Rail’s particular challenge with resilience

Author: Alexandra McGrath
Day: Aspect Day Two
Session: Design Resilience

This paper gives an outline of resilience engineering theory &
research, a summary of resilience legislation in Australia as an
example of the changing worldwide approach to risk, an
exploration of some of the specific challenges of rail, and case
studies drawn from how we have tackled these challenges in
Victoria. The field of resilience engineering asks, what is the
difference between a system that is vulnerable to a system-wide
cascading catastrophe, and one that has capacity to buffer or
absorb a trigger event, or resist, respond, and then recover? It
seeks to understand the behaviour of complex human-technical
systems under stress and crisis. It has built on theories of
ecology, behavioural economics, psychology and human factors,
and has drawn themes together alongside the Safety II (Safety
Differently) movement and decades of work in quality of practice
in medicine. A set of common traits or characteristics of resilient
systems have emerged across disciplines and scales of activity.
These include: Buffering capacity to absorb disruptions; Flexibility
versus stiffness appropriate to context, Monitoring of margin to
the performance/safety boundary, Tolerance at the boundary, ie.
graceful degradation vs rapid collapse, and Cross scale
interactions - Downward, how high level structures create or
resolve pressures and contradictions, and - Upward, how local
changes influence strategic goals. (from Hollnagel, Woods, &
Leveson (eds) ;”Resilience Engineering: Concepts and Precepts”,
Ashgate, 2006)In contrast, rail has a long history of systematically
preventing all previous catastrophes by eliminating the conditions
that led to each. Signalling systems have been treated as
complicated rather than complex: closed, tractable and
predictable. Behaviour is kept within modelled limits and
comprehensively tested before ‘going live’. Predictable behaviour
is the goal of our network rules, fail-safe and redundant design,
and governance via safety assurance. Cross scale interactions
tend to be downwards from leadership, and stringent controls
apply around:What work is done (e.g. Standards, plus deemed to
comply solutions for a particular context)How work is done (both
the direct design process, and assurance/governance e.g. via ISA)
And by whom (e.g. accredited competency of people, and safety
assurance of tools/automation). This has served us well for a very
long time.However, in recent decades, rail has been challenged
by the speed and low cost of technological change, greater
connectivity with external systems, and leaps of technology e.g.
in sensors, computing, predictive algorithms, artificial intelligence
etc.Rail is also no longer seen by governments or regulators as a
closed system, but as part of city, intercity or wider supply chain
infrastructure. It is exposed to greater external risk, and more
closely monitored. In many ways it is no longer complicated: it is
complex. Modelling is near-impossible, ‘emergent’ behaviours can
arise from apparently simple rules. The tools and structures we
use will need to become less prescriptive and more adaptive. This
paper uses real world examples to demonstrate how resilience
engineering may be a way forward.