Today, the Transportation Safety Board of Canada released their final report on the investigation of the Lac-Mégantic derailment that killed forty-seven people. The full report is here [PDF] and 191 pages long, but I will try to summarize it as best as I can.
If you don't know the details of the derailment, here is the introduction to the report:
On 06 July 2013, shortly before 0100 Eastern Daylight Time, eastward Montreal, Maine & Atlantic Railway freight train MMA-002, which was parked unattended for the night at Nantes, Quebec, started to roll. The train travelled approximately 7.2 miles, reaching a speed of 65 mph. At around 0115, when MMA-002 approached the centre of the town of Lac-Mégantic, Quebec, 63 tank cars carrying petroleum crude oil (UN 1267) and 2 box cars derailed. About 6 million litres of petroleum crude oil spilled. There were fires and explosions, which destroyed 40 buildings, 53 vehicles, and the railway tracks at the west end of Megantic Yard. Forty-seven people were fatally injured. There was environmental contamination of the downtown area and of the adjacent river and lake.
A photo of the aftermath from the report, shown below, better illustrates the enormity of the accident. A very large portion of the town, which straddled the rail line, near-as-makes-no-difference evaporated. It was the deadliest Canadian rail accident in almost 150 years.
The train's scheduled route traveled from Farnham, QC to St. John's NB, stopping in Brownsville, ME along the way. A locomotive engineer, operating alone, controlled the 72 tanker cars, 1 buffer boxcar, 5 locomotives, and a VB car (a car from which all locomotives may be controlled). During the trip, the engineer reported mechanical issues with the lead locomotive, but not enough to stop the trip.
The train stopped at Nantes, QC for the night, and the engineer applied the hand brakes on the locomotives, VB car, and buffer car; seven hand brakes total. He also shut down all but the lead locomotive, which was experiencing the mechanical issues. Then he conducted a hand brake effectiveness test, but the lead locomotive's air brakes were still applied, and told rail traffic control the train was secure. He then called another controller to ask about the malfunctioning lead locomotive, and despite increasingly visible clues of the malfunction, they mutually decided to address the issue in the morning.
An hour later, the local fire department receives a call of a burning train in the railyard, who then called the railroad for help. The railroad couldn't raise someone with lone engineer and mechanical experience, so they sent a track foreman to assist the firefighters. Before the foreman arrived, the firefighters had extinguished the blaze by closing the emergency fuel cut-off valve and opening all electrical breakers, in accordance with railway instructions. Satisfied the fire was extinguished, everyone went home until morning.
With the lead locomotive completely dead and no other locomotives running, the air brake system slowly bleeds pressure until the combined air brakes and seven hand brakes can no longer hold the train on the ~1% descending grade. The train begins to roll downhill, eventually traveling 7.2 miles (report uses miles, not km, oddly) and derailing in the center of Lac-Mégantic. The report has a diagram of the grade between the two towns, shown below.
The rest of the report examines the technical, human, and safety management aspects of the accident in minute detail, which is very interesting if accident reports are your thing, but for everyone else I'll skip ahead to the findings.
One reason the train was left after the fire was the understanding that automatic penalty brakes apply on the locomotives when electrical current is cut; a feature controlled by a Reset Safety Control. However, three of the five locomotives, including the lead, were built before 1986, the year RSCs became mandatory, and no standards exist for their installation onto existing locomotives. In testing, the TSB found that the penalty brakes didn't work properly on any of the three pre-1986 locomotives. Furthermore, the testing for engineers on handbrake use was basic and unrigorous. The engineer thought that applying the hand brakes on 10% of cars was adequate because that secured the train at flatter stops and at this location when the locomotive's air brakes were working properly. Furthermore, the railroad's operating manual mandated nine hand brakes be applied in this situation, but testing revealed that even that wouldn't secure the train. Either way, a proper handbrake test will not include any air brakes. When the foreman visited the site of the fire, he was assured that a hand brake test had been performed and assumed the train would be secure.
Furthermore, the TSB found a week safety culture at the railroad. Many management-related issues related to and outside the accident were found and are quoted below:
- MMA management's acceptance of rail wear on the main track that was well beyond industry norms and their own track standards;
- MMA management's tolerance of non-standard repairs (for example, to the locomotive engine and the QRB valve), which either subsequently failed, or did not return the parts to their proper operating condition;
- the systemic practice of leaving unattended trains on the main track, and on a descending grade, at Nantes for several hours without in-depth defences to prevent an uncontrolled movement;
- crews and single-person train operators not always correctly applying CROR 112 and MMA's instructions when securing trains at Nantes;
- inadequate company oversight to ensure the correct securement of trains at Nantes;
- MMA's inadequate recertification program and SPTO training that did not ensure that operating crews knew and understood the procedures for train securement;
- the giving of extensions for competency cards by MMA management, in some cases for several months beyond the mandatory limit of 3 years; and
- the fact that only local corrective action resulted from recurring deficiencies identified during TC inspections of MMA track and operations; the systemic issues contributing to these deficiencies were not fully analyzed by MMA, and thus persisted.
These individual issues are of varying concern, but collectively indicate a culture that wouldn't fix things until they broke and let lots of issues slide, hoping they would resolve themselves. In my opinion, it's very similar to the Washington Metropolitan Area Transit Authority's safety culture, which has contributed to several fatal light rail accidents.
Canadian regulators knew this specific railroad operated at an elevated risk, and often found issues reoccuring after the railroad assured regulators they were fixed, especially concerning crew training and train securement. Furthermore, the railroad barely even had a safety management system. Between the SMS mandate in 2003 and 2010, an internal audit by the railroad found they were patiently waiting for government approval of their SMS; this wasn't required nor would ever be given to anyone. A similar audit in 2012 found an SMS that was hardly comprehensive to all safety risks of operating a railroad. Transport Canada only requires railroads to have an SMS; it doesn't require it to be any good.
Overall, nothing new or shocking came out of this investigation; all of these issues have been found in other accidents, and in all morbid honestly they'll pop up in future accidents. Complacency, get-home-itis, deal-with-it-later, and act-like-everything-is-fine have killed more people and destroyed more property than I care to count.
There is no reason rail transport can't be a safe as air or pipeline transport, or even safet. We just need to have the will to make it so. Hopefully we won't require any more disasters to get us there.
Photo source: Wikimedia Commons