A St. Louis pharmaceutical company ended up evacuated after a chemical spill Thursday night.
Mallinckrodt, located in the 3600 block of North Second Street, evacuated at 9 p.m. after about 20 gallons of Toluene spilled inside the facility. Officials say the spill occurred during a normal process where the chemical mixes with water, this time it just happened to overflow and spill.
St. Louis Firefighters got the call to the site for support because Mallinckrodt has their own fire department and emergency response team.
There were no injuries in the incident, official said.
As of Friday morning, the clean-up process was ongoing.
By Gregory Hale
It may have seemed short and not full of detail, but when President Obama focused on cyber security during his State of the Union address Tuesday night, the idea of securing areas like critical infrastructure became front and center.
Just that one paragraph could lead to more discussion and possibly some real action by government. The State of the Union is a broad address covering a multitude of issues, so the idea the President mentioned security, albeit brief, brings security more the forefront than it already is. And for an industry just getting its arms around securing its critical infrastructure, the time is right to step up security programs.
Paragraph 67 out of 103 simply said:
“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
Just by cherry picking each sentence, it should become apparent the President gets it and wants to ensure cyber security remains at the forefront of people’s minds and thoughts. Now comes the hard part, which is delving down into the details.
“Securing our nation’s infrastructure is vital to our economy and way of life,” said Graham Speake, vice president and chief product architect at NexDefense, Inc. “It is imperative that all of us – government, solution providers and end users work together to protect the automation and control systems that drive our economy forward and serve our communities each and every day. Any legislation passed by this Congress and those to come, must improve cyber security for the greater good, and not simply to satisfy a compliance checklist. Legislation, policy, and technology should empower infrastructure owners and operators to mount credible defenses against focused and targeted threats that initiate both domestically or from abroad.”
Encouraging companies to share cyber security information with the government while protecting privacy remains a vital aspect moving forward, along with modernizing law enforcement’s tools to fight cybercrime and establishing a national standard for companies to notify employees and customers about breaches.
“Cybersecurity information sharing is a critical need currently in fighting cyberattacks,” said Chris Doggett, managing director at Kaspersky Lab North America. “Too much vital information which could be used to prevent attacks is not used effectively due in part to ineffective information sharing. However, we must be careful that the concept of ‘information sharing’ does not do more damage than good. It should not cross-over into the area of broad-reaching surveillance (in conflict with our right to privacy), nor should regulations be enacted that force information disclosures which compromise criminal investigations. In addition, we must be careful that mandated sharing definitions do not result in ill-advised disclosures, such as in circumstances which result in incremental damage to the victims of the attacks.
“Updating our regulations to prohibit the types of crime that are occurring in cyberspace today and to empower law enforcement agencies to pursue and apprehend those who commit such crimes is a critical step. One of the reasons that organized crime has turned to cyberspace and that we have seen such an exponential rise in attacks is that the risk to those who commit them is much lower than in physical crimes. We must increase the risk factor to make such crimes less attractive to commit; to correct the current imbalance between risk and reward for criminal activity. That said, this will be a legislative issue that belongs to Congress and I know key members there have legitimate concerns about lesser crimes being prosecuted overzealously.
Iran Nuclear Program: Stuxnet Subcontext
During the Tuesday State of the Union address, President Obama also talked about the slowdown of Iran’s nuclear program, which has a Stuxnet subcontext.
“Our diplomacy is at work with respect to Iran, where, for the first time in a decade, we’ve halted the progress of its nuclear program and reduced its stockpile of nuclear material. Between now and this spring, we have a chance to negotiate a comprehensive agreement that prevents a nuclear-armed Iran; secures America and our allies – including Israel; while avoiding yet another Middle East conflict,” Obama said in the address.
Iran’s nuclear program suffered a severe halt in 2010 when Stuxnet, a sophisticated piece of computer malware designed to sabotage industrial processes controlled by Siemens SIMATIC WinCC and PCS 7 control systems, infiltrated the Natanz nuclear facility in Iran. The worm used known and previously unknown vulnerabilities to install, infect and propagate, and was powerful enough to evade state-of-the-art security technologies and procedures. ISSSource reported the program was a joint effort between the U.S. and Israel.
The worm used at least four Zero Day exploits and had Microsoft Windows driver modules signed using genuine cryptographic certificates stolen from respectable companies, contained about 4,000 functions, and utilized advanced anti-analysis techniques to render reverse engineering difficult.
Stuxnet had its true origin in the waning moments of George W. Bush’s presidency in 2009, said former senior intelligence officials, one of whom worked for the National Intelligence office, according to an ISSSource report.
At the time, President Bush wanted to sabotage the electrical and computer systems at Natanz, which is a fuel enrichment plant in Iran. After Bush left office, President Obama accelerated the program, these sources said.
Obama’s Tuesday address went on to say, “There are no guarantees that negotiations will succeed, and I keep all options on the table to prevent a nuclear Iran. But new sanctions passed by this Congress, at this moment in time, will all but guarantee that diplomacy fails – alienating America from its allies; and ensuring that Iran starts up its nuclear program again. It doesn’t make sense. That is why I will veto any new sanctions bill that threatens to undo this progress. The American people expect us to only go to war as a last resort, and I intend to stay true to that wisdom.”
Going to war is one thing, but what about cyber war?
– Gregory Hale
“Creating a common, national set of standards which mandate reporting to consumers the disclosure of their personal information when breaches occur would be a pragmatic and logical advancement. I think there are concerns anytime a new national mandate is considered, but we need to be more transparent with consumers in our view. Currently, the sheer volume and variation of requirements that occur from state-to-state makes it difficult and burdensome for companies to both determine which actions they should take, and to execute notifications to affected individuals. The result is an expensive, inaccurate and untimely process which does not best serve the interests of the affected consumers or the companies who are victims of such attacks.”
There are issues with the government getting more involved in regulating cyber security.
“I always become a little uncomfortable with legislators begin to enact drastic changes in response to recent events,” said Joel Langill, of RedHat Cyber, an independent ICS security researcher. “This approach is very ‘reactionary’ and in the long run, is not effective at mitigating the risk from a dynamic threat landscape.
“The electric utility sector was turned upside down with the introduction of the original NERC CIP compliance standards, but because they tended to be ‘backwards looking’ they underwent multiple significant changes over several years that is yet to determine if they have been successful at preventing potential cyber attacks. It is clear, however, that because of the reporting requirements imposed by NERC CIP that we are aware of the significant number of attacks on the energy sector as reported annually by ICS-CERT.
“Where these reactionary laws tend to cause the greatest problems are within today’s global, multinational corporations that have operations in not just a single country, but countries that span the globe. Many of these countries are also working diligently to pass their own legislation to address cyber risks to those enterprises responsible for critical infrastructure. A perfect example of this is the recent legislation approved by the French government that will effectively require cyber security technologies and professionals to be certified or accredited by French agencies. Image the burden this can place on a large multinational corporation that has worked diligently to select a vendor based on sound criteria only to find out that this vendor is not currently on the ‘approved’ list in a particular country.
“I believe that the government performed their main task when they developed the Cybersecurity Framework as released by NIST. The actual details of how this is to be implemented, with whom information should and will be shared, and the resulting consequences that could result from legal proceedings must be left in the hands of the individual enterprises. Our current economic basis must not place undue regulatory stress on these corporations for fear of the appearance of excessive government oversight,” Langill said.
John Cusimano, director of industrial cybersecurity at aeSolutions, agrees the Framework was well done and any new legislaton should follow that lead.
“I am not necessarily in favor of regulation but I hope that whatever does get passed is balanced and addresses both IT and OT security because this is what is truly required to protect critical infrastructure, Cusimano said. “To me, the big news in 2014 was how well the NIST Cybersecurity Framework addressed both IT and OT security and how it recognized industry consensus standards from both realms. This balanced approach is one of the factors why the Framework has been so well received and adopted by industry. Another huge selling point for the Framework with industry is that it takes a risk-based approach rather than a prescriptive, one-size fits all, approach. Again, let’s hope that if any new regulation is passed this year that it follows the lead of the Framework.”
With the potential for more government involvement, there are more questions.
“After all, once the government has authority to force companies to implement specific measures, this then assumes that the government knows best,” Langill said. “What if they are wrong? Will the government then be held liable for any consequences that may result?
“This is not an easy problem to solve,” he said, “and for this reason, there is not a quick and easy solution.”
A natural-gas leak at a fracking well that crews could not stop resulted in 25 families forced to evacuate their homes in eastern Ohio for three days.
Crews lost control of the Monroe County well on Saturday, said Bethany McCorkle, a spokeswoman for the Ohio Department of Natural Resources (ODNR), the state agency that regulates oil and gas.
Families evacuated from about 25 houses within a 1.5-mile radius of the well, located near the Ohio River about 160 miles east of Columbus.
The well was not on fire, but the gas could be explosive. “There’s still a steady stream of natural gas coming from the wellhead,” McCorkle said Wednesday.
Triad Hunter, a Texas company that also has offices in Marietta in southeastern Ohio, operates the well.
The company said in a statement the well had been temporarily plugged about a year ago while the company drilled and fracked three more wells on that site.
“Despite numerous precautionary measures taken in connection with the temporary plugging and abandonment operation, the well began to flow uncontrollably while recommencing production operations,” the company said.
Triad Hunter workers tried to bolt the cap back into place but couldn’t, the statement said.
Fracking involves drilling deep underground into shale formations; turning the drill horizontally; and blasting a mixture of water, sand and chemicals at high pressure to fracture the shale and free trapped oil and gas.
Triad Hunter crews were trying to unplug the well this past weekend when there was “an uncontrollable amount of pressure” that sent a stream of gas into the air, she said. The workers called for help and left. No one suffered an injury, McCorkle said.
She said families were able to go back into their houses during the day only. Emergency responders asked that they stay away at night.
McCorkle said ODNR is investigating. “This whole situation is uncommon in general,” she said. “A full investigation will give us more information as to what happened, what led up to the incident and why there was so much pressure.”
A pinhole-sized leak in a pipe led to an estimated 8,000-gallon gasoline spill from a major distribution pipeline in Belton, SC, last week and work to clean it up will likely continue through this month.
Owned by the Plantation Pipe Line Company, the 26-inch diameter pipe runs 3,100 miles from Louisiana to Washington, D.C., and the leak occurred about a mile outside of Belton, company officials said. Kinder Morgan, the country’s largest energy infrastructure company, operates the pipeline.
Workers turned the pipe off last Monday night, and crews drilled another tap to drain gasoline, said Jason A. Booth, a scene coordinator for the Environmental Protection Agency.
“These pipes are old and they’re bound to get leaks and cracks,” he said. “They can be minor and hard for the transfer station to detect a drop in pressure.”
Contractors likely will spend the next two to three weeks removing soil saturated with gasoline from the area.
An unnamed tributary of Browns Creek is about 1,000 feet from the leak, Booth said, and monitoring has shown gasoline has not reached the water. Officials will continue to observe the stream.
All residents in the area are on municipal water, and those lines are unaffected, he said.
The cause of the leak remains undetermined, said Melissa Ruiz, spokeswoman for Plantation Pipe Line Company. Workers did not detect a drop in line pressure, she said. Investigators have not determined when the leak began.
“All appropriate agencies have been notified and the company anticipates that there will be no customer impacts,” she said. An investigation into the cause and quantity of the release is under way.
Plantation Pipe Line is creating an environmental sampling plan in cooperation with the Department of Health and Environmental Control and the EPA, said DHEC spokeswoman Cassandra S. Harris.
Booth said the company soon will begin drilling holes in the ground at 50-foot increments to determine how far the gasoline had spread.
In South Carolina, the line enters in the Lake Hartwell area and continues through Belton and Spartanburg before heading toward Charlotte.
The same line broke in May at the company’s Anderson station during routine maintenance.
There is now a new way to wirelessly detect hazardous gases and environmental pollutants, using a simple sensor that a smartphone can read.
These inexpensive sensors could end up widely deployed, making it easier to monitor public spaces or detect food spoilage in warehouses. Using this system, researchers showed they can detect gaseous ammonia, hydrogen peroxide, and cyclohexanone, among other gases.
“The beauty of these sensors is that they are really cheap. You put them up, they sit there, and then you come around and read them. There’s no wiring involved. There’s no power,” said Timothy Swager, the John D. MacArthur Professor of Chemistry at MIT. “You can get quite imaginative as to what you might want to do with a technology like this.”
For several years, Swager’s lab has been developing gas-detecting sensors based on devices known as chemiresistors, which consist of simple electrical circuits modified so their resistance changes when exposed to a particular chemical. Measuring that change in resistance reveals whether the target gas is present.
Unlike commercially available chemiresistors, the sensors developed in Swager’s lab require almost no energy and can function at ambient temperatures. “This would allow us to put sensors in many different environments or in many different devices,” Swager said.
The new sensors consist of modified near-field communication (NFC) tags. These tags, which receive the little power they need from the device reading them, function as wirelessly addressable barcodes and mainly see use for tracking products such as cars or pharmaceuticals as they move through a supply chain, such as in a manufacturing plant or warehouse.
NFC tags can end up read by any smartphone that has near-field communication capability, which is a part of newer smartphone models. These phones can send out short pulses of magnetic fields at radio frequency (13.56 megahertz), inducing an electric current in the circuit on the tag, which relays information to the phone.
To adapt these tags for their own purposes, the MIT team first disrupted the electronic circuit by punching a hole in it. Then, they reconnected the circuit with a linker made of carbon nanotubes specialized to detect a particular gas. In this case, the researchers added the carbon nanotubes by “drawing” them onto the tag with a mechanical pencil they first created in 2012, in which the pencil lead ends up replaced with a compressed powder of carbon nanotubes. The team refers to the modified tags as CARDs: Chemically actuated resonant devices.
When carbon nanotubes bind to the target gas, their ability to conduct electricity changes, which shifts the radio frequencies at which power can transfer to the device. When a smartphone pings the CARD, the CARD responds only if it can receive sufficient power at the smartphone-transmitted radio frequencies, allowing the phone to determine whether the circuit ended up altered and the gas is present.
Current versions of the CARDs can each detect only one type of gas, but a phone can read multiple CARDs to get input on many different gases, down to concentrations of parts per million. With the current version of the technology, the phone must be within 5 centimeters of the CARD to get a reading, but chemistry graduate student Joseph Azzarelli, the lead author of a paper on the subject, is currently working with Bluetooth technology to expand the range.
The researchers filed for a patent on the sensing technology and are now looking into possible applications. Because these devices are so inexpensive and with smartphones being able to read them, they could deploy nearly anywhere: Indoors to detect explosives and other harmful gases, or outdoors to monitor environmental pollutants.
Once an individual phone gathers data, the information could upload to wireless networks and combine with sensor data from other phones, allowing coverage of very large areas, Swager said.
The researchers are also pursuing the possibility of integrating CARDs into “smart packaging” that would allow people to detect possible food spoilage or contamination of products. Swager’s lab previously developed sensors that can detect ethylene, a gas that signals ripeness in fruit.
The CARDs could also incorporate into dosimeters to help monitor worker safety in manufacturing plants by measuring how much gas the workers are exposed to.
“Since it’s low-cost, disposable, and can easily interface with a phone, we think it could be the type of device that someone could wear as a badge, and they could ping it when they check-in in the morning and then ping it again when they check out at night,” Azzarelli said.
A chemical spill at a plant in Hopewell, VA, may be the cause of the deaths of hundreds of fish, a spokesman for the state’s environmental agency said last week.
“We can’t say conclusively, but there does appear to be a connection,” said Bill Hayden of the Department of Environmental Quality.
About 5,500 pounds of a chemical called ammonium carbonate, which dissolved in water, spilled at the Honeywell International Inc. plant, Hayden said. Honeywell officials said the spill occurred last Monday night.
While most of the spill ended up contained in a treatment lagoon, about 600 pounds of the chemical flowed into Gravelly Run, a stream that eventually leads to the James River, Hayden said.
Officials found several hundred fish, mainly blue catfish, dead in the stream Tuesday.
Ammonium carbonate is one of the main ingredients used produce caprolactam, the Hopewell plant’s main product, Honeywell said. Caprolactam is a part of nylon.
A DEQ inspector took water samples Tuesday, and it will take more than a week to get results, Hayden said. If the samples show water in the stream was high in ammonia, that would be further evidence the chemical spill killed the fish. Ammonia ends up produced when ammonium carbonate hits water, Hayden said.
Honeywell said Wednesday it is still investigating the cause of the spill.
“We regret the incident and are doing everything we can to determine if plant operations may have contributed to the loss of fish,” the statement said. “The plant invests significantly in equipment upgrades, safety controls, processes and operator training to minimize environmental excursions and to mitigate them if they happen.”
Hayden said the cause of the spill, and whether the incident will result in a state enforcement action, are under investigation.
A Miami, AZ, smelter shut down after molten copper breached a processing vessel, causing a fire and explosions but no injuries, officials said.
The incident occurred late Wednesday night in Miami, which is about 70 miles east of Phoenix, said spokesman Eric Kinneberg of Phoenix-based Freeport McMorRan Inc.
Kinneberg said the molten material that spilled on the ground inside and around a building ended up contained and is no longer flowing.
A.J. Howell of the Tri-City Fire District said explosions heard and felt by residents of Miami and the neighboring communities of Globe and Claypool happened when the molten copper came in contact with water.