Upload
informa-australia
View
107
Download
13
Embed Size (px)
Citation preview
1
Telecommunications & Train Control 2015
2 Commercial in Confidence2
Telecommunications & Train Control 2015
Greg Cheyne Telecommunications Systems Assurance Inspector, Sydney Trains
Achieving systems integrity for rail communications systems
3 Commercial in Confidence3
Relationship between system / service integrity and integration with business processes
Achieving systems integrity for rail communications systems
Use of standards to define condition and criticality requirements of services conveying train control information
Systems approach using reliability engineering methodologies to deliver and manage services based on priority and core business
4 Commercial in Confidence4
INTEGRATED MULTI-‐MODAL TRANSPORT SYSTEM
RAIL TRANSPORT SYSTEM
ROAD TRANSPORT SYSTEM(E.G. ROADS & TRAFFIC AUTHORITY + TOLL ROAD
OPERATORS)
MARITIME TRANSPORT SYSTEM
(E.G. SYDNEY FERRIES + SYDNEY PORTS)
Interfaces
Interfaces
Interfaces
TicketingSystem
Rail Traffic Control System
Traction Power Distr System
Station Managemt System
Trainborne SystemVehicle Body System
Ventilation & Heating System
Propulsion System
Train Comms system
Braking System
Train Driver and Guard
Train Control System
Rail Traffic Controllers
Rail Network Comms
AIR TRANSPORT SYSTEM(E.G. SYDNEY AIRPORT +
AIR SERVICES AUSTRALIA + AIRLINES)
Interfaces
Interfaces
Interfaces
INTEGRATED MULTI-‐MODAL TRANSPORT SYSTEM
RAIL TRANSPORT SYSTEM
ROAD TRANSPORT SYSTEM(E.G. ROADS & TRAFFIC AUTHORITY + TOLL ROAD
OPERATORS)
MARITIME TRANSPORT SYSTEM
(E.G. SYDNEY FERRIES + SYDNEY PORTS)
Interfaces
Interfaces
Interfaces
TicketingSystem
Rail Traffic Control System
Traction Power Distr System
Station Managemt System
Trainborne SystemVehicle Body System
Ventilation & Heating System
Propulsion System
Train Comms system
Braking System
Train Driver and Guard
Train Control System
Rail Traffic Controllers
Rail Network Comms
AIR TRANSPORT SYSTEM(E.G. SYDNEY AIRPORT +
AIR SERVICES AUSTRALIA + AIRLINES)
Interfaces
Interfaces
Interfaces
SystemsTfNSW System Overview
5 Commercial in Confidence5
Service Types
6 Commercial in Confidence6
SER
Internal stakeholders Other transport modes
External stakeholders
Control Local Signalling
Bulk Supply Substation
HV Feeders
Stabling Yard
Signal/Area Control
Network/Line Management
Signal/Telecom Depot Civil/Track
Depot
Electrical Depot
Fleet Depot
Traction Substation
Electrica
l Bulk S
upplier Tran
smission
Grid
SecurityTelecomMaintainer
SignalMaintainer
SignalOperator
InfraControl
ElectricalControlOperator
LineMgmt
NetworkMgmt
TelecomMaintainer
Signal Maintainer
Track MaintainerCivil
Maintainer
ElectricalMaintainer
PresentStaff
YardSecurity
Yard OpsStaff
YardMaster
R’StockMaintainer
DepotSecurity
DepotOps StaffDepot
Manager
Commuter
PlatformStaff
Driver
Guard
SecurityStaff
Commuter
UnauthorisedPerson on track
ProtectionOfficer
AuthorisedPerson on track
Track ProtectionStaff
DutyManager
CateringStaff
Security
Signaller-Train
Station Security Ops
Staff protection on track
Platform Ops
Station-Train
Line Control-Train
EOC-Substation
Manage Fleet Depot
Fleet Depot Movements
Fleet Depot Security Ops
Maintain Fleet Assets
Signaller-Line Control
Control Infra Maintenance
Electrical Network Switching
Line Management
Manage Rail Network
Rail Network Security Ops
Signalling Ops in Control Area
Maintain SCC Signalling Systems
Maintain SCC Telecom Systems
SCC Security Ops
Maintain Signal Assets
Maintain Telecom Assets
Control Local Telecoms
Authorised activities (survey, install, test, maintain...)
Use Station services
Use services
Catering Services (intercity)
On-Train & Platform-Train Ops
Train Security Ops
Train Driving
Stabling Yard Security Ops
Presentation Services
Manage Driver Rostering
Stabling Yard Ops
Manage Stabling Yard
Yard-Fleet Depot
Train-Fleet Depot
Train-Yard
Substation-Electrical Depot
Threaten self-harm, trespass, vandalism, theft, terrorism
Ambulance
Police
Fire
HazMat
SES
AccidentInvestigators
Electrical Bulk Supplier
Manage Electrical Bulk Supply
Local Traction Operator
Local Control of Traction Supply
Network Mgmt-Fleet Depot
Signaller-Yard
Signaller-Fleet Depot
Network Mgmt-Bulk Supplier
Line Control-Station
Maintain Track Assets
Maintain Civil Assets
Signaller-Sig/Tel Depot
Key
Operational Interface
OperationalRole
Infra Control-Civil/Track Depot
Revenue Protection
Infra Control-Electrical Depot
Electrical Maintenance
Ops Interfaces to Other Transport Modes
Ops Interfaces to External Parties
DTRS
OHW
Signals
Station/StopInterchange
StationManager
RevenueCollection
RevenueProtection
Revenue Collection
Station Ops
Station CarPark
Infra Control-Sig/Tel Depot
Bus
Rapid Transit
Light Rail Transit
Air
Active Cycle
Active Walking
Ferry
Taxi
Car
ONRSR
ARTCFreightClients
Utilities
CountryRailNetw
CER
Councils
Industry
Commerce
Domestic
ADF
Planning &Programs
NWRLOpCo
NSWTrains
Sydney Trains
Freight & RegionalDev
Policy & Reg
TransportServ
TransportProjects
CustomerExper
Traction feed
Signaller-Station
Switch Local Traction Power
SectionHut
Freight Terminal
Bulk Supply Sub-Traction Sub
Freight Terminal Ops Staff
EPA
Heritage
WorkCover
StateTransitAuthor
With permission ASA Systems Engineering
7 Commercial in Confidence7
Overview of Systems Inspections
• Systems Assurance Unit (SAU). Audit, Inspection, Reporting & Technical Publications
• Compare all elements of each system against standards and relevant information.
• Provide objective evidence in support of the condition/s found.
8 Commercial in Confidence8
System Elements
System
Hardware
Facilities
Information
Software
Procedures Environment
Data
Humans
Processes
Materials
SDHPABXRADIO
9 Commercial in Confidence9
Telecommunications Systems (Enabling and Providing)
• Hardware: Multiplexors, Radios, Exchanges, Routers, Switches
• Facilities: Power, Cables, Routes, Buildings, Structures
• Software: Network Management Systems, Firmware
• Information: Designs, Records, Licenses, Device Configuration
• Procedures: Work Instructions
Systems of Interest(Service Dependant)
• Train Operations Systems (Voice and Data)
• Train Control & Visibility• Customer Information• Fare Collection• Asset Management• Condition Monitoring• CCTV and Security • Organisational Administration
Services
ServicesServices
Services and Systems
10 Commercial in Confidence10
ØWill the introduction of ATO, ‘in-cab’ or ‘inter-cab’ signalling affect the safety status of telecommunications systems
Ø Will the integrity of existing systems equipment be sufficient to support new technologies
ØHow our industry applies standards for safety and continuity of operations for rail telecommunications
Challenges
11 Commercial in Confidence11 With permission
12 Commercial in Confidence12
What are the most critical services using telecommunications and technology systems?
• Services linking Safety Rated Systems
Risks and Criticality
And…• Services connecting business critical applications
• Signalling Control
• Future Train Radio and ATP
• Train Information
• Passenger Information
13 Commercial in Confidence13
• Normal randomness of equipment failure
• Failures caused by maintenance actions
• Man made threats
• Naturally occurring impacts on services
• Vulnerability due to deliberate attack
Threats
14 Commercial in Confidence14
SIL Safety Integrity Level
- The likelihood of a system satisfactorily performing the required safety functions under all the stated conditions within a stated period of time, considering both systematic and random failure. (EN 50126)
- Safety Integrity Level (SIL) means risk reduction to a tolerable level where electronic safety-related systems are used to perform safety functions. (IEC 61508)
SIL 4 = >99.99% Avail., or 0.0001 to 0.00001 Avg. Prob. FailureSIL 3 = 99.90% to 99.99% Avail., or 0.001 to 0.0001 Avg. Prob. FailureSIL 2 = 99.0% Avail., or 0.01 to 0.001 Avg. Prob. FailureSIL 1 = 90% to 99% Avail., or 0.1 to 0.01 Avg. Prob. FailureSIL 0 = Hakuna Matata
15 Commercial in Confidence15
SIL 4 Signalling System SIL 4
Signalling System
SIL 0Closed Telecoms Link
Signalling functions are independent of the telecom link
Today
16 Commercial in Confidence16
SIL 4 Signalling System
SIL 4 Signalling System
SIL 0Closed Network
SIL 4 Signalling System
SIL 4 Signalling System
Open Network with security function
SIL 4 functions are independent of the Network type
SIL 4 functions dependent of the Network type
Security Barrier
No Security Barrier
OR
Tomorrow?
With permission, Dr Marc Antoni UIC
17 Commercial in Confidence17
Safety Integrity
Safety Instrumented Systems (SIS) and functions (SIF)
- Safety Instrumented System (SIS) are designed to be used to implement one or more Safety Instrumented Functions (SIF)
IEC 61508
18 Commercial in Confidence18
A Microlok Interlocking Interface
19 Commercial in Confidence19
StandardsNational and International Standards TfNSW Standard and Procedures
Organisational Standards
AS 9000 Quality ManagementISO 55000 Asset ManagementISO/IEC 27000 Information Security Management Systems
50-‐ST-‐162/3.0 Asset Life Cycle Safety Management Standard30-‐ST-‐164 TfNSW Enterprise Risk Management StandardT MU AM 04001 PL TfNSW Configuration Management Plan
Systems Standards
ISO/IEC 15288 Systems and software engineering -‐ System life cycle processesIEC/TR 61508 -‐ Functional safety electronic safety-‐related systemsAS ISO 10007 Quality management systems -‐ Guidelines for configuration management
TS 20001 Safety Standard for new or altered assetsT MU AM 06002 GU AEO Guide Reliability, Availability and MaintainabilityT MU AM 60006 GU Systems Engineering Guide
Telecommunications Specific Standards
AS ISO/IEC 20000.1 Information technology service managementAS/NZS 3084 Telecommunications installations -‐ Telecommunications pathways and spaces for commercial buildingsAS/CA S009 Installation requirements for customer cablingAS/NZS 3835 Earth potential rise -‐ TelecommunicationsAS/NZS 4117 Surge protective devices for telecommunications applications
T HR TE 41001 ST Packet switched networks Wired -‐ Local, metropolitan, and wide area networksT HR TE 21001 ST Telecommunications equipment roomT HR TE 21002 ST Communications Earthing and Surge SuppressionT HR TE 01003 SPOptical fibre Termination, patching and managementSPG 0705 Construction of cable routes and signalling civil worksSPG 1256 Communications links for signalling controlT MU SY 10001 ST Public Transport Closed Circuit Television (CCTV) Functional Requirements StandardT HR TE 61001 ST Emergency telephone systemsT HR TE 81002 ST Telecommunication Equipment -‐Network management
Interfacing Discipline Standards
AS 3000 Electrical installationsEN 60721 Classification of Environmental ConditionsAS 1735.5 Lifts, escalators and moving walkways -‐ Passenger and goods lifts -‐ ElectricISO 4354 Wind actions on structures
T HR EL 00002 PR -‐ Electrical Power Equipment -‐ Integrated Support RequirementT HR EL 11001 PR Design Technical Reviews for Electrical SCADA EquipmentTS TOC.1 Train Operating Conditions (TOC) Manual -‐General Instructions
Rail Safety Specific Standards
AS 7660 Railway Network Control Mobile Communication SystemEN 50126.1 Railway Applications -‐ The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) -‐-‐ Part 1 Basic requirements and generic processEN 50126.2 Railway Applications -‐ The specification and demonstration of Reliability, Availability, Maintainability and Safety (RAMS) -‐-‐ Part 2 Guide to the applications of EN50126-‐1 for safetyEN 50129 Railway applications -‐ Communication, signalling and processing systems -‐ safety related electronic systems for signallingEN 50159 Railway applications -‐ Communication, signalling and processing systems -‐ Safety-‐related communication in transmission systems
TMG J000 Signalling Safe-‐working Procedures -‐ Manual SMS 01 SP 3061 Safety Management System and LegislationSMS 07 SP 3089Manage Operational Safety RiskSMS 12 SP 3071 Engineering StandardsSMS 14 SP 3074 Safety Interface Management
20 Commercial in Confidence20
Organisational, System and Item Specific AS 9000 Quality Management ISO 27000 Information Security Management System ISO 55000 Asset Management 30-ST-164 TfNSW Enterprise Risk Management Standard T MU AM 04001 PL TfNSW Configuration Management Plan 50-ST-162/3.0 Asset Life Cycle Safety Management Standard
ISO/IEC 15288 Systems and software engineering – System life cycle IEC/TR 61508 Functional safety electronic safety-related systems CENELEC Series of standards for railway applications, (EN 50126) T MU AM 60006 GU Systems Engineering Guide TS 20001 Safety Standard for new or altered assets AS ISO 10007 Quality management systems - Guidelines for configuration management T MU AM 06002 GU AEO Guide Reliability, Availability and Maintainability
AS/NZS 3084 Telecommunications Installations (pathways buildings) AS/CA S009 Installation requirements for customer cabling AS/CA S008 Requirements for customer cabling products AS 3000 Electrical Installations (Wiring Rules) AS/NZS 3835 Earth potential rise – Telecommunications EN 60721 Classification of environmental conditions ISO 4354 Wind actions on structures T HR TE 01003 SP Optical fibre Termination, patching and management T HR TE 61001 ST Emergency telephone systems T HR TE 81002 ST Telecommunication Equipment - Network management
21 Commercial in Confidence21
Rail Management Centre
22 Commercial in Confidence22
Signalling
Field Equipment
TVSTVS (NSH)
Modem
Control SystemsComm’s
Mux Optoisolator
Sig SignalsSignals
Example – Train Visibility System (TVS)
23 Commercial in Confidence23
24 Commercial in Confidence24
Reliability
• Reliability Engineering in New System Design
• Integration for New and Old Systems
• Reliability Hardening
• Availability vs Reliability
• Methods and Techniques
25 Commercial in Confidence25
Reliability = Probability that a piece of equipment or the system will perform its required function, over a required duration within a specified environment.
Availability = Combined performance of an item, or piece of equipment or system, considering both failure and maintainability.
Availability or Reliability?
26 Commercial in Confidence26
• FMECA
• CCA• RBD
• Markov Analysis
See EN 50126-2 Annex E12. E.13 Selection of Tools & Methods
Techniques and Methods
27 Commercial in Confidence27
Reliability Engineering in New System Design
• RAM analysis predicts OCDN Core network 99.9995% availability
• End-to-end availability dependent on specific configuration
28 Commercial in Confidence28
Reliability engineering in new system designs
ACCESSAGGREGATION
EDGE
CORE
PartitionA
PartitionB
29 Commercial in Confidence29
Sources of Information
• Deterministic – relies on assumptions such as MTBF figures• Probabilistic – based on actual failure data for subsystem or component reliability distributions
EN 50126-2 Annex E12. ‘Guidance’ See E.13 Selection of Tools & Methods
Methodologies for New and Existing
30 Commercial in Confidence30
RSwitch
RSwitch
R ine Cord
RLine Cord
RODF
RODF
RFibre Cable
RSFP
RSFP
RSwitch Reliability
RSwitch Reliability
RLink
Reliability
RBD for ‘brownfields’
31 Commercial in Confidence31
Switch SwitchLine Cord Line CordODF ODFFibre CableSFP SFP
Switch Reliability
Switch Reliability
Link Reliability
Line Cord Line CordODF ODFFibre CableSFP SFP
Link Reliability
32 Commercial in Confidence32
Reliability Hardening System Testing
Sydney Trains staff conducting OCDN failure testing
Proving performance
Identify hidden failures
Improving reliability
33 Commercial in Confidence33
Reliability Hardening
ACCESSAGGREGATION
EDGE
CORE
PartitionA
PartitionB
X
34 Commercial in Confidence34
Future?
35 Commercial in Confidence35
How do we improve process to meet these challenges ?
Adapted from ISO 20000.1 Technologies Services Management Systems
36 Commercial in Confidence36
Where to?
Ø Consider the broader context of existing standards
Ø Contribute in the development of those standards
Ø Aim to ensure operational continuity
Thank you.
37 Commercial in Confidence37
References• IEC/TR 61508-1 (2010), ‘Functional safety of electrical/electronic/programmable electronic safety-
related systems’• IS EN 50126-1 (1999), ‘Railway Applications – The specification and demonstration of Reliability,
Availability, Maintainability and Safety (RAMS) – Part 1: Basic requirements and generic processes’• IS EN 50126-2 (2007), ‘Railway applications – The specification and demonstration of Reliability,
Availability, Maintainability and Safety (RAMS) – Part 2: Guide to the application of EN50126-1 for safety.
• ‘Introduction to reliability and maintainability engineering’, Charles E. Ebeling (2005) Waveland.• AS ISO/IEC 20000.1 Information Technology – Service Management• AS/NZS ISO/IEC/IEEE 15288 Systems and software engineering – Systems life cycle processes
• Bill Palazzi Palazzirail ‘ATP / ETCS in Sydney’ presentation 2014 (Slide 11)• Sydney Trains ‘Train Control Management Systems presentation’ 2015. (Slide 35)• Dr.MarcANTONI ‘Security & safety analysis for electric and computerized signalling systems’, UIC
2014 (Slides 15 and 16)• Richard Fullalove - ASA SE presentation 2015 (slides 10 & 26)• OCDN Development Team (Slides 5, 27, 28, and 34)
Acknowledgments
38 Commercial in Confidence