Ontology based Modelling of Operator Training Simulator Scenarios

from Human Error Reports

Flávio Torres Filho

, Yuska Paola Costa Aguiar

and Maria de Fátima Queiroz Vieira

Post-Graduate Program in Electrical Engineering, Federal University of Campina Grande, Campina Grande, Brazil

Department of Computing, Federal University of Paraiba, Rio Tinto, Brazil

Department of Electrical Engineering, Federal University of Campina Grande, Campina Grande, Brazil

Keywords: Operator Training Systems, Ontology based Modelling, Training Scenarios, Human Error.

Abstract: In industrial systems’ simulated environments the assimilation of technical procedures by the operators

under training is enhanced by reproducing similar to real situations experienced in the workplace. The

experience and learning acquired in simulators is directly related to the quality and realism of the proposed

training scenarios. On the other hand, the experience acquired is even more conducive to good working

practices when it involves situations known to lead into errors. Often training scenarios are dependent on the

tutor’s experience and the knowledge of operator difficulties in the work environment. This paper proposes

a systematic approach for building training scenarios to be simulated, based on the analysis and

reproduction of situations described in the working environment error reports. This approach is based on the

instantiation of ontologies built for both domains, covering the knowledge on both the error situations and

operator training scenarios. This study is focused in the domain of electric power systems operation.

1 INTRODUCTION

The experience and learning acquired with

simulators is directly related to the quality and

realism of the proposed training scenarios. Different

authors have demonstrated the potential of using

ontologies to support the development of simulators

and for modelling training scenarios for different

domains (Parisi et. al., 2007; Long, 2010; Rocha et.

al., 2013; Gorecky et. al., 2014). On the other hand,

contrasting with the cited work, this paper proposes

a systematic approach for building training scenarios

for electrical power system operators in simulating

environments from error scenarios.

Simulator based industrial training programs

demand the description of a variety of training

scenarios, adequate to different operator profiles and

experience levels, and which cover from simple

routine tasks to complex and rare situations. The

diversity of scenarios expands when considering the

skills and limitations of the operators involved, as

well as the peculiarities of different installations

such as it happens in electrical power systems

working environment, the focus of this research.

This application domain poses challenges due to the

widespread variety of training requirements resulting

from changes in the system, such as expansions and

modernization of the plants (power grid node), and

also due to a mandatory annual operator training

program aiming the recycling of knowledge and

skills.

In an electricity grid, one of the network system

components is the substation, in which operators act

in order to ensure the normal system behaviour by:

(i) detecting changes in its configuration;

(ii) correcting deviations by following operational

procedures. All those actions must be performed

within strict deadlines. During contingency

situations, subsequent to locating the fault, operators

must report to levels hierarchically above and act in

a coordinated approach to problem solving. In this

context, there is often information overload, and

time pressures which combined with task

complexity favour the human error. Strict

regulations demand that system faults as well as

human error should be reported to regulating boards

in order to support the investigation of likely causes.

To reduce the error incidence, periodical

certifications and training is mandatory in this

industry. Like in many other safety critical activities,

the training proceedings are supported by simulators

enabling the assimilation of operating procedures

without interacting and thus interfering with the real

system.

279

Torres Filho F., Costa Aguiar Y. and Queiroz Vieira M..

Ontology based Modelling of Operator Training Simulator Scenarios from Human Error Reports.

DOI: 10.5220/0005543502790288

In Proceedings of the 5th International Conference on Simulation and Modeling Methodologies, Technologies and Applications (SIMULTECH-2015),

pages 279-288

ISBN: 978-989-758-120-5

 2015 SCITEPRESS (Science and Technology Publications, Lda.)

Typically, a multidisciplinary team of

professionals is required to elaborate a simulator

training scenario. Another requirement is an

infrastructure for sharing knowledge and

information between the team members. This

multidisciplinary approach often poses challenges.

In order to represent the working environment in

a simulator it is necessary to model all the plant’s

equipment behaviour and to provide their initial

statuses. Further to this it is also necessary to

program the sequence of events, which must occur

during simulation (e.g. triggering an alarm); and to

prescribe the tasks that must be performed by the

operator under training. Therefore, the effort in

creating a training scenario is a function of the

number of objects, events and tasks to be

represented in the simulating environment.

In order to minimize the effort required for the

development of simulated training scenarios, and

considering that training scenarios must represent

real situations, the authors consider that human error

reports are important source of information which

can help to mitigate the error. Creating training

scenario from error reports imply in replicating the

system configuration and resources employed to

perform the tasks during the error event, bringing

more realism into the training.

In addition, to facilitating scenario creation,

scenario development based on ontology provides a

common language among stakeholders favouring

information sharing and reuse.

This paper proposes an approach to developing

training scenarios based on reports of human error

scenarios, during electric systems’ operation. It aims

to simplify the scenario building process as well as

to bring more realism into training scenarios to

prevent the occurrence of similar errors.

2 RELATED WORK

The ontological approach to industrial plants’

modeling and process simulation is a reality in

different contexts.

Many authors have demonstrated the application

of ontologies for the Modeling and Simulation field

- M and S, which allows the definition of a

conceptual model of explicitly and unambiguously

and can be processed by machines (Tolk et al, 2010),

(Lee and Zeigler, 2010) and (Ören, 2012). Some of

these systems using an ontological approach to the

modeling of industrial plants and process simulation

are briefly described below.

Long (2010) conducted a study on applying

simulation for emergency situations such as disaster

management and environment evacuation. He

concludes that ontology is adequate for a formal

representation of a disaster and that the correct

description of the disaster area is at the basis of

developing supporting tools and planning of

training, allowing for exploratory analysis in

emergency scenarios.

The Simantic platform, presented by Luukkainen

and Karhela (2008), for example, allows a user to

represent a plant or process from a 3D component

library available in the tool. Parisi et. al. (2007) also

proposes a methodology for automatic generation of

3D animations aimed at training and recycling of

industrial systems operators. On the other hand,

these works result in simulations which are not

interactive, but restricted to animation and

demonstration procedures. That is, the trainees do

not interact with the simulated environment.

Both these works result in animation and

demonstration procedures. There is no interaction

between operators under training and the simulated

system.

Rock et. al. (2013) propose a supporting

architecture for modeling simulations for training

firefighters. However, unlike the current work this

architecture does not rely on the reuse of

components and does not aim the design of training

scenarios for simulators already developed. Whereas

Gorecky et al. (2014) demonstrate the practical use

of ontologies in the development of a simulator

developed for training operators on the assembly

processes in the automotive industry.

Although the cited works make use of

ontological approaches to support simulation, none

of them deal with training operators for the electrical

sector. Moreover, these do not link error scenarios

with training scenarios.

Industrial systems are considered critical, when

subjected to material failure or human errors, may

cause incidents and accidents which in turn can lead

to: (i) total or partial system loss; or (ii) losses of

lives; or (iii) financial losses (Knight 2002). On the

other hand, the analysis of accidents and incidents is

essential to the study and prevention of the human

error. It allows identifying strategies to prevent the

error such as: adapting the human interface;

improving training programs or better adapting the

task to the work environment. Contextual factors

such as the work environment; personal traits such

as the operator profile, status and behavior, These

factors must integrate the knowledge acquired from

the analysis of the potential causes for errors.

SIMULTECH2015-5thInternationalConferenceonSimulationandModelingMethodologies,Technologiesand

Applications

280

Li and Wieringa (2000) conducted a study to

identify the elements that might affect operators’

perception of supervisory systems complexity. From

their study resulted that the perceived complexity

was related to: (i) objective factors such as the

complexity of the task; the process; the control

system and its user interface; (ii) personal factors

that include training; previous experience and

knowledge; creativity and personality; and (iii)

subjective complexity as perceived by the

individual.

In the domain of nuclear plants, Xiang, Xuhong

and Bingquan (2008) identified operator internal and

external factors relevant to the occurrence of the

human error. As internal factors the work identified:

incomplete or inadequate knowledge; lack of

attention; low level of commitment; anxiety; high

workload; and excessive self-confidence. As

external factors, these were identified:

organizational management; human-machine

interfaces; procedures and communication.

The study presented by Rothblum (et al 2002) in

the domain of maritime accidents, identified as

determinants for the human error: fatigue;

inadequate communication; inadequate knowledge

(technical, the task domain and information); faulty

automation design; non-compliance with standards;

policies and practices; inappropriate judgment of the

situation, maintenance failures and natural causes.

In contrast, this work turns to another domain

that of training electrical power systems operators

and presents the research that sought to identify

elements that are part of two domains: error scenario

and training scenario. The purpose being the reuse of

components when building a training scenario, thus

reducing conception effort, and attaining the goal of

training operators in situations which lead to the

human error and prevent the error from recurring.

The reuse of concepts described in an ontology

related to an error scenario reduces effort in the

development of training scenarios and minimize the

possibility of the occurrence of similar human

errors.

3 METODOLOGY

Accident reports analysis is adopted by several

authors in the error study such as ((Rasmussen et al

1981; Van Eekhout and Rouse 1981; Johnson and

Rouse 1982) apud Scherer, 2010; Bove and

Anderson 2000). These reports usually present in

details the technical aspects of the system; adopted

practices and operations; and also describe the state

of the system before and after the error.

The analysis of a set of human error reports is at

the basis of understanding the error occurrence, and

can support the specification of training scenarios.

These scenarios must be consistent with the

situations described in the reports, adopting similar

condition to those found when the error occurred.

The analysis process consists on extracting a set of

relevant information about the error in order to

define training scenarios.

This study was based on the analysis of accident

reports caused by human errors during the operation

of electrical power system. The study was performed

with the support from Companhia Hidro Elétrica do

São Francisco (CHESF), a state owed electric power

company in Brazil, engaged in generation and

transmission of electricity. The error study was

performed in two points in time. The first, conducted

by Guerrero et. al (2004; 2008) proposed a

methodological procedure to build a model of

human error based accident scenarios. The study

also produced a typology of accidents caused by the

human error. The typology was obtained from the

knowledge extraction from a corpus of accident

reports and incidents. This work builds upon the

those results on human error study in electrical

power systems (knowledge extraction, error

prevention strategies and error taxonomy). It begun

by expanding the error report analysis at CHESF,

including a set of 42 accident reports caused by

human error, which led to system shutdown)

between 2008 and 2013. The analysis of this new

corpus of study and the subsequent of knowledge

extraction, allowed for the specification of a set of

training scenarios.

The method employed during knowledge

acquisition was the Incident Scenario Conceptual

Model (MCCA) proposed by (Guerrero, 2004;

2008). This method consists of six major steps,

namely: (i) Definition of Corpus: proposal of

analysis criteria, sorting reports according to the

proposed criteria and applying filters to define the

corpus for analysis; (ii) Analysis and Classification

of Errors: analysing cases of accidents in order to

categorize the errors according to the classification

found in the literature; (iii) Knowledge Extraction:

extracting from each accident described in the

corpus, the elements that are relevant to the

representation of the accident scenario; (iv) Analysis

and knowledge abstraction: building a domain

ontology from the terminology employed in the

scenario description and classification; (v) Ontology

Validation: verifying, with the operator support, the

OntologybasedModellingofOperatorTrainingSimulatorScenariosfromHumanErrorReports

281

correctness and appropriateness of the terms

represented in the ontology; verifying completeness

and sufficiency of the model elements to represent

other accident scenarios; and, (vi) Building the

Scenarios typology: identifying; describing and

representing the main accident scenarios types that

occur in the domain.

During this research, in order to support the

analysis and classification of the human error

reports, using MCCA, it was adopted the Rasmussen

(1981) model. This model considers all phases of the

cognitive process followed by the operator, since

system's observation, to the action performed to

change the system state, when the error becomes

noticeable. The model also classifies the impact of

the error, in terms of its consequences and time for

recovery, and helps to identify the possible causes

for the error. The causes can be assigned to external

factors, such as lack of training or internal factors

such as fatigue or inattention. Multiple causes can be

assigned to the same error.

The knowledge was extracted from the corpus of

study and represented as Ontology, and the process

followed the steps proposed in the KOD method of

knowledge extraction (Vogel, 1988). The knowledge

extraction process was based on linguistic

engineering, which is adequate for the extraction of

knowledge from textual material represented in

natural language. It was employed a bottom-up

approach, allowing the MCCA model to be built

gradually. In the MCCA model building, the

designer is guided from the extraction of knowledge

phase into the computational model building. In

addition to formalizing knowledge, there is a

graphical representation of the model using ontology

building tools. The ontologies created are described

in Section 4.

For the purposes of validation, a case study was

performed during which a human error report from

the industry was used as the basis for the

instantiation of a training scenario, supported by the

created ontology, as shown in Section 5.

4 ERROR AND TRAINING

SCENARIO ONTOLOGIES

During this research, the ontologies developed were

conceived for the domain of electric power plant

automated system operation, aiming to support

scenario building for training simulators.

The resulting ontological model can be used to

support scenario modelling and building for a

variety of applications within this domain, such as

programming simulators, conceiving training

programs, developing management tools; supporting

operator performance evaluation during training;

amongst others. The ontological model facilitates the

interoperability and compatibility between

applications, independently of specific

implementations.

A set of eight ontologies was built to represent

this domain: Training, Resources, Scenario,

Training Scenario, Error_Scenario, 3D_Model,

Plant and HMI. Each of these ontologies is a subset

of the domain in which they were integrated, as

illustrated in Figure 1.

The concepts in the ontologies: 3D_Model; Plant

and HMI, were incorporated into the ontology

Scenario_Training. Furthermore, some concepts of

the ontology Scenario_Training were incorporated

into the ontology Training (Torres and Vieira,

2014).

Figure 1: Ontological representation for the semantic

description of the operator training domain.

The representation of the domain by these

ontologies is detailed in (Torres Filho and Vieira,

2014). This representation supports the process of

developing training scenarios for electric power

system substation operators, to be run in simulators.

This scenario building process is based on the

generation of software artefacts from a knowledge

base as illustrated in Figure 2.

The ontologies Training_Scenario and

Error_Scenario extend the Scenario ontology to

accommodate, respectively, concepts common to a

training situation and to a human error situation in

electric power plant operations.

During this research, the knowledge

representation model building phase led into

identifying common elements between an error

scenario and a training scenario, thus allowing the

reuse of error scenario elements in the composition

of one or more training scenarios. This strategy has

proved advantageous since the training objective is

to prevent the reoccurrence of previously reported

human errors and thus reducing the effort when

modelling the training scenario.

SIMULTECH2015-5thInternationalConferenceonSimulationandModelingMethodologies,Technologiesand

Applications

282

Figure 2: Scenario Ontology.

The ontologies were developed in the OWL-DL

language, with the support of the Protégé editor.

4.1 Scenario Ontology

The scenario ontology consists of concepts that

describe more general aspects of a training scenario

which are also required when representing a human

error scenario during system operation. More

specific concepts of the training scenario are defined

in the ontology Training Scenario, whereas specific

concepts of error scenario are defined in the

ontology Error scenario. Both ontologies: Error

Scenario and Training Scenario are subclasses of the

ontology Scenario. Figure 3 illustrates part of the

Scenario ontology.

A scenario has the description attributes shown

in Table 1. According to this descriptor structure, a

scenario is composed of: a general description and

the plant configuration status. The general

description encompasses data such as: scenario

identification (title, reference installation and

scenario description); objectives; tasks description;

supporting documents, scenario duration and

participants’ roles.

The scenario description consists of a title, the

reference substation and the description of the initial

and final statuses of the electricity plant. The

objectives can be general and specific.

The prescribed scenario specifies the set of

actions and the sequence, which must be followed

by the operator in order to achieve the intended level

of performance. This information is based on the

company’s formal operational procedures.

Figure 3: Ontological approach to building scenarios for

training simulators.

The postscript corresponds to the list of actions

actually performed by the operator during training or

reported as an error. In the case of training, a logfile

with a historical content is usually recorded by the

simulator software, and can be used to evaluate the

operator’s performance during the training.

An action is represented by the tuple <action

index, actor, actem, time_stamp>; where an actem is

represented by the following set of attributes

<Equipment, initial state, final state>. The concept

of an actem was adopted from the method KOD

(Vogel, 1988), which was adopted for knowledge

extraction in previous work in order to describe error

scenarios. The actems employed in the scenario

action description were extracted by Guerrero et. al.

(2008), from a set of error reports registered by the

electricity company.

OntologybasedModellingofOperatorTrainingSimulatorScenariosfromHumanErrorReports

283

The electricity plant configuration is described

as: a list of triggered protection devices; signalling

issued; circuit breakers and their respective statuses

(open, closed, blocked or unblocked); and the plant

identification which has an associated ontology with

complementary information. In the case of

representing scenarios for a 3D simulator, each of

these components references a 3D model in the 3D

simulator. This consists on an ontology-driven

process to support scenario representation in a 3D

operator training simulator, as described in (Torres

Filho and Vieira, 2014).

Table 1: Scenario Descriptor.

Scenario

Scenario title

Reference installation

Scenario

description

Plant’s initial state

Plant’s final state

Objective

General objective

Specific objectives

Task

Task description

Task type

Level of difficulty

Urgency of action

Problem frequency

Prescribed

Proscribed

Supporting Documents

Scenario duration

Participants’ roles (operator, engineer, ...)

Plant

Configuration

Relative configuration

Configuration type

Circuit Breakers open and not

blocked.

Circuit Breakers open and

blocked.

Activated protections

Activated signs

4.2 Error Scenario Ontology

The Error Scenario ontology was conceived to

describe accident scenarios caused by human error

during the operation of automated electric power

systems. The terms and relationships present in this

ontology were extracted from the corpus of study,

previously mentioned.

In the class diagram, illustrated in Figure 4, it is

shown part of this ontology’s concepts and

relationships.

As previously mentioned, the model proposed by

Rasmussen for human error categorization was

adopted as the basis for this ontology, represented in

Figure 4. It follows a brief explanation of the error

categories and subcategories proposed in this model.

 Observation of the system state: excessive;

falsely interpreted; incorrect; incomplete;

inappropriate; absent; unnecessary; correct...

 Choice of hypothesis: inconsistent with the

observation; consistent but unlike; consistent

but too costly; functionally not pertinent,

absent; consistent but insufficient,

unnecessary; correct;.

 Evaluation of a hypothesis: incomplete;

acceptance of an incorrect hypothesis;

rejection of a correct hypothesis; absent;

unnecessary; correct;

 Definition of objectives: incomplete, incorrect,

superfluous, absent, not necessary, correct;

 Choice of procedure (task): incomplete;

incorrect; superfluous; absent; unnecessary;

correct;

 Execution: omitted action (omission); repeated

action (repeat); adding an operation (addition);

operating out of sequence (sequence);

intervention in inappropriate time; incorrect

operation; incomplete task; unrelated or

inappropriate action; correct action on the

wrong object; incorrect action on the correct

object; unintentional execution;

 Recovery: very late; late; immediate;

 Consequences: no load interruption; load

interruption; equipment overload; equipment

loss or damage; personal injury;

 Causes: inattention (overconfidence;

negligence; simplicity of task); stress (time;

urgency; workload); personal problems;

inexperience; incompetence; distracters

(phone; people, etc.); lack of concentration;

haste; confusion; pressure; anxiety;

improvisation; overconfidence; lack of skills;

fatigue.

An error can be classified in multiple categories,

due to cascading effects. For example, an inadequate

observation of the system state can lead the operator

into choosing a hypothesis consistent with the

observation, but insufficient to solve the problem.

All those classes are related in the model.

Another consideration is that more than one

classification may be assigned to the same category.

For example, an error may be the result of anxiety

associated with fatigue and poor training.

SIMULTECH2015-5thInternationalConferenceonSimulationandModelingMethodologies,Technologiesand

Applications

284

Figure 4: Error Scenario Ontology.

4.3 Training Scenario Ontology

The attributes and relationships of the training

scenario class are inherited from the Scenario class

(Table 1), except for prerequisites and scheduled

events. The prerequisites specify the necessary

conditions to run the training scenario. And the

scheduled events are occurrences in the electrical

power system, specified to occur during simulation.

For instance: opening or closing of a circuit breaker;

blocking device; and load changes.

Different simulators run specific sets of

scheduled events. In general, these events have

attributes such as defined in Table 2.

The trigger type determines whether the

scheduled event is temporal or conditional, as

follows:

 Timed Trigger - events must occur on the

specified time:

o Trigger with absolute time - the time set for

the event trigger is relative to the

simulator clock.

o Trigger with relative time - the time set for

the event trigger is relative to the time of

the simulation start. For instance, an event

can be triggered to occur within five

minutes from the start of the simulation or

at a specific time such as 16h45min.

Table 2: Elements of a scheduled event.

Scheduled Event

Node: Identification of the substation where the

event should occur;

Device or equipment targeted for action:

Identification of device or equipment associated

to the event;

Trigger Type: Trigger type identification

associated with the scheduled event;

Value: Attribute which carries the value

magnitude

 Conditional Trigger - An event is triggered

when the condition becomes true. The event

may occur just once, or whenever the

condition becomes true. The conditional

trigger can be set by: measurements in the

plant; values; results of logical operations

(AND, OR, NOT, XOR, NAND, NOR) or

comparisons (greater than; less than; equal to;

different) or mathematical operations

(addition, subtraction, multiplication, division)

OntologybasedModellingofOperatorTrainingSimulatorScenariosfromHumanErrorReports

285

5 REAL TRAINING SCENARIO

A case study was developed to build a training

scenario from an error scenario, for a substation

belonging to the company CHESF (2015). This

scenario was developed to be used in a real training

activity. The objective of this case study was to

validate both the Error Scenario Ontology and

Training Scenario Ontology, from the points of

view: correctness and appropriateness of the terms

adopted and the completeness of the model

elements.

The human error scenario description found in

the report follows.

The event consisted of a partial shutdown of the

substation as a result of the emergency over_current

protection action applied to the transmission line LT

04F5; resulting in over_current voltage-restrain on

the 69 kV side of transformers: 04T1, 04T2, 04T3,

04T4 and switch 86 for 04T3 transformer. Before

the partial shutdown, the substation was on its

typical configuration, with all 230 kV circuit

breakers closed (except 14D1) and all 69 kV circuit

breakers closed (except 12D1).

On the other hand, after the event occurred, the

configuration of the substation was described in the

report as being the following: circuit breaks 14T3 e

12T3 were open and blocked ; circuit breaks 14T3

and 12T3 were also opened and blocked; circuit

breakers 12H4, 12J3, 12T1, 12T2, 12T4 and 12T5

were open but not blocked; and all circuit breakers

of 230 kV were opened and not blocked except for

14T3 and 14F5. The report concluded that the line

protection LT 02J4 FTZ / DMG failed after the fall

of a cable.

The plant operator was expected to perform the

following task sequence:

 Report the incident to the operation centre;

 Perform an inspection in the substation plant;

 Prepare the substation for re-energizing;

 Reenergize the substation;

 Inform the operation centre.

The substation re-energizing task, after a partial

shutdown, is classed as complex; performed in

emergency and rare. In addition, the power

companies provide operating standards for cases of

total shutdown of the substation, setting the exact

sequence of actions that must be performed by the

operator. On the other hand, in a partial shutdown,

the operator uses the same operating standard as a

reference, but should only perform a subset of

actions required in this particular case.

From diagnosis contained in the error report, the

operator did not correctly identify the substation

configuration after the event, misinterpreting the

correct sequence of actions to apply. In preparation

for re-energizing the substation, the operator

performed an improper action opening of the 14F4

breaker. Thus, the transmission line LT 04F4 and the

bus 04B1 were de-energized. The action of the

operator would be valid only in a situation of general

shutdown of the substation which was not the case..

According to the error model, this error was

characterized as follows:

 Runtime error: adding an extra action;

 Error during the decision process: acceptance

of a wrong hypothesis and choice of wrong

proceeding;

 Causes: Confusion, Inability, Lack of

information and Non-compliance with

operational standards;

 Recovery time: late

 Consequences: load interruption.

The error scenario described was instantiated in

the knowledge base using Protégé (2015). Based on

the scenario instance, a training scenario was built.

The entire error scenario descriptor (Table 1) was

reused as the training scenario description. In

addition, the prerequisites and scheduled events

were also reused. Figure 5 illustrates the developing

process of the artefacts to represent training scenario

for the simulator used by CHESF - Simulop.

Simulop is a 2D operator training simulator,

built from the integration of the electric power

system supervisory and control software - SAGE

with a real time Operator Training System (OTS)

developed and distributed by EPRI (2014). Simulop

is the simulator widely used by electricity and utility

companies in Brazil, for operator training and

certifying purposes (Silva et. al., 1998).

As a result of the case study two artefacts were

generated from the knowledge base: a script file for

the training scenario in a format which can be

interpreted by the simulator and a document file

with the scenario descriptor.

Figure 5: Process flow for building training scenarios for

Simulop.

SIMULTECH2015-5thInternationalConferenceonSimulationandModelingMethodologies,Technologiesand

Applications

286

The descriptor follows the CHESF company

template where the planned scenario is detailed. It

covers the following information, which is organized

in sections:

 Objectives

o General objective

o Specific Objectives

 Installation Configuration

 Event description

 Event duration

 Circuit Breakers (Open and Blocked)

 Circuit Breakers (Open and Unlocked)

 Signalling

 Main protection triggered

 Preparation Script

 Execution script

The scenario descriptor is generated in the .docx

format, using the iText API (2015), and the scenario

description stored in the knowledge base is accessed

using the Jena API (2015).

The scenario script is a text file in ASCII format

used to configure the system before a scenario

simulation. This file caries the definitions of: event

groups; events and instances of the plant variables’

values.

A group with two events was implemented to

simulate the scenario described above, consisting of

a conditional event and a temporal event.

The timed event was planned to be triggered

three seconds after the start of the simulation,

causing the opening and blocking of the circuit

breakers mentioned in the human error report;

therefore simulating the reported fault which caused

the error.

The conditional event was programmed to be

triggered only if the circuit breaker 12J4 is closed

during simulation and if there is a voltage level on

the bus 02BP above zero. This triggering condition

is illustrated in Figure 6. Therefore, the conditional

event is only triggered when the condition shown in

Figure 6 is satisfied.

Figure 6: Trigger for a conditional event.

This training scenario was incorporated into a

database containing training scenarios and made

available to the tutors in charge of elaborating

scenarios for the company simulator.

From the case study it was possible to verify the

correspondence between the concepts represented in

the human errors scenarios and the training scenarios

in the ontologies. Moreover, the effort to prepare the

training scenario was comparatively much lower

than without the ontology support and the

knowledge base on human errors made available.

Therefore it can be said that the adopted approach

was successful from its application in the

preparation of a real training scenario for the

industry.

6 CONCLUSIONS AND FUTURE

WORK

During the process of knowledge extraction it was

identified common elements between training

scenarios and accident scenarios caused by human

error. Thus, when describing an error scenario based

on the proposed strategy, the knowledge information

becomes reusable and available for the composition

of training scenarios, thereby reducing the efforts

during scenario construction - one of the main

objectives of this work. Moreover, training operators

in error situations occurring reduces the possibility

of its recurrence.

From the instructional point of view, this is an

advantageous strategy because the objective is to

prevent the recurrence of errors and decreases the

effort of tutors in conceiving the training scenario.

During the design phase, the teams in charge of

training programs resort to their personal experience

as well as in their personal knowledge of the

incident and accident history in the company, as a

source of inspiration. Training operators in human

error situations aims to prevent error recurring. As it

was discussed in this paper, the proposed approach

for creating scenarios is supported on the fact that

key knowledge elements are part of the two

domains: error scenario and training scenario. Thus,

elements used to describe error scenarios can be

reused to compose a training scenario, reducing

building efforts.

This ontology based approach to knowledge

representation simplified the integration of

knowledge from different sources, such as error

reports, task scripts and simulator scenarios. It also

enabled the reuse of scenario components and the

OntologybasedModellingofOperatorTrainingSimulatorScenariosfromHumanErrorReports

287

automatic generation of scenarios for simulators.

From the human-error reports analysis and using a

typology of errors associated to the electric power

system operation, the error scenarios were grouped

according to: causes; consequences; frequency; task

(difficulty; priority); devices and other relevant

attributes. This classification allowed selecting the

error scenarios more relevant to be used as a basis

for training.

As future work it is proposed to develop tools to

support the editing of training scenarios extracted

from the error scenarios. And as further step, to

develop tools to support the automatic generation of

training scenarios from the analysis of error reports.

REFERENCES

Bove, T., Andersen, V., 2000. A feasibility study of the

use of incidents and accidents reports to evaluate

effects of team resource management in air traffic

control, Safety Science, Vol. 35 pp.87-94.

CHESF, 2015. Companhia Hidro Elétrica do São

Francisco. Available at: http://www.chesf.gov.br.

EPRI, 2014. Electric Power Research Institute. Available

at: http://www.epri.com/Pages/Default.aspx.

Gorecky, D.; Loskyll, M.; Stahl, C.; 2014. Semantic

Digital Factory – Using Engineering Knowledge to

Create Ontologies for Virtual Training The 19th

World Congress of the International Federation of

Automatic Control, IFAC.

Guerrero, C. V. S.; Turnell, M. F. Q. V.; Mercantini, J.;

Santoni, C., 2008. A Process for Human Centered

Modelling of Incident Scenarios. Lecture Notes in

Computer Science, v. 5298, p. 439-458, 2008.

Guerrero, C.V.S. ; Vieira, M. F. Q. ; Mercantini, J. M.;

Santoni, C., 2008. A process for Human Centered

Modelling of Incident Scenarios. In: Andreas

Holzinger (ed.) USAB 2008, LNCS, vol. 5298, pp.

439-458, Springer, Heidelberg.

iText API, 2015. Available at: http://itextpdf.com/api.

JENA API, 2015. – Jena2 ontology API.

http://jena.sourceforge.net/ontology/index.html.

Johnson, W. B.; Rouse, W. B., 1982. Analysis and

classification of human errors in troubleshooting live

aircraft power plants. IEEE Transactions on Systems,

Man, and Cybernetics, Vol 12(3).

Lee, H. and Zeigler, B. P. (2010). SES-based ontological

process for high level information fusion. In

Proceedings of the 2010 Spring Simulation

Multiconference (SpringSim '10). Society for

Computer Simulation International, San Diego, USA.

Li, K., Wieringa, P. A., 2000. Understanding perceived

complexity in human supervisory control,” in

Cognition, Technol. Work, 2000, vol. 2, pp. 75–88.

Longo, F; 2010. Emergency simulation: state of art and

future research guidelines. SCS MandS Magazine,

n°2, April 2010.

Ören, T.I. (2012). The Richness of Modeling and

Simulation and its Body of Knowledge. Proceedings

of SIMULTECH 2012, 2nd International Conference

on Simulation and Modeling Methodologies,

Technologies and Applications. Rome, Italy, July 28-

31, 2012.

Parisi, S.; Bauch, J.; Berssenbr, J.; Radkowski, R., 2007.

Ontology-driven Generation of 3D Animations for

Training and Maintenance. International Conference

on Multimedia and Ubiquitous Engineering. Mue,

pp.608-614.

Protégé, 2015. The Protégé Ontology Editor and

Knowledge Acquisition System. Available at:

http://protege.stanford.edu/.

Rasmussen, J., Pedersen, O.M., Mancini, G., Carnino, A.,

Griffon, M., Gagnolet, P., 1981. Classification system

for reporting events involving human malfunctions. In:

Relatório RISO-M-2240. RISO National Laboratory.

Dinamarca.

Rocha, R. V. ; Araujo, Regina B., 2013 . Metodologia de

Design de Jogos Sérios para Treinamento: Ciclo de

vida de criação, desenvolvimento e produção. In:

SBGAMES, 2013, Sao Paulo. Proceedings do XII

Simpósio Brasileiro de Jogos e Entretenimento Digital

- Trilha de Arte and Design, v. 12. p. 63-72.

Rothblum A.M., Wheal D., Withington S., Shappell S.A.,

Wiegmann D.A., Boehm W., Chaderjian M., 2002.

Human Factors in Incident Investigation and Analysis.

Proceedings of the 2nd International Workshop on

Human Factors in Offshore Operations (HFW200),

held April 8-10, 2002, in Houston, TX.

Silva, A. J., Oliveira F., A., Pereira, L., Lima, L., Lambert,

N., Amorim, Azevedo, M. F., G., 1998. SAGE:

Architecture for Power System Competitive

Environments, VI SEPOPE.

Tolk, A., J. J. Padilla and C. D. Turnitsa (2010).

Conceptual Modeling for Composition of Model-

based Complex Systems. In Proceedings of the 2010

Winter Simulation Conference, ed. B. Johansson, S.

Jain, J. Montoya-Torres, J. Hugan, and E. Yücesan.

IEEE 2010.

Torres Filho, F.; Vieira, M. F. Q., 2014. An Ontology-

Driven Framework to Support Scenario

Representation in a 3D Operator Training Simulator

In: 4th International Conference on Simulation and

Modeling Methodologies, Technologies and

Applications (SIMULTECH 2014).

Vogel, C. 1988. Le génie cognitif. Masson.

Van Eekhout, J. M., and W. B. Rouse, 1981. Human

Errors in Detection, Diagnosis, and Compensations for

Failures in the Engine Control Room of a Supertanker.

IEEE Transactions on System, Man, and Cybernetics,

12 ed., pp. 813-816.

Xiang, F., Xuhong, H., Bingquan, Z. 2008. Research of

psychological characteristics and performance

relativity of operators. Reliability Engineering and

System Safety, Volume 93, Issue 8, Pages 1244-1249.

SIMULTECH2015-5thInternationalConferenceonSimulationandModelingMethodologies,Technologiesand

Applications

288