Typically, railway networks sustain a wide range of inherited legacy products. In Great Britain, these include regional variations according to their British Rail heritage.
This can lead to problems and unnecessary costs in managing and maintaining bespoke obsolete assets. Asset managers therefore seek to deploy high quality, high performance systems, and reduce the number of bespoke products by moving towards commercial off-the-shelf (COTS) equipment.
COTS does, however, need careful consideration as equipment designed for another industry or application may not deliver the required safety or performance requirements. This can be especially important for the rail industry, given the harsh vibration, extended operating temperatures and electrical interference characteristics often found lineside and in rolling stock.
Signalling assets are interlocked with one another to prevent conflicting or unsafe train movements. These interlockings range from the earliest mechanical variants, through a variety of electromechanical and electrical relay-based interlockings, up to modern computerised software-controlled systems. A significant number of mechanical and relay-based interlockings are still used in the UK, all requiring regular maintenance and servicing as well as large equipment rooms, which are also a maintenance overhead.
COTS-based programable logic controllers (PLCs) are widely deployed in other manufacturing and control system industries, and it is the policy of Network Rail and other rail operators to introduce a wider supply base of PLCs for signalling, level crossing and rolling stock purposes. It is important that such systems use an open and flexible, but secure, data communication protocol, so as to support any future additional features and configuration.
Old name, new name
A new source of appropriate rail controllers is now available to system integrators following changes to the Hima Group. Hima will now provide rolling stock manufacturers, railway operators and system integrators direct access to its extensive product range and services. Prior to this, the company supported the UK and Ireland through Hima-Sella, which will continue to act as a system integrator under the name Sella Controls, but other integrators will have access to exactly the same products and services.
Hima has doubled in size over the last 10 years and these changes will allow this expansion to continue. Customers in the UK and Ireland will be able to obtain direct access to safety expertise and knowledge, from engineering support and technical services to training, consultation and advice, from the group’s extensive global network.
Operating from over 50 locations worldwide, and with a workforce of approximately 800, Hima systems are used extensively in the oil and gas, chemical, pharmaceutical, power generating, logistics and railway industries with over 35,000 installed safety systems in operation across 80 countries.
HIMax and HIMatrix controllers are proven for use in a variety of railway applications. These include electronic interlockings, level crossings, sensor-monitored door opening systems, electronically controlled anti-slip systems, driver vigilance devices, and remote control safe train movement systems.
Unlike proprietary safety technology, these ‘COTS’ controllers are standardised products but with SIL 4 approval (Safety Integrity Level 4 – the highest level in the International Electrotechnical Commission standard IEC 61508). This enables system integrators, rolling stock manufacturers and railway operators to develop their own SIL 4 applications much more easily. The controllers communicate through open interfaces and use Hima’s standard operating system, offering lower capital and life cycle costs than proprietary technology.
Some suppliers provide both safety and non-safety controllers, with the risk that their smaller volume safety controllers may not receive the same resource and support as the larger parts of their businesses. Hima, however, only supports safety applications and is committed to supporting its products throughout all of their life. All products are developed in-house, including hardware, software and, where appropriate, even electronic components, giving the company total control of its products.
The HIMatrix controller is intended for use in all types of application when maximum availability is required. It is one of the fastest safety systems available, with a basic cycle time of 5ms. The unit is compact and modular with network capability via Ethernet and serial input / output. It can be used as a standalone device or in distributed applications requiring a few inputs and outputs per location.
On the other hand, the HIMax controller is intended for mid-sized to large-scale applications when full redundancy is required. It is a complete modular and flexible system, enabling card-changes, additions and maintenance to be carried out without ever stopping the controller. In control systems, not all applications are equally critical and these controllers enable integrators to determine how redundantly the system should be structured.
At maximum deployment, each input, output, and processor are present four times. Thus, even if three systems should fail, control is still safeguarded. The system can also be structured with physical separation to protect against common-cause failures. If, for example, a fire breaks out in one control room, a second system in a different room can continue to provide service seamlessly.
Both the HIMax and HIMatrix safety controllers are vibration and shock resistant, fulfilling the requirements of EN 61373 Category 1 Class B, and are fully certified by TÜV.
The systems are programmed and configured using the Hima SILworX engineering tool. This uses an easy-to-use drag and drop intuitive interface to manage and configure the controllers as well as remote input/output systems. Error diagnostics, using the same interface, result in fewer user errors and faster engineering, enabling integrators to commission safety systems more quickly and adapt to new requirements as required.
More and more control systems are built to work over a distributed open communications network. To comply with the highest safety standards, both the control system and the data transmission protocol must both be secure. Hima has therefore developed safeethernet, a transmission protocol based on standard Ethernet infrastructure which fulfils all industry requirements, including SIL 4.
Industrial safety control systems are more at risk than ever before. Just a few years ago, it was enough for systems just to be functionally safe. However, control systems now have to be protected against cyber attacks as hackers can exploit any weaknesses in security, potentially putting safety systems at risk of serious damage by unauthorised remote manipulation.
International standard IEC 62443 requires separate network levels with defined transitions (conduits). All Hima solutions comply with this requirement and so protect systems against cyber-attacks in all important areas, including hardware, operating systems, networks, and engineering. The defences are continually monitored, tested and updated against new threats as they are identified.
With Hima now operating direct from the German factory into the UK and Ireland, other system integrators will have access to a proven range of cost-effective, easily programmable and flexible system controllers that are all produced in Germany to rigorous reliability, safety and security standards.
This article was written by Paul Darlington