Risk Analysis and Development of an IPNetwork-based Railway Signal Control System.

This paper describes risk analysis and development of an IP-networkbased railway signal control system that East Japan Railway Company has developed for important railway operation lines in the Tokyo metropolitan area. The system controls railway signals to maintain safety for running trains and is one of the safety-critical systems. High availability is also a requisite because of railway customer needs and consideration of the social effects of a stoppage of operation. Several methods for safety and high availability which replace old methods (those with relays) and respond to networking technologies are proposed and applied to equipment and transmission between equipment. The development was based on those methods and risk analysis. Maintaining safety, the system has redundant structure for availability and transmission between equipment has quadruple redundancy. FTA and FMECA were used for risk analysis for the equipment. It was verified that the system can prevent the top event with sufficient measures having been taken. The transmission between equipment fulfils IEC62280-1, and its fulfilment was examined through risk analysis.