Lac Megantic Accident Analysis

  1. Introduction
  2. Background Information
    1. Lac Megantic Train Disaster
    2. CAST and STAMP
  3. CAST Analysis
    1. Safety Goal, System
    2. Hazards and Constraints
    3. Safety Control Strcuture

 

Introduction

I collaborated with Ryan Chappus, Yunzhe Liu and Cissy Yao for UofT course APS440: Making Sense of Accidents. The final project was to analysze a well-documented disaster using a systems-engineering approach; Specifically, to apply CAST.

Our group analysed the Lac-Mégantic Train Derailment Disaster.

My responsibilities were to:

  • define the hazards and constraints.
  • define what an accident secifically meant
  • create the Safety Control Strcuture with Cissy.

With my group, we all:

  • defined the safety goal, system, and assumptions.
  • researched the accident.
  • write the report, create the presentation and present it to our class.

Background Information

Lac Mégantic Train Derailment Disaster

On July 5th, 2013, 10:50 pm:

  • a Montreal, Maine & Atlantic Railway (MMA) train is parked on descending grade (i.e. downward slope) in Nantes, Québec.

The Situation with the Train:

  • 5 locomotives & 72 Class 111 Tanks cars
  • 7.7M L of petroleum crude oil
  • Traveling from New Town, North Dakota to Saint John, New Brunswick

What the Locomotive Engineer (LE) did:

  • Common company practice: hand brakes on all locomotives + 2 additional cars
  • Left lead locomotive running powered locomotive air brakes – false impression of security
  • Railway rules: force of hand brakes alone hold train
  • Contacted Rail Traffic Controller (RTC) in Farnham Québec: ‘train secure’
  • contacted RTC in Bangor, Maine, which supervised trains east of Lac Mégantic

Thre were several mechanical issues with locomotive:

  • Black & white smoke from lead locomotive
  • Persisted from a series of non-standard repairs
  • Expected to settle → LE & RTC decided to leave train until following morning, where replacement LE would continue journey.

Response from the Nantes Fire Department:

  • 911 emergency; fire on the lead locomotive
  • shut off fuel supply to lead locomotive & turned electrical breakers off (followed railway guidelines)
  • Surete de Québec (SQ) contacted Farnham RTC & sent track foreman to consult firefighters
  • All individuals declared the train safe & left
  • No power → air compressors shut down → air brakes began to leak, reducing retarding force

1 am: train rolled toward Lac Mégantic → top speed of 65 mph; Derailed at Centre town

Results:

  • 63 cars derailed;
  • 6 million litres of crude oil spilt;
  • Fire and explosion;
  • 47 people killed;
  • 2000 more forced from homes;
  • Downtown core destroyed;
  • Surrounding land & water contaminated;

A coordinated emergency response helped to prevent further damage & loss.

CAST and STAMP

CAST (Casual Analysis using STAMP) was developed by Nancy Leveson’s work at MIT, which itself built on Rasmussen’s risk management theory STAMP (Systems-Theoretic Accident Model and Processes).

The first step is to identify the requirements of the system. This is comprised of:

  • the underlying goals of the system
  • the constraints that must be followed in order to meet the system’s goals\
  • all of the possible hazards that may affect the system and its functionality (i.e. prevent accomplishment of system goals)

The second major task in CAST is to model the safety control structure. The safety control structure is in place to protect the system from hazards and to regulate the functioning of the system so that it may complete its goals effectively. Safety control structures that break down lead to unexpected interactions and may cause an accident. For this reason, the original safety control structure is compared to its appearance at the time of the accident. Creating the model involves identifying:

  • all of the relevant actors
  • all processes in the system by which propagate control actions

The last step is to bring aspects of the system detailed above into a dynamic model. This model, which is built using the technique of system dynamics founded by Jay Wright Forrester at the MIT Sloan School of Management, is meant to visualize and observe interactions as they may change with time. By making this model, one is able to gain an understanding of the circumstances that surrounded the accident. [3]

It is common practice to use dynamic modelling software in creating the dynamic model representing systems. STELLA Architect is a useful tool used by many in the field of system dynamics, although other software, such as MATLAB, may also be used. Due to time constraints during this project, our class had analyze the dynamic model with a heuristic, qualitative approach as opposed to a numerical one.

 

Analysis

Safety Goal, System

img Safety Goal:
To effectively and safely
transport goods, both
dangerous and not,
across North America
via railway system.

System:
The Montreal, Maine and
Atlantic Railway and the
surrounding community and
regulatory environment.

Assumptions:
Ignores Orford Express,
a minor tourist line
that ran between Magog
and Sherbrooke.
The system is the
MMA railways that
only transports goods,
not passengers.

Hazards and Constraints

In CAST, Accidents are events that result in a loss, and may include factors beyond the control of the system.

Hazards are a set of conditions in the system that ultimately lead to an accident (i.e. a loss). And they should be mitigated or eliminated by the safety control system.

For this system, an accident is:

  • Any death or injury to a person, whether employee or member of the public, due to the trains or due to a good that is currently being transported by a train.

4 Hazards were identified. In order to prevent them, the safety control structure must have these requirements (i.e. constraints):

Hazards Hazard Specific Constraints
1: A Runaway Train For both Hazard 1 and 2
- The train is unsupervised or unmanned
while it is running to a location.
- The train is running and manned but
cannot be controlled by the staff.
- Locomotive & Tank Car runaways and
derailments must be prevented.
- Trains with dangerous goods cannot
exceed 50 mph at any point.
2: A Speeding Train For both Hazard 1 and 2
- The train is traveling faster than the speed
limits of the track.
- The train is traveling so fast that it risks
derailing
- Unsupervised trains must be properly
secured so that it cannot start moving.
- Must have redundant systems to ensure
it cannot move or will be stopped if
securements fail.
3: A damaged/improperly-implemented
safety system/component
For Hazard 3
- The equipment (ex. brakes, derailers, etc)
is broken or is about to break at next use.
- Automatic safety systems are disabled
or shut down.
- Must routinely maintain and improve
railway infrastructure, equipment
and vehicles.
- Valuable equipment must not be damaged.
- Railways must be kept in good condition.
- Equipment dealing with goods must be
in good condition.
4: A train with dangerous goods
exposed to the public/environment
For Hazard 4
- Dangerous goods are out of their
containment (i.e. not safely contained).
- Dangerous goods are not contained with
the proper equipment and in proximity to
people or environment it can damage.
- Goods must be properly managed.
- There must be proper identification of goods
and classification of goods.
- Sufficient frequency checking classification.
- Goods must be transported by the
proper safety equipment as per classification .

General Safety Constraints:

Emergency Procedures Must be in place

  • Redundant safety systems in place
  • Both physical defences and procedural/social defences

Uphold public safety and trust

  • Following the above constraints
  • Prevent harm to people (employees and citizens), property and environment.

Safety Control Strcuture

img

Click to see close ups and details of the diagram
Close Up Details
img  
img  
img  
img  
img  
img  

 

 

NOTES:

This page is VERY rough. All the images and the base information is there, but i really need to par it down and focus more on my tasks.