Page 1 of 2
| GSM-R and fail safe 19/06/2018 at 23:15 #109774 | |
trolleybus
142 posts |
The safety digest just issued by the RAIB on an operational incident at Bethnal Green (https://www.gov.uk/government/publications/safety-digest-042018-bethnal-green) has led to a discussion elsewhere. In short, what happened is a down train at Bethnal Green passed a signal at danger by a small amount (2m). After some time the driver was told by a train service controller to continue to Hackney Downs. The driver set off without contacting the signaller, who saw that the train was moving and issued a GSM-R STOP. The train concerned stopped just short of a busy junction, but a train travelling in the other direction failed to receive the stop command and passed over a junction just in front of the train who caused all of this in the first place. The discussion is about the safety of relying on radio-based communications in general, and whether a train should be moving at all if it isn't in a position to receive a stop command due to poor GSM-R connectivity. My argument (which I freely admit I made up on the spot) is that some aspects of GSM-R are safety-critical (e.g. when it's bearing ERTMS data) and, of course, a train wouldn't continue if it was unsure of its movement authority. But we're talking about a TCB area with lineside signals. In this environment the stop command is useful and can enhance safety but isn't part of the signalling system as such, just a non failsafe add-on. A bit like TPWS. Am I correct in this, or talking out of my hat? Log in to reply |
| GSM-R and fail safe 19/06/2018 at 23:41 #109775 | |
Hap
985 posts 
|
The driver of the culprit trian has failed to follow the rule book and has not contacted the signaller. Train running controllers do not have the authorisation to allow a train to continue forward after a SPAD. Also if this signal is protecting a junction, there will be a TPWS grid. This will have stopped the train, unless the driver has Overridden then safety system. I do not know the area at all, but the only issue I would see is if there was a change of GSM-R cell location, and the Emergency STOP call has not overlapped into the adjoining area? (I also could read the article before I type this, I will shortly) Up here, I have heard of calls being made to the signaller over the GSM-R from the Gourock/Wemyss Bay line and the call has gone to Yoker panel (Helensburgh line) rather than Paisley. (Yoker panel is about 2 miles away across the Clyde. but both lines run parallel with each other for some miles. Bottom line though, The train that had the SPAD should not have moved until contacting the signaller. The driver is at fault. Cheers Craig How to report an issue: www.SimSig.co.uk/Wiki/Show?page=usertrack:reportanissue Log in to reply |
| GSM-R and fail safe 19/06/2018 at 23:47 #109776 | |
|
TUT
507 posts |
Hap in post 109775 said:The driver of the culprit trian has failed to follow the rule book and has not contacted the signaller. Train running controllers do not have the authorisation to allow a train to continue forward after a SPAD.The TPWS TSS did stop the incident train (2T26). But as the driver SPADed the protecting signal of Bethnal Green North Junction (L93) there was no more TPWS to stop the train again when the driver proceeded, mistaking the instructions from the Train Service Controller as authority to proceed following the SPAD. This was about fifteen minutes after the SPAD, so the TPWS timer had of course timed out. Log in to reply |
| GSM-R and fail safe 20/06/2018 at 01:41 #109780 | |
|
Hap
985 posts
|
TUT in post 109776 said:Hap in post 109775 said:That's fair enough. He still didn't follow rule book S7 9. 9.1The driver of the culprit trian has failed to follow the rule book and has not contacted the signaller. Train running controllers do not have the authorisation to allow a train to continue forward after a SPAD.The TPWS TSS did stop the incident train (2T26). But as the driver SPADed the protecting signal of Bethnal Green North Junction (L93) there was no more TPWS to stop the train again when the driver proceeded, mistaking the instructions from the Train Service Controller as authority to proceed following the SPAD. This was about fifteen minutes after the SPAD, so the TPWS timer had of course timed out. 9.1 PASSING A SIGNAL AT DANGER OR AN EoA WITHOUT AUTHORITY If you pass a signal at danger or an EoA without authority, you must: • stop the train immediately • tell the signaller that the signal has been passed at danger or the EoA has been passed without authority. You must answer the questions the signaller asks you. You must not proceed until the signaller gives permission. How to report an issue: www.SimSig.co.uk/Wiki/Show?page=usertrack:reportanissue Log in to reply |
| GSM-R and fail safe 20/06/2018 at 01:43 #109781 | |
|
Hap
985 posts
|
If the two trains collided, the driver of the initial spad train would be at blame, lost his job, and jailed... if not already *******. Hard truths, but truths all the same. Craig How to report an issue: www.SimSig.co.uk/Wiki/Show?page=usertrack:reportanissue Log in to reply |
| GSM-R and fail safe 20/06/2018 at 02:52 #109782 | |
GeoffM
6282 posts |
Train Service Controller who told the driver to go to Hackney Downs may have chosen unwise words too - not a cause but a factor, perhaps. It would not be the first time.
SimSig Boss Log in to reply |
| GSM-R and fail safe 20/06/2018 at 08:10 #109784 | |
|
Andy174
90 posts |
Just shows how complicated the railway has become. When I was driving under BR the ONLY person you conversed with in such circumstances was the signalman either by then lineside phones or in later years CSR, There was no means of being contacted by anyone else. Just out of interest it used to be the case if stood at an automatic signal on red and there was no means of contacting the signalman ie the phone had failed etc it could be passed at danger, is this still the case?
Log in to reply |
| GSM-R and fail safe 20/06/2018 at 08:56 #109785 | |
|
clive
2738 posts |
GeoffM in post 109782 said:Train Service Controller who told the driver to go to Hackney Downs may have chosen unwise words too - not a cause but a factor, perhaps. It would not be the first time.There was a fatal rear-end collision in New South Wales some years ago because of a very similar situation: the driver of the second train was told by the controller - NOT the signaller - that "it's only an auto... just trip past". https://en.wikipedia.org/wiki/Glenbrook_rail_accident I've read the full reports - they're pretty horrific in how badly things were organized (e.g. the driver of the first train wasn't allowed to use his radio because of a turf war between companies; the signaller had no indications on his panel even though the interstate controller 1300 km away knew where the train was; etc.). Log in to reply |
| GSM-R and fail safe 20/06/2018 at 09:26 #109786 | |
DriverCurran
683 posts
|
As a 'TSC' for a different company and under a slightly different job title, if I told a driver to move after a SPAD my rear end would be heading for planet earth at such a rate that it would get there before the proverbial 2000 ton lead balloon. The most I can do with regards 'authorizing' a train movement after such an incident is to advise the Network Rail controller (note controller NOT signalman) that the driver could if he felt happy move to location X to clear the line only, during this movement I would be dealing with the driver management to ascertain further instructions for what the driver can do and again once any movement authority would be passed to the NR controller to give to the signalman. Paul You have to get a red before you can get any other colour Log in to reply |
| GSM-R and fail safe 20/06/2018 at 14:54 #109790 | |
|
trolleybus
142 posts |
I agree with all that's been said about the actions of the driver, but what do you think of the suggestion made to me that a train shouldn't have been running if it wasn't in a position to receive a STOP? I think the suggestion is wrong, but wondered what the consensus was.
Log in to reply |
| GSM-R and fail safe 20/06/2018 at 15:13 #109791 | |
Splodge
702 posts |
The rules have recently been relaxed slightly, but ultimately if the GSM-R equipment is unable to receive emergency broadcasts the train should not enter service, or continue to run in service. The signaller must be informed as special procedures would need to be put in place.
There's the right way, the wrong way and the railway. Log in to reply The following user said thank you: trolleybus |
| GSM-R and fail safe 20/06/2018 at 16:43 #109792 | |
Guts
586 posts |
I would so love to comment on TSC's but I can't. GSMR isnt' unfalliable and this is proof that the message doesn't always get through using it. It is a good system when it all goes wrong. It's helped us during all of the fatalities we've had in past weeks, by stopping all approaching trains. I'm glad in this instance the train got the message to stop even if the other one didnt. Log in to reply |
| GSM-R and fail safe 20/06/2018 at 18:20 #109795 | |
|
metcontrol
217 posts |
Just as an aside, between Harrow-on-the-Hill and Amersham we use GSM-R to speak to Chiltern trains. As the Line Controller I would say I'm probably the current day equivalent of the NR Controller? The controllers have access to the GSM-R whereas the signallers at Amersham, Rickmansworth and Harrow do not. Therefore when sitations arise that require the authorisation of the signaller, this is often done by the controller gaining that authority and then passing it on to the Chiltern driver. I have only ever used the emergency broadcast facility once and it did not achieve the desired effect. 1 out of the 2 trains on our network stopped... and so did a Euston-Watford service which was passing underneath our lines near Kenton. The generally low frequency of Chiltern trains in our area means that it is usually better to contact trains directly. There is also the added "benefit" that we will also have stopped LU trains, and so a Chiltern may very well get held by red signals as a result of this action. Log in to reply |
| GSM-R and fail safe 20/06/2018 at 18:45 #109796 | |
|
Hap
985 posts
|
metcontrol in post 109795 said:That sounds really dodgy. relaying messages through a 3rd/middle person can often lead to the message losing its substance and desired meaning etc. Surely, the drivers would go to the SPT? Is there an addendum to S7 that omits the rules in regards to SPADs? Craig How to report an issue: www.SimSig.co.uk/Wiki/Show?page=usertrack:reportanissue Log in to reply |
| GSM-R and fail safe 20/06/2018 at 20:42 #109798 | |
|
TUT
507 posts |
Hap in post 109796 said:metcontrol in post 109795 said:Trains operating on London Underground tracks adhere to London Underground rules and procedures.That sounds really dodgy. relaying messages through a 3rd/middle person can often lead to the message losing its substance and desired meaning etc. Log in to reply The following user said thank you: Guts |
| GSM-R and fail safe 21/06/2018 at 00:47 #109807 | |
|
metcontrol
217 posts |
Hap in post 109796 said:That sounds really dodgy. relaying messages through a 3rd/middle person can often lead to the message losing its substance and desired meaning etc.Both the GSM-R and telephone calls to signallers are fully recorded, and whilst I can see your view that messages could lose their meaning, safety critical communication protocols help ensure everything is conveyed clearly and repeated back to ensure no mis-understandings. There are no scenarios where a train is allowed to continue un-protected towards any pointwork after passing a signal at danger. SPADs on the last signal before pointwork see the train brought back behind the controlling signal (so that a clear aspect can be shown) or if this is not possible then the route ahead is manually secured/protected. The majority of SPTs have been decommissioned. The view was taken that following introduction of our own secure radio (Connect) and then GSM-R it was safer to keep drivers in their cabs and relay secure messages via the radio systems. Log in to reply |
| GSM-R and fail safe 21/06/2018 at 10:36 #109813 | |
|
Hap
985 posts
|
It's really interesting to hear these issues with the GSM-R down south. I can't fault it much up here at all, apart from the odd call to the wrong box because there's an overlap in cell coverage. Amersham, Rickmansworth and Harrow...So in these areas, messages go from Signaller - control - driver? Again, forgive my ignorance, that's just something that we just wouldn't do. But we do still have SPT/linesides phones, and until the last year or so, NRN. Craig How to report an issue: www.SimSig.co.uk/Wiki/Show?page=usertrack:reportanissue Log in to reply |
| GSM-R and fail safe 21/06/2018 at 10:40 #109814 | |
|
sorabain
72 posts |
Can you do unicast (point-point) messages on GSM-R? Was wondering if you could put in some kind of system whereby if a train has tripped something (e.g. TPWS) then it gets "locked-down" until it receives a special token from the signaller to release it. That way even if someone with perceived authority tells you to move, you simply cannot until the signaller has released your train (which they would send only after they've given you explicit movement instructions, not in this case where he was told to wait and be contacted again later). It's all too obvious in hindsight, but when you've already made a mistake I can see how someone might be less questioning of "perceived authority" and may unfortunately compound the error. It's those cases where language may need to be very carefully chosen by those who have not recently erred and the compromised person (driver) somewhat micromanaged. i.e. in this instance make it clear that you're saying it's ok for them to move somewhere from a control perspective but that they need to contact the signaller to get permission to actually move. Log in to reply |
| GSM-R and fail safe 21/06/2018 at 10:43 #109816 | |
headshot119
4869 posts |
Hap in post 109813 said:It's really interesting to hear these issues with the GSM-R down south. I can't fault it much up here at all, apart from the odd call to the wrong box because there's an overlap in cell coverage.Craig, Don't forget in those areas you are on LUL infrastructure, following the LUL rule book, which has some differences to the NR one. The same way that LUL trains (District line) have to follow the NR rule book over NR infrastructure. "Passengers for New Lane, should be seated in the rear coach of the train " - Opinions are my own and not those of my employer Log in to reply The following user said thank you: Hap |
| GSM-R and fail safe 21/06/2018 at 14:18 #109819 | |
|
clive
2738 posts |
metcontrol in post 109795 said:Many years ago I was talking to someone who worked in King's Cross PSB at the time. He had been trying to talk to a 313 driver over NRN (I think to talk him past a signal, but I forget the details). The driver seemed confused as to what he was supposed to be doing and why. Eventually: "Well, where *are* you then?" "Euston Down Shed." Log in to reply |
| GSM-R and fail safe 21/06/2018 at 14:55 #109820 | |
|
metcontrol
217 posts |
headshot119 in post 109816 said:Hap in post 109813 said:We do have differences, and I can fully understand the perception that the Signaller to Driver via Controller communication seems a bit woolly to say the least. Everywhere else on our network with our own trains wherever possible it is a direct signaller>driver link.It's really interesting to hear these issues with the GSM-R down south. I can't fault it much up here at all, apart from the odd call to the wrong box because there's an overlap in cell coverage.Craig, I think the best way I can explain how we mitigate against miss-communication or mixed messages is that as soon as an event happens the railway initially stops until everyone in the immediate area has come to a full and safe understanding of what will happen next. As I said we also do not have any procedure for a train to traverse pointwork without either a clear signal or physical securing of the route ahead. clive in post 109819 said: Many years ago I was talking to someone who worked in King's Cross PSB at the time. He had been trying to talk to a 313 driver over NRN (I think to talk him past a signal, but I forget the details). The driver seemed confused as to what he was supposed to be doing and why. Eventually:I can count a "couple" of occasions where a slip of the finger on our own connect system has seen us, for example, ask "202" to divert to Hammersmith, only to realise we're speaking to Victoria Line 202 and not Circle Line 202. But that's another story and radio system... Log in to reply |
| GSM-R and fail safe 22/06/2018 at 09:19 #109842 | |
|
Hap
985 posts
|
Very interesting. I didn't know or even gave it a thought that LUL had/would have separate rules etc. Cheers for the insight. NRN... Now the NRN was interesting... got a direct call to the back cab, and control were like "erm, Conductor why are you in the leading cab!?" I'm like.."erm nope, I'm in the rear cab going backwards, over" Turns out the had the train in the wrong formation/wrong way round. Emergency broadcasts on the NRN could be interesting in areas that could share the same headcode, as I believe happens down south? (very quick side note to multiple same headcodes... Never try phoning the BTP and just give them a headcode, they'll be half way around the country with the same headcode showing up 3 other times elsewhere before finding your train) How to report an issue: www.SimSig.co.uk/Wiki/Show?page=usertrack:reportanissue Log in to reply |
| GSM-R and fail safe 24/06/2018 at 12:21 #109888 | |
Giantray
330 posts |
Andy174 in post 109784 said:Just shows how complicated the railway has become. When I was driving under BR the ONLY person you conversed with in such circumstances was the signalman either by then lineside phones or in later years CSR, There was no means of being contacted by anyone else. Just out of interest it used to be the case if stood at an automatic signal on red and there was no means of contacting the signalman ie the phone had failed etc it could be passed at danger, is this still the case?The original ruling about passing auto signals was there because they didn't protect any point work, it was just plain line to the next signal no point work requiring setting by the Signaller. No drivers cannot pass Automatic Signal without authority any more. This changed as it was deemed that a driver can always find some form of communication to contact a Signaller, be it Signal Post Telephones, GSM-R even mobile phones that they now carry as standard, or even borrowing a passenger mobile phone. Incidently, many of the new Signalling layouts now only have Signal Post Telephones on signals at stations, or other key places. The majority of signals will not have telephones, just a plaque with the controlling Signallers telephone number. Retired Professional Railwayman (1981-2023); Pway & S&T (1981-88); Former Signalman/Signaller/ Signalling Trainer (1989-2023) [AB, TCB, Mechanical, NX, WestCad, Hitachi SARS]; Railway Historian (esp.SER, LCDR); Member of The Permanent Way Institution.. Last edited: 24/06/2018 at 12:32 by Giantray Reason: None given Log in to reply |
| GSM-R and fail safe 24/06/2018 at 12:38 #109890 | |
|
Late Turn
696 posts
|
Giantray in post 109888 said:Andy174 in post 109784 said:Just shows how complicated the railway has become. When I was driving under BR the ONLY person you conversed with in such circumstances was the signalman either by then lineside phones or in later years CSR, There was no means of being contacted by anyone else. Just out of interest it used to be the case if stood at an automatic signal on red and there was no means of contacting the signalman ie the phone had failed etc it could be passed at danger, is this still the case?The original ruling about passing auto signals was there because they didn't protect any point work, it was just plain line to the next signal no point work requiring setting by the Signaller. However, drivers can still pass an intermediate block home signal at danger on their own authority if they can't contact the signalman, or any controlled signal if they can confirm that the signal box is closed. Log in to reply |
| GSM-R and fail safe 25/06/2018 at 00:18 #109910 | |
|
TUT
507 posts |
Giantray in post 109888 said:Andy174 in post 109784 said:That's what I thought - in which case I have a follow-up question I've been meaning to ask. Why are signals still plated as automatics in that case? Why not just leave off the white and black stripes?Just shows how complicated the railway has become. When I was driving under BR the ONLY person you conversed with in such circumstances was the signalman either by then lineside phones or in later years CSR, There was no means of being contacted by anyone else. Just out of interest it used to be the case if stood at an automatic signal on red and there was no means of contacting the signalman ie the phone had failed etc it could be passed at danger, is this still the case?The original ruling about passing auto signals was there because they didn't protect any point work, it was just plain line to the next signal no point work requiring setting by the Signaller. Log in to reply |