The Houston Chronicle is
reporting that the four DuPont workers who died earlier this month during a
methyl mercaptan leak at the LaPorte, TX facility were asphyxiated (died
because of lack of oxygen) and did not die because of methyl mercaptan
poisoning. To be sure, this is a technical difference because the relative lack
of oxygen was due to the large amount (23,000 lbs) of methyl mercaptan released
into the building.
Unanswered Questions
This raises a number of interesting questions, most of which
I would assume that the CSB is asking and/or answering:
• Did anyone at the site know about
the magnitude of the ‘leak’ before any of the four employees entered the
building? If they did, this should have been a full-blown hazmat response team
involved, not four piecemeal employees responding to a ‘leaking valve’.
• If no one knew the magnitude of
the leak, why not? That amount of material should have registered as a very significant
change in tank/vessel level/weight. That alone should have set off significant
alarms on site.
• Was this a leak from a process
vessel or a storage tank? There would have been different types of safety
instrumentation and safety controls on a storage tank for a toxic substance
like methyl mercaptan that should have been able to been able to isolate the
leak without anyone entering the building.
• What type respirators were the
four wearing when they entered the building. There was at least one news report
early on that talked about one of the brothers trying to share his air with his
overcome younger brother. So at least one person had a supplied air respirator.
For the others to die of asphyxiation that would seem to indicate that they
were wearing cartridge respirators which don’t help at all if there is a lack
of oxygen in the atmosphere.
From the news reports to date we can guess at some of the
answers to the above questions. It would seem that as many as three individuals
entered the facility wearing cartridge type respirators. This argues that the
people in charge of the unit were not aware of the magnitude of the leak. No
one in the chemical industry with a modicum of sense or training would send
anyone into a building where that volume of toxic, volatile chemical had
spilled without doing serious gas testing, both for the presence and
concentration of the toxic gas and the oxygen levels in the air.
From the news reports available to date I suspect that
something like this happened (entirely supposition on my part and I have never
seen the facility):
A gas detector goes off in part of
the building that people are not normally working in. The gas detector reports
the presence of methyl mercaptan but not the level. Two employees in proper PPE
for a small leak (probably a cartridge respirator) are sent to investigate/fix
the problem. When communications are lost with those individuals another person
is sent in to find out what happened and is also overcome. A senior operator
goes in wearing an air supplied respirator to rescue his younger brother who
was one of the three original responders. He reports the extent of the problem
and is then overcome while trying to resuscitate his brother with his supplied
air respirator. A properly informed response team is then formed and deployed,
too late to rescue the four earlier responders.
The Question Not
Asked
The Chronicle article mentioned above also reports that the
LaPorte facility also manufactures and uses methyl isocyanate (of Bhopal and
Charleston, WV fame). This is a deadly toxic chemical and much less ‘friendly’
than methyl mercaptan. I would like to think that a facility run by DuPont that
handled toxic chemicals like this had properly instrumented control systems and
safety systems that would prevent incidents like this.
Giving DuPont the initial benefit of doubt there is another
ugly possibility that should also be considered, was this accident the result
of a cyber-attack on the facility. This could explain why a stand-alone
chemical detector alarm could go off and no one in the control room could see
the cause for the alarm or detect the extent of the leak. That would explain
the completely inadequate preparation done to enter the facility to correct the
‘leaking valve’; all indicators would have shown a minor leak, not a massive
release.
I am not sure if the Chemical Safety Board has control
system security experts on the team. If not, they may not be able to detect the
incursion that would have precipitated this incident. I would propose that the
following might be non-technical indicators of a possible attack:
• Discrepancies in the amount of
methyl mercaptan reported on site (via the automated inventory management
system) before, during and after the attack;
• Discrepancies in the indicated
flow rates of methyl mercaptan reported by the process control system versus
the computed rate of the leak;
• Discrepancies between the control
system commands initiated by the operator (either in the data historian or the
operator testimony) and the control states of the equipment recorded in the
data historian.
If any of those discrepancies are noted, the CSB ought to
call in the ICS-CERT fly-away team to help investigate the potential for
control system problems (‘problems’ covers a multitude of sins) contributing to
or as the source of the massive methyl mercaptan release.
Posts
No comments:
Post a Comment