A faulty piece of equipment was the cause of an explosion that killed one and injured three at a Pasadena, TX, chemical plant, according to a report from the Harris County Fire Marshal’s office.
The plant, owned by PeroxyChem, would not provide updates about the accident that occurred Jan. 16.
The fire marshal’s incident report said a piece of equipment blew off a vacuum truck during the Jan. 16 accident at the Pasadena plant of the Philadelphia-based company.
PeroxyChem officials said at a La Porte citizens advisory committee meeting Tuesday night an “active investigation” was ongoing and they could not take any questions about the incident or the investigation.
Pasadena fire officials said in the incident report the piece of equipment — originally attached to the vacuum truck — “suffered some sort of failure and blew off.”
The report does not detail what the equipment was or how it blew off the truck.
The explosion killed 63-year-old Rickey Giddens, who worked at several plants in the area as a contractor for Evergreen Industrial Services. He operated vacuum trucks, his family said. Evergreen owned the vacuum truck, according to the fire marshal’s report.
The report also said 1,000 gallons of a chemical called “Process Work Solution” spilled because of the explosion, though it does not elaborate on what chemicals make up the solution.
PeroxyChem’s Pasadena plant manufactures hydrogen peroxide, a common household item used as an antiseptic. At high concentrations, it can cause serious burns and explode if heated.
A Texas Commission on Environmental Quality spokeswoman had previously said the state agency is investigating the spill of a peroxide-and-oil mixture in connection with the incident.
The explosion was at least the 10th such incident in the greater Houston region since a toxic leak at the DuPont plant in La Porte in November 2014 killed four workers.
Since then, at least two people have been killed and 18 injured amid explosions, fires and chemical leaks.
PeroxyChem employs about 600 people worldwide, with facilities in North and South America, Asia, and Europe, according to its 2014 annual report.
The fire marshal’s report said emergency responders decontaminated the three injured workers before they went to the hospital, though it does not specify what they were contaminated with. Giddens’ body was also decontaminated.
Fire officials found no “active leaks” during the initial investigation, according to the incident report.
A jarring video released describing the details behind the powerful blast and ensuing fire that claimed the lives of 15 people and injured 260 in West, TX, in April, 2013.
The U.S. Chemical Safety Board (CSB) released the safety video on the deadly fire and explosion that occurred when about 30 tons of fertilizer grade ammonium nitrate (FGAN) exploded after being heated by a fire at the West Fertilizer Company storage and distribution facility.
The CSB’s 12-minute safety video entitled, “Dangerously Close: Explosion in West, Texas,” includes a 3D animation of the fire and explosion as well as interviews with CSB investigators and Chairperson Vanessa Allen Sutherland.
“This tragic accident should not have happened,” Sutherland said. “We hope that this video, by sharing lessons learned from our West Fertilizer Company investigation, will help raise awareness of the hazards of fertilizer grade ammonium nitrate so that a similar accident can be avoided in the future.”
The CSB’s investigation found several factors contributed to the severity of the explosion, including poor hazard awareness and fact nearby homes and business were built in close proximity to the West Fertilizer Company over the years prior to the accident. The video explains there was a stockpile of 40 to 60 tons of ammonium nitrate stored at the facility in plywood bins on the night of the explosion. And although FGAN is stable under normal conditions, it can violently detonate when exposed to contaminants in a fire.
“We found that as the city of West crept closer and closer to the facility, the surrounding community was not made aware of the serious explosion hazard in their midst,” said Investigation Lead Johnnie Banks. “And the West Fertilizer Company underestimated the danger of storing fertilizer grade ammonium nitrate in ordinary combustible structures.”
The CSB investigation concluded this lack of awareness was due to several factors, including gaps in federal regulatory coverage of ammonium nitrate storage facilities. The video details safety recommendations made to the Occupational Safety and Health Administration (OSHA) and the Environmental Protection Agency (EPA) to strengthen their regulations to protect the public from hazards posed by FGAN.
The video also explains how inadequate emergency planning contributed to the tragic accident. The CSB found there was no requirement for the West Volunteer Fire Department to perform pre-incident planning for an ammonium nitrate-related emergency, nor were the volunteer firefighters required to attend training on responding to fires involving hazardous chemicals. As a result, the CSB made several safety recommendations to various stakeholders, including the EPA, to better inform and train emergency responders on the hazards of FGAN and other hazardous chemicals.
“The CSB’s goal is to ensure that no one else be killed or injured due to a lack of awareness of hazardous chemicals in their communities,” Sutherland said. “If adopted, the Board’s recommendations can help prevent disasters like the one in West, Texas.”
Click here to download the video.
Almost 600 gallons of a sodium hydroxide, or lye, solution spilled from the Savage Safe Handling facility in Auburn, ME, into surrounding wetlands Friday night, officials said.
Auburn firefighters got the call to the 200-acre rail yard and manufacturing site at 5 p.m. to assess the spill, Battalion Chief Scott Hunter said.
“Originally, [the sodium hydroxide] had gone into a container on a rail car, where there’s a pit that, should that happen, it should contain it, but the plug to seal that container off was not in place, and it did drain from that pit into a wetland area,” Hunter said.
Sodium hydroxide, also known as lye or caustic soda, can cause burns to eyes, skin and the respiratory system, according to the U.S. Centers for Disease Control.
“It’s very corrosive,” Hunter said. “If it gets on you, it will eat your flesh off … They do have quite a few chemicals out there that are really bad. Fortunately, this one, as long as you don’t touch it, is fairly safe.”
The spill ended up confined to a wetland area, and firefighters controlled access to that area to prevent any injuries from happening.
David Madore, spokesman for the Maine Department of Environmental Protection (DEP), said the 50 percent sodium hydroxide solution ended up “neutralized” with muriatic acid, and DEP would return to the spill site for follow-up work and additional monitoring.
EDITOR’S NOTE: This is the first in a series of stories looking forward to the new year and beyond for safety and security in the manufacturing automation sector. This week, ISSSource looks at security, next week safety.
By Gregory Hale
The fear of security can be a painful experience. Now it is time to finally ease that pain.
Last year clearly was the year of stronger awareness. While the security world became aware of the threat a long time ago, a general understanding of the potential for attack from the rank and file and from the executive suite became abundantly clear over the past 365 days.
Awareness, however, does not always mean action. This coming year has the potential to see more knee-jerk reactions to security incidents that battle weary security veterans will continue to ward off. But it doesn’t have to be that way. These ICS security professionals will continue to stress the importance of building a solid security program.
Much to the chagrin of experts analyzing the industry, users think of security purely as a technology issue, and it is to a certain degree. But it is so much more. The idea of people, process and technology truly comes into play.
People continue to be the weakest link in security, but have the potential to be the strongest asset. But for that to happen manufacturers have to train and force workers to think of security much like safety.
That scenario leads to creating a security process that leans on the various security standards out in the industry like IEC 62443. Manufacturers need to focus on making sure everyone remains vigilant and on top of their games at all times.
Obviously, there is solid technology out there that can reduce any kind of attack, but providers need to understand what they need to protect and then apply the proper technology. Users cannot just throw technology at the problem and expect results. There needs to be a well thought out plan that can’t take on the enormity of the issue all at once, but rather tackle the problem on a project by project basis that keeps growing.
Safety AND Security
During this past year more manufacturing automation professionals understood the idea that safety and security do play hand-in-hand. While some principals do differ, the idea of understanding risk and mitigating that risk are the same.
Differences come into play when you look at the constant change evolving in security where countermeasures need to change almost on a daily basis, which flies in the face of the set and forget mentality that prevails in the industry. Add on top of that, the maturity level on the security front is not as evident as it is for safety.
On the other hand, safety has well-defined standards and practices where safety professionals have a greater degree of confidence the system as it stands should provide a degree of safety for the process and the facility. Safety and security need to provide a united front where one area can learn and share expertise from the other.
As mentioned, security does fly in the face of conventional thinking. That only makes sense. Bad guys don’t live by the rules, where as manufacturing automation professionals live by rules or standards. What worked yesterday will surely work today and tomorrow. That thinking has to change.
That all means understanding the system and knowing when things are out of whack and not looking right remains a key factor moving forward. With the potential for advanced persistent threats (APT) infiltrating systems and taking up residence for a period of time to learn the ins and outs of a system, knowing the system and understanding what should and should not be going on is vital. That is where one technology, application whitelisting, can really pay dividends. Application whitelisting permits the execution of explicitly allowed (or whitelisted) software and blocks execution of everything else. This eliminates the execution of unknown programs, including malware.
One challenge when using application whitelisting in business networks is managing the constantly changing list of allowed applications. That burden reduces in control systems environments, because the set of applications that run in those systems is essentially static.
Yes, whitelisting is not the only answer, but it is one solution to add to the arsenal needed to boost protection.
Experts See ‘More of the Same’
By Gregory Hale
When you hear the phrase “more of the same” it can connote the “same old thing,” which can conjure up thoughts of boring, or rote kinds of security.
But to security expert Eric Byres, as he adroitly points out, “more of the same” means much, much more.
“I think 2016 will bring us ‘more of the same’ with a big emphasis on ‘More.’ More publicly disclosed vulnerabilities, more published ICS exploits, more sophisticated attacks directed at control systems, more insecure IP devices connected to the control network, more interconnections from the outside world to the control system and of course, more hand wringing and gnashing of teeth about the sad state of the industry,” Byres said.
Byres is not the only expert to feel that way.
“I believe that 2016 will continue the trend of attacks against automation and control infrastructure,” said Joel Langill, operational security professional and founder of SCADAhacker.com. “Events that have occurred over the past 3-5 years have shown the sophistication of these attacks is increasing, indicating the opponent is gaining more industry- and system-specific knowledge. My observations and analysis show more and more of these attacks will succeed due to the lack of a cyber security program based on operational security principles. The influx of organizations into the industrial sector that lack these OpSec principles has caused many organizations to focus too much of their attention and budgets to externally-originated threats leaving them extremely vulnerable to numerous inside vectors.”
Click here for more
Building Security from Within
In keeping with the changing mindset refrain, security needs to focus on protecting from within compared to ensuring a hardened perimeter. The concept of the hard exterior worked years ago, but as the industry learned from Stuxnet, if someone wants to get into a system, it doesn’t matter if they have a hardened perimeter or an air gap, they will get in.
That means conducting a true system assessment becomes paramount to understanding what and where you have to protect. After all, you cannot design in security until you know what it is you are protecting. Documenting what users have installed is vital because they often don’t even know what they have on their systems. That can lead to building in zones and conduits, which can break the system down and partition it. It is then possible to do a risk assessment on each individual zone.
Threats: Inside, Outside
Using the zones and conduits model also shows it doesn’t really matter if the attack is coming from the outside or the inside. The idea is locating the attack and mitigating it within the partitioned zone.
One misconception that ended up debunked over 2015 is more threats come from the outside. It became clear the inside threat was much more prevalent and caused much more discord for manufacturers.
The insider threat has become so much of a problem the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center created a guide to help organizations guard against malicious insider activity.
The guide – “Combating the Insider Threat” – includes an expansive list of behavioral characteristics of insiders that could become a threat to the integrity of networks and information security.
Here’s what to watch out for: Introverts, greed or financial need, compulsive behavior, reduced loyalty, a penchant for minimizing one’s mistakes or faults, intolerance to criticism, moral flexibility, a lack of empathy and a pattern of frustration or disappointment.
An insider threat is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally misused that access to negatively affect the confidentiality, integrity, or availability of the organization’s information or information systems.
Like it or not, IT and OT need to work closer to ensure a secure enterprise and plant floor. IT has been in the security game quite a bit longer than the plant floor so understanding them and correctly applying their knowledge is important. On the flip side of the coin, IT has to understand what the plant floor is all about and keeping the system up and running is job one.
There are two sides to the firewall, which means IT operates on one side and OT the other. That does not mean the two sides are individual islands, it just means their expertise is predominant on the individual areas. Stronger emphasis on communications, and understanding the true end result of keeping the system up and running and producing product, remains vital moving forward.
IIoT Increases Attack Vector
The IT/OT convergence also plays into the increase in connectivity moving forward. So when you talk about increased connectivity, the phrase Industrial Internet of Things (IIoT) comes leaping forward.
While IIoT is the marketing phrase right now, whatever its moniker, the idea of increased connectivity is here to stay and has the potential to wreck havoc on the entire enterprise from the business side to the manufacturing front. The increase in potential attack vectors just ratchets up many times over.
Greater connectivity means more knowledge which means increased opportunities and it all revolves around security. It also means security needs to have a stronger presence than it currently has.
While the industry talks about IIoT, few have really moved forward on how they could reap the benefits. The good part is the movement is going to happen and if the manufacturer is smart, it can incorporate security in from the beginning.
Experts have said the impact from IoT, which is IIoT’s big brother, could reach over $11 trillion by 2025. The following are five steps that could lead to a security IIoT implementation:
3. Proper design
When it comes to the assess stage, users must know what they have, where it is, what it does and who owns and manages it.
In the mitigate/update stage, users should make Ethernet their foundation.
In creating the proper design, end users need to focus on the network and create a zones and conduit segmentation model.
In the protection stage there are internal and external risks, which means there should be overlapping security.
The fifth stage talks about monitoring the network, which means users need to make a plan that calls for regular maintenance, constantly monitoring the network, system failure alerts and establish response protocols.
Cloud usage is continuing its growth curve, but that doesn’t mean there are not growing pains in the process.
Critical applications like collaboration, storage, CRM and ERP are moving to the cloud. This means the critical mass of corporate data will eventually migrate to the cloud.
The cloud offers numerous benefits, but fears of a not so secure cloud are keeping company leaders up at night because they have major IP they could lose if there is a breach.
The growth of the cloud and the corresponding expansion of the perimeter create a huge challenge for IT professionals looking to protect their enterprises from emerging attacks. An analysis of what data is truly important, added to an increase in user education and empowerment, will ensure security can keep up with the tremendous growth of the cloud.
Cyber risk is a major and fast-increasing threat to businesses with cyber crime alone costing the global economy $445 billion a year, with the world’s largest 10 economies accounting for half this total, one report said.
Almost 15 years ago, cyber attacks were fairly rudimentary and typically the work of hacktivists, but with increasing interconnectivity, globalization and the commercialization of cyber crime there has been an increase in frequency and severity of cyber attacks.
Cyber insurance is no replacement for robust security but it creates a second line of defense to mitigate cyber incidents.
Increasing awareness of cyber exposures as well as regulatory change will propel the growth of cyber insurance. With fewer than 10 percent of companies currently purchasing cyber policies, one forecast is calling for cyber insurance premiums to grow globally from $2 billion per year today to over $20 billion over the next decade.
To show the growth of costs, with an increase of attacks on U.S. companies over the past two years, insurers are now hiking cyber premiums.
While the issue crosses industry borders, the manufacturing automation sector has been keeping an eye on the topic for years. On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million. While that number may seem large, that actually could leave companies exposed to the huge costs an attack could incur.
One of the challenges for insurers has always been to identify the scope of potential financial liabilities when it comes to a data breach. Much of that has been because of a lack of information to understand the potential financial impact of a breach. However, with the rise in breaches, insurers have data they need to assess risk and the results are staggering.
That means insurers see the financial risks of a breach go beyond initial clean up. The price of cyber coverage, which helps cover costs like forensic investigations, credit monitoring, legal fees and settlements, varies widely, depending on the strength of a company’s security.
The issue of Baby Boomers getting ready to leave the industry has been a topic of concern for years, but the exodus is continuing and the remedy put forth by most manufacturers has been ad hoc at best.
One thing that will help is to have more automation to replace empty seats, but it also helps to standardize and make sure everyone has training and understands standard operating procedures.
With Boomers retiring and taking their knowledge with them, that could hurt, but with younger more computer-savvy engineers coming in, there could be a boost in the initial understanding of the importance of thinking about security.
To say security in the manufacturing automation sector is top of mind for company leaders is an understatement, the catch is for the companies, big, medium or small, to start moving forward with a plan, which can cut down on any pain from an attack.
Gregory Hale is the Editor and Founder of Industrial Safety and Security Source (isssource.com).
Indian Point’s Unit 3 reactor resumed operation Thursday morning, company officials said.
The unit, one of two reactors at the Buchanan, NY, nuclear power plant, shut down last Monday night after its main power generator sensed an electrical disturbance in transmission lines which connect the plant to the external power grid. There was no release of radioactivity because of the incident.
Workers replaced several electrical insulators on a high-voltage transmission line before returning Unit 3 to service, said Jerry Nappi, spokesman for Indian Point owner Entergy.
Engineers will examine the insulators removed from the transmission lines to help determine the cause of the issue that led the reactor to automatically shut down, Nappi said.
The shutdown came days after the Unit 2 reactor’s three-day shutdown caused by a tripped circuit breaker.
Because of the number of recent unplanned shutdowns, Unit 3 would require increased oversight by the U.S. Nuclear Regulatory Commission, although the determination won’t be made until early next year, said NRC Spokesman, Neil Sheehan.
Gov. Andrew Cuomo on Wednesday ordered a broad state investigation into the Indian Point Energy Center’s operations, raising concerns about a series of unplanned shutdowns in recent years.
Both of the plant’s reactors are now operating past the end of their original 40-year licensing period. Entergy is seeking to relicense their operations, while Cuomo and others are pushing to shut down the plant.
For employees working with hazardous substances, an oversight can be disastrous, which was an unfortunate lesson learned by six Florida workers at a Blue Rhino propane tank refurbishing facility in Taveras who were injured during a fire.
As night-shift workers prepared tanks for paint removal in a storage yard on July 29, 2013, a worker called in a forklift to move some tanks. The forklift was not explosion-proof, so it created a spark that ignited propane vapor and nearly 600,000 pounds of propane. A fireball swept through the storage facility, injuring six workers and severely burning four.
Ferrellgas LP, doing business as Blue Rhino, and the Occupational Safety and Health Administration (OSHA) signed a settlement agreement Dec. 7 that resulted in the affirmation of nine serious and six other-than-serious citations.
Blue Rhino agreed to pay penalties totaling $52,000. Additionally, the agreement requires Blue Rhino to complete the abatement of all hazards within 60 days of signing the settlement.
“This settlement is an important step toward protecting these workers and ensuring that all employers are monitoring and removing hazards from the workplace,” said Kurt Petermeyer, OSHA’s regional administrator in the Southeast.
OSHA investigators found Blue Rhino failed to use an explosion-proof forklift in an area where employees were actively venting propane from tanks; failed to follow process safety management standards for the individual propane tanks amassed in the storage yard; failed to provide process safety management training for employees on propane hazard alarms; and failed to ensure workers used personal protective equipment.
Blue Rhino distributes propane at 875 U.S. locations. The company also designs and markets barbecue grills, outdoor heaters, mosquito traps and outdoor appliances. Founded in 1939 and based in Overland Park, Kansas, Blue Rhino is a subsidiary of Ferrellgas Partners LP.
BASF workers put out a fire that broke out last Wednesday night inside a building at the company’s chemical facility in Forward Township, PA.
Several local fire departments got the call just after 8:40 p.m. but BASF Corp.’s on-site emergency response team handled the blaze.
There were no injuries and no chemical release as a result of the fire, officials said.
The fire posed no risk to the community at any point, said Steve Bicehouse, director of Butler County emergency services.
“Nothing was deemed a health hazard,” he said.
Dennis Kimmel, BASF’s emergency response coordinator declined to comment on the incident. He referred questions to Debra Mastrostefano, an engineering manager and member of the crisis management team at the company. Mastrostefano did not immediately return a telephone call.
A 911 caller reported the fire and described seeing flames from one of the buildings in the middle (of the facility), according to a dispatcher.
Volunteer fire crews remained in the parking lot while the BASF response team battle the blaze internally, authorities said.
“There was definitely something on fire,” said Neal Nanna, chief of the Harmony Fire District. “Flames were visible on the roof line.”
The fire, he said, was coming from a large metal pole building, one of several that sits on the vast BASF complex.
The volunteer fire crews got the word to clear out at 10:10 p.m.
Bicehouse, who admitted he did not know what kind of chemicals were in storage at the facility, said Kimmel would get back to him with more information, including what started the fire.
According to the company’s website, there are four plants at the facility. Among the chemicals are boron compounds used in the manufacturing process of pharmaceuticals for various therapies such as hypertension, high cholesterol and depression.
Other chemicals include potassium metal and sodium-potassium alloy, ultimately used in other industries such as detergents and agrochemicals; and potassium superoxide used mainly as an oxygen source in personal safety equipment such as self-contained breathing apparatuses.
Two workers suffered minor injuries and over 250 oil workers escaped a gas refinery Thursday morning after an explosion rocked the Anadarko facility near Orla, TX.
The blast forced safety workers to evacuate people from a 10-mile radius. The black plume of smoke from the refinery was visible from as far away as the Guadalupe Mountains and the explosion could be felt 25 miles away.
The fire broke out about 9 a.m. at the Ramsey Natural Gas Processing Plant near Orla. Western Gas Partners owns the plant, operated by Anadarko Petroleum Corporation.
John Christiansen, Anadarko Petroleum Corporation vice president of corporate communications, said the fire was still burning into the night, but had diminished and had been contained to one area of the plant. Emergency scanner traffic indicated firefighters would stay at the site overnight to ensure any remaining fire burned safely.
A damage estimate was not available. It is unknown when the plant will resume full operation.
Christiansen said he cannot confirm the cause of the explosion or any events surrounding it until Anadarko investigators arrive on site.
Midland TV station KWES reported several safety violations ended up discovered during a planned inspection by the Occupational Safety and Health Administration (OSHA).
The OSHA inspection resulted in five violations and the company also ended up cited for issues related to how they handled highly hazardous chemicals.
The more than 250 workers were in the area at the time of the explosion. They all evacuated by bus to Carlsbad’s Walter Gerrells Performing Arts Center. Workers in nearby areas also ended up evacuated.
Christiansen said they have confirmed two minor injuries from the incident, however, Capt. Lance Bateman with the New Mexico State Police said he heard reports that four people had minor injuries.
Reports came in residents could hear the explosion up to 25 miles away. Witnesses closer to the plant said they could feel its impact.
Reeves County Sheriff Art Granado said their department was scrambling to get details after the explosion. “It’s been crazy,” Granado said. “People heard it 25 miles out. It was a big boom.”
Other officers on scene with the Texas State Police said they could see the fire’s flames from the Guadalupe Mountains.
As a precautionary measure, officials closed U.S. Highway 285 northbound and southbound toward the area of the explosion for several hours.
Additional county roads in Reeves County also closed in the surrounding area.
Workers also shut off surrounding high pressure gas lines going in and out of the plant, so the pressure build-up would decrease and to prevent a secondary explosion from happening.
Capt. Alan Griffith with the Eddy County Sheriff’s Office said that he had sent out his sergeant and three deputies to assist Reeves County with the incident.
“My deputies said it was a big fire and that there was a lot of smoke,” Griffith said. “We assisted the Texas Department of Public Safety and the state police with evacuating people and traffic control.”
The New Mexico State Police, the Texas State Police and the New Mexico Department of Transportation were also at the scene, and multiple fire departments, including Otis Volunteer Fire Department and the Carlsbad Fire Department were assisting with the fire.
Christiansen also said the company was appreciative of the quick and comprehensive respond of local sheriff’s office and fire departments.
“(We are) thankful that all of our workers are safe and accounted for,” he said. “We will provide additional information as appropriate.”
Until a full assessment of the plant’s damage can happen, the plant will not be able to resume operations.
A valve left open spilled over 20,000 gallons of liquid methanol in the 1000 block of South Front Street in Wilmington, NC, Sunday night.
A caller reported the spill at 10:08 p.m. near the Colonial Terminals Company, according to a fire dispatcher.
Chief David Hines with the Wilmington Fire Department said a ship was pumping methanol into a Colonial Terminal tank. A valve mistakenly ended up left open which caused the tank to overfill and spill onto the property.
The liquid methanol remained contained on the property of Colonial Terminal due to berms located on site. In addition, fire crews sprayed 20,000 gallons of foam to blanket and suppress unsafe vapors.
Fire crews were on scene until 9 a.m. Monday monitoring the liquid methanol to make sure no unsafe vapors released.
Hines said there was no need to evacuate residents.
The Wilmington Fire Department reopened South Front Street and the Front Street off-ramp on the Cape Fear Memorial Bridge at 9 a.m. Monday.