1101 Seventeenth Street NW, Suite 1100
Washington D.C. 20036-4798
United States of America

RTA on track: Securing Austrian railroads



AEG is a brandname for over 100 years now. Active in different industries and present in numerous countries worldwide AEG has always been a very strong business partner. AEG Mobile Communication is specialized in Professional Mobile Radio communication systems (PMR systems). Mobile communication technology is a key technology when it comes to traffic control systems with the main emphasis on safety and security issues.



The Stubaitalbahn is one of Austria's most scenic railroads. Operating in the midst of the Tyrolean Alps, the electric locomotives of the Stubaitalbahn transport passengers between Innsbruck and Fulpmes 17 hours a day every day of the week. When the Stubaitalbahn started its operations almost 100 years ago, AEG played a major role in supplying the key technology for it - the electric equipment.



A big part of the railroad is single track, which is very common for railroads in mountains. But this makes these railroads very dangerous considering that multiple trains are going uphill and downhill at the same time. This single track portions of the railroads are often bridges, tunnels or long curves. Considering that trains going downhill require a very long braking distance and that the visibility in tunnels and curves is very limited. So sometimes these single track portions might become very dangerous even when the slightes mistakes are done.

After a series of "almost" head-on collisions the Stubaitalbahn decided in 1994 to implement a railroad safety system. And again it was AEG (AEG Mobile Communication) that supplied the key technology - mobile communication units that allowed real-time tracking and the transfer of train positions very accurately, even in the harsh environment of the Austrian Alps.

But what has this to do with RTA?



When in 1994 AEG got the contract to implement the electronic railroad safety system for the Stubaitalbahn it decided to use brand new technology for a traffic control project. There fore this new technology had to get approved by the Austrian Department of Transportation (DOT). In order to get the approval the system has to be fully redundant, fault tolerant, capable of handling real-time events and to a certain degree be based on proven technology too. All those requirements are very important in order to ensure the flawless functioning of the system and to guarantee the safety of the passengers.

RTA was able to fulfill all these requirements. For that reason it was chosen as the development platform for implementing the control system that ensures the railroad safety. Two DEC Alpha computers running DEC Unix where selected as the servers to run the control system. Regarding to the conditions that were given by the Austrian department of transportation these two servers had to support the following three security levels.



A) Fully automated railroad safety (first level of safety)

By permanently monitoring the positions and directions of all trains on the railroad the system has constantly to check if the safety of the railroad is guaranteed at all times. In case of a breach of the safety it has to launch an alarm immediately in order to stop the trains that are possibly involved in a collision.

This system has to run on both servers in a redundant manner whereby one server is MASTER and the other is HOT-STANDBY. In case of a failure of the MASTER server, for what reason ever, the STANDBY server has to take over instantly.



B) Operator assisted railroad safety (second level of safety)

This level has to provide reduced functionality to the operator. Similar to SCADA systems, the operator can monitor the status of the trains and gets only proposals from the computer. But it is up to the operator to take action when the computer detects and signals a breach of safety.

All programs at this level have to be written in a different programming language and be designed and implemented by different programmers as compared to the programs of the first level. The process data required to support this second safety level has also to be acquired differently.

The second security level software is a kind of shadow application. It is always up and running, collects data in its own way, is processing this data completely independent from the other software components and is just waiting to be activated. Activation of the applications of the second level is done automatically in case BOTH servers fail to support the first level of safety.

C) Manual operation of railroad (third level of safety)

Two plotters and printers are constantly busy plotting all the moves of the trains and printing train status, railroad and system information on paper. In case that all computer systems fail this is crucial information for the railroad operators. They need those real-time protocols in order to determine all train locations. This third level of safety is the last resort and hopefully is never required, but if it ever is, its present.

RTA - the proven development tool for redundant and distributed real-time applications



It is very obvious why in a system like this the emphasis is put very much on safety. With its real-time redundancy manager the RTA provides all features required to implement a maximum of safety, security and redundancy by supporting MASTER - STANDBY (HOT-STANDBY) functionality with automatic failover function. Its real-time database allows real-time replication of all relevant process data on all RTA-nodes in a network. These basic features made it fairly easy during the Stubaitalbahn project to implement all requirements for the first level of safety.

Another feature of RTA is that it supports different programming languages. It even provides its own programming language, especially designed for rapid implementation of distributed, redundant, real-time applications. This language takes into consideration that RtDB is an active database system and hence it supports ECA rules (Event Condition Action rules). Using this language and on the other hand using C it was very easy to fulfill the requirements for the second level of security.

And since RTA has an open architecture and allows effortless integration of third party products it was also no problem meet the requirements for the third level of security without having to reinvent the wheel again.



FLOWSYS is a registered trademark of Real Time Solutions of America Inc. All other products mentioned are registered trademarks or trademarks of their respective companies. Questions or comments regarding this web site should be directed to Copyright © 2005 Real Time Solutions of America Inc. All rights reserved. Last modified: December 9, 2005