Are steam train rides safe?

SAFE – because of a wave of new Federal regulations

In 1999 the Federal Railroad Administration massively rewrote the steam locomotive rules (49 CFR 230). For instance:

Historically, every time a new boiler was designed, the builder had to file a document called "Form No. 4". This documented every aspect of boiler design, and its safe operating pressures. Many locomotives would use that boiler design, and they all relied on the draftsman’s Form No. 4. In heritage service, there was never a need for this form, because all locomotives had valid Form 4’s at time of initial construction. After 1999, every steam locomotive required a BRAND NEW "Form No. 4" be developed based on that one locomotive’s actual material condition.

This was a deal-killer for many operations, either because of the cost of the survey, or the cost of repairs.

As an example, a survey of Pennsylvania Railroad #1361’s material condition found a design defect: a crown sheet inadvertently built near condemning limits the day it rolled out of the factory in 1918. What a piccadillo! The museum could either de-rate the engine, leaving it able to do little more than limp down a branch line dragging a few cars (not financially sustainable)… or engineer a new boiler with the faults corrected, so it could once again run mainline excursions. (the only viable business model for it). Museums prefer to respect historic fabric; most boilers are originals.

The upshot of these regulations is that the number of steam locomotive operators plummeted: from 100 prior to the rulemaking, to a few dozen today. In effect, the rules meant "Get BIG or get out". So you have operators like Steamtown, Strasburg, Cass, Cumbres & Toltec fielding many steam locomotives, because they had a business model that would field the millions of dollars needed to be in the steam game.

Also, the new regs limit number of operating days between major inspections – 1472 days with certain "clock-stops" allowed. This creates "Tube time" – the tubes are in the way of 1472-day inspections, and once they’re out, you might as well replace with new). Thus, boilers effectively get an aviation "C-check" every 4-6 years.

Operators must manage their "tube time" very carefully; i.e. stage work so running gear repairs are done before tube time starts ticking, and the engine isn’t taken down during peak passenger season.

Operator error is largely off the list

Because of the dramatically smaller number of operators, operator training is far better than it was before. An accident as critical as a boiler explosion is as unlikely as another "iodine pit" or "takeoff confusion" accident – because the failure was so famous that everyone knows not to do that!

The accident that "brought the house down" was with Gettysburg Railroad 1278. The boiler explosion occurred because of a wrong reading of how high the water was in the boiler. (a similar problem occurred at Three Mile Island a few miles away, and a week prior to that, in movieland in the movie The China Syndrome).

In that case, bad practice had been passed down through the generations. The grandfather knew how to clear the "sight glass" of precipitate that might plug up the lines. The father didn’t learn the lesson well, and taught the son wrong as well. Between them, they had allowed the sight-glass connecting piping to be entirely plugged, causing the gauge to read high. As you can imagine, the Federal Railroad Administration (FRA) inspects that closely today.

By the way, the Canadian locomotive involved used an experimental method hoping to arrest boiler explosions. There are two methods to attach a staybolt to a crown sheet; the builder used both of them in alternating rows. A typical boiler explosion tears open a boiler’s crown sheet in cascade failure, each row of staybolts failing in turn since they are about the same strength. The alternating rows stopped the cascade after a few rows, saving the crew’s lives. Passengers were never endangered.

As discussed, the regulatory blowback from this accident decimated the steam locomotive operations in the US, eliminating smaller operations – and the remaining fraternity of steam locomotive operators are safety-minded. You’ll never see another improperly blown sight glass on a US railway.

From here, let me address other aspects of safety, since our UK brethren have raised those issues.

How the government regulates tourist railways

In 1988 FRA was given broad jurisdiction over anything that runs on rails, and their "authority to regulate extends to all areas of railroad safety". 49 CFR 209 Appendix A, "The Extent And Exercise of FRA’s Safety Jurisdiction". However Congress also told FRA not to crush heritage railways with excessive regulation. 49 USC 20103(f).

FRA waives its authority in certain areas (e.g. "insular" railroads entirely on private property behind a fence). By doing so, they place the operation in the jurisdiction of that state’s department that regulates amusement parks, which can be a "wild ride" for the operator, as the state is not experienced at regulating tourist railways.

However, FRA always has "Emergency Order" authority on any railway, and inspects for that purpose, often simply riding as a passenger. 99% of the time, the mere threat of an E.O. will bring the railway into compliance. As such, they issue very few.

Railroads "on the general system of transport" (freight or commuters ply their rails), face "the full monty" of FRA regulations, because of that. However their historic aspects get certain waivers due to the fact that heritage equipment is simply unable to meet noise, crashworthiness and emergency preparedness rules. 49 CFR 227, 238 and 239.

Many operations are not insular, but are not in the General System. FRA waives the picayune, time-consuming detail requirements (49 CFR 2xx.3), and looks at the broad strokes: Do they have a practice in place? Is it reasonable for them?

FRA also "ratchets up" the regulations based on operating speed. As such, almost all heritage operations willingly stay under 30 mph, and many stay under 15 mph, to ease those regulations.

Coach rolling stock

As said, heritage stock is technically exempt, however the FRA inspector still looks at the "broad strokes": is the car generally fit for passengers?

But other actors also enter the picture. The operation’s insurance company has its own standards.

One type of operation, mainline excursions, also requires approval of the freight railroad which is hosting the event. These operate well over 30 mph (typically 40-60 mph) on mainlines owned by freight companies (BNSF, UP, NS). The freights have ratcheted up those requirements: 30 years ago, "Lackawanna coaches" (simple circa-1920 lightweight commuter coaches) would suffice. Today, the freights want to see near-Amtrak-certified cars, and those are invariably postwar stock with good frames and collision posts, but fairly boring for the passenger.

Trackways

The FRA is well aware of which accident speeds cause injuries, and which do not. Its strategy is to limit train speeds as low as 8 MPH, unless the railroad has shown their track is fit for higher speeds. At 8 mph there is so little kinetic energy that even if the train derails, it is unlikely to cause injuries. This was seen several years ago in a sideswipe accident in Texas, where the passengers on both trains were shaken but unhurt.

Derailments at tourist railways simply don’t make news in the U.S. Do they happen? Oh, yes – I have been an ordinary passenger on two derailments, actually – but they happened on special VIP runs of equipment not yet tested nor vetted for public operation, and indeed – happened below 5 mph and injured no-one. (partly, the car was being handled lightly due to its uncertain status). These were "non-events", and no paperwork was done, nor needed to be done to the government.

Signaling/interlocking

A side-effect of limiting track speed is that it effectively moots the need for block signaling and other anti-collision practices. Very few tourist railways even have 2 trains moving at once, and speed is limited to where they can stop under the "prepared to stop short of half sight distance" rule. The Texas case was one train not as clear of the other track as they thought. Nonetheless, most heritage railways implement a block-control method – usually a schedule, "staff/token" (possess the staff, possess the track segment) or verbal dispatcher system.

The Illinois Railway Museum has a fully operational block signal system (on an electrified railroad, no less; greatly complicating the electrical aspects of block control). Their operation is dense enough that they actually need it – however there is still manual oversight of train movements.

Electrification

Several tourist railways have (or are) electric operations. The overhead wire plant is usually quite well maintained, nearly or at the standard of the electric railways whose heritage they preserve. Modern techniques like active tensioning are not used. However, many lines use modern "arc-fault detection" on the substations, to detect wire shorts, heavy arcing [turn your volume way down!] within a car, etc.

I can’t really comment on many specifics for the US, but I can comment in general on a few points of concern with heritage trains:

Crashworthiness

I don’t know about the specific regulations in the US, and I haven’t been able to find anything specific, but certainly globally most heritage/preserved/museum railways would generally be running at reduced speeds for safety. If it’s not required by legislation I tend to find it ends up being the case anyway thanks to common sense and/or risk assessments (I’ve been on a couple of heritage railroads in the US and they’re definitely not fast). So this mitigates the generally lower crashworthiness standards of the rolling stock.

Maintenance of carriages

Maintenance of rolling stock can sometimes be a concern, I’m not going to lie. Over here in the UK we had a terrifying incident recently where a toilet was missing its floor, was supposed to have been locked out of use but the door wasn’t secured very well, and a kid managed to narrowly avoid falling. But this sort of thing is the exception rather than the rule. In the UK this problem of maintenance has been recognised recently and new standards have been put in place for the most common type of preserved passenger coach. In the US as far as I can make out the same standards are in place for heritage railroads as for major railroads; there appears to be little legal distinction between the two.

Maintenance of infrastructure

This is generally not a problem. Most heritage railways I’ve visited have well-maintained track, and derailments are made much less likely and their consequences much less severe by the limited speeds.

Method of working

Generally a heritage railway will use a traditional method of working that has many decades of improvement and safety refinement behind it; the sort of thing that would have still been used on many "big" railways 40 or 50 years ago, and might even still be in use on small lines today. These methods of working were generally taken out of use because they’re more staff-intensive rather than because they’re inherently unsafe. In the UK this often means absolute block or electric token block operation with semaphore signalling; in the US I believe this would generally be track warrants or (for an authentic retro experience) train order operation. While some of the more cutting-edge safety systems like PTC in the US or TPWS in the UK will be lacking, bear in mind that these generally have only come in in the last couple of decades, and that again the low speeds would tend to mitigate their absence.

Boiler maintenance

Boilers are heavily regulated for exactly the reasons you are concerned about. As has been mentioned in Mark’s answer, the US requires steam locomotives to undergo extensive inspections every four years (specifically 1472 days). See this information on the subject if you’re interested. Briefer more frequent inspections are also required. A similar rule applies in the UK. Thanks to this you really shouldn’t have to worry about boiler explosions on steam locomotives as a passenger.

Conclusion

You can see that most areas of concern have been mitigated to a reasonable extent, and it’s for this reason that serious incidents (at least involving passengers) on heritage railways are rare. I suspect the old cliché is true, that you’re in more danger driving to the heritage railway than you are riding on it.

Boiler explosions – even in older devices/industry/locomotives – have dramatically reduced over time, in part due to new safety developments and inspections.

It’s been over 25 years since the last one in a locomotive: https://en.wikipedia.org/wiki/List_of_boiler_explosions

Based on that, yes, it can happen, but it’s incredibly rare and can be about as objective as you get calling it "Safe".

Enjoy it!