"While the NTSB is still in the very early stages of its investigation into this tragic accident here in our nation's capital," said Acting Chairman Mark V. Rosenker, "we have concerns about the failure of WMATA's train control system to prevent this collision." Rosenker continued, "By calling upon WMATA to take swift action to upgrade the safety redundancy of its system and by urging FTA to alert other transit agencies of the hazards of single point failures such as the one experienced by WMATA, we hope to prevent something similar from happening again."The NTSB memo is nothing new, it's been known for weeks now that a track sensor was working improperly and caused the lead train to disappear from the system. The second train, running in automatic mode, did not detect there was a train ahead of it. As such, it did not slow down until the operator spotted the train and hit the emergency brake. Sadly, there was not enough time to stop the train before the collision.
It's also rumored that a similar failure had occurred previously in the tunnel between Rosslyn and Foggy Bottom, but operators were able to stop in time.
We also know that the BART system in California uses a system similar to that of Metro, and they added a secondary layer of protection.
At issue isn't whether or not the system was designed to be safe, or if in theory the system is safe. The problem is that the system was never designed with failure in mind. When designing a system that must be extremely reliable, it's important to factor in that things will fail. Accidents will happen, and they generally are never a simple matter of the wing falling off an airplane or a wheel coming off a train. It's a series of small failures that cascade into something far worse than any individual failure. Why did no one ever consider "what would happen if a sensor failed, and the train disappeared?" Was the answer to that simply, "well, then the operator will see a train ahead of them?"
WMATA has come out with a response to the NTSB, essentially saying that they can't immediately comply with this recommendation:
It is important to know that there are currently no systems available commercially that could provide the Metro system with the kind of alerts that the NTSB has recommended, and that such a system must be invented.Also:
As a result, we will be developing a new system that will be specifically tailored to Metro. Metro is in the process of contacting vendors who have the expertise needed to help us develop this service, and we are preparing cost estimates on this application.So it's going to be expensive, and it's going to take a long time to develop.
But the real hidden gem in all of this was the following from the WMATA press release:
In spite of the issuance of this recommendation, the NTSB still has not determined the root cause of the accident. Every component of that circuit has been replaced, but the problem still persists. (Emphasis mine)So if I understand, the track sensors that malfunctioned have been replaced, yet they are still failing. So, it was not really a failure of a sensor, but rather a failure of the entire system. A failure that is still unexplained. That means that at any given time, the train you are on could be on a collision course with a stopped train, and you're hoping against hope the operator sees it in time.
So let me ask the questions, again.
In other news, there was a fatal accident at a Metro construction site in India. Following the accident, the head of their Metro, Elattuvalapil Sreedharan, submitted his resignation. He said he was accepting "full moral responsibility." He was later urged to reconsider, and his resignation was not accepted. However, he was quoted as saying:1. When was the first time Metro suspected trains could disappear from the system?2. Are you sure about that answer, given that a train "disappeared" in 2005?3. What was done to address this failure?4. If the sensor was replaced and the failure is still occurring, can the system truly be considered safe?
“People should be prepared to take decisions and not pass on the buck,” he said. “We should be able to trust people in power, which means people in power should have a proven integrity.”His gesture says a lot, and should serve as an example.
For those of you still wondering about the Catoe Watch--this is about accepting responsibility for a failure within an organization, even if that failure was not directly your fault. It shows that you are accountable for the actions of those who work below you, and that their failures are your failures, just as much as their successes are your successes.