A System dynamics model for analysis of safety factors in Aviation

🧾 Abstract

System dynamics is the perspective and set of conceptual tools which enable us to understand structure and dynamics of the complex systems. This tool is a subtle modeling method which gives us special ability to understand systems in simulation basis.
This study has first identified factors which have been found effective in the flight safety and then, relationship between these factors has been specified.
Finally, a model has been presented to establish relationship between these factors and strategies to increase safety, caused by them, using system dynamics.

🧠 STAMP (System-Theoretic Accident Model and Processes) is a comprehensive accident model created by Nancy Leveson that is based on systems theory. It draws on concepts from:

• ⚙️ engineering
• 📐 mathematics
• 🧪 cognitive and social psychology
• 🏢 organizational theory
• 🧑‍⚖️ political science
• 💰 economics

STAMP includes traditional failure-based models as a subset but goes beyond physical failures to include:

• 🧩 dysfunctional interactions among non-failing components
• 🔁 software and logic design errors
• 🧠 errors in complex human decision-making
• 🏭 organizational factors such as workforce, safety standards, contracts, and culture

This paper develops a system dynamics model to formalize causal interdependencies between:

• ⚙️ Technical
• 🧑 Human
• 🏢 Organizational factors

These define safety conditions in a complex industrial system.

🔑 Keywords: STAMP, system dynamics, safety, complex system, organization

🧠 Introduction

“It’s never what we don’t know that stops us. It’s what we do know that just ain’t so.”
— Attributed to Will Rogers, Mark Twain, and Josh Billings

Paradigm changes necessarily start with questioning the basic assumptions underlying what we do today.

Many beliefs about safety and why accidents occur have been widely accepted without question.
This paper examines and questions some of the most important assumptions about the cause of accidents and how to prevent them that “just ain’t so.”

While the traditional approaches worked well for the simpler systems of the past, significant changes have occurred today:

🚧 Challenges in Modern Systems:

• ⚡ Fast pace of technological change
• 🔁 Reduced ability to learn from experience
• 🧨 Changing nature of accidents
• 🧯 New types of hazards
• 🧩 Increasing complexity and coupling
• 🚫 Decreasing tolerance for single accidents
• ⚖️ Difficulty in selecting priorities and making tradeoffs
• 🤖 Complex human-automation relationships
• 🧑‍⚖️ Changing regulatory and public views

⚙️ Traditional Causation Model (Event Chain):

Accidents are seen as being caused by a chain of failure events over time, each leading to the next.

• Preventing failures in the chain is key
• Focus on increasing reliability
• Based on component failure and operator error

🔄 Updating Assumptions on Causation

A comparison between old and new assumptions provides a foundation for the new perspective

The Basis for a New Foundation for Safety Engineering

❌ Old Assumptions

• ✅ Safety is increased by increasing system or component reliability; if components do not fail, then accidents will not occur.
• 🔗 Accidents are caused by chains of directly related events. We can understand accidents and assess risk by looking at the chains of events leading to the loss.
• 📉 Probabilistic risk analysis based on event chains is the best way to assess and communicate safety and risk information.
• 🧍‍♂️ Most accidents are caused by operator error. Rewarding safe behavior and punishing unsafe behavior will eliminate or reduce accidents significantly.
• 💻 Highly reliable software is safe.
• 🎲 Major accidents occur from the chance simultaneous occurrence of random events.
• 👮 Assigning blame is necessary to learn from and prevent accidents or incidents.

📌 Hazard analysis techniques based on reliability theory do not apply to component interaction accidents.
📌 Traditional models ignore systemic causes that defeat multiple barriers and evolve risks over time (as noted by Rasmussen).

✅ New Assumptions

• 🔐 High reliability is neither necessary nor sufficient for safety.
• 🔄 Accidents are complex processes involving the entire sociotechnical system.
• 🧭 Risk and safety may be better understood using non-probabilistic methods.
• 🧑 Operator error is a product of its environment.
• 🖥 Highly reliable software is not necessarily safe.
• 📉 Increasing software reliability has minimal impact on system safety.
• ⚠️ Systems tend to migrate toward higher risk states.
• 🚫 Blame is the enemy of safety. The focus must be on system behavior as a whole.

🧩 Systems Theory & Complex Systems

Systems theory treats systems as a whole, not just the sum of parts.
It considers:

• 🔁 Nonlinear relationships
• 🔄 Feedback and feedforward control
• 🔗 Indirect causality

📊 Three Categories of Systems (Fig. 2)

1. Organized Simplicity — separable subsystems (e.g., structural mechanics)
2. Unorganized Complexity — random, but statistically predictable (e.g., statistical mechanics)
3. Organized Complexity — structured but too complex for full analysis/statistics (e.g., modern software & social systems)

Systems theory is tailored for the third type. It focuses on:

• 🧠 Whole-system interactions
• ⚖️ Social + technical integration
• 📈 Studying emergent properties like safety

💸 Why Are Safety Efforts Sometimes Not Cost-Effective?

Many safety programs spend heavily but deliver little impact. Reasons include:

1. 🎭 Superficial, isolated, or misdirected efforts
2. ⏰ Safety activities starting too late
3. ❌ Using techniques unsuitable for modern tech
4. 🔍 Over-focus on technical components
5. 🧊 Treating systems as static over time

🔁 Static vs. Dynamic View of Systems

Many current methods only analyze the event, not the process.

• Systems migrate toward risk over time
• Accidents are not random; they evolve predictably
• Example: 🚀 Columbia Space Shuttle loss — foam detachment was just one possible trigger among many ignored risks
• Organizational and economic pressures cause systemic degradation of safety

Using Systems Theory to Understand Accidents

Approaches based on systems theory consider accidents as:

• 🔄 Arising from interactions among system components
• ⚙️ Not caused by a single variable or factor

🛠 System Safety vs. Industrial Safety

• Industrial safety models focus on unsafe acts or conditions
• System safety models focus on what went wrong in the operation or organization

⚠️ Safety as an Emergent Property

Safety emerges when system components interact under controlled conditions:

• 🛑 Constraints must be enforced on interactions (e.g. “doors must be shut before departure”)
• 🚨 Accidents = violation of these constraints

🧰 Safety as a Control Problem

Failures happen when:

• 🚫 Component failures
• 🌐 External disturbances
• 🔄 Dysfunctional interactions
  …are not properly controlled.

🚀 Real-world Examples:

• Challenger: O-rings failed to contain gas due to flawed joint design
• Mars Polar Lander: Software misinterpreted sensor noise, shut off descent engine prematurely
• Milstar Satellite: Typo in software load went undetected

👉 In all cases, control structures failed to enforce safety constraints.

❓ Key Questions After an Accident

• Why didn’t the design impose constraints effectively?
• Why was this flawed design chosen?
• Why wasn’t the flaw detected earlier?
• Could there have been a better design?

🧾 Organizational Contribution

In Challenger, warnings were ignored:

• 🧊 Engineers warned about O-ring behavior in cold
• 🧪 Data on previous erosion events was underutilized
• 🔁 Feedback was missing or poorly processed

Result: Flight readiness reviews and safety procedures were compromised.

🧱 Systems Theory vs. Traditional Models

Systems theory offers:

• 💡 Better foundations than analytic reduction
• 🧩 Improved modeling of nonlinear, organizational, and human interactions

When combined with system engineering, it allows:

• 🔧 Safety to be designed from the start
• 📐 System engineering to embed safety holistically

🧠 The Role of Mental Models

Designers and operators have different mental models of the system.

• 🧑‍🔧 Designers work with idealized versions
• 🧑‍✈️ Operators engage with the real system under real-time dynamics
• 🔧 Differences in understanding may lead to failure

🧠 Types of Complexity

• 🔁 Interactive — components interacting
• 🌀 Dynamic — system changes over time
• 🧩 Decompositional — misalignment between structure and function
• ⚠️ Nonlinear — unpredictable cause-effect behavior

💥 Some systems are so complex that even experts can’t fully predict their behavior.
This complexity = Intellectual unmanageability

🕰 Throughout history, technology has often outpaced science.
Now we must catch up by:

• 📈 Strengthening existing safety tools
• 🔬 Creating new strategies for risk control

Conclusion

Engineering a safer world requires not only solving immediate problems but also constructing a system that:

• 📚 Learns over time
• 🔄 Continuously improves itself

“It is not enough to see a particular structure underlying a particular problem… this can lead to solving a problem, but it will not change the thinking that produced the problem in the first place.”
— Peter Michael Senge

🔍 Using systems thinking gives us leverage to move beyond event-based thinking and toward real accident prevention in complex systems.

🎯 So What Do We Need to Do?

To build safer systems, we should:

• 🔍 Expand our accident causation models
• 💡 Create new, more powerful and inclusive hazard analysis techniques
• 🧰 Use new system design techniques:
  • 🎯 Safety-guided design
  • 🔧 Integrate system safety more deeply into system engineering
• 📉 Improve accident analysis and post-event learning
• 🔒 Improve operational safety control
• 🧠 Enhance safety culture and decision-making quality

Figures:

Fig. 1: The Relationship between mental models.

Fig. 2: Three categories of systems

Presented at: The First Conference on Safety in Air Transportation
Date: Iran, Tehran – 24th & 25th June, 2014
Authors: Alireza Saedi¹, Vahid Amirian Malek Mian²
Affiliation: Camotech Parvaz
¹ARC Director  ²Engineer

📚 References

1. Nancy G. Leveson (2011). Engineering a Safer World, The MIT Press, Cambridge, Massachusetts.
2. Nicolas Dulac (2007). A Framework for Dynamic Safety and Risk Management Modeling in Complex Engineering Systems, Doctoral Dissertation, Massachusetts Institute of Technology.
3. Hafida Bouloiz, Emmanuel Garbolino, Mohamed Tkiouat, Franck Guarnieri (2013). A System Dynamics Model for Behavioral Analysis of Safety Conditions in a Chemical Storage Unit, HAL-00816373.
4. Reza Bakhshandeh, Keyvan Shahgholian, Alireza Shahraki (2013). Model for Reduce Flights Delays Using System Dynamics (Case Study in Iranian Airports Company), Interdisciplinary Journal of Contemporary Research in Business, Vol. 4, No. 9