Abstract

Until research addressing control room performance in the presence of cyber events is more fully performed, and the nature of human performance requirements better characterized, the validity of contemporary HRA methods in assessing cyber event response is, at best, limited and strained. This is not surprising because many of the existing HRA methods were designed with a world in mind where event sequences and timing were accounted for in the PRA analysis, and equipment and displays, except when unavailable, were expected to work as designed. This is not the case in complex automation events or cyber events. As a result, we have to develop a robust HRA framework for cyber events that can encompass the types of human and technology failure modes associated with cyber events. We need to identify whether the performance shaping factors used in most current methods are the correct ones. Rather than delete PSFs from older HRA methods, this paper suggests 6 additional PSFs that should be considered for cyber HRA: clumsy or inadequate function allocation; lack of automation transparency; lack of cyber experience, and conflicting goals of asset protection, and worker safety; presence of conflicting information; and actions of the automation no longer predictable. Alas, many attack consequences are hard to pre-empt or predict; connectivity is not apparent, and system dependencies are unknown; and from the operator perspective, the data most needed by the operator to make a decision may be difficult to retrieve. In order to perform a proper HRA, we need to understand what operator performance requirements are to be expected during these events, and whether cues critical to task performance are likely to be present. The HRA method does not need to be full of cyber jargon; however, the analyst needs to understand how the interaction of IT with industrial control systems networks, if compromised, can lead to increased human failure events and plant risk. Finally, the application of HRA as part of a risk-based approach will identify more than just the need for better or more appropriate human machine interface or procedures, it will allow asset owners to identify the need for and put into place, the policies, controls and engineered safety features that can reduce public risk.

Original languageEnglish (US)
Pages (from-to)2061-2064
Number of pages4
JournalTransactions of the American Nuclear Society
Volume109
Issue numberPART 2
StatePublished - Jan 1 2013
Event2013 Winter Meeting on Transactions and Embedded Topical Meetings: Risk Management for Complex Socio-Technical Systems, 2nd ANS SMR 2013 Conference, Nuclear Nonproliferation - 1st Fission to the Future - Washington, DC, United States
Duration: Nov 10 2013Nov 14 2013

ASJC Scopus subject areas

  • Nuclear Energy and Engineering
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Towards physics-based seismic PRA'. Together they form a unique fingerprint.

Cite this