Interesting little article over at PowderBulkSolids.com talks about a chemical facility fire in LaPorte, TX that occurred in a pump. There are a few more details available over at KHOU.com (including a video of an impressive set of flames), but the TV report still says that the fire started in a pump. Local officials and the company will conduct investigations, but the fire was probably too small to report to the Chemical Safety Board, and even if reported, with no injuries/deaths or major damage, CSB is unlikely to investigate.
There are a wide variety of pumps used in the chemical process industry, but most convert electrical energy to mechanical energy to move liquids through hoses and pipelines. As with any device that converts energy to motion there is waste heat produced. Pumps generally utilize the process liquid moving through the device for cooling.
Pumps are generally sealed devices with hose connections or hard-piped connections for the intake and outflow, so ‘a fire in a pump’ is unlikely. Even with a highly oxygenated fluid flowing through the pump a source of ignition would still be required. There is on possible source that should be considered, heating the liquid to the autoignition temperature. So, if you have a highly-oxygenated liquid with a very low autoignition temperature, you might want to include temperature sensors on your pump, along with the more common pressure sensor.
Looking at the video of the fire, the fire either started outside of the pump or moved out of the pump system in short order. The flames shown by the KHOU were about the height of the nearby storage tanks. This is fairly common for a pool type fire of a flammable liquid. And pumps can be a very quick way to set up a pool fire.
Pumps are pressure vessels; they make higher pressure on the discharge side of the pump during operations, that drives the fluid out of the pump. As with any properly designed pressure vessel, pumps that can reach safety-significant pressures (not all can) will have a pressure relief valve on the output side of the pump. That PRV can discharge some of the fluid flowing through the pump to the local environment. A more common way for pumps to discharge to the environment is for the output hose (or less common, the output pipe) to fail during operation because of the output pressure. This can be caused by mismatching the output hose/pipe pressure rating to the pressure rating of the pump. Also mismatching the materials of construction with the fluid flowing through the system, which could cause chemical reactions that weaken the hose/pipe.
From a cybersecurity perspective, it is easy to see that pumps handling flammable liquids are a potential target. The easiest attack would be to shut a valve on the discharge side of the pump while the pump is operating, causing the pump (again not all pumps can do this) to buildup the discharge pressure to the point where the PRV releases or output hoses/pipes fail. Of course, a well designed system will have an interlock that prevents the pump from operating when the discharge valve is closed. If that is an analog interlock, the cyber attack would not be successful. If the PRV is vented to a collection vessel, the chance of a pool fire is reduced. If there is an excess flow valve on the output of the pump, then the potential size of a pool fire is reduced. And there are additional process controls that could be used to further mitigate a cyberattack on a pump.
It is easy to look at a pump related fire/explosion at a process
facility and point the cybersecurity finger at the incident. But, a well run
process safety review will note the pump as a potential safety failure mode.
That review will then add mitigation measures to deal with that potential
failure. Those safety mitigation measures should also serve as potential
mitigation measures for a cyberattack. A cyber informed PSR will look to ensure
that those safety measures are protected or isolated from a cyberattack.
Posts
No comments:
Post a Comment