Research

New Approaches to Accident Modeling and System Safety

Current analytic risk approaches are based largely on the assumption that accidents and serious losses arise from a linear chain of directly related system component failures, human errors, or energy-related events. These traditional causality models do not adequately account for multiple indirect, non-linear, and feedback relationships among events. They also do not explain accidents that do not involve component “failures” but which instead are caused by dysfunctional component interactions. Each component functions individually within a standard or acceptable performance range or in the context of an appropriate objective, and yet together the component interactions lead to a loss.

ESD researchers are developing new, powerful accident causality models and risk management techniques that can handle the complexity of today’s technical and social systems. Using systems and control theory as the mathematical foundations and a causality model (called STAMP) that expands traditional models, the researchers are constructing computational models of the static (structural) and dynamic aspects of complex, socio-technical systems to provide information about potential risks.

This new approach to risk analysis and management has been successfully demonstrated on technical systems such as building safety into the design of new NASA spacecraft and assessing the potential for an inadvertent launch in the new US missile defense system. At the social system level, it is being applied to such diverse applications as health care, space shuttle operations, pharmaceuticals, food safety, and corporate fraud. It is potentially applicable to any safety-critical, socio-technical infrastructure.

NASA Employee Gap for Completing the Shuttle Replacement
Unless Congress Relaxes Hiring Constraints

Leveson, N ., “A New Accident Model for ngineering Safer Systems,” Safety Science, 42(4), April 2004.