Great Heck: Managing Improbability
On the 20th anniversary of the fatal rail accident at Great Heck, what essential lessons does it still provide?
I’ll be striking a more sombre note in this post, reflecting on the Great Heck rail accident and considering what important messages it still shows us about risk management today.
The Accident
Twenty years ago, on the morning of February 28 2001, a high speed passenger train travelling the length of England - from Newcastle to London - collided with a Land Rover, which had fallen down a motorway embankment onto the railway line at Great Heck, near Selby (in North Yorkshire). On collision with the Land Rover, the train derailed and hurtled into the path of an oncoming freight train. The closing speed of this secondary collision was estimated at 142 mph and the impact destroyed parts of both trains and spread wreckage far and wide. Ten people died, including the drivers of both trains and eighty-two were seriously injured.
Every major accident has a key nugget of learning and the Great Heck accident – the worst UK rail accident of the 21st century – perhaps demands more review and contemplation than most. But what was remarkable about Great Heck? One thing was the complex, seemingly improbable sequence of escalating events that occurred.
The driver of the Land Rover lost control of his vehicle and left the carriageway of the motorway at just the point where it crossed the main railway line. The vehicle then ran down the embankment and came to a halt on the southbound railway track. Unable to reverse it from the track, the driver tried to contact emergency services with his mobile phone. However, before he could get through, his vehicle was hit by the southbound passenger train. The leading bogie of the train derailed but it stayed upright and continued forward, where it was deflected by point work into the path of the oncoming freight train on an adjacent line.
I think anyone looking at this sequence of events would readily come to the conclusion that luck was with no one on that terrible day. The driver of the Land Rover has spoken about the great difficulty he had coming to terms with the event and his role in it. On its ten year anniversary he was quoted as saying "I believe in fate and I was meant to be there that morning." This might seem a curious comment. But it’s a very human one. When unlikely events seem to conspire against us, there is a strong tendency to feel powerless and grasp for explanations.
But hold on…fate is not a scientific principle. And neither is luck (or lack thereof). And neither of these explanations leads to a drive to learn and improve. Surely the challenge of Great Heck is to push beyond that deep human tendency and ask, with a scientific mindset, what was really going on?
The Improbability Principle
In the generation since the Great Heck rail accident, significant work has been undertaken to help understand how people make complex decisions. They can do so extremely quickly and efficiently using ‘heuristics’ – simplified mental models that work most of the time. But the models aren’t perfect. There are significant ‘bugs’ in our wetware and in the last few decades they have now been well-catalogued, in particular in the work of Daniel Kahnneman in his excellent, revelatory book ‘Thinking Fast and Slow.’
One particular area of weakness in our cognitive ability is our natural tendency to assign significance to ‘coincidences.’ This has been described in academic studies and also in popular science. In Professor David Hand’s writings on what he calls the ‘Improbability Principle’ he sets out a number of reasons why extreme and seemingly unlikely coincidences should be expected as everyday occurrences. One key aspect of this is what he calls the ‘Law of Truly Large Numbers’:
With a large enough number of opportunities, any outrageous thing is likely to happen
Perhaps his simplest example is the probability of being struck by lightning. Hands quotes the individual odds as 300,000 to one per year. For any one person that isn’t too daunting. But given that there are billions of people on the earth, this leads to about 24,000 people being killed by lightning each year. For each of them this seems like the cruel hand of fate, in particular for those who happen to be struck more than once (which will happen to approximately 1 in every 9 million of us over our lifetime).
A key message is that seemingly impossible events happen all the time and the real determinant is how much opportunity there is for them to occur. In the case of the accident at Great Heck, to truly understand the risk and how likely it was to occur would have required a detailed knowledge of the size of the opportunity. There were many places on the railway network where train services were in close proximity to motorways and other roads; thousands of trains and vehicles passed by each other every year, creating many throws of the dice.
Mapping Faults and Events
In safety and reliability engineering, complex accident sequences – like the one seen at Great Heck – are modelled using fault and event trees. The UK’s national railway safety risk model – which was emerging at the time of the accident - included the scenario as a recognised risk. But the number of interactions between the road and the railway was not modelled at the time of the accident.
The purpose of risk assessment is not to come up with a completely accurate probability estimate. It is to allow the branching forest of possible accident sequences to be explored, to decide the best interventions to reduce risk. Even if outcomes seem highly improbable, they demand attention if they have significant consequences. A good analyst can review the logic and determine which branches of the forest of outcomes to prune for most improvement. This is something I have thought quite deeply about. In the case of Great Heck, this type of thinking led to significant work on highway barriers, to prevent vehicles accessing the rail network in the first place.
Digital State Space - Very Large Numbers
One area where the very large numbers that create ‘coincidences’ are increasingly common, is in the area of software and information technology. As computing power and data storage grows, more combinations of logical states arise and the ‘state space’ (the set of all possible configurations of a system) grows exponentially. When software is used to control safety functions of transport systems, this creates many possible hazard opportunities. There are various strategies to address this, and they include:
Being disciplined in the use of software and data to minimise unnecessary complexity.
Applying rigorous principles of separation and system diversity to modules of a system, to give confidence in the integrity of safety-critical data.
Applying staged reviews and checks at intermediate points in the building and configuration of systems, with appropriate independence.
And where complexity is necessary, we need to do our best to understand the branching logic and how it can go wrong, however unlikely the possible accident may seem.
In closing…
So Great Heck tells us that unlikely events will happen. And when they do, we shouldn’t reflexively think of ‘coincidence.’ They happen when there are a large number of opportunities for them to do so and our brains are naturally blind to this. The message for the digital railway of today is that we need to face this head on, and believe that we are in control of our destiny.
The next issue
In the next issue I’ll be taking you through another of my ramblings on the safety of modern transportation. Please subscribe now so you don’t miss it.
Thanks for reading
I hope you enjoyed this edition of Tech Safe Transport. If you did, please share it with someone else who might also like it. All views are my own but I reserve the right to change my opinion and if you think I should, I’d be happy to hear your thoughts as to why: please feel free to send me a message on Twitter. The picture is of the memorial garden at Great Heck and is from creative commons. And finally, many thanks again to my editor, Nicola Gray.