“Engineering a Safer World – Thinking Applied to Safety”,
by Nancy Leveson
Publisher: The MIT Press (Jan 13 2012), pages: 560
Publication Date: Jan 13 2012 | ISBN-10: 0262016621 |
ISBN-13: 978-0262016629
Cost: $40/-
Engineers are facing every day a set of new challenges, caused by a steady technological
revolution and by our increasing reliance on systems of increasing complexity.
Yet, the basic engineering techniques applied in safety and reliability
engineering, created for a simpler, analog world, have changed very little over
the years.
In the
book Nancy Leveson, Professor of Aeronautics and Astronautics and also Professor of
En-gineering Systems at MIT and IAASS fellow, describes a new approach to
safety and risk management, better suited to today's complex, socio-technical,
software-intensive world - based on modern systems thinking and systems theory.
Revisiting
and updating ideas pioneered by 1950s aerospace engineers in their System
Safety concept, and testing her new model extensively on real-world examples,
Leveson has created a new approach to safety that is more effective, less
expensive, and easier to use than current techniques. Arguing that traditional
models of causality are inadequate, Leveson presents a new, extended model of
causation (Systems-Theoretic Accident Model and Processes, or STAMP), then then
shows how the new model can be used to create techniques for system safety
engineering, including accident analysis, hazard analysis, system design,
safety in operations, and management of safety-critical systems. She applies
the new techniques to real-world events including the friendly-fire loss of a
U.S. Blackhawk helicopter in the first Gulf War; the Vioxx recall; the U.S.
Navy SUBSAFE program; and the bacterial contamination of a public water supply
in a Canadian town. Leveson's approach is relevant even beyond safety
engineering, offering techniques for "reengineering" any large
sociotechnical system to improve safety and manage risk.
STAMP is
a new model of accident causation in complex systems. The traditional model
that thinks of accidents as caused by component failures was adequate for the
relatively simplyelectro-mechanical systems for which it was created, but it
does not fit the more complex, software-intensive systems we are building
today. STAMP extends the old failure
model of accident causation to include new types of accident causes.
To improve
the success of our new space ventures, we need to go beyond the techniques and
processes created decades ago for much simpler systems. They are not powerful
enough for the increased complexity and new technology being incorporated into
to-day’s spacecraft. Systems thinking
will be needed to increase our probability of success in new missions. The
techniques and ideas in Engineering a Safer World are a start, but we will need
to improve and build on them for the future.
