|Date:||2. May 2001|
If the status of this page is "Proposed" or "Draft", it is not yet endorsed and may not be quoted or referenced in publications.
If its classification is NOT "Public" it may not be quoted or referenced in publications without the prior consent of the author.
Author: Odd Nordland
EWICS TC7 (the European Workshop on Industrial Computer Systems Technical Committee 7: Reliability, Safety and Security) is an international workshop of experts in the field of dependable industrial computer systems that focuses on reliability, safety and security. The subgroup "Safety Aspects in Railways" was set up within EWICS TC7 in the course of the year 2000. Members come from government bodies, industry, universities and research institutes.
2. Problem statement
Modern trains have sophisticated, multi-channel control systems that receive and process amongst other things safety relevant information coming from the interlocking computers in the railway network. The processed results are passed on to amongst others traction control systems, whose task is to control the traction effort in cooperation with the braking system.
Traditionally, braking systems have been regarded as "sufficiently reliable", so that it is normal to have a single channel system. However, this means that a single fault can lead to a safety critical situation, either by failure to activate the brakes, failure to de-activate the traction, or both. Increased train speeds and traffic density mean that a possible manual intervention by the train driver is not an adequate second barrier against the single fault.
Another aspect is the future introduction of a European Rail Traffic Management System (ERTMS) and the already existing new type of train compositions containing multiple unit configurations with distributed traction power and braking systems.
For interlocking systems and their immediate counterparts on board the trains, there is a well developed safety philosophy supported by European standards such as EN 50126, prEN 50128 etc. For traction control systems this is not the case. Therefore a guideline for safe traction control systems is required.
3. Aim of the subgroup
The aim of the subgroup is to produce such a guideline that can be used by developers, suppliers, assessors and authorities in the process of ensuring that the entire "safety chain" – from the interlocking computers to the ultimate link, the brakes – reaches the same Safety Integrity Level.
The guideline will aim at harmonising the safety approach for traction systems with the well established approach for interlocking systems.
4. Work plan
A tentative work plan is as follows:
The time scale for these activities is dependent on the amount of suitably qualified resources accessible through EWICS and their availability. The "founder" of the subgroup will unfortunately not be able to participate in the coming months, so the time scale indicated below will definitely require modification!
- Analyse existing traction systems and their periphery.
- Determine the risk associated with each module
- Specify risk reduction requirements for each module
- Harmonise with the risk reduction requirements for interlocking systems
- Finalise the guideline
As a rough estimate, work package 1 is expected to take about the same amount of time as work packages 2 and 3 together. Work packages 4 and 5 should together be about half as much. Thus, tentative deadlines could be as follows:
WP 1: summer meeting 2001
WP 1: winter meeting 2002
WP 2: summer meeting 2002
WP 3: winter meeting 2003
WP 4: autumn meeting 2003
WP 5: spring meeting 2004
5. Contacts and membership
EWICS TC7 and the Rail Subgroup welcome new members. For membership in EWICS TC7, see the EWICS home page at http://www.ewics.org. For more information about the Rail Subgroup, contact either the chairman
Dr. Hans R. Fankhauser
Propulsion & Controls Division
SE-721 73 VÄSTERÅS
Tel.: +46 (0)21 31 77 74
or the vice chairman
Division Information Technologies
Tel.: +43 (0)5 0550 3117