Maj Castilho, Brazilian Test Pilot, more than 30 different aircraft flown. Courses in Air Defense, Electronic Warfare and Safety. MBA in Public Administration. MsC in production engineering (ITA) with dissertation about the application of STPA on a hazard analysis of light aircraft crosswind takeoff. Currently in AeroAstro PhD program.
David Craig Horney
2nd Lt David , United States Air Force. B.S. Aeronautical Engineering from United States Air Force Academy (2015). He conducted a pre-concept safety analysis for the Future Vertical Lift Initiative for the United States Army helping to design the system around safety. He pursued a Master’s of Science in Aeronautics and Astronautics and graduated in December of 2016.
Andrea Scarinci received a double Master’s degree in Aerospace Engineering from the Polytechnic of Turin (Italy) and the Insititut Supérieur de l’Aéronautique et de l’Espace of Toulouse (France) in 2013. He then worked for two years as a consultant for AIRBUS civil aircrafts in the field of propulsion control (Airbus A330 and A340 aircraft). He worked as a Research Assistant in Systems Safety Assessment Methods under the supervision of Professor Nancy Leveson. His research projects included STAMP/STPA applications to aircraft systems and CAST analysis for accident investigation.
Megan Elizabeth France
Meg was a Masters student in the Department of Aeronautics & Astronautics at MIT. She received her B.S. in Human Factors Engineering from Tufts University in May 2015, and has spent three years working at the US DOT Volpe Center as an intern in the Surface Transportation Human Factors division. Her primary interests are human systems integration, automation, and safety culture in the transportation domain. At MIT, her research focused on using Systems-Theoretic Process Analysis (STPA) to examine human factors issues in automated parking assistance systems.
John Michel Mackovjak
John Mackovjak is a Technology and Policy Program graduate student and Lincoln Laboratory Military Fellow who worked in the Autonomous Systems Laboratory, and the Integrated Systems and Concepts group. Upon graduation John traveled to Pensacola, Florida to start flight training and begin his career as a Navy Pilot.
Yusuke was a visiting scientist at MIT. He is an engineer of Central Japan Railway Company, which operates a high-speed rail service in Japan (the Shinkansen bullet train). Mr. Kaizuka received his master’s degree in control engineering from University of Tokyo in 2010.
Sarah Ann Folse
2nd Lt Sarah Folse is a Developmental Engineer for the US Air Force. Received a BS in Aeronautical Engineering and Mathematics from the United States Air Force Academy in 2015. She received a SM in Aerospace Engineering at MIT while working in PSAS. Her research work used STPA to recommend flight test procedures for small unmanned aerial systems.
Lorena is a Masters student in the System Design and Management (SDM) program at MIT. In her research, Lorena studied applying CAST and STPA for developing a cross-disciplinary, scenario-based approach to reducing risk in offshore Oil & Gas operations. Before coming to MIT, Lorena worked for several years as a Safety and Environmental consultant in the Oil & Gas industry. Lorena holds a MSc in Industrial Engineering from Universitat Politecnica de Catalunya (Spain), a MSc in Safety, Risk and Reliability Engineering from Heriot-Watt University (UK) and a Postgraduate Certificate in Safety-critical Systems Engineering from University of York (UK). Further, Lorena’s research interests include Risk Management and Leading Indicators, Safety-critical Project Management, Sustainability, and the relation between Safety and Productivity.
Daisuke Uesako received a Master’s Degree in Engineering from the University of Tokyo (Japan) in 2007. He has been working for the Government of Japan, mainly in the fields of environmental policy such as waste management and recycling, environmental impact assessment, and water supply, as well as in the Abandoned Chemical Weapon Projects in China. He received a Master’s Degree in Engineering and Management at MIT System Design & Management, with dissertation about the application of STAMP to Fukushima Daiichi nuclear disaster in 2011 and the safety of nuclear power plants in Japan.
Yusuke Urano received a master’s degree in Technology and Policy at MIT. His research interest is in assuring safety of unmanned aircraft systems after integration into the national airspace. His research interest came from his experience of attending the international standard making conference of remotely piloted aircraft system during his summer internship at International CIvil Aviation Organization (ICAO). Urano also has a working experience as a regulator after entering the Japanese civil aviation authority in 2010. Urano received a B.E. in Aeronautics and Astronautics in the University of Tokyo in 2010.
Shinichi works for Canon Inc. His role at Canon is to lead and manage the development of systems or software used in Canon’s products. His previous position at Canon was a team leader of a project management team for embedded software concerning medical displays. He received his B.Engineering in medical engineering and M.Science in genetic engineering from Keio University. His research interests was the system safety of medical equipment. He has paid careful attention to requirement specifications to make the systems safe and reliable. During his stay at MIT, he learned skills that benefit both Canon and himself the most, which are the skills required to develop safe and reliable systems for medical equipment.
Ryo Ujiie is an engineer of Japan Aerospace Exploration Agency (JAXA). He was engaged in software IV&V and related research from 2009 to 2013, Software Architecture research from 2013 to 2015, and Model Based Engineering research from 2013 to 2015 in JAXA. He also worked on STPA application to Japanese aerospace systems from 2011 to 2015. He received a B.S. and an M.S. in geophysics from Tohoku University. He was received a Master’s of Science in System Design and Management and plans to graduate in August of 2016.
Kip is a MIT Lincoln Laboratory Military Fellow. He pursued a PhD in the Department of Aeronautics & Astronautics at MIT. His research was looking at how to engineer and analyze safe and secure integration of Unmanned Aerial Systems into manned flight operations. He focused is developing System Theoretic Process Analysis for Safety Driven Design of human-automation ontologies that will enable safe and secure National Airspace System integration. Kip holds a BS in Aero from the US Air Force Academy, an MS in Aero/Astro from MIT, and an MS in Flight Test Engineering from the US Air Force Test Pilot School. He is an experimental test pilot, having flown over 25 different aircraft.
Carlos Henrique Netto Lahoz
Dr Lahoz is a System and Software Engineer at Instituto de Aeronautica e Espaco (IAE) – the Brazilian institute responsible for developing sounding rockets and launchers. His Doctorate was in software dependability in Sao Paulo University POLI-USP, and is a invited professor in Space Sciences Post-graduation course at PG-CTE-ITA/Brazil. He is the Project Leader of ISO 18676: Space systems – Guidelines for the management of systems engineering. Post-doc fellow (2015-2016) in Aeroastro Dept at MIT, where his studies were focused in STAMP/STPA. He was sponsored by IAE and by Ciencias sem Fronteiras CsF/CNPq (Science without Borders Program/ National Council for Scientific and Technological Development) in Brazil. Also, in 2015 he received a complementary grant from Instituto Lemann/Brazil.
Blake Abrecht graduated from the United States Air Force Academy in May 2014. His first operational assignment after receiving his commission in the Air Force was to pursue a masters of science degree at MIT in the Engineering Systems Division and now is attending pilot trainning in the U.S. Air Force. Blake completed his masters program in 2016. Blake loves being outdoors, hiking, and playing all types of sports.
Stephanie Alvarez received a double degree in Biomedical Engineering and Industrial Engineering from the Escuela de Ingenieria de Antioquia (Colombia) and the Arts et Métiers ParisTech (France) in 2014. She also received her Master’s degree on Biomechanics from the Arts et Métiers ParisTech in 2014. She is pursuing a PhD in the Center for Research on Risks and Crises at Mines ParisTech, working in collaboration with Renault SAS. Her research focuses on the application of STAMP/STPA to a road safety system with vehicles at different levels of automation.
Bill received his PhD in the Engineering Systems Division at MIT in 2015. His research focuses on applying system-theoretic approaches to improve operational design and mission assurance in cyberspace. He is applying STAMP/STPA in the security domain as a means to facilitate more effective discourse between operations strategists and cyber security experts.
Bill was commissioned in 1991 after graduating from the United States Air Force Academy with a degree in Engineering Science. He is also a graduate of the US Air Force Weapons School, USAF School of Advanced Air & Space Studies (SAASS), and the Air War College’s Grand Strategy Program. Bill has interned with NASA, the Office of the Secretary of Defense, and the Air Force CHECKMATE strategy division at the Pentagon. He is a former Dana Meadows Leadership Fellow with the Sustainability Institute and has more than 2,400 flying hours in various aircraft.
Jonas received his Master Degree in Computer Science and Electrical Engineering. His research interests are systems design and software engineering with a focus on safety and security. Most recently he has been applying STPA to protect commercial aviation from cyber attacks.
Dan received his PhD in the Department of Aeronautics and Astronautics in 2015. He has served 12 years in the Air Force as a defense R&D program manager and flight tester. Dan is interested in the performance and safety of complex systems with skilled-operator cultures. He and his wife Mel enjoy life with their dogs and any excuse to travel and enjoy the outdoors.
Cody was a Postdoctoral associate in the Department of Aeronautics and Astronautics, where he received his Ph.D. He is interested in developing methods to assist in design- and architectural- trade decisions during early phases of complex system development. He is currently working on safety assurance of critical systems in the Federal Aviation Administration’s NextGen system, a radical overhaul of aviation and air traffic management in the United States and abroad; development of innovative spacecraft technologies for both NASA and the Japanese Space Agency; mission assurance for orbital rendezvous systems; and next-generation human space flight technologies.
Cody grew up in Ames, IA and received a bachelor’s degree in mechanical engineering from Hope College in Holland, MI. He then received a master’s degree from MIT before working in the aerospace industry on spacecraft and laser systems for several years. He enjoys playing basketball and, when he has a few days away from the city, loves long backpacking trips.
Adam is in his second year as a PhD student in the Engineering Systems Division at the Massachusetts Institute of Technology. His research focuses on applying system-theoretic approaches to improve how security is understood for complex systems. Extending the security-related work of the lab, Adam is looking to illustrate the benefits of a STAMP and STPA-based security methodology for a range of applications-including security for ports and facilities that host nuclear materials. He is also interested in incorporating a more robust organizational theory component into STPA analysis.
Adam is also a Senior R&D Systems Engineer in the international nuclear security engineering department at Sandia National Laboratories. Prior to returning to graduate school, Adam was involved in numerous nuclear security-related projects, including conducting vulnerability assessments, designing physical protection systems and planning other international security engagement projects within Office of International Material Protection and Cooperation (NNSA/NA-25) and Office of Nonproliferation and International Security (NNSA/NA-24) programs.
Cameron graduated from the U.S. Naval Academy with a degree in Aerospace Engineering (Aeronautics) and started the master’s program in the MIT Aeronautics and Astronautics Department in the fall of 2012. He is currently investigating interoperability, Integrated Modular Avionics, and future NextGen applications through the lens of the STAMP model. Designated for naval flight school following the completion of his master’s degree, Cameron is also interested in applying his research to Naval Aviation and the military in general. Outside of this he carries a passion of flying and enjoys traveling the globe when afforded the opportunity.
Seth is a master’s student in the Engineering Systems Division at MIT. He is interested in how systems evolve during concept development to become prototype and ultimately fielded designs. Seth is currently working to develop methods that provide additional guidance and rigor when applying STPA to complex networks of control systems.
Seth grew up in Greensboro, NC and obtained a B.S. in Mechanical Engineering from North Carolina State University. When away from school, he enjoys playing guitar and exploring New England with his wife.
Soshi works as a high-speed rail (HSR) engineer for the Central Japan Railway Company. He has been working recently on SC-MAGLEV (Super-Conducting MAGnetic LEVitation). He has bachelor’s and master’s degrees in mechanical engineering from Kyoto University. His research interests involve enhancing the system safety of HSR transportation. He is now focusing on the ongoing HSR project in the northeast corridor (NEC) from a perspective of safety management as well as technological innovation. He makes a point that, in the planning process, safety should be brought up as a core value of the project because it is deeply related to the institutional framework, the regulations, and the dynamics of the industry — the pace and complexity of innovating technologies and business structures — as past rail accidents in UK and China or recent Boeing 787′s safety problems exemplify. He plans to apply STAMP to risk analysis of the HSR project management in the NEC.
Francisco Luis de Lemos
Project: Evaluating the Safety of Digital Instrumentation and Control Systems in Nuclear Power Plants. The use of digital instrumentation and controls introduces new challenges to the assurance and licensing of nuclear power plants. The goal of this research is to demonstrate the applicability, feasibility, and relative efficacy of using a new systems approach and hazard analysis technique (STPA) to help meet these challenges. A systems approach has the potential to augment the existing review and certification regime not only to provide a means to assess hazards associated with the introduction of digital technology in nuclear power plants, but also tools to evaluate the extent to which these hazards are adequately mitigated by the encompassing system architecture and to generate recommendations for safety-driven improvement when they are needed.
The research will determine if the current evaluation framework can be made more efficient and more effective by the addition of these new tools and identify which aspects of the current framework might benefit. It will also demonstrate how the new tools can fit within the existing NRC regulatory framework for validating retrofit of old plants and certification of new designs that include safety-related digital systems. While STPA has been used on other complex systems, it has not yet been applied to reactor control systems. The research will demonstrate whether the use of STPA could be an effective method (at the “guidance” level) to meet the requirements set by NRC regulation.
Mario visited from the Technical University of Vienna and works in computer science.
Blandine Antoine received her PhD at MIT’s Engineering Systems Division. Her dissertation deals with developing a STAMP based approach for safety verification and certification of complex systems. In addition to proposing heuristics that aim to facilitate the process of applying hazard analysis technique STPA to existing designs, she investigates whether current certification regimes would be open to including the STAMP approach and accepting STPA results for the safety cases required for licensing of new complex systems. She uses the PROSCAN proton-therapy facility developed by the Paul Scherer Insitute as a case example, and focuses on the regulatory frameworks that apply to medical devices using ionizing radiation in Europe and the USA.
Blandine holds a diplome d’ingénieur from Ecole Polytechnique, MSc in nuclear engineering from UC Berkeley and MPA from Ecole des Ponts Paristech. Her work experience includes taking stints at energy system policy and design, education to energy and climate change issues, and tackling energy poverty in the developing world. . Currently on leave from the French Department for Infrastructure and the Environment and with growing interest in ecologically sound water treatment and soil conservation processes, she is a founder and active board member of rural electrification provider EGG-energy, a handball goal-keeper at heart and an enthusiastic eater of local organic food.
Project: Safety review of a proton-therapy machine
The PROSCAN facility that was designed and built by the Paul Scherrer Institute uses a high energy proton beam to treat cancer tumors by delivering packets of dose in precisely located spots. An extension of the current treatment capabilities is sought that will allow faster treatment thanks to continuous beam scanning. The first purpose of this project was to evaluate the safety of the facility and of its capability extension by assessing whether the hazardous scenarios identified using STPA were designed against and mitigated. Our second goal in performing this analysis was to contribute to building heuristics that will facilitate the application of STPA to safety review purposes.
So far, high-level radiation related hazards were identified, control structures were built, and STPA (step 1 and 2) performed on several process loops. In so doing, questions were raised that led to the following methodological proposals:
- Decompose controlled processes in several controlled attributes
- Strip system representation (control structures) of safety related elements so as to check whether they do mitigate the hazards that the system may face
- Represent “veto” powers as control information
- Standardize the presentation and tracking of hazards, safety constraints, unsafe control actions, hazardous scenarios, and design rationale.
A project report including our findings and proposals will be available for download on this website in Fall 2012. They will also be documented in Blandine Antoine’s PhD dissertation.
Melissa received her Master in the Technology and Policy Program, which is in the Engineering Systems Division at MIT. Her thesis applies the STAMP based accident analysis methodology (CAST) to a non-physical system–the financial crisis of 2007. Her thesis looks specifically at the rapid loss of control over their solvency that the broker/dealer Bear Stearns experienced in March 2008, and attempts to treat that event in the same way that CAST treats other accidents. She has enjoyed her work with Professor Leveson, applying CAST and STAMP to many different types of system, but especially the application to air traffic control systems under the NextGen upgrade regime.
Melissa has a BA in Economics from Wellesley College, and a certificate in Computer Science from Tufts University. Prior to rejoining the academic world, she spent several years working at an information technology consultant in the financial sector–an experience that certainly led to her desire to use STAMP to engineer a better financial regime! When not engaged in her studies, Melissa enjoys experimenting in her kitchen and doing crossword puzzles. She also loves to ride her bicycle during the warm months and has occasionally completed a sprint-distance triathlon or two (completed, not competed!). When she can she loves to travel and experience new cultures and especially new foods.
Airong received her Masters in the System Design and Management Program. In her thesis work, she uses STAMP (System-Theoretic Accident Model) to analyze the China high speed train accident in 2011, in order to understand the accident systematically and generate recommendations to the overall railway safety practices in China. She also applies STPA (System –Theoretic Process Analysis) to the development of an advanced train control system – Communication Based Train Control (CBTC) system, to show its advantages in analyzing system hazards and leading system design in developing safety critical systems.
Prior to MIT, Airong has worked several years in the railway industry in Beijing, China.
Connor received his Master at MIT’s Aero/Astro department and a Draper Laboratory Fellow at the Charles Stark Draper Laboratory. He received a B.S. in Aerospace Engineering (Aeronautics) and a commission as a naval officer from the United States Naval Academy (USNA) in 2011. His research applies STPA to the NASA/JAXA (GPM) satellite. He also conducted directed energy research USNA and the Institute for Defense Analyses. Upon completing his degree program, Connor will report to flight training in Pensacola, FL.
Project: The NASA/JAXA Global Precipitation Measurement (GPM) satellite will provide rain and snow measurements worldwide every three hours using the Dual-frequency Precipitation Radar (DPR) and the GPM Microwave Imager (GMI). The satellite will improve knowledge of the Earth’s water cycle and its link to climate change. The purpose of the system safety analysis using STPA is to identify hazards not found through the traditional hazard analysis methods conducted previously. The results will be compared with the traditional fault tree produced by NASA for the satellite.
His Ph.D. research is on Space Logistics under the supervision of Prof. Oli de Weck but he has been working as an Research Assistant on a grant from the Japanese Space Agency (JAXA and JAMSS) to apply STPA to the ISS rendezvous and capture operation of the JAXA’s spacecraft HTV. He has also applied STPA to the multiple controller problem, where uncoordinated interactions happen among multiple controllers controlling the same process.