From ancient times to today’s rail transit safety is worth a thousand dollars
Railway transportation, in the last century when automobile, aviation and pipeline transportation have not developed rapidly, is the main force of transportation and has always been in a monopoly position. Its birth and development are inseparable from the world’s industrial revolution and even cultural exchanges. Today, with the diversification of demand and the innovative development of technology, subways, light rails, maglev systems, trams and rapid transit systems are gradually being introduced, forming the rail transportation industry we know now.
On November 1, 1918, a train that had just opened for service in Brooklyn was speeding through a corner due to an inexperienced operator, resulting in the loss of more than 100 lives. In 1977, a two-car collision occurred in Chicago, USA, causing the train to fall, and the price paid was extremely painful. Similar accidents are not uncommon in the development of rail transit, and the price paid is the lives and the good reputation that operators have managed to establish for a long time.
Due to the frequent occurrence of similar accidents, experts around the world research and implement relevant standards and requirements day and night, and use them as guidelines to guide the practical application of rail transit manufacturers in various countries, striving to be “safe” and worry-free. EN 50129:2018/AC:2019 (Communications, signalling and processing systems – Safety-related electronic systems) is the standard for this. According to its requirements, manufacturers can build a control system that meets security requirements to avoid unnecessary security incidents.
In the EN 50129 standard, the safety architecture of the control system of rail transit is mainly divided into three safety levels, from low to high, SIL 2, SIL 3, and SIL 4.
Let’s take a look at how to use components to build a security architecture that meets the above levels:
- Wiring instructions for SIL 2 safety level
Achieving this level is not very demanding. In the case of controllers up to IEC 61508 SIL3, peripheral sensors and actuators only require a single-channel structure.
- Wiring instructions for SIL 3 safety level
The requirements of SIL3 safety level are naturally higher than SIL2. In addition to requiring the controller to meet IEC 61508 SIL3, the peripheral sensors and actuators must require a dual-channel structure (as shown in the figure above). In addition, the two safety output circuits must come from different output modules, and their respective power supplies must also be independent.
- Wiring instructions for SIL 4 safety level
SIL4 has the highest requirements and the implementation process is more complicated. First of all, there are two independent controllers that reach IEC 61508 SIL3. The peripheral sensors and actuators must also be dual-channel structures. In addition, the safety input loop, safety output loop and their power supply must be completely independent. In fact, the SIL4 architecture can be regarded as realized by the physical combination of two identical SIL 2 systems. The two systems must also have cross-checking of input signals and cross-checking of output signals. The specific input and output A wiring example is shown in the figure.
SIL4 architecture program signal cross-check
When we have built the initial framework of SIL4, how should the two systems correctly perform the cross-check between the input and output signals?
As shown in the “Basic Conceptual Diagram of Cross-checking” above, according to the requirements, the same sensor signal must be processed and analyzed by two systems at the same time, which means that the two sensor signals of the dual-channel structure will be processed four times. Only when the four processing results are consistent, the entire SIL4 system will determine that the signal of the dual-channel sensor is valid. The output enable signal is also cross-checked in a similar way.
A good helper for building control system security architecture
In 2012, Pilz launched the PSS 4000-R safety system according to the application characteristics of the rail transit industry. It has successfully passed the strict type test and test of TÜV SÜD, and has relevant certificates, which can help industry users easily achieve the compliance of EN 50129. 3 frameworks.
The PSS 4000-R safety system itself meets the requirements of IEC 61508 SIL3. Therefore, a PSS 4000-R system can meet the application requirements of SIL2 and SIL3. For the high requirements of SIL4 applications, two sets of PSS 4000-R systems can be easily handled, and with the signal cross-check logic diagram provided by Pilz, it is also a matter of meeting the software requirements in the SIL4 architecture.
The operating ambient temperature of the PSS 4000-R system is -40℃~+70℃, and the good heat dissipation ensures that it can be used in plateau railways, and the installation altitude can be up to 5000 meters. The modular system architecture allows users to expand the corresponding I/O modules according to actual needs, and the unique M12 type Ethernet interface can meet the requirements of rail transit on-board applications.
As a professional automation technology company, Pilz has always been committed to helping customers easily and professionally implement safety applications in various industries, making the production and operation environment more secure, stable and reliable.
The Links: 3HAC029024-001 3HAC023518-001 IGBT
