While the blast occurred over six years ago, lessons learned from the 2009 massive explosion at the Caribbean Petroleum (CAPECO) terminal facility near San Juan, Puerto Rico, can apply today.
In a scenario that appeared jarringly similar to the Buncefield, England incident in December 2005, the 2009 incident occurred when gasoline overflowed and sprayed out from a large above ground storage tank, forming a 107-acre vapor cloud which then ignited.
The Chemical Safety Board (CSB) issued a draft report on the incident which includes proposed recommendations for addressing regulatory gaps in safety oversight of petroleum storage facilities by the Occupational Safety and Health Administration (OSHA) and Environmental Protection Agency (EPA). The CSB also released a chilling video shows just how lucky three workers were to be alive after the massive explosion.
While there were no fatalities, the explosion damaged approximately 300 nearby homes and businesses and petroleum leaked into the surrounding soil, waterways and wetlands. Flames from the explosion were visible from as far as eight miles away.
On Wednesday, October 21, 2009, Caribbean Petroleum Corporation began a routine transfer of more than ten million gallons of unleaded gasoline from a tanker vessel docked two and a half miles from the facility. The only storage tank that was large enough to hold a full shipment of gasoline was already in use. As a result, CAPECO planned to distribute the gasoline among four smaller storage tanks. This operation would take more than 24 hours to complete. During transfer operations, one CAPECO operator remained stationed at the dock, while another monitored valves controlling gasoline delivery at the terminal.
By noon the next day, October 22, two of the tanks ended up filled with gasoline. The operators then diverted the gasoline into two other tanks – tanks 409 and 411. At 10 pm the night of the 22nd, as tank 411 reached maximum capacity, operators fully opened the valve to tank 409. According to witness interviews, the supervisor on duty estimated that tank 409 would be full at 1 am. But shortly before midnight, tank 409 started to overflow. Gasoline sprayed from the vents forming a vapor cloud and a pool of liquid in the tank’s containment dike.
“The CSB’s investigation states that there are a number of shortcomings in regulations that cover petroleum storage facilities,” said CSB Board Member Mark Griffon. “Facilities such as CAPECO, which store large quantities of gasoline and other flammables, are not required to conduct a risk assessment of potential dangers to the nearby community from their operations.”
The CSB’s investigation found the measuring devices used to determine the liquid levels in the tanks at CAPECO ended up poorly maintained and frequently did not work.
The facility primarily measured tank levels using simple mechanical devices consisting of a float and automatic measuring tape. An electronic transmitter card would normally send the liquid level measurements to the control room. But the transmitter card on tank 409 was out of service, so operators had to manually record the hourly tank level readings.
“We found that the ‘float and tape’ measuring system was the only control system CAPECO used to avoid overfilling a tank,” said Investigator Vidisha Parasram. “When that system failed, the facility did not have additional layers of protection in place to prevent an incident. The investigation concluded that if multiple layers of protection such as an independent high level alarm or an automatic overfill prevention system had been present this massive release most likely would have been prevented.”
An independent high level alarm could have detected and alerted operators to the danger of an overfill, even if the primary system for measuring the tank level fails, as it did at CAPECO, investigators said. An automatic overfill prevention system goes even further, and can shut off or divert the flow into a tank when the tank level is critically high. These additional layers of protection, however, were not in use at CAPECO.
The CSB found existing process safety regulations exempt atmospheric storage tanks of gasoline and similar flammable liquids. Additionally, the report concludes current regulations only require a single layer of protection against a catastrophic tank overfill – thereby putting workers and nearby communities at potential risk.
The draft report recommended the EPA adopt new regulations for facilities like CAPECO to require that flammable storage tanks come equipped with automatic overfill protection systems, and to require regular testing and inspection as well as risk assessments.
The Board is also recommending similar recommendations to OSHA, the American Petroleum Institute, and two key fire code organizations. The proposed regulatory changes would affect the EPA’s Risk Management Program; Spill Prevention, Control, and Countermeasure (SPCC) rules; and/or OSHA’s Flammable and Combustible Liquids standard.
Four tank cars leaked 35,000 gallons of oil after a train hauling fuel from North Dakota derailed in rural northeastern Montana, authorities said.
No one suffered an injury in the accident Thursday night that triggered the evacuation of about a dozen homes and a camp for oil field workers, according to state and local officials.
This latest derailment comes after recent oil train crashes, including a 2013 derailment in Quebec that exploded and killed 47 people. In addition, the spill marked the latest in a series of wrecks across the U.S. and Canada that have highlighted the safety risks of moving crude by rail.
The Burlington Northern Santa Fe Railway train was going to Anacortes, WA, when it derailed about 5 miles east of the small town of Culbertson, near the North Dakota border, officials said.
A hazardous-materials team contained the spill with earthen dams, and the oil didn’t appear to affect any waterways, according to federal and state officials.
Unlike many prior oil train accidents, there were no explosions or fire. The cars knocked over a power line as they left the tracks, and firefighters sprayed foam on the wreckage to prevent a fire as they worked to clean up the oil, according to Roosevelt County Chief Deputy Sheriff Corey Reum and BNSF spokesman Matt Jones.
In addition to the 2013 Quebec accident, in which much of the town of Lac-Megantic suffered from the massive explosion, trains hauling crude from the Bakken region of North Dakota and Montana also ended up involved in fiery derailments.
Acknowledging the risks, U.S. transportation officials have put rules in place intended to make shipping hazardous liquids safer. Critics, however, have said the rules don’t do enough to keep cars on the tracks and prevent derailments.
There was no immediate explanation of what caused 22 cars to topple from the train in Thursday’s wreck.
The train originated at a Savage Services loading terminal in Trenton, ND, and had 106 cars loaded with crude, according to BNSF and state officials.
A BNSF hazardous materials team arrived at the scene at about 3:30 a.m. Friday, more than nine hours after the derailment, according to the Montana Department of Emergency Services. Reum said other railroad personnel had arrived in the first hours after the accident.
An evacuation order for people within a half-mile radius lifted Friday morning. About 30 people living in the workers camp stayed away until workers unloaded the remaining oil, Montana Department of Emergency Services spokesman Maj. Chris Lende said.
Under an April rule, oil shipped from North Dakota must undergo treatment to reduce the chances of explosion. State and federal officials couldn’t say whether Savage Services and the shipper in Thursday’s accident, Statoil, had gone through that process.
An accidental ignition source hit an area full of mostly empty propane cylinders and the ensuing fire set off hundreds of propane explosions at an oil distributor in Sikeston, MO, Monday.
The investigation is complete and there is no reason to believe that it was suspicious, said Sikeston Department of Public Safety (DPS) Chief Drew Juden.
“It started in the propane recycling area which is where they pull propane out of containers that have been turned back in that have a small percentage of propane still in them,” Juden said. “They pull the propane out of those cylinders. In that process, that area becomes a very rich environment with fuel, with product. There was an ignition source, we are not sure what the ignition source was, and that’s what caused the initial fire.
“We have surmised that it was probably static electricity, but we are not sure about that either,” he said. “There was no other plausible ignition sources that we could find in the area.”
Crews worked through the night to put out flare ups at Santie Wholesale Oil Company.
Juden said representatives from DPS, the Fire Marshal, Missouri Propane Safety Commission, ATF, and insurance agents were on the scene Tuesday.
“There is a hazmat contractor on scene. They are cleaning up the hazardous materials, the oil and other products that spilled out,” he said. “Once that is done, then the business will be turned back over to the owner and hopefully they will rebuild and we will go on about our day.”
Juden said investigators had to wait for the smoldering fire to cool down. Investigators began working on Tuesday afternoon to determine the initial cause. They talked to witnesses about what happened.
Captain Jim McMillen with Sikeston DPS says hundreds of those propane cylinders exploded in the fire.
“When we got there, I mean the fire has engulfed in the 20-pound cylinders and there were numerous cylinders in that area that the fire was around,” McMillen said. “They hit that temperature point to a BLEVE (a boiling liquid expanding vapor explosion) They exploded and they were shooting across the fire grounds, some hundreds of feet in the air, some shooting horizontal. And we had to back up our firefighters, back up our command and just try to get to a safe area.”
There was a vessel containing 15,000 gallons of propane on the property that fire crews were worried about, but that did not explode. At the time, authorities asked everyone to stay at least a half mile away from the location.
Santie Wholesale Oil is a Petroleum Bulk Station. According to the U.S. Department of Labor, bulk stations provide the wholesale distribution of crude petroleum and petroleum products, including liquefied petroleum gas, from bulk liquid storage facilities.
According to the company’s website, Santie Oil is an authorized distributor for Chevron/Texaco, Castrol Industrial Metalworking fluids; Castrol Performance Lubes, Purus Products, Service Pro products & Royal Purple.
By Gregory Hale
Middle managers may or may not be aware of the increased need for security, but they are an obstacle when it comes to implementing and promoting security within their realm.
While the thought may seem to not make sense at first, it makes perfect sense where a middle manager’s compensation and performance objectives — whether it is a process line, an entire plant or anything in between — focus on performance. With pure performance objectives strictly in mind, security will often go by the wayside.
One case in point is one CISO at an oil and gas major who told a group of about 50 ICS cyber security experts at an invitation only meeting to discuss cyber security in oil and gas that one of his objectives handed down from his chief executive is to go around and get middle managers to adopt and follow the security process, said John Cusimano, director of industrial cybersecurity at aeSolutions. The CISO’s mission is to make security part of the culture.
The CISO said his biggest problem is middle managers. Not the workers in the trenches, but middle managers.
“I have seen this with other clients where even higher-ups (e.g. VP’s) in Engineering, Operations or even IT may not be onboard with an OT cyber security program,” Cusimano said. “For such a program to be successful it requires support from all three. Not surprisingly, the battles are more about company politics than anything else.”
“One of my clients, a global chemical company, operates a very successful OT cyber security program,” Cusimano said. “However, they really struggled in the initial formation of the program due to internal politics. The program was chaired by someone from operations who started his career in engineering. He was able to easily get engineering onboard but really struggled with getting IT, and thus the whole team, rowing in the same direction.
“He brought my company in to help educate and establish a strategy for the team. Initially, you could see and feel the tension in the room as different groups literally faced-off on opposite sides of the table. This is where having a neutral third-party who understands both automation and IT and has experience working with complex organizations can really help.
“We were able to help them understand the risks to the company (not just their department) and identify areas of weakness (vulnerabilities) without pointing fingers. After a couple of months the team had developed a strategy and a plan to conduct several site vulnerability assessments on sample facilities in order to gather more detailed information.
“The most brilliant part of the plan was that the chairman of the committee brought the IT people into the field for a week long ‘tour’ of several facilities. It was the first time that most of them had ever been in a plant. It was very eye-opening for them to see a real chemical plant and to see the day-to-day challenges that operations faces and to see, first-hand, how their IT infrastructure interacted with the plant infrastructure. They loved it. After a couple of days the IT and OT people were working hand-in-hand to gather the information we needed and conversations every night at dinner were lively and constructive. Most notably, when we got back and had the next committee meeting everything had changed. Instead of tension there was camaraderie and the groups sat co-mingled around the table. This was one of the most rewarding projects I have worked on because I was able to witness and be a part of bringing IT and OT groups together to solve a common problem,” Cusimano said.
The idea of middle managers bottlenecking the security culture and program is a huge obstacle to overcome. As executives in the corner office and boards of directors are very aware of the issue as are those working on the day-to-day issues in the trenches. But those middle managers remain a problem, said Martin Smith MBE, chairman and founder of The Security Company, and of the Security Awareness Special Interest Group at the CBI Cyber Security Conference 2015 in central London last week.
In a world where middle managers end up measured, and rewarded, by performance, security will end as IT’s problem. “[They only want to] be measured by business performance and not cyber-security performance,” Smith said.
Smith said they have yet to accept the idea cyber security is no longer just a technology issue, but a business issue.
Often times people will say awareness is not necessary because people are aware. That actually is not true as true awareness and understanding occurs because the point continuously ends up hammered home to where it becomes second nature.
A huge factory fire fueled by the product North Shore Strapping Company produced — bubble wrap and shipping supplies — lit up the sky in Brooklyn Heights, OH, near I-480 and I-77 Monday morning with flames and smoke that could be seen for miles.
The factory did not have sprinklers or an alarm system which didn’t help the cause at all. No one suffered an injury in the blaze.
An off-duty police officer first reported the fire around 3:30 a.m., said Jim Wheeler, Independence Fire Department’s Assistant Chief. By the time crews arrived, the flames were eating through the roof.
The plastic components inside were serving as fuel.
“Basically they have bubble wrap and shipping supplies,” said Assistant Chief Wheeler. “So it’s a petroleum-based product. Plastics have a lot of petroleum-based chemicals in them so they burn hot, and they burn very fast.”
When firefighters got to the scene, it was too dangerous for crews to go in, as the fire burned well into the afternoon. Hazmat crews remained on scene as a precaution.
Some of the company’s 50 or so employees learned what happened when they arrived for work. Their neighbors ended up affected by the ash and smoke, and the only road heading in and out remained shut down.
Investigators say no one was inside when the fire broke out and the last employee left the building late Sunday night. The cause remains under investigation.
It is also not immediately clear whether the factory violated code. Investigators say it is possible the building was grandfathered in by a standard where sprinklers and alarms were not a requirement.
Authorities say the building is a total loss.
Advanced persistent threats (APTs) are a big issue that can keep security professionals up at night wondering if and when they will suffer from an attack.
Along those lines a critical infrastructure end user got in touch with ICS-CERT to evaluate the organization’s control systems environment for a possible APT.
In its analysis of a previous incident response, the end user discovered the bridge between the corporate and processing network suffered a compromise, according to a report in the ICS-CERT Monitor. Concerned about the integrity of the processing environment, the end user requested ICS-CERT support to analyze the systems for activity and then, secondarily, evaluate the overall security posture.
As a result, ICS-CERT deployed an incident response (IR) and assessment team to look for evidence of trespassers and to perform an architectural review of their security.
The following is a mini case history of what occurred during the teams’ site review, according to the report in the ICS-CERT Monitor. While the name of the end user is not available, the problems it faced are very real and similar to the same issues other companies are confronting on a daily basis.
Despite pre-planning measures, the ICS-CERT review efforts ended up hampered by insufficient asset management in the control systems environment that caused a significant delay in identifying systems for examination and evaluation. To compensate for incomplete documentation, the team instead led discussions and conducted reviews of available materials to determine undocumented systems and create an up-to-date representation of the network architecture.
Asset management issues also made it difficult to determine who had primary responsibilities for the various systems within the network. As the IR team interviewed workers, it was evident they lacked clearly defined roles and responsibilities for the systems within the control environment. This prolonged the response time for access requests, authorities, data, and information needed to support the incident response effort.
Host-based analysis efforts also ended up slowed due to a lack of forensic information that was not adequately preserved or maintained for the team. Because of this, ICS-CERT focused on network evaluation techniques identifying unusual use patterns in the ICS network. ICS-CERT also compared network-based findings against indicators collected from various sources in an attempt to identify adversary communications from any remnants.
While onsite the team quickly identified the facility was using the same physical network cables and routing equipment for both networks, and the only segmentation was the hard-coded IP addresses for the processing environment in a separate subnet from the corporate network. This meant the two networks had essentially no segmentation. This segmentation issue was emblematic of the poor network visibility identified by the IR and assessment teams. The user lacked capabilities to monitor network traffic and identify suspicious activity in the ICS and corporate enterprise. In addition, critical assets ended up unmonitored with no physical security, leaving any employee the ability to tamper with critical systems undetected.
ICS-CERT provided recommendations and proposed a network re-design to heighten overall security posture and reduce the risk of future intrusion. These recommendations were for the technical and policy levels and included guidance such as:
• Define and establish accurate asset management responsibilities and assign appropriate authorities
• Verify network architecture
• Deploy system patching
• Create network segmentation
• Deploy physical security of critical assets
• Increase security operations staff and define mission roles and responsibilities
• Apply application whitelisting for approved applications and user authentication for remote access
• Deploy a security monitoring solution to ensure adequate visibility into the re-architected network
A shelter in place ended up ordered Saturday night after a 12-alarm fire broke out at a chemical facility west of Houston, officials said.
Flowchem, a company that makes a pipeline additive using synthetic rubber, reported a fire at 9:15 p.m. and it quickly escalated to 12 alarms, said Brian Cantrell, emergency management coordinator for the Waller County Office of Emergency Management.
Authorities told residents within a two-mile radius of the facility west of Houston to shelter in place as a precaution, Cantrell said.
“It’s in a very rural area, which is fortunate,” Cantrell said. There was no one inside the plant when the fire broke out, he said.
A hazardous material team from the Harris County fire marshal’s office is conducting air monitoring around the scene of the blaze, Cantrell said.
The Waller County Sheriff’s Office said 10 firefighting and emergency response agencies were on the scene of the fire. The fire was still burning shortly after midnight Sunday morning, but firefighters expected to have it out within a few hours, Cantrell said.
A natural gas pipeline explosion and fire in White Deer, TX, located on the Panhandle left four workers hurt, including two in critical condition.
The incident occurred last Thursday night in White Deer, about 35 miles northeast of Amarillo, said officials at the Carson County Sheriff’s office. White Deer is a town of about 1,000.
Two men remained in critical condition Saturday at University Medical Center in Lubbock. A hospital spokesman said two other men were satisfactory.
The White Deer Volunteer Fire Department said the explosion occurred at a gas booster station as crews worked on a 4-inch gas line.
State and federal regulators are investigating.
Messages left with the utility, West Texas Gas, and the sheriff’s department were not immediately returned Saturday.