Chris Johnson

Chris Johnson
University of Glasgow | UofG · School of Computing Science

MA, MSc, DPhil.

About

254
Publications
59,613
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,919
Citations
Additional affiliations
October 1994 - present
University of Glasgow
Position
  • Professor of Computing Science

Publications

Publications (254)
Article
Full-text available
This paper focuses on the perception of Branford's standardized AcciMap approach as a tool for accident analysis in healthcare. This study further builds on the previous work regarding National Health Service (NHSScotland) clinical safety practitioners' first-time experience in applying the standardized AcciMap approach and discusses its advantages...
Conference Paper
Full-text available
The utilization of Information Technology/software systems is considered a proactive measure for reducing medication errors, providing clinical efficiency and improving patient safety. However this has added a layer of risk that can potentially harm patients and compromise safety. A comparative study using specific accident models; the Human Factor...
Article
In the past, it was not possible to update the underlying software in many industrial control devices. Engineering teams had to “rip and replace” obsolete components. However, the ability to make firmware updates has provided significant benefits to companies who use Programmable Logic Controllers (PLCs), switches, gateways and bridges, as well as...
Conference Paper
Full-text available
KEYWORDS AcciMaps, Patient Safety, Systemic Models, Risk Management, Accident Models SUMMATIVE STATEMENT The AcciMap method was utilized and evaluated by NHS participants based on the survey adapted from a previous study (Underwood et al, 2016). The results obtained indicate the need for further studies on improving the validity and reliability of...
Article
The Bhopal pesticide accident triggered a number of responses from the companies involved from the Indian government as well as reforms in the United States. These initiatives reached a range of different conclusions that arguably failed to provide a coherent framework for action around the globe. In other domains, organisations such as the Interna...
Article
Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) applications monitor and control a wide range of safety-related functions. These include energy generation, where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related p...
Article
Full-text available
Interventions to reduce risk often have an associated cost. In UK industries decisions about risk reduction are made and justified within a shared regulatory framework that requires that risk be reduced as low as reasonably practicable. In health care no such regulatory framework exists, and the practice of making decisions about risk reduction is...
Article
Security incidents can have negative impacts on healthcare organisations and the security of medical records has become a primary concern of the public. However, previous studies showed that organisations had not effectively learned lessons from security incidents. Incident learning as an essential activity in the “follow-up” phase of security inci...
Conference Paper
Full-text available
Weibull distributions can be used to accurately model failure behaviours of a wide range of critical systems such as on-orbit satellite subsystems. Markov chains have been used extensively to model reliability and performance of engineering systems or applications. However, the exponentially distributed sojourn time of Continuous-Time Markov Chains...
Conference Paper
Industrial Control Systems (ICS) and SCADA (Supervisory Control And Data Acquisition) applications monitor and control a wide range of safety-related functions. These include energy generation where failures could have significant, irreversible consequences. They also include the control systems that are used in the manufacture of safety-related pr...
Article
Full-text available
Abstract Healthcare organisations are often encouraged to learn from other industries in order to develop proactive and rigorous safety management practices. In the UK safety–critical industries safety cases have been used to provide justification that systems are acceptably safe. There has been growing interest in healthcare in the application of...
Conference Paper
Critical infrastructures must be better protected against challenges to their data communications in the face of increasing numbers of emerging challenges, complexity and society’s demand and intolerance of failures. In this paper, we present a set of challenges and their characteristics by reviewing reported incidents. Using domain specific attrib...
Article
Full-text available
Navigation satellites are a core component of navigation satellite based systems such as GPS, GLONASS and Galileo which provide location and timing information for a variety of uses. Such satellites are designed for operating on orbit to perform tasks and have lifetimes of 10 years or more. Reliability, availability and maintainability (RAM) analys...
Article
Full-text available
Safety is an essential requirement for railway transportation. There are many methods that have been developed to predict, prevent, and mitigate accidents in this context. All of these methods have their own purpose and limitations. This paper presents a new useful analysis technique: timed fault tree analysis. This method extends traditional fault...
Book
This book constitutes the refereed proceedings of the IFIP WG 13.2/13.5 Joint Working Conferences: 6th International Conference on Human-Centered Software Engineering, HCSE 2016, and 8th International Conference on Human Error, Safety, and System Development, HESSD 2016, held in Stockholm, Sweden, in August 2016. The 11 full papers and 14 short pa...
Article
Full-text available
This paper highlights a promising application of the analysis technique of probabilistic verification. We prove that it is able and suitable to analyse GNSS based positioning in aviation sectors for aircraft guidance. In particular, the focus is a widely used formal method called probabilistic model checking, and its generalisation to the analysis...
Conference Paper
Full-text available
The International Civil Aviation Organisation (ICAO) identify an Airprox to be a situation in which, in the opinion of a pilot or air traffic services personnel, the distance between aircraft as well as their relative positions and speed have been such that the safety of the aircraft involved may have been compromised. These are relatively rare eve...
Conference Paper
Many companies must report cyber-incidents to regulatory organisations, including the US Securities and Exchange Commission and the European Network and Information Security Agency. Unfortunately, these security systems have not been integrated with safety reporting schemes. This leads to confusion and inconsistency when, for example a cyber-attack...
Conference Paper
Intrusion detection systems (IDS) provide valuable tools to monitor for, and militate against, the impact of cyber-attacks. However, this paper identifies a range of theoretical and practical concerns when these software systems are integrated into safety-critical applications. Whitelist approaches enumerate the processes that can legitimately expl...
Conference Paper
This workshop focusses on the issues of bringing together several properties to interactive systems. While research in the field of HCI is mainly targeting at Usability and user experience (UX) this workshop focusses on Resilience, Reliability and Safety. It is organized by the IFIP Working Group 13.5 on Resilience, Reliability, Safety and Human Er...
Article
Context. The recurrence of past breaches in healthcare showed that security lessons had not been effectively learned across different healthcare organisations. Recent studies have identified the need to improve incident learning and redistribute this knowledge to prevent future attacks. The Generic Security Template (GST) had been proposed to facil...
Article
Full-text available
The increasing use of Electronic Health Records has been mirrored by a similar rise in the number of security incidents where confidential information has inadvertently been disclosed to third parties. These problems have been compounded by an apparent inability to learn from previous violations; similar security incidents have been observed across...
Conference Paper
Full-text available
Cyber exercises are used to simulate cyber incident environments to assess the knowledge and skills of information security personnel. The use of the cyber exercise is extended to assess the readiness of a community against cyber crises and critical information infrastructure incidents. This collaborative cyber exercise involved people from various...
Chapter
Cyber-attacks can have a devastating impact on safety-critical systems. The increasing reliance on mass market Commercial Off-The Shelf (COTS) infrastructures, including Linux and the IP stack, have created vulnerabilities in applications ranging from Air Traffic Management through to Railway signalling and Maritime surveillance. Once a system has...
Conference Paper
Full-text available
This paper highlights an application of probabilistic model checking to satellite positioning systems for aircraft guidance. After introducing our formal approach based on using the PRISM model checker, we built a model of a global navigation satellite system (GNSS) based positioning system for a specific flight in the probabilistic π-calculus, a p...
Conference Paper
This paper illustrates how Situation Awareness measurement techniques can be transferred and adopted to a Cloud Computing network environment, specifically concerning the Intrusion Detection field. Bearing in mind the rise of Cloud Infrastructures and the importance of Cyber Security, this topic is critical. In this paper the relationship between S...
Article
Some states have knowledgeable and competent regulators. Others are less fortunate. The operation and management of safety industries depends upon individuals who are often poorly paid compared to their colleagues in the private sector. In consequence, some regulators lack the experience, motivation and insight needed to guide safety–critical indus...
Conference Paper
Full-text available
The increasing use of Electronic Health Records has been mirrored by a similar rise in the number of security incidents where confidential information has inadvertently been disclosed to third parties. These problems have been compounded by an apparent inability to learn from previous violations; similar security incidents have been observed across...
Conference Paper
Full-text available
Currently, the lessons learned from the security incidents are documented in add-hoc means such as lengthy security reports, free-style textual news letters, emails or informal meetings. This makes it difficult to effectively communicate security lessons among peers and organisations. The diagraming approach such as the Generic Security Template (G...
Conference Paper
Full-text available
Critical infrastructures are organisations that deliver vital services like telecommunication, energy and water suppliers to the community. Today, threats on critical infrastructure are differs from natural disasters, technical failures, man-made and cyber-attacks. Any disruptions on critical infrastructures could create a catastrophic damage. Prot...
Conference Paper
Full-text available
Adverse incidents in the privacy of patients’ medical records can result in multiple negative impacts. Effective mechanisms are needed to communicate the lessons from the incidents into the Information Security Management Systems (ISMS) so as to prevent similar incidents. The Generic Security Template (G.S.T.) has been developed to enhance current...
Article
Full-text available
We sketch a series of studies and experiments designed to provide empirical evidence about the truth or falsity of claims that non-prescriptive approaches to standards demand greater competence from regulators than prescriptive approaches require.
Conference Paper
Full-text available
The number of security incidents is still increasing. The re-occurrence of past breaches shows that lessons have not been effectively learned across different organisations. This illustrates important weaknesses within information security management systems (ISMS). The sharing of recommendations between public and private organisations has, arguab...
Technical Report
Full-text available
Satellites now form a core component for space based systems such as GPS and GLONASS which provide location and timing information for a variety of uses. Such satellites are designed for operating on orbit to perform tasks and have lifetimes of 10 years or more. Reliability, availability and maintainability (RAM) analysis of systems has been indisp...
Conference Paper
Full-text available
Satellites now form a core component for space based systems such as GPS and GLONAS which provide location and timing information for a variety of uses. Such satellites are designed to operate in-orbit and have lifetimes of 10 years or more. Reliability, availability and maintainability (RAM) analysis of these systems has been indispensable in the...
Conference Paper
Social media provides a new and potentially rich source of information for emergency management services. However, extracting the relevant information from such streams poses a number of difficult challenges. In this short paper, we survey emergency management professionals to ascertain how social media is used when responding to incidents, the sea...
Conference Paper
There has been much UbiComp research into motivating people to live more active and healthy lifestyle with sports. The idea behind these approaches is centered on social and peer effects in enhancing exercise adherence. While research of this kind has been prolific, there has very little work been done to identify factors that embody comfortable an...
Article
We identify four roles that social networking plays in the 'attribution problem', which obscures whether or not cyber-attacks were state-sponsored. First, social networks motivate individuals to participate in Distributed Denial of Service attacks by providing malware and identifying potential targets. Second, attackers use an individual's social n...
Article
Communications and information technologies play an increasingly important role both within and between national critical infrastructures. From the food that we eat to the water that we drink, to the energy that we use across all modes of transportation to the systems that protect us when we travel in those systems; we rely on information infrastru...
Chapter
A range of common software components are gradually being integrated into the infrastructures that support safety critical systems. These include network management tools, operating systems especially Linux, Voice Over IP (VOIP) communications technologies, and satellite based augmentation systems for navigation/timing data etc. The increasing use...
Conference Paper
Full-text available
Accident reports play a key role in the safety of complex systems. These reports present the recommendations that are intended to help avoid any recurrence of past failures. However, the value of these findings depends upon the causal analysis that helps to identify the reasons why an accident occurred. Various techniques have been developed to hel...
Conference Paper
Full-text available
Numerous data breach incidents have been reported in recent years and there is a continuing requirement to protect patient and clinician confidentiality. However, the diversity of security products, tools and techniques in the market place make it very hard for management to ensure that they have implemented coherent countermeasures to meet organis...
Article
Full-text available
This article aims to demonstrate computational synthesis of Web-based experiments in undertaking experimentation on relationships among the participants' design preference, rationale, and cognitive test performance. The exemplified experiments were computationally synthesised, including the websites as materials, experiment protocols as methods, an...
Conference Paper
Systematic network monitoring can be the cornerstone for the dependable operation of safety-critical distributed systems. In this paper, we present our vision for informed anomaly detection through network monitoring and resilience measurements to increase the operators' visibility of ATM communication networks. We raise the question of how to dete...
Article
Space missions require significant investments to develop and sustain the underlying engineering infrastructures. Assuring mission success (Return-On- Investment) also depends upon investments in the training that supports closer integration between flight crews and ground teams. However, economic and fiscal pressures are forcing many governments t...
Article
Space-based systems play an important role within national critical infrastructures. They are being integrated into advanced air-traffic management applications, rail signalling systems, energy distribution software etc. Unfortunately, the end users of communications, location sensing and timing applications often fail to understand that these infr...
Conference Paper
Full-text available
The Crisees demonstrator is a service that aggregates and collects social media streams to support Crisis Managment.
Conference Paper
Effective crisis communications play a vital role in increasing the resilience of communities against natural or man-made disasters. Warning and informing affected citizens is a crucial safety-critical process with the aim to raise public awareness prior to an event, or when one is imminent. This process has traditionally been facilitated through b...
Conference Paper
Malware poses a growing threat to a host of safety-critical systems that depend on common software components, including the Linux operating system and the Internet Protocol (IP). Threats include 'mass market' malware that is not deliberately aimed at safety-related systems. They also include more sophisticated techniques exploited by W32.Stuxnet,...
Article
Public and private organisations are investing increasing amounts into the development of healthcare software. These applications are perceived to offer numerous benefits. Software systems can improve the exchange of information between healthcare facilities. They support standardized procedures that can help to increase consistency between differe...
Article
Satellite-based location and timing systems support a wide range of mass market applications, typically using the GPS infrastructure. Until recently, these applications could not be used within safety-critical interfaces. Limits to the accuracy, availability, integrity and continuity of the space-based signals prevented regulatory agencies from cer...
Conference Paper
Full-text available
The increasing complexity of safety-critical applications has led to the introduction of decision support tools in the transportation and process industries. Automation has also been introduced to support operator intervention in safe-tycritical applications. These innovations help reduce overall operator workload, and filter application data to ma...
Conference Paper
Full-text available
In previous papers, we asserted that software system safety is primarily concerned with epistemic questions, that is, questions concerning knowledge and the degree of confidence that can be placed in that knowledge. We also enumerated a set of 21 foundational epistemic questions, discussed some of the difficulties that exist in answering these ques...
Conference Paper
Concerns over accuracy, availability, integrity, and continuity have limited the integration of Global Positioning System (GPS) and Global Navigation Satellite System (GLONASS) for safety-critical applications. More recent augmentation systems, such as the European Geostationary Navigation Overlay Service (EGNOS) and the North American Wide Area Au...
Conference Paper
Full-text available
In an ideal world, conversations about whether a particular system is safe, or whether a particular method or tool enhances safety, would be emotion-free discussions concentrating on the level of safety required, available evidence, and coherent logical, mathematical, or scientific arguments based on that evidence. In the real world, discussions ab...
Conference Paper
Governments across Europe and North America have recently reviewed the ways in which they provide both the public and their own departments with access to electronic data. Information service architectures have been proposed as one important component of the new e-Governance visions. These web-based technologies offer huge benefits by defining comm...
Conference Paper
Unmanned Airborne Systems (UAS) offer significant benefits for long duration missions. They can also be used in situations where it is inappropriate to expose aircrew to increased levels of risk. Partly in consequence, they continue to experience accident rates that are significantly higher than those for most conventional aircraft. It can also be...
Chapter
Full-text available
This paper analyzes a range of incidents involving team-based interaction with safety-critical programmable systems. The incidents were submitted to NASA’s Aviation Safety Reporting System (ASRS) and to the UK Marine Accident Investigation Branch (MAIB) between December 2001 and February 2003. Our results show that incidents, which complicated the...
Conference Paper
President Obama has recently announced an additional $50 billion to support the development of healthcare informatics and electronic patient records systems. Public attention has, therefore, focused on ensuring that such investments do not suffer from the failures that have jeopardised patient safety in previous large-scale software procurements. T...
Conference Paper
Full-text available
For any software system upon which lives depend, the most important question one can ask about it is, ‘How do we know the system is safe?’ Despite the critical importance of this question, no widely accepted, generally applicable answer exists. Instead, debate continues to rage over the question, with theorists and practitioners quarrelling with ea...
Article
Full-text available
This paper argues that a 'systemic' approach can he lp to address the threat to public safety from Impr ovised Explosive Devices (IEDs). Rather than focusing na rrowly on electronic counter-measures or on the det ection of disaffected groups before an incident, we have argu ed that security agencies should look across all st ages of the IED traject...
Article
The pioneering work of Rasmussen, Reason and their colleagues has greatly improved our understanding of the longer term causes of adverse events in safety-critical systems. Far less attention has been paid to the organisational decision making that characterises the response to accidents and incidents. Therefore, this paper examines the interventio...
Article
Full-text available
This paper presents the initial results from a study into the interaction between safety culture and degraded modes of operation in European Air Traffic Management (ATM). Degraded modes occur when operators struggle to maintain levels of service even though key elements of their infrastructure have failed. Safety culture can be simply described as...
Article
Full-text available
Software simulations have been widely used to model evacuations from fire but very few have been used to analyse a wider range of hazards, including terrorist attac ks. The following pages describe how one group of evacuation simulations has been extended to support the risk a ssessments that drive counter terrorism. Two key areas are discussed; ch...
Article
The World Health Organization (WHO) estimate that road traffic accidents represent the third leading cause of ‘death and disease ’ worldwide. Many countries have, therefore, launched safety campaigns that are intended to reduce road traffic accidents by increasing public awareness. In almost every case, however, a reduction in the total number of f...
Conference Paper
Terrorist attacks, for example in Madrid and London, have increased concern over the threat that Improvised Explosive Devices (IEDs) pose to public safety. Insurgent groups in Iraq and Afghanistan have developed relatively sophisticated tactics, including the use of synchronised attacks with multiple devices that have not yet been witnessed in Euro...
Conference Paper
Unmanned airborne vehicles (UAVs) provide significant operational benefits to many military organisations. At present, however, most systems lack the reliability of conventional air support. This imposes considerable demands on the teams that must operate and maintain UAVs. It also creates considerable risks for the units that must retrieve these v...
Conference Paper
Risk assessment has been advocated as a principle means of improving military safety. For instance, the US Army's Composite Risk Management urges personnel to assess the likelihood and consequences of potential hazards before making strategic, tactical and operational decisions. The British army advocates risk assessment to guide both tactical plan...
Conference Paper
Full-text available
This paper describes five loss of control accidents involving commercial aircraft, and derives from those accidents three principles to consider when developing a potential safety case for an advanced flight control system for commercial aircraft. One, among the foundational evidence needed to support a safety case is the availability to the contro...
Conference Paper
Full-text available
Previous terrorist attacks, system failures and natural disasters have revealed the problems that many States face in preparing for national civil contingencies. The diversity of critical infrastructures and the interconnections between different systems makes it difficult for planners to 'think of everything'. For example, the loss of power distri...
Conference Paper
Full-text available
Previous terrorist attacks, infrastructure failures and natural disasters have revealed the problems that states face in preparing for civil contingencies. One aspect of this is that the agencies which typically coordinate the protection of critical infrastructures have a national responsibility. However, the impact of particular failures is often...
Article
Full-text available
Incident reporting systems can be used to detect problems before they result in an accident. They can also be used to strengthen the defences that lead to the detection and resolution of potential problems. There are also significant limitations. For instance, it is difficult to support long-term participation from all elements of a workforce. In s...
Article
Recent rail accidents in the UK have focussed public attention on the role that companies play in the causes of incidents and accidents. Partly in response, the Westminster parliament has published proposals to change the legislation on corporate manslaughter. Previous incidents have had a similar impact in other countries. For example, the 2006 mi...
Article
In July 2005, London was awarded the right to host the 2012 olympic and paralympic games. The decision of the International Olympic Committee triggered considerable public enthusiasm across the UK. At the same time, it also created a host of logistical and technical challenges. Amongst these the first concern is to ensure the safety and security of...
Article
There has been a rapid increase in the complexity and integration of many safety-critical systems. In consequence, it is becoming increasingly difficult to identify the causes of incidents and accidents back through the complex interactions that lead to an adverse event. At the same time, there is a growing appreciation of the need to consider a br...
Conference Paper
Many research teams have developed mobile computing architectures to support the emergency and rescue services in a rang e of civil contingencies. These proposals are based on innovative technologies and show considerable creativity in the design of their user interfaces. In contrast, this paper presents lessons learned from the 2007 UK floods. Mob...
Article
Full-text available
The Global Positioning System (GPS) uses a network of orbiting and geostationary satellites to calculate the position of a receiver over time. This technology has revolutionised a wide range of safety-critical industries and leisure applications ranging from commercial fisheries through to mountain running. These systems provide diverse benefits; s...