On April 3rd, an Amtrak passenger train collided with a backhoe that was being used by railroad employees for maintenance.  Two maintenance workers were killed, and about 20 passengers on the train were injured.  For those that are not familiar with the railroad industry, I wanted to discuss a system that was in place that was designed to help prevent these types of incidents.

Many trains are being back-fitted with equipment and software that is collectively known as positive train control (PTC).  These systems include sensors, software, and procedures that are designed to help the engineer safely operate the train.  It is designed to allow for:

  • Train separation and collision avoidance
  • Speed enforcement
  • Rail worker safety

For example, as the train approaches a curve that has a lower speed limit, a train with PTC would first alert the engineer that he must reduce speed, and then, if this doesn’t happen, automatically reduce the speed or stop the train as necessary to prevent exceeding tolerance.  Another example is that, if maintenance is known to be occurring on a particular section of track, the train “knows” it is not allowed to be on that particular section, and will slow / stop to avoid entering the restricted area.  The system can be pretty sophisticated, but this is the general idea.

Notice that I described the system as a series of sensors, software, and procedures that make up PTC.  While we can put all kinds of sensors and software in place, there are still procedures that people must follow for the system to operate properly.  For example, in in order to know about worker safety restrictions on a particular piece of track, there are several things that must happen:

  • The workers must tell the dispatcher they are on a specific section of track (there are very detailed procedures that cover this).
  • The dispatcher must correctly tell the system that the workers are present.
  • The software must correctly identify the section of track.
  • The communications hardware must properly communicate with the train.
  • The train must know where it is and where it is going.
  • The workers must be on the correct section of track.
  • The workers must be doing the correct maintenance (for example, not also working on an additional siding).
  • If being used, local temporary warning systems being used by the workers must be operating properly.  For example, there are devices that can be worn on the workers’ bodies that signal the train, and that receive a signal from the train.
  • Proper maintenance must be performed on all of the PTC hardware and software.

As you can see, just putting a great PTC system in place involves more than just installing a bunch of equipment.  Workers must understand the equipment, its interrelation with the train and dispatcher, how the system is properly initialized and secured, the limitations of the PTC system, etc.  People are still involved.

For the Washington Amtrak crash, we know that there was a PTC system in place.  However, I don’t know how it was being employed, if it was working properly, were all the procedures being followed, etc.  I am definitely not trying to apportion any blame, since I’m not involved in the investigation.  However, I did want to point out that, while implementation of PTC systems is long overdue, it is important to realize that these systems have many weak points that must be recognized and understood in order to have them operating properly.

Humans will almost always end up being the weak link, and it is critical that the entire system, including the human interactions with the system, be fully accounted for when designing and operating the system.  Proper audits will often catch these weak barriers, and proper investigations can help identify the human performance issues that are almost certainly in play when an accident occurs.  By finding the human performance issues, we can target more effective corrective actions than just blaming the individual.  Our investigations and audits have to take the entire system into account when looking for improvements.