Game-changing lessons from Denmark

The traffic control centre in Copenhagen, Denmark.

Lessons from the digitisation of the Danish rail network have the potential to revolutionise the digital transformation of rail globally, writes Mark Fielding-Smith.

The Danish National Signalling Programme is currently delivering the first ever national rollout of the latest version of the European Traffic Management System (ERTMS). There are some key lessons that can be learnt from this 14-year £2.4bn game-changing programme as it introduces new digital technologies onto live operational railways. 

As governments everywhere wrestle with enhancing capacity on their networks, while delivering new standards in reliability, safety and value for money, Denmark has a lot to teach us. This is particularly true of the value of implementing a whole systems approach and integrating cybersecurity into the safety approvals process. 

Banedanmark, the Danish railway operator, retains responsibility for the integration of the systems with the support of a joint venture of Atkins, Rambøll, Parsons and Emch+Berger. From the outset, the team focused on how to effectively reduce potential risk and identified the need for a joined-up approach to the development of systems architecture and systems engineering. Previously, applications and asset owners could make independent decisions without considering their overall impact; now all change is coordinated centrally from a whole-systems view and agreed across all relevant stakeholders, applications and interfaces. 

A key element has been the creation of a systems integration lab, allowing the simulation of digital scenarios, prior to their application to the rail network. The Joint Test Lab, established to flush out integration risk early, has become a successful model of collaborative delivery. A wide range of equipment has been co-located or simulated to ensure radio block centre integration works first time, and that the handover between the two traffic management systems is seamless.

Not only does this deliver significant value by identifying and enabling the early resolution of digital integration issues, it also significantly reduces the time needed for possession of the railway, reducing inconvenience to passengers.

This is also the first time that the common safety method (CSM) has been applied on a national rollout and many lessons have been learned. It is important that the CSM Risk and Evaluation assessment and safety approvals process are clearly defined early and understood by all stakeholders and suppliers. 

Cybersecurity is critical to the safety and availability of digital solutions and needs to be incorporated into the safety case approach to ensure driver and passenger safety is maintained by containing the impact of cyber incidents. The stated policy, strategy, processes and assurance are central to the CSM and the advice provided to the operating organisation regarding the security of assets throughout their lifecycle. 

This system-wide approach has meant working closely with the suppliers to ensure their systems are compliant. Where the cybersecurity scope is outside that of the suppliers, the team has completed the design and implementation of the system to include extra monitoring, technical controls and firewalls as required.

We have found that connecting IT and operational technology systems requires a different strategy and the addition of further features to the standard IT data protection. The primary challenges identified include the need to connect with legacy systems which are not built for secure interconnection, the requirement to connect to external stakeholders’ systems and the adoption of commercial off-the-shelf IT solutions. 

The creation of an offline digital twin simulation, replicating the operational system, will be essential for facilitating integration and testing software changes. This will be used to test and strengthen cybersecurity throughout the life of the system, adapting to the changing cyber threat landscape.

Finally, for effective cybersecurity, there needs to be a certification system governing which software can communicate across the fixed and mobile network. This is best implemented through Online Key Management to semi-automate the rapid, comprehensive and efficient distribution of these authorised codes to all train-borne and trackside ERTMS and IT components.

For the UK and other countries which are actively pursuing digital rail programmes, it is important to expend effort early to identify and mitigate any integration risk posed by using systems architecture, modelling, simulation, systems integration facilities and validation on test tracks. This will minimise the late discovery of issues which could reduce the availability of the operational railway and give assurances as new digital technologies are introduced to the railway for the first time

Mark Fielding-Smith is client director for digital rail products and services, Transportation, at Atkins. The article was written with support from the Atkins Denmark team.