Greg Cheyne - Sydney Trains

1

Telecommunications & Train Control 2015

2 Commercial in Confidence2

Telecommunications & Train Control 2015

Greg Cheyne Telecommunications Systems Assurance Inspector, Sydney Trains

Achieving systems integrity for rail communications systems


Relationship between system / service integrity and integration with business processes

Achieving systems integrity for rail communications systems

Use of standards to define condition and criticality requirements of services conveying train control information

Systems approach using reliability engineering methodologies to deliver and manage services based on priority and core business


INTEGRATED MULTI-‐MODAL TRANSPORT SYSTEM

RAIL TRANSPORT SYSTEM

ROAD TRANSPORT SYSTEM(E.G. ROADS & TRAFFIC AUTHORITY + TOLL ROAD

OPERATORS)

MARITIME TRANSPORT SYSTEM

(E.G. SYDNEY FERRIES + SYDNEY PORTS)

Interfaces

Interfaces

Interfaces

TicketingSystem

Rail Traffic Control System

Traction Power Distr System

Station Managemt System

Trainborne SystemVehicle Body System

Ventilation & Heating System

Propulsion System

Train Comms system

Braking System

Train Driver and Guard

Train Control System

Rail Traffic Controllers

Rail Network Comms

AIR TRANSPORT SYSTEM(E.G. SYDNEY AIRPORT +

AIR SERVICES AUSTRALIA + AIRLINES)

Interfaces

Interfaces

Interfaces

INTEGRATED MULTI-‐MODAL TRANSPORT SYSTEM

RAIL TRANSPORT SYSTEM

ROAD TRANSPORT SYSTEM(E.G. ROADS & TRAFFIC AUTHORITY + TOLL ROAD

OPERATORS)

MARITIME TRANSPORT SYSTEM

(E.G. SYDNEY FERRIES + SYDNEY PORTS)

Interfaces

Interfaces

Interfaces

TicketingSystem

Rail Traffic Control System

Traction Power Distr System

Station Managemt System

Trainborne SystemVehicle Body System

Ventilation & Heating System

Propulsion System

Train Comms system

Braking System

Train Driver and Guard

Train Control System

Rail Traffic Controllers

Rail Network Comms

AIR TRANSPORT SYSTEM(E.G. SYDNEY AIRPORT +

AIR SERVICES AUSTRALIA + AIRLINES)

Interfaces

Interfaces

Interfaces

SystemsTfNSW System Overview


Service Types


SER

Internal stakeholders Other transport modes

External stakeholders

Control Local Signalling

Bulk Supply Substation

HV Feeders

Stabling Yard

Signal/Area Control

Network/Line Management

Signal/Telecom Depot Civil/Track

Depot

Electrical Depot

Fleet Depot

Traction Substation

Electrica

l Bulk S

upplier Tran

smission

Grid

SecurityTelecomMaintainer

SignalMaintainer

SignalOperator

InfraControl

ElectricalControlOperator

LineMgmt

NetworkMgmt

TelecomMaintainer

Signal Maintainer

Track MaintainerCivil

Maintainer

ElectricalMaintainer

PresentStaff

YardSecurity

Yard OpsStaff

YardMaster

R’StockMaintainer

DepotSecurity

DepotOps StaffDepot

Manager

Commuter

PlatformStaff

Driver

Guard

SecurityStaff

Commuter

UnauthorisedPerson on track

ProtectionOfficer

AuthorisedPerson on track

Track ProtectionStaff

DutyManager

CateringStaff

Security

Signaller-Train

Station Security Ops

Staff protection on track

Platform Ops

Station-Train

Line Control-Train

EOC-Substation

Manage Fleet Depot

Fleet Depot Movements

Fleet Depot Security Ops

Maintain Fleet Assets

Signaller-Line Control

Control Infra Maintenance

Electrical Network Switching

Line Management

Manage Rail Network

Rail Network Security Ops

Signalling Ops in Control Area

Maintain SCC Signalling Systems

Maintain SCC Telecom Systems

SCC Security Ops

Maintain Signal Assets

Maintain Telecom Assets

Control Local Telecoms

Authorised activities (survey, install, test, maintain...)

Use Station services

Use services

Catering Services (intercity)

On-Train & Platform-Train Ops

Train Security Ops

Train Driving

Stabling Yard Security Ops

Presentation Services

Manage Driver Rostering

Stabling Yard Ops

Manage Stabling Yard

Yard-Fleet Depot

Train-Fleet Depot

Train-Yard

Substation-Electrical Depot

Threaten self-harm, trespass, vandalism, theft, terrorism

Ambulance

Police

Fire

HazMat

SES

AccidentInvestigators

Electrical Bulk Supplier

Manage Electrical Bulk Supply

Local Traction Operator

Local Control of Traction Supply

Network Mgmt-Fleet Depot

Signaller-Yard

Signaller-Fleet Depot

Network Mgmt-Bulk Supplier

Line Control-Station

Maintain Track Assets

Maintain Civil Assets

Signaller-Sig/Tel Depot

Key

Operational Interface

OperationalRole

Infra Control-Civil/Track Depot

Revenue Protection

Infra Control-Electrical Depot

Electrical Maintenance

Ops Interfaces to Other Transport Modes

Ops Interfaces to External Parties

DTRS

OHW

Signals

Station/StopInterchange

StationManager

RevenueCollection

RevenueProtection

Revenue Collection

Station Ops

Station CarPark

Infra Control-Sig/Tel Depot

Bus

Rapid Transit

Light Rail Transit

Air

Active Cycle

Active Walking

Ferry

Taxi

Car

ONRSR

ARTCFreightClients

Utilities

CountryRailNetw

CER

Councils

Industry

Commerce

Domestic

ADF

Planning &Programs

NWRLOpCo

NSWTrains

Sydney Trains

Freight & RegionalDev

Policy & Reg

TransportServ

TransportProjects

CustomerExper

Traction feed

Signaller-Station

Switch Local Traction Power

SectionHut

Freight Terminal

Bulk Supply Sub-Traction Sub

Freight Terminal Ops Staff

EPA

Heritage

WorkCover

StateTransitAuthor

With permission ASA Systems Engineering


Overview of Systems Inspections

• Systems Assurance Unit (SAU). Audit, Inspection, Reporting & Technical Publications

• Compare all elements of each system against standards and relevant information.

• Provide objective evidence in support of the condition/s found.


System Elements

System

Hardware

Facilities

Information

Software

Procedures Environment

Data

Humans

Processes

Materials

SDHPABXRADIO


Telecommunications Systems (Enabling and Providing)

• Hardware: Multiplexors, Radios, Exchanges, Routers, Switches

• Facilities: Power, Cables, Routes, Buildings, Structures

• Software: Network Management Systems, Firmware

• Information: Designs, Records, Licenses, Device Configuration

• Procedures: Work Instructions

Systems of Interest(Service Dependant)

• Train Operations Systems (Voice and Data)

• Train Control & Visibility• Customer Information• Fare Collection• Asset Management• Condition Monitoring• CCTV and Security • Organisational Administration

Services

ServicesServices

Services and Systems


ØWill the introduction of ATO, ‘in-cab’ or ‘inter-cab’ signalling affect the safety status of telecommunications systems

Ø Will the integrity of existing systems equipment be sufficient to support new technologies

ØHow our industry applies standards for safety and continuity of operations for rail telecommunications

Challenges

11 Commercial in Confidence11 With permission


What are the most critical services using telecommunications and technology systems?

• Services linking Safety Rated Systems

Risks and Criticality

And…• Services connecting business critical applications

• Signalling Control

• Future Train Radio and ATP

• Train Information

• Passenger Information


• Normal randomness of equipment failure

• Failures caused by maintenance actions

• Man made threats

• Naturally occurring impacts on services

• Vulnerability due to deliberate attack

Threats


SIL Safety Integrity Level

- The likelihood of a system satisfactorily performing the required safety functions under all the stated conditions within a stated period of time, considering both systematic and random failure. (EN 50126)

- Safety Integrity Level (SIL) means risk reduction to a tolerable level where electronic safety-related systems are used to perform safety functions. (IEC 61508)

SIL 4 = >99.99% Avail., or 0.0001 to 0.00001 Avg. Prob. FailureSIL 3 = 99.90% to 99.99% Avail., or 0.001 to 0.0001 Avg. Prob. FailureSIL 2 = 99.0% Avail., or 0.01 to 0.001 Avg. Prob. FailureSIL 1 = 90% to 99% Avail., or 0.1 to 0.01 Avg. Prob. FailureSIL 0 = Hakuna Matata


SIL 4 Signalling System SIL 4

Signalling System

SIL 0Closed Telecoms Link

Signalling functions are independent of the telecom link

Today


SIL 4 Signalling System


SIL 0Closed Network



Open Network with security function

SIL 4 functions are independent of the Network type

SIL 4 functions dependent of the Network type

Security Barrier

No Security Barrier

OR

Tomorrow?

With permission, Dr Marc Antoni UIC


Safety Integrity

Safety Instrumented Systems (SIS) and functions (SIF)

- Safety Instrumented System (SIS) are designed to be used to implement one or more Safety Instrumented Functions (SIF)

IEC 61508


A Microlok Interlocking Interface


StandardsNational and International Standards TfNSW Standard and Procedures

Organisational Standards

AS 9000 Quality ManagementISO 55000 Asset ManagementISO/IEC 27000 Information Security Management Systems

50-‐ST-‐162/3.0 Asset Life Cycle Safety Management Standard30-‐ST-‐164 TfNSW Enterprise Risk Management StandardT MU AM 04001 PL TfNSW Configuration Management Plan

Systems Standards

ISO/IEC 15288 Systems and software engineering -‐ System life cycle processesIEC/TR 61508 -‐ Functional safety electronic safety-‐related systemsAS ISO 10007 Quality management systems -‐ Guidelines for configuration management

TS 20001 Safety Standard for new or altered assetsT MU AM 06002 GU AEO Guide Reliability, Availability and MaintainabilityT MU AM 60006 GU Systems Engineering Guide

Telecommunications Specific Standards

AS ISO/IEC 20000.1 Information technology service managementAS/NZS 3084 Telecommunications installations -‐ Telecommunications pathways and spaces for commercial buildingsAS/CA S009 Installation requirements for customer cablingAS/NZS 3835 Earth potential rise -‐ TelecommunicationsAS/NZS 4117 Surge protective devices for telecommunications applications

T HR TE 41001 ST Packet switched networks Wired -‐ Local, metropolitan, and wide area networksT HR TE 21001 ST Telecommunications equipment roomT HR TE 21002 ST Communications Earthing and Surge SuppressionT HR TE 01003 SPOptical fibre Termination, patching and managementSPG 0705 Construction of cable routes and signalling civil worksSPG 1256 Communications links for signalling controlT MU SY 10001 ST Public Transport Closed Circuit Television (CCTV) Functional Requirements StandardT HR TE 61001 ST Emergency telephone systemsT HR TE 81002 ST Telecommunication Equipment -‐Network management

Interfacing Discipline Standards

AS 3000 Electrical installationsEN 60721 Classification of Environmental ConditionsAS 1735.5 Lifts, escalators and moving walkways -‐ Passenger and goods lifts -‐ ElectricISO 4354 Wind actions on structures

T HR EL 00002 PR -‐ Electrical Power Equipment -‐ Integrated Support RequirementT HR EL 11001 PR Design Technical Reviews for Electrical SCADA EquipmentTS TOC.1 Train Operating Conditions (TOC) Manual -‐General Instructions

Rail Safety Specific Standards

AS 7660 Railway Network Control Mobile Communication SystemEN 50126.1 Railway Applications -‐ The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) -‐-‐ Part 1 Basic requirements and generic processEN 50126.2 Railway Applications -‐ The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) -‐-‐ Part 2 Guide to the applications of EN50126-‐1 for safetyEN 50129 Railway applications -‐ Communication, signalling and processing systems -‐ safety related electronic systems for signallingEN 50159 Railway applications -‐ Communication, signalling and processing systems -‐ Safety-‐related communication in transmission systems

TMG J000 Signalling Safe-‐working Procedures -‐ Manual SMS 01 SP 3061 Safety Management System and LegislationSMS 07 SP 3089Manage Operational Safety RiskSMS 12 SP 3071 Engineering StandardsSMS 14 SP 3074 Safety Interface Management


Organisational, System and Item Specific AS 9000 Quality Management ISO 27000 Information Security Management System ISO 55000 Asset Management 30-ST-164 TfNSW Enterprise Risk Management Standard T MU AM 04001 PL TfNSW Configuration Management Plan 50-ST-162/3.0 Asset Life Cycle Safety Management Standard

ISO/IEC 15288 Systems and software engineering – System life cycle IEC/TR 61508 Functional safety electronic safety-related systems CENELEC Series of standards for railway applications, (EN 50126) T MU AM 60006 GU Systems Engineering Guide TS 20001 Safety Standard for new or altered assets AS ISO 10007 Quality management systems - Guidelines for configuration management T MU AM 06002 GU AEO Guide Reliability, Availability and Maintainability

AS/NZS 3084 Telecommunications Installations (pathways buildings) AS/CA S009 Installation requirements for customer cabling AS/CA S008 Requirements for customer cabling products AS 3000 Electrical Installations (Wiring Rules) AS/NZS 3835 Earth potential rise – Telecommunications EN 60721 Classification of environmental conditions ISO 4354 Wind actions on structures T HR TE 01003 SP Optical fibre Termination, patching and management T HR TE 61001 ST Emergency telephone systems T HR TE 81002 ST Telecommunication Equipment - Network management


Rail Management Centre


Signalling

Field Equipment

TVSTVS (NSH)

Modem

Control SystemsComm’s

Mux Optoisolator

Sig SignalsSignals

Example – Train Visibility System (TVS)



Reliability

• Reliability Engineering in New System Design

• Integration for New and Old Systems

• Reliability Hardening

• Availability vs Reliability

• Methods and Techniques


Reliability = Probability that a piece of equipment or the system will perform its required function, over a required duration within a specified environment.

Availability = Combined performance of an item, or piece of equipment or system, considering both failure and maintainability.

Availability or Reliability?


• FMECA

• CCA• RBD

• Markov Analysis

See EN 50126-2 Annex E12. E.13 Selection of Tools & Methods

Techniques and Methods


Reliability Engineering in New System Design

• RAM analysis predicts OCDN Core network 99.9995% availability

• End-to-end availability dependent on specific configuration


Reliability engineering in new system designs

ACCESSAGGREGATION

EDGE

CORE

PartitionA

PartitionB


Sources of Information

• Deterministic – relies on assumptions such as MTBF figures• Probabilistic – based on actual failure data for subsystem or component reliability distributions

EN 50126-2 Annex E12. ‘Guidance’ See E.13 Selection of Tools & Methods

Methodologies for New and Existing


RSwitch

RSwitch

R ine Cord

RLine Cord

RODF

RODF

RFibre Cable

RSFP

RSFP

RSwitch Reliability

RSwitch Reliability

RLink

Reliability

RBD for ‘brownfields’


Switch SwitchLine Cord Line CordODF ODFFibre CableSFP SFP

Switch Reliability

Switch Reliability

Link Reliability

Line Cord Line CordODF ODFFibre CableSFP SFP

Link Reliability


Reliability Hardening System Testing

Sydney Trains staff conducting OCDN failure testing

Proving performance

Identify hidden failures

Improving reliability


Reliability Hardening

ACCESSAGGREGATION

EDGE

CORE

PartitionA

PartitionB

X


Future?


How do we improve process to meet these challenges ?

Adapted from ISO 20000.1 Technologies Services Management Systems


Where to?

Ø Consider the broader context of existing standards

Ø Contribute in the development of those standards

Ø Aim to ensure operational continuity

Thank you.


References• IEC/TR 61508-1 (2010), ‘Functional safety of electrical/electronic/programmable electronic safety-

related systems’• IS EN 50126-1 (1999), ‘Railway Applications – The specification and demonstration of Reliability,

Availability, Maintainability and Safety (RAMS) – Part 1: Basic requirements and generic processes’• IS EN 50126-2 (2007), ‘Railway applications – The specification and demonstration of Reliability,

Availability, Maintainability and Safety (RAMS) – Part 2: Guide to the application of EN50126-1 for safety.

• ‘Introduction to reliability and maintainability engineering’, Charles E. Ebeling (2005) Waveland.• AS ISO/IEC 20000.1 Information Technology – Service Management• AS/NZS ISO/IEC/IEEE 15288 Systems and software engineering – Systems life cycle processes

• Bill Palazzi Palazzirail ‘ATP / ETCS in Sydney’ presentation 2014 (Slide 11)• Sydney Trains ‘Train Control Management Systems presentation’ 2015. (Slide 35)• Dr.MarcANTONI ‘Security & safety analysis for electric and computerized signalling systems’, UIC

2014 (Slides 15 and 16)• Richard Fullalove - ASA SE presentation 2015 (slides 10 & 26)• OCDN Development Team (Slides 5, 27, 28, and 34)

Acknowledgments

38 Commercial in Confidence