View
674
Download
0
Category
Preview:
DESCRIPTION
Citation preview
Early Warning Systems and
Systems Safety
Dr. Ioannis M. Dokas
Cork Constraint Computation Centre
University College Cork
EWS: The Definition Problem
• A universally accepted definition of an early warning system does not yet exist. Probably one never will.(Source: http://ccb.colorado.edu/warning/report.html )
Some Facts on EWS
• Many descriptions / definitions• There is a great variety of designs – development
approaches • In many domains
– Energy– Medicine– Currency crises– Military – Crisis Management– Environment
Some Facts on EWS
Resembling Concepts
• Many resembling concepts
– EW models
– EW indicators
– Accident precursors
Why This Trent?
• The need of being proactive to accidents and disasters is getting bigger
• Better tools allow us to imagine that it is feasible to prevent accidents and better adapt to disasters
Types of Definitions
• Focused on:
– Aim
– How EWS are used in practice
– Functions
– Components
Domain: Business Intelligence
• Strategic EWS
• The aim of a competitive EWS is to support the proactive strategic management of the business. It is composed of an iterative three part approach that starts with the RiskIdentification, continues with Risk Monitoringand ends with the Management Action
Domain: Drinking Water
• EWS is an integrated system for monitoringanalyzing interpreting and communicatingmonitoring data, which can then be used to make decisions that are protective of public health and minimize unnecessary concern and inconvenience to the public
• Technologies and Techniques for Early Warning Systems to Monitor and Evaluate Drinking Water Quality, US EPA
Domain: Drinking Water
• EWS are used to detect any sudden deterioration in the quality of the source drinking water supply either just before the water goes into the distribution system or some distance upstream.
• International Life Science Institute (Brosnan 1999)
Domain: Drinking Water
• An ideal EWS– (1) exhibits warning in sufficient time for action,
– (2) provides affordable cost,
– (3) requires low skill and training,
– (4) covers all potential threats,
– (5) identifies the source,
– (6) demonstrates sensitivity to quality changes at regulatory levels,
– (7) gives minimal false positive or negative responses ,
– ( 8) exhibits robustness,
– (9) allows remote operation, and
– (10) functions year-round.• International Life Science Institute (Brosnan 1999)
Dictionary Definition
• A system or procedure designed to warn of a potential or an impending problem.
– Note: The only action is to warn
UN Framework for EWS (Natural Hazards)
Source : UN - ISDR
Third International Conference on Early Warning 27-29 March 2006 Bonn, Germany
EWS = Process Control Loop
• Are Sensors EWS?
• Are EW indicators EWS?
Perceptions of EWS
• A
• B
• C
Alert Systems vs EWS
• Feedback :• Comparison between
actual and target values (Alert Systems)
• Feedforward:• Detection of possible
disturbances coming from the environment (e.g. EWS for Natural Phenomena)
• Detection of possible disturbances or precondition of failures coming from the controlled process (Metasystemic control and EWS)
Proactive Metasystemic Control
• Need to “enter” in to the lower hierarchical levels of the controlled process
• Identify the feedback control loops which form the controlled process
• Define how the feedback control loops can fail
Proactive Metasystemic Control
• Level 0
• Level 1
Metasystemic EWS
• Example: EWS for Drinking Water Treatment Plants in the Republic of Ireland
• (Brief description will be given at the end of the presentation)
• BUT!!! One Moment Please
• What Metasystemic realy means?
•ORGANISATIONS
Organizations
• Organizations = complex systems
– A collection of hierarchical structured feedback loops
• Interact with the environment
• To accomplish a purpose (or a hierarchy of purposes)
• Top purpose: Maintain existence
• Adapt and evolve
Cybernetics
• The science of control and communication in complex, dynamical systems (Wiener, 1948)
• The science of the emergence and design of order (Malik, 2001)
• The science of effective organization (S. Beer, 1974)
Complexity
• Structural: Number of components in a system or the number of combinations one must consider in making decisions.
• Dynamic: Arise from the interactions among agents in time. (Sterman, 2000)
Emergence
• Emergent properties are properties of the ‘whole’ not possessed by any of the individual parts making up this whole.
• Example: Safety
Viability
• Viability = The ability to maintain a separate existence (Beer, 1979)
• An organization should aim at viability beyond survival – i.e., a viability which transcends mere maintenance of a given identity (Schwaninger 1993, 2001b)
Variety
• Variety = Measure of Complexity
• The number of different states or modes of behaviour a certain system can adopt (Schwaninger, 2006)
Elements of a Viable System
• Operations
• Management / Metasystem
Law of Requisite Variety (R. Ashby)
• Only variety can destroy/absorb variety
Basic Elements of the VSM model (S. Beer)
Reality: Ve > Vo > Vm
Ideally: Ve = Vo = Vm
Managerial, operational and environmental varieties diffusing through an institutional system, tend to equate; they should be designed to do so with minimum damage to people and cost.
The four directional channels carrying information between the management unit, the operation, and the environment must each have a higher capacity to transmit a given amount of information relevant to variety selection in a given time than the originating subsystem has to generate it in that time.
Wherever the information carried on a channel capable of distinguishing a given variety crosses a boundary, it undergoes transduction; the variety of the transducer must be at least equivalent to the variety of the channel.
Principals of Organization (S. Beer)
Elements of a Viable System
• S1 – Implementation
• S2 – Co-ordination
• S3 – Internal Control– S3* Audit
• S4 – Intelligence and Development
• S5 – Strategy – Policy -Ethos
MetaSystem
EWS in Organizations
• 3 Types
–Strategic
–Operational
–Meta-systemic
EWS In Organizations
• “Hard” and “Soft” EWS – Coherence (Hitchins, 2007)
• A soft system does not have a clear, singular purpose: instead, it may have many, conflicting purposes,lack synergy, etc.
• A hard system would have a clear, singular purpose, and would have all the parts within that system contributing towards that singular purpose
– Technology (Hitchins, 2007)• ‘soft’ and ‘hard’ refer not to the coherence of the
system in question, but to the predominance or otherwise of technology in the system.
Metasystemic EWS Do Exist!
• Have the form of safety procedures - periodic reports - internal regulations
• Existing Metasystemic EWS = Soft EWS
• However. There are not any hard metasystemic EWS
•Types of Problems
AXIOM
NO PROBLEM – NO EWS
P = Si - Sr
Causal Factors of Problems
• External
• Internal
TYPES OF PROBLEMS
S. French et al. (2009) Decision behaviour, analysis and support
The Cynefin Framework• A sense making framework that helps to
categorise problems based on the nature of the relationship between cause and effect into five contexts.
http://www.youtube.com/watch?v=N7oz366X0-8
“Performance Meter” of EWS
Domain: Drinking Water
• An ideal EWS– (1) exhibits warning in sufficient time for action,
– (2) provides affordable cost,
– (3) requires low skill and training,
– (4) covers all potential threats,
– (5) identifies the source,
– (6) demonstrates sensitivity to quality changes at regulatory levels,
– (7) gives minimal false positive or negative responses ,
– ( 8) exhibits robustness,
– (9) allows remote operation, and
– (10) functions year-round.• International Life Science Institute (Brosnan 1999)
Early Warning
• The expression ‘early warning’ is used in many fields to mean the provision of information on an emerging dangerous circumstance where that information can enable action in advance to reduce the risks involved (Basher, 2006 Phil. Trans. R. Soc. 364, 2167–2182 doi:10.1098/rsta.2006.1819)
Signal – Sign - Alert
• Signal: It needs a transmitter (Measurable – A strong signal)
• Alert: A verified event which denotes that a “system level hazard” has occurred
• Sound signal vs Weak Signal
Types of Signals
• Those that are beyond our perception
• Those that are within our perception but unrecognised by our mental models
• Signals recognised by our mental models that we use to modify our behaviour.
Bryan Coffman, “Weak Signal Research” http://www.mgtaylor.com/mgtaylor/jotm/winter97/wsrintro.htm
Weak Signal
• A development about which only partial information is available at the moment when the response must be launched, if it is to be completed before the development impacts on the firm. (Ansoff, 1984)
• A weak signal is a factor for change hardly perceptible at present but which will constitute a strong trend in the future (Michelle Codet).
Filters of Weak Signals (I. Ansoff)
• A weak signal has to pass three different filters to have an impact
• Strategic EWS
EWS Justification Model
Causal Factors
• Safety of Systems / Organisations
Safety
• Safety is an emergent property of systems that arises when system components interact with each other within a larger environment (Leveson)
• Safety is a control problem (Leveson, Rasmusen)
• Safety is a dynamic non event (Weik) – a stable outcome produced by constant adjustments
to system parameters. To achieve stability, change in one system parameter must be compensated for by changes in other parameters, through a process of continuous mutual adjustment.
Hazards and Accident
• Hazard: a state or set of conditions of the system that together with other conditions in the environment will lead to an accident
• Accident: undesired and unplanned events that result in a loss
Accident Models
• Provide descriptions of the conceptual elements needed to explain the phenomenon of accidents.
– sequential,
– epidemiological and
– systemic
Sequential• The sequential models
explain accidents as the result of a sequence of “root cause” events
• Social or historical background of an individual drive individual to make an error leads to an unsafe act or condition leads to an accident and an injury. http://www.ekdrm.net/e5783/e17327/e24075/e27357/
Common Types of Events
• Component failures, human error, or energy-related event
• The basic accident model for common hazard analysis
– FTA, FMECA, Event Trees, etc.
Limitations of Hazard Analysis Based on the Sequential Model
• Social Factors
• Organizational factors
• Software
• Human error
• Adaptation
Epidemiological
• The epidemiological models explain accidents with a set of factors, some of which are obvious and some are latent.
Systemic
• The systemic models view accidents as the result of dysfunctional and in some cases unexpected interactions between system components.
• A Prototype Metasystemic EWS
SCEWA Project
• A 5 year research project (800K Euros)
• Begun January 2008
• Goal: To design and develop a prototype web based early warning system for water treatment plants
• Aim: To support a Proactive Risk Management Strategy
Drinking Water Quality in Ireland
• Failures in meeting drinking water standards
• Boil water notices
• Sever consequences
– More than 200 lab-tested cases of cryptosporidiosis in Galway
• A third of all public water supplies in Ireland are vulnerable (EPA report)
Drinking Water Safety
• “Safe water” means that potential harmful substances, depending on their nature and characteristics, are either absent from the water or their quantities falls below safety standards
• Standards are updated periodically
The Role of EWS
Safety: The Basic Concept
• Knowledge of how accidents occur
• From which threats a system must be protected from
• Safety is considered as emergent property of the system (interaction among components may produce hazardous behaviours that are previously unidentified)
• Monitoring of hazards (physical, chemical, microbial, radiological agents) only is not enough
Approaches for Safe Drinking Water
• Multiple Barrier Approach
• Water Safety Plans
• Hazard Analysis and Critical Control Points
Raw Water Drinking Water
Monitoring and Control
The Socio-Technical System
POLICIES,
STRATEGIC DECISIONS,
CONTROL MECHANISMS
HUMAN ACTIVITIES
Stakeholders
Use Case
WWW
PROACTIVE SYSTEM
WARNING
SLIGOLA
HSE
EPA
PROACTIVE SYSTEM
SLIGO WTP
Selected Methods and Technologies
• Domain Specific Modelling
• Software as a Service
• Bayesian Belief Networks
• Hidden Markov Models (under development)
• Users develop models using a graphical language which has specific syntax and semantics
• Based on the graphical models executable code is generated
Domain Specific Modelling Language
Example
Hazard Analyst
Water Service Authority
State Agency
• IDEFØ model (Integration Definition for Function Modeling)
74
Understanding the Domain
•Eclipse EMF Ecore to perform metamodeling
•Java Persistence API (JPA) annotation for object-relational mapping approach.
75
Meta-model
76
M2T transformation using XPand
The Editor
• The code is executed with the SMILE BBN engine
• Eclipse’ GMF has been adopted to build the core architecture,
• Which consists of two frameworks:
• For Metametamodeling Model-based Eclipse ModelingFramework (EMF) technology based upon a subset of the Object Management Group standard (OMG).
• Graphical Editing Framework for graphical editor creation.
• Other Technologies used are UML2 Tools, OCL, XML Schema definition
• To provide persistency we have used Teneo, Hibernate.
Technologies
• For code generation openArchitectureWare platform is integrated in which M2T transformation is performed using Xpand.
• Further Technologies to be integrated
• PostgreSQL
• Apache Tomcat
• Eclipse Rich Client Platform (RCP)
• Eclipse Rich Ajax Platform (RAP)
Code Generation
A SaaS Approach for Socio-technical EWS
•Multi-users scattered all over the country
•Users run the software using a Web browser
•No extra hardware, software nor plug-in
•No upfront license fees required! Pay as you go!
•Easy to update
•Leverage the economy of scale Cost Efficient
• Several Tenants: – Water Service Authorities
– WTP personnel
– Health Service Executive (HSE)
– Environmental Protection Agency (EPA)
– Drinking Water Laboratories
• User inputs and sensor data are considered as evidence for the BBNs (SMILE Engine)
• The BBN result represents our updated belief about the occurrence of a system hazard in each WTP
SaaS Details
Technologies Used
• Linux, Apache, MySQL, PHP and PostgreSQL.
• PHP 5.2 was used as the server scripting language while Apache 2.2 was our Web
• PostgreSQL 8.3 because provides a native support for XML and a build-in query mechanism based on Xpath 1.0.
• Postgre SQL 8.3 exports the result of a query to an XML document and check the well-formedness of an XML document such as XMLPARSE and XMLSERIALIZE.
Expert Catalogue
Definition of a WTP
Status Update by Auditors
State Agencies View
Laboratory View
Hazard Level Estimation (Accessible in all views)
Metasystemic EWS• “Typical EWS” provide inputs
• Users provide inputs (e.g. Audit reports, Warning signals, Change of working conditions)
• Monitoring for the concurrency of signals/eventsindicating shift from a safe system state
• The mechanism detecting the deterioration of safety is based on Systemic Accident models
Metasystemic EWS• The output is not a forecast
• It raises a flag (warnings) when deterioration of safety has been detected
• The stakeholders who form the governance model of safety in the system are “tenants” of the socio-technical EWS
• A socio-technical EWS is a socio-technical system (it may fail, like the reference system, due to the same general processes)
Thank you
Dr. Ioannis M. Dokas
e-mail: i.dokas@4c.ucc.ie
Recommended