SIL 4 safety relays, one of the most critical safety components in railway signaling projects, create substantial procurement risks and cost pressures due to the market structure. This report analyzes the monopolistic nature of the current market, the two primary architectural approaches namely “Component-Level” and “System-Level”, and the impacts of these approaches on the 5-year Total Cost of Ownership (TCO).

Key Findings

• Market Monopoly: The “plug-and-play” (Component-Level) SIL 4 relay market is dominated by a single manufacturer (Clearsy); this situation creates high costs and procurement dependency.
• Architectural Shift Opportunity: The “System-Level” architecture constructed with industrial relays and safety PLCs offers a cost advantage of over 50% in the long term, despite the initial investment in engineering costs.
• Critical Turning Point: The biggest obstacle to market transformation is not technical, but rather the shifting of the responsibility for preparing the Safety Case from the supplier to the integrator, and the acceptance of this new model by the end-user.

Market Structure and Product Ecosystem

Relays used in railway safety should be evaluated in three main categories based on their certification and design philosophies.

Product Categorization Matrix

Technical Taxonomy of the Market and Product Families

Relay technologies in the railway signaling market are divided into two main classes based on the source of their safety mechanisms. This distinction directly determines the procurement strategy and the engineering burden.

Vital Relays

Representative: Clearsy RS4 Series Characterized as the comfort zone of the market, this product group guarantees safety through physical laws.

• Technical Basis: Gravity Fail-Safe principle. When the coil energy is cut off, the opening of the contacts is entrusted not to spring force, but to gravity and mass weight.
• Certification: The component is standalone SIL 4 certified.
• Commercial Characteristic: Very high unit cost and single-source dependency.

Industrial Safety Relays

Representatives: Arteche FF, Dold OA, Finder 7S Series These components act as the fundamental building blocks of system-level architecture.

• Technical Basis: Forcibly guided contact structure and spring-return mechanism compliant with the EN 50205 standard.
• Constraint: They are not SIL 4 on their own. They require external active monitoring against the risk of contact welding.
• Commercial Characteristic: Low unit cost and multiple supplier alternatives.

System-Level Architecture (Strategic Alternative)

This approach is not a product, but an engineering methodology.

• Philosophy: Safety by Design.
• Execution: Multiple industrial safety relays are combined in a redundant architecture (e.g., 1oo2).
• Safety Layer: Software covers the hardware’s vulnerability. Through a readback loop established via the safety PLC, the system is elevated to a safety level equivalent to component-level SIL 4 relays.

Architectural Paradigm: Where is Safety Located?

The fundamental difference between the two approaches is whether safety is confined to a purchased physical component or dispersed throughout the entire system design.

Approach A: Component-Level Safety (Clearsy Model)

This model relies on the certified black box principle.

• Internal Oversight: All diagnostics, redundancy, and safety logic are embedded inside the sealed unit before it leaves the factory.
• Integrator’s Role is Passive: The integrator simply sends the command. They do not have to worry about whether the relay contact is welded, the health of the coil, or the internal mechanism. The product handles this internally.
• Result: Safety is purchased as a product.

Approach B: System-Level Safety (Engineering Model)

This model relies on the architectural oversight principle.

• External Oversight: Safety resides not in the relay itself, but in the PLC software managing it. Standard industrial relays are used, but they are not left unmonitored.
• Integrator’s Role is Active: The integrator must establish a mechanism called a readback loop. Before the PLC issues a command to the relay, it physically verifies whether the relay successfully returned from the previous command.
• Result: Safety is constructed as a process.

Summary Comparison: Responsibility Matrix

Economic Analysis and Break-Even Point (TCO)

A 5-year projection based on an annual requirement of 1000 safety functions reveals the dramatic cost difference between the two approaches.

Cost Data

TCO Break-Even Analysis

Chart Analysis: Although the System-Level approach starts higher initially due to the one-time engineering cost, it passes the break-even point within the very first year thanks to dramatically lower unit costs, providing a savings of ~€1.45 Million at the end of the 5th year.

Strategic Recommendations

In light of the market’s current state and economic analyses, the recommended hybrid transition strategy for integrator firms is:

Short Term (Defense): Clearsy usage should continue in cases of customer insistence or project urgency. This minimizes project risk.

Medium Term (Preparation): Arteche/Dold-based system architecture should be applied in pilot projects, and the Safety Case documentation of this architecture should be matured. Independent Safety Assessor (ISA) approval must be obtained at this stage.

Long Term (Breakthrough): The matured and approved system architecture should become the standard solution in all high-volume projects. This will maximize the firm’s competitive strength and profitability.

Conclusion

The use of component-based SIL 4 relays (the Clearsy model) in railway signaling is a commercial comfort zone preference rather than a technical necessity. For organizations with high engineering capabilities, the System-Level approach is not just a substantial cost advantage, but a lever providing supply chain independence and strategic flexibility.

The core to the transformation is not the excellence of the technical solution, but rather the ability to correctly prove the reliability of this solution to the customer through the Safety Case and independent assessor approval. Brands like FEST, which previously operated in Turkey, have competed by bringing such required relays to the market. Today, with a new brand and formation, this process can certainly be advanced once more.

Recent intelligence from the field indicates that local engineering firms are preparing to design their own safety relay architectures to offer CENELEC-compliant standard solutions to the Turkish market at highly competitive and affordable prices. We sincerely hope that such visionary initiatives will succeed in significantly breaking foreign dependency and introducing much-needed flexibility into the monopolistic supply chain.

References

• EN 50129: Railway Applications – Communication, signaling and processing systems
• EN 50155: Railway Applications – Electronic equipment used on rolling stock
• EN 50205: Relays with forcibly guided (mechanically linked) contacts

Related Links

 Related Article: → Vital vs. Forcibly Guided: Engineering Analysis of Relay Technologies

Last update: March 2026 | Version: 1.1

Global railway networks are exposed to multidimensional physical threats, ranging from economically motivated theft correlated with commodity price fluctuations to asymmetric sabotage risks triggered by geopolitical tensions. This study examines the statistical distribution of security threats, material-based attack vectors, and the methodology of deducing perpetrator motivation from field evidence, utilizing Open Source Intelligence (OSINT) data, UIC (International Union of Railways) incident analyses, and LME copper price movements. The acquired data indicates that railway security is transitioning from a mere public order issue to a national critical infrastructure security framework.

Key Findings

• The Security Paradox of Material Transition: The technological transformation of infrastructures (the shift from conventional copper architecture to a fiber-optic communication backbone) fundamentally alters the current threat profile.
• Motivational Distinction: While copper theft (90-95%) is an action driven by the economic value of physical material (scrap sale), fiber-optic sabotage is a strategic intervention directly focused on creating system blindness and aimed at operational disruption.
• The Role of Forensic Field Analysis: Accurate interpretation of physical signs left at the crime scene (e.g., missing hardware vs. targeted incision) is the most critical parameter in determining the nature of the action (economic crime or asymmetric sabotage).
• Hybrid Processes: Recent incidents, particularly reported in the European region, indicate that the boundaries between organized economic crime events and sabotage elements considered to be state-sponsored occasionally blur.

Global Threat Landscape: Proportional Distribution

(Source: General assessment in light of UIC Metal Theft on Railways Report data)

The Industrial Scale of Theft

The frequency of theft incidents tends to exhibit a linear relationship with global metal supply-demand balances. Particularly between 2010 and 2024, the rise in copper’s index value traded via the LME (London Metal Exchange) has made unprotected railway yard infrastructures potential targets for organized entities.

Reference Case – South Africa Transnet Operation: According to operator (Transnet) statements, approximately 1,121 km of cable theft incidents were recorded in the 2023 operational period. This magnitude requires the rebuilding of a considerable portion of the respective network every year, consuming the maintenance and repair budget. Evidence on the field confirms that dismantling operations are carried out in a mobilized manner by highly organized groups.

Sabotage Dynamics and Asymmetric Actions

According to reports and analyses by critical infrastructure protection agencies across Europe (including ENISA), an “intervention/sabotage” trend targeting logistical arteries has been monitored, especially following the outbreak of conflicts in Eastern Europe. In the 2024-2025 projection, various incidents directed at multiple infrastructures (energy, communication, railways) have been recorded specifically in Europe. These specific interventions are devoid of theft motives and are asymmetric actions designed to slow down strategic shipments, create communication outages, or establish blockades in the supply chain.

Infrastructure Material Analysis: Copper vs. Fiber Optic

Copper Architecture: Legacy Infrastructure

When evaluating the system as a whole, conventional railway lines remain reliant on copper transmission and grounding hardware in the 60-80% band.

Critical Usage Points:

• Track Circuits (Impedance Bonds)
• Switch Point Drive Mechanisms
• Field Signal Instruments
• Electrification Catenary Grounding Equipment

Security Vulnerability Profile: The predominant portion of actual theft incidents encountered in the sector consists of lines carrying copper. A broad spectrum is at risk, ranging from catenary overhead line tension weights to thick-section underground grounding cables in substations.

Fiber Optic: The Communication Backbone

Security Vulnerability Profile: Since fiber-optic systems carry glass strands, they possess no financial equivalent in the metal market. 99% of fiber outages reported in the literature are either asymmetric actions aimed directly at sabotaging data flow or accidental damages resulting from the perpetrator failing to distinguish the cable type (due to the thick black outer protective sheath) and mistaking it for copper.

The Paradox Brought by Material Transition

Although technological modernization offers the potential to reduce “Theft” rates; it renders cyber-physical systems more open and vulnerable to “Sabotage” scenarios. While an outage in the copper infrastructure mostly causes regional local security vulnerabilities and singular relay drops; the severing of a single fiber cable running through the main backbone creates a “Single Point of Failure” scenario capable of simultaneously bringing down GSM-R, interlocking communication data, and SCADA telemetry across an axis of hundreds of kilometers.

Physical Attack Typology: Crime Scene Analysis Matrix

Classifying physical damage through an architectural approach provides reference data for Root Cause Analysis:

Type A: Copper Cable Theft

• Target Points: Power transmission lines, catenary masts, substations.
• Forensic Findings:
  • Material Loss: The main conductive parts of the cables have been removed from the facility.
  • Processing Marks: Plastic sheath remnants and burn marks are found in the environment (done to reduce weight).
  • Mobility Evidence: Large-scale tire, track, or dragging marks belonging to heavy transport vehicles are visible.
  • Operation Window: Generally, time boundaries between 01:00 and 04:00, which are low traffic hours, are preferred.

Type B: Targeted Sabotage

• Target Points: Main fiber-optic distribution centers, critical relay/TCC communication cabinets, GSM-R station bases.
• Forensic Findings:
  • Material Presence: All severed cables are abandoned at the scene.
  • Detectable Precision: A surgical cut is made by specifically selecting thin data lines carrying direct communication data instead of grounding or high voltage lines.
  • Simultaneity: Simultaneous actions are executed at different locations to decommission distributed redundancy lines.

Type C: Misidentification-Induced Damage

• Scenario Type: Material identification error by groups acting with theft motivation.
• Forensic Findings: Thick outer protective armored fiber cables are cut, but abandoned in place when the material content (glass strand) is realized. Additional traces of classical copper cutting attempts should undoubtedly be sought in the immediate vicinity.

Comparative Attack Analysis Matrix

Sample Field Findings Analysis

Case A: Germany GSM-R Outage (Sample – October 2022)

In the incident that paralyzed the main train traffic in Germany’s northern corridor during the specified timeframe, the main and redundant lines at two critical GSM-R fiber-optic communication points averaging 500 km apart were neutralized in a coordinated manner. Verdict Outcome: The ability to bypass distributed redundancy with such precision led to the assessment that the perpetrator element is an organization that commands the railway operational architecture, knows the system design, and acts in a planned manner.

Case B: France HSR Process (Sample – 2024 Event Period)

On the eve of a large-scale international event, arson-based actions were carried out on three critical arteries feeding the TGV main lines. Verdict Outcome: No evidence of theft was observed at the focal points feeding the signaling centers. The style of the action; aligned with the methodology of organized public order threats in terms of its direct aim to simulate asymmetric impact, psychological pressure, and Denial of Service (DoS) on a physical dimension.

Architectural Solutions and Mitigation Strategies

Engineering-based risk mitigation approaches that can be developed against the aforementioned threats:

Distributed Acoustic Sensing (DAS) Integration

It is an intelligent topology where the existing unused or dark fiber internal structure is evaluated as an acoustic analysis sensor.

• Core Principle: The Rayleigh backscatter of laser pulses assigned into the line is continuously analyzed, deriving distance and vibration threshold values.
• Assessment: Offers the possibility of detecting a potential threat via soil excavation vibrations before the wire fence is breached. However, since DAS investments will generate a significant amount of environmental “noise” (animal passage, train vibration, weather conditions); it is imperative that the raw data is integrated into advanced Artificial Intelligence (Edge AI) based signal processing systems so as not to fatigue the alarm system. Given the high CapEx budget requirement, it presents feasibility only in strategic corridors.

Forensic DNA Marking

Provides the transformation of facility traceability into legal evidence to deter industrial metal thefts.

• Core Principle: It is the application of a synthetic and unique polymer-based liquid, detected under ultraviolet light, to line components.
• Assessment: It aims to form technical evidence against the criminal network subject to the offense by analyzing the scrap that falls into the black market following the theft. It ensures deterrence by making the salability of metal in recovery or secondary markets sectorally risky.

Design and Material Revisions

• Designing the transition from copper to aluminum-based (CCS – Copper Clad Steel) bimetallic cables in grounding areas within the context of its very low liquidity in the scrap market.
• Confining aerial cables entirely to underground passages through architecturally reinforced precast concrete culverts.

Conclusion

The era of traditional wire fences and passive protection in critical railway structures is coming to an end. Evaluated from the lens of systems engineering:

1. The Dual Challenge: Railway infrastructures are caught between a heavy OPEX burden (90%) arising from theft and extremely low-probability but high-risk destruction scenarios originating from sabotage.
2. Root Cause Verification: There is a need for “Telemetric TDR” or “DAS” architectures capable of detecting whether a dropped signal or reduced voltage at the system center is a technical corrosion, a cable break, or a deliberate severing without having to visit the field.
3. The Necessity of an Analytical Approach: Instead of directly encoding an anomaly encountered at the scene with the banality of a theft attempt or a coordinated sabotage conspiracy theory; a rational methodology should be applied by considering the damage typology, material preferences, timing, and interventions on redundancy.

When examining the risk matrix in infrastructures; the finding is obtained that technological evolution not only facilitates communication but simultaneously promotes physical threats to cyber-physical scenarios. It should be expected that the railway security standards of the future will step out of the isolated silo of operational technology (OT) and physical breach alarm (CCTV, DAS, Access Control) systems and become integrated within a single SOC (Security Operations Center) pool.

References

Data Compilation and Analysis Base: The current review is based on a methodological synthesis pertaining to Open Source Intelligence (OSINT) examinations, independent security and breach frequency analyses published by institutions, and market commodity correlations.

• UIC (International Union of Railways): Security committee databases
• ENISA (EU Cybersecurity Agency): Railway critical infrastructure threat landscape studies
• LME (London Metal Exchange): Ten-year global commodity and scrap-based supply-demand price charts
• Global Initiative Against Transnational Organized Crime: Metal-based criminal organizations case reports

Documents

 Download Document: Railway Security Threat Analysis Report Turkish (PDF)

Last updated: March 2026 | Version: 2.0