Thursday, November 20, 2014

Waste Treatment Facility Fire

There have been a number of interesting news stories (here, here and here for instance) about an explosion and resulting fires at a Southern California waste treatment facility, Southern California Waste Water. It seems that a vacuum truck delivering what was supposed to be non-hazardous waste exploded at the site, spewing an as of yet unidentified chemical mixture on site that ignited various organic materials (including tires of a fire engine and boots of fire fighters; how ironic) on site.

The Business

Looking at the company’s web site it looks like they take in wastes from a variety of customers across the Southern California, de-water the material and prepare a solid material that can be used as a daily cover in selected solid waste disposal facilities. This is a somewhat unattractive, unexciting (on most occasions) and very necessary side of the chemical industry. The company relies on its customers to properly characterize the waste streams that are picked up by various trucking companies specializing in non-hazardous waste hauling.

The vacuum truck goes out to a customer facility and sucks up the waste material from treatment ponds, storage tanks and the like and then delivers it to the SCWW facility. From photographs from the various news articles it appears that the solids in the waste are separated from the bulk of the water (which then is probably sent to a water treatment works). The solids are then combined with other material to form a material that can be used to cover other debris and trash at a landfill.

The Accident

What apparently happened on Tuesday morning was that a large vacuum truck pulled into the facility that contained some material that was reacting chemically within the truck. We don’t know yet what the material was but it seems obvious from the pictures that some sort of gas and maybe heat was being generated by the reaction and the pressure built-up in the tank. While sitting at the facility apparently waiting to unload the pressure built up to the point where the back of the truck flew off and sprayed the contents all over the facility.

As the material dried in contact with air it formed a material that would ignite organic material that it came in contact with; organic materials like plastic, rubber or wood. From the news stories and photos it would seem that a fire truck pulled up on the scene, rolled into the liquid spill and at some point the tires caught on fire as did the boots of some of the fire fighters.

Not know fully what chemicals were involved, and having a river nearby where any fire-fighting run-off would go, the fire departments involved decided not to fight the various fires that sprung up on site and concentrate of confining the incident to the facility.

Injuries
There was a relatively minor injury to a truck driver from the initial explosion (I don’t really like that term in this context as it does not appear there was any fire involved initially, just a pressure build up and catastrophic failure of containment), but there are no real reports of serious chemical injuries on the scene.

Unfortunately, there were some complications at a local emergency room. Some people from the site showed up at the ER complaining about chemical exposure issues. Since they were apparently self-transported they were not decontaminated before arriving at the ER. As a result news reports indicate that there were 12 ER employees that were treated for ‘respiratory distress’. Since we don’t yet know what chemicals were involved these may have been caused by chemical exposure reactions or just a very typical and understandable psychological reaction of people to an unknown and unpleasant odor associated with a potential chemical hazard.

This points out a problem that all ER’s must prepare for when there is an incident at a nearby chemical facility. While we expect the local hazmat team and ambulance teams to ensure that transported individuals are decontaminated before leaving the scene, people that self-transport are usually not so careful. It would be a good idea to set up a triage area outside with decontamination equipment and appropriate PPE for the decon team to avoid contaminating the ER when a chemical incident takes place in the local area.

Investigation On-Going

The investigation into this incident is on-going with local agencies, the EPA and OSHA probably being involved. Since there were no deaths or serious injuries reported to date, it is unlikely that the Chemical Safety Board will be involved.


A major focus of the investigation will certainly be the facility from which the truck load of waste originated. Also sure to be looked at will be the clean out procedure used on that truck before the last load was picked up to see if cross contamination of waste streams may have been the culprit.

Wednesday, November 19, 2014

ICS-CERT Publishes Alerts for 2 of 3 Reported Advantech Vulnerabilities

Today the DHS ICS-CERT published alerts for two different Advantech products; EKI-6340 and AdamView. Adam Greenberg at SCMagazine.com reports that there is the same researchers also reported a vulnerability in WebView.

EKI-6340 Alert

This alert addresses a command injection vulnerability that was discovered by Facundo Pantaleo and Flavio Cangini of Core Security Engineering Team. The disclosure was coordinated thru ICS-CERT but when Advantech announced that they would not be fixing the vulnerability since the product would be discontinued next year, Core Security published the vulnerability on their web site.

The Core Security notice also includes suggested fixes for the vulnerability. Too bad Core Security can’t charge for Advantech’s laziness (considering the ease of the fix that could have been announced by Advantech).

AdamView Alert

This alert addresses a buffer overflow vulnerability that was discovered by Daniel Kazimirow and Fernando Paez from Core Security Engineering Team. The disclosure was coordinated thru ICS-CERT but Advantech has not supported this product “for a while” and will not fix the vulnerability. Unfortunately, outdated products do not usually get fixed.

Core Security notes that since this is a client-side vulnerability there are only limited fixes that can applied to mitigate this vulnerability.

WebView Vulnerability

The Core Security Team also reported a stack-based buffer overflow vulnerability in the Advantech WebView application. I suspect that ICS-CERT has not issued an advisory on this vulnerability since they may be working to get Advantech to fix the fix found in version 8.0 that Core Security says does not correct the vulnerability when applied to existing systems.

It seems that the vulnerable file "webeye.ocx" (version 1.0.1.35) is not in the newest version, but when a system with an earlier version is upgraded the existing webeye.ocx is not removed from the system, so the vulnerability remains.

Not So Coordinated Disclosure

Now I fully understand (and support) the Core Security Team publication of the first two vulnerabilities since the vendor told ICS-CERT that they would not be issuing a fix. That makes the vulnerability fair game for publication in my opinion, especially when Core Security stepped up and suggested mitigation measures.

The question on the third is a tad bit more vague. Core Security reports that they notified ICS-
CERT on October 1st about the vulnerability (actually all three vulnerabilities) and then advised ICS-CERT that the fix Advantech reported did not actual fix existing system vulnerabilities on October 21st. Their advisory reports that ICS-CERT notified them about why it did not work on October 27th, but do not indicate that Advantech refused to revise the fix.


I would hope that ICS-CERT was working with Advantech to get them to revise the Version 8.0 fix so that it did remove and/or modify the exiting file. Lacking a specific notice that Advantech refused to fix the fix I think that a responsible researcher (in my definition) would give ICS-CERT a little more than just 23 days to get a recalcitrant vendor to see the error of their ways. But, that is just my opinion.

Tuesday, November 18, 2014

Bills Introduced – 11-17-14

Both the House and Senate are back in town for week two of the lame duck session. Seventeen bills were introduced yesterday including one that may be of specific interest to readers of this blog:

S 2934 - A bill to prohibit trespassing on critical infrastructure used in or affecting interstate commerce to commit a criminal offense. Sponsor Sen. Schumer, Charles E. [D-NY].

This bill was publicized by Schumer during the election hiatus as a bill targeted at preventing the recent spate of publicity stunts involving bridges and other landmarks in New York City. We will have to wait to see what the bill actually says to be sure, but this sounds like an attempt to stifle free speech. Having said that, this could be used as a tool to federally prosecute recon actions that would be a precursor to a terrorist attack; details will make the difference.


NOTE: This bill has little chance of being considered in the lame duck session. It will be interesting to see if/when it is re-introduced in the 114th Congress.

Monday, November 17, 2014

Reader Comments 11-17-14

It is rare for me to get a reader interchange in the comments section of this blog and rarer still for those comments to be about my politics. But, an anonymous reader (apparently the owner of a small CFATS covered chemical facility) responded to my Sunday post about the chemical accident this weekend in Texas. Actually I think that maybe his comments were to/about me and were merely connected to the most recent blog. In any case, he noted:

“People like you have made America a regulatory nightmare. You're an apologist for a CFR police state, and when confronted about this you drop fear bombs to justify your point of view.”

He then goes on to complain about “Soviet-style bureaucrat from DHS” and the unconstitutionality of the CFATS program under the 4th, 5th, 9th, and 10th Amendments. I have some objections to both claims. First and foremost, the CFATS inspectors that I have talked with and corresponded with were not bureaucrats in any form, but were rather hardworking, caring and professionals who were primarily interested in helping facility owners keep their facilities safe from terrorist attack in the most efficient manner possible. There may be bureaucrats in ISCD Headquarters (though the ones that I have met certainly do not meet the classical soviet stereotype), the folks in the field are so far from that description to bear comparison by the most near-sighted citizen.

As to the second, [STADARD LEGAL CAVEAT: I AM NOT A LAWYER] that does not bear close scrutiny either:

4th Amendment – Search and Siesure – The Supreme Court has often held that regulatory inspections do not constitute searches.

5th Amendment – Self-incrimination – CFATS regulations are not criminal in nature so there can be no self-incrimination. Upheld in numerous instances for all sorts of regulatory programs.

9th Amendment – Rights not enumerated are protected – See next comment.

10th Amendment – States rights. Commerce clause and common defense clause of the constitution both provide the legal framework for the CFATS program.

The second anonymous commenter (with the nom de chem of Common Sense from the South) was rather blunt in responding to the first commenter and certainly more personally directed than I would have done. I do appreciate the characterization of this blog as “a respected professional blog”.

Sunday, November 16, 2014

‘Friendly’ Toxic Chemicals

Yesterday 4 employees at the LaPorte, TX DuPont plant died, apparently as a result of exposure to methyl mercaptan (CH3SH, AKA ethanethiol, or MeSH); another employee was taken to the hospital for exposure. News reports (here and here) indicate that they were responding to a leak due to a malfunctioning valve. The Chemical Safety Board is deploying a team to initiate an investigation.

Methyl Mercaptan Standards

MeSH is a toxic chemical that is widely used to ‘odorize’ natural gas and propane. It has a strong, easily detectable odor that can be added to odorless flammable gasses to make leaks more easily detectable. It is this very strong odor that makes it a ‘friendly’ toxic gas. With a human detection limit somewhere in the neighborhood of 1 ppb, very small amounts of this material are very easily detectable.

There are some conflicts between the OSHA and NIOSH short term exposure limits for this chemical (10 ppm and 0.5 ppm respectively), but all government sources agree with the current IDLH (Immediately Dangerous to Life and Health) limit of 150 ppm. What is not readily available is the level at which the human gag reflex makes it uncomfortable to be around the odor; almost certainly below 10 ppm. Thus anyone approaching a leak site without personal protective equipment (PPE) is almost certain to turn around and leave the area well before the 150 ppm IDLH is reached.
Avoiding Deadly MeSH Concentrations

Which leaves the question as to how someone could enter an area with lethal concentrations of MeSH? One way (speculation on my part, the CSB will determine the actual root cause) would be for the responders to be wearing cartridge respirators (the most common kind of respirator used in the chemical industry). Those cartridges are typically activated charcoal. According to a 2002 article by Svetlana Bashkova, et. al., the three types of adsorbents that they investigated all had break through times greater than 100 minutes. This should be more than long enough for an initial look at the situation to determine if an easy fix (close the valve, for instance) was possible.

Of course, if anyone knew or suspected that the concentration of MeSH was 150 ppm or greater, the use of a cartridge respirator should not have been authorized; any respirator failure would have placed the wearer in a potentially deadly situation. A supplied air respirator should be required in those circumstances.

I have long advocated in this blog that any CFATS covered facility include toxic gas detectors at any site with a toxic release hazard DHS chemical of interest (COI) on site. These detectors would be deployed as an array of gas detectors on (and off) site as part of their immediate response plan for their site security plan. This would allow responders to know where the toxic gas cloud was heading and determine what level of protection would be needed for security and safety responders.

EPA vs DHS Regulations

Looking at this incident I ran across an interesting discrepancy between how EPA and DHS look at methyl mercaptan. The EPA lists methyl mercaptan as a toxic chemical under their Chemical Accident Protection regulations (and that include the Risk Management Plan regulations), but DHS lists it as a flammable release COI under the CFATS program. It is certainly a flammable liquid (flammable gas at temperatures above 45°F) and apparently DHS figures that the risk from an explosion of a methyl mercaptan storage tank attack is greater than the risk from a toxic release from the same successful attack. EPA, on the other hand, is more concerned with the toxic release.

As DHS looks at updating their COI list (Appendix A to 6 CFR Part 27) they might want to reconsider the either/or dichotomy of this and other flammable toxic chemicals and list them under both hazards. This would ensure that chemical security efforts deal with both concerns. Similarly, EPA should consider also listing the flammability characteristics in 40 CFR Part 68 so that safety efforts are formally required to be targeted at both characteristics.

Moving Forward


We should start to hear some informal information from CSB and the other investigating bodies in the weeks to come. The formal determination of the root cause of the deaths will, unfortunately be months or years in coming.

Saturday, November 15, 2014

Bills Introduced – 11-14-14

The Senate was already on the way home for the weekend but the House introduced 18 bills yesterday. Only two of those may be of specific interest to readers of this blog:

HR 5712 - To authorize the Private Sector Office of the Department of Homeland Security to improve private sector engagement in protecting the homeland, and for other purposes. Sponsor - Rep. Clawson, Curt [R-FL-19].

HJ Rest 129 - Appointing the day for the convening of the first session of the One Hundred Fourteenth Congress. Sponsor - Rep. McCarthy, Kevin [R-CA-23].

The current title of HR 5712 is written broad enough to cover a number of potentially interesting possibilities. I suspect that this may be the last mention of the bill in this blog, however.


HJ Res 129 is a procedural resolution that was introduced and passed yesterday in the House. It would set January 6th as the first date for the new Congress. Typically the Senate will meet to swear in new members and then adjourn until the State-of-the-Union. The House will meet that day (a Wednesday) and have a couple of additional days in session taking care of mainly procedural matters before heading back home.

Friday, November 14, 2014

Bills Introduced – 11-13-14

Yesterday was the second day of the lame duck session and all sorts of stuff has to be addressed by this Congress; including the FY 2015 spending bill. With that said, there were 22 bills introduced yesterday including just one that may be of specific interest to readers of this blog:

HR 5705 To modify certain provisions relating to the Propane Education and Research Council. Rep. Latta, Robert E. [R-OH]

According to a press release from Latta’s office this bill will modify the Propane Education and Research Act (15 USC 6401 et seq) to help the propane industry avoid pricing spikes and to avoid misinterpretation of the training program requirements of the original act by the Department of Commerce. It will be interesting to see what other things may be included.


NOTE: Readers will note that the link to the bill no longer goes to the old Thomas.LOC.gov web site. That site is being phased out and the new Congress.gov site will be the source of information. It looks like the new site is slower to post bills, so these ‘Bills Introduced’ posts will be coming out later in the day than normal. For those that like the old Thomas.LOC site it will be up through at least a portion of next year.
 
/* Use this with templates/template-twocol.html */