Stuxnet- The story gets worse
Oct 21, 2010-The Stuxnet story is going from bad to worse. What seemed to be a fringe incident of a worm (that infects only Siemens make PLC, SCADA and DCS systems) is slowly getting to be, well, mainstream. The infection which was thought to be restricted to less than a hundred systems now seems to be much more widespread. For those of you who missed our earlier report on Stuxnet, please click here.
The respected Control Global journal estimates that the brunt of the attack has been borne by Iran, where 33,000 installations have been affected, followed by Indonesia at 10,000 systems affected , followed by India at 5000 systems (approx numbers). While most plant managers and engineers who have non Siemens systems may be relieved (not in my backyard), there is hardly any room for complacency. Today it was Siemens, tomorrow it could be any other PLC or DCS vendor’s systems. To make matters worse, several systems now have Safety Instrumented Systems (SIS for short) integrated with the main control system, as against the SIS being largely relay and hardware interlock driven as in the old days. This means that a worm could theoretically infect an SIS and may cause havoc. Could be an environmental disaster. Have Safety Managers in industrial plants assessed the threat realistically? We do not think so. This issue should get far more attention than it is getting now.
Else we may get another Bhopal or a Three Mile Island due to a worm. Hardly a comfortable feeling, don’t you think?
Your thoughts are welcome.
Stuxnet-implications for industrial safety in plants using PLC, SCADA or DCS
Oct 18, 2010- Now with the advent of the Stuxnet, the world’s first known computer system worm, meant only to target industrial control systems, plant safety managers should sit up and take notice. Upto now you had to bother about fires, explosions, worker safety violations, legal permits and these kind of issues. Very soon you may have to worry about computer worms attacking plant control systems and wreaking havoc.
The Stuxnet worm that began appearing sometime reportedly in April of this year is designed apparently to only target industrial control systems made by Siemens. These include SCADA software like WinCC and the SIMATIC programming tools that are used to configure and program PLCs of the S7 series.
First a brief backgrounder for those who are not much aware of modern industrial control systems-PLCs are short for Programmable Logic Controllers and SCADA is shortform for Supervisory Control and Data Acquisition systems. DCS is shorthand for Distributed Control Systems. It was always known that a virus or worm could potentially infect an industrial control system but this threat largely remained ignored because
a) No apparent benefit could accrue to any unethical hacker/cracker or similar person by writing malicious code for industrial computers
b) Since many of these systems are isolated from the internet, they are safe.
Turns out both these assumptions were totally wrong.Apparently some criminal or similar elements did write malicious code targeting DCS/PLC/SCADA systems and it did not matter that these systems were isolated from the internet. The infections were spread from USB drives!
Reports indicate that Stuxnet may have infected upto a hundred such industrial systems in India, China, Iran and even Germany. Initial analysis of the code indicates that it is specifically targeted towards Siemens systems and behaves in the following manner
a) It tries to identify the host. If it is a Siemens system it begins its work. Some experts say that it tries to capture control of the plant by infecting the PLCs and RTU (remote terminal units) and other controllers that control motors, pumps and valves. It then tries to change setpoints, modify programs and interlocks and generally can cause a lot of unexplained behavior of equipment
b) If the host is not a Siemens system, it does nothing-it lies dormant
c) It has a Kill switch- a date set out in 2012 after which it will self destruct.
The whole possibilities of such worm are horrible to contemplate! So sit up and take notice, do something! Do not confine your work to just enforcing personal safety such as wearing of helmets by personnel and taking permits for hazardous work. Lookout for hidden threats like Stuxnet-they have the potential to cause disasters far worse than what could be caused by human error.
Comments are welcome below.
Another Gulf Oil Rig Explosion-Mariner Energy rig accident
Sep 3, 2010 Houma, La — Yet another accident at an Oil Rig in the Gulf of Mexico! An oil rig operated by Mariner Energy Inc in shallow water suffered an explosion. About 13 workers had to jump into the sea, from where they were later rescued. No casualties have been reported. This comes as a bad news to the Oil & Gas industry, which is already battling a mortarium on deepwater drilling in the gulf. Now that this latest accident has taken place in shallow waters raises a lot of question marks over the safety of operations in ALL offshore places, shallow or deep. AS of now no oil spill has been reported, but its too early to say.
Recall that when the first reports of the Deepwater Horizon explosion started coming in the spillage reported was “only a few hundred barrels” and slowly it emerged that hundreds of thousands of barrels may have been spilled. Lets cross our fingers and watch this one.
NFPA amends the Fuel Gas Code to prevent purging of pipelines using natural gas after Kleen explosion
Aug 11, 2010- The National Fire Protection Association (NFPA), through an emergency revision to the NFPA 2009 code, has prohibited the purging of gas pipelines by using natural gas. This is a direct fallout of the Kleen Energy accident investigation, after the US Chemical Safety Board concluded that the purging by natural gas led to the accident. The CSB had also appealed to standards and regulatory bodies like OSHA and NFPA to amend the codes that regulate natural gas piping and operations in view of these findings. We had reported all about it here.
The NFPA has now responded by issuing aTentative Interim Amendment to Section 54 of the Natural Gas Code. This can be downloaded from here.
(Note: The code specifically talks about installing a gas detector to detect the presence of natural gas-if you would like to know how to specify, select, install, calibrate and maintain these gas detectors, please click here)
The CSB was glad to hear about this and the agency has issued a statement reproduced below.
Here’s the CSB statement (in Italics)
————————–
Emergency Change to National Fuel Gas Code Addresses Cause of Fatal June 2009 Blast at ConAgra Slim Jim Plant in North Carolina
On February 4, 2010, I presided at a Chemical Safety Board public meeting in Raleigh, North Carolina, to present the CSB’s findings on the June 9, 2009, natural gas explosion at the ConAgra Slim Jim manufacturing plant in the nearby community of Garner.
That tragic and preventable accident cost four lives, injured 67 others, and led to a decision to close the plant, with the loss of hundreds of jobs in the region. The accident occurred during an operation to purge (or clear air) from a new steel gas-supply pipe that was connected to a newly installed industrial water heater. The pipe was connected at the other end to the building’s natural gas distribution system. During the purging operation, gas was allowed to flow through the pipe and exit through an open valve inside the utility room where the water heater was located. Due to difficulties in lighting the water heater, the purging operation was continued for an unusually long time, eventually causing gas to accumulate above the lower explosive limit inside the building. The gas contacted an ignition source and exploded, causing extensive sections of the large facility to collapse.
The CSB noted that the accident at ConAgra was but one of a number of similar explosions caused by an intentional, planned work activity that inadvertently led to a large and unsafe release of natural gas into a workplace.
At the time of the accident, indoor purging of natural gas systems was not prohibited under the National Fuel Gas Code, a key consensus code of the National Fire Protection Association (NFPA) that has been adopted by many states and localities across the country. At the February 4 public meeting, the Board voted to make urgent recommendations to NFPA and the International Code Council to prohibit indoor purging and require companies and installers to purge flammable fuel gases to safe locations outdoors, away from workers and ignition sources.
I am pleased that the NFPA made our recommendation a high priority and took immediate steps to improve the National Fuel Gas Code. Last week, on August 5, the NFPA Standards Council gave final approval to an emergency code change, known as a Tentative Interim Amendment, that will prohibit indoor purging of industrial gas lines operating at greater than two pounds per square inch gauge (psig) or meeting certain pipe size criteria. According to the NFPA, the new requirements are designed to require outdoor purging for industrial, large commercial, and large multifamily buildings.
These new provisions would have required the gas pipe at ConAgra to be purged outdoors, away from personnel and ignition sources. Under the new requirements, purging must be monitored using appropriate detection equipment to prevent a significant release of flammable gas. The new requirements are similar to new safety procedures developed and implemented by both ConAgra and the State of North Carolina in the months following the tragedy.
Outdoor purging is inherently safer than venting gas into a building. Had the gas pipe at ConAgra been safely purged outdoors, the explosion and resulting deaths and injuries could have been avoided.
I encourage all companies to study the new code recommendations and to purge flammable gases outdoors whenever possible. I urge the NFPA to ensure that a prohibition on indoor purging and other safeguards are permanently incorporated into the National Fuel Gas Code, and I thank the NFPA leadership and members for their positive actions to promote worker safety.
###
Kleen Energy Explosion impact-CSB urges OSHA to ban gas purging of pipelines
Aug 05, 2010-The Chemical Safety Board has now recommended OSHA (Occupational Safety and Health Administration) to ban purging of pipelines with natural gas, that can cause explosions. This should have been done a long time back, but it was only after the Kleen Energy explosion that things started moving in this direction.
—————–Advt——————
For an excellent training course on Hazardous Area Classification and Instrumentation click here
——————————————-
This is rather surprising for evrybody in the chemicals, petrochemicals and oil industries who have operated boilers, fired heaters, etc are aware that before starting any burner, some purging is to be done with air, to drive away residual gas in the burning chamber to prevent explosions and back firing. However it is surprining that in many natural gas processing facilities instead of using Nitrogen or compressed air for purging, they use the natural gas itself. This in itself may not be entirely unsafe IF and this is a BIG IF that the surroundings are free of ignition sources of any kind and the gas can quickly dilute below its % LEL (lower explosive limit). However in the Kleen energy kind of situation where there was large scale welding and cutting going on, with plenty of sparks flying around, it is surprising that the regular venting of natural gas purging resulted in just one explosion…theoretically it should have resulted in many!
There is an urgent need for people to understand the principles of explosion protection, classified areas, hazardous area classification, gas monitoring and other such concepts to prevent Kleen energy like incidents.
Anyways, here’s what the CSB now says (reproduced from their website)
Statement of CSB Chairperson Dr. Rafael Moure-Eraso Urges OSHA to Adopt CSB Recommendation Prohibiting Flammable Gas Blows During Pipe Cleaning Operations
On June 28, 2010, at a public meeting in Portland, Connecticut, the Chemical Safety Board voted to issue 18 urgent recommendations to various recipients, including OSHA, aimed at halting the dangerous practice of releasing large quantities of flammable gas in the presence of workers and ignition sources during cleaning operations.
Six workers were killed and there were numerous injuries on February 7, 2010, at the Kleen Energy power plant under construction in Middletown, Connecticut.
A recommendation to OSHA called for, among other things, the promulgation of regulations to prohibit the release of flammable gas to the atmosphere for the purpose of cleaning fuel gas piping.
Today, OSHA announced citations and proposed fines against construction companies and contractors at the Kleen Energy power plant construction site and announced a plan to notify natural gas power plant operators of the dangers of natural gas blows.
I was pleased that during his news conference, Dr. David Michaels, assistant secretary of labor for OSHA, stated his agency is studying the CSB recommendation to prohibit flammable gas releases during cleaning operations, and that OSHA agrees with the CSB that this problem must be addressed immediately.
Dr. Michaels stated that OSHA likely does not have the authority to prohibit the use of flammable gases during pipe cleaning operations, and that promulgating such a regulation would take years.
The CSB believes that OSHA does have adequate authority to take this action and to start the standard setting process at any time.
The CSB found that the practice of gas blows is inherently unsafe. In its investigation of the Kleen Energy accident, the CSB found that several safe alternatives to pipe cleaning are available to the industry are already in use, such as compressed air, nitrogen and the use of a solid cleaning device propelled by compressed air that is referred to as a pig. Furthermore, the CSB found companies have already begun to ban the practice. And at least one leading manufacturer of natural gas electric turbines, General Electric, has informed its customers it will not support the practice of gas blows to clear out pipes leading to the turbines. A GE official discussed this during the CSB public meeting held in June in Connecticut.
END STATEMENT
