Federal Railroad Administration (FRA), Department of Transportation (DOT).
Notice of interpretation.
FRA is issuing this notice of interpretation to inform interested parties of its position regarding the implementation of digital electronic remote authority delivery systems that permit authorized users to electronically request, obtain, and release authorities to occupy controlled tracks. These activities are classified as safety-critical functions, and may interact with the functions of train control systems and dispatching procedures. Depending on the functionality and complexity of these systems, railroads seeking to implement digital electronic remote authority systems may be required to comply with Title 49 of the Code of Federal Regulations (CFR) Part 236, Subpart H (Subpart H). This notice classifies digital electronic authority delivery systems based on their functionality and identifies categories of systems that are subject to compliance with the requirements of Subpart H.
You may submit comments to Thomas McFarlin, Staff Director, Signal and Train Control Division, or Olga Cataldi, Senior Electronic Engineer, FRA Office of Safety Assurance and Compliance, by facsimile (202-493-6216) or e-mail (firstname.lastname@example.org) or (email@example.com). Comments may also be submitted to Kathy Shelton, FRA Office of Chief Counsel, by facsimile (202-493-6068) or e-mail (firstname.lastname@example.org).Start Further Info
FOR FURTHER INFORMATION CONTACT:
Thomas McFarlin, Staff Director, Signal and Train Control Division, Office of Safety Assurance and Compliance, FRA, 1120 Vermont Avenue, NW., Washington, DC, 20590 (telephone: (202) 493-6203), e-mail (email@example.com); Olga Cataldi, Senior Electronic Engineer, Office of Safety Assurance and Compliance, FRA, 1120 Vermont Avenue, NW., Washington, DC, 20590 (telephone: (202) 493-6321), e-mail (firstname.lastname@example.org); or Kathy Shelton, Office of Chief Counsel, FRA, 1120 Vermont Avenue, NW., Washington, DC 20590 (telephone: (202) 493-6063), e-mail (email@example.com).End Further Info End Preamble Start Supplemental Information
With technical advances and the wide availability of wireless communication technology, a number of Class I and short line railroads have been developing and, for the past several years, implementing a variety of software-based applications for the electronic delivery of digital track authorities to roadway workers. Software-based digital communication between railroad workers and the dispatch center has proven to be an effective alternative to voice communication with the dispatcher via radio. Digital communications may potentially result in significant increases in safety by eliminating delivery or read back errors associated with voice communications. Digital communications may also increase the effectiveness of railroad operations and track maintenance resources utilization by significantly decreasing the time associated with obtaining and releasing track authorities. These potential operational and safety benefits are prompting railroads to extend the use of wireless data communication to digital transmission of track warrants to trains. Further, railroads are seeking to extend the functionalities associated with the digital communication of authorities to roadway workers and train crews to include the auto-generation and issuance of authorities, excluding any involvement of the dispatcher.
The regulations contained in 49 CFR Part 214, Subpart C, which currently govern the delivery of authorities for exclusive track occupancy to roadway workers, do not specifically address digital communication between the dispatcher and the employee in charge. Currently, 49 CFR 214.321(a)(1) requires that all authorities issued to a roadway worker in charge be given by the dispatcher or control operator who controls train movement on that track.
The digital delivery of movement authorities to train crews is addressed in 49 CFR Part 236, Subpart H. This set of regulations prescribes the minimum safety standards for the development and operation of processor-based signal and train control systems. As stated in the preamble to Subpart H, FRA purposely left the term “train control” undefined, as advances in technology supporting these systems would make any definition of the term “train control”, or any list of train control systems and associated features, “undoubtedly outdated” in a relatively short period of time. See 70 FR 11052, 11066. Therefore, the requirements contained in Subpart H apply to “safety-critical products”, which include systems that provide safety-relevant information on which crews are expected to rely. See 49 CFR 236.901. However, FRA emphasized in the preamble to the rule that “[o]ther systems providing safety-relevant information on which crews are expected to rely will also fall within this term”. See 70 FR 11052, 11066. In regard to dispatching systems, a centralized computer-aided train dispatching system being a part of an “office system” may also be subject to Subpart H compliance, if “it performs safety-critical functions within, or affects the safety performance of, a new or next generation train control system.” See 49 CFR 236.911(c).
FRA recognizes that its current regulations do not clearly address the auto-generation and digital communication of authorities to roadway workers and locomotive engineers. FRA is currently taking measures to augment existing regulations to more clearly address these functionalities. For example, FRA, with the participation of the Railroad Safety Advisory Committee, has explored appropriate conditions for the digital transmission of authority to a roadway worker in charge. In light of these discussions, FRA expects to include specific concepts in a notice of proposed rulemaking for revision of 49 CFR Part 214, Subpart C. Further, FRA has been in discussion with the Association of American Railroads regarding the need for general standards to ensure the effectiveness and security of wireless communications particularly Start Printed Page 51897in the field of train control. Pending the issuance of regulations and other actions in this area, FRA believes that it is both necessary and appropriate to clarify the existing regulatory requirements applicable to the auto-generation and digital delivery of authorities. The following discussion is intended to provide that clarification.
Classification of Digital Electronic Remote Authority Delivery Systems
Software-based digital electronic remote authority delivery systems can be classified based on their purpose, and the level of dispatcher involvement as follows:
- Roadway Worker Protection (RWP) systems (deliver track occupancy authorities to a roadway worker in charge).
- Remote Authority systems (deliver track occupancy authorities to a roadway worker in charge and movement authorities to a train crew).
By dispatcher's role:
- Dispatcher generated (or dispatcher confirmed) authorities
- Automatically generated authorities (these authorities may be generated by the system itself, by a computer-aided train dispatching system (CAD), or as part of a positive train control system).
Remote Authority and Roadway Worker Protection systems can both be used in signaled and non-signaled (dark) territories. These systems can operate as either an autonomous dispatching-type system or as an overlay to an existing method of operation. Based on the classification given above, FRA has identified four distinct categories of digital electronic remote authority delivery system functionalities:
1. Electronic transmission of authorities to roadway workers with dispatcher's electronic confirmation;
2. Electronic transmission of authorities to train crews with dispatcher's electronic confirmation;
3. Automatic generation and electronic transmission of the authorities to roadway workers without dispatcher's involvement; or,
4. Automatic generation and electronic transmission of the authorities to train crews without dispatcher's involvement.
While FRA fully supports the railroad industry's desire to implement digital electronic remote authority delivery systems, FRA also believes that to the extent such systems execute the necessary logic to generate valid mandatory directives or roadway work authorities, they are functionally forms of train control subject to Subpart H. Further, digital pathways embedded in conventional signal and train control systems, including communication-based train control systems, are relevant subsystems deserving of consideration within the context of Subpart H review. In the event of malfunction of any of these types of systems, FRA would expect each employing railroad to have operating rules in place that address reversion to voice or written delivery of authorities by the dispatcher, consistent with any applicable existing regulations.
The following discussion provides clarification on the applicability of FRA regulatory requirements to each category of digital electronic remote authority delivery systems.
Systems Performing Electronic Transmission of Authorities to Roadway Workers With Dispatcher's Electronic Confirmation
The software-based application (or processor-based system) belongs to this category if:
1. It serves as an autonomous office (dispatching) system in the absence of a CAD system, or as an auxiliary system interfaced with an existing CAD system, and is used exclusively for issuing authorities to roadway workers to occupy controlled tracks;
2. It allows the employee in charge to request, obtain, and release the authority to occupy a controlled track through wireless digital communication with the dispatcher or control operator in charge of the track;
3. Upon receipt of an electronically transmitted request from a roadway worker to occupy track, the authority is generated by the dispatcher or automatically by the application system (or by CAD) and is electronically transmitted by the application system accompanied by electronic confirmation of the dispatcher;
4. The dispatcher holds ultimate responsibility for the proper issuance of authority to roadway workers and for maintaining proper records of track occupancy by other authorized users; and,
5. The system server retains electronic records of roadway workers' requests for authority and dispatcher's entries of all authority granted by the dispatcher, including those issued to trains.
Such systems perform functions described in 49 CFR Part 214, although that part currently does not address means of authority delivery. These systems are not, however, subject to Subpart H because they only provide electronic transmission of track occupancy authority. The generation and release of the authority remains the responsibility of the dispatcher, as currently required by 49 CFR 214.321(a). Once the revision of Part 214 is completed, these systems may be subject to new requirements regarding electronic delivery of authorities to roadway workers in charge (related to security and authentication of the digital transmission).
Systems Performing Electronic Transmission of Authorities to Trains With Dispatcher's Electronic Confirmation
The definition of this category of processor-based applications (or computer-based systems) coincides with the definition given above for RWP systems, except the delivery of authority is extended to trains.
FRA has determined that the electronic delivery of movement authority to trains is a safety-critical function pertaining to train control systems. If the dispatcher is involved in the process of generating the authority or is confirming the CAD system-generated authority, and the closed-loop communication occurs between the dispatcher and train crew, FRA recognizes that the regulatory requirements for systems delivering authorities to trains should be the same as for those delivering authorities to roadway workers. FRA further recognizes that, if the system includes functions related to commanding or warning crews based on changing field conditions (e.g., in the same way a cab signal would “drop” if a circuit were deenergized by equipment rolling out on the main line), then the system is a train control application.
FRA utilizes the following criteria in determining the applicability of Subpart H to systems of this category:
1. If the content of electronic messages transmitted to a train crew are limited exclusively to movement authorities and other mandatory directives, the application system is exempt from compliance with Subpart H.
2. If the content of electronic messages transmitted to a train crew, in addition to movement authorities and other mandatory directives, contain warning or other enforcement commands impacting train handling, the application system must comply with Subpart H.
3. If the communication subsystem embedded in any new train control system is an integral part of that system, it is subject to Subpart H requirements.
FRA encourages railroads to arrange digital systems which communicate safety-critical information so that security of the messages is maintained and authentication of those issuing and Start Printed Page 51898acknowledging mandatory directives is established. Although use of digital transmission has the advantage of accuracy (avoidance of misunderstandings) and efficiency, insecure transmissions and lack of proper authentication could introduce new risks. FRA expects that, as this technology fully matures, industry standards will address these needs even more suitably than at present within an interoperable framework.
If Subpart H is applicable, the railroad shall submit an RSPP and PSP required by 49 CFR 236.905 and 236.907.
Systems Performing Automatic Generation and Electronic Transmission of the Authorities to Roadway Workers Without Dispatcher's Involvement
The processor-based application (or computer-based system) belongs to this category if:
1. It serves as an autonomous office (dispatching) system, in the absence of a CAD system, or as an auxiliary system interfaced or integrated with an existing CAD system, and is used exclusively for issuing authorities to roadway workers to occupy controlled tracks;
2. It allows the employee in charge to request, obtain, and release the authority to occupy a controlled track through wireless digital communication without the dispatcher's concurrence;
3. Upon receipt of an electronically transmitted request from a roadway worker to occupy track, the authority is generated automatically by the CAD system (or application system) and is electronically transmitted by the application system without the dispatcher's concurrence; and
4. The system server retains electronic records of roadway workers' requests for authority and all granted authorities, including those issued to trains.
Such systems are subject to compliance with Subpart H. The delivery of track occupancy authority to roadway workers without the dispatcher's involvement is considered a safety-critical function in the same way that control of train movements is safety-critical. This constitutes a basis for these systems to comply with Subpart H requirements. Railroads shall submit an RSPP and PSP in accordance with 49 CFR 236.905 and 236.907 prior to implementing any such system. Relief is also required from the requirements of Part 214, Subpart C, related to dispatcher involvement in the issuance of roadway work authorities.
Systems Performing Automatic Generation and Digital Transmission of Authorities to Trains Without Dispatcher's Involvement
The definition of this category of processor-based applications (or computer-based systems) coincides with the definition given in a previous section for RWP systems, except that the delivery of authorities is extended to trains.
Systems of this category are subject to compliance with Subpart H because the delivery of track occupancy authority to roadway workers and trains without dispatcher involvement is considered a safety-critical function of a train control system. Therefore, railroads shall submit an RSPP and PSP in accordance with 49 CFR 236.905 and 236.907 prior to implementing any such system.
Those interested in implementing systems that automatically generate mandatory directives, roadway work authorities, or other instructions or commands (executed by persons or equipment) bearing directly on the safety of train operations, are respectfully referred to Appendix C of 49 CFR Part 236, which outlines safety assurance criteria and processes that are relevant to such an undertaking.
FRA seeks comments on this notice from interested parties. Please refer to the Addresses section for additional information regarding the submission of comments.Start Signature
Issued in Washington, DC on September 4, 2007.
Associate Administrator for Safety.
[FR Doc. E7-17800 Filed 9-10-07; 8:45 am]
BILLING CODE 4910-06-P