Mastodon

The June 2009 Metro Collision

There has been a ton of information coming out about the terrible Monday afternoon collision of two MetroRail trains in northeast Washington, DC. The collision, the deadliest in the over thirty-year history of the MetroRail system, killed nine and injured at least sixty.

General Background

MetroRail is the rail component of the Washington Metropolitan Area Transit Authority (WMATA, ‘Metro’) transit system, which also includes the MetroBus bus system. MetroRail operates in underground tunnels, surface rails, and elevated rails in different parts of the system. It began operation in 1976 and is today composed of over 1,000 passenger rail cars, 86 stations, and over 100 miles of track.

There have been a total of eight derailments or collisions in the history of MetroRail, including Monday’s. Six of those eight (3/4) have occurred since 2000, which has raised questions about the apparent deterioration of the system.

Incident History

Prior to Monday’s collision, the only incident resulting in passenger deaths (not including people on the tracks being hit by trains) was a 1982 derailment which crushed a section of a rail car against a tunnel pylon, killing three. Coincidentally, the 1982 MetroRail incident occurred during a snowstorm and on the same day that Florida Airlines Flight 90 crashed into the 14th Street Bridge. This day is still recalled by long-time Washingtonians as the worst transportation day in the history of the city—National Airport was closed following the plane crash, the 14th Street Bridge was impassible due to the crash, the Yellow Line of the MetroRail was at least temporarily halted (since it crosses very near to the 14th Street Bridge), the Metro Orange and Blue Lines were stopped due to the derailment, and all of the roads had a bunch of snow all over them.

One collision between an in-service and out-of-service train during the Blizzard of 1996 resulted in the death of a train operator. This incident was caused by malfunctioning braking systems on the train.

Another collision occurred in 2004 when an out-of-service train rolled backwards down an incline and collided with an in-service train stopped at the Woodley Park station. 20 were injured, but there were no deaths.

Train Systems and Operation

There are six different ‘series’ of MetroRail trains, beginning with the original ‘1000’ series used when the system began in 1976. The most-recent ‘6000’ series cars began entering service in 2005. Earlier models, including the ‘1000’ series, have been refitted as they age. The 290 ‘1000’ cars still in service (before Monday) were last rehabilitated in the mid-1990s.

MetroRail was designed to operate in a largely automated fashion using a system called Automatic Train Control (ATC). In automatic mode, a centralized control system handles the acceleration and braking of trains throughout the system. When a train is operating with ATC, the operator is responsible for monitoring the system and ensuring its proper function. The operator is also responsible for opening and closing the train doors in stations.

At any time, a rail operator may switch a train into manual mode. In manual mode, the operator is directly responsible for acceleration and braking. Manual mode is used when there are ATC system malfunctions, or (on eight-car trains) for stopping in stations since, apparently, ATC is incapable of reliably stopping eight-car trains at the proper point on station platforms.

In addition to the ATC system, MetroRail also features a fail-safe system called Automatic Train Protection (ATP). The ATP system is engaged on every in-service train, whether it is operating in ATC or manual mode, and is intended to prevent the kind of collision that occurred Monday. ATP automatically stops a train—even when it is operating in manual mode—if it gets too close to a train ahead of it on the track.

In addition to these automated systems, each MetroRail train’s control panel includes an emergency button colloquially referred to as the ‘mushroom’. In the event of a failure of the ATC and/or ATP system, an MetroRail operator can hit the ‘mushroom’ which immediately cuts acceleration and applies the emergency brakes, stopping the train as quickly as physically possible in an emergency.

The Monday Incident

At about 5pm on Monday, an inbound six-car MetroRail train made up of ‘3000’ and ‘5000’ series cars came to a stop on the Red Line. Another train was servicing the Fort Totten station ahead of it. A second six-car train train following behind, made up of older ‘1000’ series cars, approached at apparently high-speed and collided with the stopped train. The impact decimated the lead car of the moving train, compressing it to about 1/3 of its normal length and vaulting many of its components—including debris and passengers—onto the roof of the stationary train’s trailing car.

The section of track where the collision occurred has a maximum permitted speed of 59 miles-per-hour. It is a surface track. The point of impact was on a gentle curve. Weather was clear and sunny, and visibility was good. The track faces generally in a south-eastern direction, so at 5pm the sun-glare would be unlikely to have an impact on visibility.

Preliminary information released by the National Transportation Safety Board (NTSB) indicates that the moving train was operating in automatic mode (ATC), and its ATP switch was in the proper ‘on’ position. In addition, the ‘mushroom’ had apparently been depressed by the operator, who died in the collision, and there is evidence on the tracks indicating that the brakes were, in fact, applied at some point prior to impact. It is currently unknown how long before the collision the emergency brakes were applied.

This collision was theoretically impossible, as it apparently required a cascading failure of three systems—the ATC, the ATP, and the train operator.

  • The ATC system is designed (obviously) not to ram trains into one another, and the ATC should have automatically held the following train at a safe distance as it waited for the two trains ahead of it to move on.
  • Once the ATC failed to hold the train, the ATP should still have prevented it from encroaching dangerously close to the train ahead of it.
  • Upon the unlikely (and inexplicable) failure of the two automated systems, it is the MetroRail operator’s responsibility to apply the emergency braking systems well before a collision.

There are a number of unknowns and potential mitigating factors, however, that could have an impact on this preliminary information.

  • It is possible that the ATC and ATP use the same mechanism to determine the locations of trains. If this is the case, it is a poor design. A failure in the mechanism used to detect the location of the stationary train ahead could, in this case, render both the ATC and ATP impotent. If this is the case, it is—frankly—inexcusable.
  • It is possible that the curve in the track, combined with the overpass located near the location of the accident, could have rendered the stopped train invisible to the operator until it was too late. In this case, the operator may have acted in an exemplary fashion and applied the emergency brakes immediately upon seeing the stationary train, but it may have already been too late for the fast-moving train to stop.

A combination of those factors could have rendered this incident almost impossible to prevent, however, again, it would be utterly appalling from an engineering standpoint to design supposedly-redundant systems (ATC and ATP) using the same data source.

Critical systems like this should leave nothing to chance. If I were designing the system, ATC would rely on (for example) two methods of determining the location of trains in the system. The fail-safe ATP system would then would rely on a combination of ATC instructions, an independent read of the two data sources used by ATC, and at least one completely independent data source (perhaps an on-board collision prevention system like that found on some luxury cars). If any one of those five indicators says there’s an obstruction ahead, ATP would stop the train immediately.

Unfortunately, the public details of the ATC and ATP systems are currently very limited, so I am having to make a lot of guesses about how they truly work.

My guess about this incident is that ATC and ATP probably rely on the same single source of information, and thus are surprisingly likely to fail simultaneously. Following their failure on Monday, the operator of the moving train was likely unaware there was a problem until it was too late to prevent the collision. Whether she failed to hit the ‘mushroom’ early enough due to poor visibility, distraction, or other causes—and, indeed, whether my hunches here are correct at all—will be revealed by the ongoing investigation.

Overall MetroRail Concerns

This incident brings to light a number of concerns about the operation and safety of the MetroRail system.

  • First, as mentioned earlier, 3/4ths of the derailments and collisions in the system have occurred in the most recent decade. This, combined with a plethora of anecdotal evidence from riders, would indicate that the system is deteriorating rapidly and is not being properly maintained.
  • Second, WMATA’s continued claims that it receives insufficient funding to properly maintain and improve its system has been, and remains, a non-starter argument.
    • WMATA charges significantly higher fares than any other mass transit system in the United States, and is the second busiest transit system in the country (surpassed only by the New York City subway system). They are quite sufficiently funded by their fare revenues and investments by local governments, but much of that money is not properly invested in infrastructure improvements. This has been the case for well over a decade.
    • To hear WMATA officials already using this incident to try and justify massive new federal spending toward MetroRail is down-right offensive and unjustified.
  • Third, it is inexcusable that NTSB recommendations from previous investigations have not been implemented.
    • The NTSB requested that WMATA install ‘black box’ data recorders on its older trains (they are already present in newer trains) to aid in incident investigations. WMATA did not comply with this request. The moving train in the Monday collision, made up of older ‘1000’ series cars, can provide no useful electronic status data to investigators for the time leading up to the crash.
    • Following the 2004 collision, the NTSB requested that WMATA improve the structure and survivability of its older cars, especially the ‘1000’ series, or retire them from service. In that incident, a train rolled backwards into a stationary train and the moving train’s ‘1000’ series car ‘telescoped’ structurally and vaulted on top of the stationary train. The passenger compartment of the rear-most car on the moving train (which was empty, thank God) was severely compromised and, had it been occupied, likely would have resulted in a number of fatalities. WMATA did not comply with the NTSB’s request, and the nine killed Monday in this collision were in the first car (also a ‘1000’ series) of the moving train which very similarly telescoped and vaulted on top of the stationary train.

These all point to a system not in need of additional funding, but a system in need of a fundamental management overhaul. This can’t be accomplished under the existing system, where politicians from each participating jurisdiction form a ‘board’. Like public schools, which invariably can’t solve their problems until they dissolve their school boards (see DC’s miraculously improving school system as a prime example), WMATA can’t (or won’t) change within its current structure.

The best thing that the federal government can do is not to write WMATA a check, but to disband it and establish a new, executive management structure that rewards good employee performance and punishes bad . . . and, most importantly, a system that diligently follows the recommendations of the NTSB. This would be the best chance we have to improve the safety and reliability of a deteriorating system which is clearly deficient.

Scott Bradford is a writer and technologist who has been putting his opinions online since 1995. He believes in three inviolable human rights: life, liberty, and property. He is a Catholic Christian who worships the trinitarian God described in the Nicene Creed. Scott is a husband, nerd, pet lover, and AMC/Jeep enthusiast with a B.S. degree in public administration from George Mason University.