Collision-free Railways

Our Country's Anti-collision Devices network with each other and form an intelligent safety layer to protect railway staff as well as the passengers from dangerous collisions/washouts in floods. A more positive and aggressive implementation is needed in public interest.

My Photo
Location: Hyderabad /Herndon VA USA , Andhra Pradesh, India

Fellow of National Academy of Engineering Fellow of Institution of Engineers, M.Tech., Indian Railway Service of Engineers (1970-2005) Former MD/ Konkan Railway Corporation

Thursday, December 08, 2005

Collision-free Railways

Raksha Kavach vs CENELEC

Raksha Kavach vs CENELEC standards : an appreciation by the inventor and mentor

  • The advent of ACD has opened a new chapter of introspection of Indian railways’ perspective and understanding of safety.

  • The CENELEC standards and the Safety Integrity levels  if not understood in proper perspective can do more harm than good to a railways financial status. The European railways evolved the standards to create a level playing field for all the manufacturers and with pre-designed acceptable / tolerable hazard levels, which sets the levels of quality assurance procedures.

  • First, one should remember the heavy investments already done over the years in the signaling systems, which are designed to prevent the various accidents and are safety critical. One cannot overnight replace them nor it is necessary. The number of accidents of dangerous nature involving heavy loss of lives , which happen when a passenger train collides with another, prompted the Konkan railway to seek and design a cost effective solution, without replacing the existing expensive signal systems which have substantial residual life as well as working satisfactorily most of the time.

  • Designed as an additional layer with the prime object of preventing dangerous collision type of accidents involving loss of lives, the ACD is innovated. Not a “signaling” sytem, hence does not require application rigid railway specific standards- “ not safety critical” category under signal engineers technical terms- makes it more economic to manufacture using mass manufactured commercially widely used equipment components.

  • Whenever we make our requirements too specialized, we will be forced to pay higher rates because of low numbers of production. Unlike commercial fast moving electronic goods, where prices fall with volumes, special purpose instrument grade electronics do not fall in unit prices as volumes are low and not fast moving too! Only against firm order, manufacturer starts production. To control prices as well as assure quality, one needs to have a loyalty based long term relationships with indicated volumes for delivery promised.

  • Technology development is an intellectually challenging, and break through in the technology with innovation, quite often create products which cannot be covered by existing standards. By nature, standards evolve keeping in view developed products, commercially stabilized, for ensuring uniformity of quality. So technology break through may actually lead and standards lag.

  • Knowledge embedded devices are the new generation technology development, where intelligence is built in distributed devices having enough knowledge and analyzing capacity, to inter-communicate and compare decisions of each other and with concurrence take action. Such innovation requires different standards to be evolved.

  • CENELEC standards are not meant to be secret knowledge of any single group or department- all manufacturers and persons dealing with safety of railways should have basic understanding of the standards- so that informed administrative decisions may be taken after due diligence. Else administrations may end up taking need less & financially destructive decisions out of hype created with inappropriate application of standards.

  • It is ultimately the definition of acceptable level of or tolerable level of hazard rate for a function- it is rate not just probability; decides process.

  • If you have already an existing system, with certain level defined hazard rate, any addition to the system can be designed by first agreeing on how much we want to reduce the hazard rate- and the required quantum of hazard rate for the new system for the specified function can be derived. For the targeted rate, the levels of manufacturing processes and software control are detailed in the CENELEC- in terms of SIL numbers.

  • Systems added as supplemental, which do not give any indication to the operating /running staff – no signal functions to guide- get classified as non-signal and “non-safety” system. It is terminology of signaling group. But any system which acts to change an operating system to a relatively safer mode – but does not give any signals over riding or replacing the existing system, DOES FILL GAPS AND SAFETY AGAINST COLLISION CAN BE IMPROVED. So safety is assured- in the sense that hazard rate is improved , thus improving safety- but it is technically  “ non-vital” and “non-safety” system- but in colloquial terms a safety device as it actually prevents collisions!

  • The fact that two out of two computers agree for allowing the trains to move normally, but even if one finds unusual situation can initiate action to automatically bring the system to a safer mode of reducing speed and stopping short of one another- in fact makes it much more powerful system than being claimed now. When we network, and introduce logical checks & balances, while we don’t give any indications to the drivers or stationmasters. They will continue to depend upon existing signal and control systems only, and the new system being totally free from any inputs from the running staff, creates a silent Raksha Kavach, just watching and acting only if collision type of situation arises. The entire process is in background and does not involve staff- no human element is involved.

  • Any failure of Raksha Kavach  is such that it shall never give any kind of misleading information to the driver nor to the station master to give clearnce nor authorization of any type to act.

  • Any possible complacency factor is avoided by totally remaining silent and not prompting the driver to do anything on regular basis. It is more in the nature of insurance for the drivers in terms of knowledge that his safety while running, is assured when unforeseen factors beyond his comprehension and not provided by the existing signals, occur, the Raksha Kavach stands by him most of the time.

  • In the world there is nothing “deterministic” as some people tend to use the word as compared to “probability” based systems. In fact one can only talk in terms of acceptable hazard rates- that is the risk rate of getting a hazardous decision- it is not about failure of system- it is about giving a wrong and misleading indication, which is sought to be minimized in the European standards laid down in CENELEC.  

  • Redundancies in processes, equipment, alternate paths for information integrity and concurrence of more than one process as well as decision making systems, all add up to eliminating a wrong decision from the system.

  • Keeping in view the future road map for the ACDs, the first version need not be more than of SIL 0 level for controlling the manufacturing processes, but because of its design and system configuration is able achieve functionality generally assigned SIL 4 level! This is the amazing breakthrough for keeping down the costs for the focused goal of just avoiding collisions and loss of life.

  • It is like a number of simple thinking units which are individually fallible and not too reliable, but when networked, the probability of both of them or three of them simultaneously failing is made remote- suppose the risk of hazard rate of probability is say, “q” , the the probability of both of them simultaneously failing to agree to give wrong result is q2.  Going back to Panchtantra, a large number of ants, each individually may be too weak and not as complexly enabled as a snake, one to one, but when the ants group together, can prevail over the more superior snake.

  • Each ACD may be not as sturdy as a robust SIL 4 standard computerized equipment with 10-12rate of hazard risk, but even with 10-6, for each, once we insist that both should agree to commit a hazardous result, then it becomes the same as the single system of very high reliability.

  • In case of ACD network, it is distributed intelligence and more than one thinking unit has to agree among themselves, to allow the operation to continue, else act to forcibly shift the operational level to a safer mode.

  • If the system is upgraded to include train control in positive manner, by giving indications and granting authorizations, then the upgrade path will be to adopt the methods to ensure laid down tolerable hazard rate for this purpose, because, the existing signal and train control system will get replaced.

  • Another question, which crops up is that at SIL0 level, whether no quality assurance is needed. It is not so. The processes are almost on the same pattern, except the level of reliability needed is not as severe, as it would have been, had it been a case of signaling system.

  • In terms of reliability of information inputs improvements in ACD design since Amritsar trials are:

  • In addition to GPS inputs, tachometer inputs supplement to cover for shadows

  • Double GPS systems for improving the sampling rates over the points and crossings zone, further improving the accuracy of DC profile.

  • Use of VX works – a reliable real time operating system in place of DOS used in Amritsar trials.

  • Instead of complicated software used for detecting reversals of DMUs, , converting a loco into a banking loco, trailing loco in a double heading case etc, now the mechanical devices used to achieve this function are interlocked electronically to the ACD, which now eliminates a number of logical errors which took place in Amritsar trials.

  • More than 500 test cases devised by the ETDC will be completed for the software, with certification for quality assurance and with independent assessors at the level of internationally reputed TUV of Germany.

  • Incubation period of 90 days yielding data will be used to correct for shortcomings, if any, in the GPS/Radio/Deviation count profiling and identification of DZ ( i.e., stations where deviation count has not worked or too large a junction station, so exit track Ids are given by the station ID) get corrected.

  • Additionally the ACD Advisory council of Konkan Railway, chaired by the Head of Reliability assessment for space programme of ISRO, along with expert members from communication, reliability and electronic equipment testing experts will continue to monitor the development process.  

  •     A difference in appreciation between European and Indian view point helps in deciding certain issues:

  • With reference to giving warnings to the road users, the possible complacency factor which gets introduced to the road users, who when the system does not function may assume safety and neglect taking their own precautions while crossing an unmanned gate, is a situation not allowed in Europe, as much because of legal damage implications. So they allow no indications and allow the road user to fend for himself.

  • In India we have a choice: we may give the indications to the road users, with a disclaimer board that absence of danger warnings may not mean it is safe- but the warning signs are only to assist but warn them not to get complacent

  • Alternatively, introduce one fail-safe relay device at the interface with the warning device- which could be a simple road signal, may remain yellow always, but turns red in case of failure of the equipment or at approach of a train. The warning board can continue.

  • Whether we adopt this or not is a conscientious decision- a matter of tolerable hazard  risk rate we are comfortable with. Whether a value of 10-6 is adequate for our conditions. In my opinion European concept of not adopting even the 99.99% protection, because of fear that we may be held responsible for the failure of 10-3 or-6 , seems not too logical.

  • Ultimately every railway administration has to decide the acceptable rate of tolerable hazard risk vs social costs. Any step we take, should improve existing levels. The Raksha Kavach causes a quantum jump in safety levels of any signaled system “almost” eliminating dangerous life-losing collisions.  
(image placeholder)
B. Rajaram

Technology War

BR/Intellectual Property/12/8/2005     Dt.December 8, 2005

My dear Ketan,

     Sub: Intellectual Property and consequent technology development to commercialise the patents-handling Technolgy war

While leaving the organization, I had the good fortune of inventing and assigning to Konkan Railway Corporation ,Intellectual property worth more than Rs 10,000 cr- depending upon how successfully the organization is able to complete the technology development.

During my tenure I personally have to nip in the bud, attempts by the well known Multi national and influential companies to take away the knowledge I created in the name of commercialization.

The main object of my work is to show that India can produce technologies which deliver more value for money, because of our intrinsic intellectual strength. The moment you allow the pure exploitative large companies from outside our country, to take away the knowledge, the same companies will sell to us at much exorbitant prices and hijack the property, because of their better financially  strong lobby strength.

It is to benefit our people and the mankind at large that the next generation technology like ACD Raksha Kavach has been created by my effort. We are more advanced in every way and the road map of development threatens almost all the existing established players. We want to create wealth for our country and others want to create wealth for their country.

It is a Technology War!

Most of our Government officers and systems like audit and vigilance, which are designed for mere procurement, engineering and operational services, are inadequate to handle this challenge of fighting a technology war.

Very innocently they can walk into the trap of “collaboration”, an euphimism, actually to take away your hard earned developed technology!

To protect against such loss of very precious property that Konkan Rly got from me, I have been thinking since that case of GE trying to enter Konkan Railway to collabotate on ACD, was referred to me.

A policy protection is needed for the officers who are dealing- as well as for the organization to guard against this technology war.

First and foremost is that is there a conflict of interest in such proposal? If with our technology we can achieve better results than the company who wants to come in, then for what value addition we are considering the case?

Is there any proprietary technology being offered to you, which you cannot do without, to enhance our technology? If yes, then only one may consider after due diligence, but other wise, why choose a company who wants to access into your technology?

Taking the specific case of GE, more as an example, on what basis this company is chosen? Normal Government prudence dictates that some objective bidding process is required to do any business- else open offers to collaborate have to be made! Then what is it that Konkan Railway is looking for specifically- has to be defined and value additions made out and proprietary nature of the offer of technology established with due diligence and certifications by the concerned officers, for audit and vigilance trail.

World’s first technology development effort will always be sought to be sabotaged or hijacked by the competitors, and if our officers are not vigilant enough, the country’s interest will be compromised.
Technology development is hard work and there is no soft option. The procures’ mentality and systems are inadequate for this effort.

To protect interest of our company and people of our country, to whom I have given this property, I tried to create a system in which stakes are created for the principal technology custodians- technology cannot be developed with in house resources, after all, service officers are not having these skills- to get the IT inputs, hardware sourcing, improvements and fine tuning the hardware components to meet our requirements, integrating the software with the hardware, needed multifarious skill and expert inputs, a government organization can ill afford. But when we use private agency, danger of losing the technology is dominant. To protect against such eventuality, I consciously created stakes for working with Konkan railway only- and assure a continuing business relation ship with one chosen partner. While choosing the partner, a competitive offer was made within our country- more informal which included an MNC too, and production of reasonable prototype within a short three months, was treated as the success criterion to have a chosen partner.

In fact the problems and concerns of such cutting edge technologies, where specifications are fluid and development process redefines continuously the designs and specifications- are detailed in a note of mine filed in the office. Normal procurement policy cannot apply to innovations and development.

Once the development process reaches a take off stage, then too many pressures will come to steal the property, and innocently our own officers fall into the trap.

It is all the more dangerous if new entrants are there in the company, making decision with pure railway background, who will try to take a decision, without realizing that actually, they are fighting a technology war!

Once our officers realize that they are in war to create wealth for our country, with those who want to create wealth for their country, then they will be more careful to protect our intellectual property.

Obviously, this property being our country’s, the arms of Government agencies charged with the responsibility of protecting Government interest, certainly watch out. I request that our good officers may be counseled in writing with this letter, so that innocently, they may not walk into a trap, not following even the minimum requirements of procurer’s diligence of covering the Vigilace and audit concerns.
Technology development by us, when commercial interests of established major foreign companies are adversely affected, the organisation has to be doubly careful, to protect the self-interest.

Yours sincerely,


Dr K.K.Gokhale
Managing Director/ Konkan Railway Corp.
Navi Mumbai

Saturday, December 03, 2005

Preventable Railway Accidents

In 1999 I felt shaken emotionally when our railways were suffering from a spate of dangerous collisions, killing too large a number of passengers who entrusted their lives to us. In 90 days flat, I produced a prototype to show that we can prevent collisions and christined the same as ACD and patents were granted all over the world to me as inventor, the rights for the royalties assigned by me to the country through the Konkan Railway.
The networked intellegent system is unique in the world, more misunderstood by those who are accustomed to handling conventional hard wired systems. So it has been positioned as an additional layer to the existing systemof train control, NOT replacing any of the existing systems. I lost too much time only in the process of convincing people in authority than in actual development! Fortunately today we are in the position to see the results of implementation over 5 years, and nearly 2500 km are covered.
With ETDC - a premier Govt of India testing body certifying the system to be functioning as per the Functional requirement specifications, provided the field survey for tuning the system and installation at site is done correctly- the design and functioning features are well established, to cover almost close to 63000 km route of Indian Railways. Some special case of multiple lines- can be soon covered after developing some special features in the software- but one must note that the product with Lloyds quality certification and ETDC system verification and certification can be implemented on 63000 km of route.
To insist that we must have perfect product to cover even the multiple lines now tself before clearing for other fit routes , will only delay the implementation.
In all trials and tests by the ETDC for the integrated software and hardware fuctioning in networked atmosphere, 100% performane was assured for the critical accident prone scenarios. By implementing with more precise survey and tuning of parameters, it is not difficult to achieve 99.5% fuctioning in real time networked ACDs.
The recent accidents of collision as well as the loss of lives because of breach of railway affecting tanks, can be prevented with already proven ACD technology coupled with inclinometers, tested and proven on the Konkan Railway.
It is matter of anguish for me that inspite of having world class technolgy, satisfying the prescribed international norms, incorrect perception and wanton mis-representation of data, and the wrong prioratisation - causing unpardonable delay and deny the affordable protection to at least the 63000 km of our routes!
Our hard working railway men and the trusting countrymen who avail our services, desrve better deal from us.
Improvements will continue, and being a software based product, the investments are protected and will not become obsolete.
It is time to act for all the right thinking persons- and I pray that the hard work done by not only by me but all my colleagues and the industry, to create the world class product, serves to prevent the typical accidents which occured now. These are preventable.
B. Rajaram M. Tech., FIE., FNAE
Indian Railway Service of Engineers (1970-2005)
CE(Goa), Dir(Project) & MD Konkan Railway Corporation Ltd.,( 1990-2005)
My mobile: +91 9346 55 55 50
Land Line: +91 40 274 00365
USA: +1 703 796 0225
+1 703 835 9025 Personal with Voice