The Australian Rail Safety Regulator has issued and urgent alert to all railway operators following BHP’s runaway train incident. The regulator has highlighted potential risks with electronic systems and the subsequent risks within these systems for rail operators.
Peter Doggett, Executive Director National Operations of the Office of the National Rail Safety Regulator (ONSR) issued the alert to highlight potential issues with Electronically Controlled Pneumatic (ECP) braking.
The ONSR said that the BHP train received a penalty brake application while operating in ECP braking mode as a result of a disconnected electrical connector between two wagons. The train came to a stand on a gradient.
The driver has alighted from the cab to carry out an inspection. After one hour, during the course of applying the handbrakes, the train rolled away down the gradient. The train was run through a crossover in an attempt to purposefully, and successfully, derail it.
Initial enquiries into the incident have revealed a potential safety issue with respect to the effectiveness of the Automatic Train Protection (ATP) systems when configured for ECP braking.
Trains traditionally operate with a mechanical pneumatic braking system and some rolling stock have been fitted with an electronic overlay braking system commonly known as ECP braking. ECP braking systems that comply with the American Association of Railroads standard AAR S-4200 have a software feature designed to preserve battery life on the ECP fitted wagons by releasing the electronic brakes on a train in circumstances where:
- An electronic brake is applied by the ECP system;
- There is no communications between the ECP system on board the lead locomotive and the end of train; and
- Sixty minutes has elapsed from the last communication. Where these conditions exist the ECP braking system will release creating the risk of a rollaway incident unless the air pressure within the braking system has been released to atmosphere. The ATP system may respond to the uncontrolled movement and attempt to apply the ECP braking system when the train is configured in ECP braking mode. If a failure occurs within the ECP braking system (for example due to a faulty connection) the ECP braking may not apply to the entire train consist. In these circumstances, the ATP system does not revert to the mechanical pneumatic system and the prevention of the movement of the train may be ineffective.
Th ONSR said that the following actions should be taken by rail transport operators utilising ECP braking systems:
- Conduct an assessment of the interaction between the ECP braking system and the mechanical pneumatic braking system following an unexpected (penalty) braking intervention on a train configured for ECP braking.
- Determine whether the ECP braking system is designed to the AAR S-4200 standard
- Determine whether the sixty minute release has been programmed within the ECP braking software
- Conduct a risk assessment on the use of ECP braking for the prevention of the event of a rollaway incident.
- Conduct a risk assessment on the effectiveness of the ATP system in the event of an ECP braking system failure.
The incident has highlighted potential failures of electronic systems to the not only the rail industry but also the mining industry. Many of our vehicle and other systems are now controlled by programmable electronics. When a fault in software systems occur, failure of these systems can may catastrophic circumstances if safety considerations (such as default to safe mode) are not maintained.
Last week BHP opened up about the causes of the runaway train incident. Read the full article here
Read more Mining Safety News