The source of the hazards is faults
Faults in hardware components can be faked by special control added to the component, used to disable the component
In testing or training, the unit can block or modify the output of a sensor, to simulate the behavior of component mal function
Gates are controlled by the administration unit.
Resilience gates may be provided to simulate sensor data in order to fake component malfunction for testing the system capability to handle the situation
Inter-unit mismatch can occur when one of the units is being reset. A proper behavior would be that after reset, the unit resumes its original state.
In testing or training, the unit can change the situation, scenario or activity in the corresponding knowledge base, to simulate the behavior of exceptional situations
Operator slips can be faked manually by invoking commands that do not comply with the operational protocol s (in the effective scenario). A proper response would be rejection of the input by the proper gate.
Human-machine mismatch can occur when following a mode change, the machine does not change its state according to the rules.
A possible way to fake these faults is by a special program, which manipulates the messages sent from the functional unit to the Situation analyzer and the activity analyzer.
Updated on 05 Feb 2017.