As I understand it, PTC involves communication between the train, centralized dispatch and sensors in or along side the track. My question is this - when it comes to controlling the speed why is there any communication required between the train and anything other than the one-way from GPS satellites? I can see how ground communication would be important so that changing conditions along the route can be figured in to the equation. But in areas where there is a set speed limit why can’t a GPS on the train either override the engineer or give a warning if the speed is excessive. The train knows where it is, how fast it should be going and how fast it is actually going. It seems this would be off-the-shelf technology. Is this a case of excellent being the enemy of good?
Positive Train Control could manage train speeds with only a connection between the train and GPS satellites (really just a receiver on the train, wouldn’t need a two-way connection) except that it does more than just manage a train’s speed. A major part of what PTC does is prevent collisions between trains and control the distance between trains. For that, it needs to know where the other trains are and a connection to dispatch is necessary. PTC also is supposed to protect workers near the railway and change the speed of the train in response to conditions on the track that a simple GPS receiver couldn’t tell the train anything about.
As for the timing, PTC was originally to be required on all trains by 2015, but the rail industry and the federal government extended that deadline to December 2018, a move which has been criticized for contributing to deaths in railway accidents since then.
Both the fatal derailment in Philadelphia and this most recent one appear to simple cases of “speeding”. This is akin to Controlled Flight Into Terrain - when a pilot flies a perfectly operating plane into the ground. In spite of all the investment in air traffic control, modern planes are often equipped with terrain avoidance warnings that are independent of ATC. It seems a simple GPS-based system that, minimally, warns the engineer that he is coming up on a lower speed area or sounds an alarm if the train is over the speed limit would have saved lives. Having it coupled to the controls would be even better. I don’t understand why such a system isn’t mandated until the full PTC is in place. How much could it cost? Far less than they will be paying out in lawsuits, that’s for sure.
That’s because less regulation is better until enough people die for someone to say “Hmmm, I guess more regulation might be better”
Too bad the deaths couldn’t have been prevented beforehand.
Also remember that railroad tracks are often less than three meters apart. That’s tricky accuracy to get at all times from GPS. And GPS doesn’t work at all in tunnels or tracks not open to the sky, as found in big cities.
I would have thought that a more cost-effective approach would be trains getting a “track warrant” to occupy each successive section of track by rolling over a cheap RFID chip identifying the track block to be occupied and then using a cellular phone signal to query the central computer. Fail-safe, of course. But I have to presume that smart experts decided on the PTC technology.
Three meter accuracy matters when you need to know which of two (or more) parallel tracks a train is on. Not so much on a stretch when it comes to speed limits. The limit will be the same in both directions on all tracks. I’m sure there are some limited exceptions to this but for all practical purposes… I submit that an app on a mobile phone could have prevented these crashes. I know, they don’t want phones distracting drivers. A $100 GPS in the engineers compartment could do the same thing.
Would you even need GPS? Wouldn’t a sensor on the track right before the lower speed limit track suffice? The sensor could communicate with the train to make sure the speed fit the track.
As said, GPS doesn’t work in tunnels, and trains typically go through a lot of tunnels. Much more than roads.
Huh? There are no sidings or yards in your world?
Train tracks don’t work like Interstate highways. Outside the Northeast, it’s rare to even have double tracks, and a line busy enough to be double-tracked will be set up for bidirectional operation.
You make my point for me. What does three meter accuracy matter on a single track? A dangerous curve is dangerous in both directions. I’m not talking about a system that will automatically run trains, just something that would say “Hey! The speed limit here (or soon will be) is 30. Slow down!” It is simple off-the-shelf technology. Hell, we have self-driving cars that operate in a much more complicated environment than trains. And to continue the airliner analogy, stick shakers and terrain avoidance systems aren’t meant to replace ATC but to get the pilot to pay attention to what’s going on around him. Same with what I’m talking about. And because GPS doesn’t work in tunnels you discard for the other 99% of situations? One could go on and on about the limitations of such a system. I’m talking about what it COULD do. I asked it as a rhetorical question in the OP but I’ll submit it here that this is a case of the perfect being the enemy of the good.
The safety regulation of railroads in the US is not unlike the FAA. Nothing gets done until it’s been tested and approved to umpteen decimal places.
Another couple accidents in rapid succession may get them moving on some kind of GPS-based speed monitor app on a tablet or phone.
It’s not really true that speed limits are the same in both directions on any given section of double track. Or even single track. Yes, in many areas they are. But far from all.
The reason being that trains change speed very slowly. Pulling out of a sharp curve onto a straightaway the limit can increase from 30mph to 50mph as soon as the lead engine clears the turn. The rear of the train half a mile back will be out of the turn before a heavy freight is up from 30 to 40, much less 50.
OTOH, going the other way the train needs to start slowing from 50 to 30 while still on the straightaway a half-mile or more before the lead engine gets to the curve.
If there’s slopes involved the lead or lag for speed changes gets even larger.
What’s hard is certifying all the edge cases.
Neither of these would make any difference if the engineer decides to ignore them because he’s under pressure to ‘make the schedule’!
There are already speed limit signs along the track telling what the limit is. So it’s not like the engineer doesn’t know what the speed limit is. It’s that he has other, competing interests at the time. Just like all of us driving our cars home from work every day.
The thing about safety critical systems is that there are no end of “it would be easy to make xxx do yyy” that have edge cases that make things more dangerous. Cases that you haven’t thought of.
There is decades of experience with software safety critical systems, and hundreds of years of safety critical procedural systems (and trains being the exemplar) that underline these problems.
Safety critical has to take into account a wide range of things, including human factors, and how the system responds in the case of failure in other components. It is really really hard.
You can’t usefully have a warning system that is unreliable. You have to be able to reason about stability in the system. And stability can be a desperately difficult thing to manage.
The bottom line is that short term solutions for such systems are never a good idea. If you have a proven, time tested system, albeit one with known flaws, and a new well understood better system
coming, an interim stop gap “improvement” is pretty much guaranteed to make things less safe.
Whilst it is easy to conceptualise a new add on to the system, proving it adds anything to safety, and testing it well enough to be sure it does nothing to reduce safety (for instance by having too many false warnings) is extremely time consuming and takes exacting work. Even the most trivial changes have a minimum time for implementation because of these factors.
I’m sorry, but what other, competing interests could an engineer have?
Girl/boy trouble, family crisis, death of loved one, minor alert from the train’s systems, communication from train controller, you can go on and on.
This is why human factors in safety critical are so important. If a train engineer misses one in a million speed signals, across your train network there is probably one a day that is missed. If one in a thousand signs are absolutely critical, you get an accident once every three years.
This accident is particularly special in that this was the first ever standard run of the route since commissioning. There will be a lot of concentration on issues like unfamiliarity with the route, placement of speed restriction signage, distraction of the driver, training and so on.
You can be pretty sure that the driver thought he was driving the train perfectly correctly. Just what caused him to miss the needed speed reduction will probably take some teasing out, and may never be fully nailed down. But you can be sure that the design and layout of the speed restrictions and signage won’t be left the same as it was.
While several of Amtrak’s most recent crashes have involved overspeed situations, it’s worth remembering that historically the much larger problem to be solved was giving only one train authority to occupy a particular section of track at a particular time. Since trains take such long distances to come to a stop, they can’t operate “on sight” the way autos can. Track authority is the much bigger problem to be solved by PTC, and it’s vital to distinguish between tracks that are side by side, less than four meters apart.
I may be mistaken, but I’m not convinced that a GPS could reliably tell youwhich of these tracks a train was on. That information is fairly important in the moment.
…like the 2008 Chatsworth train collision, where a distracted Metrolink engineer ran a red light, resulting in a head-on collision. Also the 1987 Maryland train collision. There is no GPS-based system that can prevent this kind of accident. There ATC/PTC system needs to know where all the trains are at all times. And the Maryland accident occurred where there are 3 parallel tracks side by side.
There’s also the 2009 Washington Metro train crash caused by faulty ATC track sensors that failed to detect the presence of a train. With a GPS-based system, a train will disappear from the system every time it went into a tunnel.
Trains are also very important during war time. They must be able to increase capacity and run far higher loads during times of war. These days, knocking out a geospatial satellite is within the abilities of quite a few countries. If trains depended solely on GPS we’d be extremely vulnerable. Redundant systems with multiple points of failure are key to durability and safety.
One of the issues with the visual signs and signals is the railroads did/do not install them redundantly. e.g. at the border between a 50mph zone and a 30 mph zone there will be a speed change sign. But throughout the remainder of the 30mph zone there won’t be additional reminder signs.
Which means that if the operator is distracted for the 3-10 seconds the sign is close enough to read but not yet behind the train, the operator has zero opportunity to detect or correct the problem later.
The “traffic lights” that control entrance to the next segment of track have the same problem. The good news is lights are bright (except when silhouetted against a low Sun) and can be seen at a longer distance than signs can. The bad news is they can’t be seen around curves or through bridges or other obstructions.
See Signal passed at danger - Wikipedia for more background on this.
See Ladbroke Grove rail crash - Wikipedia for a classic accident of this type. In summary, there was a group of several tracks adjacent, with the signals arranged above the tracks. But not exactly aligned above the tracks. And on a curve. And sandwiched between two bridges where the operator had just a couple of seconds to see the signals, determine which one was for the train’s track, and observe the color before passing the signal.
If you didn’t know the signals would appear only for a moment as you popped out from under the earlier bridge obstructing your view, you’d be quite likely to not even notice they went by. Much less correctly figure out which one matched your track. Given the vast number of road bridges over tracks in an urban area, it’d also be easy to lose track of which bridge is the one hiding the signals. So you’re expecting to see it coming up *after *the bridge it’s really at. Oops.
This craptacular bit of safety systems design had been in use for decades. It was “good enough” until it wasn’t. Or so it seems. From a modern safety design standpoint that was a building in a statistically guaranteed accident. The only question is which date it will happen and how many people will be killed.
In my industry we call this “A setup to f*** up.” There aren’t as many as there used to be, but ferreting them *all *out is a big and never-ending job.