It turns out that the train computer would only accept a new headcode if the
button "Check Stops" was used before returning to the home screen.
The manuals produced by the train manufacturer, Hitachi, did not make it
clear that "Check Stops" had to be used even if there were no intermediate
stops. As a result the training manuals were incorrect. Not
only that, an App simulating the train management system (produced in the
UK) and a full train simulator (produced in France) also misunderstood this
point so both would accepted a new headcode without use of the Check Stops
button. It is hardly surprising that the driver did not realise that
this step was essential.
This raises a more general issue: not only train drivers but also airline
pilots rely a great deal on simulators, especially in training them to cope
with rare conditions unlikely to happen in normal training flights: for
example the activation of the flawed MCAS system on the Boeing 737 MAX, or
the icing up of both pitot tubes on an Airbus (which resulted in the AF447
crash off Brazil). The 737 MAX has now been re-certified in many
countries but no doubt that is partly because extensive sessions on
simulators show that it is now much safer. But what assurance do we
have that the simulators are themselves correct?
catless.ncl.ac.uk
