[SystemSafety] power plant user interfaces

Gergely Buday gbuday at gmail.com
Mon Jul 13 07:30:05 CEST 2015 

> You don't say what you have in mind with TMI.

Stone, Jarrett, Woodroffe and Minocha's book
User Interface Design and Evaluation writes:

The Three Mile Island Nuclear Power Plant Disaster
One of the most discussed issues during the early 1980s was the Three Mile
Island nuclear power plant disaster. The incident nearly resulted in a
meltdown
of the nuclear reactor. The cause of the incident was never conclusively
deter-
mined, but experts, official bodies, and the media all blamed a combination
of
operator error and bad interface design. In particular, much media attention
and several official reports focused on the design of the control panels in
the
process plant. The incident could have been prevented if the control panels
had been designed to provide the operators with the necessary information to
enable them to perform their tasks efficiently and correctly. The following
are
just some of the interface problems that were identified:
• A light indicated that a valve had been closed when in fact it had not.
• The light indicator was obscured by a caution tag attached to another
valve
controller.
 The control room alarm system provided audible and visual indication for
more than 1500 alarm conditions. Evidently this number of alarms was
intended to facilitate control of the entire plant during normal operating
conditions. However, the layout and grouping of controls on the control
panel had not been well thought out and so enhanced, rather than mini-
mized, operator error (Brookes, 1982; cited in Leveson, 1995).
• A single “acknowledge” button silenced all the alarms at the same time,
but
it was not used because the operators knew they would lose information if
they silenced some of the alarms. There was simply no way for the operators
to cancel the less important signals so that they could attend to the impor-
tant ones.
The root of the problem, therefore, seemed to be that the control panels did
not support the task of serious error and incident recovery. The control
panels
misinformed the operators. They did not indicate to the operators the true
state
of affairs in the reactor plant, and they did not provide the necessary
informa-
tion in a form that the operators could understand and use to rectify the
situation.

--

So I look for papers on these bad designs and how to do it better.

- Gergely

On 13 July 2015 at 06:22, Peter Bernard Ladkin <ladkin at rvs.uni-bielefeld.de>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 2015-07-12 21:00 , Gergely Buday wrote:
> > what is the basic literature on power plant user interfaces, especially
> if it is a nuclear
> > power plant?
>
> There is a sizeable literature on Human-Machine Interaction, HMI. It is an
> entire
> multidisciplinary field. Some people like to call it Engineering
> Psychology, some people Cognitive
> Science, others just Human Factors. There is a Human Factors and
> Ergonomics Society, which has
> members from all over the world, and runs an annual European conference
> https://www.hfes.org//Web/Default.aspx Its journal, Human Factors, has
> been established for many
> decades. Just for computers (HCI), there are ACM Transactions and an
> annual ACM conference. There
> is an annual UK BCS conference. In aviation, there is
>
> Besides Don Norman's classic, which is not a text, Chris Wickens has a
> well-established text on
> Engineering Psychology which is also not domain specific. Harold Thimbleby
> has a prize-winning
> text on HCI called Press On. Harold works primarily with medical devices,
> not process control.
>
> > I have learned that the Three Mile Island accident was partly due to
> errors in the control
> > interface.
>
> The word "error" is value-laden. If there is not an "error" then
> everything is alright - not......
>
> You don't say what you have in mind with TMI. There were features that
> contributed to the
> operators' misunderstanding the actual situation. There can be plenty of
> those without overt errors.
>
> One of the classics in plant control is putting key indicators in a
> position where an operator
> sitting at hisher intended position (usually a "console") cannot see them.
>
> PBL
>
> Prof. Peter Bernard Ladkin, Faculty of Technology, University of
> Bielefeld, 33594 Bielefeld, Germany
> Je suis Charlie
> Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
>
> iQEcBAEBCAAGBQJVozzxAAoJEIZIHiXiz9k+0bwH/0CNfhJAM4l0rkXvrXlCTeWW
> knmjf9AQ5UUMDJoAhJ1wAEA+h3cXbKWzJ9SiHwFtQH/ifEFF5M+Ck3cOLO+AqXMc
> 4VbIZIZawjn0eU3E+mGEwnB9s10fMS4RVHZl12kPqL4lBYmdn9+310hnVnnEE6bE
> 4h2si+hMqcluXM6BHqt24YVVyHZOMqPR/l/I0byZizDN9+emNhGNloBsk5Eb6RMv
> IX7lgemRArZI719PbZVUksGFvUkKyOaAtoBi2xLF6oVxlBq3K+Y2kBsq+azWAA5t
> LLBpeRp8V4ZFBIxhxKn1kLAIgrDl4Z+48aaMNymqE/vWYd4jUzrtTvqI5lVkvKE=
> =Qjfk
> -----END PGP SIGNATURE-----
> _______________________________________________
> The System Safety Mailing List
> systemsafety at TechFak.Uni-Bielefeld.DE
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20150713/32096eaa/attachment.html>

More information about the systemsafety mailing list