Alex McGrath

Level Crossing Removal Authority (LXRA)

The field of resilience engineering explores the mismatch between a system-as-designed, and the actual system as it
operates in the real world, in the presence of shocks, stresses and resource constraints. In signalling systems, the
modelling of component availabilities into system availability leads to the belief that more redundancy is always an asset;
while in a real operating railway, redundancy has at times been an asset to the system and at other times has increased
cost while also decreasing performance and whole-system safety margins.
This paper explores the justification for component and link redundancy in signalling system design alongside the
legislation and body of research on system resilience. It draws on a series of ideas from the field of resilience
engineering, and real-world rail and signalling examples, to explore the issues. Alarm architecture, lifecycle maintenance
planning, and criticality assessment are provided as concrete guidance for how to design a resilient signalling system.
However, true resilient behaviour depends on the context, organisational culture and human behaviours, and the real
railway as an evolving complex system.