Indian Railways Crew Management System lacks adequate Security Measures: CAG
New Delhi: The Comptroller and Auditor General of India has observed that the Crew Management System (CMS), a critical IT application of the Indian Railways lacks sufficient security measures to prevent unauthorised access to the system.
CAG in its latest report placed before Parliament found that the system lacked adequate control to ensure completeness, accuracy and validity of data pertaining to various aspects of CMS operations. “The CMS lacked adequate security measures to prevent unauthorised access to the system and uninterrupted operations,” it noted.
The crew management system (CMS) is a critical IT application of the Indian Railways which manages crew assignment to various trains and directly impacts the safety of train operations. The extent of achievement of the objectives of CMS was evaluated by CAG and the aspects relating to IT application controls, IT security, continuity of the organisation’s business, contracting issues, project management/monitoring and change management were also reviewed.
The national auditor noted there was no business continuity plan (BCP) to continue operations round the clock at lobby level. “There was no arrangement for remote backup of data and business continuity plan/disaster recovery plan at remote site was yet to be implemented. No procedure was devised for effecting changes in the software,” CAG observed.
The application aims at managing over one lakh drivers and guards to ensure round the clock safe operations of railways. The objective of this application was to improve the efficiency of train operations, effectively monitor crew and to comply with the safety requirements relating to crew management and to improve the financial management and monitoring.
With a crew of nearly one lakh drivers and guards labouring round the clock, 365 days a year ensuring the nation is not caught on the hop, Indian Railways is among the largest public transport employers in the world. A chink in its operations would mean only one thing: life comes to a standstill in the country. Among the many mission critical applications in the Indian Railways is the Crew Management System (CMS), a vital component in the smooth functioning of the human resource management arm of the mammoth organisation. Developed by Centre for Railway Information Systems (CRIS), the software and communications arm of the Indian Railways, CMS automates day-to-day business functioning by monitoring crew movement real-time, duty allocation, payment calculation and crew training in an efficient and transparent manner. This has not only improved the safety of train operations, but also reduced the operational costs by replacing the age-old manual system.
The Centre for Railway Information Systems oversees the computer and IT systems of Indian Railways — one of the largest government-managed rail carriers in the world. The center offers consulting and IT support services to the rail organization.
Challenge: The Centre for Railway Information Systems (CRIS) is the organization dedicated to managing the IT systems of India Railways — one of the world’s largest rail carriers. India Railways was struggling with the inefficiency of its manual employee scheduling systems. Far too often, train engineers and guards waited for hours to receive their daily assignments and, once assigned, were forced to work extra hours because adequate relief staff had not been properly scheduled.
Solution: CRIS, leveraging IBM software, deployed a crew management system that automatically evaluates employee skill sets against established train schedules to determine optimal staff assignments. And, because the system tracks the locations of working employees in real time, managers can easily shuffle assignments to accommodate any issues (such as a tardy or absent employee). Employees, in turn, are dispatched their orders via text messages as well as in-terminal kiosks. CRIS developed this crew management system internally, leveraging IBM Rational ®, IBM WebSphere ®, IBM Tivoli ®, IBM DB2 ®, IBM System x ® and IBM System p ® technology.
Classification of Loco Pilots and Guards on Indian Railways
How vigorous is the job profile can be noted from this very fact that the Railway recruits persons as ‘Assistant Loco Pilot’ . They work on freight trains for as long as 10–12 years. During this tenure they are supposed to work with experienced Train Drivers and perform only assisting work during the run of a locomotive i.e. a train. An Assistant Driver thus learns the tactics and dos and don’ts required for train operation. Thereafter they are promoted as ‘Loco Pilot Shunter’, after proper courses and practical trainings, wherein they are supposed to drive locomotives in sheds/yards at not more than 15 km/h speeds. After experiencing for not less than two years, they are promoted as ‘Loco Pilot/Goods’, who are always monitored by their respective ‘Loco Inspectors’.
A train has typical an Assistant Loco Pilot and a Loco Pilot on the Locomotive. The Assistants are normally common but Loco Pilots fall in various categories like Goods Drivers (or Loco Pilots used for running goods trains), Passenger Driver (Driver used to run slow moving Passenger carrying Trains), Mail Express Driver (Driver used to run high speed Passenger carrying Trains) and Rajdhani Drivers (Used for very high speed passenger carrying trains). There is yet another category of crew called ‘Shunters’ who operate only in yards, for moving trains within a particular station yard. Normally Shunters work alone without an Assistant.
The train at the rear end has Guards as its crew. They are categorised as goods guards, passenger guards and mail express guards based on the type of train on which they are working.
Earlier working scenario
The job of a Loco Pilot consists of irregular rest and working hours, eating disorders and sleep disorders. That is why the Railway spends a lot on their trainings and resting time. They are booked from a crew changing point, informed well in advance, after ensuring that they have taken sufficient rest and completed all required trainings and requirements, those are mandatory for train operation. At the end of the journey, they are sent to well maintained rest rooms, given meals (home cooked) and rebooked back to their headquarters after giving minimum stipulated rest.
Centre for Railway Information Systems (CRIS), an IT development unit for Indian Railways, has developed a software named ‘Crew Management System’, wherein bookings of this sensitive category of people, which was done manually till now and monitored at various levels by Inspectors and Officers, is arranged through software. Crew Management System(CMS) is a unique system in which accuracy and monitoring is automatically maintained. The software system was rolled out in December 2007 and already installed at about 2200 data entry nodes at over 290 crew booking points. These are spread over entire Indian Railways. CMS at present has a database covering 89,000 crew members and over 30000 crew members are being booked daily through the system. The work has been completed and provided with Thin Clients connected to a server cluster at CRIS, wherein all the functions like crew bookings, call served to crews, their signing on duties are done through computers after ensuring their rest,training and medical particulars. The job which was done manually till a few years back is now monitored automatically. Not only it has a single data base of all the running staff of Indian Railways, but also have an all around reports(more than 500 reports of these crews are visible to the monitoring authorities of the Railways). All the officers sitting in their offices can monitor performance reports of the train operating staff. This enhances the performance planning by the officers. The Ministry of Railways is also doing a great job by motivating such projects and giving sufficient funds for same. A Project which was initially started in Nov 2006 with a team of 5-6 software persons is now managed by a GM rank officer with a dedicated team of inhouse software developers and domain experts, who are basically attached to driving jobs since the last 15–20 years. The system caters for All gauges BG, MG, NG now.
Brief technical particulars
The CMS software is Industry standard software using middle ware and products, hardware components and LAN/WAN network components. The business transactions are transacted so as to provide timely information with increased productivity and reduced paper work to a great extent at the lobby locations. The CMS system is being implemented in the Railways Lobbies at 306 lobby (Location where Railways crew are booked) locations with touch screen along with biometric devices for Sign-On/Off of crew from their duties. The CMS software uses FOIS and Railways network with adequate provision for security in the system so that it is not be vulnerable to hacking from outside. It also has on-line application processing (distributed) & data inter-viewing at the Divisional and Zonal offices.
The different applications of CMS require various levels of organization hierarchy to access it via a web browser. This application extends to various stakeholders and provides a single window interface to the Train Crew.
The CMS software is a centralized architecture using n-tier Java EE architecture with Web Services/Struts framework which works in online mode. All the stakeholders access the applications after user authentication and authorization. The solution has high scalability, flexibility, reliability and is complaint to industry Open Standard specifications. The software solution is :-
Compliant to n-tier Java EE architecture.
Seamless integration of enterprise systems with the existing business applications.
Single sign-on feature.
Open-standards platform supports web service.
Extending existing applications for multiple devices.
Utilizing full advantage of device features for management and interactions from a central location i.e. CRIS.
End to end linux based System.
Browser access via kiosks and thin clients access.
Comprehensive data validations during capturing.
Industry standards security features.
Interface with SMS gateway for information dissemination and verification.
Online pre-formatted and flexible period report generation.
Highly flexible and high available solution with 24 x 7 uptime.
Content sensitive help
The software is in house software assisted by IBM & HCL in the designs and performance optimisation of the software. These steps are primarily for ensuring a robust and scalable architecture that conforms to open standards and promotes inter-operability duly taking care of the security concerns. The design and implementation of the CMS is expected to lead to the evolution of a truly robust architecture based on the principle of inter-operability and open standards.
The Crew Management System software has a unique feature of booking the crew through SMS. It is sent to the crew through the central database to serve it a call.If the crew acknowledges the call by sending back an acknowledgment through SMS, the crew is booked. This is done for those crews who reside farther than 7–8 km from the crew booking location, else a call boy is sent for the same.Thus the software facilitates faster crew booking.
System generated alerts are also sent to the required personnel in the following manner:-
Morning position of crew strength at various crew booking locations.
Alerts for crew strength at particular crew booking point going below a critical limit.
Automated alerts for their nominated Inspector, for crew becoming due for monitoring.
The crew can have his personnel information like turn of crew booking, Status, PME, Mileage and other Training due dates on his Mobile.
Congratulations on birthdays to crew members of whom date of birth are with the database.
Biometrics sign on/off feature
With the help of the Crew Management System software, sign on/sign off of crew members has become extremely easy. At the lobby, they are provided with Kiosks, where they use their thumb impression to sign on/sign off.This has removed the need of their signing in registers or remembering passwords. It is very user friendly and easily adaptable by the crew. Also, it has increased security and authentication as it eliminates the possibility of Proxy reporting.It is legally binding. Now BA (Breathalyzer) capabilities are being added to Kiosks.It is very important from the point of view of safety running of the train. Herein, the crew blows from his mouth into the device, and if there is any alcohol content found,a thorough check is done.
Central server architecture
Central server architecture consists of a set of 13 server which work in unison. Users access the CMS applications via browser interface. As per the CMS application requirements, the application is deployed in centralized environments with online LAN/WAN (FOIS) connectivity. The CMS system supports the stakeholders and has a centralized architecture based on the deployment pattern. The CMS system supports the browser-based clients originated from respective places. The details of servers are:
Edge Server in Active / Passive cluster mode.
Web sphere ND in cluster Mode at OS as well as Application mode.
Database servers in Main Standby Cluster mode.
Tape Back up in LTO
SMS server to upload the smses to SMS gateway and response to the incoming smses to the clients.
LDAP directory server for user Authentication and security also in cluster
Computerization of Crew Management System
All crewing information is readily available through a common data platform.
All offices are synchronized at all times.
Graphical User Interface for planning as well as for running daily operations with full checking mechanism.
Time saving: crewing and payroll data need only be entered once.
A combined system for crewing and payroll saves time and money.
Balanced scheduling efforts more efficiently by offering managers clear, real-time insight into the skill sets and locations of employees
Automated employee assignments, avoiding staffing shortages and overtime expenditures even if employees are late to work or absent
Encouraged increased public safety by controlling rail access with biometric login systems and by controlling shift lengths to prevent overworking staff
The software solution automates the day-to-day business functions of the crew thereby providing information of their status, rostering their duty allocations, providing information on the availability of crew at their home station and assigning crew to the trains. All this leads to better crew management. CMS has been developed to bring in transparency and greater accuracy of information so that decision makers can take effective business decisions to control crew and optimize on crew utilization. It provides for global tracking of all the crew on the CMS system in real time whether the crew is on train, resting at HQ, resting at outstation, on leave or training.
The system gives the planner optimum flexibility to construct highly efficient crew duty blocks resulting in improved crew utilization based on all national and company legal requirements. This can create corresponding reductions in manpower and costs. The solution architect for the CMS Solution is Environmental friendly and has been designed in such a way that the CMS uses the TFT and thin client technology which saves lot of power for each crew booking locations over the conventional PC’s and CRT monitors based system.
CMS is fully integrated, it maintain complete overall day-to-day administrative and operational control of the total crew resources throughout Rail route network. Quickly identifies additional crew resources to meet unforeseen situations. Availability, priority of presentation and any restrictions are listed in accordance with User-defined rules. Automatically identifies illegal or unqualified crews in accordance with pre-defined User rail regulations. Automatically generates crew schedule.
CMS database holds all the necessary information about each crew member including: basic data such as name, address, gender, nationality, date of birth and phone numbers
personal skills such as language speaking and professional skills such as the types of Crew and trainers’ qualifications complete record of promotions – changes of rank, Keep a record of all training taken and the dates when they need to be renewed.
To break the monotony of crew while waiting for their turn at the crew booking lobby a quiz has been provided. QUICK implies Quiz for Improving Crew Knowledge. This is a crew knowledge evaluation and improvement Game.