A look at Metro's safety systems

Transit

A look at Metro's safety systems

by Matt Johnson • June 24, 2009 8:13 am

Monday's Red Line crash is a horrible reminder that sometimes things go badly wrong. By all accounts, this collision should not have happened. Not only are safety features present, but the train operator should have been able to hit the emergency stop in case the system failed.

It's far too early to speculate on the cause of the collision at this time. However, those familiar with the system already suspect that something went wrong in Metro's signaling system that allowed these trains to approach and collide.

With that in mind, let's take a look at how Metro's safety systems are supposed to work.

Automatic Train Control

Metro trains operate within the confines of a system known as ATC – Automatic Train Control. The ATC system was designed to allow for a minimum in involvement from train operators. In the design phase of Metro this was intended to provide the safest, most efficient, and most comfortable operations possible – something it has largely achieved. Trains running in the Metro system can be operated automatically or manually by operators. Either way, they are subject to aspects of the ATC system.

In order to make ATC work, three subsystems are required.

Automatic Train Protection (ATP) is the most important. In a nutshell, this system prevents two trains from occupying the same space at the same time. In addition to controlling interlockings (crossovers or switches), the ATP system maintains safe distances between trains and allows for safe stopping distances through speed regulation (including 0 speed, e.g. "stop"). Additionally, the ATP system prevents trains from exceeding the design speed of any given stretch of track. This speed is known as the Limiting speed. Another feature of ATP keeps train doors from opening unless the train is properly berthed on the platform.
ATP operates whether the train is in manual or automatic mode. If a train exceeds the Limiting Speed for more than two seconds, an automatic brake application is made until the train is brought below the Regulating Speed.
Automatic Train Supervision (ATS) keeps trains running on schedule and within certain performance parameters. This system is how the Operations Control Center modifies allowed train speeds and rates of acceleration. It also takes into account scheduled train departure and arrival times, and based on set parameters, increases or decreases train speeds and station dwell times automatically. This system sets the Regulated Speed, which can be modified by the Operations Control Center.
ATS only operates when the train is in automatic mode; however, the Regulated Speed set by ATS to each track segment applies as the maximum speed in both manual and automatic operation.
Automatic Train Operation (ATO) unifies some of the above aspects of the ATC system, to allow the train to automatically adjust certain parameters. This subsystem can be turned off by WMATA and is not used in manual operation.

Train Speeds

Metro tracks don't have signals in the same way that older subways like New York do. Visible wayside signals only exist at switches. They are capable of displaying to the operator three things: Stop, Clear, Clear Diverging (take the switch). A "stop" indication is shown with two red lights, one over the other. This is displayed if the switches are not set, for tracks with trains approaching from the other direction, and when a train moving the same direction is still in the block controlled by the signal. A "clear" aspect is a solid lunar white light. This indicates that the operator may proceed straight through the switch. The "clear diverging" signal is indicated by a flashing lunar white light. This means that the switch is set for the "turning" route, and the train is clear to proceed.

In other sections of track, equipment along the trackway transmits the appropriate information from the ATC system to passing trains. In addition to the design or limiting speed on a given stretch of track, wayside equipment can reduce speeds for curves and to maintain train spacing.

In order to maintain train spacing, each segment of track is divided into fixed blocks. Whenever a train is in a block, its axles complete the circuit in the track. So long as that circuit is complete, the ATP system prevents other trains from entering. The ATC system is designed to keep a safe distance between trains. It communicates with the wayside devices and track circuits and transmits Regulated Speed commands to trains. The ATC system brings down the Regulated Speed as a following train approaches a preceding train, until at a point where the minimum safe stopping distance is reached, the speed is zero. As the preceding train moves further away, the following train's Regulated Speed would come up.

As noted above, the Regulating Speed is binding on automatic and manual operations. When operating properly, it automatically applies the brakes if that speed is exceeded for more than two seconds. However, the system can be overridden so that trains can approach each other or in case of an ATC failure. For instance, when a train is stranded and must be pushed to the next station, the following train must be able to enter the same block. Under these circumstances, trains are operated manually in a different "mode" which limits their speed to fifteen miles per hour. Trains must be stopped with a full brake application to change modes.

Ultimately, however, the train operator is the final failsafe. If the ATC system appears unable to stop a train in time, the operator can push the Emergency Stop, called the "Mushroom" because of its shape.

Brakes

The Washington Post is now reporting that the striking train was two months overdue for scheduled brake maintenance. A degradation of brake performance could have played a role in Monday's crash. In 1996, in Metro's first train collision, snow and ice compounded with a reset of the Regulated Speed resulted in a collision killing the operator of a train at Shady Grove.

The design of the ATC system, it was discovered, did not account for inclement weather. Because the train was allowed to achieve the Limiting Speed (in this case 75 miles per hour) on the stretch of track between Rockville and Shady Grove, when the train reached the outer station marker 2,700 feet from the center of the Shady Grove platform, even a full application of the brakes by ATC would not have stopped the train in time. This is because the ice reduced the coefficient of friction far below what the designers had considered. ATC blocks had been designed with a minimum braking deceleration of 1.65 mph/second in mind.

In the National Transportation Safety Board (NTSB) report investigating the Shady Grove Incident, investigators noted that:

This accident occurred at a terminal station, but a similar accident could occur anywhere on the Metrorail system where conditions make a train deceleration rate of at least 1.65 mph/sec unachievable. If a train, because of an equipment malfunction or other reasons, were to come to a stop on the mainline, the ATC system would give any train following behind appropriate speed commands (including zero speed commands) to allow the train to stop in time avoid a collision. But, as shown by this accident, on outdoor track under extreme weather conditions, the distance required to stop the following train may be significantly longer than the available track. During rush hour, with crowded trains, scores of people could be killed or seriously injured. (page 61)

However, the Red Line crash Monday evening took place under clear skies on a warm evening. It's far too early to suggest brake failure as the cause, but it is certainly a possibility. Another possibility is that the ATC system itself failed. This morning's Post referred to a June 2005 incident where three trains came close to colliding in the tunnel near Rosslyn. In this case, an emergency brake application by two operators prevented a crash. The Post reported that it was unclear if an investigation launched by Metro ever determined a cause.

Conclusions

It will likely be twelve to eighteen months before the NTSB report on Monday's collision is released. Some preliminary findings will probably be available in a few weeks. We may never know the exact cause, or we may discover that the crash was the result of a convergence of factors. The NTSB usually finds that collisions are preventable, and will make recommendations to keep an incident like this one from happening again. Their recommendations are just recommendations, however.

In the past, WMATA has followed some NTSB recommendations and not followed others. Two recommendations which they did not successfully complete include the installation of data recorders on all railcars and full retirement or reinforcement of the 1000 Series Railcars. They are currently taking a lot of heat for this, but in reality, they have had little choice in the matter.

The 1000 Series makes up about one-third of the Metro Fleet. Removing them from the tracks would mean major cutbacks in rail service. They're already scheduled for retirement when replaced by the new 7000 Series in a few years. And while data recorders would have made the NTSB investigation easier, it would probably have not prevented this crash. Perhaps this tragedy will serve as a wakeup call to everyone in the process. Metro is underfunded, and has been for years. Deferred maintenance is taking its toll, and is keeping railcars in service longer than they should be. Everyone, from the local jurisdictions to the federal government should be willing to fund upgrades, especially considering that lives are at stake.

The information in this post was gathered from: Final Environmental Impact Statement (1975), p. 180 (document) / 76 (PDF) and NTSB Report on the Collision of WMATA Trains at Shady Grove, January 6, 1996.

35 comments

Tags: Metro crash, WMATA

Line of sight not enough to prevent June 22 crash (Feb 24, 2010)
Derailment at Farragut North a safety system success (Feb 12, 2010)
How track circuits detect and protect trains (Mar 5, 2010)
Don't permanently slow Metro for minor added safety (May 11, 2010)
How has Metro responded to NTSB recommendations? (Oct 22, 2009)

Matt Johnson has lived in the Washington region since mid-2007. He has a Master's degree in Community Planning from the University of Maryland and a BS in Public Policy from Georgia Tech. He has worked in the planning field since 2006 and lives in Greenbelt, where he serves on the city's Advisory Planning Board.

Comments
Add a comment »

Would it be possible to combine rail car types on a single train? Such as using the older 1000 Series cars in the middle but having the "locomotive" be a newer series.

by Froggie on Jun 24, 2009 8:27 am • link • report

"They are currently taking a lot of heat for this, but in reality, they have had little choice in the matter."

Yes it was a choice, a very costly choice, 9 dead and millions in liability. I was wondering, why were they using 1000 series as the lead and tailing cars (1 and 2, 5 and 6 or 7 and 8)? If they were such a big safety risk in a collision, why not put them in the middle as the 3 and 4 car.

by RJ on Jun 24, 2009 8:36 am • link • report

If the information was taken from an EIS completed in 1975, is it still accurate today? Just asking, it certainly sounds like the system other media sources are reporting in existence.

I am most disturbed that the Post and the NYT reporting on this continues to focus on the NTSB recommendations to "reinforce" the series 1000 cars. How would having a reinforced car prevented the accident? What, exactly, were the recommended reinforcements? Would they have saved any lives?

It seems to me that this is being used an excuse to pile on Metro. Let's please focus on what CAUSED the crash and what could be done differently in the future to prevent another one, within reasonable standards of probability and seeking always to balance service with safety.

Also, let's not overlook the entirety of the NTSB statement yesterday about the emergency brakes being engaged. She also said that the crash itself or the rescue operations could have resulted in the button being depressed. I'm sure that Metro would like to show their operators not being negligent, but I think we have to remain open to that possibility.

by Josh on Jun 24, 2009 8:37 am • link • report

"What, exactly, were the recommended reinforcements?" Ã‚â€œWould they have saved any livesÃ‚â€.

NTSB realizes that there are going to be accidents, so besides avoiding them, they look at ways to survive them. The reinforcement was recommended to increase survivable space inside the crash. The striking train only had 20 feet of survival space so any amount of reinforcement would have increase that amount.

Emergency Breaks.

Although the button is push, they did see evidence of "gluing" on the breaks. Gluing is a result of the break pad melting and fussing with the break rotor or disk. So there is some physical evidence to back it up.

by RJ on Jun 24, 2009 8:51 am • link • report

I just shared this over Greader noting the last paragraph about underfunding. I know Metro's underfunded, but I don't understand the process or the possibilities. Any pointers on where to learn this information?

by JMS on Jun 24, 2009 9:03 am • link • report

@Josh,
Just to clarify: The data taken from the EIS is about the design of the ATC system.

The majority of the information in this post came from the NTSB Report of the Shady Grove Overrun in 1996. If you want to know exactly (and I mean several pages of exactly) how the ATC system works, follow the link at the bottom of the post (above) and check out: Page 5, Footnote 7 and Pages 16-23.

by Matt Johnson on Jun 24, 2009 9:29 am • link • report

The "buck" must stop somewhere. It seems to me that what we are clearly lacking here is the political leadership and honestly to say that the "buck" stops with the legislatures in Maryland, Virginia and the DC City Council. It should go without saying that the Federal Government clearly is at fault as well.

Creating an entity like Metro that lacks a dedicated funding stream sets the stage for making "deal with the devil" decisions like not buying new, better rail cars quickly enough or not reinforcing older rail cars.... or the exactly the decision that we all know WAS made: "We cannot withstand the heat of taking rail cars out of service for maintenance or replacement, so we'll push them to their Nth degree."

The real story that people need to read here is "Why was Metro put in a position to run these 1000 series cars when there were so many recommendations against it? How many times did our elected leaders fail to make the right decision? How many ways has the Metro system been hamstrung by forsaking efficiency and redundancy for economy and expediency?"

by Phil Lepanto on Jun 24, 2009 9:32 am • link • report

I hope that I'm not being mawkish or distasteful in joining in this discussion. Still, a note on historical railroad/transit crashes seems in order.

Someone could argue in court that the design of the 1000 series cars was faulty and that engineers should have realized this in 1974.

The horrific deaths in this wreck happened because of telescoping, a failure mode in which one car rides up over another, and the body of one or both cars is compressed inward from the end.

Telescoping is a well-understood problem. It came to the foreground 100 years ago, when a series of horrific crashes exposed the dangers of increasing train speeds coupled with weak wood-body cars. Mainline railroads adopted body designs that resist endwards crushing. Some subway and streetcar systems strengthened frames and also added "anticlimbers," structural features that prevent cars from rising up over each other. You can see anticlimbers sometimes - they're the beam that projects from the end of a car.

The NTSB report on the Woodley Park wreck noted that the Federal Railroad Administration enforces standards for passenger car crashworthiness, but that the FRA lacks the authority to regulate transit operators.

by David R. on Jun 24, 2009 9:35 am • link • report

I response to comments at BDC I took a few minutes to try and compare fatalities on something approximating an apples-to-apples basis using VMT and passenger miles traveled. The math is here (anybody care to double check it? I was never great at math). The numbers are very back of the napkin, but indicate that Metrorail is approximately 34 times more safe than driving.

by BeyondDC on Jun 24, 2009 9:50 am • link • report

but the train operator should have been able to hit the emergency stop in case the system failed.

from the first sentence of that WaPo article you linked to:

The operator of the Metro train that slammed into a stationary train in front of it apparently had activated the emergency brakes in a failed effort to stop before the accident...

by Peter Smith on Jun 24, 2009 9:53 am • link • report

There was a comment on WTOP this morning similar to what BDC commented on, though the WTOP figure was 14 times instead of BDC's 34.

by Froggie on Jun 24, 2009 10:07 am • link • report

Regarding the retrofitting of the 1000 series, City Paper had a nice bit about the NTSB's recommendations and WMATA's actions:

http://www.washingtoncitypaper.com/blogs/citydesk/2009/06/22/old-questions-about-crashworthiness-of-metro-cars/

Basically, WMATA hired engineering consultants who said that retrofitting the cars wasn't realistic, might not solve the problem, and may make things worse. Therefore, retirement was the only realistic option - but couldn't be accomplished until replacement cars were available - the 7000 series, for which procurement is currently underway.

I'm curious as to conversations we've had earlier here. Sand Box John has noted that Metro has always been undersupplied in terms of rail cars relative to the length and ridership of the system. These recommendations and actions seem to reinforce yet another reason for that undersupply.

by Alex B. on Jun 24, 2009 10:39 am • link • report

Phil, and others who are seeking to place blame on Metro management for not "fixing" the 1000 series cars before -- You, of course, would have to spread the blame to every Metro user, as well. Because the tremendous demand for the system is a major reason why the conclusion was made that these cars could not be taken out of service. Even if they made it very clear that the cars lacked the latest and greatest safety devices, can you imagine the uproar and the massive (I love to throw that word around) impact on the entire region that would arise if suddenly 1/3 of the metro cars were left in the stable every day? Might there have been negative impacts to the public's safety? Even greater overcrowding on trains and platforms. More traffic = more traffic accidents.

RJ - what the heck is "survival space" and how does one know that there was only 20 feet of it in the 1000 series cars? In any case, is it reasonable to assume that more of it would have A) prevented the crash and B) saved lives or prevented injuries?

(BTW, b-r-a-k-e-s)

by Josh on Jun 24, 2009 12:02 pm • link • report

With the knowledge out that in 2004 the NTSB made specific recommendations that the 1000-series cars be either removed from service or extensively modified, and that Metro elected not to do these things, the lawsuit awards are going to be immense. How much funding do you think the involved governments are going to have to put into the pot? Can Metro be sued? Is there a sovereign immunity provision that protects them?

by ksu499 on Jun 24, 2009 12:22 pm • link • report

Josh,

Survival space is basically "limitation of passenger's compartment deformation to avoid passenger crushingÃ‚â€ or space where there is a reasonable chance of survival. The 20ft reference came from NTSB press conference yesterday. Believe the metro cars are 60ft long, which means if you were in the first 40feet of the first car, you are most likely dead.

by RJ on Jun 24, 2009 1:01 pm • link • report

Survivable Space refers to the portion of the car in a particular incident where passengers would have been expected to survive.

All Metro cars are *75* feet long. In this case, only people in the rear portion, roughly even with or behind the last set of doors, would have been in the survivable space.

by Matt Johnson on Jun 24, 2009 1:03 pm • link • report

Just to clarify:

Metro cars don't have 20 feet of survivable space. Survivable space is determined after an accident. Cars are supposed to have 75 feet of survivable space.

In the Shady Grove collision, the lead car only lost 21 feet, so the survival space was roughly 54 feet on that car.

At Woodley Park, the trailing car of the rollback train lost 34 feet of survival space. Meaining that there should have been 41 feet.

by Matt Johnson on Jun 24, 2009 1:13 pm • link • report

@Josh

I don't think you're paying much attention.

You're comment about blaming the riders as opposed to Metro is just insane. If Metro is going to provide a service, then they should be able to accommodate the demand for it without compromising safety.

NTSB is the one reporting that the first striking car ended up with only 20 feet of "survival space" AFTER the collision. NTSB recommended reinforcement as an ALTERNATIVE to retiring the aged cars. So if an accident did happen, at least there would be a better chance at people not being hurt or killed.

NO ONE is losing focus on what CAUSED the crash. They are working on the investigation at this very moment.

Yes, the "mushroom" could have been depressed as a result of the accident. But pair that with the appearance of the brakes being applied, common sense would tell you that it seems most likely that the operator tried to engage the brakes herself.

However, for those doubters out there... Be assured in that her mobile phone records have been subpoenaed and they will be looking into whether or not she was on the phone at the time of the accident.

by Danny on Jun 24, 2009 1:35 pm • link • report

The mere fact that passenger rail cars are getting crushed from the ends, prima facie, indicates design deficiencies. I'll say it again - engineers building cars for heavy rail operations and some transit systems have understood how to protect against telescoping for going on a hundred years. We've had this outcry before, after more serious crashes. We see it after technological changes like the switch to lightweight push-pull commuter trains.

The NTSB investigatory board criticized WMATA in 2004, and after the Shady Grove wreck in 1996, in terms that are about as strong as the NTSB ever gets. But Metro and Breda should have known before. There is no excuse for designing a passenger rail car that is vulnerable to telescoping, not in the late 20th century.

Part of this comes about because subways are regulated by the Federal Transit Administration instead of the Federal Railway Administration. The top speeds on Metro exceed those of many heavy rail lines - why should FTA govern safety standards?

by David R. on Jun 24, 2009 2:06 pm • link • report

David R -
It's my understanding that multiple-unit rapid transit systems (or, for that matter, high-speed rail systems) couldn't exist under the current strict FRA rules, which are centered around strengthening and increasing the mass of forward-facing locomotives until they can ram through any stationary obstacle (like a truck stuck on a grade crossing) without the trailing passenger cars experiencing much of a shock or derailing.

This isn't such a bad idea for locomotive-based freight which can't stop in time for an obstacle within visual range in the grade-crossing-heavy US. It is a horrible idea for passenger rail that has engines at both ends (telescope, meet sandwich), it makes multiple-unit and high-performance designs nearly unworkable; Grade-separated or passenger-only operation removes any benefits it had in collision with stationary objects - because other passenger cars are the only thing a locomotive has to ram.

I am firmly in favor of keeping transit under the regulation of the FTA until the FRA can drop their obsession with jousting and embrace things like safer derailing, multiple unit operation, collision avoidance, and deliberate crumple zones.

by Squalish on Jun 24, 2009 4:20 pm • link • report

Well said, Squalish.

by Alex B. on Jun 24, 2009 4:39 pm • link • report

The Union Switch and signal train control system failed
and caused this accident. The AF track circuit was not detecting the first train. The room track relay did not drop
They should switch to a General Railway Signal track circuit

by jim jacobs on Jun 24, 2009 5:43 pm • link • report

I'll grant that FRA safety philosophy is inflexible and preoccupied with crew safety on freight locomotives. But FTA regulation permits designs that fail in particularly deadly ways, in modes whose danger we've understood for over a century.

We know how to make passenger cars that don't get crushed; FRA requires one set of standards that produces this result, while FTA does not, and rolling stock built to its standards gets crushed even in collisions with trains of similar weight and design. If I remember correctly, FTA doesn't regulate crashworthiness at all. Surely there's a necessary middle ground?

The European high speed trains, all of them, put "locomotives" on the ends. On some of the permanently coupled sets, the power units go in the middle of the train, but the end units contain only switchgear/baggage/cabs, just so that there are no passengers in the most exposed position. Keeping passengers away from the ends may not be an option for subways, but European designers do recognize its importance for high-speed trains.

by David R. on Jun 24, 2009 6:05 pm • link • report

This is the first time I've subscribed to a comment feed here despite reading for about a year and even going to some events. It has been enlightening and encouraging! I admit to not being able to keep up sometimes, but the last comment seems to hit home--why are we forcing Metro to beg for every dollar and make these choices? I know this is an argument that can be made no matter what the funding, but doesn't it seem clear in light of this that additional funding would have prevented this accident? Or am I off base, and just dreaming of the Metro system I want? Ideally, these cars wouldn't have been running and if they had, they would've been reinforced? I'm just curious if the majority of the fault is with funding or some other issue?

by JMS on Jun 24, 2009 10:27 pm • link • report

I don't care about fault; only about cause. The puzzle here is as complex as one can imagine becuase the system was designed to prevent this very type of accident.

Obviously, there was a system failure but what's the root?
Mechanical, human, or malicious or a combination of all three.

These systems are highly automated, computerized and not immune to hacks. Computer security is extraordinary complex and I suspect it may take them weeks to figure if the system was breached.

by kob on Jun 24, 2009 10:45 pm • link • report

@Josh:

You seem to fail to realize that having safety devices in place doesn't always prevent accidents -- that's not why they're all there. Some safety features are in place for when the inevitable happens:

Seatbelts and airbags in cars.
Oxygen masks on airplanes.
Fire alarms and extinguishers.
Life jackets on boats.
Bicyclists' helmets.
Many of the safety features on Metro mentioned in the post above.

So, in my opinion, your repeated question of "Would it have prevented an accident?" is a bit misplaced. Just because a safety featured wouldn't have prevented the Red Line crash doesn't mean it shouldn't be there.

by Dustin on Jun 24, 2009 11:48 pm • link • report

"Metro is underfunded, and has been for years. Deferred maintenance is taking its toll, and is keeping railcars in service longer than they should be. Everyone, from the local jurisdictions to the federal government should be willing to fund upgrades, especially considering that lives are at stake."

The Washington Post also has several pieces taking the opportunity to turn this wreck into an argument for more funding.

Metro has struck and killed multiple track workers in the past several years. A report on one of these preventable outrages detailed how multiple safety procedures were ignored prior to the incident.

I agree that transit systems need funding. Only money can buy rail cars, fuel, and staff time. However, something is seriously wrong with the safety culture in an agency where multiple workers are struck and killed in just a few months. No pile of money, no matter how big, is going to fix this shockingly lackadaisical attitude toward safety at Metro.

by Omari on Jun 25, 2009 7:32 am • link • report

Okay folks- are you now ready for an adequately funded Metro system? What's that- you say that you are? Well then, here's what it will take:

Regular fare increases. Dedicated funding. Significantly increased yearly jurisdictional funding.

That's right- riders will have to pay more, but in addition to that AND the new dedicated funding, our local jurisdictions are going to have to pony up big time. That means that you will need to start now giving your elected officials the political cover without which they will not likely act to raise your taxes for the purpose of providing Metro with the money it desperately needs.

Ain't a whole lot to that...

by KevinM on Jun 25, 2009 8:11 am • link • report

Excellent point, Kevin. Nevermind that such revenue sources would also be require for any sort of Metrorail expansion...such as the separate Blue Line that several regulars on this blog have commented on and supported.

by Froggie on Jun 25, 2009 9:55 am • link • report

SamR here. NYCT Train Operator.

On the question of the Metro Train Operator activating the emergency brake, take a look at this blog by a regular Red-Line rider.

http://www.farmfreshmeat.com/2009/06/could-operator-have-seen-train.html

The analysis of the topography and sight obstructions, along with my rough kinematic analysis show that the T/O did not have a chance in hell. Not enough range of sight - if she activated the brake as soon as she saw the train ahead, she still would have hit it. a second or two delay in response time (normal) - then the hit occurs at high speed.

The bottom line is that these Robo-trains are unsafe. Human operated trains are safer (and cheaper), but the bosses drive to automate conquers all - the riders must beware. NYCT bosses are slobbering, trying to put ATO in effect in NYC - there already have been a number of mishaps on the L-line (right now the only ATO line), which management has been covering up.

SamR

by SamR on Jun 25, 2009 12:12 pm • link • report

Safer and cheaper? Then why do the bosses want to change over to ATO? Is their research all wrong?

by цarьchitect on Jun 25, 2009 12:30 pm • link • report

Well, now we know there was a track circuit failure. The NTSB has tested the track circuit under the stalled train, both by shunting the rails together and by running a test train. It failed. See "http://www.bloomberg.com/apps/news?pid=20601087&sid=afA2NXqddOrU".

That's never supposed to happen. Metro has classic relay-based General Railway Signal track circuits, century-old technology that's still in use because it works.

(Of course, there's the cadmium-plated screw problem with GRS type B1 relays (see FRA safety bulletin 2000-1), but Metro supposedly replaced all of those years ago.)

by John Nagle on Jun 26, 2009 12:08 am • link • report

The 1997 report is very hostile to WMATA's "corporate culture", and indicates that they did not have a "safety culture".

Likely they failed to test their track circuits. Track circuits are supposed to "fail safe"; any failure is supposed to bring up all-red-lights.

Whatever "failed unsafe" in the track circuit system is the primary cause of the disaster. The classic way to force such a disaster is to electrically link one track circuit with another; this was done in a famous sabotage case using electrical wire and clips (that case was discovered before a train went over it). This also foils broken-rail detection, which the track circuit is also supposed to identify.

It is *possible* that such an electrical linkage could have happened accidentally, but very hard, and it would involve lots of metal debris on the tracks, which shouldn't be happening anyway.

If that's not what happened, then the next most likely cause is electronics or signal system failure -- but in failsafe systems like track circuits, these are *also* supposed to be fail-safe.

by Nathanael on Jun 26, 2009 1:02 pm • link • report

Most of the posters here are looking at this the wrong, wrong way.

The primary question to ask is not "why didn't WMATA replace/reinforce" the 1000 series cars. The primary question to ask is "what went wrong with the ATC system."

We need to focus on accident *prevention*. Would you rather be in a train crash in a reinforced car, or no train crash at all?

The Japanese Shinkansen is the safest high-speed rail system in the world. No one has ever died on board a Shinkansen in over 40 years of operation. But Shinkansens aren't "reinforced."

Shinkansens are EMUs, or Electric Multiple Unit. That means every car powers itself, just like a Metro train. Some passenger seats are located less than 30 feet from the front of the train. Look at this image and note how close the windows are. In even a moderate-speed collision, many of these people would die. Yet they don't. Why is this?

The answer is that the Shinkansen's tracks, signaling, and safety systems are impeccably maintained. They work. And it's the safest rail system in the world.

The "accidents will happen" approach taken by the FRA is an outgrowth of the sheer size of the US freight rail network, and the expense of upgrading vast swaths of rural single-track line to modern signal systems. It has no relevance to an urban commuter system like WMATA. The DC Metro is a heavily-used, well-defined route network, and all of the electronics should work flawlessly.

The fact that this accident happened at all shows that the electronics did not work properly. That is the problem.

by Abram VanElswyk on Jun 26, 2009 6:46 pm • link • report

The ATC problem is just a symptom of Metro's cavalier attitude toward safety. They have made a point to completely ignore industry standards when it comes to escalator safety, including such things as removing the boundary stripes from escalator steps, and going against industry standards. This http://www.scn.org/~bk269/escalators.html describes where WMATA's so-called safety "tips" contradict the recommendations of their own mass transit trade group's safety standards.

by Stan on Feb 19, 2010 8:01 pm • link • report