Search results

Friday, April 20, 2018 @ 12:04 PM gHale

A chemical fire forced the evacuation of dozens of homes around the Tyson Foods chicken plant in Dawson, GA, Wednesday night, officials said.

A fire broke out in a dock area of the Dawson plant, employees evacuated, and there were no injuries, said Worth Sparkman, a spokesperson for Tyson Foods.

Underground Coal Plant Fire
Workers Halt Ammonia Leak
Blaze at AL Auto Parts Plant
OR Mill Fire Forces Evac

“We’re grateful for area fire departments and their quick response,” Sparkman said. “The incident involved the release of ammonia, which is used as a refrigerant at the plant. The leak has been isolated and we’re working to determine the root cause.

“The plant will not operate the rest of this week. We’re evaluating the damage and will determine when we might resume operations sometime next week.”

A HazMat team was requested by the Terrell County EMA Director around 9:15 p.m. due to ammonia released through Tyson Foods refrigeration lines. 

Forty homes evacuated in the area of Old Mill Road and the intersection of Highway 32, said Terrell County EMA Director Billy McClung.

First responders went door to door in outlying areas to inform residents to be on standby. McClung said the evacuations are due to ammonia leaks.

The fire was reported to be in the walls when the Albany Fire Department arrived on scene but was under control as of midnight Thursday, said Battalion Chief Keith Ambrose. When the leak was noticed, the big tank was shut down and ammonia released from the refrigeration lines. No plume clouds were reported.

Ambrose spoke with McClung who said where the winds are blowing, the ammonia would not be heading toward residential areas.

Ambrose added ammonia is a pungent smell that leaves a burning sensation in/on/around moist areas of the body (eyes, nose, lungs, crotch area and underarms). All believe that there was only a small amount of ammonia released and was contained to a small area around the plant.

The cause of the fire remains under investigation.

Monday, April 16, 2018 @ 05:04 PM gHale

A gas line burst into flames after workers damaged it while working on nearby water line.
Photo by Arlington Fire Department

Three people suffered injuries when a gas line burst into flames after workers damaged it while working on nearby water line in Arlington, TX, Sunday.

One Arlington firefighter is at Parkland Hospital after being injured in a gas-related fire.

Chlorine leak at MS Water Plant
Fire at CA Oil Products Maker
Blast, Fire at MI Recycling Firm
Worker Electrocuted at AL Coke Plant

Crews were working Sunday night to repair a water line leak at the intersection of Ditto Avenue and Dugan Street.

The gas line was damaged when workers were clearing asphalt. The fire started as excess water was being pumped out to fix the gas line.

Three people in total suffered injuries, another firefighter and an Arlington water worker ended up treated and released from Parkland Hospital.

Wednesday, April 4, 2018 @ 12:04 PM gHale

By Gregory Hale
Gas is still flowing – and never stopped – but at least three of the four companies operating pipelines admitted they were hit by a cyberattack this week on their electronic systems for communicating with their customers.

Oneok Inc., which operates natural gas pipelines in the Permian Basin in Texas and the Rocky Mountains region, said Tuesday it disabled its system as a precaution after determining that a third-party provider was the “target of an apparent cyberattack.”

Cyber is ‘Core’ to Digital Future
SANS: ‘Unique’ Safety System Attack
SANS: ‘We Can Do This’
Feds Alert on Russian Cyber Activity Targeting ICS

A day earlier, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, and Chesapeake Utilities Corp.’s Eastern Shore Natural Gas reported communications breakdowns. Eastern Shore said its outage occurred on March 29.

The Department of Homeland Security said Monday it was gathering information about the attacks had no immediate comment.

“We do not believe any customer data was compromised,” said the Latitude Technologies unit of Energy Services Group, which Energy Transfer and Eastern Shore both identified as their third-party provider, in a Bloomberg report. “We are investigating the re-establishment of this data,” Latitude said in a message to customers.

Just the Facts
“Cyber attacks can range from denial-of-service, malware, Insider threat, etc. The problem is that there is no specific given to the type of attack that occurred at the pipeline infrastructure,” said Dewan Chowdhury, chief executive and founder of security provider, MalCrawler. “Right now, everybody is speculative except for the companies involved and law enforcement agencies. I can tell you that based on experience from conducting cybersecurity assessment on downstream natural gas operators is that the connection between them and their upstream supplier is not very secure.”

“Based on what I have read, this looks like a fairly traditional attack. I have seen no evidence of deliberate targeting of the pipeline control systems,” said Eric Cosman, security expert and consultant with ARC Advisory Group.

“The common thread here is that the affected companies used a third-party EDI provider and relied on that service,” said John Cusimano, director of cybersecurity at aeSolutions. “It is not uncommon in the energy industry that energy distribution companies (e.g. pipelines, utilities, etc.) rely on third-party data for their logistics planning (where energy needs to go, how much, when, etc.).

“The main takeaway from this event is that there definitely are people/organizations that are attempting to disrupt U.S. energy distribution using cyber means. The second takeaway is that all companies, but especially U.S. energy companies, need to risk assess (or re-assess) the cybersecurity of ‘external information resources’ (ref NIST Cybersecurity Framework ID.AM-4),” Cusimano said.

“This wasn’t an attack on the control systems,” said Patrick McBride, vice president at network monitoring provider, Claroty. “Time will tell, it could have been financially motivated ransomware attacks. It doesn’t smell like it was a state-sponsored attack.”

“I think that it’s important to make clear that this was not a control system, but rather an Internet-exposed non-real-time data exchange system mandated by FERC to facilitate transparency in the common carrier gas pipeline business,” said Graham Speake, chief information security officer at Berkana Resources. “The actual control systems were not impacted and demonstrate the need to ensure a secure barrier between the control systems and business networks. As companies continue to strive to get more information from their sensors and networks to perform analytics, often resorting to cloud based solutions, there needs to be an increased awareness of the security implications. This needs to involve not just technical countermeasures, but also continual security awareness training to all personnel.”

Simple Communications
“A majority of the time it’s just a simple RTU to RTU using MODBUS that interconnects the downstream natural gas provider to their natural gas transmission provider,” Chowdhury said. “There’s hardly any rule sets that protect both networks. The SCADA communication between both entities is pretty limited regarding what functions they can use for ICS/SCADA purposes. In the power regulated network, you will find technologies that limit the communication flows between industrial control equipment. You can find firewalls that limit SCADA protocol functions (e.g., they are limited just to read, not write), you can also find technology such as data diodes that only allow one-way network traffic. Technology like this is hardly utilized in the connection between downstream natural gas providers and their transmission partners.

“We always recommend to put in security controls that limit what can be communicated between both sides. It can range from a firewall that supports industrial control system protocols that can restrict by SCADA functions. The good thing is that due to interoperability the protocol stack typically utilized between downstream and transmission partners is MODBUS which is widely supported on firewalls. To go beyond the recommended is to implement technologies like data diodes that restrict traffic from going bi-directional, and forcing it to be one way,” Chowdhury said.

“We have discovered in several of our assessments that the interconnect to third party data providers are not well secured and are also not well documented or understood by asset owners,” Cusimano said. “For example, we recently assessed a large cogen facility for one of our refining clients. The cogen facility is required to share data with their state’s independent system operator (ISO).  This was accomplished using a special server that was dual-homed between the cogen process control network and the ISO through a broadband connection. There was no firewall on the incoming broadband connection. The server was running an end-of-life operating system and hadn’t been patched since it was installed. There was a firewall between the dual-homed server and the process control network but the firewall rules were very promiscuous. The dual-homed server was installed and maintained by a local company that specialized in energy management and regulatory compliance solutions. As such, the local cogen staff and management knew very little about the server and didn’t even have login credentials (yet it was considered their asset and it was and on their network). This is why it is so important to perform detailed vulnerability and risk assessments performed by third-party assessors who will ask the right questions.”

“Critical infrastructure facilities should be on high alert that they are directly in the cross-hairs of bad actors and nation states,” said Bob Noel, director of strategic relationships at Plixer. “Legacy security approaches that have only focused on the perimeter have failed. Breaches are inevitable, so organizations must turn their focus to monitoring internal traffic and its behavior to protect themselves and the people who rely on their services.”

The electronic systems help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer said the electronic data interchange system provided by Latitude was back up and working Monday night. The business wasn’t otherwise affected, said spokeswoman Vicki Granado.

Eastern Shore Natural Gas’s Latitude system was restored on Monday as well, the company said in a notice to customers. In addition to providing Electronic Data Interchange (EDI) services, Latitude also hosts websites used by about 50 pipelines for posting notices to customers.

Look at Big Picture
It would be easy to say this was just an attack against a business network and everyone can breathe easier, but as McBride said this could have been a pivot point into a bigger and stronger type of assault.

“The broader issues is while it was not an attack on one specific gas company, it was an attack on a third party,” McBride said. “This is a reminder that cyber attacks can cause disruptions on the business side, which means all firms are subject to those attacks. They need to be vigilant, not only on the SCADA side, but also on the supporting business system. Third parties can be weak links.”

“A major problem within this industry is the lack of cybersecurity funding to secure the infrastructure,” Chowdhury said. “Unfortunately, incidents like these rattle the industry to come up with cyber-security plans to secure their environment from the worst case scenario. Groups like The American Gas Association have been working with operators to help improve the overall cybersecurity postures by implementing industry best practice. Let ‘s hope that organizations like this continue their good work, and downstream natural gas operators put the money to invest in cybersecurity.”

Wednesday, March 21, 2018 @ 12:03 PM gHale

A loud blast woke up residents in Sulphur, LA, after the Westlake Chemical facility conducted an emergency safety procedure.

The explosion was actually an emergency gas decompression at the polymers plant along Hwy 108, officials said.

Worker Search Continues after TX Chem Blast
Toxic OR Tire Fire Forces Evac
Blaze Breaks Out at CA Battery Maker
Asphalt Tank Blast, Fire in CO

The loud boom was caused by a process called “decomp” at its polymers facility, said Joe Andrepont with Westlake Chemical.

Andrepont said it’s been years since Lake Charles has had a decompression, but it happened so quickly even officials were taken by surprise. 

Andrepont said the blast was a decompression process. 

“Normally this takes from the process from a normal reaction to the completion of a fireball approximately five seconds,” he said. 

Andrepont said that’s what happened at their Polymers Unit, when a pressure inside a reactor increases to the point a safety disc breaks, allowing the ethylene gas to release and ignite – lighting up the sky, burning off in a short fire, and create a loud boom.

“Our safety devices were in place, our employees were safe, they’re accounted for and they’re okay,” Andrepont said. 

He said sound waves on the cool, clear night traveled across Southwest Louisiana and could be heard in Southeast Texas.

Andrepont said the ethylene released is burned away by the ignition.

There’s little notice when this emergency release is about to trigger, and the board operator doesn’t have time to notify everyone, he said.

“Certainly when you hear a loud boom and your windows rattle, you’re wondering what’s concerning,” he said. “You know you think of something that’s much more extreme.” 

And while Andrepont assures that everyone is safe and there is no danger to the public, he said they’ll investigate and resume things as normal soon. 

They finished their initial investigation March 15 and were back to using that part of the facility March 16. 

“We’ll install a new pressure disc back into the reactor, get everything cleaned up and then will begin the process of starting the unit back up,” he said. 

Sgt. James Anderson with Louisiana State Police confirmed there is no danger to the public.

Monday, March 12, 2018 @ 03:03 PM gHale

Flaring shown from the PBF Chalmette Refinery Saturday had residents worried there was an explosion.

While it may have seemed like a dramatic explosion from a distance, there was no real cause for alarm as flames were shooting into the sky over Chalmette, LA, Saturday night.

In reality, what people saw was a routine safety measure calling “flaring” that is designed to safely combust hydrocarbons, said a spokesperson for the PBF Chalmette Refinery.

Exxon Flaring Eyed in Scotland
Unplanned Shutdown Leads to Refinery Flare
Firefighter Injured in NJ Industrial Fire
Delaware City Refinery Fire Preventable: CSB

After the flaring started around 11:15 pm Saturday, several people posted their concerns on social media.

Refinery workers notified the appropriate officials and agencies and that everything went as planned, officials said.

Elizabeth Frost, community relations director for the refinery, apologized for the alarm the planned flaring caused Saturday night.

“We notified all the proper officials and local agencies,” Frost said. She added the refinery sent information to St. Bernard Parish Government, posted the information to their Facebook page and placed ads that ran Friday in local papers about the flaring event.

Chalmette Refinery, located outside of New Orleans, Louisiana, is a 189,000 barrel per day, dual-train coking refinery with a Nelson Complexity of 12.7 and is capable of processing both light and heavy crude oil. 

Monday, March 5, 2018 @ 02:03 PM gHale

Concerns are still bubbling to the surface in the wake of an oil spill three months ago near Onekama, MI.

Some of those concerns ended up addressed Thursday night in Manistee County, MI. It all began when Merit Energy discovered oil leaking into a wetland on 8 Mile Rd. near Onekama three months ago.

Failed Pump, Flooding Causes KY Oil Spill
High Winds Force AK Oil Spill
Oil Spill Cleanup Continues in NJ
Anadarko CO Oil Spill Cleaned Up

On Thursday, officials from the state Department of Environmental Quality (DEQ) met with the public for the first time since the incident was reported.

“There’s a lot of concerned citizens that were here and I think everybody had some very good questions,” said Don Koon, who lives next to the oil spill area.

The DEQ and the Little Manistee River Watershed Conservation Council addressed the concerned crowd that lives near the contaminated area.

“I don’t think you are monitoring wells both near and far enough,” one woman said.

“How will I know when it’s not good? Will you come around and tell me right away?” Questioned another.

About 50 barrels of oil spilled over roughly half an acre.

Senior DEQ geologist Bob Versical said the response was immediate.
“Since they initiated pumping, we had samples yesterday and we’ve seen 99.6 percent reduction in our influent pump groundwater concentrations so, again, very good progress,” Versical said.

However, he said it is slow going.

“They are pumping water out and they are running it through carbon filtration systems,” Versical said. “It’s highly-organic soil, which really binds up those petroleum compounds. It’s a degree of stickiness, if you will.”

Others worried their drinking water suffered from the spill.

“For all intents and purposes, I don’t think this is going to make it 200 feet from the release point,” Versical said. So, DEQ said that is not a concern.

Merit Energy was also reportedly invited to the meeting — but declined.

For now, the DEQ continues to monitor the area.

Thursday, March 1, 2018 @ 01:03 PM gHale

Workers start the clean up process after a pump failure combined with flooding and rain caused an oil spill in McCracken County, KY.

A pump failure combined with flooding and rain are to blame for an oil spill in McCracken County, KY, said P&L Railway officials in charge of storing the oil.

P&L has hired SWS Environmental Services to clean up a creek and a front yard on Poole Road where the oil spill occurred.

High Winds Force AK Oil Spill
Oil Spill Cleanup Continues in NJ
Anadarko CO Oil Spill Cleaned Up
Pipeline Leaks Oil into OK Pond

Heavy rain overloaded an oil container at its locomotive repair shop, company officials said. That, on top of a pump failure, caused the spill.

A large amount of oil spilled onto the ground and into the tributary of Island Creek, said a spokesperson with the Kentucky Energy and Environment Cabinet.

The company said the spillover happened early last Friday.

SWS crews were out cleaning the site Tuesday. They were scooping debris, and putting it in bags and onto the backs of trucks.

They also deployed booms, aimed at containing the oil, into the ditches along Poole Road.

“Due to the low-lying area and saturation of the ground, manual cleanup is being done to clean any damage to the creek and adjacent properties,” P&L officials said. “P&L appreciates the patience and the cooperation of affected residents as we work to complete the cleanup.”

McCracken County Emergency Management Director Jerome Mansfield had not been briefed on the spill as late as Tuesday night.

This is the officials statement from P&L:

“Paducah & Louisville Railway, Inc. has been responding to an oil release which occurred during the early morning hours of February 23, 2018. A large amount of rain and flooding inundated the oil containment system at P&L’s locomotive repair shop. This system collects and contains potential leaks from locomotives and spills from fueling or cleaning. A mechanical failure of the water pumping system compounded the issue. This large amount of water overloaded the system and resulted in a release which affected a small creek and property in the Poole Road area. Cleanup activities are still ongoing. Due to the low-lying area and saturation of the ground, manual cleanup methods are being utilized to address any damage to the creek and adjacent properties.

“P&L appreciates the patience and the cooperation of affected residents as we work to complete the cleanup.”

Tuesday, February 20, 2018 @ 03:02 PM gHale

Trinity Highway Products’ Orangeburg, SC, plant was damaged when an acid explosion caused a fire Sunday night. There were no reports of injuries.

Workers mixing acid caused an explosion and fire at the Trinity Highway Products plant Sunday night.

The top of the structure was ablaze at 8:20 p.m. when firefighters arrived at 600 Prosperity Drive in the Orangeburg County, SC, Industrial Park.

IA Fire Fatalities Investigation Closes
Medical Device Maker Saved by Sprinklers
UT Warehouse ‘A Total Loss’ after Blaze
Fire Out at OR Powdercoating Maker

“We had to hit it quick or we were going to lose it,” said Orangeburg Department of Public Safety Lt. Anthony Robinson.

It took almost two hours before the firefighters were able to extinguish the blaze. They used foam to fight the fire.

As a precaution, officials evacuated local plants within a half-mile radius of Trinity Highway Products during the fire.

No one was injured in the incident.

On the positive side, Robinson said the building is not a total loss. However, there was significant damage.

“Only one employee was on site at the time,” said Trinity Highway Products spokesman Jack Todd. “The cause of the fire is under investigation.”

The fire occurred when, “(workers) were mixing something and something exploded,” Robinson said.

“There were two big vats full of acid and some water,” Robinson said.

Firefighters responded to the scene from the Orangeburg County Fire District and the Rowesville, Cattle Creek, Jamison, Branchville and Canaan fire departments.

In addition, the Orangeburg County Office of Emergency Services and Orangeburg County Emergency Medical Services responded.

Hazardous materials teams from Orangeburg County and the SC Department of Health and Environmental Control inspected the area to ensure the acid and any other chemicals were contained to the site of the fire.

HazMat crews also conducted air surveys.

“Nothing actively was released other than the smoke,” Robinson said.

The Orangeburg facility employs 56 people making highway guardrails and component parts, plus safety end treatments, according to the Orangeburg County Development Commission website.

Trinity Highway Products LLC., headquartered in Dallas, TX, is a manufacturer of highway guardrails, guardrail end treatments, temporary and permanent crash cushions, truck-mounted attenuators and cable barrier systems.

Monday, February 12, 2018 @ 09:02 AM gHale

By Gregory Hale
It is so easy to point fingers. “You did it, no, you did it.” “Someone else did it, not me.”

Looking at the attack on Schneider Electric’s Triconex safety system that occurred last August but was just revealed in December, it would be very easy to point a finger at the end user, or at the supplier, or the integrator. In reality, though, the finger needs to point directly at the manufacturing automation industry. The entire industry.

Detecting Moves Leading to Attack
S4: Safety System Attack Details
S4: Open-Minded Security? Just Try
Safety System, DCS Attacked

In that August attack, a Middle East critical infrastructure user suffered a shutdown of its facility and the controllers of a targeted Triconex safety system failed safe. During an initial investigation security professionals noticed there were some suspicious things going on and that is when they found the malware. The safety instrumented system (SIS) engineering workstation was compromised and had the Triton (also called Trisis and HatMan) malware deployed on it. The distributed control system (DCS) was also compromised. It is possible to envision an attack where the bad guy had the ability to manipulate the DCS while reprogramming the SIS controllers.

You can’t walk away from this. Forget that a safety system was attacked. This was a potential cyberattack that meant harm. In this day of heightened awareness of cybersecurity issues, it really looks like the industry was asleep at the wheel on this.

It appears, through reading reports and talking to informed sources, this was a very preventable attack. With malware sitting on the system for a long period of time, users, suppliers, integrators, executives, engineers, operators, in short, everyone, needed to know security, like safety, is everybody’ business.

Security Leads to Safety
Applying a contemporary case in point toward a security and safety incident, the law requires an auto manufacturer to build a car with safety belts, but to get the most benefit the driver and passengers have to use them. By wearing that safety belt, you are protecting yourself and are about 90 percent protected. In most cases, that is more than enough to get you through the day.

But what happens in a terrorist environment? How safe is that car if a terrorist pulls up next to you? In that case, software and technology may not be the answer. People must remain aware of the environment and act accordingly. Are you aware of your surroundings? Do you understand the context of the area you are traveling through?

The industry needs to understand and come to grips with that type of context because the open architecture, fully connected world we work in, can be a very lucrative, fast-paced environment, but also a very dangerous place.

Domino Affect
This assault on a safety system, had all the markings of a perfect storm, with a physical attack, on top of a cyber incident.

This was not a fly by night operation, this was a targeted attack going for a specific Triconex system and version, which means the attackers had knowledge of the industrial control environment. Just look at the capability of the attacks that have taken place over the past few years. This isn’t about competition, it is about protecting users from cyber assaults. Let’s face it, no one person, company or organization, can tackle this issue alone.

The industry needs an agnostic supplier/end user/integrator-based forum, or consortium, to come together, not to create a standard, which would take way too much time, but to understand the intensity of the threat and then help create a culture where everyone knows security is a part of his or her everyday job.

Positive from Negative
Covering the safety and security industry specifically for almost eight years has shown people will end up activated and motivated when a negative act occurs. The refrain repeatedly heard was the industry will become more security conscious if something bad happens. They would say safety didn’t really come into full play until the December, 1984, Bhopal, India, incident that left 3,787 dead and well over 500,000 injured.

Then, and only then, safety was front and center for the industry and it became a strong focus for all manufacturers.

This cyber attack on the Middle East user, while thwarted by the safety system, was not an exercise. Ill intent was intended. The safety system and the distributed control system suffered compromise. Both systems; both compromised.

It would be easy to say the safety system did its job, no big deal, let’s move on with producing product. The problem is, this attack was a big deal.

This was an unprecedented incident. Normally, when an attack happens, there is a vast silence. The discussion needs to change to saying something happened, let’s scream from the mountain top and let everyone know. These geo-political attacks using ICS infrastructure will continue. In this case, much like Stuxnet was not a Siemens issue, this was not a Schneider Electric problem, it was (and is) an industry problem.

We need a holistic look at security to protect all vendors of systems at a facility and we need an open conversation, not giving away proprietary details, but understanding the importance and ensuring a safe and secure manufacturing experience.

Let’s get started.
Gregory Hale is the Editor/Founder of Industrial Safety and Security Source (

Thursday, February 8, 2018 @ 03:02 PM gHale

A fire sprinkler system minimized damage to medical device maker in Santa Ana, CA, after a fire of unknown origin broke out Sunday night, fire officials said.

“It’s a great example of fire sprinklers doing their job,” said Capt. Larry Kurtz, spokesman for the Orange County Fire Authority. “This could have been a much bigger problem.”

UT Warehouse ‘A Total Loss’ after Blaze
Fire Out at OR Powdercoating Maker
Ruptured CO2 Pipe Caused Blast
Chemical Mix Causes Fire in CA

The fire was reported at Orchid Orthopedics in the 3200 block of West Harvard Street after an automatic alarm sounded, Kurtz said. Four employees got out of the building safely, and the fire sprinklers kept the fire in check until firefighters from OCFA and Fountain Valley Fire Department arrived, officials said.

Thirty-two firefighters responded to the alarm, including a hazardous-materials team sent inside to check the premises for chemicals and see if there was any spillage, Kurtz said.

There were no injuries in the incident, Kurtz said. The business, which makes orthopedic implants, sustained smoke damage, minor damage to equipment and minor damage to the building, he said.

The cause of the fire was under investigation.