An analysis of NTSB’s findings

Photo courtesy of
‘Negative’
courtesy of ‘lorigoldberg’

NTSB sent out letters yesterday to WMATA,  Alstom Signaling, Inc, Federal Transit Administration and the Federal Railroad Administration. Each letter is slightly different but they all describe what NTSB believes to be the root cause behind the June 22nd Red Line crash.

Alstrom Signaling acquired General Railway Signal, the company that manufactured the WEE-Z bonds used in the metro system and installed in the 1970s at the Ft. Totten section of the red line. These are the devices used to sense and signal the presence of trains on the line and what have been suspected to be the root cause of the June collision.

The letter states “the investigation is ongoing” but confirms that these WEE-Z bonds, and the train sensing signal, continue to be the prime suspect. Immediately after that disclaimer NTSB says the following:

[P]ostaccident testing showed that the track circuit at the accident site lost detection of train 214 when it stopped at the location where the collision occurred. Because the automatic train protection (ATP) system was not detecting train 214’s location, the following train (train 112) did not receive a command to slow or stop in order to maintain train separation.

After that point we get into some pretty hard-core geek speak, but if you’re interested I’ll do a little translation.

Photo courtesy of
‘Film! – Canon A-1 – Morning At Cheverly Station’
courtesy of ‘mosley.brian’

The automatic train protection (ATP) system Metro uses is based on dividing up the whole system into circuits, segments of track that are monitored to determine if there is a train currently on that segment. The Washington Post has reported in the past that they’re of varying length, anywhere between 400 feet and 1,000 feet long.

Why the varying length? Because the purpose of the system is to tell approaching trains to go or stop, and you need more or less notice depending on where in the system you are and how far apart  you want to keep the trains. You also may want them to get closer to each other in certain situations, such as immediately outside a stop. So segments closer to the station are shorter, since you don’t want a train waiting to come in to be waiting a fifth of a mile away.

There’s also differing maximum speeds depending on where in the system the train is. Out where the collision happened it’s pretty high, 59 mph. Areas with higher maximum speeds are going to need longer segments.

These train segments aren’t actually divided in any physical way. The system used doesn’t require actual electrical separation on the tracks or special connections. Creating a segment involves attaching a transmitter bond at a certain point and receiver bonds on either side of it. This seems to be the patent describing this system.

What those transmitter bonds pump out is based on the output of the actual transmitter equipment back at the station and sent down a cable to the transmitter. Similarly, the receiver bonds send what they get back along a cable to the same room, where it’s decoded and looked at.

Out on the track it looks something like this:

… represents a length of track
R represents a receiver bond
T represents a transmitter bond

…(R)(Ra)…………….[segment A]………….(Ta)…………[still segment A]……(Ra)(Rb)…..[segment B]……(Tb)………[still segment B]……………(Rb)(R)…………

When those receivers see the signal they’re tuned to receive, they energize a track relay that says “everything’s A-OK.” Presumably these work this way as a guard against transmitter failure: the relays, which indicate that the track is clear and it’s okay to proceed, must be actively enabled by the transmitter and receiver working together. If one or the other conks out, the relay isn’t energized and the system says NO GO, BUDDY!

It’s the way you want a safety feature to work, rather than a “no news is good news” approach. Think of it as the electronic version of requiring someone to tell you to go ahead, rather than just going if nobody told you otherwise. This way if one of these pieces break or lose power the whole thing becomes a no go.

When a train is on the tracks, the wheels connect the rails on either side and prevent that transmitter’s signal from getting to the receiver. NTSB calls it a shunt, which seems an odd phrasing to me but I’m not an electrical engineer; perhaps there’s another meaning here. The important thing is that what it does is prevent the receiver from seeing the signal it expects to see, the signal it’s tuned for, so it doesn’t energize the relay.

That’s where the problem is, based on reading this NTSB letter. In their testing, they discovered that those receiver circuits would pick up some junk signal and energize the relay, even though there was a train on the tracks preventing the signal from the track-mounted transmitter from getting through via the channel it’s expected to travel.

The NTSB discovered that the transmitter device back at the station was putting out that created signal through another path; a component in the power supply was feeding what is essentially an “echo” of that signal out through a heat sink, along the metal racks the transmitter was mounted in, and out along the power supply which fed both the transmitter and the receiver.

Imagine having a phone conversation with your neighbor. She presses the mute button, preventing you from hearing anything through the phone, but you hear her from next door through the open window. Not a perfect analogy, but it gets across the point: the receivers were getting a signal in an unanticipated way.

That seems to be what NTSB is identifying as the problem. The receivers shouldn’t have seen the signal and thought it was okay to energize the relay. Because of this bleedover of the signal through the power supply, they did detect the signal – or close enough to fool them – and energized the relay, causing the oncoming train to believe it was clear to proceed.

The bleedover is not a complete replication of the signal, and the text of NTSB’s letter implies that they believe that this might be a result of a bad calibration and a sensitivity issue:

WMATA maintenance records show that an impedance bond for the track circuit where the accident occurred was replaced 5 days before the accident, which required the track circuit signal strength to be adjusted to accommodate the new equipment. Investigators are continuing to examine train control system circuitry to better understand how the train control system functioned prior to the accident.

The NTSB’s recommendation letter to WMATA asks that they work with the hardware manufacturer to identify other track circuits that might be susceptible to this kind of interference, which they tag as urgent. They also suggest that WMATA set up a program to regularly check that equipment is working within design tolerances.

They’re sufficiently convinced that this is the issue that the letters they sent the Federal Transit Administration and the Federal Railroad Administration contained suggestions that they ask all rail operators using this kind of signaling method to investigate the possibility of this sort of signal interference.

The results of postaccident testing and the ongoing investigation also have raised concerns about how routine track circuit adjustments and/or changes in the operating characteristics of electronic components in ATC systems may affect system performance. The modules at the Fort Totten station are original equipment that was manufactured by General Railway Signal6 and installed when the Red Line was constructed in the 1970s. WMATA maintenance records show that an impedance bond for the track circuit where the accident occurred was replaced 5 days before the accident, which required the track circuit signal strength to be adjusted to accommodate the new equipment. Investigators are continuing to examine train control system circuitry to better understand how the train control system functioned prior to the accident.

Well I used to say something in my profile about not quite being a “tinker, tailor, soldier, or spy” but Tom stole that for our about us page, so I guess I’ll have to find another way to express that I am a man of many interests.

Hmm, guess I just did.

My tastes run the gamut from sophomoric to Shakespeare and in my “professional” life I’ve sold things, served beer, written software, and carried heavy objects… sometimes at the same place. It’s that range of loves and activities that makes it so easy for me to love DC – we’ve got it all.

Twitter 

4 thoughts on “An analysis of NTSB’s findings

  1. Thanks for this description.

    Electrical engineers sometimes refer to resistors that bypass things like signal circuits and motors as “shunt” resistors, so that’s probably where the odd terminology comes from.

  2. Yeah, I get that much but it may simply be that, lacking the patent for the WEE-Z itself, I don’t fully understand the way the signal is injected into the track.

    The method used, as I understand it, is to essentially use the tracks as a transmission medium for a waveform between… let me check this NTSB document… one of eight “frequencies between 2100 hertz and 3900 hertz.”

    For “shunt” to make any sense in this context the only explanation I have is possibly woefully inaccurate and over-simplified. If the signal is transmitted on the tracks as if they were speaker wire, with one the positive and one the negative line. If that was how they were utilized hen shorting them together – shunting – would eliminate their ability to carry the signal.

    However as I said, I’m not an electrical engineer, I’m a software guy and my training in signals and actual hardware layer stuff is highly theoretical and sparse.

  3. Have we become so digital that WMATA control system techs don’t understand the potential effect of installing a component with a different value on a resonant circuit? Here is a guess at what’s going on giving rise to the question based on an understanding from a 60’s Radio Amateur’s Handbook (“guess” and “amateur” being the important descriptors :-)

    The “fluttering” that’s described in news stories is most likely the circuit “ringing” like a tuning fork because of a build-up of energy at it’s natural resonant frequency.

    Impedance and capacitance components are chosen to control that behavior in analogue circuits ( like spring and shock absorber combinations (struts) in auto suspensions). The “adjustment” made to compensate for the new impedance bond installed shortly before the accident must have returned the circuit voltages to their static values without anyone realizing that the change that would increase the chance of a resonant condition in some conditions.

    The maintenance fix for this is would be to model the resonance of the circuits and to check for “gain” in range of the resonant frequencies stemming from environmental changes and component aging.

    The systemic change would be conducting brown bag lunch reviews for system engineers and techs of factors and the need for processes development to minimise the risk stemming from changes in resonant circuit behavior.

  4. > I don’t fully understand the way the signal is injected into the track.

    Start out thinking of DC. Put the [say 48v…] power supply hot (“+”) on the east rail; the return (-) on the west.

    Go to the other end of the block, and put a relay across the rails. With no train, and unbroken rails; the relay is powered UNTIL a train axle shorts the rails together; then it drops.

    With AC, the only difference is the WeeZbond. It’s a short between the rails at DC, but open at AC. In addition, it’s a DC short to ground; back to the substation.

    So the rails form an AC loop, shorted by any axle; but both rails are at DC ground for the third rail power.