Today, 22nd April, the Railway Industry Association launches a new report ‘Why Rail Electrification’ which explains exactly why electrification is a future-proof technology that gives electric trains greater range, efficiency and lower operating costs than self-powered traction. Thus, rail decarbonisation requires large-scale electrification and is also a good investment.
On the back of this report, an open letter has been sent to Transport Secretary Grant Shapps MP, signed by more than 15 rail businesses, as well as industry and campaign groups, which calls for a programme of rail electrification to begin as soon as possible to meet the Government’s legally binding Net Zero commitments.
The report can be considered to be the definitive industry view of electrification. As well as the industry support expressed in the letter to Grant Shapps, in his foreword to the report Professor Felix Schmid, Chair of the Railway Division of the IMechE, advises that “he is certain that it represents fairly the view of engineers throughout the industry”.
The report’s lead author, David Shirres, Editor of Rail Engineer magazine, notes that “If Britain is to decarbonise, transport has to be weaned off petroleum for which the only zero-carbon alternative is electricity. However, electricity can only be transmitted to fixed locations and then converted into another form of energy for on-board vehicle storage which significantly limits power and range. In contrast, electric trains collect electricity on the move from fixed current collection systems and feed it straight into their motors without any energy conversion losses. Hence, they offer efficient high-powered Net Zero carbon traction with large passenger, freight and operational benefits.”
David hopes that the report will be read by decision makers to enable them to understand exactly why electrification offers such advantages and convince them that, whilst there is a role for battery and hydrogen trains, they can never replace the requirement for a large-scale electrification programme if rail is to decarbonise.
Southampton is the UK’s second busiest container port and a vital part of the UK freight network. Around 800 containers a day pass through Freightliner’s Southampton Maritime Terminal at Redbridge which handles around 24 container trains daily. In addition, DB Cargo and GB rail freight average 18 trains per day from the Southampton docks complex which is about two miles west of Southampton Central station. However, until recently, freight trains were limited to 520 metres in length.
Friday 19th February saw the completion of a £17 million project, largely funded by the DfT, to increase freight capacity at the port. This work enabled 750-metre-long trains to access Southampton Western Docks in Millbrook, used by DB Cargo and GB Railfreight, and the Redbridge Freightliner terminal to accommodate container trains 775 metres long, the maximum allowable on the UK network. As a result, Freightliner trains from Southampton can now carry an additional 14 containers, potentially saving tens of thousands of Heavy Goods Vehicle movements each year.
As well as lengthening sidings at Redbridge, these enhancements included track and signalling alterations which simplified terminal shunting arrangements with the effect of improving the efficiency of freight train operations by up to 30%. The work provided almost a mile of new track, 14 new sets of switches and crossings, and 22 new signals, as well as requiring alterations to the signalling control panel at Eastleigh.
It increased the allowable speed of freight trains between Southampton Central station and the docks, thus reducing congestion at the station as passenger trains do not have to wait so long for freight trains to pass through it.
The work was done in three phases. Phase 1 saw the original 600-metre-long Redbridge terminal sidings extended for which land had to be purchased from the local authority. This was completed in March 2019. Phase 2 saw new track installed to increase linespeeds between Southampton Central and Redbridge. Phase 3 saw the commissioning of new signals for the Southampton area. This required two weekend blockages in the area on 30/31st January and 13/14th February, as well as a line blockage from 15-19th February west of Southampton Central.
Follow up work will also require the lines west of the station to be blocked during the weekend of 6/7th April.
Rail Operations (UK) has signed a framework agreement with Stadler for the supply of 30 Class 93 tri-mode locomotives, of which an initial batch of ten locomotives will be due for delivery in early 2023. While the Class 93 concept was first proposed in 2018, it was not possible to secure funding for this order until Rail Operations was acquired by STAR Capital Partnership in January.
The Class 93 is a Bo-Bo locomotive based on Stadler’s Class 68 and Class 88 locomotives that have been operating successfully in the UK for some years. It was described in detail in the Rail Engineer article Re-engineering Rail Freight (see Issue 185, July/August 2020) and has a maximum speed of 110mph.
Stadler’s first tri-mode locomotive has three different power sources. In electric mode, it can run on 25kV AC overhead lines with a power of 4,000 kW. Its Caterpillar C32 engine has a nominal power of 900kW, which can be boosted by 400 kW for short periods (whilst accelerating or going up gradients) by the Lithium Titanate Oxide (LTO) battery pack when operating on non-electrified lines. Shunting operations can be powered by the batteries alone.
The capabilities of the Class 93 are shown by a comparison of its tractive effort curves with other traction. These curves show how the pulling force of all forms of traction diminishes with speed as power is the product of force and velocity.
The Class 93 in diesel/battery mode can be seen to have an identical performance to that of a 1,305kW Class 37 locomotive. The Class 93 certainly does not have the pulling force of the 2,460kW heavy-haul Class 66 (light blue dotted line), which has a particularly high tractive effort at very slow speeds. However, with just a 900kW diesel engine, the Class 93 can manage 60% of a Class 66’s tractive effort at 75mph.
In electric mode, the Class 93 has twice the tractive effort of the Class 66 at 75mph, which illustrates the benefit of electric freight traction, particularly up the steeply-graded lines between Lancaster and Glasgow. An electric Class 93 has a comparable performance to a Class 91 electric locomotive above 75mph and a far better performance at lower speeds.
The comparison with HST Class 43 power cars shows that a diesel mode Class 93 offers comparable performance at 110mph whilst an electric mode Class 93 has twice the traction effort of HST power cars at this speed.
All this shows that the Class 93 is a true mixed-traffic locomotive.
At this time of financial crisis, when government spends around £600 million a month to operate empty trains, rail investment is a big ask, especially with uncertain future demand. Yet, regardless of post-Covid travel changes, rail infrastructure is a long-term business and modal shift to rail is needed to decarbonise transport.
Furthermore, government perception is that rail has a poor project delivery record, so its confidence has to be won back to secure the required funding. This was Andrew Haines’s message at the conference to unveil the Project SPEED initiative which replaces GRIP with the more flexible PACE process. Most importantly, it aims to create a one-team culture in which project teams are empowered to challenge accepted practice and determine how best to deliver their projects.
As we explain, this has the potential to significantly reduce project costs and timescales. Yet getting value for money also requires the supply chain to develop its capability for which visibility of future investment is needed. Unfortunately, there is no such visibility. The Railway Industry Association’s (RIA) enhancements clock shows that it is over 500 days since the DfT last published an update of its rail enhancements programme.
Also required is a long-term strategic plan for a steady programme of rail investment which effectively aligns infrastructure and rolling stock programmes to avoid wasteful expenditure. This requires a long-term view of how rail is to be decarbonised as the House of Commons’ Transport Committee recommends in its “Trains fit for the future” report. Network Rail’s Traction Decarbonisation Network Strategy (TDNS) also presents the indisputable case for large-scale rail electrification. This was submitted to the DfT in July and still awaits a response.
July also saw publication of Transport Scotland’s Rail Services Decarbonisation Action Plan which offers a long-term vision as its electrification programme provides a catalyst for associated enhancements, such as freight gauge clearance and the development of a rolling stock strategy. Must England and Wales await the long-delayed Williams review for a similar vision?
Our feature on rail infrastructure and strategy further emphasises these points with RIA’s explanation of why rail investment offers significant benefits. It also considers the large investment needed to provide improved rail connectivity between the six main economic centres in the Midlands and northern England.
Although proposals to use redundant rail infrastructure for active travel are following government policy, they are being undermined by Highways England who, as an arm of the DfT, have a duty to support such policies. Instead, as we explain, the organisation is bypassing normal planning procedures to infill structures needed for active travel.
We feature a wide range of infrastructure projects this month. Peter Stanton reflects on Midland Main Line improvements which will allow East Midlands Trains to provide faster and more frequent services, as well as running their first electric trains. Meanwhile Bob Wright reports on the cutting-edge technology used to jack a curved 155-metre-long portal structure under the East Coast Main Line at Werrington. In contrast, Ribblehead viaduct was built by hand in conditions that are unimaginable today. Graeme Bickerdike describes both its construction and the challenges of repairing this historic structure.
The legacy of original railways built without due regard for drainage is highlighted in Grahame Taylor’s feature on four case studies which show the investment needed for a resilient railway. Paul Darlington considers the history of the Crewe Independent Lines and describes how their old signalling is to be renewed to make it ‘digital ready.’ The East Coast Main Line digital signalling programme will remove lineside signals between King’s Cross and Grantham by 2030. Clive Kessell has been speaking to the scheme’s Programme Director to find out what this huge project involves.
A crucial though unseen aspect of digital signalling is the 20-year-old 2G GSM-R radio system which will be supported up to 2030. This will eventually be replaced by the Future Railway Mobile Communication System with 5G technology that offers significant advantages including network slicing. Another unseen railway technology is traction power supervisory systems. We describe the challenges of renewing and enhancing this system on the Docklands Light Railway. With so much interconnected infrastructure, cyber security is a very real problem. We explain what needs to be done and provide a five-by-five matrix for guidance.
Rail freight’s importance has been highlighted by the Covid emergency. As Graham Coombs reports, in contrast to empty passenger trains, freight traffic is at a near-normal level. With fewer passenger trains running, more freight paths are available. This also allows longer freight trains which now don’t need to be put into short loops for passenger trains to pass. Enhancements to accommodate this additional freight traffic are likely to be required when passenger services increase on a post-Covid railway.
One such scheme was the recent work at Southampton to accommodate 775-metre-long trains. In another report, we describe why the Class 93s being acquired by the Rail Operations Group are true mixed-traffic locomotives.
The many and varied infrastructure projects, such as those we describe this month, show that the industry’s project delivery record is not as bad as some might think. Nevertheless, in these challenging times, the industry has to sell itself to its funders.
It doesn’t take more than a few seconds looking at a deserted King’s Cross or New Street to appreciate the effect that the Covid-19 pandemic has had on the passenger rail network.
But what about the rail freight sector? Rail Engineer talked to Network Rail’s interim Freight Director, Charley Wallace, and Head of Strategic Capability, Andy Saunders, to find out what has been going on away from the public view.
Setting the scene, Charley explained that, on the whole, the freight sector is doing well. “While there was a significant impact when Covid-19 first hit, nearly all the traffic has been restored, performance has been consistently high and intermodal traffic has been a great success. We have also been able to take advantage of opportunities presented by reduced passenger train demand on the network.”
Andy went into more detail. “Back in March, we were having a pretty good start to the year before the virus started to hit. One of the first effects was the disappearance of aggregate traffic. With building activity coming to a halt in the first lockdown, the demand from the construction sector just turned off.
“Another obvious effect was the stopping of the aviation fuel flows, such as from Grain to Heathrow, while the decline in new car sales saw automotive traffic reduce.
“Some freight activity continued, such as biomass to Drax power station and removing household waste from major conurbations, but traffic overall was down about 40%.”
By May, things were no longer getting worse and the network started to see demand for intermodal traffic increasing, with the need to get goods up and down the country. The UK is hugely dependent on international trade – especially from the Far East – much of which comes through the container ports and needs to get through to consumers. This continued at a high level throughout and even increased, including the essential and much-publicised supplies of PPE and other medical material.
“We mostly carried additional traffic on existing routes, but one new significant flow appeared,” Andy explained. “Felixstowe Port itself was becoming congested, so some ships were diverted elsewhere, including to Liverpool. Working with GB Railfreight, we were able to set up a new route from there to East Midlands Gateway, the recently-opened terminal near Castle Donington, to get the boxes through to their destinations.
“Another new flow of traffic has been a triangular route between Doncaster, Elderslie (near Glasgow) and Teesport, also operated by GB Railfreight.”
Things improved after the first lockdown ended. “From about June and into the summer, construction activity resumed across most of the country, so the aggregate traffic came back fairly quickly,” Andy continued. “Automotive started moving again and, by about November, we were back to around 97% of normal – only aviation fuel still missing, with flights hugely reduced for the foreseeable future.
“Even going into the new lockdown, most flows of freight were still running well, although we anticipate there may be some reductions in automotive traffic ahead with the depressed new car market.”
But the big change was down to the decline in passenger traffic. With most timetables dramatically reduced, additional pathways became available for freight. More importantly, a long-held desire to run longer trains was achievable. “Clearly, longer trains are more efficient, increase traffic capacity and, at the same time, reduce the cost per box,” Andy explained. “But they take more time entering and leaving terminals and simply do not fit in many of the freight loops where trains are recessed to allow passenger trains past, so take up greater line capacity. And, with something like half-a-mile of train behind you, they can obstruct junctions very easily. So, with less opportunity to recess trains, they have to be carefully timetabled to run straight through yet still fit in with the remaining passenger services.”
“By collaboration with operators and lots of very careful train planning, from about June we were able to increase about a dozen trains a day up to 775 metres in length, each carrying around 12 to 14 extra containers. This is about the limit that we can achieve with one locomotive – adding a second would change the economics dramatically,” Andy continued. “As well as coping with the additional traffic, the slicker train timetabling – with fewer recess stops – also brings environmental benefits, with less power used stopping and starting, and by obviating emissions from idling engines.”
Longer term impacts
With an increase in passenger services in the autumn, some of the lengthened train pathways were curtailed, but there is an aspiration by the freight operators and their customers to get these services in the permanent timetable, according to Andy. “Clearly this depends on the passenger timetable levels of the future, something still very much under discussion. When we know what capacity is there, we will be able to identify not only where we can run longer trains but where there is scope for new services for our customers.”
Asked how the network coped with increased traffic, aside from the lengthened trains, Andy pointed to incremental improvements over the years. “Network Rail identified a Strategic Freight Network some years ago and there has been a continuing series of enhancement projects including local schemes, addressing bottlenecks and generally increasing capacity. We were able to take advantage of these – things like the Ipswich Chord and freight loop lengthening in the Midlands – which all contribute to smooth and efficient operation.”
“One of the big gains from an overall reduction in rail services has been a significant improvement in performance. With fewer services being packed onto an overcrowded network, performance levels have been very good, even after the autumn increase in passenger services. This has been helped by everyone working together – be it Network Rail, operators, end users, local authorities – so, where there have been additional challenges like coping with tight turnarounds for the longer trains, everybody has realised that we need to pull together and put in the effort to make it work.”
Andy added that another side-effect has been that, with resources being used less intensively, more time is available for maintenance. “Despite complications like working practice changes to cope with the need for social distancing, staff have been able to spend more time on maintenance and renewals, which has generally improved asset condition.”
Covid-19 and staff
Did the pandemic affect freight train operations? Andy said not, adding that he can’t recall any occasions when freight services were prevented from operating through staff being sick or self-isolating.
“We did a lot of work on making it safe for staff, providing PPE and looking at working practices. Then we developed a key route strategy for all the freight flows that we needed to run which we shared with the train operators and was well received. By identifying essential resources such as signalling centre and maintenance staff, and undertaking planning to ensure availability of personnel, I cannot remember any occasions when routes or crossings were closed. Regular liaison calls with freight and terminal operators ensured there were no surprises.”
The situation was rather better than on passenger services, where infections and self-isolations caused staff shortages in some areas.
Charley highlighted the differences with the passenger sector: “On the freight side, we were able to have a set of plans to work through to ensure that key staff were available, while the passenger railway had to cope with outbreaks at depots, which were more difficult to handle,” she explained. “The recent wave of new infections is being monitored carefully though, with the new more-virulent form of the disease clearly being a greater threat, and we have regular updates within Network Rail and with industry colleagues to keep a measure on that, as well as daily updates to the Cabinet Office and the Department for Transport.”
Andy pointed out another possible factor: “The freight sector has an advantage in that freight drivers often sign on remotely and operate their train with minimal contact with others, so are not greatly exposed to possible infection. The passenger railway is rather different and there is much more contact, both between staff and with passengers.”
Andy was upbeat about the future: “We do not think that the Covid pandemic has created any lasting damage to the rail freight sector, but what it has done is showed what we can do, which will encourage existing users to do more, or non-rail users to look at how we can help.”
Signs at present are that the previous freight traffics will return once the pandemic is over, with some potential for increased traffic if a diminished passenger timetable permits additional pathways on busy routes. Andy does not think that the experience has called for any specific improvement projects, with Network Rail’s ongoing programme of enhancements to the Strategic Freight Network, although the impact of government-funding reductions has yet to be established.
Further electrification is clearly the biggest elephant in the room. Andy notes that it offers the freight railway significant environmental benefits and carbon gains, and there are some in-fill schemes which make tremendous sense, such as short terminal connections to Trafford Park and London Gateway. He advised that “the freight sector has long had an aspiration to see the route from Felixstowe to Peterborough electrified. We would, of course, be able to make good use of other main-line electrification such as the North-South Spine, but this is a national policy issue and there is a lot of cross-industry work going on as it is a key element of decarbonisation.”
Network Rail published its own Traction Decarbonisation Network Strategy in 2020, responding to the government’s 2050 Zero Carbon target. It calls for electrification of around 13,000 single-track kilometres, together with some use of alternative technologies for passenger services where full electrification is unlikely to be viable. It concluded that electrifying freight services offered significant benefits including faster journeys, improved reliability, greater tonnage and improved network capacity.
Although not related to the Covid pandemic, Andy also commented on Brexit: “Conscious of the problems forecast at the ports for road vehicles, we also did some preparatory planning to cope with any increases in international traffic through the Channel Tunnel. Although this hasn’t happened to date, we will be ready if it does.”
Andy felt that it is the combination of smaller projects that have made the greatest contribution. “Across the network, we have reaped benefits from the incremental improvements we have made over the last decade, and that will continue,” he concluded. “As ever, we need to make the best use of what we have – getting more for less where we can.”
Summing up, Charley stressed Network Rail’s commitment to freight. “During the pandemic crisis, we have certainly shown that active collaboration is the best way forward and delivers results. We want to see more freight on the rails and we will all work together to achieve this.”
In days gone by, activists flattened pylons to forcibly isolate smaller areas from the energy grid. Nowadays it’s hackers – whose motives range from political to purely financial – who are attempting to use digital means to remotely access our critical infrastructure.
The protection engineering and SCADA technology, or the Station Automation System (SAS), belong to the critical infrastructure of utilities. They make an essential contribution to maintaining the energy supply. These infrastructures must therefore be protected against unauthorised access or illogical switching actions that cause disruptions to the energy supply or destruction of equipment.
Andreas Klien, the Product Manager responsible for cyber security products at OMICRON, explains the challenges facing substation operators today.
“To get a better handle on this, we look at the possible attack vectors that might be utilised against the station control and protection technology. How could a hacker or malware get into the substation? Where is the path of least resistance as far as a potential hacker is concerned? What would make their job as easy as possible? This is the first thing an operator has to consider.”
StationGuard, OMICRON’s IDS (Intrusion Detection System), protects these critical infrastructures against almost all conceivable cyber attacks or unauthorised actions. It contains the accumulated know-how from many decades of worldwide engineering work in switchgear, as well as research on IEC 61850 network analysis.
With its unique approach – a combination of cyber security threat monitoring and functional monitoring – StationGuard not only detects unauthorised activity on the substation network, but also identifies problems in the IEC 61850 communication, enabling it to detect different types of malfunctions in the substation to allow a quick response.
To achieve this, StationGuard imports the SCL (Substation Configuration Language) file of the substation to create a complete system model of the automation system and the substation, and then compares each individual network packet with the live system model. This process works without a learning phase and independently through the SCL description, with just a few additional manual inputs.
An essential feature of StationGuard is its ease of use. Its user interface is adapted to the diagrams and terminology in substations and does not use special IT terminology. Therefore, all information is easily understood by protection and control engineers.
As verification of the network traffic contains such a high level of detail, both illegal packet encoding and unauthorised control commands are detected, as well as errors in the sequence numbers and more complex measurements such as message transmission times, or critical states of the IEC 61850 quality bits. StationGuard emits very few false alarms because it knows the typical maintenance operations and considers them in a specialised maintenance mode.
The IDS itself is protected by a secure measured boot chain (via a crypto chip), encryption of data and communication, and a specially hardened Linux operating system. In addition, OMICRON’s StationGuard experts assist users with questions about alarms reported by the IDS. To do this, they can analyse the network recordings of StationGuard to assess whether a potential threat situation exists.
From cyber-secure to cyber smart: why a broader understanding of cyber security is vital to our railway’s resilience.
The safety of our railways is paramount. Yet, as digital technologies transform our networks, our concept of safety must evolve to include cyber security at its core. To maintain cyber security, it’s not enough to have well-designed technologies with state-of-the-art defences. Engineers must be trained, educated and equipped across the industry so that the entire railway ecosystem is secure and safe.
At first it was a futuristic innovation, then it became a bonus – a nice-to-have extra – and now digital connectivity is a fundamental aspect of our transport system. Yet, as the technology races ahead, our thinking lags behind. We’re increasingly dependent on innovation, but it’s still treated as something separate to the core functionality of our networks. Even as our railway is transformed by technologies such as digital signalling, it is still thought of as one issue, and its cyber security as another. In fact, they’re indivisible; when it comes to maintaining services, cyber security is just as crucial as the safeguarding of physical infrastructure.
As our transport system becomes ever more interconnected, the bigger the potential impact of a cyber security event and the more vulnerable our entire railway network becomes.
Simply designing cyber-safe railway systems is no longer enough; the right equipment isn’t sufficient to provide security. As digital technology grows more integral, our focus must shift towards processes and the people who maintain it. Having a robust, cyber-secure railway doesn’t help if too few staff understand how such a system is best operated, maintained and updated. That’s why we need to devote more attention to the people who will be running the railway well after the cyber security consultants have left.
Digital vs dispersal
Since 2018, the Network and Information Systems Regulation (NISR) has placed more responsibility on railway operators for the smooth operation of the network. As the sister regulation of GDPR, the NISR gives authorities the power to fine operators who fail to maintain services as a result of a cyber event. Should lax cyber security lead to a disruption on the railway – for example, through a denial of service attack – the train operators on that network will be liable.
For smaller companies, the cost of becoming cyber-secure is prohibitive; the investment needed to bring cyber defences up to date could well be the difference between making a profit or a loss, or even surviving or going under.
The dispersed nature of the UK’s railway network makes achieving improved cyber security more difficult. In an age of increasing connectivity – where trains, operators and infrastructure systems communicate on seamlessly interconnected networks – a single gap in our cyber security defences could breach the entire digital ecosystem.
Ultimately, in a connected world, you’re only as strong as your weakest link. It’s not enough for the top operators and stock owners to have impressive cyber security – we need to help the whole industry to evolve, for everyone’s sake. A lopsided approach to security could invalidate the efforts of the more advanced operators, leaving the entire industry vulnerable – including passengers.
While the vast majority of cyber security scenarios won’t result in an unsafe railway, they could render it temporarily unavailable. Railway designs will always endeavour to ensure that trains fail safe, but if a service is stopped due to a cyber security event, operators may be liable under NISR, as well as being fined and with angry passengers on their hands. These cases also tend to make headlines, which has a knock-on effect of reputational damage – all from just one cyber security event.
Significant consequences like these can be triggered by minor causes: a personal laptop plugged into the main system or a corrupted memory stick innocently inserted into a secure computer. With hundreds of contractors working on railway assets, it’s easy to see how a lack of awareness among a large and dispersed body of staff could lead to a cyber security event. Unless cyber security skills and awareness can be spread across the industry, these types of incidents will always be a threat.
The term ‘cyber security’ tends to conjure up images of espionage, counterintelligence and futuristic scenarios of intelligent computers wreaking havoc, but the reality is often far simpler. For most companies, worrying about malicious international hacking is irrelevant; much more pressing are the innocent mistakes resulting in the railway’s digital ecosystem being shut down by malware.
Focusing on people, rather than just technology, can help mitigate this risk. That’s why Atkins Cyber Academy was founded to increase cyber capability through the upskilling of graduates and apprentices and to cross-skill existing engineers into Cyber Security practitioners. The industry needs engineers who understand the technical aspects of cyber security as well as the strategic impact of risk.
Tech no more
Even the most robust and cyber-secure technologies must be operated and maintained. No matter how secure its design, the ever-changing digital space means that we need to be continuously maintaining cyber security controls. In a world where these systems are interconnected, who exactly is responsible for their maintenance? Who will pay for it?
As an industry, we need to explore these questions together. Digital signalling systems, for example, should always be built cyber-secure first and foremost, but their continuing security depends on the operators and train companies using the digital ecosystem. They are the ones who will monitor, maintain and operate it, and with digital systems spanning across the boundaries of the railway industry, those organisations must communicate effectively about who’s accountable.
We can’t treat technology and people in isolation. You can’t maintain a secure railway without people who understand how this is done. As a discipline, cyber security is still in its infancy and as yet there are simply too few professionals with the understanding of both railway engineering and cyber security.
This dearth of skills has prompted many operators to buy in cyber security consultants, to make up for this knowledge gap within their organisation. This might be effective in the short term, but cyber security isn’t a one-off that can be addressed with a temporary expedient. Instead, we need to work collaboratively to train railway engineers so that they become conversant in cyber security. Their experience of designing safe railways is invaluable, as is their comprehensive understanding of risk management.
Working with cyber security experts can help engineers to develop a better understanding, enabling them to mitigate risks in their designs and processes, and ultimately helping their organisations become more independent in future. All the railway academies, apprenticeships and graduate schemes need to be teaching cyber security not as a separate consideration but as a core engineering skill, so that our railway engineers intrinsically understand it as part of their basic competency.
The shift to cyber
What we need is nothing short of a major shift in the culture of railway engineering. The world has been transformed by digital technologies and we must recognise how fundamentally we now rely upon them. Our concept of safety must expand in order to be fit for the new world that is rapidly emerging. That means we need more than just a handful of clued-up cyber security specialists – we need the vast majority of engineers to have a solid grasp of the core tenets of cyber security, so that competency spreads throughout our industry.
Hiring experts might be a good short-term solution, but it suggests that cyber security is something you can do once and then forget about. In reality, the nature of digital connectivity means that cyber security isn’t a one-off event; it’s a continuous process and it’s not going away; in fact, it will become more and more critical. There’s no going back to the world of the 1990s or even the early 21st century. Rather than clinging onto old concepts of safety – which treat digital security as an afterthought – we must update it so that the primacy of digital connectivity is taken fully into account. Building up cyber security capabilities – even if that just means having the basics – is more valuable than simply paying someone else to make the problem go away for a while.
In English, the word ‘safety’ is often used synonymously to mean ‘security’. Although they’re not identical, their closeness recognises a fundamental truth: you can’t be safe without addressing security, because safety is underpinned by security. Security is the umbrella; safety is being underneath it. Without proper security, there’s a higher likelihood of a safety event. Without cyber security, a railway could be hacked or be susceptible to malware which compromises its software.
When software is changed by outside influences, its safety can no longer be assured because the software is no longer the same as when it was tested and approved. In a railway safety environment, modified software is unacceptable because such modifications change how it works, potentially compromising the safety of the whole network. Such knock-on effects are made more likely by the interconnectivity of systems, increasing the likelihood and severity of the ensuing safety event.
The more sophisticated our technology, the more of a threat this poses. For example, as we continue to adopt Automatic Train Operation – which connects railway systems, operators, and passengers – from a cyber security perspective there is no boundary between train, infrastructure owners and passengers. Without proper cyber security measures, opening the door to one of these components gives access to the whole network. Such measures must be actively upheld if they are to last. That’s why we need cyber security, embedded not only in our designs but also in our people and the processes they employ to operate, maintain and update them. Otherwise, our railway’s availability will always be vulnerable.
Whole and holistic
Becoming cyber-secure is a big challenge. There aren’t enough skilled cyber security professionals; change is happening fast and the dispersed nature of the UK’s rail ecosystem hinders rapid evolution. The biggest companies and operators must help the whole industry to evolve, otherwise we face a ‘tragedy of the commons’ scenario whereby a precious resource shared by all (in this case, our railway’s security) is improperly protected because no one can agree upon whose responsibility it is.
Everyone knows that safety is paramount; but few have realised just how much safe operational performance depends on cyber security. To safeguard our passengers, the industry as a whole must be at a comparative maturity, so that there are no weak points for a virus to exploit – or to make tempting targets for hackers or general malware.
So cyber security must be considered holistically, as an integral element of the railway’s safety. Only then can we rapidly equip engineers throughout the sector with the skills they need to uphold cyber security after the implementation of new technologies. Things move fast and so we must use the time we have wisely: upskilling our engineers and enabling them to design railways that are fully safe, secure – and fit for the future.
Much continues to be written about cyber security, the threats that exist and the precautionary measures that should be taken. The problem is very real and cyber-attacks take many forms, ranging from critical systems being disabled with implications for safety, through to ransom attacks that demand monetary payments for service to be restored, down to the nerd in the bedroom who finds it fun to use his/her knowledge to get into networks which are supposed to be secure.
At best it is inconvenient; at worst it can put an entire business at risk.
Even now, there is a casual attitude to the threats by some businesses, with a few still believing “it can’t happen to us”. They are wrong, as the correct thinking is “it will happen to us, we just don’t know when or in what form”. Part of the problem is that preventative measures cost money and senior management has a reluctance to spend that money on things they don’t properly understand.
Instead, the cyber security situation is often addressed by in-house IT experts who produce information documents, written in IT-speak that further baffles the directors. A means of making it all simpler would be to the benefit of all.
The rail industry is diverse and cyber intrusions have been noticed in many disciplines. A recent talk given to the Institution of Railway Signal Engineers by Alzbeta Helienek (known as Betty) and Mathijs Arends, both from Ricardo Rail based in Holland, explained a means of making cyber security more understandable to people who need to make decisions on what to do.
Betty also sits on the UK Cyber Security Council so has much wider experience than just the railway and signalling industry.
Cyber security and rail
An opening remark by the IRSE President was salutary; in 1963, the then British Rail experienced the Great Train Robbery, where a mail train from Glasgow to London was ambushed en route with several million pounds being stolen. To stop the train, the gang false-fed a signal to red, having gained some insider knowledge. The incident was reported worldwide and has achieved an element of notoriety. In those days, IT had barely been invented, but it demonstrates what can be achieved by those with intent on malice.
Nowadays, the railway has an interconnected infrastructure to produce efficient operations and needs a geographically wide intelligent device network. Many factors emerge from this, including the all-important safety implications, the opportunities for remote control, predictive maintenance activities and a whole host of economic factors. It introduces the concept of OT (operational technology) to sit alongside the IT (information technology) requirements.
Such a structure will inevitably result in cyber attacks and it begs the question as to whether rail can be insecure but still safe, with the answer being a definite “No”. Incidents can cause the destruction of equipment and risk to lives.
In the past, incidents have occurred in Florida (2003), Poland (2008), Iran (2010) and Germany in 2017, this latter being a ransomware attack on passenger information systems (PIS). Some incidents occur where the affected organisation is not the intended target – the German PIS attack was aimed at the Polish power network. It only emphasises the interconnected nature of data networks globally. Making it all understandable is a real challenge.
Developing the idea
The starting point has to be examination of standards and directives which already exist. As would be expected, there are many of them. At the highest level are the ISO 27000 series, followed by ISA/IEC 62443. The latter is aimed at automation and control systems but is very much IT-expert orientated.
Next are the EU Directives, including GDPR (General Data Protection Regulations), which set out a legal framework for compliance. This has caused much confusion within organisations, big and small, as to the steps needed to comply and the penalties for not doing so.
Then there are national and industrial guidelines, including some produced by the Department for Transport and Network Rail in the UK. Is it small wonder that people are confused by all of this with the risk of ‘eyes glazing over’?
There is a general consensus that the problem has to be progressed in five steps:
Identify > Protect > Detect > Respond > Recover
But this is too bland to be practically understood and OWASP (Open Web Application Security Project) listed the progression in a different manner:
Aimed primarily at focussing on a suitable management structure, this is also considered too technical and is aimed primarily at IT professionals.
Focussing on Rail
Nothing appropriate was found that would be easily applicable to rail engineers and managers. Looking, therefore, at the five-level structure, this needs to take account of:
improvements needed within the organisation covering management and documentation
improvements in scope to recognise the need for greater coverage and better tooling, and
a combination of both these.
This results in:
Recognise the problems
Set out basic principles
Define a strategy
Capture knowledge of what is going on in the network
Produce an active organisation to defend against attack including associated safety risk.
Having got the headings, these now need to be turned into meaningful disciplines and specialisms that can be understood:
People – probably the most vulnerable threat, as this not only includes lax work ethics (careless email activity, computers and CDs left unattended, poor record keeping) but also insider criminal and bribery opportunities;
Risk – training employees to recognise where risks will occur and what to look for will result in a much better appreciation of cyber threats and their impact on safety critical systems;
Technical countermeasures – putting in place technology that can both detect and counteract cyber attacks may make use of proprietary systems, but will often require specialist detection software to be designed;
Integration with Safety – there is often a tension between safety and security interests as the precautionary measures for these may be very different. Safety measures tend to be based on well proven designs to prevent what was always known as ‘wrong side failures’. Security threats are uncontrollable in how they will appear and in what form. The now universal use of solid state interlockings and data-driven distribution of signalling information still creates unease amongst traditional signal engineers and security threats only add to this. The possibility that train services might be adversely affected makes matters worse.
Incident Management – acceptance that no countermeasures will ever be 100% perfect is a pragmatic approach, as attacks will always happen. From this, do not try and build ‘Fort Knox’, but be in a state of readiness to observe a problem and take the appropriate remedial action to minimise or eliminate the impact which may include shutting down systems for a short period of time.
Taking all these factors into account, the adjacent 5×5 matrix has been developed with 25 questions – all of which can be answered ‘Yes’ or ‘No’ – to give a check list on where an organisation is.
Somewhat similar to the well-known risk assessment matrix, it would be possible to score 25 if all answers are ‘Yes’. However, not all organisations will need to have a Yes to every box and a first step might be to decide what is applicable and what is not. A company not engaged in manufacturing or deploying safety-related products or systems may not need to consider these aspects. The most important thing is to have a security training programme in place, as attacks can occur very quickly and need to be picked up straight away.
The matrix has been tested in a few organisations and most have welcomed it. Some responses indicate that there remains work to do – ‘I don’t know where to start’, ‘It seems like a lot of extra work and just adds to the cost’, ‘I put everything in the cloud and they look after it for me’.
To combat this negativity and/or ignorance, organisations are encouraged to try the matrix out as a managerial directive and produce some feedback. This should determine some priorities and where to focus next. Maybe a question to ask is ‘How can I improve security in the next six months or year?’
One question already asked is ‘Can it be applied to projects?’ and of course the answer is ‘Yes’. It is expected that the matrix will go through a number of iterations and will thus be updated from time to time, so any comments, suggestions or criticism would be welcomed by Rail Engineer; we will pass these to the authors.
Remember that, whilst this talk was aimed at a signalling audience, it is equally applicable to rolling stock, operational planning and all other infrastructure elements.
The Docklands Light Railway (DLR) has been a feature of the east side of London for many years now; it’s difficult to remember a time before it. However, the system has expanded considerably since the early days and has evolved to becoming a core part of the Transport for London (TfL) network. As well as stretching its boundaries, the system was integral to the delivery of London’s Olympics in 2012.
The DLR opened in 1987 with 11 twin-car articulated units and 15 passenger stations; the scope is now 45 stations with a significant fleet of two and three-car trains.
The visual impact of those changes has been significant, both in the rolling stock and hardware infrastructure seen by customers, neighbours and stakeholders. This is an electric railway and behind the extra rails that supply the trains is a complex and sophisticated network, taking power from the distribution network operator, transforming and rectifying it to Direct Current at the rail.
This complex and vital part of the rail system requires control over power delivery and, from the earliest days of electric rail traction, this has been supervised. A visit to the Science Museum reminds one that this supervision was originally undertaken by an individual at the supply point who, in the very earliest installations, would open and close circuit breakers and switches by hand, sometimes with a long (insulated!) pole.
As time passed and the delivery became more complex, the system of supply became a network operation and significant advantage was seen in supervising – and controlling – the distribution system from a single point. The process became a remote operation with many distinct remote units being worked and supervised from a central point. Thus was born a comprehensive philosophy of supervision which also allowed the status of the operated points to be observed. From this came the acronym SCADA – Supervisory Control and Data Acquisition.
Over the years, the requirements of systems have become more complex and the demand for feedback on the control and operation of electrical supplies has evolved. From an early and essentially electro-mechanical system has emerged the modern computer-based systems and even the early versions of that philosophy have been overtaken with advances in control systems.
Thus, the SCADA system installed for the Docklands Light Railway has evolved as the railway has advanced and, by 2015, a view emerged that the installation required replacement to allow improved operation and flexibility.
Room to expand
A brief view of the organisation structure within which the DLR operates shows that the railway is managed by Transport for London through its sub-organisation Rail for London, under which is Docklands Light Rail Ltd, owner of the infrastructure and rolling stock. The day-to-day operation of the infrastructure lies in the hands of KeolisAmey Docklands, the contractor responsible for maintenance. Capital renewal items are normally the task of the infrastructure owner, whilst the rolling stock is provided by TfL.
The initial traction power supervision was a GEC system, initially controlled via a mimic panel at Poplar Control Centre. After some time, the equipment was replaced by a system of Transmitton manufacture, based on Poplar Control Centre – Transmitton being a well-known company with a long history of SCADA systems in rail.
This installation had been replaced by a Siemens Cromos arrangement, installed at the time of the addition of the London Olympics. The control room and human/machine interface is still based at Poplar. Further upgrades included the commissioning of a new control room at Beckton which became the master location for the supervisory function. Poplar remained as a secondary location.
Expansion of the railway is being planned for, requiring further flexibility which the new system can deliver. A new extension is being mooted to Thamesmead. By 2018/19, the decision was made to replace the existing system and, to that end – after tendering – Sella Controls Limited was awarded the contract to undertake the works.
The power distribution system would retain the same hardware, the SCADA renewal being focused on the supervisory performance; physical renewals of distribution gear and other remote units emerged as a future separate set of renewals. In terms of electrical distribution layout, the Docklands Light Railway owns the 11kV high-voltage network with around 80 remote terminal units in a ring-main formation. Allowance may be easily made to cover replacements; for instance, ring-main units will be replaced allowing the adoption of remote control of that part of the system.
At the point of decision to undertake major renewal of the supervisory system, an important aspect of the review looked at allowing for future extension and the increased flexibility from a more modern advanced system. A significant influence was the ability for the Poplar and Beckton locations to work, in effect, as one, the Poplar site acting in backup in hot standby conditions. The new arrangements would allow more flexible maintenance tasks using the Poplar location. In addition, extra control functionality was to be taken into account.
Previously, tunnel ventilation had been supervised as well as power supplies, but the system would now be required to overview other plant systems. A further gain has been the ability to take isolations and make safe the conductor rail system securely and remotely, resulting in greatly enhanced safety for trackworkers. The system was also arranged to offer an emergency switch-off protocol.
Keep it familiar
Following appropriate commercial activity, Sella Controls was selected to deliver the replacement supervisory system and, to meet modern and effective protocols, was given ‘early contractor involvement’ conditions, allowing best practice in client/supplier communication. Although Transport for London is the infrastructure owner, KeolisAmey Docklands was allocated the delivery management responsibility and thus an effective partnership was sealed.
The works were undertaken to comply with Transport for London’s delivery processes. The new system was to be capable of instantaneous switchover, yet have the same desktop appearance for control room technicians to recognise, enabling the same architecture and protocols.
Sella Controls was seen to have a solid history and track record, having undertaken the significant task of replacing a Cromos system on the Piccadilly Line. They were thus able to bring that experience to the task in Docklands.
From contract award in 2019, installation was undertaken in an effective and supportive relationship with the client, culminating in final commissioning of the revised system in 2020. The work progressed under the severe challenge of the Covid pandemic which had, of course, been in nobody’s mind during tendering.
Not all commissioning could be undertaken remotely and local physical attendance on site was carefully and vigorously managed to the client’s satisfaction. Acceptance tests were carried out in the light of the new social-distancing requirements and Sella Controls was able to adapt behaviours to that environment. Similarly, KeolisAmey Docklands was also able to adjust to the revised acceptance and approval processes.
The installation also brought new opportunities for operations processes, allowing more robust system management and analysis. The original SCADA system received information in the form of active picture displays (mimics), alarm and event messages, and printed reports; this functionality was successfully retained and achieved the aim that control room technicians would view a familiar interface.
Following successful commissioning and completion, Sella Controls has been able to deliver a robust and enhanced supervisory and control system for this important London railway network, as well as laying the foundations for better operations analysis and effective control, not only of the traction power system but also the other items of plant now under the control of the management centre at Beckton.
It is worth noting the technical specifications of the Sella Controls product. Substation control and automation are enabled via a Tracklink® remote terminal unit or the integration to third-party equipment, control being provided using traditional hardwired I/O or modern substation automation protocols.
The company’s extensive software tools allow interfacing to intelligent switches to monitor network performance. A user will discover key features such as the future-proof design and the advantage of interchangeable modules which can significantly reduce downtime. To aid integration and fitting, the equipment sports flexible compact enclosure design and, overall, helpfully effective maintenance and spares requirements.
The important remote securing capability is provided by integrating Tracklink® or third-party controllers which are installed into specialist negative short-circuit devices enabling electrical sections to be remotely isolated. Once in place, ownership of the isolation is transferred to the Nominated Person and returned on release.
In addition, Tracklink® SCADA can provide full electrical modelling and network management capability. Whilst in ‘Live’ mode, the primary function of the traction power supervisory system is to derive the state of power sections and sub-sections which allows operators to monitor the state of the network using isolation mimics. In the ‘Planning’ mode, the user can test the effect of an isolation, sequences of isolations or individual switching operations – a valuable facility in a developing network.
With thanks to Sella Controls, under the lead of Chris Elliott and Jay Sampat, and KeolisAmey Docklands senior staff Raj Parmar and Steve Bailey, together with Clare Donovan from Public Affairs.
Against the backdrop of the Coronavirus pandemic, there has been a significant decrease in the number of those travelling by public transport, resulting in part from the virus’ impact on passenger confidence.
The number of journeys between April and June 2020 fell by more than 80% compared to the previous year and although this figure will eventually recover, it will take some considerable time for demand to return to pre-pandemic levels. As an industry, we have to take steps now to restore confidence in the railway as a safe, secure and attractive mode of transport, and there are a number of approaches that will enable us to achieve this.
Digital technologies are central to the delivery of both an improved passenger experience and operational performance, with solutions ranging from digital signalling and control systems to telecommunications and integrated passenger information systems. Developing and delivering these technologies are also central to achieving the UK Government’s decarbonisation goals and helping to fight climate change. By investing in digital technology, we will not only be providing attractive, sustainable and low-carbon solutions, but will also create green jobs and drive sustainable growth throughout the country, levelling up Britain’s economy.
Digital signalling and control
The European Train Control System (ETCS) is a perfect example of how the introduction of digital technology can drive a wide range of benefits. An ETCS solution in combination with Automatic Train Operation (ATO) was installed on the technically complex Thameslink Programme, with daily services of trains starting to run using this technology in December 2019. The next major ETCS installation will see the system installed on the East Coast Main Line (ECML). On completion, this will deliver improved reliability and increased capacity to the 20 million passengers that use the line each year.
Designed and installed by Siemens Mobility, the ETCS solution for Thameslink is controlled by a Trackguard Westlock computer-based interlocking with networked trackside objects based on the company’s Trackguard Westrace Trackside Signalling (WTS) system, both of which are developed and manufactured in Britain. The WTS objects are connected together over an IP network. Using trackside optical fibre cables, the IP-network can also support other system communications such as remote condition monitoring, automatic power reconfiguration and axle counter systems.
Using digital radio messages between trackside and train, ETCS improves the performance and safety of the railway, with on-board systems monitoring speed and position continuously, and applying the brakes if a potentially hazardous situation arises.
To achieve the required performance targets for Thameslink, ATO was also introduced, allowing every train to follow an optimum speed/distance profile. Although relatively new to mainline applications, ATO and automatic train protection (ATP) systems have been in successful operation on metros worldwide for many years, with the first application of ATO in the UK being installed on London Underground’s Victoria Line more than 50 years ago.
Through this unique combination of ETCS and ATO, the digital signalling system has – together with associated infrastructure works – unlocked much of the latent capacity that existed on the Thameslink network enabling a service of up to 24 train paths per hour to operate in the core area during peak hours. The solution brought significant passenger benefits, with smoother, more frequent and more reliable journeys.
Thameslink has shown how the use of digital technology can have significant capacity benefits. More trains mean a more convenient service, with more seats and potentially less overcrowding; all directly improving the passenger experience and encouraging a return to public transport.
Improved reliability and passenger information
While ATO provides consistent driving, high-intensity railways also call for traffic management (TM) to improve regulation and minimise the impact of service perturbations, providing information to operators to better assist them in making the hundreds of decisions they face every day. This technology, together with control centre solutions such as Siemens Mobility’s Controlguide Westcad system, not only helps operators gain a fast view of the railway and manage it accordingly, but also delivers more reliable and punctual services for passengers, with improved capacity and better-quality information.
The introduction of ATO represents a vital part of high-capacity timetable implementation and means that every train runs at the optimised speed profile and performs accurate stopping. If the train is early then the driver can await their booked departure time and if the train is late, the driver can depart as soon as it is safe to do so.
These benefits go beyond pure train frequency and energy efficiency. The ETCS/ATO system also helps improve the safe operation of the railway and supports COVID-secure station management, enabling more frequent services to better balance the flow of passengers during peak periods and reduce platform overcrowding due to waiting passengers.
ETCS provides continuous automatic train protection, enabling the train-borne ATO unit to drive the train within the speed and distance limits set by the system. This allows the trains to be safely managed at closer intervals and if the speed or distance limits are exceeded, the system will intervene to stop the train.
Driving performance improvements
Underpinning the smooth operation of the entire railway is the GSM-R cab radio system, which provides a secure platform for voice and data communication. The equipment is essential for the railway’s safe, smooth and efficient operation, ensuring that everyone working on it can communicate whenever necessary.
Now though, the radio is also increasingly being used to enable data to be passed around the railway, creating new opportunities to realise a wide range of benefits. They are capable of being used as a platform for a range of integrated smart applications, including Connected Driver Advisory System (C-DAS) and Train-Borne Condition Monitoring (TBCM) and passenger information.
These additional applications provide support for passengers, drivers, train staff, maintenance teams and operators, and can be inexpensively retrofitted to the 9,000 passenger and freight trains that are already equipped with Siemens Mobility GSM-R cab radios.
Optimising energy usage
For trains that aren’t fitted with ATO, C-DAS supports train drivers in achieving a consistent and economical driving style, enabling Train Operating Companies to implement real-time updates to their timetables as well as speed restrictions and route data to improve train punctuality and continuously optimise line capacity. This leads directly to improved passenger confidence, through enhanced timetable adherence and more accurate and timely passenger information.
C-DAS also optimises energy usage by advising the driver of the speed required to meet timetable requirements. During trials, energy savings of nearly 10% were recorded. The system allows drivers to avoid unnecessary braking and to run at reduced speed while still meeting arrival times, preventing the train arriving needlessly early at a red signal or a station. The system helps operators recover the cost of delay minutes and gives passengers a smoother, less interrupted ride.
Real-time asset management
Train-Borne Condition Monitoring (TBCM) brings a new approach to identifying areas of track that need to be maintained, simply using data collected from in-service trains (equipped with a Siemens Mobility GSM-R cab radio) and enabling the infrastructure to be continuously monitored. This highlights areas where the track is deteriorating and where there is a resultant rough ride for passengers.
As a result, condition monitoring can reliably deliver significant reductions in maintenance and train delay costs, line closures, journey replanning and speed restrictions, helping to improve train safety, railway reliability and passenger comfort.
By digitally harvesting data from across the fleet in real time, TBCM can precisely identify areas of track where maintenance is required and focus the maintainers’ activities on those areas, reducing the time lost due to the imposition of temporary speed restrictions, maintenance costs and damage to trains, and improving overall safety. As well as identifying track defects, if two or more TBCM systems are installed on a train, the system can also detect problems with its suspension or air bags, helping to detect any differences in suspension and provide early detection of potential issues.
Whether it is through increased capacity, reduced station crowding, better reliability, a smoother ride or improved passenger information, digital technologies are providing many benefits which individually deliver an enhanced passenger experience, but collectively are helping to regain confidence in public transport. As an industry, we can learn from the advances in technology across the world and the major improvements in safety, reliability and availability that many railways have seen, and build upon them.
Helen Davis is Director Strategy & Business Development, Rail Infrastructure at Siemens Mobility Limited.