NTSB sent out letters yesterday to WMATA, Alstom Signaling, Inc, Federal Transit Administration and the Federal Railroad Administration. Each letter is slightly different but they all describe what NTSB believes to be the root cause behind the June 22nd Red Line crash.
Alstrom Signaling acquired General Railway Signal, the company that manufactured the WEE-Z bonds used in the metro system and installed in the 1970s at the Ft. Totten section of the red line. These are the devices used to sense and signal the presence of trains on the line and what have been suspected to be the root cause of the June collision.
The letter states “the investigation is ongoing” but confirms that these WEE-Z bonds, and the train sensing signal, continue to be the prime suspect. Immediately after that disclaimer NTSB says the following:
[P]ostaccident testing showed that the track circuit at the accident site lost detection of train 214 when it stopped at the location where the collision occurred. Because the automatic train protection (ATP) system was not detecting train 214’s location, the following train (train 112) did not receive a command to slow or stop in order to maintain train separation.
After that point we get into some pretty hard-core geek speak, but if you’re interested I’ll do a little translation.
The automatic train protection (ATP) system Metro uses is based on dividing up the whole system into circuits, segments of track that are monitored to determine if there is a train currently on that segment. The Washington Post has reported in the past that they’re of varying length, anywhere between 400 feet and 1,000 feet long.
Why the varying length? Because the purpose of the system is to tell approaching trains to go or stop, and you need more or less notice depending on where in the system you are and how far apart you want to keep the trains. You also may want them to get closer to each other in certain situations, such as immediately outside a stop. So segments closer to the station are shorter, since you don’t want a train waiting to come in to be waiting a fifth of a mile away.
There’s also differing maximum speeds depending on where in the system the train is. Out where the collision happened it’s pretty high, 59 mph. Areas with higher maximum speeds are going to need longer segments.
These train segments aren’t actually divided in any physical way. The system used doesn’t require actual electrical separation on the tracks or special connections. Creating a segment involves attaching a transmitter bond at a certain point and receiver bonds on either side of it. This seems to be the patent describing this system.
What those transmitter bonds pump out is based on the output of the actual transmitter equipment back at the station and sent down a cable to the transmitter. Similarly, the receiver bonds send what they get back along a cable to the same room, where it’s decoded and looked at.
Out on the track it looks something like this:
… represents a length of track
R represents a receiver bond
T represents a transmitter bond
…(R)(Ra)…………….[segment A]………….(Ta)…………[still segment A]……(Ra)(Rb)…..[segment B]……(Tb)………[still segment B]……………(Rb)(R)…………
When those receivers see the signal they’re tuned to receive, they energize a track relay that says “everything’s A-OK.” Presumably these work this way as a guard against transmitter failure: the relays, which indicate that the track is clear and it’s okay to proceed, must be actively enabled by the transmitter and receiver working together. If one or the other conks out, the relay isn’t energized and the system says NO GO, BUDDY!
It’s the way you want a safety feature to work, rather than a “no news is good news” approach. Think of it as the electronic version of requiring someone to tell you to go ahead, rather than just going if nobody told you otherwise. This way if one of these pieces break or lose power the whole thing becomes a no go.
When a train is on the tracks, the wheels connect the rails on either side and prevent that transmitter’s signal from getting to the receiver. NTSB calls it a shunt, which seems an odd phrasing to me but I’m not an electrical engineer; perhaps there’s another meaning here. The important thing is that what it does is prevent the receiver from seeing the signal it expects to see, the signal it’s tuned for, so it doesn’t energize the relay.
That’s where the problem is, based on reading this NTSB letter. In their testing, they discovered that those receiver circuits would pick up some junk signal and energize the relay, even though there was a train on the tracks preventing the signal from the track-mounted transmitter from getting through via the channel it’s expected to travel.
The NTSB discovered that the transmitter device back at the station was putting out that created signal through another path; a component in the power supply was feeding what is essentially an “echo” of that signal out through a heat sink, along the metal racks the transmitter was mounted in, and out along the power supply which fed both the transmitter and the receiver.
Imagine having a phone conversation with your neighbor. She presses the mute button, preventing you from hearing anything through the phone, but you hear her from next door through the open window. Not a perfect analogy, but it gets across the point: the receivers were getting a signal in an unanticipated way.
That seems to be what NTSB is identifying as the problem. The receivers shouldn’t have seen the signal and thought it was okay to energize the relay. Because of this bleedover of the signal through the power supply, they did detect the signal – or close enough to fool them – and energized the relay, causing the oncoming train to believe it was clear to proceed.
The bleedover is not a complete replication of the signal, and the text of NTSB’s letter implies that they believe that this might be a result of a bad calibration and a sensitivity issue:
WMATA maintenance records show that an impedance bond for the track circuit where the accident occurred was replaced 5 days before the accident, which required the track circuit signal strength to be adjusted to accommodate the new equipment. Investigators are continuing to examine train control system circuitry to better understand how the train control system functioned prior to the accident.
The NTSB’s recommendation letter to WMATA asks that they work with the hardware manufacturer to identify other track circuits that might be susceptible to this kind of interference, which they tag as urgent. They also suggest that WMATA set up a program to regularly check that equipment is working within design tolerances.
They’re sufficiently convinced that this is the issue that the letters they sent the Federal Transit Administration and the Federal Railroad Administration contained suggestions that they ask all rail operators using this kind of signaling method to investigate the possibility of this sort of signal interference.
The results of postaccident testing and the ongoing investigation also have raised concerns about how routine track circuit adjustments and/or changes in the operating characteristics of electronic components in ATC systems may affect system performance. The modules at the Fort Totten station are original equipment that was manufactured by General Railway Signal6 and installed when the Red Line was constructed in the 1970s. WMATA maintenance records show that an impedance bond for the track circuit where the accident occurred was replaced 5 days before the accident, which required the track circuit signal strength to be adjusted to accommodate the new equipment. Investigators are continuing to examine train control system circuitry to better understand how the train control system functioned prior to the accident.