This discussion is locked.
You cannot post a reply to this discussion. If you have a question start a new discussion

Red For Danger - Engineering Railway Safety - Chippenham 3 February 2016: Summary & Comments

Cliff Perry began by describing his background as a third-generation railwayman and the various roles that he had played, starting with the nationalised British Railways through to privately-owned train operating companies and finally as a safety consultant.

 
He set out the current position of the railways in the UK as being among the safest in Europe, by whatever measure was chosen. It is now nearly nine years since a passenger was killed in a railway accident. Mr. Perry asserted that this was not a matter of good luck but down to changes that had taken place over recent years.

 
Some politicians and critics argue that Britain's railways would be better and safer under unified state control, 'safety before profits', but our speaker was of the opinion that fragmentation and the need for return on capital by necessity produced a safe railway. 'Small is Beautiful' and 'A Reliable Railway Is A Safe Railway' were good working mantras, he had found.

 
The changes that had taken place could be categorised under Plant, People and Process.
Plant included 'things' like trains, tracks and signals. Improvements had been made to trains such as adding crumple zones, stiffening structures, fitting laminated glass and improving drawgear to keep trains upright following any derailment. Over the last 15 years TPWS (Train Protection & Warning System) had been rolled-out across the fleet and network and had demonstrably reduced SPADs (Signals Passed At Danger). Trackside monitoring of wheels enabled early detection of problems. It was shown that 'flat-wheels' were a seasonal problem, peaking during periods of low adhesion, (falling leaves in Autumn), but that since the introduction of these systems the underlying trend was downwards. Even relatively simple things like the use of LEDs for signalling improved reliability and timekeeping.

 
People working on the railway are now better trained with railway 'academies' and certification schemes. Managers are expected to show leadership and engender a culture of safe working. A simple example was given of a rail gang now being aware of where exit points from the railway were and the location of the nearest hospital before starting work. Our speaker had been sceptical of the benefits of concerns over occupational health but he was now convinced that it was part of the safety culture. For instance it fed through to ensuring that stations were safe places for passengers too.

 
The Processes use to operate the railway have changed too. In part this has been driven by legislation at national and EU level and partly by the disaggregating of the railway. Independent regulators and inspection organisations and the need for robust contractual arrangements create an environment of co-operation by necessity, something that had been lacking in the past.

 
It was expected that in the future the 'digital revolution' would continue as it gets easier and cheaper to monitor and analyse real-time operational data. The management of competencies and interfaces could also be expected to improve.

 
Will our railways continue to be safe? Obviously we could not be complacent. Looking to the future there were risks from the growth in traffic and concerns over the resilience of the network as a result of possible climate change. The man-machine interface had to be 'user-friendly' as more and more technology was deployed.

 
This was a wide-ranging talk covering not just the technology employed in the modern railway but the people systems too. It was clear that improvements in all these systems had had a cumulative effect in improving railway safety. This, of course, has been the way of the railways from the beginning, painful lessons, (eventually!), being learned and improvements made.
Are we at the irreducible minimum, all the 'big wins' having been made? Fortunately the 'digital revolution' continues to make the impossible possible at seemingly ever reducing prices. Historically our railway signalling systems were introduced because a train between stations was out of sight and could be out of mind yet now its progress and every part of it could be continuously monitored if we so chose.
Hopefully the safety that has been actively engineered into our railways will continue to produce good results but the real lesson from history is the event that "we never thought that would happen" sometimes does.       

  • Just before this talk I was thinking about the ‘Challenger’ disaster when I came across an article on the BBC’s website “Challenger And The Misunderstanding Of Risk” by mathematician Dr John Moriarty. A quick perusal made me think that he didn’t understand risk either!



    Fundamentally there are two sorts of randomness; a twelve-spoke locomotive wheel will, unless there are special instructions, stop randomly leaving the ‘crank spoke’ at the top one-in-twelve times on average. This is a deterministic risk, like throwing dice or coin tossing. What are the chances of an individual locomotive axle breaking? Who knows? Has it been manufactured properly, inspected, maintained or abused? Its twin might have experienced ‘exactly’ the same regime yet it broke and the one we are looking at didn’t. These random events are non-deterministic, the ‘act of God’. I contend that the statisticians make us too confident about understanding risks of this type.



    Yes they can give us numbers to work on; they give us a ‘certainty’ that we all crave but it is, in the end, false. One of the first commercial uses of probability theory was in assessing telephone traffic and how many switches are needed – somewhere between one and one for every pair of subscribers. It was a method that worked - mostly, but then the failures here were just ‘lost calls’ – a busy tone.



    Something that made my ears prick up in Cliff Perry’s talk was his description of the ‘Swiss Cheese’ model. Clearly it is a good visualisation of the elements of the classic railway disaster; the train running late, the relief signalman, bad weather, worn-out equipment etc. Line the ‘holes’ up and bang! So far so good.



    But then he went on to say ‘we must keep the cheeses spinning’, what! Russian Roulette Railways? That is like saying one-in-a-thousand wagons have couplings out of specification, let’s put them into traffic, there is only one-in-a-million [*] chance of a pair of them getting together and derailing. The proper place for these wagons is in the workshop, indeed having found a defective wagon but leaving it in traffic sets us up for a one-in-a-thousand event. The non-deterministic risk starts to become deterministic.



    However Cliff might have a point about organisations. Keep the wheels spinning and we reassess what we are doing and break bad habits. Or maybe we should leave things alone and habituate good practice?



    What we need is the certainty possessed by £1M per annum lawyers and journalists post event!


    [*] As I was typing this David Gower said these very words on Radio 3.
  • We can only run on statistics (and luck!) Cliff mentioned the Eshcede accident (101 deaths) caused by a broken wheel. We had the same cause on a GNER on the East Coast Main Line and it stayed upright and no injuries. He also mentioned Tangmere - about 60 seconds from a major accident! 

    I gave a presentation on Qualitative Riask Assessment for the IET in Birmingham last year (it's on IET.tv) if you want to see the fun us safety engineers can have with numbers!

    Cheers

    Peter
  • The numbers are a tool that help guide decisions as to where we put our money but there are some people that really believe that they give some sort of certainty, (if it was that certain we could predict the failure [not just the failure rate]).


    We can engineer out some of the bad consequences, as your examples show, but would it have been more cost effective to have prevented the derailments? The answer here is 'no' but these sorts of questions arise everywhere.


    My 'Challenger' thoughts were related to things that we don't do a lot of but that have risks. Do the numbers even make sense then? I spent some time being required to give assurance that a missile system would only experience a 'one in a hundred thousand event'. Where had this number come from? It turned out that was a figure computed for the lifting crane so all of risk budget had been used up before I started. So far luck has been with us!


    I will watch your talk later.


    Regards,


    Jim
  • Thank you, James, for the report on Engineering Communities of this lecture - an excellent way to encourage a debate, building on what the speaker said. Far too often, such lectures are only of temporary benefit, and only for those who managed to attend, whereas, like this one, it is a catalyst for some serious consideration.

    I wish that I had been able to make it to this talk, but I was on a train passing through Chippenham at the time.

    As a PRI, I always find it interesting to hear what candidates say about risk management. And, as a programme assurance "red team" leader, enquiring of project stakeholders what risk management means to them produces widely varying answers. Where there is a Risk Management Strategy and Plan (not always the case), there is often an assumption that it is someone else's job to run the risk register; for others, fortunately, they do understand that managing risk is everyone's responsibility and the topic is given priority on the agenda of management team meetings. If only the benefits of using risk management techniques to inform strategic and operational decision-making were better understood, we would all be safer.

    However, confusion often exists between risk and consequence. In some instances, if the consequence of a risk maturing is deemed unacceptable, the activity that might result in that event is precluded altogether, rather than undertaking proper analysis of what risks might lead to the event and assessing how mitigating each of them could preclude the event happening. In addition, assessing what makes the consequence of such an event "unacceptable" to see how that consequence could be reduced should be included in the overall assessment of how to manage both the risk and the potential consequence.

    Common sense? Or is there a role for the IET to raise understanding of the principles that all engineers should bring to their work?




    Barry Brooks CEng FIET FCGI
    Past-President, IET (President 2013-14)
    bpsbrooks@theiet.org
    Twitter: @barrybrooks01

    ________________________________

    The Institution of Engineering and Technology is registered as a Charity in England and Wales (No. 211014) and Scotland (No. SC038698). The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The views expressed in this message are personal and not necessarily those of the IET unless explicitly stated.
  • Barry,

    One interesting area is the actual consequence that results from the risk.  Cliff gave one example and in my presentation at Birmingham I gave a few more.  These were all railway based, but I am sure it is common across many industries and that is the manifestation of the same hazard may result is quite significantly different consequences dependant on the circumstances at the time.  For example Potters Bar and Greyrigg were all a hazard of a point defect leading to a consequence of derailment at speed. The number of fatalities varied dramatically between the two.

    This is the problem with risk assessment, the fine line of optimism and pessimism, both of which can significantly affect the judgement f what needs to be done to address the hazard.


  • Thank you Barry. Unless there is a lively Q & A session at the event I always wonder what listeners have taken away from a talk.

    Peter makes the important point about different consequences arising from the same action, sometimes this can be legal as well, hence my comment about the 'certainty' of the legal profession post-event.

    The Potters Bar and Grayrigg incidents I find particulary worrying. In a sense there was nothing new to learn - trackwork needs to stay in gauge and it needs maintaining. The knowledge, tools, training etc. were all in place yet the jobs were botched. How do we ensure that type of event doesn't happen again? Perhaps the solutions are indirect. Cliff talked about the 'Swiss Cheese' model, so introduce another 'cheese' but beware of 'common mode' failures. For example the natural response to these maintenance failures might be to introduce further checks such as 'signing off' the job. But if the work team is keen to leave the site so might the supervisor/checker. A better 'cheese' could be the 'cheap' digital ride monitors on each train - absolute measurements aren't important but anomalies are. In other words not more of the same but something different.