Signalling system evolution and historical context

Signalling has evolved from lineside visual indications providing advice to drivers to modern in-cab systems.

Because signalling and train control systems are critical, their development has often led innovation in safety engineering. From mechanical interlocking to digital equivalents signalling engineers have sought to eliminate or mitigate human error by operators. Signalling has also enshrined the principle of failing to a safe condition.

Despite this focus, fallible humans are involved in the design, installation, testing, inspection, operation, maintenance and repair of signalling systems. As a result, failures could occur that may lead to an unsafe condition, known as ‘signalling wrong side failure’. Such a failure is vividly illustrated by the rail accident at Clapham Junction, December 1988.

The official investigation into Clapham Junction introduced a number of reforms to the industry. The signalling discipline was in the vanguard of introducing structured, systematic competence management systems, and safety critical workers became subject to limitations on their working hours.

Clapham (and the fatal crash at Purley in March 1989) played a part in prompting the industry and government to consider protecting trains against the risks of Signals Passed at Danger (SPADs) by some form of automatic train protection (ATP) – despite Clapham not being an ATP-preventable crash. Network-wide ATP was ultimately rejected on grounds of affordability, but the work informed the joint inquiry into train protection systems by Lord Cullen and Professor Uff, who had conducted the public inquiries arising from the SPAD-caused train collisions at Ladbroke Grove and Southall (1999 and 1997).

The Uff-Cullen inquiry envisaged the imminent introduction of ATP as part of the European Rail Traffic Management System (ERTMS). In the interim, it recommended, for mainline operations, a short-term solution (for no longer than 10 years) that would introduce immediate benefits for a fraction of the cost of full ATP. This approach was mandated by the Railway Safety Regulations 1999.

Since the introduction of RSR99, Train Protection and Warning System (TPWS) has been installed across the mainline railway at all legally required locations to ensure a minimum level of train protection at higher risk signals and junctions. TPWS is a system overlaid onto existing signalling to prevent or mitigate SPAD risk at key locations and manage the risks of over-speeding at the most critical permanent speed restrictions and on the approach to buffer stops.

On some routes, TPWS has been fitted additionally at more locations than required as a minimum. This was expected to be an interim measure not exceeding 2009 but is expected to be in use for many more years to come.

The mainline railway has plans to upgrade to ATP across all routes pursuant to the long-term plan to develop a digital railway many non-mainline operations already have ATP in place.

Digital Railway and system integration

The railway industry is actively engaged in progressing ERTMS projects in line with the implementation plan. Network Rail has the role of coordinating the whole industry towards achieving the plan.

The primary safety feature of ERTMS is ATP or Automatic Train Protection where, even though a driver might retain control of most functions, the system will intervene to enforce braking to keep trains safely spaced. ATO, or automatic train operation, refers to a range of automated control of train operations ranging from driver assistance to fully driverless operation. These are the features that can deliver significant improvements in safety.

One element of the Digital Railway is the Traffic Management systems (TM). Traffic Management takes inputs from various systems, uses this data to identify conflict points and predict and deliver plans or options to counteract any clashes, and ensures all users are informed of changes as the systems make adjustments.

TM has considerable scope to minimise delay and disruption, and to assist in reducing signallers’ workload. They also have the potential to be linked to the Driver Advisory System (DAS), which is present on some fleets – meaning drivers receive real time information.

The integration of multiple novel technologies under the Digital Railway initiative is inherently complex. The complexity of the challenge may be increased if, as anticipated, the technologies are implemented to varying degrees and at varying paces in different parts of the network. The ORR is monitoring industry plans closely and exerting pressure to ensure that transitions are safely managed. It is preferable to minimise the number of different signalling and train control systems a driver will encounter in the course of one train journey – but this aim for greater consistency can be difficult to achieve if there are competing demands to introduce new technology on a cost-effective basis, only once existing assets are life-expired, for instance.

Digital Railways rely on the interface between trackside equipment and the corresponding on-board equipment. These may be under the ownership of different companies, which could lead to issues regarding the renewal of assets, maintainability and sustainability, and the progress of future enhancements where each owner has differing requirements and budgets.

Implementation of ERTMS, for instance, currently involves:

• Network Rail as infrastructure manager; 
• Train operating companies (TOCs), freight operating companies (FOCs) and rolling stock leasing companies (ROSCOs) responsible for train fitment and for training their staff in the new equipment; 
• RSSB as the custodian of relevant standards; and 
• ORR as the National Safety Authority and DfT as funder.

A key component of ETCS is the automatic train protection (ATP) function. This is a fully functional train protection system capable of stopping trains within a defined safety zone and continuously supervising train speeds during the journey. In order to achieve this, the on-board system must have information about the train’s braking capability as well as other details about its weight and length.

If the wrong data is entered into the system, the performance of the train protection equipment is degraded. If, for example, the braking capability is underestimated the ATP system will force the train to brake early and so impact on performance and line capacity. If the braking capability is overestimated the ATP system cannot supervise train speeds and stopping points safely.

As the mainline railway progresses towards introducing ETCS, the industry must remain vigilant to ensure that the data entered into the ATP function of ETCS enable the safety function to operate correctly without interfering unduly with performance. Data entry is known to be a particular concern for freight and other non-fixed formation trains.

In 2018 Automatic Train Operation (ATO) was introduced to the mainline on the central London section of Thameslink. This development allowed for ATO operating on trains with a functioning ETCS system to provide full ATP protection. ATO systems are typically configured to brake harder and later as to offer increased capacity on journeys with many station stops. In such circumstances, the ATO and ATP systems need to be able to modify their performance in the event of unexpected changes to brake performance caused, for example, by low rail adhesion. Industry must develop ways of ensuring that variations in rail adhesion are accommodated in the ATO system.

Glossary of terms