Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
SETTING THE STAGE FOR FUTURE MOBILITY« Aller vite… mais avec des aspects
techniques solides »
Prof. Dr.-Ing. Marc ANTONI
Rail System Director
2« Aller vite… mais avec des aspects techniques solides »
• Part 1 – Asset Management in general
• Part 2 – Modelling HSL Assets for Asset Management
• Part 3 – Safety & Security : Cyber issues
3
Part 1 – Asset Management in général
4
L A W
Product-related
standards
Process-related
standards
• Products
• Sub-System
• Industrialisation
• Operation
• Maintenance
• Integration
• High speed
• Freight
• Asset Management
• Safety/Security
• Organisation
“Operator” responsible for the
system and the services”Manufacturer” responsible
for the products
Binding
Not binding
System vision
Asset
Management
or volontary
binding for the
members
Standardisation: Complementarity within the EUAR-ESO-UIC trio Regulation vs. Norms vs. Standards and requirements
5
1 – Asset Management / Railways
Year-15 Year
Network
strategy
Requirement
analysis
Production
Asset Management system
A perfect coherent system vision:
performance requirement for assets definition, the conditions of use and the
work to be carried out
6
1 – Asset Management / Railways
Asset Management system
Network
strategy
Axes
StrategiesGPMR, SNIT, contrat de
performance, …
Axes, Objectifs
performances par axe
Work
planning by
axes
Portefeuilles travaux & planification
entretien par axe
Project
Realisation
Ensemble des travaux réalisées
Constats performances,
état du réseau
Operation
Réticulaire consolidé
Trame 24h
Règles d’exploitation
Service annuel
Circulations
Constats performancesTimetable
planification
Commandes stratégiques d’axe
Règles de maintenance
Politiques produit
Règles de conception
Asset
Managemen
t Strategies
by axes
Règles d’exploitation
Par axe
Operation
strategies by
axes
Operation
strategies
Asset
Managemen
t strategies
Stratégies de financements,
RH, Système d’information…
Ressource
strategies
PROSPECTIVE PRESCRIPTION OPERATIONAL
A perfect coherent system vision:
7
1 – Asset Management / Railways
Etude des modes d’exploitation et
d’évolution du réseau
Etude des modes d’exploitation et
d’évolution de l’axe
Programmation stratégique / axe
Objectifs du réseau ferroviaire Stratégies d’axes
Stratégie d’actifs Stratégie d’actifs par axe Réalisation des travaux
5 – 1 ans 1 an15 - 10 ans15 - 10 ans 10 - 5 ans
IN 08013 – V02 projet (18/01/18)
Document propriété de SNCF RESEAU
15 - 10 ans
Portefeuille travaux par axe et ligne régionale à 1 an
Affinement Besoins capacitairesCoûts estimés, ressources
Objectifs de performance/axe
Emergence
maintenance
Processus Décisionnel discret avec 6 points de
validation
Décisions de mises à jour stratégies d’actifs / nouvelles études
Proposition d’évolution des objectifs axes et de développement de l’axe
………...
Réalisation de l’entretien et des
investissements
Contrat de performance
GPMR & feuille de route
Besoins travaux correctifs moyen / long terme terme
Répartition de capacités
Gestion des projets d’investissement
Réa
lisa
tion
des
Pre
scrip
tions
de
ma
inte
nan
ce
Cadrage
capacitaire
long terme
Elaboration des objectifs long terme
par axe
Données sur actifs
Indicateursperformances réseau
Principesd’exploitation
Principesproduits
Principes Processusindustriels
Expressions de besoins de développement de produits, systèmes, , processus industriels
Planification (portefeuille travaux)
Gestion approvisionnements & logistique
Stratégie système
ferroviaire
Pilotage de la robustesse et de la performance
Contributionstous métiers
Commande
production/
établissement
Allocation budgétaire et contrôle de gestion
Connaissance du
patrimoine
Données de sollicitation du réseau
Réalisation des prescript ions d’exploitat ion par axe
Conception et adaptation du service
Gestion opérationnelle des circulations
Livrables
Politiques de renouvellement & référentiel entretien
Commande stratégique pluriannuelle développement & maintenance & exploitation par axe & segment
Portefeuilleopérations FIR 5 ansSchémas
capacitaires
Données sur les actifs
Portefeuillebudgétisé
PortefeuillePrécisé V1
Portefeuille précisé V2
Portefeuillevalidé
Portefeuilleopérationnel
Emergence
développement
Commande de production à 3 ans /
établissement
Portefeuille prévisionnel
Planification
par axe
Planification prévisionnelle
Planifications pré-opérationnelle et opérationnelle
1
2
3 6
11
7
8
9
10
12
14
13
22
23
25
Elaboration des
objectifs long
terme du réseau5
Stratégie de
maintenance par
domaine19
Indicateurssur actifs
18
Planification par axe
Processus de bouclage (REX)
Stratégie d’exploitation Stratégie d’exploitation par axe ExploitationConstruction de l’horaire
Besoins d’adaptation (consignes de
conception / structuration de l’axe)
Besoins d’adaptation (consignes de conception / structuration du réseau)
Référentiel d’exploitation du réseau & axes
Contributionstous métiers
Macro-processus asset management
Réa
lisa
tion
des
Pre
scrip
tions
de
conc
ep
tion
16
Ge
stio
n du
cyc
le d
e vi
e
pro
du
it
4 Référentiel conception
Politiques produits
Référentiel d’entretien
Schémas de ressources
Affection des MOA / projet d’investissement
Eléments de cadrage capacitaire à long terme
Gestion des emplois et des compétences
Stratégie industrielle
Stratégie de partenariats / achats / etc
Stratégie de financement
Stratégie GPEC & externalisation
Stratégie système informatisés, moyens industriels, externalisation des travaux….
17
Stratégie de moyens
Nouveauxproduits
0
1 2
3 4
5
24
26
Plan d’exploitation de l’axe de référence long terme,(inclus trame horaire 2h, graphique espace-temps et GOV & vérification de la robustesse)
27
28
29
Commercialisation15
8
11
Plan d’exploitation final (inclus graphique horaire
Sillons tracés
Réalisation des prescript ions d’exploitat ion du réseau
5
Modes d’exploitation du réseau Mode d’exploitation de
l’axe
Target MACRO-PROCESS for:
✓ PROSPECTIVE
✓ PRESCRIPTION
✓ OPERATIONAL
8
Network Objectives
Objectives by corridor
Asset Knowledge, Asset
performances, Return of
experiences
Measured network
performances by
subsystem « customer
vision »
ASSET MANAGEMENT STRATEGIES
INTEGRATION OF TECHNICAL NEEDS
Product policies,
Technology policies
Design specification /
maintenance /operation
Different investment &
maintenance policies
Resource strategies
OPERATION
STRATEGIES
ASSET
MANAGEMENT
STRATEGIES
1 – Asset Management / Railways
9
Model-
based
predictive
Maintenance
and
advanced
data analysis
Conditional
Maintenance
Based on
statements or
measures
revealing a
degradation
Preventative
Maintenance
Based on
calendar
concepts or
use unitsCorrective
maintenan-
ce
1 – Asset Management / Railways
0
0,005
0,01
0,015
0,02
0,025
0,03
0,035
0,04
0,045
0,05
0 100 200 300 400 500 600
Tau
x c
um
ulé
de d
éfa
illa
nce -
H(t
)
TBC (Mt)
H(t) empirique toutes LN
H(t) estimée toutes LN
Demi Aiguillage LGV
0
0,05
0,1
0,15
0,2
0,25
0,3
0 50 100 150 200 250 300 350
Demi aiguillage Beton
Demi aiguillage Bois
Coûts de maintien de la géométrie (yc surveillance)
sur voie ballastée LGV
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
10000
0 50 100 150 200 250 300 350
Voie Gr2 Sans Meulage
Voie Gr2 Avec Meulage Préventif
Predictive maintenance goes
through processing and
cross-data. This is our
number one challenge.
→ Part 2 for HSL
from digital to asset Management
10
State of the patrimony of the
axis/corridors
Emergences Asset Performances
Commands Strategic
axis:
• Circulable capacity
• Object works framed to
achieve
• Performance schedule to be
achieved
• Resource plans
Refined means strategies
Estimation of the maintenance
needs
ASSET
MANAGEMENT
STRATEGIES
OPERATION
STRATEGIES
Network Objectives
Objectives by axis
Measured network
performances/
subsystem
« customer vision
Product policies, Technology
policies
Design/maintenance/operating
requirements
Differentiated Investment &
Maintenance policies means
strategies
Estimation of the maintenance
needs and costs
300 €
320 €
340 €
360 €
380 €
400 €
420 €
440 €
2005 2010 2015 2020 2025 2030
Millio
ns
Entr. Ss Renouv
Scénario de base
Variante 1 (+50%2-4)
Variante 2 (+50%5-6)
Variante 3 (+100%5-6)
Variante 4 (base prolongé)
Entr. Renouv à date (<1000km/an)
1 – Asset Management / Railways
ASSET MANAGEMENT
INTEGRATION OF WORK NEEDS
11
2 – Asset Management /value-based approach
Contribution of a corridor or line to enhance the value of the
network
The value of a line brought to the network can be expressed by different
considerations:
• Commercial performance (performance from the customer's point of
view): passenger traffic, freight traffic, travel time, Traffic flow, regularity,
Incident recovery time…
• Strategic performance (functions provided by the line): contribution to the
resilience of the network (alternative route function), contribution to the
economy of the territory, contribution to the interoperability of the network,
etc.
• Revenue: tolls collected / train route
12
Asset StrategiesAxes strategy
Decision on network piorities
(performance contract)
National network
rank 1*
National network
rank 2*
Local lines*
10-year evaluation of
sustainability / business /
performance needs
Definition of possible technical
responses (CAPEX / OPEX)
Sustainable axes / Traffic increase
or maintenance / Performance
requirements / Important revenues
Network strategy
Long-term axes / Traffic increase
or maintenance / Performance
requirement
Axes with low traffic / low traffic &
decreasing
Axes with uncertain traffic
prospects or not guaranteeing
certain economic criteria **
Renewals to ensure safety and
increase performance
requirements
Modernizations
New offers
A-1
0
Adapted maintenance (renewal /
maintenance mix) to ensure safety
& security to control performance
or performance decline
Modernizations
(subject to an economic model)
Permanent lines / Increased traffic
/ Performance requirement
Long-term lines with stability or
even reduction in traffic
Adapted maintenance (renewal /
maintenance mix) to ensure safety
or renewals & developments if
CPER financing
Maintenance adapted to ensure
safety & lower performance ***
2 – Asset Management / value-based approach
Futureless lines
Maintenance or adapted renewal
submitted to CPER to ensure
safety & reduced performance
OPTIMAL
MAINTENANCE
ADAPTATED
MAINTENANCE
LIMITED
MAINTENANCE
FOR SAFETY
Value structuration
13
Scénarios alternatifs (mixtes investissements & entretien)
1. Maintien de la sécurité
2. Disponibilité
budgétaire
3. Rationalisation
opérationnelle
Scénarios alternatifs (mixtes investissements & entretien)
1. Maintien de la sécurité
2. Disponibilité
budgétaire
3. Rationalisation
opérationnelle
Scénarios alternatifs (mixtes investissements & entretien)
1. Maintien de la sécurité
2. Disponibilité
budgétaire
3. Rationalisation
opérationnelle
2 – Asset Management / value-based approach
Global renewal
scenario
Global renewal
Alternative
maintenance
scenarios (mix Investment &
maintenance)
Lig
ht
ren
ew
al
Lim
ite
d r
ene
wal fo
r safe
ty
Global renewal: one-time renewal
Light renewal: smooth renewal and minimization of performance degradation related to the asset safety
Safe renewal: smooth renewal of the line to protect against security risks
Appropriate maintenancePRINCIPLES
14
SCENARIOS
20
20
20
21
20
22
20
23
20
24
20
25
20
26
20
27
20
28
20
29
20
30
20
31
20
32
20
33
20
34
20
35
20
36
20
37
20
38
20
39
20
40
20
41
20
42
20
43
régé globale 11 chantiers
régé allégée43 chantiers
49 interventions
régé sécurité69 chantiers
75 interventions
Cumulative% of renewal units realized
Appropriate maintenanceExample with different maintenance scenarios
Global regeneration (11 sites)
Lightened regeneration (43 yards,
49 maintenance operations)
Safety Regeneration (69 worksites,
75 maintenance operations)
2 – Asset Management / value-based approach
15
2 – Asset Management / value-based approach
x
Appropriate maintenance / EXAMPLE: SOCIO-ECONOMIC issues –
Relation with global renewal - Focus on key balance statement
VAN actualisées à 4,5% en
2019 (M€)
Capacity
ImpactCAPEX OPEX RU IM TOTAL
Variations De 0,2 à 1,9 +/- 10% De 1 à 3
Reduced Regeneration 1 -16 +17 -19 - -
Reduced Regeneration 2 +18 +16 -19 + +
Reduced Regeneration 3 +2 -13 -19 - -
Reduced Regeneration 4 -12 +24 -19 - +
Safety Regeneration -21 +25 -24 - -
16
3 – Towards a governance within an axis vision
REALISATION D’UNE
EMERGENCE
REALISATION D’UNE
EMERGENCEPROGRAMMATIC
ORDER
DEVELOPMENT
PV
1
PV
2
PV
3
PV
4
Authorization to
initiate an
emergence
Approval of
completeness and
consistency
Approval of a
programmatic
scenario
Approval of a
strategic order
PLANIFICATION
PV
5
Approval of a
production order
DEVELOPMENT
OBJECTIVES/ AXE
PV
0
Approval
of the axis
strategy
axis strategy
Stratégies d’axes
OPERATION
ASSET MANAGEMENT Work planning by axis
Timetable Planification
strategic order
Objets
travaux
Expression
of needsScénarios
associés à mode
d’exploitation cible
EMERGENCE
production order
Decision-making process in a railway axis vision
17
Part 2 – Modeling HSL Assets for Asset Management
18
Three steps (example for track) :
3 – Tools for LCC calculation at the national or route levels, including environmental effects, track
possession and unavailability costs…
2 – Tools for the estimation of maintenance needs of the track
(with different renewal strategies)
1 – Work of the deterioration and failure laws
of each the track components
1 - Modelling for Infrastructure Management after conception engineering
19
After 30 years of operations and 650MT with V300, more
than ¾ of rails of LN1 are original. The last rails were
replaced in 2018…
• Failure laws of rails :- lifespan of the rails on a ballasted HSL is about 400MT with 3% of cumulative defects, 700MT with 6%- the parameters of these laws are sensitive to track topology and aggressiveness of the rolling stock
MT
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
20
After 30 years of exploitation and 650MT with V300,
more ¾ of rails of LN1 are of origin. The last rails
must be replaced 2018…
• Failure laws of rails :- lifespan of the rails on a ballasted HSL is about 400MT with 3% of cumulative defects, 700MT with 6%- the parameters of these laws are sensitive to track topology and aggressiveness of the rolling stock
The failure rate can grow more quickly if the rolling
stock has an important rate of “slippage” (20% for some
materials)
MT
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
21
0
0,005
0,01
0,015
0,02
0,025
0,03
0,035
0,04
0,045
0,05
0 100 200 300 400 500 600
Tau
x c
um
ulé
de d
éfa
illa
nce -
H(t
)
TBC (Mt)
H(t) empirique toutes LN
H(t) estimée toutes LN
Step 1: Lifespan of the components (ballasted HSL)
• Failure laws of
aluminothermy welding:
- lifespan of a weld on
ballasted HSL is about
400MT with 3% of
cumulative defects
[even without preventive
grinding]
MT
1 - Modelling for Infrastructure Management after conception engineering
22
• Failure laws of manganese or movable frogs:- lifespan of these components is longer on wooden sleepers then on concrete ones - the parameters of these laws are sensitive to the aggressiveness of the rolling stock
MT
Cœur à Pointe Fixe LGV
0
0,05
0,1
0,15
0,2
0,25
0,3
0 50 100 150 200 250 300 350
Cœur Pointe Fixe Béton
Cœur Pointe Fixe Bois
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
23
• Failure laws of manganese or movable frogs:- lifespan of these components is longer on wooden sleepers then on concrete ones - the parameters of these laws are sensitive to the aggressiveness of the rolling stock
MT
Cœur à Pointe Fixe LGV
0
0,05
0,1
0,15
0,2
0,25
0,3
0 50 100 150 200 250 300 350
Cœur Pointe Fixe Béton
Cœur Pointe Fixe Bois
Cœur à Pointe Mobile LGV
0
0,05
0,1
0,15
0,2
0,25
0,3
0 50 100 150 200 250 300 350
Cœur Pointe Mobile Béton
Cœur Pointe Mobile Bois
Step 1: Lifespan of the components (ballasted HSL)
MT
1 - Modelling for Infrastructure Management after conception engineering
24
• Failure laws of switch half switch set:- lifespan of these components is longer on wood sleepers then on concrete ones - the parameters of these laws are sensitive to the aggressiveness of the rolling stock and the hardness of the track
Demi Aiguillage LGV
0
0,05
0,1
0,15
0,2
0,25
0,3
0 50 100 150 200 250 300 350
Demi aiguillage Beton
Demi aiguillage Bois
MT
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
25
−+= 128,0)Im( 5
N
bakN
• Geometry degradation laws:- lifespan of the ballast, without sand-gravel mix bitumen or PAD, is approximately 25 years on HSL (>300)- this lifespan will be much higher with sand-gravel mix bitumen and/or PAD - maintenance needs follow Cochet-Maumy laws
The parameters of these laws depend
on grinding, the type of rolling stock,
etc.
Coûts de maintien de la géométrie (yc surveillance)
sur voie ballastée LGV
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
10000
0 50 100 150 200 250 300 350
Voie Gr2 Sans Meulage
Voie Gr2 Avec Meulage Préventif
MT
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
26
The nature of the under layer has a significant influence on track lifespan and HSL geometry specific Cochet-Maumy parameters
Signatures des structures
géotechniques ?
Signatures des structures
géotechniques ?
Influence bitumen mix
at 320km/h with a
distance between
axles of 3m
The test section test with Bituminous
mix makes it possible to obtain a
reduction of a factor 2 of the annual
percentage tamp length
Energy measured
[m/s2/Hz]
Frequencies [Hz] Energy measured
[Log (m/s2/Hz)]
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
27
Some under sleeper PAD have an influence on track lifespan and HSL geometry specific
Cochet-Maumy parameters
Maintenance interventions
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
28
Some under sleeper PAD have an influence on track lifespan and HSL geometry specific
Cochet-Maumy parameters
Maintenance interventionsAverage of longitudinal levelling
Step 1: Lifespan of the components (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
29
Tools for estimation of track maintenance needs (EBM) :
Principe / ballasted track:
1 – Cyclical or programmed operations:
Fixed charges determined by the standards for track surveillance, programmed maintenance,
structure…
2 – Preventive conditioned maintenance:
- Levelling maintenance charges: Interventions conditioned by the information coming from track
surveillance. Probabilistic estimation of the intervention needs for a specific route, for a UIC group
of routes…
- Asset replacement charges: Interventions conditioned by asset defect detection… Probabilistic
estimation of the failure laws of each asset
Step 2: Estimation of maintenance needs (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
30
10 OCTOBRE 2011EMETTEUR
Example of estimation of maintenance needs for the French network
Switches & Crossing UIC 1 to 6
0 €
50 €
100 €
150 €
200 €
250 €
300 €
2008 2013 2018 2023 2028
Mil
lio
ns
Entr. mode 1
Entr. sc. 1
Entr. sc. 2
Entr. sc. 3
Entr. sc. 4
Entr. sc. 5
Entr. sc. 6
Entr. mode 3
Extrapolation non modélisable
Scénario SsR
Scénario 1
Scénario 2
Scénario 3
Scénario 4
Scénario 5
Scénario 6
Scénario RaD
Step 2: Estimation of maintenance needs (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
31
10 OCTOBRE 2011EMETTEUR
Example of estimation of maintenance needs for the French network
Switches & Crossing UIC 1 to 6 Normal Track UIC 1 to 6
0 €
50 €
100 €
150 €
200 €
250 €
300 €
2008 2013 2018 2023 2028
Mil
lio
ns
Entr. mode 1
Entr. sc. 1
Entr. sc. 2
Entr. sc. 3
Entr. sc. 4
Entr. sc. 5
Entr. sc. 6
Entr. mode 3
Extrapolation non modélisable
Scénario SsR
Scénario 1
Scénario 2
Scénario 3
Scénario 4
Scénario 5
Scénario 6
Scénario RaD
300 €
320 €
340 €
360 €
380 €
400 €
420 €
440 €
2005 2010 2015 2020 2025 2030M
illio
ns
Entr. Ss Renouv
Scénario de base
Variante 1 (+50%2-4)
Variante 2 (+50%5-6)
Variante 3 (+100%5-6)
Variante 4 (base prolongé)
Entr. Renouv à date (<1000km/an)
Step 2: Estimation of maintenance needs (ballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
33
HSL ballasted track (UIC group3)
HSL300 - UIC - current track without switches
0 €
20 000 €
40 000 €
60 000 €
80 000 €
100 000 €
120 000 €
140 000 €
160 000 €
180 000 €
200 000 €
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75
E/T
I/T
E+I/T
Invest / T
Maintenance / T
Step 3: LCC calculations (ballasted and unballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
34
HSL ballasted track (UIC group3)
HSL300 - UIC - current track without switches
0 €
20 000 €
40 000 €
60 000 €
80 000 €
100 000 €
120 000 €
140 000 €
160 000 €
180 000 €
200 000 €
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75
E/T
I/T
E+I/T
Co
To
Step 3: LCC calculations (ballasted and unballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
35
Slab track
0 €
20 000 €
40 000 €
60 000 €
80 000 €
100 000 €
120 000 €
140 000 €
160 000 €
180 000 €
200 000 €
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75
E/T
I/T
E+I/T
HSL300 - UIC3 - current track without switches
Invest / T
Maintenance / T
Step 3: LCC calculations (ballasted and unballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
36
Slab track
0 €
20 000 €
40 000 €
60 000 €
80 000 €
100 000 €
120 000 €
140 000 €
160 000 €
180 000 €
200 000 €
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75
E/T
I/T
E+I/T
HSL300 - UIC3 - current track without switches
Co
To
Step 3: LCC calculations (ballasted and unballasted HSL)
1 - Modelling for Infrastructure Management after conception engineering
37
Thanks to its experience of component and sub-system behaviour, IMs can:
→ specify and optimise new components to facilitatemaintenance, taking into account usage, environment,specific quality targets,…
→ optimise the dimension of spare parts and the correspondingmaintenance organisation.
The following examples come from signalling:- choice of failure laws,- architecture choice for critical computerised system.
2 - Modelling for Infrastructure Management before conception engineering
38
Modeling methods: renewal density for successive replaced components
• The renewal density gives the
replacements due to failure at time t :
=
−−=1
]))'(1[()(n
ntFth
where * denotes the convolution.
• The integral of this function gives the
number of expected replacements
before time t .
Without system ageing
Reduced time trh(t
r)beta = 3,4
0,0000
0,0100
0,0200
0,0300
0,0400
0,0500
0,0600
0,0700
0,0800
0,0900
0,1000
1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97
Somme
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
2 - Modelling for Infrastructure Management before conception engineering
39
Modeling methods: renewal density for successive replaced components
With system aging
• We can include the ageing of the
system (or effects of repairs) by
using a factor K
• This translates the fact that even a new
component has a reduced lifetime if it is
introduced into an ageing system.
ηn = η0 ∙ K at the nth replacement.
0,0000
0,0100
0,0200
0,0300
0,0400
0,0500
0,0600
0,0700
0,0800
0,0900
0,1000
1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49 52 55 58 61 64 67 70 73 76 79 82 85 88 91 94 97
Somme
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Reduced time trh(t
r)beta = 3,4
K = 0,75
2 - Modelling for Infrastructure Management before conception engineering
40
Modeling methods: renewal density for successive replaced components
• Maintenance expenses: Y(t) = ci(t) + cu ∙ n ∙ h(t)
– ci: current costs
– cu: replacement costs for one component
– n: number of components
– h(t): renewal density
• Expected global maintenance expenses (including
renewal) per year:
−
=
+
+=1
0
1
/)]([/)(T
t
t
t
TtYXTTC
With X: renewal costs )(TE
0
20000
40000
60000
80000
100000
120000
140000
160000
180000
200000
1 4 7 10 13 16 19 22 25 28 31 34 37 40 43 46 49
Som(X)/T
Som(1,7;Y)/T
Som(3,4;Y)/T
Som(5,1;Y)/T
Som(X)/T +Som(1,7;Y)/TSom(X)/T +Som(3,4;Y)/TSom(X)/T +Som(5,1;Y)/T
Co
To with K=1
2 - Modelling for Infrastructure Management before conception engineering
41
Modeling methods: renewal density for successive replaced components
• Maintenance expenses: Y(t) = ci(t) + cu ∙ n ∙ h(t)
– ci: current costs
– cu: replacement costs for one component
– n: number of components
– h(t): renewal density
• Expected global maintenance expenses (including
renewal) per year:
−
=
+
+=1
0
1
/)]([/)(T
t
t
t
TtYXTTC
With X: renewal costs )(TE
0
20000
40000
60000
80000
100000
120000
140000
160000
180000
200000
Som(X)/T
Som(1,7;Y)/T
Som(3,4;Y)/T
Som(5,1;Y)/T
Som(X)/T + Som(1,7;Y)/T
Co
To with K=0,8
2 - Modelling for Infrastructure Management before conception engineering
42
Modeling methods: renewal density for successive replaced components
Design choices could have a huge impact on a maintenance strategy and on the chances of reaching the right quality level (availability, security, safety…) with the economic target value
The terms of the requirements have to be chosen taking into consideration the context of use and the economic and organizational targets… which are not known by suppliers
2 - Modelling for Infrastructure Management before conception engineering
43
Architecture choice for a critical computerized system
Classical architecture
• Without independence between System
and Functional SW
Proposed architecture
• With distinction between HW & System SW
and the functional SW
Input (TOR or
communications in
the railway context)
Output (TOR or
communications in
the railway
context)
Software supporting the execution of the
functionalities
Hardware
N of P architecture of the real time
computerised system – SIL4
development
I1
Interface
Functionalities (interpretable and deterministic
model as Petri nets with fixed writing and
interpretation rules)
Mixed functional and
basis Softwares
Probabilistic safety
Hardware
2 - Modelling for Infrastructure Management before conception engineering
44
Architecture choice for a critical computerized system
Classical architecture
• Without independence between System
and Functional SW
Proposed architecture
• With distinction between HW & System SW
and the functional SW
Input (TOR or
communications in
the railway context)
Output (TOR or
communications in
the railway
context)
Software supporting the execution of the
functionalities
Hardware
N of P architecture of the real time
computerised system – SIL4
development
I1
Interface
Functionalities (interpretable and deterministic
model as Petri nets with fixed writing and
interpretation rules)
Mixed functional and
basis Softwares
Probabilistic safety
Hardware
Application of formal methods impossible
2 - Modelling for Infrastructure Management before conception engineering
45
Architecture choice for a critical computerized system
Classical architecture
• Without independence between System
and Functional SW
Proposed architecture
• With distinction between HW&System SW
and the functional SW
Functionalities (interpretable and
deterministic model as Petri nets with
fixed writing and interpretation rules)
Input (TOR or
communications in
the railway
context)
Output (TOR or
communications in
the railway
context)
Software supporting the execution of the
functionalities
Hardware
N of P architecture(s) of the real time
computerised system – SIL4
development
I1 Interface
I2 Interface
with interpretation
rules…
Know-how
Know-what
Application of formal validation methods
Know-why
2 - Modelling for Infrastructure Management before conception engineering
47
• Case 1 : without formal interface between HW and functional SW
0
5
10
15
20
25
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59
CAPEX/T
OPEX/T
Cumul/T
Functional
Software
Renewal
Hardware
Renewal
(obsolescence)
Step 3: LCC calculations (Critical IT system with and without formal interface between HW and functional SW)
2 - Modelling for Infrastructure Management before conception engineering
48
• Case 1 : without formal interface between HW and functional SW
0
5
10
15
20
25
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59
CAPEX/T
OPEX/T
Cumul/T
Step 3: LCC calculations (Critical IT system with and without formal interface between HW and functional SW)
Co
To
2 - Modelling for Infrastructure Management before conception engineering
49
• Case 2 : with a formal interface between HW and functional SW
0
5
10
15
20
25
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59
CAPEX/T
OPEX/T
Cumul/T
Functional
Software
Renewal
Hardware
Renewal
(obsolescence)
Step 3: LCC calculations (Critical IT system with and without formal interface between HW and functional SW)
2 - Modelling for Infrastructure Management before conception engineering
50
• Case 2 : with a formal interface between HW and functional SW
0
5
10
15
20
25
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59
CAPEX/T
OPEX/T
Cumul/T
Step 3: LCC calculations (Critical IT system with and without formal interface between HW and functional SW)
Co
To
2 - Modelling for Infrastructure Management before conception engineering
51
Part 3 – Safety & Security : Cyber issues
?
521 - Safety and cybersecurity issues
52
Safety and cybersecurity issues have become a concern for UIC in
recent years (in the different functional “layers” of the rail system)
Different levels of fragility in rail services have been identified:
▪ Information systems in relation to the customer
▪ Traffic management information systems, contracts, customs
information, rolling stock and infrastructure maintenance information
▪ Critical operating systems
= Business AND Systems
53
53
Following a pathfinder project called ARGUS, implemented in cooperation with
the COLPOFER group (OSJD) and well-known industrial players such as
Cyclus, Splunk, Airbus, APSYS and others, UIC has created its first Guidelines
for Cyber-Security in Railways.
1 - Safety and cybersecurity issues
542 – Cyber risk: myth or reality?
54
We are currently in:
- A world engaged in digital warfare at
economic and/or military level- An interconnected and open digital world
This world represents a paradigm shift for the railways
o Railways are one of the priority targets of certainactors
o Today, railways use digital technologies and architectures that are particularly vulnerable to potential attack (internal or external)
55
55
Railways have become stuck in a position of denial about the emergence andgrowth of risks related to cyber attacks, for many reasons:1. Consequences of attacks vs. determinism of preventive costs2. “Service provider” vs. “technical mastery of systems”3. Transition from white box systems, or functional white box to black box
vision4. Not taking safety or cyber risks into account in security studies (application
of CSM, obtaining AMEC...)
2 – Cyber risk: myth or reality?
56
56
2 – Cyber risk: myth or reality?
From the Internet: possible takeover of station
information systems, automatic vending machines
(ransom requests to regain control)
Immobilisation of rolling stock in operation by
unauthorised radio connection (links intended
for remote maintenance, etc.)
A "man in the network" can cause a fire, field elements
in unsafe conditions, change the functionality of certain
signal boxes, etc.
Intrusion tests performed by IMs or RUs demonstrate
the weaknesses in certain systems, existence of
plausible attack scenarios, etc.
The list is not exhaustive, especially since some actors
"map" the networks of friendly/hostile countries...
57
57
2 – Cyber risk: myth or reality?
Cyber risk is therefore a reality that can have a direct impact on rail traffic availability and safety.
We have experienced and will continue to experience a decline in thesecurity levels of our critical infrastructure with the transition to digital.There are dangers that threaten us:
Three major dangers
China: peaceful attacks
on industrial knowledge
and illegal information
gathering
Russia and former
USSR: Hostile cyber
attack/attack on behalf of
industries or lobbies
Terrorist and/or extremist
organisations
58
58
3 - Technological developments that threaten our systems
The evolution of technologies and modernism (technical and managerial) expose our systems to attack. Such developments include:
1. The emergence and uncontrolled spread of "railway
clouds", cloud computing, IoTs, including for critical
signalling systems
2. IoTs generally have only one common password to a
series of products, registered in Hard internally, without
the user being able to dynamically and frequently
change it
3. Digital systems and networks (existing or future) that
are poorly designed in terms of safety and security
cannot subsequently be secured in practice
59
59
4. Modern systems are highly centralised, which makes
them vulnerable to an attack
5. Modern systems are not developed with the use of
functional modelling or formal methods and use cost,
hardware, OS and "general public" protocols
6. The consequences of a targeted attack
are far greater than those that could possibly
be expected for attacks on older systems
3 - Technological developments that threaten our systems
604 - Taking cyber threats into account in
system design rules and related
security studies
60
1
• Identification of security strategy levels
2
• Real independence of networks with different levels of cybersecurity and business consequences
3• Gateways between networks with protocol breach
4• Functional white box modelling of systems and their means of communication
5 • Systems development with the use of formal methods
6• Useful resilience through independent and non-digital technological means
7• Deployment of all radio communications in the railway sector > FRMCS
61
61
For safety demonstrations (application of Common Safety Methods):
• Formalise choices in security files in terms of acceptability of cyber consequences, types of network subset where certain systems can be deployed, etc.
• Identify the physical protective measures that must be associated with them (demonstration assumptions)
• Identify the rules of design, implementation, system integration that must be implemented (demonstration assumptions)
• Consider, in addition to ER related to human and organisational factors or aspects of technical failure, ER possibly related to external attacks by malicious third parties
• >Requires implementation of three types of measures (depending on the identified need):- Peripheral defence, - Defence in depth, - Endogenous defence (for SIL4 systems) and identify means of continuous verification of proper implementation and operation
• Identify (the nature of) the intrusion tests that will have to be performed regularly and on which railway subassembly (assumption of the demonstration)
4 - Taking cyber threats into account in
system design rules and related security
studies
62
62
5 - Taking cyber risks into account in IMs’
and RUs’ asset management processes
The railways (RUs and IMs) are responsible for traffic safety; they must define
and are responsible for the SMS (Safety Management System - more
appropriately called “SSMS” (Safety and Security Management System))
Including Security and « Cyber security »
63
Network
strategy
Axes
Strategies
Work
planning by
axes Project
Realisation
Operation
Circulations
Constats performancesTimetable
planification
Asset
Managemen
t Strategies
by axes
Operation
strategies by
axes
Operation
strategies
Asset
Managemen
t strategies
Ressource
strategies
PROSPECTIVE PRESCRIPTION OPERATIONAL
A perfect coherent system vision → including Security and Cyber security:
5 - Taking cyber risks into account in IMs’
and RUs’ asset management processes
Status of patrimony of the
axis/corridors
Emergence asset performances
Commands - strategic
axis in terms of:
- Traffic capacity
- Works to be achieved
- Performance schedule to
be achieved
- Resource plans
ASSET
MANAGEMENT
STRATEGIES
OPERATION
STRATEGIES
Estimation of maintenance
needs
Network objectives
Objectives by axis
Measured network
performances/
subsystem
“Customer vision”
Differentiated investment and
maintenance policies
Product policies, technology
policies
Design/maintenance/operating
requirements
5 - Taking cyber risks into account in IMs’
and RUs’ asset management processes
64
65
65
6 - UIC's work in this area will intensify in 2019
Sustainable development
Development of the
FRMCS system (in
collaboration with 3GPP,
ETSI, suppliers...)
Projects: APRA
and OSJD
UIC Railway
Application Guide -
Asset Management
through ISO 55001
Specialised cyber
exchange platform: -
telecoms and/or
specialist
manufacturers -
standardisation bodies
- railways
Publication of
new IRSs
66
• 2018 exploratory group conclusion: need for a practical approach
• Development of three axes:
‒ Definition of priorities: critical systems/safety
‒ Participation in existing ad hoc telecoms work groups (ETSI, 3GPP, GSMA, etc.)
‒ Cooperation with a group of specialised industrial companies already active inproviding sound solutions to other industries (airborne, energy, etc.)
• Registration in ad hoc telecoms work groups (H1)
• Identification/enrollment of 1st group of industrial companies (H1)
• Initial vision for possible technical solutions (end 2019)
Complementary to other initiatives (processes, normative
rules, etc.)
6 - UIC's work in this area will intensify in 2019
Stay in touch with UIC!
Thank you for your kind attention!
Prof. Dr. Marc AntoniRail System Director
UIC Rail System Department