Asset management of signalling systems Dr. Marc ANTONI UIC Director of Rail System Department UIC Geneva, 24 November 2015 Rail Safety: Trends and Challenges

Asset management of signalling systems

Dr. Marc ANTONIUICDirector of Rail System Department UIC

Geneva, 24 November 2015

Rail Safety: Trends and Challenges

1 – System rail and Modern signalling problem

2 – Architectures signalling choices specification requirement

3 – Failure distribution and maintenance strategy optimisation

4 – Optimisation of HSL maintenance strategy

5 – Conclusion

CONTENT

UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20152

3

The creation of a new line involves contracts with third parties:

Guarantee of a constant level and hence infrastructures of high availability

Control of maintenance costs – initial, evolution and recurring

The ideal solution needs to take into account certain elements:

Implement new material including heavily computerized and innovative

components (absence of feedback, training of staff...)

Architecture choices depending of the conditions of use

and the business targets

Nearly permanent utilisation of infrastructures (traffic...)

Positioning of basis for maintenance (imposed access ...)

System rail and Modern signalling problem


The railway system is a highly integrated systemSignalling has to be considered as a highly integrated system in interaction with people, tools and procedures… on RU’s and IM’s sides

Drivers

Infrastructure Manager’s

Owners

Regulation& safety

Procedures & Operation principles

Rolling stock

Railway Undertaker’s

Maintenance of rolling stock

INFRASTRUCTURESIGNALLING

Maintenance of the Infrastructure

A signalling technology change can impact the availability and the safety of the line, as well as its financial efficiency



No part of the rail system should be developed without due consideration of effect on other parts of the system which are safety-critical and upon which the integrity of the system depends

“System Rail” consists of several functional and structural subsystems and their components: Need of a technical system vision.

A system approach is essential at all times when dealing with “System Rail”. Well constructed business-led standards are able to provide the framework for ensuring the level of operational safety. Therefore every change has to be assessed in terms of impact on the other parts of the system.



In general:Safety is carried out with incompatibilities (exclusion in space and time of a common position of resources)The signalling modules are classically formally defined (functionalities and interfaces) / different layers related to different signalling functionalities (field elements, interlocking, block system...)

Signalling/Interlocking functions have to: Take into account all national laws, operational rules… Take into account the environment of the system (without exportation of

safety constraints…) Stay in service 24/24, 365 days per year, for many years, in numerous

places on the network... different from factories Be checked a 100% after each functional modification or maintenance

intervention... no more possible with the digitalisation without formal proofs

Architectures signalling choices specification requirement

6UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20156

The interlocking module was designed for:

- Using a clear (formal) interface between ”functional SW” and

“HW + basis SW”

- A unique SIL level (for all functions) by signaling computerized module

- Formal interfaces between the different signaling modules (time, function, physics)

Critical computerized system Over system

Different functional layers : Remote control centre + Interlocking + Controllers + field elements OR ATP + ATP(EVC) + ...

The architecture uses common functional interfaces for all the computerized interlocking systems (for all the suppliers)



Le débit des lignes

Functional Specification written by the Infrastructure Manager [why, what]

Hardware and Basic software - Realisation by the Suppliers [how]

Formal interface language (how to interpret, how to be written)

The onboard safety functions have to be tested after each modification (evolution) : expensive

The target machine could be designed to:– realize a clear separation between “hardware and basic software” and

“functional software” Formal interpretable language– allow the formal validation of the functional software in the onboard

environment the method has to be applicable by railway team


Formal interfaces


Hardware and software supporting the execution of the functionalities with the right safety level

N of P architecture of the real time computerized system – SIL4 development

The unsafe execution rate must be below a standardized fixed limit (SIL4 for example)

First level of the computerised interlocking:

This concerns a safety failure rate per hour involving the possibility of a system execution error.

The software architecture in two levels



Interpreted Functionalities of the interlocking system

Input (Bite or communications in the railway context)

Output (Bite or communications in the railway context)

Hardware and software supporting the execution of the functionalities with the right safety level

The applicative software must be 100% correct or it is not put into service

Main problem: are the specifications and their transformations into the acquired final code 100% correct?

ÞThe commissioning of a high safety level installation involving “a” functional incorrectness that persists in the final code will necessarily lead to an accident after a certain time in a deterministic way.

Second level of the computerised interlocking:The software architecture in two levels



11

Analysis of life cycle of electronic signalling material by estimating failure rate λ(t): The failure rate isn’t truly constant? Which environment variables exist which can influence the life cycle of material?

Modelling of existing economic link between maintenance costs and volume of systematic renewal:

Which maintenance strategy has the lowest costs on a complete life cycle? real means to realise an LCC analysis How to best use a fix budget for renewal in order to reduce maintenance costs ?

Failure distribution and maintenance strategy optimisation


12

Method – Simple replacement of signalling components

In order to predict the period for replacement it is important to keep in mind the aging effects of the signalling material (progressive drift )

Bertholon Model

For t < t0: Corresponding to a classical constant failure rate.

For t ≥ t0:

Random faults AND faults du to aging of certain components .

0 50 100 150 200 250

0.0

00

0.0

05

0.0

10

0.0

15

0.0

20

time

ha

zard

fun

ctio

n

t0exponential

exponential and Weibull

)exp(1)(0t

tR

))(exp(1)exp(1)(

1

0

0

ttt

tR t= t0


Failu

re ra

te

13

0.7

00

.75

0.8

00

.85

0.9

00

.95

1.0

0

time

pro

ba

bili

ty

1st lifeempiricWeibull95% CI

1st + 2nd lifeempiricWeibull

1.672.26

3842

n11635

N1063536

Two life cycles are taken into account:

- Time before the first failure

- Extending first up to the second failure


2nd life1st life

Relia

bilit

y fu

nctio

n

14

Multiple replacement of signalling components In order to take into account replacing of faulty material

• The replacement rate at date t can be calculated by expression:

1

]))'(1([)(n

ntRth

* indicating the convolution.

• This functionality gives us the expected number of replacements before date t

0.0 0.5 1.0 1.5 2.0 2.5 3.0

01

23

45

6

reduced time tr

h(tr

)

3 6 10 15


Repl

acem

ent r

ate

Coefficient β minimal value of 3 (below 2 today in the

majority of cases)


15

Maintenance expenses: Y(t) = ci(t) + cu ∙ n ∙ h(t) ci: recurrent costscu: costs for replacement for one materialn: number of materialsh(t): annual replacement rate

Estimation of maintenance expenses (with renewal) per year:

1

0

1

/)]([/)(T

t

t

t

TtYXTTC

This method allows to find the ideal period for renewal T0 for this material – with or without updating of costs (LCC).

X: renewal costs

example

)(TE 0 1 2 3 4

reduced time tr

cost

s pe

r ye

ar

T0

E(tr)/trX/trC(tr)/tr

Model of maintenance expenses asset strategy:



16

time

Failures

num

ber

Discounted maintenance costs

cum

ulat

ed c

osts

time

Simulation of different scenarios asset strategy:- Only faulty material is being replaced - Additional to failures - 10% of the material is being replaced preventively - Additional to failures - material exceeding an age limit are replaced

time



The approach is based on the modelling of the: deterministic behaviour of the actors (traffic, maintenance...) dysfunctional of infrastructure components (failure distribution, renewal policy...)

It uses the Petri network for:put into interaction the different actorscompare the different optionsascertain that contractual objectives are met

Optimisation of the maintenance strategy

The choice of the Petri networks is motivated by the possibilities: to combine in a single model, deterministic and probabilistic

behaviour (pure delays, cycles, calendars, organizational rules, default rates, routes...)

to treat parallelisms and associate individually testable models (validation and easy evolution ...)


The general model consists of several layers using a network type per actor

Track Circuit

Shunting(Cde & Kle)

SiteEquipment

Telemonitoring Telemonitoring Telemonitoring

local organisationof maintenance

Supervision Center

Calculation of the model output indicators

Circulation(s)Of maintenance

On-callAgent

MaintenanceTeam (s)

Calendar

Topology ofAccess

Warning / detection of degradation (default)

Call management for action

Corrective intervention (local or at distance)

Alarm / detection Incident (failure) centers

UIC – Rail System Department – Dr. Marc ANTONI – July 2015


Example of results for a sector of 100km

• 37% reduction of downtime rate through the existence of a remote monitoring and a supervision centre

• 45% reduction in the rate with remote monitoring and a subdivision of the sector into two half-teams at recognised mid sectors

• 60% reduction in the rate when the actions on the organization complement the technical provisions

• Response times are minimal when the average position of the sector and homes of the agents are set at mid sector

• Load factor of supervision centre ...

Without TSétendue(actual)

96,6%

withTS

étendueWithout ½

éq.

97,2%

WithTS and

CS

97,8% Availability

WithTS andCS and

½teams

98,4%

WithTS andCS and½ éq.

98,3%

WithTS and ½teams

98%

WithTS, ½éq. andagentcenter

98,1%

WithoutTs and ½teams

97,4%

withTS ans=d

CSeand ½éq. andagentcenter

98,7%

Technique



Modern signalling systems increase significantly costs for maintenance and have impact on the availability of high speed lines- The proposals made here to IMs want to give them the possibility to guaranty expected safety, security, performance and economic targets- If modern signalling systems are “complex” instead of being “complicated”, it will be impossible to validate and to maintain it in safe, secure and economic conditions.

This has to be taken into account at the early design stage!!

Conclusion

The standardisation of the product and their interfaces has to be formally defined to create the condition for safe operation and maintenance of the system on the long term!


The choice of architecture must allow to : facilitate safety (using IP network...) and security demonstrations (for specification and realisation) modelling reliable behaviour and availability of signalling implementations

For the computerized IT signalling system:the interfaces of signalling modules is defined formally (physic, time, functions...)need of open model based “functional software” understandable by the signalling engineers, provable and interpretable in real timeused in an industrial way without people educated in mathematics,

Conclusion


23

For estimation of maintenance needs for signalling: Proposed approach allows a good modelling of the phenomenon

intuitively detected by experts: −Aging electronic and computerized facilities−Renewal policies regarding economics and performance−Maintenance periods adapted to asset age…

The method need modularity of signalling system

For a given HSL the proposed approach allows to optimise the means of maintenance in order to achieve performance under best economic conditions.

Conclusion


24

General Safety, security and asset management are no constraints

limiting innovation, industrialisation, economic efficiency of future signalling implementations for High Speed Lines

It is important that IMs can define and control their implementations, their good level of “modularity” in order to allow them achieve their specific economic objectives, regularity and safety within their local conditions (climate, topology, organisation...)

Signalling is not a “service” open for sales

Conclusion


Dr. Marc ANTONIFIRSEUIC Director of the Rail System [email protected]

Geneva 24 November 2015

Thank you for your kind attention


mailto:[email protected]

Documents

Asset management of signalling systems Dr. Marc ANTONI UIC Director of Rail System Department UIC Geneva, 24 November 2015 Rail Safety: Trends and Challenges