The latest reports give the following details:
"Our initial findings show the train came to a stop after a braking system control cable became disconnected," he said.
View all a"The train began to move after the driver had disembarked to carry out an inspection, becoming what is termed a "rollaway" train.
Our initial findings show that the emergency air brake for the entire train was not engaged as required by the relevant operating procedure. In addition, the electric braking system that initially stopped the train, automatically released after one hour while the driver was still outside."
So, I take it that the braking system control cable becoming disconnected caused the train to come to a stop. So far, so good. I would think that ECP brakes would know that their stop command had been generated by a disconnected cable. So why would the brakes ever release on their own after such an event? Indeed, why would they release on their own under any circumstance after having been set up by any cause?
What does the fact that the emergency brake had not been engaged after the disconnected control cable stopped the train have to do with anything?
Reading between the lines, it seems to me that the failure to engage the emergency brake after the train was stopped is the reason why the brakes released on their own when such a release was not desired by the operator. If that is the reason, what on earth would be the purpose for that kind of functionality?
Is it possible that they are describing a situation in which the brakes released when the driver reconnected the disconnected control cable? --and then since no emergency air brake for the entire train was engaged, the system defaulted back to released brakes the moment the control cable was reconnected? If that is what happened, I cannot imagine the need for that functionality either.
When they say, “the emergency air brake for the entire train was not engaged,” are they referring to the air brake application type named, “Emergency,” or are they referring to a power activated parking brake that can be applied and released completely independent of the ECP brakes?
They are blaming this on operator error because the engineer did not follow proper procedures. Really? The train was stopped and everything was fine. Why would operator procedures have been needed to prevent that situation from suddenly spinning out of control?
https://www.afr.com/business/mining/iron-ore/bhp-investigation-into-train-wreck-points-finger-at-driver-equipment-failure-20181116-h17zrc
Euclid They are blaming this on operator error because the engineer did not follow proper procedures. Really? The train was stopped and everything was fine. Why would operator procedures have been needed to prevent that situation from suddenly spinning out of control? https://www.afr.com/business/mining/iron-ore/bhp-investigation-into-train-wreck-points-finger-at-driver-equipment-failure-20181116-h17zrc
Reference the Lac Megantic accident of 2013... train was stopped and everything was fine.. until it wasn't.
Ulrich Euclid They are blaming this on operator error because the engineer did not follow proper procedures. Really? The train was stopped and everything was fine. Why would operator procedures have been needed to prevent that situation from suddenly spinning out of control? https://www.afr.com/business/mining/iron-ore/bhp-investigation-into-train-wreck-points-finger-at-driver-equipment-failure-20181116-h17zrc Reference the Lac Megantic accident of 2013... train was stopped and everything was fine.. until it wasn't.
Don't get him started on that one. Under his old screen name, he beat that accident for ever.
An "expensive model collector"
I don't believe the circumstances of the BHP runaway have much in common with the Lac Megantic runaway. For one thing the BHP train had ECP brakes with much more sophisticated control features than conventional air brakes on the Lac Megantic train. The report on BHP makes no mention of the need for the engineer to have tied down hand brakes during the course of looking for the problem. The air brakes were fully applied and the engines were running and pumping air to make sure the brakes stayed applied.
In any case, the BHP train did not run away because brakes leaked off. It ran because the brakes released. This requires switching an electrical circuit into the release position. I would like to know why the brakes released and what effect was had due to the "emergency brake" not being applied to the entire train as BHP says.
Perhaps the explanation is that the emergency brake being applied would have prevented the train from running away had the service braking released. But with ECP brakes, I cannot imagine why the brakes would have released on their own.
Euclid Ulrich Euclid They are blaming this on operator error because the engineer did not follow proper procedures. Really? The train was stopped and everything was fine. Why would operator procedures have been needed to prevent that situation from suddenly spinning out of control? https://www.afr.com/business/mining/iron-ore/bhp-investigation-into-train-wreck-points-finger-at-driver-equipment-failure-20181116-h17zrc Ulrich said [in part]"...Reference the Lac Megantic accident of 2013... train was stopped and everything was fine.. until it wasn't..." Euclid said "...I don't believe the circumstances of the BHP runaway have much in common with the Lac Megantic runaway. For one thing the BHP train had ECP brakes with much more sophisticated control features than conventional air brakes on the Lac Megantic train. The report on BHP makes no mention of the need for the engineer to have tied down hand brakes during the course of looking for the problem. The air brakes were fully applied and the engines were running and pumping air to make sure the brakes stayed applied. In any case, the BHP train did not run away because brakes leaked off. It ran because the brakes released. This requires switching an electrical circuit into the release position. I would like to know why the brakes released and what effect was had due to the "emergency brake" not being applied to the entire train as BHP says. .." Perhaps the explanation is that the emergency brake being applied would have prevented the train from running away had the service braking released. But with ECP brakes, I cannot imagine why the brakes would have released on their own..."
Ulrich Euclid They are blaming this on operator error because the engineer did not follow proper procedures. Really? The train was stopped and everything was fine. Why would operator procedures have been needed to prevent that situation from suddenly spinning out of control? https://www.afr.com/business/mining/iron-ore/bhp-investigation-into-train-wreck-points-finger-at-driver-equipment-failure-20181116-h17zrc Ulrich said [in part]"...Reference the Lac Megantic accident of 2013... train was stopped and everything was fine.. until it wasn't..."
Ulrich said [in part]"...Reference the Lac Megantic accident of 2013... train was stopped and everything was fine.. until it wasn't..."
Euclid said "...I don't believe the circumstances of the BHP runaway have much in common with the Lac Megantic runaway. For one thing the BHP train had ECP brakes with much more sophisticated control features than conventional air brakes on the Lac Megantic train. The report on BHP makes no mention of the need for the engineer to have tied down hand brakes during the course of looking for the problem. The air brakes were fully applied and the engines were running and pumping air to make sure the brakes stayed applied.
In any case, the BHP train did not run away because brakes leaked off. It ran because the brakes released. This requires switching an electrical circuit into the release position. I would like to know why the brakes released and what effect was had due to the "emergency brake" not being applied to the entire train as BHP says. .."
Perhaps the explanation is that the emergency brake being applied would have prevented the train from running away had the service braking released. But with ECP brakes, I cannot imagine why the brakes would have released on their own..."
A point in this discussion might be made that the LacMegantic wreck in'13, and the BPH incident ,while similar (train wrecked); the similarity between this is a case of 'apples and oranges' IMHO.
The La Megantic train was stopped and set-up for re-crew at a future point. The problem that caused it to 'run away'; seemed to be at first mechanical (engine issues), followed by a fire on the engine(s(?). Said fire was responded to by the local Fire Dept ( who apparently shut down engine, and stopped the air from being supplied to the train(?). The train set had a conventional air brake system.
The BPH train was apparently state of the art ECP, and attendant computers to make train control and braking functional(?).
It seems that the 'Driver' (Engineer?) complied with a rational and regular response [ie: the ECP connection broke, and he was stopped by the train's computerized control system) So he got off to find the problem, and either fix it or call for "assistance?'. While he was off the train, "Something" caused the brakes to release and it started as a rollaway.
Admittedly, something happened to cause the rollaway....As Ulrich stated, [paraphrased] "...Everything was alright..Until it wasn't..."
I cannot speak to the Australian Regs, or their Rules at BPH, but when a computer does anything odd or completly out of the norm... It is always said that the problem was a 'glitch', the human failure was always chalked up to 'grimlins'. Information Service folks always seem to have a cause, or name for every screw-up!
Seems the poor Australian BPH Train Driver may be the victim of one of those system glitches laying there inwait to be discovered in the right set of circumstance to cause trouble ?
Don't know about BHP rules.
On my former carrier - Train stops for unknown reasons in mountain territory (normally a UDE) the proper number of hand brakes must be set as the operator (Conductor) begins his inspection from the head end back through the train; even if he finds the problem BEFORE the proper number of hand brakes have been applied, the proper number must be applied before fixing the problem. Engineer will not recharge the brake line until it is known the proper number of hand brakes have been applied. Of course this procedure is done without ECP.
Have a charged up trainline without a proper number of hand brakes applied and you have a runaway.
Never too old to have a happy childhood!
It seems with one man operation, what is to prevent the train from rolling away before a sufficent number of hand brakes are set, or while they are being released?
From what Euc put in the original post - the opertor did not set the braking system in the emergency position. Not being familar with the braking system employed I would guess that it would apply an emergency application to the entire train once the continuity of the train was reestablished.
Personally - I have big problems with any braking system that would release brakes based on a time clock as indicated in Euc's original post.
EuclidSo why would the brakes ever release on their own after such an event? Indeed, why would they release on their own under any circumstance after having been set up by any cause?
That's easy.
I don't know about the BHP's ECP system so this is supposition based on experience.
If you set out cars in a yard, there has to be some way to release the brakes so you can switch them. With a conventional brake system a person walks the length of the cut and manually releases each car's brakes. Evidently with this system, the system automatically releases the brakes when the cars are "set out" and the engine is disconnected from the cars. When you disconnect the engine from the cars, the train "bleeds" the air after an hour, eliminating the need to walk the cut.
Not saying that is a good idea or that one hour is a good time, but I can certainly see why they would set it up that way.
It may be that if the operator manually puts the train in "emergency", it over rides that timeout feature. By not putting the train in emergency, it didn't over ride, the train thought the cars were just "set out" and allowed the brakes to automatically bleed off.
Dave H. Painted side goes up. My website : wnbranch.com
The BHP statement raises several questions. Maybe somebody here can explain the how service and emergency applications work with ECP brakes. I would assume the following:
Each car has two reservoirs, one for service application and another for emergency applications.
Each reservoir is charged to the same pressure.
Braking force generated from an emergency application is the same amount as braking force generated from a full service application.
Bear in mind that ECP brakes are not encumbered by the need for the brake pipe to make pressure fluctuations for the purpose of signalling the control valves on each car to set or release brakes. With ECP, the control valves are electrically powered and electronically controlled through a separate electric cable dedicated to brake control. So the brake pipe is dedicated solely to providing air to the car reservoirs on a full-time basis.
So a train stopped on a grade with ECP can gradually release the brakes until the train begins to move, and then begin to reapply braking to hold the speed down once movement has begun. This so-called graduated release is one of the most valuable features of ECP brakes. With conventional air brakes, a train standing on a grade cannot just partly release the brakes just enough to begin moving. Instead, the train must fully release its brakes, even though only partial release is necessary to begin moving.
In the case of this BHP train, I assume the following:
The inadvertent disconnection of the electric control cable caused a service application to stop the train.
The ECP system told the engineer where the cable fault was located.
According to the rules, before the engineer got off to go inspect the fault, he should have made an emergency application of air brakes.
If the engineer had done that, both reservoirs on each car would have connected to the brake cylinder.
Also, if the engineer had made an emergency application, ECP controls would have blocked the ability for the system to release the brakes until the emergency reservoirs were recharged.
However, if the engineer failed to make the emergency application, I would not expect the system to automatically release the service application that was holding the train. Such a release would normally be possible if done intentionally by the engineer, so the system does allow it. In this case, it is not clear as to whether the release was made automatically by the system after a predetermined time; or whether it was made by a system failure. Could it have been made simply by reconnecting the control cable?
But, in any case, why would that even be possible? The open fault of the control cable is an anomaly. I assume that the system would recognize that fact and stop the train with a full service application. At that point, I would assume that the system would shift to a special protocol in which the brakes could not be released as is normally possible until a special reset is made. With that system, if a train is automatically stopped by a control cable fault, there is no possible way of the brakes releasing when a release is unintended.
In this case, it seems that this same locking of the release is obtained by making an emergency application once the system’s recognition of the cable fault triggers the service application. But, if that one step of making the emergency application on the already stopped train is overlooked, there is nothing standing in the way of total disaster. That seems like a defective design. Why is the system not capable of safety locking the brakes automatically after automatically stopping the train due to the recognition of the sudden cable fault?
BaltACD Not being familar with the braking system employed I would guess that it would apply an emergency application to the entire train once the continuity of the train was reestablished.
I suspect that it may depend on how that command is sent to the train.
If it is some sort of continuous/repeating command, I would agree - when the connection is re-established the rest of the train will get and execute the command.
On the other hand, if it's a one-time command, or something of the sort, then the rest of the train will never get the command so it will never comply.
Larry Resident Microferroequinologist (at least at my house) Everyone goes home; Safety begins with you My Opinion. Standard Disclaimers Apply. No Expiration Date Come ride the rails with me! There's one thing about humility - the moment you think you've got it, you've lost it...
I would think that ECP brakes would know that their stop command had been generated by a disconnected cable. So why would the brakes ever release on their own after such an event?
There were two failures involved in the runaway:
A standard feature of the system is that a 120% ECP brake application occurs if the ECP data line separates, on all vehicles both sides of the separation. This is an ECP equivalent of an emergency application.
However, this has obviously been a rare event, and no standard procedures were developed for it. It appears that neither the driver nor the train controller were aware of the automatic release feature. apparently a conventional brake application should have been made by reducing the train pipe pressure which would have overridden the ECP application and avoided the automatic release after one hour.
I'm told that if the train pipe breaks on an ECP train, as well as a conventional emergency brake application, a 120% ECP application is made at the same time. It may have been thought that an ECP failure triggered an emergency air brake application. However this isn't the case, and the gauges in the locomotive would have indicated that.
Of course, the ECP application would have been adequate had the delay not exceeded one hour. I don't know how many handbrakes are needed to be applied to hold a 40 000 ton train on a 1.5% grade but I'd expect it would be more than ten of the 268 cars.
But quite apart from the failure to make a conventional brake application, a major problem was found with the Automatic Train Protection system. This should have applied the train brakes when it passed the next signal control point, Garden South one kilometre from where the train stopped from the ECP line failure. Clearly it didn't work. Apparently the system didn't work with the train in the configuration that it ran away. Exactly what failed hasn't been publically indicated, but some form of software error occured and the ATP system didn't stop the train.
That failure was in no way attributable to the train driver.
Peter
M636C But quite apart from the failure to make a conventional brake application, a major problem was found with the Automatic Train Protection system. This should have applied the train brakes when it passed the next signal control point, Garden South one kilometre from where the train stopped from the ECP line failure. Clearly it didn't work. Apparently the system didn't work with the train in the configuration that it ran away. Exactly what failed hasn't been publically indicated, but some form of software error occured and the ATP system didn't stop the train. That failure was in no way attributable to the train driver. Peter
In the mountain areas I am familiar with where the grades approach 2% the rules require 50% hand brakes to be applied before attempting to recharge the train line from a emergency brake appliciation.
The politics of a runaway demand that the train operator be the one held guilty by the operating company - company's can't admit that their procedures were in any way part of or the entire cause of such incidents. It presents a 'bad optic' for the company. Time will tell.
M636C A standard feature of the system is that a 120% ECP brake application occurs if the ECP data line separates, on all vehicles both sides of the separation. This is an ECP equivalent of an emergency application. However, this has obviously been a rare event, and no standard procedures were developed for it. It appears that neither the driver nor the train controller were aware of the automatic release feature. apparently a conventional brake application should have been made by reducing the train pipe pressure which would have overridden the ECP application and avoided the automatic release after one hour. Of course, the ECP application would have been adequate had the delay not exceeded one hour. Peter
Of course, the ECP application would have been adequate had the delay not exceeded one hour.
Peter,
Thanks for that information. I had been wondering what happens in an ECP brake system when a control cable and/or a brake pipe separates or fails. I understand your point about the two apparently unrelated failures occurring during this runaway event.
At this point, I would be most interested in the answers to this family of questions:
With the type of brake application that stopped the train; why is it designed to automatically release in one hour? What could possibly be the point or benefit of that? Why not just let the engineer intentionally release the brakes when he is ready? If the train is ready to move before an hour has passed, why make it wait an hour? If the train is not ready to move safely within an hour, why force it to start moving regardless?
With the type of brake application that stopped the train; why is it designed to automatically release in one hour? What could possibly be the point or benefit of that?
I'm told that that is a standard feature.
All of this ECP equipment meets AAR recommended practices so I assume that this time limit was something developed in an AAR committee.
However, with the cable disconnected, the cars not connected to the lead locomotive are operating on rechargeable batteries. Remember that these cars do not have air actuated brake control valves, only the ECP valves. These have an "Emulation mode" which allows them to operate like a triple valve when disconnected from the ECP data line. The time limit is presumably intended to allow release of the 120% application while the batteries still have power. This would allow movement of the cars by a locomotive without ECP braking. It is less clear why the brakes on the section of train still connected to the locomotive and still under power also released, except that the system was set up to do so.
It is clear that those people who designed the system (and the "one hour release") were not considering trains with a single operator running in remote areas with steep grades and with more than 200 cars. Clearly in the dark, it could take quite some time to locate and reconnect the disconnected cable, even if the system indicated which car was at fault.
The problem arose because the crew and control appeared to be unaware of this feature of automatic release after one hour. Had a reduction in the main train pipe been made, since only the ECP cable had separated, not the air pipe, a conventional brake application could have been applied to all vehicles.
I imagine all four large Pilbara operators, and the operators in Queensland and the NSW Hunter Valley already have new instruction pages printed in red ink explaining in single syllable words what to do if an ECP cable parts. The good news is that nobody was injured and the track was restored in a week with a nominal loss of production around $50 Million, and a similar amount for the train, I guess.
It will be interesting to hear what the problem with ATP was.....
M636CI'm told that that is a standard feature. All of this ECP equipment meets AAR recommended practices so I assume that this time limit was something developed in an AAR committee. However, with the cable disconnected, the cars not connected to the lead locomotive are operating on rechargeable batteries. Remember that these cars do not have air actuated brake control valves, only the ECP valves. These have an "Emulation mode" which allows them to operate like a triple valve when disconnected from the ECP data line. The time limit is presumably intended to allow release of the 120% application while the batteries still have power. This would allow movement of the cars by a locomotive without ECP braking. It is less clear why the brakes on the section of train still connected to the locomotive and still under power also released, except that the system was set up to do so.
I can sort of see the reasoning, but the potential for dire consequences seems to outweigh any practical benefit.
As opposed to automatically forcing a full release after one hour because the battery power may fade if the release were delayed more than an hour; it seems like it would be much preferable to require the train to shift over to conventional pneumatic air brakes controlled through the brake pipe.
And if someone forgets to do that; the consequences are that the train might be delayed if it runs out of battery power after one hour has passed, and is thus not be able to release its 120% application until the control cable is restored.
I would think that whatever inconvenience or delay arose from not being able to release the ECP application would be dwarfed by the disaster of a runaway train. In a case like this, there is a good chance that the engineer might have reboarded the moving locomotives with the intent of trying to apply braking, and then rode it out because the train was moving too fast to jump off.
From the 1 hour brake release to avoid the battery going dead - isn't the ECP cable able to recharge the battery when reconnected to a ECP equipped locomotive?
If a non-ECP engine arrives to move a cut of ECP cars with brakes applied and batteries dead - isn't their some way, like the bleed rod or a electrical switch that will disengage the ECP portion of the braking system.
In the day of Litium Batteries - batteries becoming discharged shortly after one hour constitutes, to my mind' a engineering design failure.
Applied brakes should NEVER release unless a human individual via any of a number of means orders the brakes released. Automatic release is a engineering failure and the runaway fall squarely on the shoulders of the company.
BaltACD From the 1 hour brake release to avoid the battery going dead - isn't the ECP cable able to recharge the battery when reconnected to a ECP equipped locomotive? If a non-ECP engine arrives to move a cut of ECP cars with brakes applied and batteries dead - isn't their some way, like the bleed rod or a electrical switch that will disengage the ECP portion of the braking system. In the day of Litium Batteries - batteries becoming discharged shortly after one hour constitutes, to my mind' a engineering design failure. Applied brakes should NEVER release unless a human individual via any of a number of means orders the brakes released. Automatic release is a engineering failure and the runaway fall squarely on the shoulders of the company.
There is no air actuated control valve to "change back to". The only brake control valves are the ECP valves and when not connected to the ECP cable, these rely on battery power to operate. They can operate as air actuated valves in what is called "emulation mode" but this relies on battery power being available.
M636C....But on the books, it saves money, because the pay for controllers is less in a big city. Unless you add the cost of a week's lost production and 240 cars and four locomotives...
M636CAs opposed to automatically forcing a full release after one hour because the battery power may fade if the release were delayed more than an hour; it seems like it would be much preferable to require the train to shift over to conventional pneumatic air brakes controlled through the brake pipe. There is no air actuated control valve to "change back to". The only brake control valves are the ECP valves and when not connected to the ECP cable, these rely on battery power to operate. They can operate as air actuated valves in what is called "emulation mode" but this relies on battery power being available. Peter
Obviously in the design of this system, whomever designed it, FAIL SAFE was not a design criteria.
M636C As opposed to automatically forcing a full release after one hour because the battery power may fade if the release were delayed more than an hour; it seems like it would be much preferable to require the train to shift over to conventional pneumatic air brakes controlled through the brake pipe. There is no air actuated control valve to "change back to". The only brake control valves are the ECP valves and when not connected to the ECP cable, these rely on battery power to operate. They can operate as air actuated valves in what is called "emulation mode" but this relies on battery power being available. Peter
Well then what did you mean when you said this?:
"Had a reduction in the main train pipe been made, since only the ECP cable had separated, not the air pipe, a conventional brake application could have been applied to all vehicles."
That is the information that I was referring when I said, "it would be much preferable to require the train to shift over to conventional pneumatic air brakes controlled through the brake pipe," as you quoted me above.
Check AAR Specification S-4200:
Paragraph 4.3.17, "CCD or EOT in Shutdown mode."
"If the brake pipe is charged and a pneumatic application is not in force, the ECP application wil be released.... ...after 1 hour."
"The intent of this logic is to allow thetrain to operate as long as possible after loss of train line power and to conserve batteries..."
If the brake application is made within the first hour after the loss of power, the brakes will apply in the normal manner. After the shutdown brakes cannot be applied. This might be why the the ATP system was unable to stop the train when it ran away.
The clear intention of this clause is that if air braking is required, it should be applied as soon as possible after the loss of the ECP power.
It isn't clear to me that the release need occur on those vehicles still connected to the locomotive with an active HEU and still receiving ECP power, except that the system assumes the loss of the EOT indication to be a failure.
Elsewhere it is indicated that the batteries are expected to maintain power on the system for four hours.
It appears that it was thought that the ECP line would only separate if the train parted, clearly a more serious situation than just the ECP plugs separating. If the train parts, the air line separates and full emergency braking occurs both pneumatic and ECP. If the ECP line separates alone, only an ECP Emergency application (120%) occurs.
I assume the AAR Committee did not want an automatic pneumatic application of brakes with an ECP line break only, leaving this decision to the train operator.
I suspect the AAR Committee didn't envisage a 40 000 tonne train under way with the ECP system shut down to conserve the batteries, either.
There may be some rethinking of the AAR Recommended Practices fairly soon.
M636C Check AAR Specification S-4200: Paragraph 4.3.17, "CCD or EOT in Shutdown mode." "If the brake pipe is charged and a pneumatic application is not in force, the ECP application wil be released.... ...after 1 hour." "The intent of this logic is to allow thetrain to operate as long as possible after loss of train line power and to conserve batteries..." If the brake application is made within the first hour after the loss of power, the brakes will apply in the normal manner. After the shutdown brakes cannot be applied. Peter
If the brake application is made within the first hour after the loss of power, the brakes will apply in the normal manner. After the shutdown brakes cannot be applied.
Thanks for posting that specification. I will take a look at the whole thing.
But in just reading what you wrote, what is the "shutdown" they refer to? They say, "After the shutdown, brakes cannot be applied."
But the brakes are already applied due to the fault in the control cable. That braking stopped the train and held it on the grade. I fail to see the point of having that brake application automatically release in order to avoid it becoming non-releasable if the batteries lose their charge. So you lose battery power and you therefore cannot release the ECP brakes when you later want to. Why would you want to release the brakes without the control cable operational?
Fix the control cable, and then release the brakes when you are ready.
This set of procedures seems pretty squirrely in its reasoning although maybe there is a brilliant point to it. It also seems incredibly squirrely to have all of this complicated system response and resulting disaster under investigation, and while that is all unresolved, announce that it was partly the engineer's fault. What kind of a company does that?
This incident brings up the question. Does the US system as proposed work the same way and what instructions are there if a ECP cable separates. We believe that it has been stated that the US system retains the triple valve ?
Not having ANY brake release when that release was not requested by the Operator is a accident waiting to thappen - in this case the wait was one hour.
They say, "After the shutdown, brakes cannot be applied."
Those were my words, not part of the standard.
I may be wrong. I invite readers here to check for themselves.
The easiest place to get the text of S-4200 is:
http://www.spoornet.co.za/Website/tender_pdf/AAR%20Spec%20S-4200.pdf
(South African Railways..)
M636C http://www.spoornet.co.za/Website/tender_pdf/AAR%20Spec%20S-4200.pdf
ACTIVATED
blue streak 1 This incident brings up the question. Does the US system as proposed work the same way and what instructions are there if a ECP cable separates. We believe that it has been stated that the US system retains the triple valve ?
These are the AAR Standards and would apply to any ECP system.
Retaining the air actuated valves makes the system more complex and may result in unintended operation of the pneumatic valves from pressure fluctuations from ECP operation...
I assume the operation and the timing would be the same whether air actuated valves or ECP valves in emulation mode were involved.
In reading through the AAR instructions, I am looking for something like “System-Generated Total Brake Release.” So far, I have not found anything like that.
The general area that might apply to circumstances of this runaway are in the section named: “System Fault-Generated Brake Applications.”
In that section is 4.4.7.5 which covers low train line voltage conditions. One of those conditions is “Train line power is off.” It would seem to indicate that the disconnected power/control cable on the BHP train (referred to as “train line”) caused a system-generated full service brake application, and that stopped the train.
Apparently, that full service application was system-scheduled to undergo a system-generated full release in one hour.
However, according to the news report, BHP said that this system-generated scheduled release could have been canceled if the engineer had made an emergency application of brakes prior to the end of the one-hour time frame leading up to the occurrence of the system-generated scheduled release of the full service application (that had been made as a system-generated response to the train line being without power).
I don’t find anything in the AAR instructions that mentions this system-generated scheduled release of the previously system-generated full service application of brakes.
In any case, it is said by BHP that the engineer could have canceled the system-generated scheduled release of the brakes if he had made an emergency application of the brakes prior to the scheduled release of brakes in one hour.
So, the question I have is, why can’t the system be designed to have it make the engineer’s emergency application for the purpose of cancelling the system-generated scheduled release of the brakes? That would prevent the engineer from forgetting or being unaware of the need to make the emergency application in order to cancel the scheduled release.
Or better yet, why not get rid of the scheduled release protocol and just repair the broken train line cable in as much time as needed?
Our community is FREE to join. To participate you must either login or register for an account.