Abstract
Complex systems often produce unanticipated emergent behavior as a result of the interactions between behaviorally complex sub-systems or agents. The sub-systems may be human or artificial. They may be co-located or geographically distributed and operate autonomously. Although the individual sub-systems may be tested and certified for high levels of reliability (e.g. 10-7), interactions between the sub-systems may occur so that emergent behaviors allow the system to migrate into an unsafe operating region. This may occur even when all of the sub-systems are behaving nominally and no equipment has failed. This phenomenon is called a “functional complexity failure.” In this paper, we present an analysis of a functional complexity failure that resulted in a runway excursion and discuss the options for detecting and mitigating the conditions for these “normal accidents” before the accident occurs.
Get full access to this article
View all access options for this article.