task analysis

Selected publications

Nancy Leveson

Nancy Leveson is a computer science researcher with a focus in software safety.

Contributions

STAMP

Leveson developed the accident causality model known as STAMP: the Systems-Theoretic Accident Model and Process.

See STAMP for some more detailed notes of mine.

Concepts

  • Software safety
  • STAMP (systems-theoretic accident model and processes)
  • STPA (system-theoretic process analysis) hazard analysis technique
  • CAST (causal analysis based on STAMP) accident analysis technique
  • Systems thinking
  • hazard
  • interactivy complexity
  • system accident
  • dysfunctional interactions
  • safety constraints
  • control structure
  • dead time
  • time constants
  • feedback delays

Selected publications

Elinor Ostrom

Ostrom was a Nobel-prize winning economics and political science researcher.

Selected publications

Concepts

  • tragedy of the commons
  • polycentric governance
  • social-ecological system framework

Jean Pariès

Pariès is the president of Dédale, a safety and human factors consultancy.

Selected publications

Emily Patterson

Patterson is a researcher who applies human factors engineering to improve patient safety in healthcare.

Selected publications

Charles Perrow

Perrow is a sociologist who studied the Three Mile Island disaster.

Concepts

  • Normal accidents
  • Common-mode

Selected publications

Shawna J. Perry

Perry is a medical researcher who studies emergency medicine.

Concepts

  • Underground adaptations
  • Articulated functions vs. important functions
  • Unintended effects
  • Apparent success vs real success
  • Exceptions
  • Dynamic environments

Selected publications

Jens Rasmussen

Jens Rasmussen was a very influential researcher in human factors and safety systems.

Contributions

Skill-rule-knowledge (SKR) model

TBD

Dynamic safety model

Rasmussen proposed a state-based model of a socio-technical system as a system that moves within a region of a state space. The region is surrounded by different boundaries:

  • economic failure
  • unacceptable work load
  • functionality acceptable performance

Migration to the boundary

Source: Risk management in a dynamic society: a modelling problem

Incentives push the system towards the boundary of acceptable performance: accidents happen when the boundary is exceeded.

AcciMaps

TBD

Risk management framework

Rasmussen proposed a multi-layer view of socio-technical systems:

Risk management framework

Source: Risk management in a dynamic society: a modelling problem

Concepts

  • Dynamic safety model
  • Migration toward accidents
  • Risk maangement framework
  • Boundaries:
    • boundary of functionally acceptable performance
    • boundary to economic failure
    • boundary to unnaceptable work load
  • Cognitive systems engineering
  • Skill-rule-knowledge (SKR) model
  • AcciMaps
  • Means-ends hierarchy
  • Ecological interface design
  • Systems approach
  • Control-theoretic
  • decisions, acts, and errors
  • hazard source
  • anatomy of accidents
  • energy
  • systems thinking
  • trial and error experiments
  • defence in depth (fallacy)
  • Role of managers
    • Information
    • Competency
    • Awareness
    • Commitment
  • Going solid

Selected publications

James Reason

Reason is a psychology researcher who did work on understanding and categorizing human error.

Contributions

Swiss cheese model

Reason developed the swiss cheese model of accidents.

Human Error model: Slips, laspses and mistakes

Reason developed a model of the types of errors that humans make:

  • slips
  • lapses
  • msitakes

Concepts

  • Human error
  • Slips, lapses and mistakes
  • Swiss cheese model

Selected publications

Nadine Sarter

Sarter is a researcher in industrial and operations engineering.

Concepts

  • cognitive ergonomics
  • organization safety
  • human-automation/robot interaction
  • human error / error management
  • attention / interruption maangement
  • design of decision support systems

Selected publications

Robert L. Wears

Wears was a medical researcher who studied emergency medicine.

Concepts

  • Underground adaptations
  • Articulated functions vs. important functions
  • Unintended effects
  • Apparent success vs real success
  • Exceptions
  • Dynamic environments
  • Systems of care are intrinsically hazardous

Selected publications

Diane Vaughan

Vaughan is a sociology researcher who did a famous study of the NASA Challenger accident.

Concepts

  • normalization of deviance

Selected publications

David Woods

Woods has a resesarch background in cognitive systems engineering and did work researching NASA accidents. He is one of the founders Adaptive Capacity Labs, a resilience engineering consultancy.

Contributions

Woods seems to have contributed an enormous number of concepts.

The adaptive universe

TBD

Theory of graceful extensibility

From The theory of graceful extensibility: basic rules that govern adaptive systems

  1. Boundaries are universal
  2. Surprise occurs, continuously
  3. Risk of saturation is monitored and regulated
  4. Synchronization across multiple units of adaptive behavior in a network is necessary
  5. Risk of saturation can be shared
  6. Pressure changes what is sacrificed when
  7. Pressure for optimality undermines graceful extensibility
  8. All adaptive units are local
  9. Perspective contrast overcomes bounds
  10. Reflective systems continually risk mis-calibration

Concepts

Many of these are mentioned in Woods's short course.

  • the adaptive universe
  • unit of adaptive behavior (UAB), adaptive unit
  • adapative capacity
  • continuous adaptation
  • graceful extensibility
  • sustained adaptability
  • Tangled, layered networks (TLN)
  • competence envelope
  • adaptive cycles/histories
  • precarious present
  • resilient future
  • tradeoffs, five fundamental
  • adaptive florescence
  • reverberation
  • adaptive stalls
  • borderlands
  • anticipate
  • synchronize
  • proactive learning
  • initiative
  • reciprocity
  • SNAFUs
  • robustness
  • surprise
  • dynamic fault management
  • software systems as "team players"
  • multi-scale
  • brittleness
  • decompensation
  • working at cross-purposes
  • proactive learning vs getting stuck
  • oversimplification
  • fixation
  • fluency law, veil of fluency
  • capacity for maneuver (CfM)
  • crunches
  • sharp end, blunt end
  • adaptive landscapes
  • stretched systems, law of
  • cascades
  • adapt how to adapt
  • unit working hard to stay in control
  • you can monitor how hard you're working to stay in control (monitor risk of saturation)
  • reality trumps algorithms
  • stand down
  • Properties of resilient organizations
    • Tangible experience with surprise
    • uneasy about the precarious present
    • push intiative down
    • reciprocity
    • align goals across multiple units

Selected publications

John Wreathall

Wreathall is an expert in human performance in safety. He works at the WreathWood Group, a risk and safety studies consultancy.

Selected publications