Innovations in software program and expertise are creating more and more complicated programs: vehicles that park themselves; medical gadgets that routinely ship medicine; and smartphones with the computing energy of desktop computer systems, to call a few. Such complicated programs permit us to do issues that appeared troublesome or inconceivable simply a few years in the past.
But Nancy Leveson, professor of aeronautics and astronautics and engineering programs at MIT, says growing complexity can be making programs extra weak to accidents. What’s extra, she says conventional security engineering approaches will not be very efficient in holding new and fast-evolving programs protected. For instance, engineers sometimes consider the security of a system by checking the efficiency of every of its parts. Leveson argues that security — notably in complicated programs — will depend on greater than a system’s particular person components.
For the previous decade, Leveson has been championing a new, extra holistic method to security engineering. In addition to analyzing programs’ technical parts, her method — dubbed STAMP, for System-Theoretic Accident Model and Processes — addresses the impacts of human, social, financial and governmental elements on security.
Last week, Leveson hosted a three-day workshop at which greater than 250 security engineering professionals from across the world gathered to find out about STAMP and to discover the occasion’s theme, “Engineering a Safer World.” The occasion additionally coincided with the publication of Leveson’s new guide on the subject, titled Engineering a Safer World: Systems Thinking Applied to Safety.
The workshop drew contributors from industries together with aviation and automotive engineering, occupational well being, missile protection, street tunnel security, and drugs, a few of whom gave shows throughout the workshop.
In many circumstances, security analyses are carried out solely after an accident has occurred. Several researchers on the workshop offered circumstances during which they used Leveson’s method to determine causes of accidents.
Daijiang Suo, a graduate scholar in laptop science at Tsinghua University, reconstructed a 2003 practice accident that killed 40 folks in southwest China. Engineers initially decided that lightning brought on a monitor circuit to malfunction, inflicting the practice to derail. Using Leveson’s method, nevertheless, Suo expanded the parameters of security to incorporate different elements, in the end attributing the accident partially to communication points between operators and partially to strain to maintain the practice on schedule.
Stathis Malakis, an air site visitors controller and human elements researcher for the National Technical University of Athens, is analyzing the security of helicopters that present emergency medical companies in Greece. When these helicopters crash, authorities write up accident studies, though Malakis says many studies will not be launched till a lot later.
“It’s interesting that after three decades, we have never revisited accident reports,” Malakis stated. “What can we unearth about these accidents to prevent further accidents?”
Malakis is utilizing STAMP to reply this query, searching for patterns amongst a number of accident studies.
“It’s much better to do this analysis at the beginning rather than right before a system is deployed,” stated Grady Lee, president of Safeware Engineering Corporation, a firm he began with Leveson. Lee was one of many first to undertake Leveson’s method for a real-world software, utilizing the method to judge the U.S. Ballistic Missile Defense System. Lee discovered that whereas every particular person part of the system labored effectively, collectively the parts skilled issues. Following Leveson’s plan, Lee examined the parts underneath varied eventualities, figuring out weaknesses within the system.
“Safety is always against the grain,” Lee stated. “Everyone is success-oriented, and you want to say, ‘Wait a minute.’ But at the end of the day, if it doesn’t fall apart, you’re happy.”
Qi van Eikema Hommes, a analysis scientist in MIT’s Engineering Systems Division, is utilizing Leveson’s method to determine potential hazards of adaptive cruise management programs in vehicles. Hommes stated that expertise — notably software program — is evolving at such a fast tempo that it’s not possible to evaluate a system’s security utilizing typical approaches.
“What are the implications of automating all these tasks on system safety?” Hommes requested. “We’re playing in a dangerous field here.”
While most engineers are using Leveson’s method to judge technical programs, Marvin Dainoff, director of the Center for Behavioral Science on the Liberty Mutual Research Institute for Safety, is using the method within the occupational security enviornment. In 2010, greater than 4,500 folks died from occupational accidents, “equivalent to two fully loaded 747s crashing each month,” Dainoff stated.
Overexertion and falls are principally in charge. Dainoff is finding out a slice of the issue, within the meals companies business. Specifically, Dainoff is utilizing Leveson’s method to determine the causes of slips and falls in restaurant kitchens.
“There’s low-hanging fruit here,” Dainoff stated. “Can we use this technique? At this point, we’re learning.”