omit losses resulting from interactions among system components that have not failed but satisfy their specifications (which were inadequate). For example, in the 1999 Mars Polar Lander mishap where it is believed an improper descent engine shutdown caused the spacecraft to impact the planet surface at high velocity, each of the spacecraft components met their requirements specifications: The fault lay in system engineering and in the incomplete and incorrect understanding of the required behavior of the spacecraft components. Similar system design inadequacies have resulted in other catastrophic spacecraft and aircraft losses. The use of Systems Thinking provides much more leverage in understanding and preventing accidents than do traditional eventbased approaches (William Young graphic, Shutterstock image)
Software and flawed software requirements often play a role in these component interaction accidents. The role of software should not be surprising: Software usually embodies system design and functions formerly implemented by electro-mechanical components. The older electro-mechanical systems were simple enough that they could be exhaustively tested before use, thus identifying system design errors and leaving primarily component failures to be dealt with during system operation. Software-intensive systems cannot be thoroughly tested, however, and the system design errors that are missed can lead to serious losses. We use software so that we can increase complexity but, at the same time, we are building systems in which all the potential interactions among components cannot be thoroughly planned, understood, anticipated, and guarded against. To deal with these limitations, a new, more powerful model of accident causation is needed. System-Theoretic Accident Model and Processes (STAMP) expands the old failure model of accident causation to include the new accident causes we are experiencing today. It is based on systems theory and systems thinking rather than reliability theory and assumes accidents are caused by
20
AEROASTRO 2012-2013