Designed-in Logic to Ensure Safety of Integration and Field Engineering of Large Scale CBTC Systems

摘要

This paper discusses the necessity and challenges for suppliers of mass transportation signaling systems to design extra safety features on top of modern signaling systems’ operational safety properties to support safe integration and migration (i.e. cut-over transition) during field implementation. Suppliers traditionally focus on designing a system to be safe for delivering advanced operation functions and leave the field engineering safety to be managed through procedures. However, with increases of complexity associated with various field integration and migration scenarios as required by customers or enforced by field engineering environments, the stepwise integration and migration of a signaling system itself can raise new hazards, which cannot easily be managed by procedures. There are additional safety challenges in a re-signaling project during migration from the existing legacy system. Thus, this paper suggests that the system’s design should have designed-in safety mechanisms to ensure the safety of not only the future operation, but also the field integration and migration. Specifically, it highlights the significance of identifying hazard conditions associated with interactions between the many controllers and devices at each step of system integration and migrations. It then discusses how to manage challenges of designing safety logic to mitigate these field migration hazards.