Reflection on methodology of the correlation between electromagnetic interference and safety in high-speed railways

With the large-scale construction and continuous increase in operational mileage of high-speed railways in China, despite the gradual improvement in safety assurance designs, the escalating traction load, the addition of various locomotive types and other complex operational conditions are presenting an increasing number of safety hazards to the railway transportation system. These factors contribute to a more challenging electromagnetic environment for the signaling system’s operation.

The high-speed railway system can be regarded as an open, vast and intricate electromagnetic system consisting of strong and weak electrical components. The signaling system within it relies on microelectronic logic circuits and control software to generate, transmit and respond to signals, making it highly sensitive to sources of strong electromagnetic interference (EMI) (e.g., traction power systems, GSM-R mobile base stations, electric locomotives, etc.) (Yang, Chen, Chen, Cui, & Tang, 2019; Liu et al., 2020a, b; Liu et al., 2021; Yang & Liu, 2023). The impact of EMI and the propagation of risks among signaling equipment further affect the overall safety of the high-speed railway system. Operational statistics indicate frequent occurrences of faults in high-speed railway signaling equipment due to strong electromagnetic environmental interference. These faults range from impacting operational efficiency to posing threats to transportation safety, culminating in catastrophic accidents such as train collisions and casualties. Particularly, after the “7.23 EMU Accident on Yongwen Line” (China, 2011) caused by EMI from a lightning strike affecting the station’s train control center equipment (Wang, Wang, Roberts, Chen, & Zhang, 2017), there has been a heightened focus on improving EMI protection technology to enhance the safety performance of high-speed railway signaling systems.

Of notable concern is the rapid development in recent years of emerging information technologies such as artificial intelligence, big data, cloud computing, 5G and the Internet of Things, along with the construction and application of significant infrastructure and advanced intelligent equipment or systems. Adaptability to the electromagnetic environment and electromagnetic security has become crucial limiting factors for the reliable and safe operation of various intelligent equipment systems. In summary, to establish effective protection against EMI in signaling systems, assessing the impact of its safety hazards represents a key area worthy of further exploration and deepening within this field.

The research and standard systems concerning the safety of high-speed railway signaling systems are quite comprehensive. The international standard IEC 61508 (2010) for electronic and electrical equipment, including computer software and hardware systems, explicitly outlines universal analysis methods and evaluation systems based on the complete safety lifecycle. It defines metrics for system safety, specifically the safety integrity level (SIL). Furthermore, the European Committee for Electrotechnical Standardization (CENELEC) has established a comprehensive railway standard system that embodies safety principles (see Figure 1), which includes EN 50126 (2017), EN 50128 (2011), EN 50129 (2010) and EN 50159 (2018). These standards specify regulations for railway applications, covering (reliability, availability, maintainability and safety (RAMS), safety-related systems, software and communication signaling systems.

Referencing the above IEC and CENELEC standards, China has also formulated a series of corresponding reliability and safety-related standards, e.g., GB/T 20438 (2017), TB/T 2468 (2018a, b), TB/T 3133 (2006) and GB/T 21562 (2008), covering functional safety of safety-related systems, assessment of reliability requirements and RAMS for locomotive and vehicle electronic products. However, there is an overall lack of attention given to electromagnetic environmental factors, as well as shortcomings in interference-related risk assessment and analysis of potentially dangerous faults.

Generally, the analysis of reliability and safety of signaling equipment is closely related. From a definition perspective, reliability is elucidated as the probability that a product can perform the required function under given conditions within a fixed time interval (⁠$t1,t2$⁠) (IEC 60050–692, 2017). Safety, on the other hand, is generally understood as the absence of danger, threat and accidents (Yang, Yang, Cui, & Pei, 2017) (in this context, safety refers to freedom from faults). While these concepts are closely interrelated, they also exhibit certain differences. Musa (1999) suggests that safety can be perceived as a subset of reliability, indicating the possibility of safety risks even when the equipment operates reliably (e.g. the hazards and risks caused by electromagnetic environmental interference discussed in this paper). Furthermore, the definition of reliability and safety issues are as follows:

1. Reliability issues: when several components fail, causing the propagation of failures to other components in the system, resulting in an overall decrease in system performance;

2. Safety issues: system or component failures that propagate and lead to system losses or personnel injuries due to certain degree of failure consequences.

Due to the highly complex structure and functional units of signaling systems, they play a crucial role in conveying safety-related information within the entire high-speed railway system. Once the system or equipment fails, it could lead to severe, even catastrophic consequences. Reliability spans the entire lifecycle of signaling equipment, encompassing research and development, design, production, on-site application, maintenance and aging replacement. Compared to other fields, signaling systems, which are vital for the national economy and transportation safety, must meet higher reliability requirements. There is a certain research foundation both domestically and internationally for reliability analysis and related indicator calculations. Reliability techniques are also widely applied in the signaling domain to measure or enhance the safety performance of equipment/systems. Wu, Cai, and Lu (2019) used Petri nets to construct states and unit transitions based on different sensor information, proposing a reliability assessment method for train positioning units based on the Global Navigation Satellite System (GNSS). Chu (2018) established an internal component failure model using stochastic Petri nets and calculated the safety relay’s failure rate and reliability using Markov methods. Chen, Tian, Hillmansen, Clive, and Ning (2020) applied fault tree analysis (FTA) to propose a method for evaluating the reliability of a direct current electrified railway system. Zheng, Qin, Wang, Jia, and Zheng (2018) conducted a reliability analysis for the CRH2 high-speed train bogie system based on FTA and Bayesian network (BN).

However, existing efforts have shown relatively weak attention to the phenomenon of signaling equipment failures induced by EMI. Moreover, failure rates derived from reliability calculations may not directly translate to the impacts on safety. Additionally, identifying and pinpointing component/unit failures caused by electromagnetic environmental interference, as well as obtaining corresponding fault rates (also known as failure rates) and other reliability indicator parameters, are challenging to achieve in practical engineering. Therefore, it’s unfeasible to directly determine a quantitative relationship between interference levels and safety based solely on reliability assessments.

Existing research often considers system risk analysis as a part of system safety assessment, and risk assessment has become one of the most commonly used methods for evaluating safety. For instance, Lai, Zhong, Zhao, Qiu, and Liu (2021) focused on the safety elements of low-voltage direct current power supply systems, quantitatively assessing the risk of electrical shock. Zhang, Bai, Shi, Zhang, and Luo (2021) focused on the risk of lithium battery thermal runaway events, proposing and calculating relevant risk indices for safety assessment. Zeng, Bani-Mustafa, Flage, and Zio (2020) introduced a comprehensive framework for quantifying cognitive uncertainties in probabilistic risk assessment and validated it. However, existing studies typically rely on expert experience to assign risk levels, showing evident subjectivity and making it difficult to accurately and quantitatively derive objective weight vectors.

The “Fail-Safe” principle in railway signaling design (TB/T 2615, 2018) indicates that safety assessments of signaling systems should revolve around equipment failure modes and characteristics. When faults pose a threat to train operation safety, they are termed as dangerous faults. Presently, the most commonly used methods for risk assessment and calculation of dangerous faults rates employ the analytic hierarchy process (AHP). This method has seen partial application in the signaling domain. Wang and Yao (2020) constructed a risk index model for China Train Control System (CTCS)-3-level train control system equipment based on fuzzy AHP (FAHP) and laboratory decision-making methods. Liu (2017) integrated FTA and AHP to conduct comprehensive safety risk assessment of high-speed train braking systems. Yang et al. (2017) quantitatively analyzed the impact of EMI on the SIL of ZPW-2000A track circuit equipment using AHP.

In the application of railway signaling systems, even though decision analysts are experienced railway industry experts, the signaling equipment types vary across different lines and stations, exhibiting complexity in fault modes. Additionally, in the complex conditions of high-speed railways, the impact of the electromagnetic environment further complicates matters. Due to these factors, obtaining expert scoring data for a significant portion of equipment/failure types can be challenging. Hence, relying solely on expert subjective judgment to design an evaluation matrix with universality and high confidence becomes difficult. To overcome the significant limitation of the current methods being overly subjective, which can result in different evaluation results from different experts, it’s crucial to thoroughly analyze, classify and explore real EMI cases that affect safety performance on engineering sites. This approach allows for the effective rectification of latent risks related to fault modes. Simultaneously, improvements should be made to the risk assessment methods from multiple perspectives, thereby providing a reliable basis for obtaining and optimizing the risk weight vectors for signaling system risk assessment.

In conclusion, although domestic and international standard systems and related research have achieved some innovative results in ensuring and evaluating railway signaling safety, there is a lack of consideration regarding reducing biases caused by human factors. The algorithms and applications for safety analysis concerning high-speed railway signaling characteristics and complex electromagnetic environments still require improvement. Particularly, insufficient attention has been given to quantitative and strategic studies both domestically and internationally on the degradation of safety performance in signaling equipment caused by EMI. The quantitative correlation between EMI and safety has yet to be established. Consequently, there’s an inability to propose forward-thinking and guiding recommendations, especially under conditions where interference continues to intensify after further increasing the speed of high-speed railways (e.g., to 400 km/h). Given that risk assessment is a feasible means of transforming qualitative safety concepts into quantitative risk indicators, this paper takes it as an effective entry point to build a bridge between EMI and signaling safety and conducts innovative method research.

Fault tree analysis (FTA) is a traditional and mature technique for assessing complex systems, widely applied across various domains such as safety, reliability and availability analysis (Li, Jiang, Wang, & Wang, 2020). Research on fault tree (FT) models typically involves qualitative and quantitative analyses. The former aims to identify all combinations of basic events that lead to top-level failures to locate potential hazards within the system. The latter involves solving failure rates from the bottom up and calculating the importance of basic events.

FT models encompass sets of sub-events within a given system that could lead to predefined system events. They use logical symbols (e.g., AND, OR, NOT gates) to represent functional relationships within the system/equipment. Through symbolic connections, they visually depict probable combinations and sequences of sub-events that could lead to system failures, with the logical sequence flowing from bottom events towards the top of the tree, ultimately forming a graphical representation of failure modes. The specific modeling steps are as follows:

1. Analyze the structure and components of the system/equipment and gather relevant fault data from multiple sources.

2. Identify top events for system/equipment failures based on technical performance indicators.

3. Hierarchically and modularly construct the FT based on system/equipment schematics and reliability block diagrams.

4. For complex system/equipment FT models, simplify as needed through techniques like modular decomposition.

On the other hand, BN models provide bidirectional pathways for both forward propagation and backward reasoning for uncertain information based on Bayesian probability theory (Shi et al., 2020). Visually represented as directed acyclic graphs, they reflect causal relationships between nodes across different hierarchical levels by calculating probabilities along the directed edges. These models use node variables to represent event units and portray interrelationships among events based on conditional probability tables (CPT). It facilitates the transformation from FT to BN, enabling causal reasoning starting from the root node’s prior probability and inverse reasoning to pinpoint risk vulnerabilities based on given node posterior probabilities.

BN models consist of a directed acyclic graph $G=〈V,E〉$⁠, where $V$ represents the set of nodes and E represents the set of directed edges between nodes, along with CPT (denoted as $P$⁠) associated with each node, forming $B=〈G,P〉$⁠. For any BN model containing $n$ nodes, there exists a joint probability distribution, as shown in Eq. (1), where, conditioned on the parent nodes (i.e., nodes pointing to the child node $Vi$ and conditionally independent of any non-parent nodes of $Vi$⁠), $π(Vi)$ represents a combination of variable values within the parent node set $∏Vi$⁠.

The probability distribution obtained from existing experience and analysis serves as the prior probability, characterizing the “cause” events in the deduction process of failure events, primarily utilizing the law of total probability, as illustrated in Eq. (2). The probability distribution modified based on the prior probability and resultant information represents the posterior probability, corresponding to the “effect” in the “effect seeking cause” issue. The calculation rule is based on the Bayesian formula, as shown in Eq. (3).

where for any complex event $B$⁠, $Ai(i=1,2,⋯,n)$ forms a complete set of events.

where $P(A|B)=P(AB)/P(A)=P(A)×P(B)/P(A)$⁠, is the conditional probability of $A$ occurring when event $B$ occurs and $P(A)>0$⁠.

In summary, safety risk analysis based on FTA-BN primarily includes the following aspects: defining and decomposing the functional modular structure of the system/equipment, identifying basic elements within fault events and specifying direct dependencies among elements across different hierarchical levels. Subsequently, constructing the corresponding FT model and conducting qualitative as well as quantitative analyses. Establishing a BN-directed acyclic graph through mapping relationships, constructing CPT for each elemental variable conditioned on parent nodes, accomplishing risk predictions for “cause from effect” and investigating vulnerabilities for “effect seeking cause.”

To conduct risk analysis for the high-speed railway signaling system, it’s crucial to commence from the system equipment layer. This involves dissecting the structure and functionality of each module unit, computing pivotal reliability metrics like failure efficiency and pinpointing vulnerable areas within the system susceptible to severe consequences in case of failure. Specifically, employing FTA modeling aids in deducing failure propagation for specific fault events (base events) under defined conditions, outlining the logical connection between system failures and triggering factors. Simultaneously, by utilizing the Bayesian Network (BN) model, a directed graphical depiction of probability relationships is crafted, enabling both forward propagation and backward inference concerning uncertain knowledge of fault causality.

From a definition standpoint, risk assessment refers to acquiring the safety assurance level of an information system by identifying and assigning values to risk assets, threats and vulnerabilities (Roberts & Graves, 2020). Specifically, it involves qualitative or quantitative analysis of risk factors existing within the system and the potential for triggering incidents based on safety considerations. It primarily encompasses three aspects: system definition, risk analysis and risk evaluation, as detailed in Figure 2.

EN50126 (2017) defines railway signaling safety as a “non-intolerable risk,” while SIL specifies the safety integrity requirements allocated to safety-related systems (IEC 61508, 2010). In the high-speed railway signaling domain, safety-critical systems typically demand compliance with SIL 3 or SIL 4, e.g., trackside signaling equipment, cab signaling, etc. Non-safety-critical systems usually meet SIL 1 or SIL 2 requirements, like automatic train supervision (ATS), automatic train regulation (ATR), etc. The specific SIL allocations corresponding to requirements in the signaling systems are outlined in Table 1, while the risk assessment of signaling system vulnerabilities is based on the frequency-consequence matrix depicted in Table 2. Corresponding measures to eliminate associated risks are detailed in Table 3.

For risk evaluation, a crucial step lies in constructing an evaluation matrix aimed at obtaining the weights of various risk factors, enabling a comprehensive evaluation of complex and ambiguous information. Specific methodologies include AHP (Santarremigia, Molero, Poveda-Reyes, & Aguilar-Herrando, 2018), FAHP (Peng et al., 2021), gray relational analysis (GRA) (Wang, Wang, He, Bhamra, & Yang, 2021), artificial neural networks (ANN) (Na’amnh, Salim, Husti, & Daróczi, 2021), technique for order preference by similarity to an ideal solution (TOPSIS) (Seker, 2022), among others, each method presenting its own strengths and weaknesses. As outlined in Section 2.3, within the railway signal safety domain, widely applied methodologies like AHP (especially hierarchical analysis based on expert scoring) and its derivatives exhibit significant subjectivity in factor weighting, potentially leading to biases in computational outcomes.

In conclusion, to enhance the identification and assessment of safety risks associated with EMI, there should be a focus on algorithm design and innovative methods to quantitatively depict the correlation between EMI factors (the sources of electromagnetic risk) and high-speed railway signaling safety. Regarding this aspect, the authors addressed this by considering complex EMI in the high-speed railway environment as a risk factor impacting the safety performance of signaling equipment, conducting a series of theoretical analyses, algorithm designs and method innovations for risk assessment:

1. Liu et al. (2022a, b) focused on the safety requirements and characteristics of railway signaling systems in the context of high-speed railways, clarifying the advantages and disadvantages of subjective weighting and objective weighting methods in assessing equipment failure modes/safety indicators after completing the identification of vulnerabilities and their risk analysis. Building upon the hierarchical analysis framework, a comprehensive weighting method based on the maximum residual absolute value method and entropy method is constructed (detailed in Figure 3). This approach aimed to balance the subjective biases in expert decisions while ensuring data rationality.

2. Liu et al. (2022a, b) focuses on the complexity and diversity of signaling system failure modes in the context of high-speed railways. Recognizing deficiencies in traditional methods during practical application, it builds an ensemble learning model to develop an intelligent evaluation algorithm that reduces subjective and objective human biases, aiming to standardize and establish a risk assessment methodology based on fuzzy failure mode effects and criticality analysis (FMECA) (detailed in Figure 4).

3. Liu and Yang (2022, 2023) target the research needs concerning the correlation between EMI and safety in the complex conditions of high-speed railway signaling, employing supervised machine learning, deep learning networks and text mining techniques to establish a knowledge graph of railway safety incidents (detailed in Figure 5). Ultimately, they propose a method based on linking knowledge entities and their relationships to achieve quantitative risk assessment. This approach differs from previous ones, which relied on improving algorithms based on expert decision data to reduce human biases in risk assessment. Instead, it efficiently and intelligently utilizes big data text mining techniques to extract valuable information and decision-making experiences from historical accident reports, offering a new perspective to enhance risk assessment in signaling safety.

When signaling equipment encounters EMI, not only leads to its own performance degradation but also potentially triggers risks that spread throughout the system, ultimately endangering train operation safety. To quantitatively characterize and predict the safety implications of EMI in high-speed railway signaling equipment and systems, this paper reviews relevant research and draws from experiences to construct a risk assessment methodology incorporating hazard identification and risk evaluation.

On this basis, suppressing or eliminating the subjective human factors affecting the accuracy of risk level prediction or the objectivity of safety decision-making is the subsequent focus in optimizing the risk assessment methodology and exploring the relationship between EMI and safety. Additionally, designing and developing a practical, versatile and operationally strong analysis platform tailored to the actual engineering needs in the context of high-speed railway operations is crucial to transitioning this research from theoretical innovation to engineering application.

This work was funded by the National Railway Administration of the People’s Republic of China (No: N2023G001) and Shaanxi Luyide Railroad and Bridge Technology Co., Ltd. (No: W22L00520).