How the industry can overcome the challenges of rail control projects

Why is efficient rail control so important?

The demand for rail transportation capacity is growing, and the industry needs to step up. If you want to enable safe and reliable rail transportation while making the best use of the available infrastructure, implementing efficient rail control solutions is essential.

The development of these software-based systems is critical in rail transport projects. However, delays in delivery, acceptance, and safety approvals are often major bottlenecks in getting the systems we need, and they have a highly negative impact on costs and schedules.

If you want to enable safe and reliable rail transportation while making the best use of the available infrastructure, implementing efficient rail control solutions is essential.

There is an obvious need to simplify the development process by implementing solutions that supply the industry with the tools and processes needed to meet the requirements and expectations of the end customers.

We have found that the recipe for a successful rail control project is threefold: focus on the requirement specifications, automate design and development, and apply formal and automated methods to prove that requirements are fulfilled.

This recipe generates high-quality software with guaranteed safety, but it can also cut your project time and costs in half. Together with more standardisation, this paves the way for increased competition, reduced life cycle costs and, ultimately, a better customer experience with increased traffic capacity and fewer delays.

What challenges do you see that rail control projects suffer from today?

My experience is that there are a number of factors standing in the way of successful rail control projects. Rail control systems are expensive to procure, develop, and maintain. Costs and schedules are routinely exceeded. Errors and shortcomings in procured systems are often discovered late, when it is costly and cumbersome to make changes. Attempting to address problems when they are discovered at a critical and late stage in the projects only causes further delays to the entire process before systems can finally be put into revenue service. This generates a lot of frustration for all parties involved and contributes to the end customer feeling out of control. 

Underlying these challenges is the fact that the railway market is still relatively conservative when it comes to adopting future production processes for these systems. The relatively small number of dominant suppliers in today’s market makes driving the necessary changes even more difficult. However, the problems are not only on the supplier side; the infrastructure managers (the buyers) also need to do a better job of telling the suppliers what they expect from the systems they procure, this is paramount to achieving customer satisfaction. There is a need for a new way of working to overcome these challenges.

How does the current process work?

When the infrastructure manager has decided that it needs a new rail control system, the system is specified by the buyer.

The level of detail to which the system is specified varies greatly, typically involving a large number of consultants. This can result in complex specifications that leave plenty of room for interpretation.

The level of detail to which the system is specified varies greatly, typically involving a large number of consultants. This can result in complex specifications that leave plenty of room for interpretation, which can have the upside of the supplier having to spend less effort on adapting generic systems to customer-specific requirements, thus reducing the cost. On the other hand, the specifications must be detailed enough to make sure that the system meets the expectations of the buyer.

Following the award of the project to a successful bidder, the development phase starts by using a manual and labour-intensive process. In parallel to the development, there is a quality and safety assessment process to ensure that the system will function as intended, and that it conforms to safety standards. Finally, the system is tested in the factory and onsite, and then, it is hopefully approved for revenue service. It then enters a maintenance phase, where each software update needs to be tested and approved, often causing interruptions to the service as bugs need to be worked around and corrected.      

How should the process be changed to overcome the challenge?

The buyers need to take control of their systems, promote standardisation and open interfaces between subsystems, to prevent the current situation with systems that quickly become obsolete and costly to maintain. The first step is to create a digital twin where these components and interfaces can be identified, specified, and validated. The digital twin is best developed with automation tools using formal methods for specification, design, test, and verification.

The digital twin can then be used throughout the entire process, from tendering to maintenance, to validate individual subsystems, as they are made available or updated. The buyer is in control of the digital twin, but it can be used also by suppliers to automate their process and to make sure that they develop the system in the right direction from the start. This greatly simplifies the interaction between buyer and supplier, and facilitates knowledge transfer within and between these organisations.

Once the system is approved and commissioned, the digital twin will simplify the maintenance phase by providing a means to try out new ideas and proposed changes before they are implemented.

Credit: Prover – Image of the new process for successful rail control projects developed by Prover.

What are the positive effects of the new process that you suggest?

With our proposed process, the infrastructure managers can provide the suppliers with requirements that truly express their expectations of the new system, and that give the suppliers a fair chance to implement that system within time and budget. This is made possible by using a formal approach and digital twins to develop and validate the requirement specifications, and by using automation tools in the development phase.

In addition, testing and safety certification is more simplified, which further decreases the project risk, and reduces the need for onsite testing. Reducing onsite testing is particularly important in brown-field projects, to avoid having to shut down revenue service operations.

Can you mention some examples of where this has been successfully applied?

Prover is successfully delivering Signalling Design Automation solutions to railways, metros, and signalling suppliers around the world.

Prover is successfully delivering Signalling Design Automation solutions to railways, metros, and signalling suppliers around the world.

Stockholm Metro is a good example of an infrastructure manager that has embraced formal and automated processes. As is often the case, they started using formal verification before moving to procure systems with software produced with the full SDA process. Recently, they have also started using digital twins to evaluate proposed solutions and to create requirement specifications. New York City Transit and RATP in Paris are other examples of metros that are using formal methods for safety verification, either in-house or as a requirement on the processes used by suppliers and safety assessors.

Most major signalling suppliers are also using processes that incorporate formal methods and automation to some degree. In addition to being the most complete and cost-effective method to ensure safety, formal verification is often required by the customers. Design automation is crucial to drive down costs and to be able to deliver more projects with the available resources.