Technical Papers from IRSE Australasia Meetings

John Aitken BE MIEEE MIRSE

Aitken & Partners

IRSE Australasia AGM & Technical Meeting - Adelaide - 12 March 2013

Emergency implies urgency. Not just urgency but abnormality. We have no difficulty dealing with what is normal, routine. However, when an emergency arises our systems are often found wanting.
Communication systems are not just collections of technology but are interactions between people, with technology interposed. The systems are inherently complex and over time they change: through changes in people, in organisations and in technology. The change may be subtle, an unnoticed drift from safe operation. Sometimes the change is only evident when an urgent, abnormal situation arises.
Incidents from around the world form the basis of this paper. In each of these incidents the communication system has failed those who depended on it in a time or emergency. In few of these incidents did the technology require repair: rather, a defect in the complex system of communication was exposed.

Myth and legend are inadequate substitutes for thorough training, system analysis and testing. Too often the consequence has been fatalities. This paper seeks to address some of the causes and suggest solutions.

Philip Baker MIRSE
Aurecon Australia Pty Ltd

IRSE Australasia AGM & Technical Meeting - Adelaide - 15 March 2013

This paper will examine the challenges for signalling designers that follow from the move of signalling and control systems from the trackside to the cab. A case study will be drawn from the Llanbadarn incident where the train driver's workload was such that he was perhaps distracted by looking at the ERTMS screen rather than out of the window. The signalling designer had not incorporated a level crossing warning into the ERTMS system so the train entered a level crossing where the booms were not down. Lessons learned and discussion about how we can avoid a similar situation.

Michael Forbes B Tech (Elect) MIRSE MIE(Aust)

Australian Rail Track Corporation

IRSE Australasia AGM & Technical Meeting - Adelaide - 15 March 2013

This paper looks at how solar photovoltaic power systems work, design considerations for stand-alone DC systems, application as used by Australian Rail Track Corporation (ARTC) and other railways, including operation in conjunction with Wind generators, and remote monitoring.

Naomi Frauenfelder
TrackSAFE Foundation Manager

IRSE Australasia AGM & Technical Meeting - Adelaide - 15 March 2013

trackSAFE is a not for profit Foundation, established by the Australian rail industry in 2012.

trackSAFE aims to:
1. Reduce suicide and suicide attempts on our rail network;
2. Reduce rail trespass;
3. Improve level crossing safety through education and awareness programs; and
4. Provide world's best practice support for!rail industry employees who experience trauma as a result of exposure to one of the above incidents.

Francis How MA (Cantab) CEng FIRSE MIEE IRSE President

IRSE Australasia AGM & Technical Meeting - Adelaide - 15 March 2013

As his term of office as IRSE President nears completion, Francis will reflect on the Centenary Year. He will consider what has been achieved, and offer a personal perspective on what still remains to be done in terms of modernising the Institution and making it fit for the next 100 years. In particular he will briefly explore the need for greater focus on professional development, which has been a recurring theme in discussions with members and Local Sections around the world.

Christian Wullems BIT(Hons) PhD MIEEE MACS

Cooperative Research Centre for Rail Innovation

George Nikandros BE CPEng FIRSE MIEAust MACS (Snr)

Australian Safety Critical Systems Association

Peter Nelson-Furnell B.Bus(Transport)
Public Transport Victoria

IRSE AGM & Technical Meeting - Adelaide - 15 March 2013

Low-cost level crossings are often criticized as being unsafe. Does a SIL (safety integrity level) rating make the railway crossing any safer? This paper discusses how a supporting argument might be made for low- cost level crossing warning devices with lower levels of safety integrity and issues such as risk tolerability and derivation of tolerable hazard rates for system-level hazards. As part of the design of such systems according to fail-safe principles, the paper considers the assumptions around the pre-defined safe states of existing warning devices and how human factors issues around such states can give rise to additional hazards.

Alena Griffiths

RGB Assurance Pty Ltd

IRSE Australasia Technical Meeting : Sydney : 12 October 2012

Rarely a week goes by without a major software failure featuring prominently in the news. Some problems, such as the reported "computer glitches" with Virgin Blue's check-in software in 2010, merely result in financial loss. Others, such as the Queensland Health payroll debacle, in 2011, contribute to the downfall of governments. And of course there have also been cases where software unreliability has contributed to unavailability of critical public infrastructure, and in some cases, loss of life.
But how vulnerable is the rail industry to software unreliability, and what's the real likelihood that software problems could actually stop the trains (or even crash the trains)?
This paper will provide a brief survey of the extent to which modern railways depend on correct software operation. We will show that this dependency extends from customer facing applications such as web-based journey planners and fare sales and collection systems, through to critical service delivery applications such as routing trains, scheduling essential maintenance, and responding to emergencies.
Having elaborated the dependence of modern railways on software technology, we will then proceed to discuss the vulnerabilities this presents.
We will describe the main reasons why software engineering is different from other engineering disciplines, and hence why reliability of software must be approached differently to reliability of other engineering products. The explanation will range from the science that underpins software engineering, through to the complexity inherent in modern software systems, and ultimately through to social issues such as regulation of the software engineering profession and the psychology of the software development process.
In particular, we will consider traditional approaches to reliability engineering and explain why these approaches in general translate poorly to software. Finally, we will talk about how software reliability is being approached in the Australian rail industry today, and provide some suggestions for improving our handling of, and hence reducing our vulnerability to, software reliability issues.

Peter Burns
PYB Consulting Pty Ltd

IRSE Australasia Technical Meeting : Sydney : 12 October 2012

RAMS analysis and the setting of RAMS requirements (often expressed as single indices) are becoming common features of rail signalling projects.
But attempts to outsource RAMS objectives by attaching them as simple deliverables in project contracts often fail. This paper explores some of the reasons why this is so.
The paper takes a qualitative look at examples and processes of requirements analysis and requirements setting, particularly at key interfaces important to RAMS. These include:
• Interfaces with the rail environment and the world at large;
• Interfaces between signalling systems;
• Maintenance Policies and strategies;
It will be seen that the achievement of RAMS outcomes inherently involves alignment between many parties.
Products do not stand alone; they are part of human centred systems. Success depends on openness by organisations and access to good engineering knowledge – these being the oxygen on which RAMS depend.

John Gifford

Australian Rail Track Corporation

IRSE Australasia Technical Meeting : Sydney : 12 October 2012

Most of you will be aware of the term Reliability Centred Maintenance (RCM). It is a standardised, defensible Maintenance Requirements Analysis process. The process originated in the military and aviation industries and is now accepted by, and applied across, many engineering organisations throughout the world for the
development of system preventive maintenance requirements. The RCM process is derived from the application of Failure Modes, Effects and Criticality Analysis (FMECA) and recognises that preventive maintenance can only enable assets to achieve the inherent level of reliability designed and built into the
equipment or system.
Identification and selection of preventive maintenance tasks are based on:
• Reliability characteristics of the equipment;
• Operating environment of the equipment; and
• Consequences of equipment failure.
In the event no effective preventive maintenance task is identified to manage a particular failure mode then the alternatives are:
• Run the equipment to failure;
• Design out the failure mode; or
• Continually Monitor the equipment
Most modern day signalling and control system equipment have undergone Reliability Availability Maintainability and Safety (RAMS) analysis during the development phase. Usually this is a standalone process that does not look deeply into the interfaces, e.g. RAMS analysis for point drive equipment does not go deeply into the track interface, train axle loads, etc. I have observed maintainability, including occupational health and safety aspects of many the signalling systems, comprising a variety of equipment and interfaces that have not been adequately considered.
Many opportunities for improvement in asset performance have been lost, largely through blind adherence to entrenched prescriptive standards, paradigms, beliefs and homage to the sacred cows. This paper will focus heavily in this area of opportunity and challenge engineers, designers, constructors and maintainers to question these paradigms, beliefs and sacred cows for the betterment of our railway industry and "keep the trains moving".

Steve Boshier

Hyder Consulting Pty Ltd

IRSE Australasia Technnical Meeting : Sydney : 12 October 2012

Independent Verification is an area that is not always well understood, perhaps misunderstood, yet if applied correctly in can produce huge benefits for both the contractor and client when implemented at the start of a project. In recent years there has been a continual growth in the area of Light Rail Systems and with this
growth, the complexities of delivering these networks has also grown.
As the number of Light Rail Systems continues to expand, they not only need systems to ensure their safe operation, but they need to be planned and implemented in a safe fashion. This is where the role of the Independent Verifier comes into play and provides just as an important service to ensure that the system owner
receives what they were expecting to end up with.
The Verifiers core function is to ensure that the design, construction, procurement, acceptance testing, completion along with the planning and documentation for the operations and maintenance phase are carried out in accordance with the project requirements.

Alexander Walsh BEng(Computer)

RailCorp

IRSE Australasian Technnical Meeting : Sydney : 12 October 2012

Audio frequency track circuits are used extensively in railway signalling to detect the presence or absence of rail traffic. When track circuits fail they will indicate a section being occupied as part of their fail-safe design.
This typically results in rail traffic being stopped and/or delayed.
The scope of this investigation is to gain a more thorough understanding of the design, specifications, operation and behaviour of these track circuits. An experimental approach has been used to relate theory with field measurements.
Frequency sweeps provide a new perspective to examine tuning and may prove to be an invaluable tool in diagnostics. A thermal testing program is identifying frequency drift in analogue transmitter and receiver units, The rail current meter is enhanced to allow simpler fault finding and an intermittent transmitter detector is developed.
The data and results of this investigation have identified reliability improvements that are expected to reduce the number of repeat failures and to better aid in the diagnosis of intermittent faults.

Peter Hughes

Derwent Group Pty Ltd

IRSE Australasia Technical Meeting : Brisbane 20 July 2012

The past century has seen major improvements in train control. In the early days of the railways, many safety controls were created only in response to accidents. In the 21st Century, before being able to operate, Australian railways now have to demonstrate that they have reduced risk to train control So Far As Is Reasonably Practicable ("SFAIRP"). However, good risk management is only possible when there is good quality data: past incident and accident data is vital to being able to make improvements in the future.
Whilst there have been enormous advances in information technology in the past few decades, data collection techniques have not kept pace with these changes. It is still not possible to get answers to even simple questions about the safe control of trains: for example the available data do not tell us how many derailments in Australia are 'high consequence' events (involving significant damage and / or injury), compared with 'low consequence' events.
There are a number of emerging technologies that can help continue to improve the safe control of trains. Without reliable data, however, we have no way of knowing how effective these technologies will really be. Examples are available where lack of data has meant that significant investment decisions for train control have been made based on small data sets, or cherry-picked examples of specific accidents.
Moves are underway in Australia to establish a single repository of all railway safety data. At this stage, however, it is not clear how much data will be collected, how the data will be made available, nor when it will be available. This paper discusses how the availability of data is creating real issues for the safe control of trains, and the further changes that are needed to continue improvements in train control in the future.

Raymond Lowe

BEng (Elec) (Hons) AMIRSE MIEAust MIET

ARUP

IRSE Australasia Technical Meeting : Brisbane 20 July 2012

The Cambrian Line re-signalling project is the first UK implementation of the European Train Control System (ETCS) Level 2 and also introduced cab-signalling onto Network Rail infrastructure.
In contrast to typical ETCS implementations on new lines elsewhere in Europe, this was an operational single line railway running from the Welsh/English border near Shrewsbury to Aberystwyth and Pwllheli operating under Radio Electric Token Block (RETB).
As well as ETCS trackside and on-board equipment, the project also introduced to Network Rail infrastructure a new Computer Based Interlocking (CBI), signalling data transmission over the Fixed Telecoms Network (FTN), and cab-signalling operational rules and procedures. Unique interlocking interfaces included ground frames, varying types of level crossings, fringe interface to a mechanical signal box at Sutton Bridge Junction and a flat crossing of the Welsh Highland narrow gauge heritage railway.
This paper provides a description of the scope of the project, the challenges faced during implementation, as well as the interesting interfaces and features not typical to ETCS lines installed elsewhere.

Michiel Blaauboer MSc

Movares

IRSE Australasia Technical Meeting : Brisbane 20 July 2012

Nowadays, the majority of proprietary electronic interlocking systems are built with dedicated hardware. The
interlocking industry is a relatively small market compared to other fields of industry; innovation is expensive,
and therefore sometimes 'slow'. Besides that, after installation the manufacturer must be contracted for
maintenance and especially alterations, creating a 'vendor lock'. The Movares Eurolocking system has the
goal to eliminate these issues by using standard PLC's (commonly used in the process industry).
Eurolocking is a SIL 4 PLC interlocking completely based on Commercial of the Shelf (COTS) hardware
components. Any (SIL 4) PLC can be used in this concept to engineer an open system. Only the logic inside
the system is dedicated to the railway environment.
The (COTS) components are applied worldwide in many industries. The scale of quantity for these
components is bigger than the one for dedicated interlocking hardware. As a result this has an effect on the
final price and R&D is going at a faster pace. Another improvement is the decoupling of hardware and
engineering. In principle the application is based on open code.
As modern PLC's support many open interfaces, modules can be created to directly interface with a wide
range of other systems. However, the use of dedicated protocols is still possible.

Nick Terry

BA CEng MIET MIRSE RPEQ
Independent Consultant

IRSE Australasia Technical Meeting : Brisbane 20 July 2012

This paper discusses the application of the European Train Control System (ETCS) now and into the future.
From its beginnings in an EU Directive in 1989, it is today one of the world’s most successful cab signalling
and train protection systems that can be applied to any railway in the world.
Interoperability is a major feature of ETCS. To achieve this, compliant ETCS without modification must be
deployed. The advantages and the limitations of making changes are discussed.
The application of new developments of Baseline 3 and ETCS level 3 are briefly considered.
Looking to the future, the addition of Automatic Train Operation to ETCS, and the confluence (or not) of
ETCS and CBTC technologies is introduced.
But overall, because ETCS includes so many options and parameters, the success of a particular installation
now depends heavily on the application engineering. This is explained in some detail.