So NTSB has released an urgent recommendation to FRA following the misrouting and collision of Amtrak 91 near Cayce, South Carolina
The recommendation reads:
In the investigation of the train collision in Cayce, South Carolina, investigators found that on the day before the accident, CSX personnel suspended the traffic control signal system to install updated traffic control system components for the implementation of positive train control. The lack of signals required dispatchers to use track warrants to move trains through the work territory. In this accident, and a similar accident March 14, 2016, Granger, Wyoming accident, safe movement of the trains, through the signal suspension, depended upon proper switch alignment. That switch alignment relied on error-free manual work, which was not safeguarded by either technology or supervision, creating a single point of failure. The NTSB concludes additional measures are needed to ensure safe operations during signal suspension and so issued an urgent safety recommendation to the Federal Railroad Administration seeking an emergency order directing restricted speed for trains or locomotives passing through signal suspensions when a switch has been reported relined for a main track.
Let's be clear. There is an emergency order already in place that eliminates the so-called "single point of failure." EO 24 requires any and all crew members handling switches in non-signaled territory to participate and concur in the use, and the recording of the use, of hand-thrown switches. The conductor has to sign the switch position awareness form. The employee handling the switch must initial the entry recording the actual operation of the switch. The locomotive enginer has to initial each entry on the form. Usually, that means a minimum of two people are obligated to concur on the switch position and the restoration of the switch to its normal position before returning authority for movement over the track to the train dispatcher.
The accident at Cayce was not the result of a "single point of failure." I've said, and you know, that when an accident occurs because somebody has not followed proper operating procedures, the accident is not occurring at, or because of, the first incidence of such violation.
So, did the CSX bulletin orders removing the signal system from service reference the obligation of train crews to utilize the SPAF when handling switches, as required by CSX Operating Rule 505.12 which prescribes the procedures for using hand thrown switches in track warrant control territory?
If not, then we have an incident derived from a systematic failure on the part of the railroad.
If the bulletin orders did, did NTSB or any other body obtain the CSX's crew's SPAF and check it for compliance with the "administrative" requirements (initials and signatures)? Did anyone collect the SPAFs theoretically utilized by other crews during this outage and check those forms for compliance?
So we didn't have a single point of failure to start with. We either had a system failure on the part of the railroad to require the proper procedures, or we had the compound failure of crew members.
We can certainly compound the possibilities for failure by requiring another emergency order requiring the first train entering a section of track where the signal system has been removed from service, and where hand operated switches have been used, to approach those switches prepared to stop short. Then it would require the crew using the switches to improperly report the position of the switches, and the crew approaching the switches to fail to control the speed of their train. Certainly, an unlikely combination, correct? Sure thing, until it's not correct; until we get just that unlikely combination.
Consider this: 90 percent of everything about safe train movement means controlling the speed of the train. Signals provide information about the maximum authorized speed of the train. Signals also provide the locomotive engineer with visual reference marks for the crew to locate the train's position and recognize braking points, those places and moments when the crew must begin deceleration based on conditions beyond their line of sight. In removing the signal system from service, we are likely removing the visual reference marks for those braking points, and yet we are now requiring the locomotive engineer to be sufficiently adept to begin a deceleration to restricted speed in advance of a switch. Can this be accomplished safely. Of course it can. We operate like this, without signal reference, throughout dark territory. But dark territory is one of the usual operating condition on the railroad.
Removing a signal system is an unusual operating condition, and it is an error with fatal consequences to think we can simply substitute the rules and requirements of an ordinary operating condition for the non-ordinary operating condition.
We cannot and should not rely on the "normal" physical characteristics knowledge to protect a switch location.
So what do we do? We take the hand thrown switches out of service at the same time as we take the signal system out of service. We block and spike the main line switches so they cannot be operated. And if those switches have to be used? We allow use only under the direct supervision of a qualified employee of the signal department. And we enforce proper use of the SPAF.
It's the only way to be sure.
David Schanoes 2/15/18
We now know the answer to Ripley's question: "affirmative."
Copyright 2012 Ten90 Solutions LLC. All rights reserved.