REA Symposium on Resilience Engineering Embracing Resilience https://open.lnu.se/index.php/rea en-US amanda.hellstrom@lnu.se (Amanda Hellström) gesa.praetorius@lnu.se (Gesa Praetorius) Tue, 14 Jan 2020 00:00:00 +0100 OJS 3.3.0.13 http://blogs.law.harvard.edu/tech/rss 60 Connectivity and resilience of remote operations: insights from air traffic management https://open.lnu.se/index.php/rea/article/view/2371 <p>Greater connectivity is transforming critical infrastructures profoundly. One specific aspect enabled by connectivity are remote operations, which allow for the provision of services difficult to provide in a direct capacity, physically (e.g., due to cost or resource availability). Domains of applications are very diverse, e.g.: industry, public services, healthcare, culture. In the domain of Air Traffic Management (ATM), increased connectivity is seen as one of the main drivers of the improvement of operations and building of capacity to handle the expected traffic increase. The concept of Remote Tower operations provides the capacity to manage tower operations remotely from a virtual tower and remote centre. It increasingly appears as a valuable alternative to traditional control towers. However, one can wonder about the risks introduced by the necessary reliance on network infrastructures and remote sensors. What happens to remote operations when these are not fully, if at all, functional? How dangerously dependent on the digital infrastructure are the capabilities introduced by remote operations?<br>Such questions take particular significance in the face of the cyber threat: cyber-attacks on digital assets and services can impair the capacity to perform ATM safely from remote. Resilience then represents the capacity to handle two interrelated, but different, disruptions: of ATM operations; and of digital services. In the first case, the primary emergency, the system needs to adapt to mitigate the impact on operations (e.g., switch to other modes of operations or divert traffic) and return to sound operations. In the second case, challenges are associated with the system’s capacity to identify, understand and address the cyber event. Re-establishing impaired digital services in a timely manner is critical because the adapted ATM operations are not sustainable. Inspired by crisis management, the paper explores challenges and strategies for resilient performance in the face of disruptions to the digital infrastructure.</p> Matthieu Branlat, Per Håkon Meland, Tor Erik Evjemo, Anthony Smoker Copyright (c) 2019 Matthieu Branlat, Per Håkon Meland, Tor Erik Evjemo, Anthony Smoker http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2371 Thu, 21 Nov 2019 00:00:00 +0100 Resilience of Air Traffic Controllers in control tower https://open.lnu.se/index.php/rea/article/view/2379 <p>The air traffic controllers in the control tower at an airport are responsible for the safe and efficient movements of aircraft on the taxiways and runways of the airport, and of aircraft in the airspace near the airport. In aerodrome Air Traffic Control (ATC), controllers always face inevitable disturbances, such as changing traffic situations, variability in the performance of pilots, variable wind conditions, and so on. However, controllers deal with these challenging situations to provide safe and efficient ATC services continuously. The aim of this study is to determine the resilience of controllers during their normal daily ATC operations. Multiple interviews with tower controllers and observations in the control tower at Chubu Centrair International Airport in Japan were conducted to investigate their working processes, including cognitive aspects. Their answers to the interview questions were analyzed from the perspective of Safety-II, that is, how they manage disturbances in their working environment to achieve successful ATC operations. The analysis results are described using the functional resonance analysis method (FRAM), modified for the description of three types of functions and situational factors: (1) basic functions for meeting the separation standards between aircraft, (2) threat factors, which could disturb the basic functions, and (3) response functions for managing possible negative effects caused by the threat factors. The FRAM model obtained visualizes the complex interactions among the functions and the situational factors in aerodrome ATC tasks, and it shows the essential role of performance adjustments of controllers for the proper functioning of ATC.</p> Daisuke Karikawa, Hisae Aoyama, Tomoki Ohashi, Makoto Takahashi, Masaharu Kitamura Copyright (c) 2019 Daisuke Karikawa, Hisae Aoyama, Tomoki Ohashi, Makoto Takahashi, Masaharu Kitamura http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2379 Thu, 21 Nov 2019 00:00:00 +0100 Receipt and dispatch of an aircraft: a functional risk analysis https://open.lnu.se/index.php/rea/article/view/2416 <p>Receipt and dispatch operations in aviation require the contribution of a variety of tightly inter-connected agents (dispatchers, pilots, ground-handlers, air traffic controller, etc.). These agents have to deal with processes that are frequently affected by variable working conditions and limited resources. In this context, human actions acquire a crucial role to cope with situations underspecified by procedures, and to manage unanticipated circumstances.<br>This paper proposes the application of the Functional Resonance Analysis Method (FRAM) for modelling receipt and dispatch process for Boeing-737 in a major airport (about 70 movements per day). The proposed FRAM has been enriched by the adoption of a multi-level representation aimed at deconstructing the complexity of work at different abstraction levels. The analysis focuses on agents and macro-meso-micro functions (i.e. functions aggregated into a single function at a higher abstraction level), combining qualitative and semi-quantitative analyses. This paper aims to detail the main project phases for the development of a FRAM model to be used as a basis for systemic risk analyses in large socio-technical systems.</p> Riccardo Patriarca, Arie Adriaensen, Mark Peters, Joel Putnam, Francesco Costantino, Guilio Di Gravio Copyright (c) 2019 Riccardo Patriarca, Arie Adriaensen, Mark Peters, Joel Putnam, Francesco Costantino, Guilio Di Gravio http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2416 Mon, 13 Jan 2020 00:00:00 +0100 Resilience in the Swedish healthcare system https://open.lnu.se/index.php/rea/article/view/2376 <p><strong>Background:</strong> Swedish healthcare has become increasingly under strain with problems to recruit and retain personnel, decreasing production and productivity as well as increasing queues. This more demanding situation raised the question if it also would affect the healthcare system’s ability to deal with disruptions. The ability of a healthcare system to handle both regular and extraordinary disruptions is essential to ensure care of citizens under varying conditions and trust in the system.<br><strong>Purpose:</strong> to assess the ability of the Swedish healthcare system to handle both regular and extraordinary disruptions in a short- and long-term perspective.<br>Theory: a resilience-engineering framework of four system functions: monitoring, response, anticipation and learning, was used.<br><strong>Methods:</strong> quantitative (official statistics) and qualitative methods were combined. DRG statistics determined production and the productivity of Swedish healthcare regions. Document studies, interviews and workshops helped understand issues qualitatively.<br><strong>Results:</strong> Swedish healthcare has an adequate ability to respond to short-term extraordinary disturbances, but has more problems in handling regular challenges in operative care. Key reasons for these problems were insufficient monitoring and learning; as evidenced by problems to match capacity to needs and difficulty in realizing structural change towards a healthcare system based around primary care.<br><strong>Conclusions:</strong> Swedish healthcare exhibits a typical pattern in many organizations in which focus on short-term pressures crowds out longer-term strategic issues of system restructuring</p> Patrik Hidefjäll Copyright (c) 2019 Patrik Hidefjäll http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2376 Thu, 21 Nov 2019 00:00:00 +0100 Patterns of performance variability: a meso-level understanding of psychiatric discharge https://open.lnu.se/index.php/rea/article/view/2419 <p>Incident reports, as well as surveys, indicate that there is a risk of healthcare injuries when psychiatric patients are discharged from the hospital, with continued treatment as an outpatient. In this study, we are ultimately interested in the resilience of psychiatric care in this risky discharge, i.e. how the system adapts to cope with the risks. We understand that there are margins of maneuver in everyday psychiatric work, with several strategies potentially leading to acceptable performance and we seek to map the performance variability of such strategies. The aim of this study is to visualize retrospective discharge and compare findings of variability within the Stockholm Center of Dependency Disorder different wards. To understand what is "normal" from an organizational point of view, the study will analyze patterns from clinic visits where patients had been discharged with a follow-up visit between 2009 and 2018. This is a retrospective longitudinal correlation study with a strategic selection. Data consist of 71 125 anonymous quantified patients, who have been hospitalized and who, at the time with discharge, have been booked to a revisit as an outpatient. Results are compared between 81 different wards in Stockholm County. Results show that a significant amount (42%) of the patients do not visit the outward as planned by health care, but instead seek help from the emergency ward. Further, a variance in cancellation of the follow-up visit appear as an outcome for the data. Retrospective analysis of quantified data seems to be a valuable tool for widening the understanding of performance variability and could help healthcare management understand where resources should be prioritized. The results also show how patients themselves have, and use, adaptive capacities in order to navigate the system, and that this has consequences at higher system levels.</p> Jakob Svensson, Johan Bergström Copyright (c) 2019 Jakob Svensson, Johan Bergström http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2419 Mon, 13 Jan 2020 00:00:00 +0100 Resilience Shift program: objectives, execution and preliminary results https://open.lnu.se/index.php/rea/article/view/2378 <p>The Resilience Shift (RS) was established in 2016 to address the recommendations of the Lloyd's Register Foundation's 'Foresight review of resilience engineering'. The initial 5-year programme is funded by Lloyd's Register Foundation, with Arup as host institution. Its aim is to inspire and empower a shift in critical infrastructure resilience thinking and practice so that engineered structures and infrastructure will be not only safer but also better. This paper provides a summary of the Resilience Shift’s aims and objectives and explains the programme execution. Building resilience of critical infrastructure requires decisionmakers working in different industry sectors to understand ‘what’ can be done, ‘why’ it should be done, and ‘how’ to put it into practice. All results from the Resilience Shift programme are publicly available through the organisation’s website, which can be accessed at: https://www.resilienceshift.org/.</p> Jan Reier Huse, Oliver Pritchard, Juliet Mian, Xavier Aldea Borruel Copyright (c) 2019 Jan Reier Huse, Oliver Pritchard, Juliet Mian, Xavier Aldea Borruel http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2378 Thu, 21 Nov 2019 00:00:00 +0100 Resilience Assessment Grid (RAG) for facilitating safety consciousness of nuclear power plant personnel https://open.lnu.se/index.php/rea/article/view/2421 <p>Our experience of applying the Resilience Assessment Grid (RAG) method to nuclear power plant personnel is described. Various countermeasures have been introduced in every Japanese nuclear power plant (NPP) in order to meet regulatory requirements issued after the severe accident at Fukushima-Daiichi NPP. These requirements cover diverse hardware installation, human resource enhancement, and managerial improvement. However, although these countermeasures will improve the safety of NPPs in principle, they may also have negative impacts. The most likely negative impact of such strict regulations is loss of operational flexibility, i.e. degradation of resilience potential.<br>The RAG method has been introduced to avoid degradation of resilience potential. However, in a preliminary stage of applying the method, the plant personnel were reluctant to accept the idea of improving operational resilience. They believed that any anomaly could be handled by following predefined operational procedures, and were reluctant to rely on resilient behavior to handle unexpected situations.</p> <p>Therefore, the RAG questionnaire was modified to overcome their reluctance. The first modification was to ask interviewees to answer a set of questions related to a class of anomalies that may lead to a severe accident. This version of the modified RAG is called the restrictive RAG. In the second modification, the NPP operators were asked to answer mainly questions about the potential to respond and the potential to monitor, while the plant personnel in the safety division, who are responsible for developing procedures, were asked to mainly answer questions concerning the potential to learn and the potential to anticipate. This modified version of RAG was called the cross-divisional RAG. Finally, in the third modification, the set of questions focused on envisioning potential difficulties in conducting tasks that the interviewee is assigned to. This version of RAG was called the brittleness- oriented RAG. Through attempts over several years, the brittleness-oriented RAG was found to be useful as an introductory practice for other RAG surveys. In addition, the brittleness- oriented RAG itself was found to be a useful tool for facilitating consciousness concerning possible weak points of the NPP even after implementing various countermeasures. Enhancing safety consciousness seems to be indispensable for developing resilience potential in the organization.</p> Hiroshi Sakuda, Masaharu Kitamura Copyright (c) 2019 Hiroshi Sakuda, Masaharu Kitamura http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2421 Mon, 13 Jan 2020 00:00:00 +0100 Exploring methodological procedures of TORC: an application experience https://open.lnu.se/index.php/rea/article/view/2426 <p>Training has proven to be effective in developing safety in complex systems, such as in aviation. Among recent training technologies for resilience skills and capabilities, TORC (Training for Operational Resilience Capabilities) was developed as a tool for training workers to handle critical situations. It is a non-specific domain gamification to address operational and organizational safety needs. Although it is a promising technology, some methodological procedures should be analyzed in order to promote its development and evaluation. In this study, we report our recent TORC experience with aviation pilots and we explore the methodological procedures in three phases of the game: preparation (i.e. objectives, game definitions and context), application (i.e. training process and training format) and analyses (i.e. discussion about relevance and training method). We adopted a multi-method approach, with one team of researchers taking part in TORC sessions and another team observing TORC dynamics. Data was cross-examined and a framework is proposed, which will offer a visual representation to guide the TORC sessions development. Results provide information for both researchers (concerned in the application of TORC and similar training dynamics) and practitioners (interested in TORC game).</p> Éder Henriqson, Felipe Lando, Marina Gaspareto Copyright (c) 2019 Éder Henriqson, Felipe Lando, Marina Gaspareto http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2426 Mon, 13 Jan 2020 00:00:00 +0100 A joint approach to safety, security and resilience using the functional resonance analysis method https://open.lnu.se/index.php/rea/article/view/2382 <p>The protection of Offshore Wind Farms (OWF), a critical part of maritime infrastructure, faces new challenges due to the continually increasing share of renewable power generation (planned to reach 65% until 2030 in Germany). This is especially due to the large size of individual OWF (centralized generation units) and new threats such as climate change and their potential as targets for terrorism. It is no longer sufficient to simply optimize the performance of energy generation; the infrastructure also needs to be kept resilient when facing these new threats. To improve resilience, safety and security measures have to be taken into account and therefore safety, security and resilience (SSR) need to be addressed collectively.</p> <p><br>To this end, SSR goals are identified for a generic OWF by analyzing stakeholder needs and expectations. These goals include not only safe energy generation but also environmental protection, compliance with regulations, hazard defense and security. The SSR goals are classified and detailed in (i) who/what needs protection, (ii) hazards, and (iii) measures with available sensors. A common modeling tool in resilience research, the Functional Resonance Analysis Method (FRAM) is employed to visualize and model interrelations/interactions between SSR goals. The feasibility to model SSR goals as functions and the respective expected variabilities with FRAM are also studied. Further, the possibility to identify critical paths in the FRAM model which allows the introduction of cascade effects is assessed. Critical SSR goals are identified that need further measures to increase the level of fulfillment and to keep the infrastructure protected.</p> Corinna Köpke, Jan Schäfer-Frey, Evelin Engler, Carl Philipp Wrede, Jennifer Mielniczek Copyright (c) 2019 Corinna Köpke, Jan Schäfer-Frey, Evelin Engler, Carl Philipp Wrede, Jennifer Mielniczek http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2382 Thu, 21 Nov 2019 00:00:00 +0100 Positioning the study of first line managers’ resilient action strategies https://open.lnu.se/index.php/rea/article/view/2380 <p>This paper introduces a study on the action strategies of first line managers (FLMs) using a resilience perspective and the aim is to position the study in the theoretical field of resilience management and engineering. One important key to an organization's long-term competitiveness are the first line managers’ ability to handle the role as a leader in daily work. In the role of a FLM, there are a lot of conflicting objectives to manage, for example, regarding available resources, subordinates’ views versus superiors’, centralized and/or local control, optimization of cost and capability (quality and delivery). Moreover, at the operational level of detail, FLMs have to balance daily deliveries in relation to development activities, i.e. technical development, product development, implementation of new system and management concepts. Regardless of the complexity in work and organisational change over time, a FLM’s most important task is to contribute to a high and stable production output out of an input that is characterized by variability and disturbances. To do so in a sustainable way, the FLMs must develop action strategies about ways of working and problem solving that systematically facilitate coping with the situation and managing their own workload. We consider this as developing resilient actions strategies that allow the FLMs to handle the upcoming problems without getting problems on their own. In this paper we describe and develop the theoretical underpinnings of the study as well as how we position our own research in relation to the different theoretical strands of resilience management. We further suggest some methodological ideas on how to capture the work and nature of first line managers’ resilient action strategies. The focus in our work will thus be on how FLMs handle and can improve the more or less chaotic mix of activities in daily work in a resilient way.</p> Johan Karltun, Anette Karltun, Karin Havemose, Sofia Kjellström Copyright (c) 2019 Johan Karltun, Anette Karltun, Karin Havemose, Sofia Kjellström http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2380 Thu, 21 Nov 2019 00:00:00 +0100 Building bridges, minding the gaps: involving the perspectives of older people in creating resilient healthcare infrastructure to disasters https://open.lnu.se/index.php/rea/article/view/2425 <p>Introduction: Natural disasters have increased over the last decades. As the world population is also ageing, older people have become more exposed to disasters, with the United Nations highlighting the critical role of healthcare infrastructure in disaster contexts. Traditionally, research on disaster resilience has focused mainly on disasters’ negative effects on older people as a vulnerable group, and there is scarce research in engineering that incorporates older people’s needs and experiences as a group that is also capable and resilient. This project responds to the lack of research that incorporates the assessment of resilience in healthcare facilities that incorporates the perspectives of older people as its final users.</p> <p>Objective: This paper presents a methodological approach to integrating the physical assessment of resilience in healthcare facilities with the perspectives of older people. It corresponds to a study still being conducted in the central zone of Chile. This region is regularly exposed to earthquakes and concentrates the largest number of complex healthcare facilities in the nation, targeting around 40% of its older population.</p> <p>Methods: A collaboration between two PhD research projects is assessing healthcare facilities’ experience of large earthquakes and the relationships between facilities in disaster contexts and the perspectives of older people. This is a mixed-methods study, that will combine a qualitative approach (semi-structured interviews and focus groups) with seismic engineering resilience modelling.</p> <p>Results: Preliminary results helped identify earthquakes’ potential effects on functionality from the perspectives of older people and the relationships between healthcare facilities. This study can contribute to healthcare facilities’ earthquake resilience by offering a broader perspective on the links between older people’s disaster experiences and healthcare facilities.</p> Yvonne Merino, Andrea Vásquez, Katitza Marinkovic Copyright (c) 2019 Yvonne Merino, Andrea Vásquez, Katitza Marinkovic http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2425 Mon, 13 Jan 2020 00:00:00 +0100 Use of human hazard analysis to enhance resilient performance of helicopter maintenance systems https://open.lnu.se/index.php/rea/article/view/2372 <p>When designing a new helicopter, the manufacturer must consider the maintenance tasks required to keep the aircraft airworthy with maximum efficiency. This is based on the performance of previous designs and as much as possible, the experience of real maintenance engineers bought into the team. This is rarely perfect but the system displays resilient performance, driven from the flexibility and adaptability of maintenance engineers overcoming the real-life challenges of the maintenance environment to ensure we continue to deliver safe and available aircraft.<br>This presentation will explore Human Hazard Analysis, a process to compare the ‘Work-as-Imagined’ in design to the ‘Work-as-Done’ in the real maintenance environment to reveal design and organisational limitations, but more importantly the strengths of those conducting the maintenance. The process builds upon the “Safety-I” data collected, formally and informally, on how the system has failed, but introduces a “Safety-II” focus on the workarounds developed.<br>We bring together groups of people from across the industry with the aim of having a different conversation. Attendees include design engineers, manufacturer technical representatives, accident investigators, experienced and novice maintenance engineers, technical directors and human factors specialists. The ground rules are simple, that openness is key. The benefit comes from honest conversations, actively avoiding the risks of defending positions, rushing to assign blame, avoiding the acceptance of blame and protecting perceived reputations.<br>From the insights generated we are addressing weaknesses in helicopter design and documentation, organisational norms and training, and formalising the adaptive processes employed to improve the safety and efficiency of the maintenance process.</p> Simon Gill Copyright (c) 2019 Simon Gill http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2372 Thu, 21 Nov 2019 00:00:00 +0100 Governance, complexity and deep system threats https://open.lnu.se/index.php/rea/article/view/2424 <p>Aviation, health care and financial services are increasingly stretched due to aspects that pose deep enduring systemic threats to our societies, challenging our ability to respond with commensurate socio-technical solutions. It has been argued that complex systems like these are intractable, defying generalisable analysis that could support prediction and control, and hence are not amenable to compliance models of regulation. Instead it is argued here that this ability can be developed with applying governance to a knowledge system.<br>The knowledge system needs to identify relevant system properties with leverage on operational risk. Big data analysis plus model-based reasoning, can identify generic socio-technical system characteristics. To make sense of the relations between system and outcome a complementary capability to model the functionality of producing the data is needed.</p> <p><br>Our socio-technical analysis model is based on the following principles: purposive human systems have outcomes and produce value; this involves at least a minimal sequence of activity with related dependencies; it is the reciprocal nature of social relations that makes that sequence possible, and the flow of knowledge and information enables these productive roles of people. A governance system is required to assure that this works.</p> <p><br>A governance system should generate a motivation, an “obligation to act” to use the knowledge directly within operations, to implement and validate solutions, and to manage risk across the system. This behaviour needs to be sustained in three cycles of governance: Operational, Improvement and Strategic. The operational feedback loop maintains its role to ensure close monitoring of the operational impact of the system change, maintaining a close link between strategic implementation and operational experience.</p> <p>Safety is not something distinct and separate from other aspects of system functionality, but it needs to be integrated into a new evidence-based governance of operational risk which is outlined in this paper.</p> Nick McDonald, Pernilla Ulfvengren Copyright (c) 2019 Nick McDonald, Pernilla Ulfvengren http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2424 Mon, 13 Jan 2020 00:00:00 +0100 Reducing the gap between work as done and work as imagined on construction safety supported by UAS https://open.lnu.se/index.php/rea/article/view/2386 <p>Safety management (SM) is considered a complex task during the construction phase, given the number of high-risk activities that can lead to accidents. The differences between work as done (WAD) and work as imagined (WAI) is one of the main barriers faced by safety management. The Resilience Engineering stand out that improving in safety performance cannot be simply achieved through the use of procedures and barriers, but through the continuous monitoring. On the other hand, the use of Unmanned Aerial Systems (UAS) technology can contribute to the safety management system to support the monitoring of the daily work. This study aims to evaluate how work is performed from RE perspective through the application of the safety checklist based on the assets collected with UASs on site, focusing on the cast-in-place concrete wall constructive process, once it involves high risk of accidents during construction. For this, an exploratory case study in a construction project was conducted in Brazil, involving the following steps: (a) development of a safety monitoring protocol using UASs, (b) field tests for monitoring safety conditions with UASs along 35 weeks, and (c) data analysis. As contribution, this work identifies potential improvements on safety procedures aiming to reduce the differences between prescribed and actual work. In addition, the UASs can be used to perform regular and redundant safety inspections providing information to support managers’ decision-making.</p> Roseneia Melo, Dayana Costa Copyright (c) 2019 Roseneia Melo, Dayana Costa http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2386 Thu, 21 Nov 2019 00:00:00 +0100 Experimental study on the effect of a procedure under unexpected situations https://open.lnu.se/index.php/rea/article/view/2415 <p>Preparing procedures for a wide range of situations is considered important and has been confirmed to be effective for realizing reliable operations and a higher level of safety in complex socio-technical systems. However, once a situation drifts outside the scope of prepared situations, the effectiveness of using a pre-defined procedure may degrade, and operators have to make decisions without relying on procedures. In such cases, stronger operators are dependent on procedures, and the more unreliable operators' decision may come from the possible lack of a deeper understanding of the objective systems. The present study experimentally confirms that a strong dependence on the procedure may deteriorate the performance under unexpected situations outside the range of procedures. A Smart Grid Simulation environment, in which dynamic decision making is required to deal with the given situations to avoid blackout, is adopted as the experimental testbed.<br>The scenarios for the expected situation presented herein are constructed on the basis of the events that have not been presented to the subjects in advance. The subjects are divided into two groups. The subjects in Group A are not given a written procedure that enables an effective operation for the predefined situations, whereas subjects in Group B are instructed to strictly follow the procedure. The results imply that the task performance evaluated on the basis of the number of causing a blackout degrades for the subjects following the procedure when facing unexpected situations.</p> Makoto Takahashi, Daisuke Karikawa, Genta Sawasato, Yoshitaka Hoshii Copyright (c) 2019 Makoto Takahashi, Daisuke Karikawa, Genta Sawasato, Yoshitaka Hoshii http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2415 Mon, 13 Jan 2020 00:00:00 +0100 Contemporary fisheries risks and SME resilience Dutch fishing vessel (re)designing 1988-2018 https://open.lnu.se/index.php/rea/article/view/2414 <p>The North Sea flatfish fisheries can be characterized by small, family owned enterprises (SME), where the fishermen have a decisive voice in (re)designing and adapting to socio-technical system capacity, safety-wellbeing and resilient business performances. In particular, the Dutch safety- and sustainability awareness reflect on engineering (reliability) and business models. Where maritime resilience goes further than a mere socio-organizational approach on safety consequences and recovery from mishap and disaster. Since the 80s the Dutch fishing vessels had to adapt to three major socio-political changes, at the same time becoming key (re)design drivers: from traditional to Safe &amp; Health Environment (SHE; Kindunos; safety-integrated re-design), from SHE to Corporate Social Responsibility (CSR; MDV-1; disruptive new design) and currently from sustainable to integration of the Circular Economy Principles (CE; prospective CE-(re)design concepts). On existing vessels the required safety-and sustainable modifications came with very high transition costs, especially under conditions of the 2008 economic crisis. This severely hampered the ability of individual SME’s to invest in mid-life upgrades, let alone in disruptive new buildings. The new socio-political challenges dictate change in (re)design approaches, in which sound safety aspects stay consistent and vital. In order to remain flexible and resilient to future fishery system changes, the fishing vessel design process must become more transparent and already start at conceptual level. Firstly with identification of future-proof design aims and sound business models, rather than further restrictive detailing and extensive quantification of current performance indicators. Such an effort requires disruptive design approaches at corporate- and sector level rather than adaptation at a strict organizational level. However, the resilience engineering essential abilities are a good start-up integrating multiple- sustainability change drivers. It requires an integration of fisheries engineering expertise, sectoral and public support and new cyclic innovation strategies. Such a integrative top-down/bottom-up (design)cooperation facilitate foresight on future SME behavior and viable exploitation of fishing vessels in a life cycle innovation strategies. Such a integrative top-down/bottom-up (design)cooperation facilitate foresight on future SME behavior and viable exploitation of fishing vessels in a life cycle approach; making them less dependent on constantly changing socio-economic market mechanisms for the short and medium term as well as socio-political change drivers on the long term.</p> Frans Veestra, Hendrik Kramer Copyright (c) 2019 Frans Veestra, Hendrik Kramer http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2414 Fri, 10 Jan 2020 00:00:00 +0100 Resource-centric business continuity and resiliency planning https://open.lnu.se/index.php/rea/article/view/2423 <p>This paper presents a new framework for simple design and evaluation of business continuity and resilience plan (BCP) for medical institutions based on the categories of resources required for business continuity and the three phases of emergency response: preparedness, response, and recovery. Considering home-visit nursing stations as a use case study, this work also presents the manner in which the proposed framework can be used for the design and evaluation of BCPs.</p> Taro Kanno, Chie Ishida, Takayuki Kanesaka, Risa Okada, Takashi Kawazoe, Kazuaki Tae, Jun Sato Copyright (c) 2019 Taro Kanno, Chie Ishida, Takayuki Kanesaka, Risa Okada, Takashi Kawazoe, Kazuaki Tae, Jun Sato http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2423 Mon, 13 Jan 2020 00:00:00 +0100 Non-resilient behavior of offshore wind farms due to cyber-physical attacks https://open.lnu.se/index.php/rea/article/view/2427 <p>The share of wind power generation is steadily increasing and it reached 20.4% of Germany’s power supply in 2018. Thus wind power is becoming a critical infrastructure with major contributions to power supply and power system grid stability. Consequently a resilient operation of offshore wind farms (OWFs) is required under normal and disturbed conditions. Resilience stands for the ability of a complex system to proactively and reactively maintain its functionality and performance despite failures or manipulations.<br>A functional model describes the technical behavior of engineered, cyber-physical systems in relation to the intended task or results of the system. It is a representation of the operation, functionality and performance of the system, e.g. in the form of a block diagram. The block diagram consists of components performing, according to their technical characteristics, specified functions on the inputs. Applied to the OWF the components can be grouped into several layers representing the main functional processes.<br>Within this paper we consider the threat of system failures triggered through cyber-physical attacks, based on the vulnerability of the OWFs to such attacks as documented in the literature. Most of the main functional processes can be manipulated maliciously.</p> <p>The functional model is used to discuss the impacts of different scenarios of cyber-physical attacks and their resulting cascade effects, which may cause a non-resilient behavior of the OFW. Crucial parameters and signals can be manipulated maliciously. Limit thresholds can be exceeded by far even under normal environmental and power grid conditions. Excessive mechanical stresses, electrical and thermal loads can be realized, leading to extreme damage or even destruction of components/subsystems without the possibility of reactive intervention or timely recovery.<br>We propose measures on component and functional level for closing the mentioned security gaps to ensure the resilience of the OWF.</p> Nikolai Kulev, Albrecht Reuter, Oliver Eichhorn, Evelin Engler, Carl Wrede Copyright (c) 2019 Nikolai Kulev, Albrecht Reuter, Oliver Eichhorn, Evelin Engler, Carl Wrede http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2427 Mon, 13 Jan 2020 00:00:00 +0100 Safety-I and safety-II: opportunities for an integrated approach in the construction industry https://open.lnu.se/index.php/rea/article/view/2417 <p>Construction projects are known for their complexity characteristics, such as a large number of stakeholders, uncertainty, and a dynamic work environment. These characteristics imply that different approaches for safety management can be useful under different circumstances. For example, low severity occupational accidents are fairly common in most construction sites, and therefore these events offer useful learning opportunities. In turn, resilience across managerial and operational levels is probably ubiquitous in construction sites, regardless of being taken for granted and neglected as a source of learning. Therefore, there is an opportunity for the joint use of how Safety-I and Safety-II in construction, giving rise to more effective safety management. This paper explores how Safety-I and Safety-II can be jointly adopted in construction. The discussion is based on two case studies, one from Brazil and another from Norway, in which two safety practices – safety planning and event reporting - were analysed from the perspectives of Safety-I and Safety-II. We conclude that these two perspectives can be integrated into established practices allowing organisation to learn from accidents, incidents as well as from everyday operations.</p> Guillermina Andrea Peñaloza, Kinga Wasilkiewicz, Tarcisio Abreu Saurin, Ivonne Andrade Herrera, Carlos Torres Formoso Copyright (c) 2019 Guillermina Andrea Peñaloza, Kinga Wasilkiewicz, Tarcisio Abreu Saurin, Ivonne Andrade Herrera, Carlos Torres Formoso http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2417 Mon, 13 Jan 2020 00:00:00 +0100 The next step towards operationalizing resilience: the measurement of self-synchronization https://open.lnu.se/index.php/rea/article/view/2377 <p>The concept of resilience is becoming widely used by many industries where safety and security is crucial for success. At the last REA we’ve presented a definition of resilience that can be used in CD&amp;E experiments regarding socio-technical systems. Self-synchronization was identified to play an important role. Methods: The approach chosen towards diagnosing self-synchronization was inspired by the methods used in psychiatry to diagnose psychiatric diseases as utilized in the “Diagnostic and Statistical Manual of Mental Disorders” (DSM 5) and the International Classification of Diseases (ICD 10). This approach was chosen because it allows to diagnose certain conditions based solely on the presence or absence of easily observable and assessable conditions and observations. We introduced two categories of indicators. The first category constitutes of five factors (mandate, autonomy, communication, coordination, cooperation) and was named “threshold conditions”. These conditions are necessary for self-synchronization to occur but are not sufficient to determine if self-synchronization occurred. The second category was named “value added observations” and consists of seven factors (situational awareness, self-awareness, negotiation, dependability, motivation, sub-networks, distributed decision making). These observations are used to quantify the level of self-synchronization reached. Results: The model was applied in two different settings of war games, performed during the Multinational Capability Development Campaign (MCDC) “Info-age C2” campaign. It was possible to diagnose the level of self-synchronization reached in the exercises. Based on these results, the model was further simplified and transferred into a checklist-format that allows for real-time self-synchronization diagnosis during exercises and real-live missions. Conclusion: In this paper, we will present our experience with a newly developed diagnostic model of self-synchronization. A high-fidelity research-version will be presented together with an operational version that can be applied for the assessment of self-synchronization during real world missions.</p> Samuel W. Huber, Thomas Kuhn Copyright (c) 2019 Samuel W. Huber, Thomas Kuhn http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2377 Thu, 21 Nov 2019 00:00:00 +0100 Who? What? Where? When? a scientometrics perspective on resilience engineering https://open.lnu.se/index.php/rea/article/view/2418 <p>This paper presents an exploratory research on the application of bibliometric methods to the field of Resilience Engineering. Starting from the Kuhnian idea on the structure of scientific revolutions, the aim of this research is to define centres of research and explore how their focus changes over time. The research developments have been traced by studying the science footprints revealed by scholarly publications. Such publications constitute a dynamic and self-organizing knowledge repository which is often difficult to understand systemically. By means of bibliometric indicators, this paper aims to identify who are the major authors in the field, what are the “invisible colleges”, which sources publish main documents, and the respective significant changes over years. A further analysis has been based on the usage of Pennant diagrams for scientometrics, with the purpose of exploring the relevance of an author within a certain literature database, and with respect to other authors.<br>Through this multi-method exploratory research, we aim to provide an interpretative summary on the research of past and current community of resilience engineers. The analysis aims to define the structure of the scientific field and of the scientific community, proving the usability of meta-analytic tools coming from scientometrics for the analysis of an inter-disciplinary scientific domain such as Resilience Engineering.</p> Patriarca Riccardo, Giulio Di Gravio, Francesco Costantino, Massimo Tronci Copyright (c) 2019 Patriarca Riccardo, Giulio Di Gravio, Francesco Costantino, Massimo Tronci http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2418 Mon, 13 Jan 2020 00:00:00 +0100 Approaching overload: diagnosis and response to anomalies in complex and automated systems https://open.lnu.se/index.php/rea/article/view/2420 <p>Web production software systems operate at an unprecedented scale today, requiring extensive automation to develop and maintain services. The systems are designed to regularly adapt to dynamic load to avoid the consequences of overloading portions of the network. As the software systems scale and complexity grows, it becomes more difficult to observe, model, and track how the systems function and malfunction. Anomalies inevitably arise, challenging incident responders or SREs to recognize and understand unusual behaviors as they plan and execute interventions to mitigate or resolve the threat of service outages.<br>A study of four real cases reveals the interplay between the human and machine agents when problems disrupt the system. The analysis of the incidents directly links the cascade of disturbances below the line of representation (e.g. computer interfaces, monitoring tools) with the cognitive work of Site Reliability Engineers. The Above the Line / Below the Line Framework (ABL) changes the perspective in reviewing the cases post mortem in the tradition of Cognitive Systems Engineering and Resilience Engineering. The case study demonstrates specific and general patterns for complications to incident management in complex web operation systems, as well as directions for designing better tooling to support future, resilient work.</p> Marisa Grayson Copyright (c) 2019 Marisa Grayson http://creativecommons.org/licenses/by-nc/4.0 https://open.lnu.se/index.php/rea/article/view/2420 Mon, 13 Jan 2020 00:00:00 +0100