asset management of signalling systems dr. marc antoni uic director of rail system department uic...
TRANSCRIPT
Asset management of signalling systems
Dr. Marc ANTONIUICDirector of Rail System Department UIC
Geneva, 24 November 2015
Rail Safety: Trends and Challenges
1 – System rail and Modern signalling problem
2 – Architectures signalling choices specification requirement
3 – Failure distribution and maintenance strategy optimisation
4 – Optimisation of HSL maintenance strategy
5 – Conclusion
CONTENT
UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20152
3
The creation of a new line involves contracts with third parties:
Guarantee of a constant level and hence infrastructures of high availability
Control of maintenance costs – initial, evolution and recurring
The ideal solution needs to take into account certain elements:
Implement new material including heavily computerized and innovative
components (absence of feedback, training of staff...)
Architecture choices depending of the conditions of use
and the business targets
Nearly permanent utilisation of infrastructures (traffic...)
Positioning of basis for maintenance (imposed access ...)
System rail and Modern signalling problem
UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20153
The railway system is a highly integrated systemSignalling has to be considered as a highly integrated system in interaction with people, tools and procedures… on RU’s and IM’s sides
Drivers
Infrastructure Manager’s
Owners
Regulation& safety
Procedures & Operation principles
Rolling stock
Railway Undertaker’s
Maintenance of rolling stock
INFRASTRUCTURESIGNALLING
Maintenance of the Infrastructure
A signalling technology change can impact the availability and the safety of the line, as well as its financial efficiency
UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20154
System rail and Modern signalling problem
No part of the rail system should be developed without due consideration of effect on other parts of the system which are safety-critical and upon which the integrity of the system depends
“System Rail” consists of several functional and structural subsystems and their components: Need of a technical system vision.
A system approach is essential at all times when dealing with “System Rail”. Well constructed business-led standards are able to provide the framework for ensuring the level of operational safety. Therefore every change has to be assessed in terms of impact on the other parts of the system.
UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20155
System rail and Modern signalling problem
In general:Safety is carried out with incompatibilities (exclusion in space and time of a common position of resources)The signalling modules are classically formally defined (functionalities and interfaces) / different layers related to different signalling functionalities (field elements, interlocking, block system...)
Signalling/Interlocking functions have to: Take into account all national laws, operational rules… Take into account the environment of the system (without exportation of
safety constraints…) Stay in service 24/24, 365 days per year, for many years, in numerous
places on the network... different from factories Be checked a 100% after each functional modification or maintenance
intervention... no more possible with the digitalisation without formal proofs
Architectures signalling choices specification requirement
6UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20156
The interlocking module was designed for:
- Using a clear (formal) interface between ”functional SW” and
“HW + basis SW”
- A unique SIL level (for all functions) by signaling computerized module
- Formal interfaces between the different signaling modules (time, function, physics)
Critical computerized system Over system
Different functional layers : Remote control centre + Interlocking + Controllers + field elements OR ATP + ATP(EVC) + ...
The architecture uses common functional interfaces for all the computerized interlocking systems (for all the suppliers)
Architectures signalling choices specification requirement
7UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20157
Le débit des lignes
Functional Specification written by the Infrastructure Manager [why, what]
Hardware and Basic software - Realisation by the Suppliers [how]
Formal interface language (how to interpret, how to be written)
The onboard safety functions have to be tested after each modification (evolution) : expensive
The target machine could be designed to:– realize a clear separation between “hardware and basic software” and
“functional software” Formal interpretable language– allow the formal validation of the functional software in the onboard
environment the method has to be applicable by railway team
Architectures signalling choices specification requirement
Formal interfaces
8UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20158
Hardware and software supporting the execution of the functionalities with the right safety level
N of P architecture of the real time computerized system – SIL4 development
The unsafe execution rate must be below a standardized fixed limit (SIL4 for example)
First level of the computerised interlocking:
This concerns a safety failure rate per hour involving the possibility of a system execution error.
The software architecture in two levels
Architectures signalling choices specification requirement
9UIC – Rail System Department – Dr. Marc ANTONI – 24 November 20159
Interpreted Functionalities of the interlocking system
Input (Bite or communications in the railway context)
Output (Bite or communications in the railway context)
Hardware and software supporting the execution of the functionalities with the right safety level
The applicative software must be 100% correct or it is not put into service
Main problem: are the specifications and their transformations into the acquired final code 100% correct?
ÞThe commissioning of a high safety level installation involving “a” functional incorrectness that persists in the final code will necessarily lead to an accident after a certain time in a deterministic way.
Second level of the computerised interlocking:The software architecture in two levels
Architectures signalling choices specification requirement
10UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201510
11
Analysis of life cycle of electronic signalling material by estimating failure rate λ(t): The failure rate isn’t truly constant? Which environment variables exist which can influence the life cycle of material?
Modelling of existing economic link between maintenance costs and volume of systematic renewal:
Which maintenance strategy has the lowest costs on a complete life cycle? real means to realise an LCC analysis How to best use a fix budget for renewal in order to reduce maintenance costs ?
Failure distribution and maintenance strategy optimisation
11UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201511
12
Method – Simple replacement of signalling components
In order to predict the period for replacement it is important to keep in mind the aging effects of the signalling material (progressive drift )
Bertholon Model
For t < t0: Corresponding to a classical constant failure rate.
For t ≥ t0:
Random faults AND faults du to aging of certain components .
0 50 100 150 200 250
0.0
00
0.0
05
0.0
10
0.0
15
0.0
20
time
ha
zard
fun
ctio
n
t0exponential
exponential and Weibull
)exp(1)(0t
tR
))(exp(1)exp(1)(
1
0
0
ttt
tR t= t0
Failure distribution and maintenance strategy optimisation
Failu
re ra
te
13
0.7
00
.75
0.8
00
.85
0.9
00
.95
1.0
0
time
pro
ba
bili
ty
1st lifeempiricWeibull95% CI
1st + 2nd lifeempiricWeibull
1.672.26
3842
n11635
N1063536
Two life cycles are taken into account:
- Time before the first failure
- Extending first up to the second failure
Failure distribution and maintenance strategy optimisation
2nd life1st life
Relia
bilit
y fu
nctio
n
14
Multiple replacement of signalling components In order to take into account replacing of faulty material
• The replacement rate at date t can be calculated by expression:
1
]))'(1([)(n
ntRth
* indicating the convolution.
• This functionality gives us the expected number of replacements before date t
0.0 0.5 1.0 1.5 2.0 2.5 3.0
01
23
45
6
reduced time tr
h(tr
)
3 6 10 15
Failure distribution and maintenance strategy optimisation
Repl
acem
ent r
ate
Coefficient β minimal value of 3 (below 2 today in the
majority of cases)
14UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201514
15
Maintenance expenses: Y(t) = ci(t) + cu ∙ n ∙ h(t) ci: recurrent costscu: costs for replacement for one materialn: number of materialsh(t): annual replacement rate
Estimation of maintenance expenses (with renewal) per year:
1
0
1
/)]([/)(T
t
t
t
TtYXTTC
This method allows to find the ideal period for renewal T0 for this material – with or without updating of costs (LCC).
X: renewal costs
example
)(TE 0 1 2 3 4
reduced time tr
cost
s pe
r ye
ar
T0
E(tr)/trX/trC(tr)/tr
Model of maintenance expenses asset strategy:
Failure distribution and maintenance strategy optimisation
15UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201515
16
time
Failures
num
ber
Discounted maintenance costs
cum
ulat
ed c
osts
time
Simulation of different scenarios asset strategy:- Only faulty material is being replaced - Additional to failures - 10% of the material is being replaced preventively - Additional to failures - material exceeding an age limit are replaced
time
Failure distribution and maintenance strategy optimisation
16UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201516
The approach is based on the modelling of the: deterministic behaviour of the actors (traffic, maintenance...) dysfunctional of infrastructure components (failure distribution, renewal policy...)
It uses the Petri network for:put into interaction the different actorscompare the different optionsascertain that contractual objectives are met
Optimisation of the maintenance strategy
The choice of the Petri networks is motivated by the possibilities: to combine in a single model, deterministic and probabilistic
behaviour (pure delays, cycles, calendars, organizational rules, default rates, routes...)
to treat parallelisms and associate individually testable models (validation and easy evolution ...)
17UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201517
The general model consists of several layers using a network type per actor
Track Circuit
Shunting(Cde & Kle)
SiteEquipment
Telemonitoring Telemonitoring Telemonitoring
local organisationof maintenance
Supervision Center
Calculation of the model output indicators
Circulation(s)Of maintenance
On-callAgent
MaintenanceTeam (s)
Calendar
Topology ofAccess
Warning / detection of degradation (default)
Call management for action
Corrective intervention (local or at distance)
Alarm / detection Incident (failure) centers
UIC – Rail System Department – Dr. Marc ANTONI – July 2015
Optimisation of the maintenance strategy
Example of results for a sector of 100km
• 37% reduction of downtime rate through the existence of a remote monitoring and a supervision centre
• 45% reduction in the rate with remote monitoring and a subdivision of the sector into two half-teams at recognised mid sectors
• 60% reduction in the rate when the actions on the organization complement the technical provisions
• Response times are minimal when the average position of the sector and homes of the agents are set at mid sector
• Load factor of supervision centre ...
Without TSétendue(actual)
96,6%
withTS
étendueWithout ½
éq.
97,2%
WithTS and
CS
97,8% Availability
WithTS andCS and
½teams
98,4%
WithTS andCS and½ éq.
98,3%
WithTS and ½teams
98%
WithTS, ½éq. andagentcenter
98,1%
WithoutTs and ½teams
97,4%
withTS ans=d
CSeand ½éq. andagentcenter
98,7%
Technique
Optimisation of the maintenance strategy
20UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201520
Modern signalling systems increase significantly costs for maintenance and have impact on the availability of high speed lines- The proposals made here to IMs want to give them the possibility to guaranty expected safety, security, performance and economic targets- If modern signalling systems are “complex” instead of being “complicated”, it will be impossible to validate and to maintain it in safe, secure and economic conditions.
This has to be taken into account at the early design stage!!
Conclusion
The standardisation of the product and their interfaces has to be formally defined to create the condition for safe operation and maintenance of the system on the long term!
21UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201521
The choice of architecture must allow to : facilitate safety (using IP network...) and security demonstrations (for specification and realisation) modelling reliable behaviour and availability of signalling implementations
For the computerized IT signalling system:the interfaces of signalling modules is defined formally (physic, time, functions...)need of open model based “functional software” understandable by the signalling engineers, provable and interpretable in real timeused in an industrial way without people educated in mathematics,
Conclusion
22UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201522
23
For estimation of maintenance needs for signalling: Proposed approach allows a good modelling of the phenomenon
intuitively detected by experts: −Aging electronic and computerized facilities−Renewal policies regarding economics and performance−Maintenance periods adapted to asset age…
The method need modularity of signalling system
For a given HSL the proposed approach allows to optimise the means of maintenance in order to achieve performance under best economic conditions.
Conclusion
23UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201523
24
General Safety, security and asset management are no constraints
limiting innovation, industrialisation, economic efficiency of future signalling implementations for High Speed Lines
It is important that IMs can define and control their implementations, their good level of “modularity” in order to allow them achieve their specific economic objectives, regularity and safety within their local conditions (climate, topology, organisation...)
Signalling is not a “service” open for sales
Conclusion
24UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201524
Dr. Marc ANTONIFIRSEUIC Director of the Rail System [email protected]
Geneva 24 November 2015
Thank you for your kind attention
25UIC – Rail System Department – Dr. Marc ANTONI – 24 November 201525