Is safety built on history? Or are we creating a system that is too complex? Do we still need to learn from the past or is it time to look at new ways to manage our systems?
In my opinion, it is high time we adapt to the future and take action to remove old barriers and ways of managing our systems. In many places, rail systems have been operational for several decades and the system evolution has not kept up with the rest of the society. We are stuck with old technologies and methods for managing our systems. With time, we lose knowledge of our existing systems and risk losing control. Control that we try to reclaim by adding another layer of functions that enforce a new safety barrier.
Complexity has been snowballing since the beginning of rail history
Rail transport has been developing over the course of almost 200 years and it is still based upon the same foundation it started with: metal wheels against metal rails. It is a successful means of transportation in terms of energy and capacity, which also benefits the environment.
Railways have traditionally been introduced locally; that is, one stretch of rails at a time and with no or little interaction between them. However, the demands of today’s systems are completely different and initiatives, like ERTMS (European Rail Traffic Management System), are now being driven across the world to harmonize our railways and rail control systems. A task that requires finding our way through the mounting complexity which is threatening to derail our progress toward the digital age.
Even as the demand for greater harmonization and an integration of the rail system as a whole rises, the complexity of rail control systems continues to increase. Responsibility for the rail system is shared within the industry, and there is a clear conflict between traditional subsystem management and the need to achieve higher system level effects through modernization or digitalization.
The situation is so long gone that we cannot refer to one standard system, nor can we agree on what the next generation should look like. I’ve been working in the railway industry for over 20 years and my experience, together with countless discussions, leads me to believe that there are only three objects/components that we can agree upon: we have a train, a wayside, and a traffic management system. Opening any one of these “Pandora boxes” will create confusion—leading to questions like, ‘which components belong where, and what behaviors does each part have?’ The inside of these boxes have been shown to be specific to each system locally. This is one reason for the complexity that exists today, and remains a barrier we must overcome before we can manage our systems.
Symptoms of complexity
For an outsider, complexity in rail signaling is difficult to understand. Especially considering the easy task of automating the movement of a container on a fixed route in 2D when we, at the same time, live in a world of self-driving cars and autopilots in airplanes. But for us inside the industry, it is easier to decode.
Complexity in rail signaling is, in many ways, evidenced by continuous delays and budget overdrafts; for instance the continuous delayed introduction of ERTMS and termination of metro signaling contracts in e.g. Stockholm, Helsinki, London and Edmonton.
Upgrades and renewals of rail control systems often become overly complicated when new systems are to be integrated with existing subsystems. Unknown dependencies are discovered too late in renewal projects—or, even worse, during operation—and the loss of control is a fact. The complexity has been underestimated from all positions and by all actors.
The traditional management, with a linear mindset, does not have the necessary prerequisites to manage the uncertainties that come with complex systems, hopefully the need for new methods to meet our challenges is starting to be recognized.
The problem with governing a rail control system managed by old and new methods
The stepwise localized evolution of rail control systems has introduced a number of different technologies in small steps. Often, these technologies are shaped by experiences from the past and the requirement that the new system “behaves in the same way as before, but better.” This approach necessitates that one proves that the new system behaves just like the old one, which should be demonstrated using the same methods and techniques that have always been used. This is an understandable demand considering that rail control is a safety system; since we know that our existing system is safe, it is assuring to be able to turn back and recognize the old system in the new. For instance, today, it is still requested that computerized systems should be visualized as electrical relay systems because this is how it has always been done and is what can be understood.
As a result, we are now creating a governing system that is managed by both old and new methods. This further drives complexity and costs. It also restricts the positive effects that we would potentially get from a new system if it were allowed to utilize its best techniques and methods. As an example, in the railway field we still speak of computable power as a limitation. Hence, have we, in any way, allowed the computerized optimization of our systems?
Over the course of the evolution, we have tried to keep up with new technology and formulate new regulations, oftentimes not daring to remove old regulations that someone else put there before us for some unknown reason. All without managing or even understanding the consequences, including conflicts between new and old regulations. Again, this is understandable given that rail control is a safety system. But now complexity arises from the mixture of interwoven techniques and methods for a system that has been under evolution for decades and with components that, in many cases, are 50 years old. By tradition, it has always been safe to add requirements, but what is the process for removing requirements? It is unsafe and non-existent. And so, we add more requirements and, eventually, more complexity.
Unfair competition between new and existing technology
All of this leads to an unfair competition between new and existing technology. It is not required that existing technologies be proven to meet the latest regulations. Rather, they are proven in use via the “grandfather clause” and are evaluated using old measures.
To exemplify, let’s compare the modern elevator with the paternoster lift (the one without doors that never stops at floors, necessitating that you jump out). The paternoster lift will win when it comes to moving people compared to a modern elevator that stops to let people off. But, of course, it comes with a safety risk that we no longer accept today. A similar situation applies to railways. Still, we have old rail control systems in place that allow for much tighter train movements than would be allowed in any new system from a safety standpoint. Hence, while a new system might be safer, it could actually be a downgrade in terms of train capacity in dense locations. This is the case for the new ERTMS L2 versus existing ATP, due to calculations of braking curves.
This is one factor to consider in the calculation of cost efficiency when comparing an old system with a new one. The long system lifecycle of rail control systems will, locally, make comparison with the last historical introduction of a rail control system unfair.
With an unfair comparison, the business case for replacement or upgrades is not so attractive compared to lifetime extensions and maintenance. Again, we drive complexity by not keeping up with new technology or methods. In many instances, we have rail control systems with outdated technology that are managed only by a handful of senior, sometimes retired, experts and with few incitements for the new generation to learn about. Renewing systems can often be the last way out—an exit path forced by the aging of knowledge or technology.
Compared to modern computerized rail control systems, older mechanical or electrical systems have a longer lifecycle. We can see this is true just by calculating the individual components. In fact, this is what we often do and what we compare for an upgrade project. Just by calling it an upgrade or renewal “project”, we place ourselves in a corner. A project has, by definition, a start and an end. A project to be released and taken into revenue service on a specific day and with the target to meet one installation and only once. We tend to forget about the long life of a rail system and enforce all efforts to meet project oriented goals.
In almost all cases, new rail systems are more computerized than existing systems in revenue service. The railway has historically been treated as a construction or building. Naturally, the first mechanical or relay rail control system was managed under the construction process and related regulations. Our new computerized and embedded systems are still, in many cases, introduced under the same construction regulations instead of software principles.
The introduction of new rail control systems is often done in conjunction with extensions of tracks or other building upgrades. Signaling can become a smaller subproject that is managed as part of the rest of the building construction project. In comparison, construction parts and buildings can often come with essentially larger costs and with much more visible effects. The rail control system is expected to just adapt and work accordingly. The project team, with its suppliers, will strive to drive their processes in order to optimize towards this one installation and deadline. All efforts are at stake and focused on the original requirements, with little flexibility to adapt to new system needs or technology that have been invented over the often long project period of 10+ years, given the case that the project planning and requirements were formulated far earlier. Again, complexity presents a barrier to smaller sequential releases over time.
It’s time to remove barriers and adapt to the future
The above synopsis of the tangle we currently find ourselves can, of course, be seen as a rallied or naive simplification. But the reality is that we tend to focus more on the project at hand than its total lifecycle, both in terms of money and resources. Complexity is not taken into account and is hard to address using traditional methods. And in our failure to address it, the increasing complexity creates more vulnerability instead of robustness.
Is safety built on history? Or are we creating a system that is too complex? Do we still need to learn from the past or is it time to look at new ways to manage our systems? In my opinion, it is high time we adapt to the future and act to remove old barriers and ways of thinking.
Technology used to be a limitation. We are used to constructing our railways from technology. This is not (or should not) be the case anymore. Both fantasy and our reluctance to adapt to new technology are our limitations. Technology is used to execute the functionality of a rail system. Improving and optimizing the system functionality should be the key for future developments.
After all, we cannot compete with history if we are stuck with history.
About the author
Mats Boman has been working in the railway industry since 1999. His career started at Prover and, after switching gears to drive a consulting business within rail control system management and then serve as the CEO of the rail engineering company STHK, he recently returned to Prover as the Vice President of Business Development. Mats has a master’s degree in computer science from Uppsala University.
How safe and efficient are your rail control systems? Let’s find out!
Share this article
Learn more about how to develop specifications with Digital Twins
Fill out your information here.
More News & Articles
Prover introducing Signaling Design Automation to students at CentraleSupélec in Paris
Prover PSL, the leading model checker used for formal verification in the rail and metro signaling domain, is now even faster.
Prover and RATP Strengthen Collaboration: Advancing Passenger Safety with Formal Methods.