PART 1, THE CASE FOR SYSTEM SAFETY: Industry 4.0 (also known as the Fourth Industrial Revolution) is a reality. Railroads, including their partners in the transportation supply chain, are at the beginning of their journey to establishing true end-to-end digital continuity. For example: Industrial Internet of Things (IIoT); Positive Train Control (PTC) and Enhanced Train Control (ETC); and AI (artificial intelligence)-based automation such as expanding autonomous inspection to include predictive analytics for track data. How do we know that these solutions and systems are safe and that there are no lurking issues? How do we know that the integration of multiple components from vendors, partners, and even from within meet safety objectives? How do we know if safety integrity is preserved after a change is made? How do we shift the paradigm where safety moves from a cost center to a value-added business driver? In Part I, we make the case for system safety as the necessary discipline for railroads to embed as they move forward in innovating and advancing in the 21st century.
For generations, the railroad industry has taken safety to heart and is justifiably proud of this. Safety engagement is one of the key means by which railroaders relate, watch out for and protect each other. However, there are historically unresolved safety issues that keep perpetuating. Derailments and collisions related to engineering infrastructure, mechanics of rolling stock and human factors are common examples.
Is the railroad industry in North America, and worldwide, going far enough in terms of safety in these modern times? The digital world continuously demands integration of systems and solutions, yet it is unforgiving to incomplete, inaccurate, incongruent and incohesive requirements, specifications, designs, implementations and operations.
In the U.S., federal law carried out by the Federal Railroad Administration (FRA) mandated Positive Train Control (PTC) as a means for rail transportation safety improvement, with all the decreed railroads, freight and passenger, to have PTC activated by the end of 2020. PTC deployment, touted as the largest Industrial Internet of Things (IIoT) initiative in North America, introduced a new technological disruption to railroading that included integration of many mission- and safety-critical systems. Yet “system safety,” as a formal practice, is in the very early stages in the rail industry, and across the collective end-to-end transportation supply chain.
Both Canada (in 2015) and the U.S. (in 2020) wisely declared amendments and final rules to improve the safety culture in the railroad and transportation industries. Their current extent is focused on safety management systems, which is a necessary component. Although the need for a Risk Reduction Program is required in the freight industry, it needs to be implemented across the board to support a positive safety culture to embrace the digital transformation. This is something that has been in place in other safety-critical industries such as defense and aviation for several decades.
A new perspective is required, as demands for safety today and in the future are no longer satisfied with incremental extensions of existing work. Rather, innovative approaches, ranging from new safety conceptual models to solution approaches, are needed when dealing with new technologies such as software and artificial intelligence (AI). A shift from traditional non-systems or piecemeal approaches to interoperable systems is required.
“Safety just for safety’s sake
is no longer viable”
While the railroads are responsible for safeguarding and improving their safety performance, they are also required to rise to the challenge of following new regulations while running their businesses. A new perspective on system safety is required for all members of the transportation ecosystem, with a platform and philosophy for it. By using methodologies in systems and lean process engineering, as well as organizational behavior, “system safety” can be effectively embedded, with a means to reduce implementation risk, accelerate time-to-value realization, improve safety performance and grow cultural and capability maturity at a healthy and sustainable pace. What is more, applying entrepreneurship and business precision approaches will enable the paradigm shift for safety to move from a business cost center to a value-added business driver.
Safety just for safety’s sake is no longer viable. Overlaying and managing digital initiatives using standing safety practices is no longer sufficient and is too much for one to manage. Instead, “system safety” would drive business cases for automation and leverage to the next level of operational efficiencies and effectiveness. “System safety” as a mechanism allows the compounding complexity and increasing volume and speed of change imposed on the railroad industry, either by regulation or by internal growth or by competitors, to be managed from a safety perspective. As a result, customer service is provided more reliably, predictably, effectively and of course, safely. Overall, this is a high-gain approach for delivering sustainable financial results, while building reputational equity.
WHAT IS SYSTEM SAFETY?
“Safety” is an often-used term that is loaded with meaning and consequently littered with ambiguities. Fundamentally, safety is the condition of being safe from undergoing or causing hurt, injury or loss.
The premise of system safety is one of synergy: A whole is more than the sum of its parts. System safety requires a risk-based strategy centered on identifying and analyzing hazards, and applying remedies using a systems-based approach. This differs from traditional safety strategies that rely on the results of accident investigations or epidemiological analysis. The systems-based approach to safety requires the application of scientific, technical and managerial skills to hazard identification, hazard analysis, and elimination, control or management of hazards throughout the lifecycle of the system. Hazards analysis is systematically done at many levels (for example, functional, operating, sustaining, requirements, system, subsystem and component) and where all levels are integrated for full end-to-end traceability.
“The premise of system
safety is one of synergy”
Most systems today are part of a “system of systems,” even if they are not explicitly recognized as such. In a system of systems, a collection of task-oriented or dedicated systems combine their resources and capabilities to create a new, more complex system that offers more functionality and performance than the sum of its parts. Positive Train Control (PTC) is one example.
Operationally, a railroad acts as a system of systems during its daily operations to bring together a mix of systems for operations to meet mission objectives. From a development and acquisition standpoint, however, railroads have focused on independent systems. Most transportation systems were created and then evolved without explicit systems engineering at the system of systems level.
From a system safety perspective, considerations need to be applied at the system of systems level. When it comes to interoperability, more emphasis on system of systems is needed, given the relationships among what were previously considered independent systems.
Figure 1 shows simplified system/subsystem/system of system relationships. Each system (for example, locomotive, trackside signals, GPS satellite, etc.) must not only operate individually to provide the needed functionalities but must interface with each other or be interoperable with several other systems. To achieve an acceptable level of safe interoperability, such systems must be engineered for safe operations and evaluated in the system of system context. The same philosophy applies to subsystems that constitute a system. For example, a faulty coupler component failing to engage on a car at the subsystem level could result in a train system separation, which at the subsystem or train system level is not an immediate safety concern. However, in the system of system context, the effect of the coupler failing to engage is catastrophic when a set of preconditions is satisfied. For example: The train is climbing a grade, absence of spring brakes for emergency braking, or failure of associated rail procedural mitigations. The coupling failure could initiate the cars rolling and colliding with a stationary or moving train or result in a derailment.
The system safety goal is to eliminate or reduce the probability of mishaps at various levels of the relationship between elements, subsystem, system, and system of systems. As depicted in Figure 1, when two systems, for example, Locomotive A and Locomotive B (or more) operate on a common rail network, it is the rail operator’s duty to ensure that adequate train separation is maintained at all times. Similarly, it is the obligation of each system and subsystem supplier to ensure that their system or portion incorporates fail-safe design methods to ensure that acceptable levels of safety are part of the system design.
HOLISTIC SAFETY FRAMEWORK
Figure 2 lays out a holistic view of safety. This universal model can be applied to a company, major business units within a company, and across an ecosystem of companies and partnerships.
From a business management perspective, safety objectives are defined by regulatory requirements, and shaped by various inputs such as the competitive landscape, customer needs, market forces and business goals. In Figure 2, the Safety Management System (SMS) is the platform for monitoring and managing the performance of the safety objectives. SMS is used in commuter rail and Canadian freight rail, and was introduced in 2020 by the FRA through its risk reduction program. Other industries such as aviation, petroleum, chemical and electricity generation also use SMS, or other such forms of process management control systems tailored to safety. Typically, companies (or business units, or ecosystems) with higher integration levels of management practices would also have an Integrated Management System (IMS) in place as shown in Figure 2. Rather than having individual management systems operating in silos (for example, safety, information security, quality, compliance, environment, enterprise resource planning, etc.), the company can be managed more effectively and efficiently using joined-up thinking, better aligned business objectives and KPIs, and simpler audit models. System safety performance is overseen by the SMS.
CURRENT STATUS OF RAIL SAFETY
North American railroads have recognized the importance of improving safety as far back as the 1880s, where a small group of railroad regulators, workers and managers began the campaign for the development of better brakes and couplers for freight cars, which the United States Congress finally responded to by passing the 1983 Safety Appliance Act. In May 2015, Transport Canada (TC) took measures to enhance the safety of Canadian railroads through the Transportation Modernization Act, and amendments to the Railway Safety Act. In February 2020, the FRA issued the Risk Reduction Program Final Rule. On-going, U.S. railroads have implemented the first wave of Positive Train Control (PTC) and are gearing up for the next waves, while Canada is undergoing the discernment process for Enhanced Train Control (ETC).
Even though regulators are establishing safety minimums, railroads are innovatively working at piecemeal safety measures (for example, autonomous track inspection, on-track safety procedures, personal protective equipment, PTC/ETC) for improving their respective safety performance. Individual railroads are looking after their interests, spending time and effort lobbying the FRA/TC for exceptions and trials. The political climate in the U.S. is litigious-based, whereas in Canada it allows for more forgiveness and lesson-learning. Nonetheless, there is opportunity for improvement on all fronts to genuinely enhance railroad safety performance.
Setting aside the politically related challenges, freight railroads today are in the early stages of comprehensive system safety management, as mandated by regulators. Canadian railroads are currently engaged in their SMS implementations as of the TC amendment in 2018. The U.S., however, is just introducing SMS. Regardless, we caution the railroads not to solely rely on SMS for safety risk management, as it can provide a false sense of security.
As a demonstrated functional discipline, system safety is incomplete in the North American freight railroad industry.
NEW TECHNOLOGY DEMANDS SYSTEM SAFETY
As advanced technology becomes more and more prevalent, the urgency for integrating it into systems increases. When introducing new technologies, their integration with existing layered solutions, which include safety measures, becomes tricky. With the rapid speed of change, the influx of new things to learn and the unrelenting pressure to deliver more with less, current safety practices can become inadequate, and safety solutions often end up incomplete and not fully integrated.
Even though safety is a first and foremost priority, it needs more support in business plans. The temptation to only implement reactive fixes only compounds the safety conundrum and adds confusion. Safety must be designed upfront and built into all layers of hardware, software, systems and processes (including real-time operations). The digital world is unforgiving to incomplete, inaccurate, incongruent and incohesive requirements, specifications, designs, implementations and operations.
These collaborations must include rail system operators (for example, rail traffic controllers, locomotive engineers, track maintainers, etc.) and system safety practitioners (for example, system safety engineers) jointly identifying safety related operations and improvements as well as operational safety constraints. As well, railroads must work closely with their suppliers and contractors to ensure that the products and services they purchase meet system safety requirements when integrated into their own systems and operations. The safety improvements become derived safety functions for existing or newly defined systems. The safety functions replace existing procedural mitigation to achieve higher levels of safety and reduce the operator workload.
To prevent introducing safety-significant anomalies in current and future transportation systems, the system safety approach is the surest and lowest-risk path. Traditional safety approaches alone no longer meet the new demand.
Stay tuned: In Part II, we will present our approach on how to implement system safety as a value-added business driver.
This article is based on the novella-sized white paper, “System Safety as a Value-Added Business Driver: The Evolution of Railroading in the Eras of Technology and Innovation.” Whitepaper: The BOT Consulting Group Inc., CMTIGroup Inc., S.D. Bot, and T. Zenga. July 2020.
Sonia Bot, chief executive of The BOT Consulting Group Inc., has played key roles in the inception and delivery of several strategic businesses and transformations in technology, media, and telecommunications companies worldwide. By utilizing methodologies in entrepreneurship, business precision, Lean Six Sigma, systems and process engineering, and organizational behavior she’s enabled organizations to deliver breakthrough results along with providing them a foundation to continue to excel. She was instrumental in PTC implementation on CN’s U.S. lines. Her approaches on the evolution of railroading and transportation are game changers that drive innovation and competitive advantage for adopters in a changing industry. Sonia can be reached at [email protected].
Tony Zenga, owner of CMTIGroup Inc., is an accomplished specialty engineering consultant with international experience in operational reliability and safety for mission critical systems. He has played key roles in the implementation of System Safety engineering programs for aerospace, defence, high tech, mass transit and rail infrastructure projects worldwide. By leveraging on his design and development experience of large-scale safety-critical systems, combined with his systems engineering knowledge, he enables organizations to deploy their systems safely into field operation. As advisor to CN, he was instrumental in the development of the PTC system safety engineering safety case and the creation of the system safety engineering discipline. Tony can be reached at [email protected].