Designing for Human Error

Preventing catastrophes in mission critical situations



Designing for Human Error

In 2013, aviation industries around the world witnessed 138 accidents, 37% of which were caused by human error. Investigations concluded that a large number of these accidents could have been prevented if protocols for those emergencies had been followed.

As an aspiring pilot myself, I have always been fascinated by the complexity of the cockpit interface and how pilots manage to work in such high stress environments despite factors such as jet lag, cognitive load and the responsibility of hundreds of lives at a time.

Although the chance of being in a fatal aviation accident is 1 in 3.4 million, the tendency to deviate from protocols due to high stress has been seen countless times across a range of mission critical situations, like those encountered by firefighters, pilots and EMTs, often compromising the mission in question. Human reactions under such stressful circumstances are sometimes physiological, biological defense mechanisms of the human body and can't always be controlled.

I spent this summer studying work flows and case studies of commercial pilots, firefighters and paramedics. My research has helped me identify behaviour commonalities across such organisations which I believe lay the groundwork to draft research insights that could power design thinking when similar environments are built in the future.

For my thesis project, I'm exploring opportunities for technology to help prevent users from succumbing to panic, and if they do, then to support them, help them recover, maintain situational awareness and follow protocol. 

The three main areas I'm focussing on are

  • Human Behaviour
  • Following Protocol
  • Situational Awareness


Human Behaviour

This fall I interviewed 28 people, including psychologists, to understand human behaviour under stressful circumstances better. I learned about the human mind in detail and listened to various stories about complicated pregnancies, theft, terrorism, being overwhelmed by work load at the office, accidents while playing sports outdoors, household fires and other such situations.

The narrations of these experiences helped me draw a few insights on why people react the way they do under stress and what their thought process is like. My research also helped me identify factors which influence their behaviour in such circumstances. Factors include: childhood experiences, the tone of voice of the people around them in the situation, instructions from an expert, work experience/ experience of being in that situation before, peer pressure, the presence of loved ones, physicological reactions and many more.

A exploration of mine lies in the healthcare industry where checklists are used to help professionals deal with the increasing complexity of their responsibilities. Doctors need to ensure they follow correct procedures while treating a patient and the WHO surgical checklist was designed for just that.

WHO Surgical Checklist

WHO Surgical Checklist

Although the checklist has improved healthcare performances to a great extent, it sometimes overwhelms doctors in situations where constantly checking off tasks becomes more of an inconvenience than help. Additionally, some doctors find that the list questions their capabilities and refrain from using it.

Using Javascript, jQuery and Html5, I programmed a checklist which recognises speech and dictates tasks to users in a timely manner. Currently I’m iterating the checklist to understand readings from the galvanic sensor that I made to adjust it’s tone of voice depending on whether the user is not performing his best due to complacency or nervousness.

Measuring moisture in a users palms using my galvanic sensor and Processing 

Measuring moisture in a users palms using my galvanic sensor and Processing 


Following Protocol

Documentary: Flight 447 Chaos in the Cockpit

Air France Flight 447

In June 2009 Air France Flight 447 passed through a thunderstorm as it headed towards its destination. Moisture in the atmosphere along with a sudden drop in air temperature caused the aircraft’s pitot tubes (instruments that measure the speed of the aircraft) to freeze. The aircraft’s computers, unable to get a reading thought that the plane was suddenly standing still at 36,000 feet and issued a stall warning.

When an aircraft stalls auto-pilot mode is turned off automatically and control of the aircraft is handed back to the pilots. Up until this point the problem was only minor equipment failure and was completely recoverable but what followed was a series of human errors which eventually led to the crash.

A protocol has to be followed during a stall which involves maintaining 85 degrees of thrust and keeping the nose of the aircraft about 5 degrees above the horizon- neither of which were done by the pilots on Flight 447 that night. Instead, one of the co-pilots panicked and pulled back hard on the yoke causing the aircraft to exceed 38,000 feet which is where the air gets very thin. The aircraft lost lift and started to descend downwards towards to sea, belly first.

The captain who was on a rest break returned to the cockpit to find his colleagues in a state of complete panic and confusion, unable to identify the problem. Furthermore the cockpit of that particular airbus model was designed in such a way that the pilots didn’t have visibility of the other’s controls. The human error was only recognized seconds too late and the plane crashed.


How can we as designers enable users to maintain situational awareness and follow protocols without succumbing to panic?

Tunnel vision, a form of panic attack and possible cause of the co-pilot’s mistake, is a tendency to focus on a single point of view or action without being completely aware of surroundings. It is a defense mechanism of the human body under stress during which the blood leaves the head to more critical parts of the body resulting in loss of peripheral vision and hearing, sometimes even diminishing awareness of physical actions.

One example of my design concepts explores the possibility of aircraft computers recognising system warnings and guiding pilots via visual and tactile feedback in case they deviated from protocol due to reasons such as tunnel vision. Glance time can be reduced by only highlighting those flight elements essential to safely landing the aircraft. Along with vibrating motors embedded into cockpit instruments such as the yoke, I also plan to experiment with more sensors such as galvanic sensors-which I have built myself.

Note: My design explorations are aimed at integrating with the existing interfaces and procedures. 


Situational Awareness

Enhancing situational awareness for fire officers with better tools to manage incidents




As firefighters enter burning structures to save lives, incident commanders work behind the scenes to ensure their safety and successfully resolve incidents. Fires are very unpredictable, and therefore incidents- chaotic. In these time sensitive and life threatening environments Commanders rely on inadequate tools to manage incidents.

Currently, radios are used to ensure team coordination while tactical worksheets enable commanders to document important information such as situational assessments and resource allocations. Documenting information precisely is crucial as the worksheets are later referenced to support decision making.

However, with this system, Commanders find their attention torn between managing incidents, listening to radio communications and updating their worksheets. Overwhelmed by simultaneously juggling these tasks, they’re often required to make quick decisions by referencing illegible notes and inadequate information.

Insight is a platform designed to overcome these challenges. Sensors worn by firefighters track their location, health status and performed activities. A dashboard interface alerts the Commander when challenges arise. The interface also provides information to support and expedite decision making. With InSight, Commanders are empowered to focus more on management and less on their tools.


Automatic documentation

Decisions made by the Commander within the first few minutes of arrival are the most critical. They can mean the difference between a contained emergency or an escalating crisis. However, at this key time Commanders have to pay attention to:

  • Establishing command

  • Conducting a ‘size up’

  • Completing the initial radio report

  • Determining an incident action plan

  • Updating tactical worksheets

During the incident, commanders note important events and set protocol reminders for themselves. While this may help with later recall, in the moment it adds to cognitive load and distracts from observation of the operation itself.

InSight assists commanders by populating content on their behalf. commanders access a dashboard interface for information they would otherwise be noting down. When input is required, reports can be verbally recorded. Speech is converted to text that Commanders can later edit.

With InSight, more time is spent assessing the situation and less on documentation.

Contextual Information

Conditions sometimes deteriorate rapidly, depriving firefighters of the chance to radio in problems. While a PASS alarm (Personal Alert Safety System) does go off in such an event, the chances of it being heard over the sounds from structures collapsing, onlookers shouting or radio communications may be compromised.

InSight tracks the location, health status and activities of the crew fighting the fire. When needed, commanders can access floor plans of the building and monitor officers failing to respond to radio communications.  Moreover, the dashboard only alerts the Commander when his attention is required, empowering him to manage incidents better.

Team Collaboration

As the scale of an incident increases, the number of Firefighters required increases. When multiple officers operate during such events, one tactical worksheet doesn’t facilitate collaboration. Company Officers, as they’re called in such situations, therefore work separately, leaving Commanders with the additional task of gathering information from various sources and later consolidating it to file the final report.

InSight allows multiple accounts to access the same incident. It records information from all these sources and populates content for the final report on the Commander’s behalf. At the end, the report can be reviewed, edited if necessary and signed off.