That tunnel operations are complex goes without saying, not least because they involve diverse parts and equipment. But they are complicated even further by being subject to human interactions over a range of operational and emergency scenarios.
In the case of tunnel ventilation control systems, although they represent a small proportion of the overall tunnel capital and maintenance cost, they have a major impact on operational performance and safety. It is therefore sensible to take a formal system engineering approach to the specification and design of such systems from the outset, with the objective of improving tunnel safety and reducing risk.
Major rail and construction projects are characterised by funding constraints, increased competition, greater complexity and reduced development life cycles. Accordingly, system engineering methodologies are increasingly being used on complicated railway industry projects involving multi-disciplinary design teams.
Tunnel ventilation
The principal tunnel ventilation functions requiring high levels of integrity are:
– ensuring a fresh supply of air through the tunnels when occupied by trains;
– controlling the flow and direction of air in stations and tunnels to aid evacuation;
– providing effective communications with control
rooms and emergency services to control smoke and extinguish fire.
A rail tunnel ventilation system typically comprises ventilation sections, ventilation shafts, fans, ducting, dampers, fire and smoke detection systems, station equipment, communication systems, train control centres, maintenance, procedures for safety and emergencies, and operational aids such as decision support systems (DSS).
There are many equipment interfaces between ventilation systems and external systems and also between ventilation system components. There are also numerous operational interfaces between controllers, drivers, maintainers, station staff, emergency services and passengers.
A ventilation section is a length of running tunnel between two ventilation shafts, or between a shaft and a portal. For rail tunnels, there are ventilation shafts at each end of every station. These shafts contain fans to provide forced ventilation to the running tunnels and stations, and a draught relief duct from each tunnel to surface. A typical ventilation shaft configuration is shown in Figure 1.
There may also be tunnel ventilation shafts in long sections of tunnel between stations, and to divide those tunnel sections into ventilation sections.
A look at some of the typical characteristics of the system gives an idea of its complexity:
– Control of the system may be manual or partly
automatic; when manual it may be carried out from a number of different locations.
– Each ventilation shaft may be in or out of
service, failed, partly operational or fully operational, or undergoing an automatic test or maintenance.
– Each shaft may supply or extract air from either or both running tunnels, at a variety of flow rates.
– At each ventilation shaft there are a number of fans, control equipment and dampers to direct airflow. Equipment types and capabilities may vary from one shaft to the next.
– Each section may require ventilation for cooling or, in the event of fire, for smoke extraction.
– The position of trains within the tunnel section is determined for ventilation control purposes by communication with the signalling system.
– There may be multiple trains involved in an incident,possibly in different running tunnels.
A decision support system may typically be used to aid the setting up of normal flow and direction patterns. If the ventilation equipment at one shaft fails while the tunnel is being ventilated, the DSS advises the operator of alternatives.
There are usually several possible sequences of events for controlling ventilation in case of fire in stations, trains and tunnels. These sequences would involve the control centre operator, station control operator, drivers, fire detection equipment, train detection equipment, signalling controls, emergency services, public, specialised tunnel ventilation control and monitoring equipment.
System engineering
System engineering is an interdisciplinary collaborative approach to derive, evolve, and verify a system solution that satisfies customer and stakeholder expectations and meets public acceptability and statutory requirements.
By adopting system engineering methods, projects can be delivered with higher performance and less risk. Such an approach also provides a rigorous, audited process, as required for the design of safety related systems. The main disciplines involved in system engineering are shown in Figure 2.
System engineering activities relate to the whole system life cycle from initial conception through to operations and maintenance. For example, at each stage of the project the requirements for operations and maintenance are considered.
A typical system engineering life cycle model, the V model, is shown in idealised form in Figure 3. This shows the stages whereby user requirements are developed into a system design and progressed through into procurement. As the system is built up, installed and put into operation, a process of validation is carried out at each stage until the system is finally validated against the original user requirements.
Because the promotion of safety is a primary objective of system engineering processes, they should be conducted in conjunction with safety engineering processes (such as those identified in standards IEC 61508 and EN50126). Because system engineering encompasses all aspects of a system, it also includes disciplines such as human system engineering and risk management as key elements.
Treating these disciplines in an integrated way reduces the probability of undesirable system behaviour. For example, it is generally recognised that system failure is often the result of human error. Despite trends towards more automatic control systems, human factors still play a vital part in the performance of a system and, in particular, in safety.
When system failures are examined, problems are often identified that could have been avoided by applying good system engineering practice. In particular, problems can be traced to poor requirements specification and management, failure to address interface issues, and inadequate risk identification and management.
The essential elements of a system engineering approach ensure that:
– on project start up, the project is broken down into well-defined phases;
– the objectives, outcomes, and conditions for successful closure for each phase are defined. This breakdown structure over time is referred to as the project life cycle model;
– the level and nature of risk for the project determine the life cycle model structure and associated activities;
– the approach for capturing all project requirements and managing them throughout the project life cycle is determined;
– process is defined to relate all design elements to specific individual requirements and;
– the process to verify that the intended and completed design meets the requirements is defined and planned.
Importance of requirements
A cornerstone of system engineering is establishing and managing requirements. These are defined at different levels, which can generally be identified as business, user and system requirements.
Business requirements represent the high-level objectives of the organisation(s) requesting the system; typically these are captured in the project’s vision and scope document. User requirements represent the requirements of all stakeholders in the system and identify what the system has to do.
System requirements represent a translation of user and business requirements into an objective, precise statement of intended system behaviour without prejudicing the design.
Requirements can be functional or non-functional. Non-functional requirements include, for example, safety and reliability constraints.
Once system requirements have been specified, the system design is then developed down to lower levels of detail. An important part of the system engineering process is ensuring there is correspondence between each requirement and each design element. Each requirement has to be managed throughout the project to reflect changes.
It is seen that the whole system engineering process is built around the requirements, so getting this wrong will mean that the delivered system will not satisfy its users and owners.
However, capturing all requirements in a clear, consistent, and unambiguous way is frequently not easy and often exposes conflicting aims of different stakeholders.
With a large number of possible events and many different possible scenarios that could arise in tunnel operations, it is difficult to be confident, purely from studying a textual specification, that the specification was complete or consistent.
In such cases, models and simulation studies can be invaluable. In particular, models developed early can help produce or verify requirements and these can be refined further as the system and detailed design is progressed.
An example of the process used to establish user requirements for a tunnel ventilation control system is described below.
Establishing user requirements
A number of iterations of informal discussion documents were produced and commented on by stakeholder representatives, including operators and maintenance personnel. The purpose of these was to expose the issues, promote thought and to serve as a prototype for some of the specification sections.
A draft requirements specification was produced based on the best available view of the desired functions of the system, as presented in the discussion documents.
A series of interactive computer models was developed. During development, the task of defining the required system behaviour in the precision needed to build the model raised a number of issues.
The models were defined with reference to known external interfaces of the system under development, such as train position messages received from the signalling system and the physical (input/output) signals from the fans and associated equipment.
The models were fronted by an animated graphical representation (see Figure 4) of the ventilation shaft equipment, the two running tunnels and the five underground stations. On-screen controls were used to introduce trains into either tunnel, to generate train movements, to initiate incidents such as station fires, train fires or platform overheating, to simulate equipment failure, and so on.
The engineer who produced the models had not been involved in the discussion leading up to the writing of the draft requirements specification. He was therefore able to focus on the document, rather than being tempted to make assumptions of what might have been intended. By looking with fresh eyes upon the system, he was able to highlight a number of issues to be resolved.
The models were then used to analyse the ventilation system behaviour under both normal and fault conditions.
The interactive models were demonstrated to the client’s engineers. System behaviour in a number of scenarios was investigated and used as a basis to refine the specification.
Once there was confidence in the model, it
was possible to revise the requirements specification using the model as a checklist. It was ensured that every event and system state depicted in the model had a clear counterpart in text form in the requirements specification, leading to greater precision of expression of the requirements.
Summary
In order to meet all user requirements involving complex, multi-disciplined systems, a system engineering approach is required that includes safety engineering, human system engineering and risk management within a common integrated framework.
Unfortunately, there is no simple “off-the-shelf” solution. Standards are available to help identify the system engineering processes but they need interpretation for each individual project.
This paper has outlined the case for applying system engineering principles to the development of complex systems such as tunnel ventilation control and, by example, has highlighted the important aspect of capturing and managing requirements.
For a fuller description of how system engineering can be applied to rail projects see reference 1.
Related Files
Figure 1: Tunnel ventilation
Figure 2: Scope
Figure 3: Typical life cycle model
Figure 4: simulation model
