November 11, 2018 | Susan Napier-Sewell

Monday Accidents & Lessons Learned: When Automation Fails Without a Heads-Up

What do you do when an automated system fails but it is not readily apparent that the failure has taken place? Further, this failure portends danger, as safety information has become unavailable in this wrong side system failure. 

During the Friday morning of October, 20, 2017, a train driver traveling on the Cambrian coastline in North Wales reported that longstanding temporary speed restrictions were not indicated on the in-cab display. As signaling staff at the control center in Machynlleth investigated this report, they became aware that this failure applied to several trains under their control. The temporary speed restrictions were required on the approach to level crossings so that people crossing the line had sufficient warning of an approaching train.

Signaling staff at the Machynlleth control center investigated this report and became aware that the same failure applied to several trains under their control

The Cambrian lines were equipped in 2011 with a pilot installation of the European Rail Traffic Management System (ERTMS), a form of railway signaling. ERTMS removes the need for signals along the track by transmitting data directly to the train. This data is used to display movement authorities and other information—such as temporary and permanent speed restrictions—on a screen in front of the driver.

Typical driving cab layout and driver machine interface (DMI) screen

Subsequent investigation found that the signaling system stopped transmitting temporary speed restriction data after a routine shutdown and restart at around 11:10 the previous evening. The signalers had no indication of an abnormal condition and signaling control center displays showed these restrictions as being applied correctly.

The Rail Accident Investigation Branch (RAIB) has decided to undertake an independent investigation because, to date, the signaling system supplier has not identified the cause of the failure. It is possible that finding the cause would have been assisted by downloading of suitable data from the signaling system before it was restarted during correction of the failure.

An additional procedure, since introduced at the control center, is intended to identify and avoid any recurrence of the failure.

You can read the October 18, 2018, RAIB interim report in its entirety.

The Rail Accident Investigation Branch (RAIB) has decided to undertake an independent investigation because, to date, the signaling system supplier has not identified the cause of the failure. It is possible that finding the cause would have been assisted by downloading of suitable data from the signaling system before it was restarted during correction of the failure.

The RAIB investigation will consider:

  • the geographic extent of the failure and the effect it had on the safety of railway operations
  • why trains were permitted to operate without information about temporary speed restrictions
  • practices for the gathering of data needed for investigation before restarting computer based signaling systems after a potentially unsafe failure

Also of interest is that “the Cambrian Coastline was the first in Britain to be fitted with ERTMS Level 2 signaling, which replaces line-side signals with in-cab displays. The system came into operation in 2011 following a period of testing, with equipment supplied by Ansaldo STS (now part of the Hitachi group). The route was chosen because it is self-contained and the previous signaling system was due for replacement anyway.

“The installation was not without teething problems. At first drivers complained that displays fitted into elderly cabs that had little space for new equipment were unreadable in bright sunlight” (Engineering & Technology, Lorna Sharpe, February 22, 2018).

Circumstances can crop up anywhere at any time if proper and safe sequence and procedures are not planned and followed. We encourage you to learn and use the TapRooT® System to find and fix problems. Attend one of our courses. We offer a basic 2-Day Course and an advanced 5-Day Course. You may also contact us about having a course at your site.

Join us at the 2019 Global TapRooT® Summit at La Torretta Lake Resort & Spa in Montgomery, Texas, March 11 – 15, 2019. Register Here for the 2019 Global TapRooT® Summit. Learn more about the 2019 Global TapRooT® Summit, and get a preview of all the Summit Keynote Speakers

Categories
Accident, Investigations, Process Safety, Safety
-->
Show Comments

2 Replies to “Monday Accidents & Lessons Learned: When Automation Fails Without a Heads-Up”

  • Norman Umberger says:

    One way to fix this is to have duplicate displays…so we is seen in the control center is what is displayed in the cab.

    Trains are the main reason I am scared of “self-driving cars.” If we cannot get trains done right, imagine a problem a million? times harder.

    • Susan Napier-Sewell says:

      We quite agree with you regarding the self-driving cars. Thank you for reading and commenting on the blog, Norman.

Leave a Reply

Your email address will not be published. Required fields are marked *