7.13.2009

NTSB issues safety advisory, WMATA admits sensors still broken

The National Transportation Safety Board issued an "urgent safety recommendation" Monday, calling for redundancy in Metro's safety and control system. The NTSB believes that WMATA's current safety system is inadequate, as it's possible for trains to 'disappear' from the monitoring system. It should be noted that the NTSB continues to investigate the June crash that killed nine people.

"While the NTSB is still in the very early stages of its investigation into this tragic accident here in our nation's capital," said Acting Chairman Mark V. Rosenker, "we have concerns about the failure of WMATA's train control system to prevent this collision." Rosenker continued, "By calling upon WMATA to take swift action to upgrade the safety redundancy of its system and by urging FTA to alert other transit agencies of the hazards of single point failures such as the one experienced by WMATA, we hope to prevent something similar from happening again."
The NTSB memo is nothing new, it's been known for weeks now that a track sensor was working improperly and caused the lead train to disappear from the system. The second train, running in automatic mode, did not detect there was a train ahead of it. As such, it did not slow down until the operator spotted the train and hit the emergency brake. Sadly, there was not enough time to stop the train before the collision.

It's also rumored that a similar failure had occurred previously in the tunnel between Rosslyn and Foggy Bottom, but operators were able to stop in time.

We also know that the BART system in California uses a system similar to that of Metro, and they added a secondary layer of protection.

At issue isn't whether or not the system was designed to be safe, or if in theory the system is safe. The problem is that the system was never designed with failure in mind. When designing a system that must be extremely reliable, it's important to factor in that things will fail. Accidents will happen, and they generally are never a simple matter of the wing falling off an airplane or a wheel coming off a train. It's a series of small failures that cascade into something far worse than any individual failure. Why did no one ever consider "what would happen if a sensor failed, and the train disappeared?" Was the answer to that simply, "well, then the operator will see a train ahead of them?"

WMATA has come out with a response to the NTSB, essentially saying that they can't immediately comply with this recommendation:
It is important to know that there are currently no systems available commercially that could provide the Metro system with the kind of alerts that the NTSB has recommended, and that such a system must be invented.
Also:
As a result, we will be developing a new system that will be specifically tailored to Metro. Metro is in the process of contacting vendors who have the expertise needed to help us develop this service, and we are preparing cost estimates on this application.
So it's going to be expensive, and it's going to take a long time to develop.

But the real hidden gem in all of this was the following from the WMATA press release:
In spite of the issuance of this recommendation, the NTSB still has not determined the root cause of the accident. Every component of that circuit has been replaced, but the problem still persists. (Emphasis mine)
So if I understand, the track sensors that malfunctioned have been replaced, yet they are still failing. So, it was not really a failure of a sensor, but rather a failure of the entire system. A failure that is still unexplained. That means that at any given time, the train you are on could be on a collision course with a stopped train, and you're hoping against hope the operator sees it in time.

So let me ask the questions, again.
1. When was the first time Metro suspected trains could disappear from the system?
2. Are you sure about that answer, given that a train "disappeared" in 2005?
3. What was done to address this failure?
4. If the sensor was replaced and the failure is still occurring, can the system truly be considered safe?
In other news, there was a fatal accident at a Metro construction site in India. Following the accident, the head of their Metro, Elattuvalapil Sreedharan, submitted his resignation. He said he was accepting "full moral responsibility." He was later urged to reconsider, and his resignation was not accepted. However, he was quoted as saying:
“People should be prepared to take decisions and not pass on the buck,” he said. “We should be able to trust people in power, which means people in power should have a proven integrity.”
His gesture says a lot, and should serve as an example.

For those of you still wondering about the Catoe Watch--this is about accepting responsibility for a failure within an organization, even if that failure was not directly your fault. It shows that you are accountable for the actions of those who work below you, and that their failures are your failures, just as much as their successes are your successes.

18 comments:

  1. your questions 1 and 2 were already answered if you had read the washington post article more carefully.

    "Metro officials have said they detected the track circuit failure only after the accident. The safety board said there was no evidence to suggest that Metro was aware of the track circuit problem before the accident."

    ReplyDelete
  2. That ignores the prior incident between Rosslyn and Foggy Bottom where two trains nearly collided. Metro has not released any information about that.

    ReplyDelete
  3. show me in the article where it says that near collision was ignored.

    ReplyDelete
  4. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/23/AR2009062301698.html?hpid=topnews

    But four years ago, in an episode eerily similar to yesterday's, the signal system briefly failed in the tunnel between Foggy Bottom and Rosslyn, forcing two quick-thinking operators to stop their trains manually to avoid a crash.

    In the June 2005 incident, the operator of one train noticed that he was getting too close to the train ahead. The signal system was telling him the track was clear, but he hit the brakes. The operator of a third train on the line hit the emergency brakes on time, too.

    Metro officials were stunned by the events, which they said at the time had not happened before, and launched an investigation. It was unclear last night whether they ever found a cause.

    ReplyDelete
  5. i'll repeat, show me where it says that near collision was ignored. If the NTSB thought that near collision was relevant to the ongoing red line investigation, why didn't they say so?

    ReplyDelete
  6. "Metro officials were stunned by the events, which they said at the time had not happened before, and launched an investigation. It was unclear last night whether they ever found a cause."

    It's still unclear. No information has been released about that incident. I wouldn't doubt that the NTSB doesn't have any information about it either, since the NTSB did not investigate that incident. I would expect the NTSB to say they can't comment on that because they were not involved in it.

    WMATA is not talking about this incident, and no one is asking any questions about it. WMATA has said that no one could have expected a train to disappear, that it was a "freak occurrence." How can it be a freak occurrence if it happened in 2005?

    Either the Washington Post has bad information, or WMATA doesn't want to talk about what happened in 2005 because it could prove negligence in the 2009 accident.

    ReplyDelete
  7. exactly. no information has been released about that incident. in the absence of any such information, the NTSB's statement that there was no evidence to suggest that Metro was aware of the track circuit problem before the accident is factually correct and accurate.

    ReplyDelete
  8. I don't know why you keep harping on this.

    So it's better to cover up anything that happens so that later you can deny it?

    Somedays I think you are John Catoe with a pseudonym. If the 2005 incident was 'nothing' than why not comment on it?

    You really believe that WMATA isn't in ass covering mode?

    ReplyDelete
  9. I keep "harping" on this because the fact there was no evidence to suggest that Metro was aware of the track circuit problem before the accident is a significant point that you don't seem willing to accept. Metro doesn't have to cover up anything. It's the NTSB saying there was no evidence to suggest that Metro was aware of the track circuit problem before the accident. If the NTSB thought that near collision was relevant to the ongoing red line investigation, they would have said so. otherwise, i don't see how it's possible to comment on "nothing."

    ReplyDelete
  10. I'm not confident the NTSB even knows the 2005 incident occurred. They aren't omnipresent.

    Maybe the "metroopensdoors" blogger account can come here and answer whether the 2005 incident is related to the 2009 crash.

    ReplyDelete
  11. you're not confident the NTSB knew about the 2005 incident? come on dave, you were making a convincing argument and i was just beginning to respect you. You're better than such a weak and ridiculous statement. NTSB isn't omnipresent, but they do read the washington post, every federal agency has lots of people, usually in their public affairs division who read the newspapers as part of their official responsibilities. It's also kind of disturbing that you think the metroopensdoors blogger is more reliable than the NTSB.

    ReplyDelete
  12. The NTSB has absolutely no authority over WMATA, though, it's not a regulatory agency. I'm sure someone at NTSB has heard about the incident, but unless the NTSB was involved in the investigation (which it appears they were not) then they aren't likely to comment on it.

    Why do you try to downplay the 2005 incident? If Metro had a better track record of implementing changes after accidents, then perhaps I could see your side of the argument.

    What's wrong with asking this question:

    What were the results of the investigation following the 2005 incident? AND

    Was that failure related to the 2009 failure?

    AND

    If a train had previously disappeared from the system, forcing an operator to use the emergency brake, why was the 2009 incident called unexpected and a freak occurrence?

    ReplyDelete
  13. i'm not downplaying anything. I'll repeat, if the NTSB thought that near collision was relevant to the ongoing red line investigation, they would have said so and could have done so regardless of their authority over metro and regardless of their involvement in that 2005 investigation.

    There were no results released of the investigation following the 2005 incident, so you already have an answer to your questions. With that, I'll repeat again, in the absence of any such information, the NTSB's statement that there was no evidence to suggest that Metro was aware of the track circuit problem before the accident is factually correct and accurate. i can't say it's impossible the 2005 incident and 2009 aren't related, but possibility isn't evidence.

    ReplyDelete
  14. I'd just like to hear a little more about what WMATA did following the 2005 incident. If it wasn't at all related, I'm still curious what would have caused a near accident.

    ReplyDelete
  15. This blog used to be a lot more fun.

    ReplyDelete
  16. This whole thing is so mind bogglingly retarded.

    So a whole block of sensors fails. Why would you think 50 sensors failed simultaneously and replace them all, instead of the much more logical assumption that SOMETHING ELSE failed and the sensors are no longer connected to the system?

    Similarly, nobody seems to be able to explain why ANY component of a system involving sensors that report data to a central computer can fail without anyone knowing.

    If someone chops off my finger, I may not be able to feel anything with it any more. But the fact that I NO LONGER FEEL ANYTHING is a damn good clue that my finger is gone!

    The fact that Metro's system is not designed to react when sensors stop transmitting data is, frankly, insane. And upgrading the software to, say, turn on a red light if any sensor has not reported in for a good 30 seconds or so ought to be pretty fucking simple.

    Crazy. My goddamn lawnmower has better diagnostics than Metro.

    ReplyDelete
  17. As far as WMATA is concerned, safety is a big joke. They've proven it with their attitude to escalator safety (see Metro's Cavalier Attitude Toward Escalator Safety").

    Next time on one of their escalators, look for the (non-existent) 2-inch bright yellow edge markings on the steps.

    - skoozeme

    ReplyDelete
  18. there were no results released of the investigation following the 2005 incident, so you already have an answer to your questions

    ReplyDelete