How can a proof of concept approach for automatic identification of hazards in complex systems be developed?
Large systems of systems (SoS) such as ATM systems are challenging to model, as creating high-fidelity simulations for safety analysis can result in models that are themselves large and difficult to explore. In order to explore these simulations effectively in the future, specifically designed algorithms may be able to discover hazards automatically and offer causal traces describing how these hazardous situations initially develop. The project investigates how we can use metaheuristic search to manipulate and configure ATM simulation models, so that a huge number of pathways and subsystem combinations can be explored without the need for manual intervention. Predicting the consequences of making changes to part of a SoS can be difficult. Emergent properties, such as self-organisation, manifest themselves above the level of individual subsystems, making it hard to predict how the system behaves. With pressure on safety-critical systems such as ATM to become larger and more complex, there is a growing risk that manual safety analysis methods will reach the limit of their capabilities before we have had chance to formulate alternative techniques. In response to this, the project has researched a proof-of-concept approach that enables future SESAR applications to automatically explore and safety check proposed changes to ATM scenarios. Therefore, the project objectives were to provide the groundwork for a future, fully-automated hazard discovery process that can be used on an ATM SoS and demonstrate the potential for tool-based evidence to support the process of change management in SoS.
The aim of ASHiCS was to develop a proof of concept approach for automatic identification of hazards in complex systems. The two-stage search process not only demonstrated the identification of hazardous scenarios, it helped analysts understand the context in which these hazards occur and thus their place in the risk landscape of the whole system. The overall ASHiCS process produced a set of high-risk variant situations, which can then be studied in depth. This study started in the original simulation, and then progressed to higher-fidelity models and complementary analysis approaches. The contribution of ASHiCS is to identify the situation types that generate the worst cases, analyse them, and then investigate how to prevent configurations of inputs leading to hazards in the air sector being modelled.