- Email: [email protected]
Human Interface Design for Highly Automated Power Generating Plants
Copyright (l;) IFAC Integrated Systems Engineering. Baden-Baden. Gennany. 1994
HUMAN INTERFACE DESIGN FOR HIGHLY AUTOMATED POWER GENERATING PLANTS
Kensuke Kawai. Hiroshi Takaoka Toshiba Corporation. Tokyo. Japan
Abstract This paper discusses a human interface design concept and describes an actual design example of the latest application in a power generating plant. Recent new trends, such as modernization of central control rooms, introduction of flexible multiple windows display, and the adoption of large projection screen, are considered to enhance the communication between a human operator and the computer system. After discussing functional requirements, human interface design principles and outstanding functions, we propose a rule-based process information navigator (PIN) concept based on evolutional ergonomics. Keywords. supervisory control, human operator, task allocation, human interface, process automation
1. INTRODUCTION
requirements of a C&I (Control and Instrumentation)system for power generating unit with high degrees of automation including its system configuration. It goes on to discuss design principles and outstanding features of the human interface (HI) functions.
This paper discusses a current human interface design concept and gives an actual design example of the latest application in the field of power generating plants. In a highly automated system of this field, "one-man operation" is used to reduce the number of human operators to a minimum (Kawai, 1992).
Finally, we introduce a rule-based process information navigator (PIN) concept and discuss it from the view point of "evolutional ergonomics" .
Recently, however, new features must be provided to a human operator (Takaoka, 1994): • Modernization of the central control room to enhance CRT operation functions eliminating hardware switches and recorders • Flexible, multiple windows display to improve the level of interaction between a human operator and the computer system • Multimedia capability by introducing engineering workstations or adopting large projection screen (II0-inch class, for example) to share process information among human operators
What is HUMAN? It is an essentially important matter how to regard or define "HUMAN" from system designer's viewpoint. Here, HUMAN refers to human operators and their supervisor. The overall system model by a system designer is shown in Figure I. This model is called a hierarchical macro model, which consists of HUMAN, COMPUTER and MACHINE.
After giving a brief introduction of general defi-
HUMAN has a plant operational responsibility
nitions
of communicating with COMPUTER. The super-
of
HUMAN,
COMPUTER,
2. DEFINITION OF HUMAN, COMPUTER, AND MACHINE
and
visory functions by HUMAN are the integrated
MACHINE, this paper describes functional 237
plant monitoring, the knowledge-based level of judgement, and the supervisory and complementary operations of automation.
emergencies Functional allocation of this computerized automation will be discussed later in this paper.
Although it is described (Bainbridge, 1987) that the "designer's view of the human operator may be that the operator is unreliable and inefficient, so should be eliminated from the system", this approach is denied in that paper, for two kinds of ironic problem exist.
What is MACHINE? MACHINE here is a dynamic process such as power generating plants including both plant controllers and plant protection equipment. A peculiar characteristic of this dynamic process is that the internal process states change their values by automatically interacting with plant controllers regardless of an operator's intervention.
The appropriate designer's view of the human operator is as follows: • A human operator can be unreliable sometimes, and become inefficient for some tasks, but he or she should never be eliminated from the system, however highly the system may be automated. • It is of primary importance for the designer to provide to the human operator a means to cope with the process operating problems, ideally speaking, even if unexpected or unpredicted process events (system accidents) might happen. The most important design feature of automation is its "usability" by human operators, which means it is not just accepted by them, but also used easily and positively. Accordingly, the functional allocation between human operators and a computerized automation system becomes the design issue of human interface.
In highly automated power generating plants, all the state transitions of plant operation are manipulated, basically, by a computer system. After the introduction of distributed microprocessor systems in the early 80's, the overall system complexity increased. Much more process information is made available in the automated computer system. For example, process data communication with sequential controllers and annunciators increased considerably (20,000 to 30,000 points, for example) to provide more necessary, but more detailed, information than ever before. It becomes a matter of good design for a highly automated system to give to the human operator the right kind of information in the right quantity and format.
What is COMPUTER? There are two types of computer systems; one is called the human interactive computer and the other is called task interactive computer (Sheridan, 1992). The highly automated system in this paper corresponds to the type of human interactive computer.
3. HUMAN-COMPUTER INTERACTION IN HIGHLY AUTOMATED SYSTEMS Based upon the definitions of HUMAN, COMPUTER, and MACHINE, the human-computer interaction in highly automated power generating plants is shown in Figure 2. Although there are other kinds of interactions (Sheridan, 1992), a simpler interactive philosophy is adopted and mod ified after three levels of interaction (Y oon, 1988). Because the operator should utilize the human interactive computer in an on-line, realtime basis, we adopted an interaction approach that consists of "directing", "suggesting" and "information exchange". The final decision maker, however, is the human operator regardless of any interaction level at any timing, to achieve a huma n-centered design concept.
When it comes to any automation systems, It IS inevitable for the computer to take some expertise of the human operator to achieve the design goals of the automation system . It is important for a system designer to provide an automation system to the operator that does not alienate him, however high the degree of automation is. The major design goals for a highly automated power generating plant are classified into the following three items: • Plant operational reliability improvement during start-up and shutdown • Human opemtor's usability improvement during normal operation • Plant operational safely improvement during
4. FUNCTIONAL REQUIREMENTS OF "COMPUTER" As
238
;J 1\
pical example of human interface design
• Transferring emergencies to suitable normal operating modes as soon as possible The functional allocation between HUMAN and COMPUTER for safety improvement is of primary importance and further to be studied.
for a dynamic process, the HI (Human Interface) design problem of power generating plant is discussed here. Although many standard DCS (Digital Control System) systems are available, none of them has the highly automated functions as we have described.
Design approach for judgement supPOrt Although there are many examples available such as sophisticated alarm systems, and intelligent decision support systems, those systems are not regarded as useful or effective for preventing system accidents. If knowledge-based systems are not practical for solving the unanticipated operational problems, there is a question as to what sort of solution can be expected from the designers' point of view.
There are three basic conditions to consider when reviewing functional requirements of COMPUTER: • Highly reliable (duplicated) system configuration with more than 8000 hours of mean time between system down • Daily start-up and shutdown operations expected for more than 150 times per year • A smaller central control room eliminating as many switches and recorders as possible, introducing CRT (VDU) operation
Handling the floods of information brought on by the increase in system complexity is another problem for the system designer to solve. In highly automated systems, for example, more than 25,000 points of process data and 500 graphs are prepared to be accessible to the HUMAN. The evolutional systems approach based on firm ergonomic design concept could be a possible solution from the long term.
As a result of the general functional requirements analysis, the major functional groups are classified into five different functions: dialogue functions, information conversion functions, monitoring functions, operation functions, and judgement functions. Dialogue functions and information conversion functions are used to communicate with HUMAN and MACHINE, respectively . The remaining three COMPUTER functions are analyzed based on operational goals and functional allocation between HUMAN pnd COMPUTER.
5. DESIGN PRINCIPLE OF HUMAN INTERFACE After introduction of a full graphic CRT with zooming capability, the multiple windows display for process supervision became practical in the mid 80's. A four-window display, especialIy, was introduced to enhance HUMAN-COMPUTER communications to utilize the CRT's graphic potential. The keyboard was eliminated from the human interface design and a touch sensitive screen was introduced to communicate with the COMPUTER.
Process monitoring Operational goals of this function are: .Reduction of start-up/shutdown time • Improvement of reproducibility for startup/shutdown operation • Reduction in MACHINE's life-time expenditure Functional allocation between HUMAN and COMPUTER for usability improvement is quite important. COMPUTER functions can be re-activated with new parameters given from HUMAN according to the situation progress such as a schedule calculation modification request or a CRT operation request caused by a automation suspension.
A!though many general guidelines and experimental reports on human interface design are available, and some application examples are also published to cope with system accidents such as TMl, information is still lacking in the basic design principles to be shared among system designers of human interface for highly automated process.
Process operation Operational goals of this function are: • Analyzing the entire process status as early as possible • Avoiding the process trips and accidents as much as possible
Evolutionary ergonomics (De Green, 1991), or iter-Itive developmeOl of user interface (Nielsen , 1993) are advocated to reach the usable human interface design through refinement based 1111 lessons learned from user participation and from 239
• PID window display (on-demand), historical trend display (on-demand) for dialogue functions • Super-imposed ITV images with alarm message display for process monitoring functions • Automation progress display, logic chart display, process data simulation display, and automation message display in a four-window display format for process operation functions
previous iterations. This evolutionary design approach will be quite powerful when an evaluation procedure for human interface is properly established correlating design philosophy of COMPUTER with high degrees of automation. The design principle of the human interface (Kawai,1990) was discussed based on the functional and requirement analysis . Although those functions for process monitoring, process operation and dialogue with HUMAN can be designed systematically, judgement support functions should be treated carefully to avoid the alienation of a human operator. A system designer should consider the principle that COMPUTER sha1J not replace the judgement functions of HUMAN.
6. IMPLICATIONS FOR DESIGN OF PROCESS INFORMATION NAVIGATOR As the system complexity increases to the extent that HUMAN can no longer grasp the plant status properly or rapidly, handling the "sea of information" with ease becomes one of the most important areas for the system designer. The process information search methodology based on process locations, equipment relations or time occurrence must be innovated to provide a new information tool for the human operator. The process information navigator (PIN) concept is a means to achieve a kind of efficient dynamic task allocation between the HUMAN and COMPUTER.
The design principle of human interface is given in Figure 3. Design goals or design concepts, basic philosophy of HUMAN-COMPUTER interaction, and major COMPUTER functions to be provided for are summarized in this figure . In order to iIlustrate HUMAN-COMPUTER operational priority in a process operation function, the following is given as a standard practice for highly automated power generating unit in this order (Kawai, 1984): • Plant protection interlocks in MACHINE • HUMAN as a decision maker .Plant control logics in MACHINE • Plant automation by COMPUTER
The design concept of PIN is to realize the rulebased agent architecture for a functional selection to a human operator and to support the human operator's decision in a distributed system configuration era.
Inside the process automation by COMPUTER, the following operational priority and flexibility are considered to achieve the HUMAN-centered process automation: • A utomation console in-serv ice/out-of-service • Automation phase selected to unit start-up, unit shutdown, normal operation , or emergency • Automation subcontrol groups divided into severdl groups to up to 20 groups
The term "rule-based" here is based conceptually on Rasmussen's human operator model (Rasmussen, 1986). In our application, the rulebased plant table method (Kawai, 1992) is used. It proved flexible and of real-time nature, although "rule-based" system as a general artificial intell igence architecture receives the same criticism on its inflexibility if it is applied to a DSS (Decision Support System) system (De Green, 1991).
Various evolutional improvements are built into the latest system design such as the COMPUTER 's intervention for deleting the automation ph:.lse, bumpless transfer of automation in-service/out-of-service at any time, and an additional pl:.lnt interlock circuit to complement the software interlocks.
A !though the multi-agent architecture in the areaof electrical network (Avouris, 1993) is proposed for user interface design, a conflict resolution mechanism by a rule-based method for a dyn:.lmic system with a high degree of automation still needs much research and development. I\. proposed concept of a PIN is shown in Figure 4.
Example of HI functions The: latest design examples for human friendli· ness of HI functions are (Takaoka,1994):
I\.s ~ hown
in this fig.urc, thl' PIN selects suitable knowlecige on detection of the process event of
240
/
\rHUMANJ
< Human
D
-
I
o~rltor
< System OHlgn., >
> Oir.ctina
._._~!!Ii9.·.'.li~.lL . _
~,~~ , , "
COMPUTER
HUMAN
<§)
___ J~f2T'ln~ ___ ..
1
rCOMPUTERJ "
On'onY" operation in
1
Oirectin~
I
Menul mod.'s of
highly lutorNt.d
1-._.~.u.II9.·~'!!V_._ .
HUMAN. COMPUTER.
syst.m
~
and MACHINE
",
__ J!!12u".l'lll____
'\
/'
I
l
Directing,' ,
I
nf~'min9'
I'
I
I
I
,
Inf?,ming I
< Industri., Proctis>
t Oynllmial system of controU'B. pI.nt protection equipment.
.nd I.nson/actuaton.
MACHINE
......... Directing •• ~ !.uggHting
0 - . Informing
Hierarchical macro model of HUMAN, COMPUTER, MACHINE
Fig. 1
Interaction among HUMAN, COMPUTER, MACHINE
Fig.2
[ Judgement 1
Human Operator
, ,,
,, ,
I I I I I I
[ Dialogue 1
Infofl1\ation
"
~-;::==:::;-~--'. . . "\ (I) Ilnt.racti ....... 1 \
, I
\
(2) Consilt.ncy of ,nte,.roon
\
I
\
I
I
,, ,
\
(3) Provid,ng flexible int.rlcti.,. functions
I I
\
I
,,
I
\
, I
[ Operation I'
/[ Monitoring 1 (I)
COMPUTER
IUsability I
(2) Follow-up ch.racteristlcs to pI.nt dynamics
(I)
I Reliability I
(2)
fist r'spc)"H in
prOCflSing of
interolCtion
si
(3) Provid,ng global
(3) Providing. MnH of
information acuss
direct manipulation
functions
(not••) (I) I Dflign Goal (concept)
I
Fig.4
(2) 'asic id.a 01 HCI (3) Required functions to be provided
Fig.3
Design principles of human interface
241
Concept of Process Information Navigator (PIN)
MACHINE and also applicable knowledge based on the judgement of COMPUTER. This PIN communicates with the following subsystems, which correspond to each level of HUMAN's cognitive infonnation processing: • Skill-base-slip avoidance subsystem • Rule-base- PIN with multimedia human interface subsystem • Knowledge-base- intelligent fail-safe subsystem (Kawai, 1992) with a high-speed simulation subsystem
• Kawai,K. et al(l984).Design principle and its backgraund practices for reliable computerized power plant automation, IEEE IECON '84, pp.667-672. Kawai,K. et al(1990).Human interface design for power generating plant monitoring & control, SICE 6th Human Interface Symposium. Kawai,K.(1992).Human interface technology in power plant monitoring and control system, In K.Hiroi(Ed.), Theory and Application of Control System Technology. Denkishoin. Neilsen,J.(1993). Iterative User-Interface Design, IEEE COMPUTER, Nov., pp.32-41. J.Rasmussen(1986).Infonnation Processing and Human-Machine Interaction-An Approach to Cognitive Engineering. Elsavier Science Publishing Co., New York. • Rouse,W .B(1981 ).Human computer interaction in the control of dynanmic systems, ACM Comput. Surv.Vo13,No.l(Mar.),pp.71-99. Sheridan, T.B(1992).Telerobotics. Automation. and Human Supervisory Control. The MIT Press • Takaoka,H.et al(1994).Advanced infonnation and control systems for power generating plants, GS series, Toshiba Review, Feb. Yoon,W .C.(1988).Deep reasoning fault diagnosis : An aid and model, IEEE SMC-18, NoA pp.659-679.
The PIN can selects suitable displays to support the human operator as an intelligent co-worker to visualize such functions as : • Filtered alann display and abstract level display on the process monitoring window • Allowance-to-trip display and process prediction display on the judgement window • Automatic operation selection display on the process operation window • Related process parameter display on the dialogue window If a human operator selects displays, those will over rule those selected by PIN. 7. CONCLUSION In this paper a C&I system with high degrees of automation is discussed from the definition of HUMAN, COMPUTER, MACHINE, to a proposal of a process infonnation navigator. Special emphasis is applied on the design aspect of human interface for a highly automated power generating plant. The evolutional design approach is advocated as a means to narrow the gap between ergonomic principles and real-world human inferface implimentation. REFERENCE Avouris,N.M. et al(1993) .User interface design for cooperating agents in industrial prosess supervision and control appplcations, Int. J. Man-Machine Studies, 38,873-890. Bainbridge,L(1987).Ironies of automation,in J.Rasmussen, K.Duncan, J.Leplat, New Technology and Human Error, John WiJey. De Greene,K.B( 1991 }.Emergent Complexity and Person-Machine Systems, Int. J. Man Machine Studies, vol.35, pp.219-234. Kawai,K(1984).Operator friendly man-machine system for compulerized power plant automation, IFAC 9th world congress , Budapcsl. Hungary.
242
HUMAN INTERFACE DESIGN FOR HIGHLY AUTOMATED POWER GENERATING PLANTS
Kensuke Kawai. Hiroshi Takaoka Toshiba Corporation. Tokyo. Japan
Abstract This paper discusses a human interface design concept and describes an actual design example of the latest application in a power generating plant. Recent new trends, such as modernization of central control rooms, introduction of flexible multiple windows display, and the adoption of large projection screen, are considered to enhance the communication between a human operator and the computer system. After discussing functional requirements, human interface design principles and outstanding functions, we propose a rule-based process information navigator (PIN) concept based on evolutional ergonomics. Keywords. supervisory control, human operator, task allocation, human interface, process automation
1. INTRODUCTION
requirements of a C&I (Control and Instrumentation)system for power generating unit with high degrees of automation including its system configuration. It goes on to discuss design principles and outstanding features of the human interface (HI) functions.
This paper discusses a current human interface design concept and gives an actual design example of the latest application in the field of power generating plants. In a highly automated system of this field, "one-man operation" is used to reduce the number of human operators to a minimum (Kawai, 1992).
Finally, we introduce a rule-based process information navigator (PIN) concept and discuss it from the view point of "evolutional ergonomics" .
Recently, however, new features must be provided to a human operator (Takaoka, 1994): • Modernization of the central control room to enhance CRT operation functions eliminating hardware switches and recorders • Flexible, multiple windows display to improve the level of interaction between a human operator and the computer system • Multimedia capability by introducing engineering workstations or adopting large projection screen (II0-inch class, for example) to share process information among human operators
What is HUMAN? It is an essentially important matter how to regard or define "HUMAN" from system designer's viewpoint. Here, HUMAN refers to human operators and their supervisor. The overall system model by a system designer is shown in Figure I. This model is called a hierarchical macro model, which consists of HUMAN, COMPUTER and MACHINE.
After giving a brief introduction of general defi-
HUMAN has a plant operational responsibility
nitions
of communicating with COMPUTER. The super-
of
HUMAN,
COMPUTER,
2. DEFINITION OF HUMAN, COMPUTER, AND MACHINE
and
visory functions by HUMAN are the integrated
MACHINE, this paper describes functional 237
plant monitoring, the knowledge-based level of judgement, and the supervisory and complementary operations of automation.
emergencies Functional allocation of this computerized automation will be discussed later in this paper.
Although it is described (Bainbridge, 1987) that the "designer's view of the human operator may be that the operator is unreliable and inefficient, so should be eliminated from the system", this approach is denied in that paper, for two kinds of ironic problem exist.
What is MACHINE? MACHINE here is a dynamic process such as power generating plants including both plant controllers and plant protection equipment. A peculiar characteristic of this dynamic process is that the internal process states change their values by automatically interacting with plant controllers regardless of an operator's intervention.
The appropriate designer's view of the human operator is as follows: • A human operator can be unreliable sometimes, and become inefficient for some tasks, but he or she should never be eliminated from the system, however highly the system may be automated. • It is of primary importance for the designer to provide to the human operator a means to cope with the process operating problems, ideally speaking, even if unexpected or unpredicted process events (system accidents) might happen. The most important design feature of automation is its "usability" by human operators, which means it is not just accepted by them, but also used easily and positively. Accordingly, the functional allocation between human operators and a computerized automation system becomes the design issue of human interface.
In highly automated power generating plants, all the state transitions of plant operation are manipulated, basically, by a computer system. After the introduction of distributed microprocessor systems in the early 80's, the overall system complexity increased. Much more process information is made available in the automated computer system. For example, process data communication with sequential controllers and annunciators increased considerably (20,000 to 30,000 points, for example) to provide more necessary, but more detailed, information than ever before. It becomes a matter of good design for a highly automated system to give to the human operator the right kind of information in the right quantity and format.
What is COMPUTER? There are two types of computer systems; one is called the human interactive computer and the other is called task interactive computer (Sheridan, 1992). The highly automated system in this paper corresponds to the type of human interactive computer.
3. HUMAN-COMPUTER INTERACTION IN HIGHLY AUTOMATED SYSTEMS Based upon the definitions of HUMAN, COMPUTER, and MACHINE, the human-computer interaction in highly automated power generating plants is shown in Figure 2. Although there are other kinds of interactions (Sheridan, 1992), a simpler interactive philosophy is adopted and mod ified after three levels of interaction (Y oon, 1988). Because the operator should utilize the human interactive computer in an on-line, realtime basis, we adopted an interaction approach that consists of "directing", "suggesting" and "information exchange". The final decision maker, however, is the human operator regardless of any interaction level at any timing, to achieve a huma n-centered design concept.
When it comes to any automation systems, It IS inevitable for the computer to take some expertise of the human operator to achieve the design goals of the automation system . It is important for a system designer to provide an automation system to the operator that does not alienate him, however high the degree of automation is. The major design goals for a highly automated power generating plant are classified into the following three items: • Plant operational reliability improvement during start-up and shutdown • Human opemtor's usability improvement during normal operation • Plant operational safely improvement during
4. FUNCTIONAL REQUIREMENTS OF "COMPUTER" As
238
;J 1\
pical example of human interface design
• Transferring emergencies to suitable normal operating modes as soon as possible The functional allocation between HUMAN and COMPUTER for safety improvement is of primary importance and further to be studied.
for a dynamic process, the HI (Human Interface) design problem of power generating plant is discussed here. Although many standard DCS (Digital Control System) systems are available, none of them has the highly automated functions as we have described.
Design approach for judgement supPOrt Although there are many examples available such as sophisticated alarm systems, and intelligent decision support systems, those systems are not regarded as useful or effective for preventing system accidents. If knowledge-based systems are not practical for solving the unanticipated operational problems, there is a question as to what sort of solution can be expected from the designers' point of view.
There are three basic conditions to consider when reviewing functional requirements of COMPUTER: • Highly reliable (duplicated) system configuration with more than 8000 hours of mean time between system down • Daily start-up and shutdown operations expected for more than 150 times per year • A smaller central control room eliminating as many switches and recorders as possible, introducing CRT (VDU) operation
Handling the floods of information brought on by the increase in system complexity is another problem for the system designer to solve. In highly automated systems, for example, more than 25,000 points of process data and 500 graphs are prepared to be accessible to the HUMAN. The evolutional systems approach based on firm ergonomic design concept could be a possible solution from the long term.
As a result of the general functional requirements analysis, the major functional groups are classified into five different functions: dialogue functions, information conversion functions, monitoring functions, operation functions, and judgement functions. Dialogue functions and information conversion functions are used to communicate with HUMAN and MACHINE, respectively . The remaining three COMPUTER functions are analyzed based on operational goals and functional allocation between HUMAN pnd COMPUTER.
5. DESIGN PRINCIPLE OF HUMAN INTERFACE After introduction of a full graphic CRT with zooming capability, the multiple windows display for process supervision became practical in the mid 80's. A four-window display, especialIy, was introduced to enhance HUMAN-COMPUTER communications to utilize the CRT's graphic potential. The keyboard was eliminated from the human interface design and a touch sensitive screen was introduced to communicate with the COMPUTER.
Process monitoring Operational goals of this function are: .Reduction of start-up/shutdown time • Improvement of reproducibility for startup/shutdown operation • Reduction in MACHINE's life-time expenditure Functional allocation between HUMAN and COMPUTER for usability improvement is quite important. COMPUTER functions can be re-activated with new parameters given from HUMAN according to the situation progress such as a schedule calculation modification request or a CRT operation request caused by a automation suspension.
A!though many general guidelines and experimental reports on human interface design are available, and some application examples are also published to cope with system accidents such as TMl, information is still lacking in the basic design principles to be shared among system designers of human interface for highly automated process.
Process operation Operational goals of this function are: • Analyzing the entire process status as early as possible • Avoiding the process trips and accidents as much as possible
Evolutionary ergonomics (De Green, 1991), or iter-Itive developmeOl of user interface (Nielsen , 1993) are advocated to reach the usable human interface design through refinement based 1111 lessons learned from user participation and from 239
• PID window display (on-demand), historical trend display (on-demand) for dialogue functions • Super-imposed ITV images with alarm message display for process monitoring functions • Automation progress display, logic chart display, process data simulation display, and automation message display in a four-window display format for process operation functions
previous iterations. This evolutionary design approach will be quite powerful when an evaluation procedure for human interface is properly established correlating design philosophy of COMPUTER with high degrees of automation. The design principle of the human interface (Kawai,1990) was discussed based on the functional and requirement analysis . Although those functions for process monitoring, process operation and dialogue with HUMAN can be designed systematically, judgement support functions should be treated carefully to avoid the alienation of a human operator. A system designer should consider the principle that COMPUTER sha1J not replace the judgement functions of HUMAN.
6. IMPLICATIONS FOR DESIGN OF PROCESS INFORMATION NAVIGATOR As the system complexity increases to the extent that HUMAN can no longer grasp the plant status properly or rapidly, handling the "sea of information" with ease becomes one of the most important areas for the system designer. The process information search methodology based on process locations, equipment relations or time occurrence must be innovated to provide a new information tool for the human operator. The process information navigator (PIN) concept is a means to achieve a kind of efficient dynamic task allocation between the HUMAN and COMPUTER.
The design principle of human interface is given in Figure 3. Design goals or design concepts, basic philosophy of HUMAN-COMPUTER interaction, and major COMPUTER functions to be provided for are summarized in this figure . In order to iIlustrate HUMAN-COMPUTER operational priority in a process operation function, the following is given as a standard practice for highly automated power generating unit in this order (Kawai, 1984): • Plant protection interlocks in MACHINE • HUMAN as a decision maker .Plant control logics in MACHINE • Plant automation by COMPUTER
The design concept of PIN is to realize the rulebased agent architecture for a functional selection to a human operator and to support the human operator's decision in a distributed system configuration era.
Inside the process automation by COMPUTER, the following operational priority and flexibility are considered to achieve the HUMAN-centered process automation: • A utomation console in-serv ice/out-of-service • Automation phase selected to unit start-up, unit shutdown, normal operation , or emergency • Automation subcontrol groups divided into severdl groups to up to 20 groups
The term "rule-based" here is based conceptually on Rasmussen's human operator model (Rasmussen, 1986). In our application, the rulebased plant table method (Kawai, 1992) is used. It proved flexible and of real-time nature, although "rule-based" system as a general artificial intell igence architecture receives the same criticism on its inflexibility if it is applied to a DSS (Decision Support System) system (De Green, 1991).
Various evolutional improvements are built into the latest system design such as the COMPUTER 's intervention for deleting the automation ph:.lse, bumpless transfer of automation in-service/out-of-service at any time, and an additional pl:.lnt interlock circuit to complement the software interlocks.
A !though the multi-agent architecture in the areaof electrical network (Avouris, 1993) is proposed for user interface design, a conflict resolution mechanism by a rule-based method for a dyn:.lmic system with a high degree of automation still needs much research and development. I\. proposed concept of a PIN is shown in Figure 4.
Example of HI functions The: latest design examples for human friendli· ness of HI functions are (Takaoka,1994):
I\.s ~ hown
in this fig.urc, thl' PIN selects suitable knowlecige on detection of the process event of
240
/
\rHUMANJ
< Human
D
-
I
o~rltor
< System OHlgn., >
> Oir.ctina
._._~!!Ii9.·.'.li~.lL . _
~,~~ , , "
COMPUTER
HUMAN
<§)
___ J~f2T'ln~ ___ ..
1
rCOMPUTERJ "
On'onY" operation in
1
Oirectin~
I
Menul mod.'s of
highly lutorNt.d
1-._.~.u.II9.·~'!!V_._ .
HUMAN. COMPUTER.
syst.m
~
and MACHINE
",
__ J!!12u".l'lll____
'\
/'
I
l
Directing,' ,
I
nf~'min9'
I'
I
I
I
,
Inf?,ming I
< Industri., Proctis>
t Oynllmial system of controU'B. pI.nt protection equipment.
.nd I.nson/actuaton.
MACHINE
......... Directing •• ~ !.uggHting
0 - . Informing
Hierarchical macro model of HUMAN, COMPUTER, MACHINE
Fig. 1
Interaction among HUMAN, COMPUTER, MACHINE
Fig.2
[ Judgement 1
Human Operator
, ,,
,, ,
I I I I I I
[ Dialogue 1
Infofl1\ation
"
~-;::==:::;-~--'. . . "\ (I) Ilnt.racti ....... 1 \
, I
\
(2) Consilt.ncy of ,nte,.roon
\
I
\
I
I
,, ,
\
(3) Provid,ng flexible int.rlcti.,. functions
I I
\
I
,,
I
\
, I
[ Operation I'
/[ Monitoring 1 (I)
COMPUTER
IUsability I
(2) Follow-up ch.racteristlcs to pI.nt dynamics
(I)
I Reliability I
(2)
fist r'spc)"H in
prOCflSing of
interolCtion
si
(3) Provid,ng global
(3) Providing. MnH of
information acuss
direct manipulation
functions
(not••) (I) I Dflign Goal (concept)
I
Fig.4
(2) 'asic id.a 01 HCI (3) Required functions to be provided
Fig.3
Design principles of human interface
241
Concept of Process Information Navigator (PIN)
MACHINE and also applicable knowledge based on the judgement of COMPUTER. This PIN communicates with the following subsystems, which correspond to each level of HUMAN's cognitive infonnation processing: • Skill-base-slip avoidance subsystem • Rule-base- PIN with multimedia human interface subsystem • Knowledge-base- intelligent fail-safe subsystem (Kawai, 1992) with a high-speed simulation subsystem
• Kawai,K. et al(l984).Design principle and its backgraund practices for reliable computerized power plant automation, IEEE IECON '84, pp.667-672. Kawai,K. et al(1990).Human interface design for power generating plant monitoring & control, SICE 6th Human Interface Symposium. Kawai,K.(1992).Human interface technology in power plant monitoring and control system, In K.Hiroi(Ed.), Theory and Application of Control System Technology. Denkishoin. Neilsen,J.(1993). Iterative User-Interface Design, IEEE COMPUTER, Nov., pp.32-41. J.Rasmussen(1986).Infonnation Processing and Human-Machine Interaction-An Approach to Cognitive Engineering. Elsavier Science Publishing Co., New York. • Rouse,W .B(1981 ).Human computer interaction in the control of dynanmic systems, ACM Comput. Surv.Vo13,No.l(Mar.),pp.71-99. Sheridan, T.B(1992).Telerobotics. Automation. and Human Supervisory Control. The MIT Press • Takaoka,H.et al(1994).Advanced infonnation and control systems for power generating plants, GS series, Toshiba Review, Feb. Yoon,W .C.(1988).Deep reasoning fault diagnosis : An aid and model, IEEE SMC-18, NoA pp.659-679.
The PIN can selects suitable displays to support the human operator as an intelligent co-worker to visualize such functions as : • Filtered alann display and abstract level display on the process monitoring window • Allowance-to-trip display and process prediction display on the judgement window • Automatic operation selection display on the process operation window • Related process parameter display on the dialogue window If a human operator selects displays, those will over rule those selected by PIN. 7. CONCLUSION In this paper a C&I system with high degrees of automation is discussed from the definition of HUMAN, COMPUTER, MACHINE, to a proposal of a process infonnation navigator. Special emphasis is applied on the design aspect of human interface for a highly automated power generating plant. The evolutional design approach is advocated as a means to narrow the gap between ergonomic principles and real-world human inferface implimentation. REFERENCE Avouris,N.M. et al(1993) .User interface design for cooperating agents in industrial prosess supervision and control appplcations, Int. J. Man-Machine Studies, 38,873-890. Bainbridge,L(1987).Ironies of automation,in J.Rasmussen, K.Duncan, J.Leplat, New Technology and Human Error, John WiJey. De Greene,K.B( 1991 }.Emergent Complexity and Person-Machine Systems, Int. J. Man Machine Studies, vol.35, pp.219-234. Kawai,K(1984).Operator friendly man-machine system for compulerized power plant automation, IFAC 9th world congress , Budapcsl. Hungary.
242