A generic approach to analysing failures in human - System interaction in autonomy

Autonomous systems operation will in the foreseeable future rely on the interaction between software, hardware and humans. Efficient interaction and communication between these agents are crucial for safe operation. Conventional methods for hazard identification and safety assessment focus often on one of the aspects of the system only, e.g., human reliability, software failures, or equipment reliability. The method Human-System Interaction in Autonomy (H-SIA) was recently proposed, focusing on autonomous ships operation and collision scenarios. H-SIA provides a framework for analyzing autonomous ship operation as an entirety, rather than each agent separately. The method comprised initially of two main elements: An Event Sequence Diagram (ESD) and a Concurrent Task Analysis (CoTA). While the ESD models the events that can take place following an initiating event, the CoTA models which tasks the agents must perform for these events to succeed. This paper extends HSIA to include the paths to failure, through the development of Fault Trees (FTs), which is necessary for risk analysis and identification of risk reduction measures. The FTs development of H-SIA introduces novelties in comparison to common FTs: (i) they model the system as whole, (ii) they are generic and can accommodate a diversity of systems designs; (iii) they lead to basic failure events. The FTs allows for identification of failure events arising through interaction between autonomous ship and human operators, as well as failure propagation through these agents. The basic failure events are applicable for different autonomous concepts. A case study on autonomous ship collision demonstrates the use of the extended method. The case study illustrates HSIA's applicability to different designs and levels of autonomy, its potential for identification of failure events, and its use in risk assessments.