Thursday, December 28, 2017

A Trojan Horse of a different color

Written by 
A Trojan Horse of a different color

Way back in the day ... I’m talking way back like 2013, the Federal Transit Administration (FTA) was about to award some eager, bright, inquiring minds some money to do a study of the challenges and problems of PTC implementation on commuter railroads. The purpose of the study was to identify these challenges, and develop some iteration of “best practices” that might be of help to other properties facing the challenge of PTC implementation.

FTA was offering a fair bit of cash for the study, and if I recall correctly, the “due date” for the report to be derived from the study was near the end of 2015. That kind of made sense, back in that day, as PTC was mandated for full implementation no later than Dec. 31, 2015. Remember that? Remember those days?

Now, I wanted that gig. Ron Lindsey and I had completed a study on the feasibility of PTC installation on the Egyptian National Railway (ENR). I figured that if we could figure out a way to implement PTC (and we did, even if ENR never followed through) on 1850s legacy British token block, and token-less block, with mechanical interlockings, with manual grade crossing protection, where authority violations were (unfortunately) all too frequent, where the braking algorithm presented a somewhat greater challenge, given that not all freight cars on freight trains had brakes, or even shared a common brake pipe, where “end of train” might be an “X” factor, we would be just what the doctor ordered for the challenges facing U.S. commuter railroads, such as:

• How do I get my train into an intermediate station to do station work, when the platform ends right at the home signal of an interlocking, and the signal is at Stop?

• What if I don’t want to install PTC in my passenger terminal where I’ve just been awarded a main line track exemption, but I still want to prevent my trains from hitting the bumping blocks, or running off the ends of the platform or yard tracks?

But you know how these things go: They never go according to plan. Pretty early on in the solicitation process, it became painfully clear that FTA had its heart, mind and wallet set on California, or more precisely, studying the Southern California Regional Rail Authority (SCRRA), popularly known as Metrolink. Well sure, Metrolink had suffered the 2008 collision at Chatsworth, which motivated Congress to pass the RSIA of 2008 requiring PTC; and sure, SCRRA had vowed to meet the 12/31/2015 deadline; and sure, who doesn’t love California? I know I love California!

Still, that fixation on SCRRA didn’t make complete sense to me, since most of the commuter service in the U.S. is clustered around, connected with, operated into or adjacent to Amtrak’s Northeast Corridor. Those properties would be installing ACSES II, or at least systems that were compatible with Amtrak’s ACSES II, and were bound to experience problems and challenges too, weren’t they?

The gig wasn’t leaving California, though, and a team from the University of Southern California—palmam qui meruit ferat*—won the assignment. Congrats, bonne chance, viel glück, surf’s up, hang ten, Go Trojans! And by the way, I couldn’t wait to read the report coming out some time in 2015.

It didn’t. A bit delayed, The FTA recently released the report, bearing a July 2017 date. To put it mildly, the report is disappointing.

The report states in its executive summary:

This report investigates the multilevel challenges—technological, human, organizational, and systematic—that SCRRA faced implementing the new technology, as well as many of the lessons the railroad industry can learn from these challenges.

Except, it doesn’t. It doesn’t examine the technological challenges involved in establishing the back office systems, the on-board systems, the wayside systems. It doesn’t examine the technological, human, organizational and systematic challenges faced when establishing the core functions of the PTC system that are supposed to eliminate human error by enforcing restrictions on train movements so as to prevent train-to-train collisions, overspeed derailments, unauthorized entry of a train into a section of track, and operation through an improperly lined switch.

There is no information specific to any of the challenges in establishing PTC as a functioning system of enforcement.

There is information presented about the challenge in securing the necessary radio spectrum to carry the wireless data radio messaging integral to PTC—but it turns out, that was a commercial challenge.

There is information about the difficulties SCRRA confronted in upgrading and replacing the computer-assisted dispatching servers (and work stations)—but again that’s not a problem with or a challenge to either the architecture or the functionality of PTC.

There is no information regarding any of the challenges encountered in translating the physical characteristics—track geometry; geography; locations of control points, curves, bridges, yards, switches—into a language resident inside the back office systems and the locomotive on-board computers.

There is no information regarding any of the challenges in developing, testing and refining the braking algorithms necessary for properly controlling train speed.

There is no information regarding the challenge presented by FRA’s requirement that PTC be capable of enforcing a “stop and flag” directive at a grade crossing when the automatic protection has failed, and what changes to the rules and special instructions were precipitated by, and required to support, this additional function—or if any changes to operating rules were required at all.

There is no information regarding the problems in establishing protection for roadway workers that is a bit more positive than just “blocking device applied.”

Now, this does not mean that the USC team is to blame for the lack of information. I’m not interested in assigning blame.

The USC team provides a statement of the problem to be investigated:

This research project focused on the safety and reliability of PTC technology for the commuter rail operating environment and on developing recommendations concerning best practices in the implementation of PTC systems. The research included evaluation of current PTC technology in general and the specific PTC system deployed by SCRRA …”

With a focus on a specific “work item”:

Evaluate SCRRA PTC performance and capabilities to generalize implications for other systems.

The report doesn’t do that. It doesn’t evaluate SCRRA PTC performance and capabilities. Period.

However, the team provides the following “evaluation” of its own investigation:

Although the USC team observed many elements of SCRRA’s PTC development in an attempt to develop concrete measures and empirical data, it was excluded from many development areas. For example, when attempting to study communication data, attempts to gain access to the data were blocked by a lack of response or resistance by vendors … Moreover, although biweekly update meetings were observed, requests for information often resulted in no response or considerable delays. As a result, the team was unable to observe the effectiveness of PTC in as much detail as originally proposed and did not have access to full-scale system tests. Because of this experience, it must be stressed that future studies such as this one cannot succeed unless investigators receive sufficient cooperation and access during the development process.

Let’s stop and take a minute to consider what the investigators have just told us about their own investigation: That they were blocked from certain critical information. They were blocked from access to full-scale system tests, and that for future studies such as this one to succeed, investigators must have access to that information. They’ve told us that in fact their own investigation cannot be considered successful!

We’re back to where we were with FRA’s explanation as to why it could not, or would not, provide any aggregate, or aggregate analysis, of the results of revenue service demonstrations of PTC: The railroads’ assertions of proprietary information.

I have never given much weight to railroad complaints about PTC being an “unfunded mandate,” but now I wish the U.S. government had decided to fund PTC installation, at least in the public service, non-profit sector of the industry, the passenger and commuter railroads. Then the Feds could have stipulated public access to testing data as part of the contract with the railroads, and the railroads’ suppliers.

I don’t hold the investigators responsible for the information they were not provided, or could not access. I’m way beyond playing the blame game. But I do hold these investigators responsible for saying, after identifying the lack of information as critically detrimental to their goal:

To achieve such fundamental elements of rail (system) safety, the industry must realize that systems such as PTC are very rarely the sum of their parts. Technology and human workers cannot integrate successfully unless there exists a deep respect for the complexity of systems, including how legacy practices must evolve to ensure positive change. Such systems operate and manage themselves independently, evolve over time into their roles within larger systems, and are often geographically distributed.

What does that mean? Other than the boiler plate that technology and human workers must “integrate” to form a whole system, exactly what does that mean? What does it mean to say such systems “operate and manage themselves independently, evolve over time ... within larger systems”?

Or this:

Therefore, as long as the industry can maintain proper non-conflicting directives that do not threaten sustainable behavior by overriding all other priorities, e.g., using on-time performance as a safety metric, the industry as a whole will tend towards a self–organizing, resilient equilibrium that autonomously achieves good performance.

It’s phrases like this—“the industry as a whole will tend towards a self-organizing, resilient equilibrium that autonomously achieves good performance”—that make me scratch my head and utter WTF? and, “Are you kidding me?”

There is no self-organizing principle on a railroad that “tends towards equilibrium” that “autonomously achieves good performance.”

There are numerous systems on a railroad, and all are designed to produce a product: the advertised service. There are obligations, demands, placed upon numerous systems and all employees to deliver that product.

There is the timetable, the schedule of service. That schedule purposefully and intentionally introduces disequilibrium for the purpose of satisfying imbalances in the service demand.

Systems are integrated, then, not by some autonomous principle of self-organization, but by the decisions and determinations of those responsible for delivering the service.

There is also unintended disequilibrium when equipment, human beings or systems fail, but neither the intentional nor the unintentional resolves itself. Both get sorted by effective management, with the knowledge of how to manipulate the railroad’s multiple systems.

It’s one thing to confuse, as the investigators do, PTC with CBTC. Lots of people do that. PTC is an enforcement system that overlays a pre-existing system for authorizing train movements, whether that system be manual block, track warrant, automatic block where signal indications are the authority for train movements, or timetable/train order authority.

CBTC is a completely distinct system for authorizing train movements. CBTC overlays nothing. It is sui generis, replacing the systems that are the basis for PTC.

That’s one thing, confusion. It’s quite a different thing to produce the following statement:

During the switchover to the new system, SCRRA reported 90% of successful overall runs operating PTC from June 2015 to February 2017.

And then go on to identify that “90%” as some sort of success; as a metric of what the authors call a “high reliability operation.” Ninety percent is in no way reliable enough in railroad operations for a train control system.

Suppose you installed a cab signal system (CSS) supplemented by automatic speed control (ASC) and removed the fixed wayside intermediate signals, preserving, of course, fixed signals at interlockings.

Now suppose that CSS-ASC system failed 10% of the time, requiring that one or both had to be disengaged, cut-out by trains enroute, and the trains then had to operate under special rules to preserve the safety of the overall operation.

Such a system would present a safety hazard to train operations. That 90% “success rate” would degrade the safety of train movements below that established by the previous system that utilized fixed wayside signals without CSS-ASC, as special instructions would now apply to 10% of the trains operating with a failed apparatus. The possibilities for human error producing exactly what the CSS-ASC was supposed to prevent would multiply, and almost exponentially.

Ninety percent “success” amounts to a system and systematic failure. It cannot be tolerated.

I don’t know where the 90% figure comes from. I do know that in the revenue service demonstration reports submitted to the FRA docket (FRA-2010-0048, available at www.regulations.gov), SCRRA was experiencing failure rates, “cut outs enroute,” “failure to initialize” etc. far greater than just 10%.

The real information is the information that needs to be investigated in the implementation of PTC enforcement; the information that other railroads need to know is precisely the information that tells us how the improvement to 90% was achieved; the information that might convince us that the steps taken to achieve a system reliability of 90% reliability will get SCRRA, and PTC everywhere, and all of us with it, to 99.99% reliability.

* Palmam qui meruit ferat, the University of Southern California’s motto, can be loosely translated from the Latin as “let whoever earns the palm bear it.” The expression reflects the broad significance of palms, palm fronds and other branches of foliage as symbols of triumph, victory, ascension and regeneration in ancient times, and in particular may allude to the Roman custom of giving the victorious gladiator a palm branch as reward for prowess.

David Schanoes

David Schanoes is Principal of Ten90 Solutions LLC, a consulting firm he established upon retiring from MTA Metro-North Railroad in 2008. David began his railroad career in 1972 with the Chicago & North Western, as a brakeman in Chicago. He came to New York 1977, working for Conrail’s New Jersey Division. David joined Metro-North in 1985. He has spent his entire career in the operating division, working his way up from brakeman to conductor, block operator, dispatcher, supervisor of train operations, trainmaster, superintendent, and deputy chief of field operations. “Better railroading is ten percent planning plus ninety percent execution,” he says. “It’s simple math. Yet, we also know, or should know, that technology is no substitute for supervision, and supervision that doesn’t utilize technology isn’t going to do the job. That's not so simple.”

More in this category: « Remember that?

Get the latest rail news

Rail news and analysis from Railway Age, IRJ and RT&S by email