In doing this
week’s review of public comments on the OSHA PSM ANPRM I made a brief
mention of a comment that suggested the addition of requirements for reviewing
control systems in the Process Safety Management program. I thought that those
comments deserved a bit more attention in this blog.
Control Systems and
PSM
The comments
were posted by Terry Hardy, the Director of Safety and Risk Management at Great Circle Analytics, LLC. Mr. Hardy makes a
very important point about control systems in the opening portion of his
comments about safety in the chemical process and energy production industries:
“Because computing systems are
increasingly being used to control critical functions, software may directly
contribute to an accident. Software can also be used in hazard controls to
reduce risks, and computing systems can provide valuable information used to
help make safety decisions. Therefore, software must be included as part of an
organization’s safety efforts to analyze and manage hazards and risks. However,
for many organizations, software is not effectively incorporated into the
safety process. I have collected hundreds of examples of software-related
accidents and incidents – the following are a sample of those accidents.”
Hardy provides brief descriptions of two separate catastrophic
accidents where control system issues contributed to exacerbating the incident;
the 2005 explosion at a natural gas decompression/recompression facility near
Empress, Alberta and the 1999 gasoline pipeline rupture and fire in Bellingham,
WA. The descriptions provided include a discussion of how the control systems
contributed to the incidents.
He goes on to make the point that control system software
developers have an integral part to play in the development of safe control
system software. He points at standards “such as IEC 61511, Functional
Safety - Safety Instrumented Systems for the Process Industry Sector, and
DO-178B, Software Considerations in Airborne Systems and Equipment
Certification” (pg 3) that provide
guidance on how vendors can do their part to develop systems that have safety
considerations built in to the control system package.
But, he goes on to
point out that:
“Improving software safety requires
a change in the way process safety practitioners think. Software safety must be
fully integrated into the Process Safety Management process. Organizations need
to increase the attention given to addressing and analyzing the potential for
hazards related to software, computing systems, and automation.”
Hardy then makes a number of specific recommendations:
• OSHA
should consider adding specific language to address software and computing
systems to its Process Safety Management standard;
• Software
and computing systems must be part of the elements of process safety including
process safety information, process hazard analysis, management of change,
operating procedures, contractors’ obligations, compliance audits, pre-start-up
safety review, and training;
• Create
specific regulations for software and computing system information to be
provided by an operator as part of the PSM process; and
• Particular
attention should be paid to the human-computing system interface and how the
operator interacts with the computing system.
Control System
Security
Hardy does not address this in his comments, but it seems to
me that any discussion of control systems and process safety management must
include at least some minimal discussion of control system security.
Both the OSHA Process Safety Management Program and the EPA’s
Risk Management Program were instituted well before the 9/11 attacks made it
clear that the United States was no longer (if it ever truly was) exempt from
terrorist attacks. As a result neither program ever considered process security
as a part of process safety and that has not changed significantly since the
fall of the Twin Towers.
The Stuxnet virus made it clear that modern industrial
control systems, even those physically isolated from the Internet, are susceptible
to outside attack. With control system automation allowing for the increased
complexity of chemical process engineering and design, it is becoming increasingly
difficult for a limited number of operators to monitor and safely control
modern chemical manufacturing processes without nearly blind reliance on the
data provided by modern control systems. With those twin facts in mind, it is
becoming increasingly obvious that safe operation of modern chemical
manufacturing processes ultimately depends on the security of the control
systems used in those processes.
NOTE: A copy of this blog post was just submitted as a comment on the OSHA PSM ANPRM 08:31 CST 3-16-14
Posts
No comments:
Post a Comment