FTA report on WMATA safety failures should surprise no one
People work at the scene where two transit trains were involved in a crash in Washington June 22, 2009. Two Washington, D.C., subway trains collided during the Monday afternoon rush hour, killing four people and injuring 70 in a mass of tangled metal. REUTERS/Yuri Gripas (UNITED STATES TRANSPORT SOCIETY
After the bad crash in 2009, when 8 people died as a result of failures in the signalling system--which turned out to be the result of co-mingling signalling equipment from different vendors, who did not guarantee cross-vendor interoperability, I wrote quite a bit about the need for a new systems approach to fixing problems at WMATA:
-- "Talking a lot, but not really saying anything," (2009)
-- "Will nine deaths lead to a better governance, oversight, and management system for WMATA? Or not?," (2009)
-- "Missing the real issue about WMATA," (2009)
-- "The WMATA Board did fail and needs to take responsibility for it," (2010)
Clearly, six years later, things haven't changed all that much, given:
- the continued incidents of workers dying in track accidents ("Metro employee dies four days after being struck by train," WMATA press release)
- sending trains onto the system with 10 cars, when 8 is the maximum length ("Metro Investigating 10-Car Train Incident on Green Line: DCist," DCist)
- the recent fire in January, which sickened dozens and killed one, which turns out to have been the fault of systemic failure to properly seal connections between the powering system for the trains and the electricity line ("NTSB recommends Metro make emergency fixes to power lines," Washington Post).
Granted I still have to read the report, but my sense is that to change, WMATA needs a fundamental redesign, from top to bottom. E.g., this recent Post article from March, "Addition to Metro safety manual suggests problems at control center," discussed how WMATA issued new guidance for the operations center personnel, after the fire at L'Enfant Plaza, for "people not involved in managing the incident to not talk." It's pathetic that it's necessary to issue such instructions.
About 20 years ago, New Yorker Magazine ran a great piece about the bureaucracy and dysfunction in the Chicago Post Office ("LOST IN THE MAIL"). My sense is that WMATA operations are roughly at the same level of dysfunction.
Besides looking at the "human factors" approach of evaluating failure as a way to implement necessary process redesign and structural changes (see for example, "How mistakes can save lives: one man's mission to revolutionize the NHS," New Statesman, the RISKS-L online forum, and Computer-Related Risks by Peter Neumann), reading the article in yesterday's paper, it occurs to me that maybe where WMATA needs to look for assistance is to Boeing and Airbus, and their experiences completely redesigning their plane design, logistics, and manufacturing processes.
The New Statesman explains the human factors approach in the context of how after the death of his wife from an avoidable error, an airplane pilot is working with the British National Health service to apply airplane safety and crash analysis protocols to health care to reduce errors and deaths. From the article:
In the 1990s, a cognitive psychologist called James Reason turned this principle into a theory of how accidents happen in large organisations. When a space shuttle crashes or an oil tanker leaks, our instinct is to look for a single, “root” cause. This often leads us to the operator: the person who triggered the disaster by pulling the wrong lever or entering the wrong line of code. But the operator is at the end of a long chain of decisions, some of them taken that day, some taken long in the past, all contributing to the accident; like achievements, accidents are a team effort. Reason proposed a “Swiss cheese” model: accidents happen when a concatenation of factors occurs in unpredictable ways, like the holes in a block of cheese lining up.Transportation sectors, particular railroads and transit, are supposed to be applying the human factors approach already, but it's obvious that WMATA is not doing so in a very deep and considered manner.
James Reason’s underlying message was that because human beings are fallible and will always make operational mistakes, it is the responsibility of managers to ensure that those mistakes are anticipated, planned for and learned from. Without seeking to do away altogether with the notion of culpability, he shifted the emphasis from the flaws of individuals to flaws in organisation, from the person to the environment, and from blame to learning.
The science of “human factors” now permeates the aviation industry. It includes a sophisticated understanding of the kinds of mistakes that even experts make under stress. So when Martin Bromiley read the Harmer report, an incomprehensible event suddenly made sense to him. “I thought, this is classic human factors stuff. Fixation error, time perception, hierarchy.”
Boeing and Airbus introduced new plane designs, initially without changing their logistics, operations, and manufacturing practices, and were pushed to the brink of failure, with huge cost overruns and multi-year program delays. To succeed, they were forced to significantly change how they built planes. The Wall Street Journal had a great piece on this a couple weeks ago, "Airbus-Boeing Speed Race Increasingly Takes Place on the Ground." From the article:
A lot of lessons have been learned by both manufacturers in the last four to five years,” says Aengus Kelly, chief executive of AerCap Holdings NV, one of the world’s largest airplane-leasing companies. Mr. Kelly, a buyer of A350s and Boeing’s rival 787s, says the planes “are arriving on time and on spec.” ...
When Boeing in 1997 tried to double output of its popular 737 model within one year, its production systems weren’t ready. Chaotic assembly lines and incomplete planes caused painful losses amid a sales boom.
Boeing in December 2012 created a commercial-jet development unit to streamline decision-making and speed work. Mr. McNerney credited the unit with successfully introducing the 787-9, a second, slightly larger version of the Dreamliner that hasn’t suffered the technical glitches of the first version. ...
When Airbus began building the new A350 around the same time, Mr. Brégier demanded that lessons from the superjumbo shape planning. He forced staff from disciplines such as engineering, procurement and production, who previously had worked in isolation and communicated through a slow bureaucracy, to cooperate from the outset, allowing them to better anticipate and solve problems.
A350 program chief Didier Evrard, whom Mr. Brégier brought over from MBDA, began by focusing more on how the plane would get built than on what it would look like. Early on, the A350 resembled its recent predecessors, with a string of delays that left it about one year behind schedule. By mid-2012, preparations Mr. Brégier had ordered started paying off.For example, reading about the failures in the WMATA Railroad Operations Control Center, including lack of checklists and necessary manuals, I remembered something I'd read about Boeing, although I can't find the citation.
Weld inspectors used to go into planes carrying many pounds of blueprints, and had to thumb through them to find information relevant to the specific location of the welds they were to inspect. Now there are laser-identification and Ipad-based applications that direct them to the welds and the information they need for inspection, simultaneously (also see "Visual Work Instructions and the Paperless Factory," Assembly Magazine).
According to the Assembly article, "electronic work instructions are ideal for manufacturers that produce complex products; high-mix, high-volume items; and products with short order-to-delivery cycle times."
The same is likely to be true for WMATA rail and bus operations. "Electronic work instructions" can help simplify the oversight systems and ensure that the procedures are followed instead of ignored.
Just like how software prevents government agencies from hiring people if money hasn't been promoted, inspection software applications can be configured so that inspection approval and funds aren't released, if the work sleeve hasn't been properly sealed, etc.
However, whether or not substantive change will occur is a question I can't answer.