Security and Safety

Anyone that worked with me while I was a process chemist in a specialty chemical manufacturing facility knows that I have always been passionate about process safety. And readers of this blog know of my passion for security. So, it should be no surprise that I am very concerned with the Chemical Safety Board (CSB) vs. Sensitive Security Information (SSI) controversy surrounding next week’s public meeting on the Bayer CropScience fatal process accident that happen last summer. Two opinion pieces yesterday, one at USAToday.com and the other at Pubs.ACS.org, paint this as a conflict between security and community-right-to-know (CRTK). I think that this is a major mistake. In the context of counter terrorism operations, security and CRTK are part and parcel of the same operation, just like security and safety. They all contribute to a piece of the puzzle to prevent a successful terrorist attack. Assume it was a Terrorist Attack Let me use the Bayer incident as an instructional aid. Let’s assume that the accident was not an accident, but actually a well planned and executed terrorist attack. Assume for a moment that the ‘process upset’ that caused the explosion had been deliberately engineered and had been just a little bit larger in size. The nearby MIC tank, instead of escaping damage, would have (in our assumed incident) been punctured by flying debris. A cloud of methyl isocyanate would have been released to the atmosphere and spread to the adjacent community. The resulting panic, injuries and deaths would have made this a very successful attack. However, if CRTK had been an integral part of the security plan for the installation, there would have been automated systems around the tank and process area to detect the slightest release of MIC. As the first sensor detected the leak, an automatic alarm would have been sent to facility and community first responders. As more sensors became ‘involved’ other automated sensors would have begun auto-dialing local residents and businesses warning them to begin to take appropriate measures. Weather sensors and an array of chemical sensors around the facility would have begun mapping the spread of the cloud and projecting concentrations beyond the fence line. Decisions would have been made about who would evacuate and who would shelter in place and the appropriate communications made. Local residents would have been told in advance how to shelter in place or where to evacuate and why one was better than the other in a particular situation. At the same time, other automated mitigation measures would go into action. Water and chemical sprays would start that would knock down the bulk of the cloud. Properly equipped emergency responders would arrive at the scene and make what ever temporary repairs were possible to stop further leakage. Off-site response personnel would arrive on the scene to provide assistance to the community near the facility, monitoring for exposure levels and getting people safely out of the area. In the CRTK scenario, the success of the terrorist attack would have been reduced because panic, deaths and injuries would have been greatly reduced. This is the reason that CRTK plans are an integral part of any successful counter-terrorism security plan, just as they are a critical part of any successful process safety plan. Working Together Unfortunately, the government’s safety, security, and CRTK people are not working together. They are in different agencies and working under separate mandates. In this case the security and safety people have worked out an accommodation, but the CRTK people are still wondering in the wilderness. Two agencies have worked together to the extent that one did not stop the other, but that is not actually cooperation. It is more like a temporary cease fire on the battlefield to collect the wounded. This is a high-risk chemical facility (both from a safety and security point of view). Until the CSB determines the actual cause of the incident (which may not happen for another six months, if ever) there is a remote possibility that this was a deliberate attack and not a process problem. Even if it were completely accidental or the result of an inadequate process design/operation there are security issues that will inevitably be identified in the thorough type investigation that the CSB conducts. In either case the Coast Guard, as the responsible security agency for the facility, should be working as part of the CSB team during the investigation. A Coast Guard investigator should be a working member of the team, reporting to the head CSB investigator. That forensics investigator would then be immediately available and up to speed on the investigation if evidence of sabotage or outside attack was discovered. Otherwise that investigator should be looking at how the existing security plans contributed to or mitigated the severity of the incident. Congressional Action Required When the Chemical Safety Board was formed ten years ago there was no Federal involvement with security at chemical facilities. As the C&EN article notes there are now about 10,000 facilities with federally regulated security measures. More will likely be added if/when the water facility exemption is removed this year. The mandate for the Chemical Safety Board needs to be updated to take this into account. On the other hand, Congress completely overlooked the issue of chemical safety and community-right-to-know when they mandated security measures at chemical facilities. That was a major political and technical mistake and one that needs to be corrected. It is fortunate that the Bayer issue comes up when it did. Congress is beginning to consider the reauthorization of the CFATS program next week. The hearing before the Government Oversight subcommittee of the Energy and Commerce Committee should be just the first such hearing to look at the safety/security issue. Both the Energy and Commerce and the Homeland Security Committees need to look at this issue as part of the CFATS reauthorization. In my not-so-humble opinion, the Chemical Safety Board needs to remain the lead agency in any major accident or incident at a chemical facility; they alone have the technical expertise to get to the root cause of the accident/incident. At facilities that fall under CFATS, DHS should provide an investigator to assist the CSB by looking into security issues. For facilities that fall under the MTSA, the Coast Guard should provide that assistance. Additionally, they could provide on-going guidance to the CSB investigators about what information they receive or uncover that would be considered to be protected information under SSI or CVI rules. In any case, there should be a classified appendix to any CSB report involving a covered chemical facility that addresses the security issues that contributed to, or mitigated, the severity of the incident. That report should be given the widest possible dissemination in the security community, including other covered facilities.