As the railway technology is going digital, the interplay of safety and security is becoming increasingly important. By Sedat Sezgün, Head of Rail, HIMA Paul Hildebrandt.
Railway technology is increasingly digital. More and more vital control processes are being implemented as cloud-based or internet-based solutions. Even in the digital age, safety controllers form the basis for critical applications such as level crossings, rolling stock and interlockings. The interplay of safety and security is becoming increasingly important, and even in the ‘Rail 4.0’ era COTS controllers can be more flexible and more economical than proprietary safety technology.
Proprietary Systems Versus COTS
The railway industry is in the midst of a change from costly proprietary safety technology to open, future-proof Commercial Off-The-Shelf (COTS) solutions. COTS means series production controllers which are sold in large numbers as standard components and deployed in a variety of industry sectors. Thanks to the use of standard components, they are significantly less costly than proprietary systems, while at the same time fulfilling all important safety standards of the railway industry.
The HIMax and HIMatrix safety controllers, which feature CENELEC SIL4 approval, open interfaces and an operating system based on industry-standard programming languages in accordance with EN standards, are excellent examples of this.
Heading Toward A New Standard
Rail experts now expect that in the medium term only COTS components will be installed in small and mid-size interlocking and signalling systems, due to their application versatility and significantly lower acquisition and life cycle costs compared to proprietary technology.
More and more players in the railway industry are opting for COTS solutions, mainly due to their greater flexibility, for example in the choice of component suppliers. With an open operating system and open interfaces, COTS control systems can be configured according to need and deployed flexibly worldwide.
Digitalisation Demands Openness
To make rail transport fit for the future and able to compete with other transport systems, outdated and ineffective technology must be replaced by more effective automated processes. Automated control systems play a basic role in this evolution to the ‘Rail 4.0’ era.
A decisive prerequisite for the digital railway age is networking of a wide variety of data exchange systems. Here COTS safety controllers come to the fore because their standard operating system provides interfaces for all major communication protocols, including Ethernet TCP/UDP, RS485, RS422, RS232 and CAN. Communication is based on the Safe Ethernet protocol developed by HIMA in 1997 and other industry protocols, and users can also create their own protocols. Remote I/O modules extend the modular controllers with additional inputs and/or outputs.
The configuration, programming and diagnostic tool SILworX (Figure 4), which utilises industry-standard programming languages in accordance with EN standards, also plays a key role in digitalisation and networking. SILworX runs in a Windows environment, but its dependency on Windows functions is kept as low as possible. This approach enables reliable operation without interference from other programs or updates and provides maximum protection against operator errors.
Cyber Security: Interplay Of Safety And Security
With the rising degree of automation and increasing relocation of functions to the cloud, there is a growing risk of cyber attacks. Effective security enhancement measures in this situation consist of restricting options for human access and setting up autonomous, self-contained security systems.
The operating system running on the HIMA controllers is a dedicated operating system specifically developed for safety-oriented applications, but unlike proprietary systems it is based on industry-standard programming languages and is user programmable. It includes all functions necessary for safety PLCs and omits all other functions. As a result, it is not vulnerable to typical attacks on IT systems. Right from the first development stage, the operating systems of the HIMatrix and HIMax COTS controllers have been tested for resistance to cyber attacks. Recurrent updating of the operating software, as commonly occurs with conventional PC-based PLC systems and puts the operator’s safety case or approval at risk every time, is not necessary.
The HIMA controllers have separate processors for system functions and communication. That ensures high operational reliability, even in the event of a cyber attack on the communication processor. In addition, several different and physically separate networks can be operated on a single communication processor or processor module. Finally, unused interfaces can be disabled individually to limit the safety controllers to the communication functions which are actually necessary.
READ MORE SOFTWARE & NETWORKS
WANT MORE INSIDER NEWS? SUBSCRIBE TO IAA NOW!
CHECK OUT IAA’S CURRENT AND PAST ISSUES: DIGITAL MAGAZINE