Comments about technological history, system fractures, and human resilience from James R. Chiles, the author of Inviting Disaster: Lessons from the Edge of Technology (HarperBusiness 2001; paperback 2002) and The God Machine: From Boomerangs to Black Hawks, the Story of the Helicopter (Random House, 2007, paperback 2008)

Saturday, September 3, 2011

San Bruno Pipeline Blast: NTSB lays out another system failure

The National Transportation Safety Board met on August 30 to discuss findings from its exhaustive investigation into the September 9, 2010 PG&E pipeline blast at San Bruno, CA. For those who want to check out the many documents on file, see the NTSB docket page.

Here's a summary of facts and technical findings presented on Tuesday by Ravi Chattre, NTSB engineer and chief investigator.

To summarize Chattre's message, this was an organizational accident, a failure across the system including state and federal regulatory oversight. Here's how Chattre explains that term:

"Organizational accidents typically have multiple contributing causes, involve people at numerous levels within the organization, and are characterized by a pervasive lack of proactive measures to ensure adoption and compliance with a safety culture. They are generally catastrophic in nature and require complex organizational changes. All these aspects are present in this accident."

At the core were persistent failures by PG&E to chase down and fix pipeline-safety hazards. In the case of the failure of Line 132, those problems date back to construction in 1956. The fabricated section of pups saw some remarkably poor welding (particularly in longitudinal seams) and a simultaneous breakdown of inspection and documentation. Here's my January blog post summarizing the welding errors and omissions. The flaws included a hunk of welding rod left in a bead. 

Despite having experienced two similar accidents before, PG&E did not acknowledge that a much more aggressive approach to old-pipeline safety was needed. This would have been expensive; it would have meant digging up and cutting out unpiggable sections (like the pups at the explosion site) and pressure-testing lines with water. These would have turned up the bad section ("woefully inadequate" according to NTSB chair Deborah Hersman) and prevented the blast. Instead, long stretches of grandfathered pipe received no such attention because state and federal regulators expected, or hoped, that industry would do the right thing under a performance-based approach. (In a performance-based approach, a regulated party is supposed to find its own path to an acceptable outcome.)

In this case, the outcome was that a pressure pulse on Sept. 9 originating at the Milpitas control center opened up a string of half-welded seams. It's amazing the cruddy welds lasted that long.

From Chattre's paper:

"During the course of the investigation, staff discovered systemic deficiencies within PG&E as an organization. ... Many of these same deficiencies were identified in the NTSB’s investigations of PG&E accidents that occurred in 2008 in Rancho Cordova and in 1981 in San Francisco. Consequently, PG&E missed earlier opportunities to make corrections that could have prevented the,San Bruno tragedy."

Early news reports and blog posts (including this one of mine) discussed a wide range of suspected factors, but NTSB reports that the following suspects played no role at the Line 132 blast: corrosion of the steel; damage from the "pipe-bursting" sewer construction work nearby; or seismic activity.

One of the things that most disturbed investigators was the long delay before PG&E shut down the high-pressure gas feeding this ferocious blaze: 95 minutes. During this period the pipe belched as much fuel gas as the entire city of San Bruno burns in a month. Eight people died.

See my recent post about how important it is that dangerous activities (including structures subject to storm collapse, like temporary state-fair stages) have robust and well-tested plans that can shut down energy supplies promptly in the event of catastrophe. 

Many older wooden dwellings in the LA Basin have no seismic gas shutoff valves (SGSVs) that shut down gas feed into the building in the event of a major quake, because local laws do not commonly require them except in new and remodeled structures. Here's an interesting lessons-learned paper about how SGSVs performed in the 1994 Northridge quake.

To their credit, Japanese authorities ordered building and homeowners to install SGSVs after the Kobe Earthquake of 1995.

1 comment:

  1. There's a rift between PHMSA, who actually makes and enforces the rules on pipelines, and the NTSB. There were 29 recommendations in the NTSB Report to a variety of companies, regulators, and industry groups.

    http://www.ntsb.gov/news/events/2011/san_bruno_ca/index.html

    Now, I read where PHMSA stated in an August 2 pipeline safety meeting that pipeline regulations were too stifling to that industry.

    ReplyDelete