In doing this week’s review of public comments on the OSHA PSM ANPRM I made a brief mention of a comment that suggested the addition of requirements for reviewing control systems in the Process Safety Management program. I thought that those comments deserved a bit more attention in this blog.
Control Systems and PSM
The comments were posted by Terry Hardy, the Director of Safety and Risk Management at Great Circle Analytics, LLC. Mr. Hardy makes a very important point about control systems in the opening portion of his comments about safety in the chemical process and energy production industries:
“Because computing systems are increasingly being used to control critical functions, software may directly contribute to an accident. Software can also be used in hazard controls to reduce risks, and computing systems can provide valuable information used to help make safety decisions. Therefore, software must be included as part of an organization’s safety efforts to analyze and manage hazards and risks. However, for many organizations, software is not effectively incorporated into the safety process. I have collected hundreds of examples of software-related accidents and incidents – the following are a sample of those accidents.”
Hardy provides brief descriptions of two separate catastrophic accidents where control system issues contributed to exacerbating the incident; the 2005 explosion at a natural gas decompression/recompression facility near Empress, Alberta and the 1999 gasoline pipeline rupture and fire in Bellingham, WA. The descriptions provided include a discussion of how the control systems contributed to the incidents.
He goes on to make the point that control system software developers have an integral part to play in the development of safe control system software. He points at standards “such as IEC 61511, Functional Safety - Safety Instrumented Systems for the Process Industry Sector, and DO-178B, Software Considerations in Airborne Systems and Equipment Certification” (pg 3) that provide guidance on how vendors can do their part to develop systems that have safety considerations built in to the control system package.
But, he goes on to point out that:
“Improving software safety requires a change in the way process safety practitioners think. Software safety must be fully integrated into the Process Safety Management process. Organizations need to increase the attention given to addressing and analyzing the potential for hazards related to software, computing systems, and automation.”
Hardy then makes a number of specific recommendations:
• OSHA should consider adding specific language to address software and computing systems to its Process Safety Management standard;
• Software and computing systems must be part of the elements of process safety including process safety information, process hazard analysis, management of change, operating procedures, contractors’ obligations, compliance audits, pre-start-up safety review, and training;
• Create specific regulations for software and computing system information to be provided by an operator as part of the PSM process; and
• Particular attention should be paid to the human-computing system interface and how the operator interacts with the computing system.
Control System Security
Hardy does not address this in his comments, but it seems to me that any discussion of control systems and process safety management must include at least some minimal discussion of control system security.
Both the OSHA Process Safety Management Program and the EPA’s Risk Management Program were instituted well before the 9/11 attacks made it clear that the United States was no longer (if it ever truly was) exempt from terrorist attacks. As a result neither program ever considered process security as a part of process safety and that has not changed significantly since the fall of the Twin Towers.
The Stuxnet virus made it clear that modern industrial control systems, even those physically isolated from the Internet, are susceptible to outside attack. With control system automation allowing for the increased complexity of chemical process engineering and design, it is becoming increasingly difficult for a limited number of operators to monitor and safely control modern chemical manufacturing processes without nearly blind reliance on the data provided by modern control systems. With those twin facts in mind, it is becoming increasingly obvious that safe operation of modern chemical manufacturing processes ultimately depends on the security of the control systems used in those processes.
NOTE: A copy of this blog post was just submitted as a comment on the OSHA PSM ANPRM 08:31 CST 3-16-14