"According to the NTSB's preliminary report, customers in the accident area received gas from a low-pressure (0.5 psi) distribution network which, in turn, was fed from a high-pressure (75 psi) main pipeline via regulators controlled by sensors measuring pressure in the low-pressure pipes. At the time of the accident, workers were replacing some of the low-pressure piping, but the procedure set out by Columbia Gas for doing this failed to include transfer of a regulator's pressure sensor from the old, disused piping to the new. As a result, when the old pipe was depressurized, the regulator sensed zero pressure on the low-pressure side and opened completely, feeding the main pipeline's full pressure into the local distribution network."
If you're just talking about when something in a feedback loop gets disconnected (causing the output of the error amplifier to go to an extreme), you can do this with cruise control and a manual transmission (at least on some cars). Engage cruise control on the highway, then pop the car out of gear without using the clutch (so cruise control doesn't disengage). As the car's speed drops, the cruise control applies ever more throttle making the RPM shoot up. I've also done this going downhill with the car naturally gaining speed (and RPM going to idle).
Huh. I've owned a few manual-transmission cars over the years and they all disallowed this trick -- pressing the clutch would disengage cruise control just like a tap on the brakes.
Yeah, pressing the clutch will do that. But you can pop the car out of gear without pressing the clutch. (IIUC) the synchros provide some positive holding force that holds the transmission in gear, but you can overcome it. Also that force goes down with the amount of torque being transferred through the transmission, so you can make it easier by playing with the gas pedal a bit.
Interesting that they only had a single regulator, if overpressure is that dangerous, I would expect them to have multiple regulators in sequence or a blowout valve to dump excess pressure.
After the accident, the Massachusetts legislature passed a law to require a licensed professional engineers stamp on all gas infrastructure designs of this type
But the recommendations to the gas company included:
> Review and ensure that all records and documentation of your natural gas systems are traceable, reliable, and complete. (P-18-7) (Urgent)
> Apply management of change process to all changes to adequately identify system threats that could result in a common mode failure. (P-18-8) (Urgent)
> Develop and implement control procedures during modifications to gas mains to
mitigate the risks identified during management of change operations. Gas main
pressures should be continually monitored during these modifications and assets
should be placed at critical locations to immediately shut down the system if
abnormal operations are detected. (P-18-9) (Urgent)
Edit to add:
This page has currently working links to the specific recommendations:
Well, my reading is that the corrective action was less "add redundant safeties" and more "have sufficient process controls in place to ensure you don't break the feedback loop during pipeline work".
One potential problem with a pressure relief valve as a safety is that it could turn into a flare/blowtorch if there is an ignition source nearby, which constrains where it can be located (and requires ongoing maintenance to ensure vegetation/etc., doesn't build up where it could get torched).
"According to the NTSB's preliminary report, customers in the accident area received gas from a low-pressure (0.5 psi) distribution network which, in turn, was fed from a high-pressure (75 psi) main pipeline via regulators controlled by sensors measuring pressure in the low-pressure pipes. At the time of the accident, workers were replacing some of the low-pressure piping, but the procedure set out by Columbia Gas for doing this failed to include transfer of a regulator's pressure sensor from the old, disused piping to the new. As a result, when the old pipe was depressurized, the regulator sensed zero pressure on the low-pressure side and opened completely, feeding the main pipeline's full pressure into the local distribution network."