Saturday, August 1, 2015

Significant Changes in Chlorine Dispersion Models

As I mentioned on Thursday the Chlorine Institute has published an updated version (Edition 6) of their Pamphlet 74. That pamphlet used to be titled “Guidance on Complying with EPA Requirements Under the Clean Air Act by Estimating the Area Affected by a Chlorine Release”. The new version removes reference to the EPA and is more simply called the “Guidance on Estimating the Area Affected by a Chlorine Release”. This reflects the more widespread use of the modeling data.

I do not have a copy of Edition 5 of this pamphlet, but I do have Edition 4 that I have used for a reference in a number of blog posts on chlorine releases that I have done over the years. So I am going to be comparing the downwind hazard predictions from these two versions of the Pamphlet.


Chlorine is a very common hazardous material and it is widely used in this country. It is certainly the largest volume toxic inhalation hazard (TIH) chemical shipped in the United States. It is typically shipped in the following types of containers:

150-lb. Cylinder;
1-Ton Container;
17-Ton Tank Truck Trailer; and
90-Ton Rail Tank Car

Chlorine is used as a disinfectant for water treatment and waste water treatment facilities. It is also used in the manufacture of a large number of industrial chemicals and pharmaceuticals. It is generally produced via the electrical disassociation of common salt, NaCl; producing both chlorine (Cl2) and caustic soda (NaOH). A less common, but still important, source of chlorine is as a byproduct of the production of magnesium from natural ores.

Chlorine gas was used as the first modern chemical weapon in World War I. The CDC reports that the immediately dangerous to life and health (IDLH) concentration of chlorine gas is 10 ppm while reporting that lethal effects have been seen at 34 to 51 ppm when exposed for over an hour. The OSHA personal exposure limit is 1 ppm with a short term exposure limit of 3 ppm.

The Chlorine Institute has been using the values of 3 ppm and 20 ppm as their standards for downwind exposure reporting in Pamphlet 74. In a release scenario exposure levels at less than 3 ppm are considered to be relatively safe in the short term. Exposures between 3 and 20 ppm will have some immediate medical effects that will probably require medical attention, but will probably still allow an otherwise uninjured person to self-evacuate from the affected area. Exposures over 20 ppm will almost certainly cause immediate health effects of a severity that would stop a person from self-evacuating from the affected area and may result in death.

Worst Case Scenarios
The table below describes the worst case scenario reporting from both versions of Pamphlet 74 and the RMP*Comp tool used to report downwind distance of concern for both the EPA Risk Management Program (RMP) and the DHS Chemical Facility Anti-Terrorism Standards (CFATS) program. All distances have been converted to feet.

Pamphlet 74 – Ed 6
Pamphlet 74 – Ed 4
20 ppm
3 ppm
20 ppm
3 ppm
.0087 ppm
150 lbs
1 ton
17 ton
90 ton

This obviously marks a serious departure from the previous guidance on downwind hazards from chlorine gas releases. According to both publications (pgs 16-17 in both Editions) the following conditions of the release are the same in both studies:

• The ambient relative humidity is 50%
• The ambient temperature is 77°F (25°C)
• Liquid chlorine is at 77°F and 100 psig before the release
• Surface roughness is 3.94 inches (0.1 meters). Such a surface roughness corresponds to a relatively flat, grassy, rural setting. A release in hilly terrain, forested area, and urban environment or over water may have significantly different terrain results.
• The wind speed is 3.36 miles/hour (1.5 meters/sec). The reference height for measuring the wind speed is 32.8 feet (10 meters).
• The contents of the container are released instantaneously and evaporated at a constant rate over a ten-minute period
• The atmospheric stability is class F (night, < 50% cloud cover)
• The release occurs at ground level
• Solar radiation is assumed at 0 Btu/hr/ft2
• Averaging time is 10 minutes
• Receptor height is 0 feet (ground level)

Modeling Differences

What is clearly different is that the two Editions are reporting results from different dispersion models. Edition 4 uses TRACE 8.0 developed by Safer Systems, Inc. Edition 6 uses Hazard Prediction and Analysis Capability (HPAC) 5.0 developed by DOD’s Defense Threat Reduction Agency (DTRA). There is a brief discussion about the model used in each report as the first appendix. What is missing, however, is any discussion in the latest edition about why the model changes were made and how that impacted the huge change in predictions reported.

What is mentioned in the press release announcing the latest version of the Pamphlet is that it “incorporates information obtained from the DHS ‘Jack Rabbit I’ chlorine release field tests”. I think that it would be safe to assume that TSA did not run tests meeting exactly the conditions specified in the report. I have not seen the final report on the Jack Rabbit I trails (and I suspect it is classified and thus I will never see it), but with only a total of ten releases split between chlorine and anhydrous ammonia, I would expect that the researchers would have varied the environmental situation as much as possible to obtain the type of results necessary to develop a robust model.

Without a robust discussion about the differences in the two models used to report the data in these two different editions of Pamphlet 74, it is hard to make a judgement as to which is the more appropriate model upon which to base regulatory and emergency response decisions. And make no mistake, with the wide discrepancy between the two sets of predictions provided in the two versions of the Chlorine Institute report, it is absolutely assured that that the manufacturers and users of chlorine will press for changes in safety and security regulations to reduce their costs of operations. And just as surely they will be vocally and vigorously opposed by any number of environmental activists.

Modeling Problems

I have discussed the modeling problems associated with chlorine dispersion modeling in a couple of earlier blogs. Back in March of 2010 I reported on the exposure estimates from Edition 4 of Pamphlet 74; saying:

“Looking at the charts on pages 24 and 25 of Pamphlet 74 it looks like anyone inadequately protected in the cloud for up to a couple of miles away from the catastrophic release from a full railcar is at serious risk of being killed by the cloud. Inadequate protection in the cloud at distances of up to 15 miles from the release could have very serious medical consequences.”

In my blog post on what we now know as the start of the Jack Rabbit Project I noted that:

“It seems that the chlorine cloud from the two most recent catastrophic releases [Graniteville, SC and Macdona, TX] of chlorine from rail cars did not come anywhere near following the dispersion model for the release. TSA is initiating a two phase study of chlorine gas dispersion to clarify these discrepancies.”

Based upon the observed chlorine dispersions seen in these two accidents, it would seem obvious that the model used in the 4th Edition of Pamphlet 74 is more than a little exaggerative in it prediction of downwind areas of concern. And that, of course, was the reason for initiating the Jack Rabbit project in the first place. It would be interesting to see if anyone has gone back and used the observed data from those two real-world incidents to see how well the new model used in Edition 6 fits the observed conditions.

Of course, I would be very surprised if any reasonable model could accurately predict the dispersion cloud in a real incident. There are just too many variables that would affect both the macro and micro dispersion effects of the cloud. I discussed some of these in an earlier blog post.

The Use of the Dispersion Model

Practically speaking we do not need for an absolutely accurate prediction of gas cloud dispersions patterns. What we need is something that will allow facility safety personnel or emergency response personnel (depending on where the release takes place) to develop an initial plan for responding to a catastrophic chlorine release. With that in mind it would seem to me that we would want a plan that errors on the side of a larger downwind hazard area rather than one that underestimates the area.

From the new model, if it is appropriately supported by the Jack Rabbit data (including the upcoming Jack Rabbit II later this year), we have been grossly overestimating the potential exposure to chlorine releases from industrial facilities and transportation incidents. If that is true we may have overburdened producers and users of chlorine in the protective measures that we have required them to take.

Having said that, the relatively small downwind hazard areas described in the latest version of Pamphlet 74 feel like they are too small. This may lead us to reduce the protective burden to the point where we put people needlessly at risk near chlorine facility storage areas. Before we take that risk it would be prudent to ensure that there was a solid peer review of the model construction and methodology.

Friday, July 31, 2015

S 1846 Introduced – EMP Protection

Last week Sen. Johnson (R,WI) introduced S 1846, the Critical Infrastructure Protection Act (CIPA) of 2015. In my initial post about the introduction of this bill I commented that it might be a companion bill to HR 1073; that is not the case even though they share a common title. This bill requires more extensive activities from DHS than just consider electromagnetic pulse events (natural and man-made) in federal planning scenarios.

The bill starts off by adding a definition of ‘EM Threat’ to 6 USC 101 which encompasses electromagnetic pulses caused both by manmade actions and natural events. It then adds a new paragraph to 6 USC 121(d) requiring DHS to develop a “strategy to protect and prepare the critical infrastructure of the American homeland against EM threats, including from acts of terrorism” {new §121(d)(26)(A)(i)}.

It then goes on to add two new sections to the Homeland Security Act of 2002:

SEC. 318. EM threat research and development.
SEC. 526. National planning frameworks and education.


The new §318 would require DHS S&T to conduct research and development to mitigate the consequences of EM threats. That research would include {new §318(b)}:

An objective scientific analysis of the risks to critical infrastructures from a range of EM threats;
Determination of the critical national security assets and vital civic utilities and infrastructures that are at risk from EM threats;
An evaluation of emergency planning and response technologies that would address the findings and recommendations of experts, including those of the Commission to Assess the Threat to the United States from Electromagnetic Pulse Attack;
An analysis of technology options that are available to improve the resiliency of critical infra- structure to EM threats;
The restoration and recovery capabilities of critical infrastructure under differing levels of damage and disruption from various EM threats;
An analysis of the feasibility of a real-time alert system to inform electric grid operators and other stakeholders within milliseconds of a high-altitude nuclear explosion.


The planning requirements under the new §526 are very similar to those found in HR 1073. It would require the DHS National Protection and Programs Directorate to:

Include EM threats in national planning frameworks; and
Conduct outreach to educate owners and operators of critical infrastructure, emergency planners, and emergency response providers at all levels of government regarding EM threats.

Restricting DHS Activity

The final two sections of the bill limit the ability of DHS to effectively complete any of the above actions. Section 4 specifically denies DHS any regulatory authority to advance EMP protections. Section 5 specifically requires DHS to execute the actions discussed above with funds currently appropriated to the Department.

Moving Forward

Johnson is the Chair of the Senate Homeland Security and Governmental Affairs Committee so he certainly has the political pull to move this bill forward. In fact, the bill was marked up in a Committee business meeting this week. Unfortunately, because the way the Senate does their business the substitute language adopted by the Committee is not posted to the Committee web site like we see in the House. This means that we will have to wait for the Committee Report on the bill to see what changes were made.

It will be interesting to see if Johnson is interested enough in this bill to put his political will forth to move the bill to the floor of the Senate. If it gets there, this bill will likely be passed by a bipartisan majority since it deals with a potentially catastrophic event, but does not require new regulations, nor will it cost any new money.


EMP threats are the classic black swan event; absolutely catastrophic consequences but very low probability of occurrence. A cataclysmic geomagnetic storm has about the same probability of happening as a major comet/asteroid strike on the Earth. The difference between the two type of events is significant; we will see a comet/asteroid strike coming and may be able to take actions to prevent the strike. Any warning for a geomagnetic storm will be quite short.

The problem of a man-made EMP event of national significance has been widely overblown. Yes a properly designed nuclear weapon detonation very high over the heartland would very likely result in a catastrophic national-level EMP event. Fortunately, the old Cold War, strategy for preventing such an event is still in place; mutually assured destruction. Long before the weapon reached it detonation point, the massive counterstrike of our nuclear triad would be in route to the country that launched that missile. There are much more deniable methods for our nuclear missile capable adversaries to take out our electric grid infrastructure.

The other main problem with the current efforts to protect the Homeland against a catastrophic EMP event is that they are quite frankly a waste of time. Even if we were able to protect the electric grid from such an event (a very expensive and technologically iffy proposition at best) it would still not stop the virtual destruction of our country. That is because an EMP event of the requisite magnitude would also destroy almost every civilian (and many military) microprocessors in the country. No modern vehicles would be running, no communications would be functioning, no distribution systems would be operating, almost all modern electronic gadgets, widgets and dodads would be dead because their microelectronic circuits would be fried beyond redemption. It would be the ‘end of civilization as we know it’. And the scope of that electronic cataclysm gets worse every day as the internet of things expands.

I am much more concerned about the tactical level EMP event like that seen in the Oceans 11 (2001 remake) movie. A portable electromagnetic device is used to create a localized EMP event. The resulting local chaos would then be used to cover a more common type of terror attack that would be made more effective by a very reduced response due to the lack of communication and physical response capability. But even this type of event is currently at almost the science fiction level possibility, these types of devices would be large, cumbersome and require a large energy source.

Having said all of that, I understand the congressional fascination with EMP events. They are conceivably a societal level cataclysm and no one wants history to record that they did not attempt to do something to prevent them. Unfortunately, because no funding is made available for the work required, this bill will only take resources away from other problems that have a much higher probability of occurrence and it will do nothing to mitigate the underlying EMP problem.

Thursday, July 30, 2015

ICS-CERT Updates one Advisory and Publishes Another

This afternoon the DHS ICS-CERT updated a Siemens advisory for SIMATIC HMI Devices and publishes a new advisory for Schneider Electric InduSoft Wb Studio.

Siemens Update

This update notes that Siemens is now reporting that all of the affected HMI devices now have updates available to mitigate the three vulnerabilities reported in the original advisory back in April. It also adds three different types of SIMATIC HMI panels to the list of affected and mitigated products.

Schneider Advisory

This advisory describes a clear-text storage of sensitive information vulnerability in Schneider’s Electric InduSoft Web Studio and InTouch Machine. The vulnerability was originally reported by Gleb Gritsai, Alisa Esage Shevchenko, Ilya Karpov, and the team from Positive Technologies Security. Schneider has produced patches to mitigate the vulnerability but there is no indication that the researchers have been given the opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively unskilled attacker with local access can obtain project passwords from the configuration file. These can then be used to execute arbitrary code.

NOTE: The link provided in the Advisory for the Schneider report on the InduSoft version of this vulnerability does not get to the report; Schneiderdoes not yet have the vulnerability listed. Here is the direct link.

Chlorine Institute Issues New Chlorine Release Modeling Data

Today the Chlorine Institute published an updated version of their Pamphlet 74 - Guidance On Estimating the Area Affected By A Chlorine Release. Revisions have been based, at least in part, on the data produced by the Jack Rabbit test program conducted by the DHS Transportation Security Administration in 2010. The second round of testing (Jack Rabbit II) will be conducted later this summer.

I will be going through Pamphlet 74 in some detail this weekend. It will be interesting to see if the EPA will be updating its RMP*Comp program that is used to determine (for planning purposes) the distance of concern for releases of toxic chemicals. Actual field test data and models based upon that data should provide a better estimate of the distance of concern.

Senate Passes HR 3236

This afternoon the Senate passed HR 3236, the Surface Transportation and Veterans Health Care Choice Improvement Act of 2015, by a very bipartisan vote of 91 to 4. All four no votes came from Republicans. The bill extending the current surface transportation authorization until October 31st now heads to the President for signature. is reporting that the President is expected to sign the bill.

Earlier in the afternoon the Senate passed HR 22 (which was the Hire More Heroes Act of 2015) which has become the bill that will provide long term authorization of surface transportation programs. That vote, 65 to 34, was still fairly bipartisan, but in a way that is becoming more common in the 114th Congress; Republican conservatives made up almost half of the no votes.

Because this bill has been formulated as a series of amendments (including the basic amendment that completely replaces the original bill language) to the original bill, it is difficult to tell what the actual provisions of the bill look like. We should be able to see the version as passed by the Senate tomorrow or Saturday.

FRA Announces Final Rule for Securement of Unattended Equipment

Yesterday the DOT’s Federal Railroad Administration announced that it had submitted their final rule for the securement of unattended equipment to the Federal Register for publication. The announcement also included a link to download a copy [.PDF download] of the rule submitted to the FR. This rule will supersede and modify the provisions of FRA Emergency Order #28 issued after the Lac-Megantic Railroad disaster.

I will not be doing a detailed review of this rule today since the copy available is not the ‘official’ copy of the rule. This means that I cannot provide links to specific portions of the rule in my discussion nor will I be able to give specific dates for the bills effective and compliance dates. It is not currently scheduled to be published in tomorrow’s FR, so I expect that it will be published sometime next week.

The notice of proposed rulemaking was published for this rule in September of last year. Nine public comments were submitted in response to the NPMR.

NOTE: This final rule was not submitted to OMB for review, neither was the NPRM.

Bills Introduced – 07-29-15

Yesterday there were 197 bills introduced in the House and Senate. Most of those (178) were from the House as it was leaving for the summer recess. Many of those bills were introduced just for the purposes of showing the voters and campaign contributors that the Congressman was actively working on issues important to those in the home district. Of the bills introduced yesterday just 11 may be of specific interest to readers of this blog:

HR 3299 To amend the Public Health Service Act to ensure preparedness for chemical, radiological, biological, and nuclear threats, and for other purposes. Rep. Brooks, Susan W. [R-IN-5]

HR 3305 To help enhance American network security and mitigate cybersecurity risks, and for other purposes. Rep. Hurd, Will [R-TX-23]

HR 3313 To amend the Homeland Security Act of 2002 to strengthen the ability of the Secretary of Homeland Security to detect and prevent intrusions against, and to use countermeasures to protect, agency... Rep. McCaul, Michael T. [R-TX-10]

HR 3326 To amend chapter 90 of title 18, United States Code, to provide Federal jurisdiction for the theft of trade secrets, and for other purposes. Rep. Collins, Doug [R-GA-9]

HR 3348 To direct the Attorney General to create a special reward program for individuals providing information leading to the apprehension and conviction of persons committing offenses under section 1030 of... Rep. Green, Al [D-TX-9]  

HR 3350 To require a terrorism threat assessment regarding the transportation of chemical, biological, nuclear, and radiological materials through United States land borders and within the United States, and... Rep. Higgins, Brian [D-NY-26]

HR 3360 To provide for identity protection coverage and other services for individuals exposed to the OPM security breaches, and for other purposes.

HR 3361 To amend the Homeland Security Act of 2002 to establish the Insider Threat Program, and for other purposes. Rep. King, Peter T. [R-NY-2]

HR 3402 To strengthen the ability of the Secretary of Homeland Security to detect and prevent intrusions against, and to use countermeasures to protect, government agency information systems and for other... Rep. Ruppersberger, C. A. Dutch [D-MD-2]

HR 3418 To enhance homeland security, including domestic preparedness and the collective response to terrorism, by improving the Federal Protective Service, and for other purposes. Rep. Thompson, Bennie G. [D-MS-2]

S 1890 A bill to amend chapter 90 of title 18, United States Code, to provide Federal jurisdiction for the theft of trade secrets, and for other purposes. Sen. Hatch, Orrin G. [R-UT] 


Not surprisingly a large number (7) of these bills deal (HR 3305, HR 3313, HR 3326, HR 3348, HR 3360, HR 3402, and S 1890) with cybersecurity issues. It looks like HR 3326 and S 1890 are companion bills that would make it a Federal offense to steal trade secrets. Three of the bills (HR 3313, HR 3360, and HR 3402) appear to deal with Federal computer systems (but may contain language for private sector cybersecurity). HR 3348 would establish a special reward program to deal with offenses under 18 US 1030, Fraud and related activity in connection with computers.

Chemical Security

I’m lumping the other four bills under the rubric of chemical security; though for two of them that only covers a portion of the threat to which the bills are responding. HR 3299 looks at CBRN issues from a public health perspective. HR 3350 would require a ‘terrorism threat assessment’ for CBRN related shipments within the United States; there will be some interesting definitions here. HR 3361 looks at insider threat response; this may also be a cybersecurity bill. And HR 3418 would strengthen the Federal Protects Service; which also provides critical infrastructure chemical facility support to facilities not covered under CFATS or MTSA programs.

Moving Forward

The Senate will be in Washington for another week or two. When they adjourn for summer recess I expect that we will see another large (but not so large) batch of bills introduced. In the meantime the Senate will continue to introduce a limited number of bills each day they are in session and there is a chance that an occasional bill will be introduced during the pro forma sessions that the House will hold between now and Labor Day.

It will take the GPO a while to work through this back log of bills, so I will continue to have fodder for my blog post while Congress is junketing, schmoozing voters, and sucking up to campaign contributors.

/* Use this with templates/template-twocol.html */