Return to Archive -by date - by topic - 2001 Archive.
After spending hundreds of millions making a simple back-up system fail safe, the driver won't know whether his kit is working – nothing changes
In the beginning the Train Protection & Warning System (TPWS) was meant to be a cheap and cheerful, not to mention cost effective – enhancement to the existing Automatic Warning System (AWS). Adding an antenna and a timer to the train's AWS and connecting transmitter loops on the track to signals, produced a simple over-speed and train stop facility.
Of course it wasn't full Automatic Train Protection, which provides continuous speed supervision, and it depended on the overlap after the signal, but at £33million to protect the highest-risk signals it was well worth doing.
Then the rats got in. TPWS came under continuous attack during the Ladbroke Grove accident inquiry, on the grounds that it was a cheap bodge, simply aimed at getting Railtrack off the ATP hook. Instead of fighting its corner on reasonable practicality, Railtrack chose the pre-emptive cringe.
One of the criticisms was that if the track equipment failed, the TPWS would not provide protection until the fault was rectified. True to their heritage, the signal engineers sought to protect their own interests and re-jigged the design so that the failure of the transmission system turned the signal in rear to danger.
So the simple back up is now a fully fledged fail safe back up. The cost has gone from £33milion to £450million, and climbing, and installation of TPWS is currently occupying around 40% of the United Kingdom 's signalling design resources.
No, that is not a misprint. Railtrack's Director Network Development Nick Pollard gave the figure of 40% at a meeting of the Railway Civil Engineers in April 11. And, to supplement domestic capacity, Railtrack is recruiting signal engineers from Australia , the United States , South Africa , Panama , Estonia and India . At the time of the presentation 1,426 people were employed on the infrastructure aspects of what Uff and Cullen call TPWS-A - the bog standard version.
Railtrack estimates that 11,500 signals out of its total of 26,000 will require TPWS-A based on the criteria in the Railway Safety Regulations (RSR). Approaching 50% of the signals considered eligible have been surveyed. Apart from the RSR criteria-check, each survey also examines the condition of the local signalling equipment cases and cable troughing.
Of course, the fail safe requirement means we are connecting to interlockings, not ‘signals'. That has meant developing generic designs for TPWS interfaces with relay interlockings, BR solid state interlockings (SSI) and mechanical interlockings controlling semaphore signals.
Those TPWS loops need power if they are to transmit. A key issue is provision of trackside power supplies in areas controlled by semaphore signals or Radio Electronic Token Block (RETB). On ScotRail, the nearest power supply can be 5-10miles away from the signal in RETB territory
TPWS-A Statistics
Railtrack 200+ site surveys a week 40% of signals surveyed 400-600 signals to be fitted a month at peak
Train operating companies Design completed for 20 traction types 30-40 cabs to be fitted /month
Freight operating companies 15-20 cabs to be fitted /month
|
Anyway, that's all money under the bridge, or was, until in the open forum after the presentations, my old chum John Cameron, Stagecoach's rail advisor and owner of one of Sir Nigel's coal fired HST power cars, raised the issue of fault indication on the train mounted TPWS-A equipment. And guess what? After the functional test on start up, there is nothing to alert the driver should the train mounted equipment fail in service.
Dealing with the traction and rolling stock side of TPWS that evening was my highly regarded Deltic maintaining chum Allan Baker, now Engineering Director of Angel Trains. He told John Cameron ‘After the Ladbroke Grove and Southall accidents it was agreed that the last thing wanted was to give the driver another bell and whistle'.
Lack of a status indication for TPWS-A is a another relic of the original concept of a cheap and cheerful back-up. As a secondary system, rather than a piece of vital safety equipment, it was considered important that TPWS would be ‘transparent' to the driver, unless triggered by over-speed a SPAD. Once it became safety critical, the track mounted signalling bit was upgraded but, as usual, the signal engineers forgot the driver.
According to signalling Informed Sources, there could be as many as 25 wrong side failures that would not be apparent to the driver, starting with the loss of the bogie mounted antennae which receives signals from the track loops.
So, we spend hundreds of millions to stop the driver being betrayed by a failed loop, while leaving the driver totally exposed to a failed on-board system.
Well, my signalling chums think not. One estimate is that the risk of TPWS not doing its thing when you need it to is better than 1 in 10 000.
You could have TPWS boxes that self test each time they pass an AWS magnets. This would detect some faults, but not some fundamental failures, such as a misaligned antenna.
On top of which, I am told, we don't have a frequency distribution for the various potential faults, so if you try to reduce one risk, it may be a very infrequent failure, or the remedy may mask something else. And, of course, there is Kemp's Law, that states; ‘any safety monitoring system destroys the reliability of the system being monitored'.
So an informed view from the signalbox is that drivers face a small fraction of a percentage chance that TPWS has failed and left them unprotected compared with the current situation - ATP equipped lines apart – that they are 100% unprotected.
Hmm, what did Mandy Rice Davies say? ‘They would say that, wouldn't they'? If the risk of track mounted TPWS equipment failure leaving a train unprotected is unacceptable, why is train equipment failure be morally any different? That should stock up next month's ‘Forum'
Mind you, when you find out what grown up people were suggesting as a remedy you do wonder. One serious proposal was that approaching a red, the driver should check a TPWS health monitoring device to ensure that the system was working. Yes, honestly. And a certain inquiry into train protection is alleged to have taken the idea on-board until a human factors expert was called in to point out that a) this would be a distraction and b) if the driver was aware of the red signal TPWS should be irrelevant.