I love our British counterparts. Kind of. I love the way the keep calm. I love the fact that they claim to never raise their voices.
I don't know if I believe that. But it's a fantasy I have of one day not raising mine.
But I'm not head over heels about the way they railroad. I don't think separating infrastructure from train operations makes business sense for either. I don't like the evaporation of responsibility and authority intrinsic, IMO, to this separation, and compounded as programs are divided into tasks and tasks are contracted out to bidders. I have questions about their train control enforcement systems, and the assumptions behind the calculations that are supposed to ensure the safe separation of trains. Questions like-- Who does their math? Find out, and fire him/her/them.
Take, for example, this report from the UK's Rail Accident Investigation Branch on the "near miss" as a rail grinding train failed to comply with a stop signal and fouled the crossovers mere seconds after a deadhead passenger equipment train had cleared. It was close, really close, and close does count because close is the accident waiting to happen.
The skinny goes like this: At about 530 AM on May 5 2021, rail grinding train 6Z08, consisting of five units with control cabs on each end, passed signal LR 477 displaying "stop" at Sileby Junction. The train cotinued into the interlocking, beyond the fouling point for conflicting train movements utilizing the crossovers. The preceding authorized movement through the interlocking had just cleared the fouling point while crossing .
Although the driver belatedly applied the brakes, braking was triggered by an automatic enforcement system called TPWS (Train Protection Warning System). The TPWS will initiate an emergency application on a train that exceeds a "set" allowable speed at a set distance for the signal if the signal is at stop, or if the train passes the signal at stop. So the TPWS consists of an overspeed sensor system (OSS) and train stop sensor system (TSS). Got that?
There is no continuous speed enforcement, thus the "set" speed for the OSS function is a statistical derivation, not an operating one.
This is another case where there exists an underlying and unexamined assumption that trains never exceed the MAS for the track when passing over the point of automatic enforcement for an approaching restriction.
Without any automatic enforcement of the maximum authorized speed, there is no guarantee that the penalty brake application will be effective.. This is the critical flaw common to speed control that does not "oversee" and enforce against violations of maximum authorized speed under "normal conditions."
Our British cousins aren't alone in signing up for this "hole" in the train control net. FRA gave us a version of this when, after the Spuyten Duyvil overspeed derailment, it ordered MNR to "protect" civil speed restrictions requiring a speed reduction of 20 mph or more.
In reality any and all civil restrictions might require reductions of 20 mph because the normal speed value was not protected from overspeed violation. So according to FRA, a civil restriction requiring a speed reduction from 69 mph to 50 mph did not require protection, based on the assumption that no violation of the 69 mph normal speed would ever occur.
We know what "assume" does, don't we? For the benefit of those few who don't, "a-s-s-u-m-e" makes an "a-s-s" out of "u" and "m-e."
First the nested authorities involved in the operation of the rail grinder. The rail grinding train is operated by Colas Rail UK on behalf of Network Rail. Colas Rail employs the train's operating crew. Network Rail the government subsidized "owner" of the infrastructure is responsible for maintenance of track and signals. .
Loram UK Ltd owns and maintains the rail grinding train. Loram also tests and verifies the braking rate of the train which must achieve a minimum -.046g (g is the acceleration due to gravity, 32.18 ft/sec/sec. Under test conditions the train was able to achieve -.049g. This permitted a train maximum authorized speed of 60 mph. At 60 mph, at the minimum allowable brake rate, a train requires 2616 feet to stop. This calculation ignores the "set-up" time between the activation of the brakes and the application of a real retarding force.
The RAIB report does not indicate if the minimum brake rate is mandatory for service braking or emergency braking, but the actual performance of train 6Z08 makes it clear that the brake rate is achieved under emergency braking. The train's actual speed at initiation of the emergency braking was 53 mph. Using the verified brake rate, 6Z08 would require 1916 feet to stop
--Comment: Mandatory brake rates should never depend on emergency braking. Signal design distances, braking distances to zero velocity are always based on the normal operation of the train, an operation that does not envision or require the use of emergency braking due to the potential disruption to service, and damage to equipment and personnel possible with the emergency braking.
The deadhead equipment train, 5P01 was operated by East Midlands Railway.
Track identification in Britain is "London-centric." Main tracks are not numbered and not even identified by direction of travel. It's all about London. UP is always used to designate tracks for traffic toward London. DOWN is always used to designate tracks for traffic away from London.
-- Comment: Now you know the source for The Clash's "London Calling."
Tracks can be UP FAST, UP SLOW, DOWN FAST, DOWN SLOW, the fast and the slow dependent on the authorized speed for train operation.
Sileby Junction governs movement on a section of four main tracks. From south to north, The tracks at Sileby are configured: Down Fast, Up Fast, Down Slow, Up Slow.
The rail grinding train occupied the Down Slow track where the MAS is 65 mph, above the train maximum. At Sileby Junction, Signal LR 477, governing movement on the Down Slow displayed "stop" while train 5P01 occupied the interlocking as it crossed over from the Up Fast to the Up Slow track.
The approach to signal LR 477 on the Down Slow is protected by one wayside "distant" signal, LR 473, and two in-cab warning systems AWS (automatic warning system), and TPWS (train protection warning system). When LR 477 displays "stop," LR 473 displays a single yellow aspect, indicating caution. No numerical speed value is specified by the indication. LR 473 did display "caution." The signal is located 2580 meters to the rear of signal LR 477.
--Comment: WTF? Why is the distant signal so unreasonably distant from the controlled signal? So that the LR 473 can be located adjacent to the distant signal for traffic on the Down Fast track where MAS is 110 mph. Saves a little money, I guess.
This is what happens when signal aspects are detached from numerical speed values. The signal locations become near valueless as requirements for deceleration
When train 6Z08 passed signal LR 473, the AWS sounded an audible alert in the cab, which required the driver to acknowledge. The system also displayed a "reminder" of the caution indication, but no deceleration to a numerical speed was required.
The OSS sensors are set a specific distance from the interlocking and will initiate an emergency brake request if the speed of the train exceeds a preset speed. In this case, the overspeed sensors are 272 meters to the rear of LR 477, and will "trip" if a train exceeds 33 mph.
The TSS is designed to initiate an emergency brake application on trains operating "underspeed" by the OSS sensors but still violate the signal.
The OSS is intended to prevent the offending train from reaching a fouling point where it would obstruct a train already moving in the interlocking. At Sileby Junction, the foul point is 262 meters in advance of signal LR 477. The total distance from the OSS sensors to the foul pointis is 534 meters or 1752 feet, 164 feet short of the 1916 feet needed (theoretically) by train 6Z08.
The rail grinding train passed the OSS sensors at 53 mph, which triggered the emergency brake application. As it entered the interlocking the speed had been reduced to 40 mph, giving us a brake rate of approximately -.0444g. The train continued for another 340 meters, before stopping in the foul of the crossovers. The brake rate achieved for this section of the movement was -.051g. Total distance to reach zero velocity measured 2008 feet, 92 feet more than the "theoretical value." Overall deceleration rate was -.0468g.
What can we say? We can say TPWS is not a system I would trust with my life or yours. It's not a control system period, but a statistical approximation of a control system based, not on actual operating variables, but estimates of operating variables that are inadequate and ill-informed. There is no cap on maximum speed. There is no buffer or accounting based on the "worst case" lowest braking rate .
According to RAIB, Network Rail evaluates the effectiveness of TPWS at a specific signal with its proprietary Signal Overrun Risk Assessment Tool (SORAT). SORAT is based oon timetable scheduled movements between 0700 and 1900 hours. Timetable movements all involve equipment with braking rates greater than that of train 6Z08. Despite this "optimization" of the environment, the SORAT evaluation for TPWS effectiveness at signal LR 477 was only 86.24 percent. It worked 5 out of 6 times. Is that not good enough? No, it is not.
After this incident, Network Rail commissioned another evaluation of TPWS effectiveness at signal LR 477. This review excluded trains with lower braking rates, but concluded "that TPWS at signal LR 477 was not fully effective even for freight trains" with -.08g braking rates when operating at the MAS of 60 mph.
Lessons? 1. You have to enforce against violation of the MAS 2. Signals must include mandatory speed values 3. Your worst case governs. Always.
David Schanoes
July 21, 2022
Wasted Space
Copyright 2012 Ten90 Solutions LLC. All rights reserved.