Embed Size (px)
Citation preview
KEEPING RAIL PROJECTS ON TRACK AND ON TIME: SOLUTIONS FOR MASTERING COMPLEX TECHNOLOGY CHALLENGESBy Alexander Damisch, Director, Industrial Markets
INNOVATORS START HERE.
INNOVATORS START HERE.1 | White Paper1 | White Paper
EXECUTIVE OVERVIEW
Safe, efficient, reliable, and cost-effective mass transportation is a priority issue for
governments around the world. Rail transit is widely viewed as essential to getting cars
off the road and reducing fossil fuel dependence; yet it is often a political hot button
because of the huge amount of public funds involved. Rail projects are notorious for
budget overruns and delays.
For builders of rail equipment and systems, the challenges are compounded by pres-
sure to bring projects to completion quickly, while ensuring that stringent safety and
certification standards are met. The technology required to transport more people safely,
comfortably, and on schedule is increasingly complex—and complexity carries greater
risk of failure and vulnerability, along with higher development and maintenance costs.
This paper explores the challenges manufacturers face and how technology choices made
early in the system-design process can mitigate them. It explains how approaches proven
in the aerospace industry—where physical space is limited and safety is paramount—can
reduce risks and costs, accelerate development time, simplify maintenance, and create a
safer, more enjoyable experience for the passenger.
TABLE OF CONTENTS
Executive Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Today’s Trains: Connected Communications Hubs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Multiple Systems for Multitasking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Growing Cyber-threat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Meeting Certification Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Divide and Conquer: The Virtue of Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
What Trains Can Learn from Planes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
The Right Development Partner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
KEEPING RAIL PROJECTS ON TRACK AND ON TIME: SOLUTIONS FOR MASTERING COMPLEX TECHNOLOGY CHALLENGES
2 | White Paper
TODAY’S TRAINS: CONNECTED COMMUNICATIONS HUBS
From Europe’s long-distance travel networks to light-rail com-
muter lines in America to the unmanned monorails whisking travel-
ers around airports, today’s rail systems are reliant on increasingly
intricate automation technology and cloud-based connectiv-
ity . Railway vehicles have become connected information hubs .
Passengers see this in the form of information screens and next-
stop announcements, and, in some cases, such amenities as in-
train Wi-Fi . Connectivity helps make the time spent in transit more
enjoyable or productive .
The same technology that allows passengers to know when they
are approaching their stops also allows operators to know exactly
where a train is and how well it is operating . Positive Train Control
(PTC) systems enable trains to “know” their position relative to
all the other trains in their network with GPS precision . Machine-
to-machine communication, centrally managed in a cloud-based
architecture, enables operators to utilize equipment, tracks, and
stations more efficiently while dramatically reducing the risk of
accidental collisions .
MULTIPLE SYSTEMS FOR MULTITASKING
Safety, speed, control, convenience—the myriad tasks that sys-
tems must perform means that modern trains must carry multiple
systems . The challenge for equipment manufacturers is to include
these complex systems without taking up valuable space, adding
weight, or driving up costs . The systems must also be configured
in a way that they do not interfere with each other—that a break-
down in the passenger information system, for example, does not
disrupt communications from the train to its controllers .
The conventional way to split safety-critical applications from
other systems has been to house them in separate hardware .
While this approach may guarantee physical separation, it has
proven costly, is an inefficient use of the limited space on board,
and increases energy consumption . There are practical issues as
well with development, testing, interoperability, and product life
cycles, as each piece of equipment will have its own certification
and obsolescence management cycle .
Operational Control Center
Trainborne
Trackside
Diagnostic Support
Train Control
High A Authority
Management Server
GPS LocationDetermination
Crossing
Local Communications Wayside Interface Units (WIUs)
DefectDetectors
Control Point
Rail-RailInterfaces
Train ControlServers
RemoteUsers
Training/TrainController/
Transit Manager
WirelessNetwork
TCP/IPRouter
*n
Communications
UPS
AuthorityServer,
Trainborne,Wayside
Key
Architecture of a positive train control system
KEEPING RAIL PROJECTS ON TRACK AND ON TIME: SOLUTIONS FOR MASTERING COMPLEX TECHNOLOGY CHALLENGES
3 | White Paper
GROWING CYBER-THREAT
Another challenge developers must confront is the escalation in
unauthorized intrusion . As rail systems rely more on wireless con-
nectivity, they become more vulnerable to hacking . The conse-
quences of even a small disruption become particularly severe as
trains become more powerful, carry more passengers, and travel
faster . A train traveling at more than 300 kilometers per hour relies
heavily on automation and connectivity because human drivers
cannot make all the necessary decisions at that speed . Yet the very
systems that are critical for safe operation could be brought down
by a simple electronic device, a mobile phone, or a small piece of
malicious code downloaded from the Internet .
This became reality in 2009, when a bored but clever Polish teen-
ager used a modified TV remote control to change the points on
the tram system in the city of Lodz, derailing four cars and injur-
ing 12 people . Protection against failures has always been a key
part of transportation equipment design, but now engineers have
to protect against system intrusion and modification . Whether
deliberate or accidental, an intrusion can disrupt service, at a mini-
mum, and, in the worst case, cause a severe and perhaps deadly
accident .
The threat of increasing cyber-attacks underscores the need to
keep systems and functions separate, so that if an intruder or mal-
ware infects one system it does not spread to others .
MEETING CERTIFICATION REQUIREMENTS
To protect against these risks, rail equipment makers need prac-
tical ways to build connected systems and to enforce the sepa-
ration, isolation, and protection between general-purpose and
safety-critical systems . Manufacturers also need to reduce the cer-
tification and approval costs for their systems and get to market on
a faster, more predictable timetable .
There was a time when equipment manufacturers tended to
build their own hardware and proprietary on-board applica-
tions . More recently, in the effort to control costs and accelerate
time-to-market, more manufacturers are turning to commercial
off-the-shelf (COTS) technology solutions . Besides the cost and
time savings in development and maintenance, the move to open
standards enables vendors to be more competitive in an increas-
ingly global market .
However, the stringent testing and certification regimes for vehi-
cles and control systems pose a challenge in using COTS applica-
tions for safety-ready platforms, or in sharing resources between
critical and less critical applications with different certification
requirements . This is of particular concern when railway vehicles
are sold into different national markets . Each country might need
different versions of systems that need to be recertified . If vehicle
manufacturers and their systems-development partners do not
follow strict guidelines, there can be serious issues of liability as
well as practical risks .
DIVIDE AND CONQUER: THE VIRTUE OF VIRTUALIZATION
The most practical solution is to use technology that enables mul-
tiple operating systems and applications to run on a single device
but splits critical and less critical applications so that each oper-
ates independently . If one fails or is attacked by a hacker, it will not
disrupt any other .
Commercial multi-core processors and virtualization software now
allow for time and space separation of functions, optimized for
both safety-critical and security-conscious designs . Virtualization,
either on a single core or a multi-core device, allows different
applications to run in safe and secure partitions, separated from
each other and controlled by a partitioning hypervisor .
Applying embedded virtualization to transport systems vastly
improves the business case for higher levels of automation and
improved communications . It allows developers to create systems
with small footprints, keeping certification times down . It allows
more than one system to run at the same time on low-cost hard-
ware while providing the time and space separation needed to run
different levels of critical functions, safety, and redundancy .
KEEPING RAIL PROJECTS ON TRACK AND ON TIME: SOLUTIONS FOR MASTERING COMPLEX TECHNOLOGY CHALLENGES
4 | White Paper
Not all safety-critical applications require large amounts of com-
puting resources . Using embedded virtualization to combine
several applications is feasible with well-designed software .
Commodity multi-core computer processors make it easier for
train and rail system designers to combine multiple applications
on a single processor, or CPU, instead of using several different
proprietary circuits . Eliminating multiple custom boards greatly
simplifies maintenance over the long term .
In testing and certification, virtualization brings a further advan-
tage . Designers can split applications into components that run
independently on separate virtual—but not physical—machines . If
a manufacturer wants to sell a railway vehicle in different markets,
and its systems need to be recertified to meet local rules, only
the parts that change need to be tested again, or rewritten . This
can potentially produce a big cost savings while reducing time-to-
market . It also helps make the system scalable and future-proof,
which is a key requirement for both the equipment maker and the
train or tram operator .
Partitioning also helps reduce vulnerability to attacks . Each parti-
tion can run its own small firewall rather than relying on one main
firewall, in which a breach could give an intruder access to the
whole system . If one minor application is compromised, the intru-
sion is limited to one partition where it can easily be detected and
disinfected, saving considerable time and money and reducing
safety risks . This also stops intrusions from spreading across sys-
tem components, particularly from malware . Importantly, it pre-
vents hackers from accessing the network stack to launch other
attacks or take remote control of the vehicle .
An added benefit is improved uptime of services because indi-
vidual partitions can be rebooted or even reprogrammed, without
affecting other services on the same device .
WHAT TRAINS CAN LEARN FROM PLANES
Embedded virtualization and system partitioning have been well-
tested and adopted for years in markets where performance,
reliability, and safety are critical, such as aerospace and defense .
Used correctly, embedded virtualization in rail vehicles and con-
trol systems offers developers a way to deploy more technology
that can improve efficiency, performance, and security and can be
tested and certified at a reasonable cost . It allows designers to
meet customer, compliance, and regulatory requirements, mini-
mizing the risks and liability issues that could arise if systems are
not fully tested .
THE RIGHT DEVELOPMENT PARTNER
In the effort to manage complexity, control costs, streamline
development, and deliver a product that performs to expecta-
tions, it is not simply a matter of finding the right technology plat-
form but also the right technology partner . The solution has to be
backed by solid service and support that will assure certification
and extend across the entire product life cycle .
Wind River’s VxWorks real-time operating system offers the abil-
ity to create robust partitioning and has been deployed in a wide
variety of safety- and security-critical applications, from medical
devices to spacecraft, not to mention trains and rail systems .
VxWorks is also inherently less susceptible to malware than stan-
dard COTS operating systems, as hackers are less experienced
with its code base, and the development tools and ability to add
code are much more restricted .
Many designers are making more use of open source software
such as Linux to reduce costs . It can take many weeks of develop-
ment time to get open source software up and running without
support, and a lack of long-term maintenance, longevity support,
and obsolescence management can present a major problem
KEEPING RAIL PROJECTS ON TRACK AND ON TIME: SOLUTIONS FOR MASTERING COMPLEX TECHNOLOGY CHALLENGES
Wind River is a world leader in embedded software for intelligent connected systems. The company has been pioneering computing inside embedded devices since 1981, and its technology is found in nearly 2 billion products. To learn more, visit Wind River at www.windriver.com.
2015 Wind River Systems, Inc. The Wind River logo is a trademark of Wind River Systems,Inc., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc. Rev. 01/2015
Wind River is a world leader in embedded and mobile software . Wind River has been pioneering computing inside embedded devices since 1981, and its technology is found in more than 1 billion products . Wind River is headquartered in Alameda, California, with offices in more than 20 countries . To learn more, visit Wind River at www .windriver .com .
©2012 Wind River Systems, Inc . The Wind River logo is a trademark of Wind River Systems, Inc ., and Wind River and VxWorks are registered trademarks of Wind River Systems, Inc . Rev 05/2012
with product life cycle requirements . COTS suppliers such as
Wind River, however, can supply supported versions of Linux
that streamline the development process, backed by an ongoing
maintenance program that meets regulatory requirements .
In building rail applications, much of the engineering effort is
spent not in the development of the software but in the verifi-
cation and validation required to demonstrate that the software
conforms to standards . Wind River can provide the certification
and test artifacts for common system components, significantly
speeding up development time . The developer doesn’t have to
spend additional time and effort on the validation code needed
to certify the whole system for safety or security but can instead
concentrate on the added value of the application . This approach
also has the advantage of allowing the addition of new services
without having to recertify the entire system, saving considerable
time and cost .
CONCLUSION
The mass transportation industry is under pressure from regula-
tors, operators, and the fare-paying public to deliver reliable, safe,
and secure rail equipment and systems within tight budgets and
timetables . Technology plays an increasingly important role in
everything from operating trains to assigning tracks to entertain-
ing passengers . And as technology becomes more complex, it
adds to the challenges of controlling costs, keeping projects on
schedule, and meeting certification standards .
Commercial technology that enables developers to run multiple
functions separately on a single multi-core processor goes a long
way toward meeting these challenges . It streamlines develop-
ment, reduces costs, improves overall system efficiency, simplifies
maintenance, and affords greater protection from outside intru-
sion . The right technology decision at the design stage will enable
manufacturers to keep rail projects on track and on time .
