The document provides an alternative analysis of the official investigation into the Buncefield oil storage tank explosion in 2005. It questions the investigation's conclusions that failures of the automated tank gauging system and independent high level switch caused the explosion. The analysis suggests the possibility that a cyber attack compromised the control systems and led operators to believe the tank levels were normal when they were actually overflowing. It notes a US report from before the explosion outlined how control systems are vulnerable to cyber attacks, but this possibility was not investigated. The analysis argues the official report made assumptions not supported by evidence and raises doubts about the conclusions drawn.
1. Polyolefins are polymers produced from olefin or alkene monomers, with ethylene being the simplest and most common monomer. They are produced via polymerization of ethylene extracted from petroleum through cracking of longer hydrocarbon chains.
2. Low-density polyethylene (LDPE) is produced via free radical polymerization of ethylene under high pressures of 1000-3000 atm and temperatures of 200-275°C. It is used for products like bottles and tubing due to its low cost, chemical resistance, and flexibility.
3. High-density polyethylene (HDPE) is produced using Ziegler-Natta catalysts under lower pressures than LDPE. It is stronger
A project on the Mother plant of Petrochemical Industry.
110 MT per year production capacity of NCP plant at RIL- VMD. Detailed studies on Short residence time Furnaces, Distillation columns, Catalytic converters, heat exchangers etc. calculations made on process parameters and mechanical design aspects.
Presented by: Chemist / Eid koranyOwner and technical managerof Taba company for Chemical
Industries and cleaning products
in workshop on Workshop on Oleochemicals at the SemiRamis Intercontinental Hotel.
Seveso Disaster : Chemical Events , Effects and Seveso DirectivesPankaj Kumar
The document summarizes the Seveso disaster that occurred on July 10, 1976 in Seveso, Italy when a chemical plant had an uncontrolled reaction during the production of trichlorophenol, releasing a large cloud of toxic gases and chemicals including dioxins. No one died immediately, but many animals died and thousands more were slaughtered. Residents developed health issues and the area had to be evacuated. The incident led to increased safety regulations and directives for chemical plants in Europe called the Seveso Directives.
About Piper Alpha Platform
The Happening Event Timeline
Cause of the Disaster
Effect of the Disaster
Key Failures
Improvement and Prevention
Conclusion
The Flixborough disaster was the largest peacetime explosion in UK history, occurring on June 1st, 1974 at a chemical plant in Flixborough, UK. The explosion killed 28 workers and caused widespread property damage within a 6 mile radius. The public inquiry into the cause determined that the immediate cause was the rupture of a poorly designed 20-inch bypass pipe between two reactors. However, subsequent analysis suggested that the more likely cause was the presence of water in one of the reactors during startup when the stirrer was not operating, allowing an unstable water-cyclohexane azeotrope to form and violently erupt, causing the bypass pipe to fail without high pressure. The disaster highlighted the importance of considering all
This document discusses quality control testing of petroleum products. It describes how laboratory tests are broadly classified into seven groups to evaluate properties like volatility, combustion, viscosity, melting point, oxidation, corrosion, and other miscellaneous characteristics. Specific tests are outlined within each group to measure qualities like distillation behavior, flash point, octane number, viscosity, melting properties, oxidation resistance, corrosiveness, and more. Standard methods from organizations like BIS, IP, and ASTM are commonly followed.
1. Polyolefins are polymers produced from olefin or alkene monomers, with ethylene being the simplest and most common monomer. They are produced via polymerization of ethylene extracted from petroleum through cracking of longer hydrocarbon chains.
2. Low-density polyethylene (LDPE) is produced via free radical polymerization of ethylene under high pressures of 1000-3000 atm and temperatures of 200-275°C. It is used for products like bottles and tubing due to its low cost, chemical resistance, and flexibility.
3. High-density polyethylene (HDPE) is produced using Ziegler-Natta catalysts under lower pressures than LDPE. It is stronger
A project on the Mother plant of Petrochemical Industry.
110 MT per year production capacity of NCP plant at RIL- VMD. Detailed studies on Short residence time Furnaces, Distillation columns, Catalytic converters, heat exchangers etc. calculations made on process parameters and mechanical design aspects.
Presented by: Chemist / Eid koranyOwner and technical managerof Taba company for Chemical
Industries and cleaning products
in workshop on Workshop on Oleochemicals at the SemiRamis Intercontinental Hotel.
Seveso Disaster : Chemical Events , Effects and Seveso DirectivesPankaj Kumar
The document summarizes the Seveso disaster that occurred on July 10, 1976 in Seveso, Italy when a chemical plant had an uncontrolled reaction during the production of trichlorophenol, releasing a large cloud of toxic gases and chemicals including dioxins. No one died immediately, but many animals died and thousands more were slaughtered. Residents developed health issues and the area had to be evacuated. The incident led to increased safety regulations and directives for chemical plants in Europe called the Seveso Directives.
About Piper Alpha Platform
The Happening Event Timeline
Cause of the Disaster
Effect of the Disaster
Key Failures
Improvement and Prevention
Conclusion
The Flixborough disaster was the largest peacetime explosion in UK history, occurring on June 1st, 1974 at a chemical plant in Flixborough, UK. The explosion killed 28 workers and caused widespread property damage within a 6 mile radius. The public inquiry into the cause determined that the immediate cause was the rupture of a poorly designed 20-inch bypass pipe between two reactors. However, subsequent analysis suggested that the more likely cause was the presence of water in one of the reactors during startup when the stirrer was not operating, allowing an unstable water-cyclohexane azeotrope to form and violently erupt, causing the bypass pipe to fail without high pressure. The disaster highlighted the importance of considering all
This document discusses quality control testing of petroleum products. It describes how laboratory tests are broadly classified into seven groups to evaluate properties like volatility, combustion, viscosity, melting point, oxidation, corrosion, and other miscellaneous characteristics. Specific tests are outlined within each group to measure qualities like distillation behavior, flash point, octane number, viscosity, melting properties, oxidation resistance, corrosiveness, and more. Standard methods from organizations like BIS, IP, and ASTM are commonly followed.
Basic understanding of HAZOP it covers:
-Basic understanding of HAZOP
-HAZOP requirements
-How it works
-Case study
-HAZOP team
-Advantage & disadvantage
This document describes the process for manufacturing polyurethane foams. Flexible polyurethane foam is made using a continuous slab stock foaming method where raw materials like polyol, isocyanate, blowing agent, and catalysts are metered into a mixer. The mixed reactants are then poured into a moving paper mold to form a continuous foam block. Common raw materials include polyether polyols, toluene diisocyanate, carbon dioxide or other blowing agents, and tin and amine catalysts. The foam rises to its final volume through the reaction of isocyanate with water to produce carbon dioxide gas.
In modern power plants, extensive protections and interlocks are provided to isolate faulty equipment without causing further damage and allow reserve equipment to start up automatically. Protections detect abnormal parameters and trip equipment to prevent major damage. Interlocks make equipment states dependent to prevent incorrect operation. Protections include tripping the turbine for issues like high/low steam pressure, temperature, exhaust hood temperature, axial shift, differential expansion, eccentricity, pump failures, and low lubricating oil pressure.
This document provides information and guidelines for conducting bottle tests to evaluate demulsifiers for crude oil emulsions. It discusses the typical processing sequence in a gas-oil separation plant, including initial separation in a high pressure production trap and subsequent vessels. Key information needs for bottle tests are outlined, such as processing temperatures, residence times in vessels, typical water separation percentages, and crude oil properties. Factors that influence emulsion stability like aging and crude grade are also explained. The goal of the document is to train technicians on properly conducting bottle tests to formulate effective demulsifier formulations.
HIGH-TECH THERMOPLASTICS AND SUSTAINABLE SOLUTIONS FOR EV CHARGINGiQHub
Celanese Corporation is a global chemical and specialty materials company that manufactures a variety of products for industries including automotive, consumer goods, and electronics. The document discusses Celanese's portfolio of engineered materials and sustainable solutions that are applicable to electric vehicle charging infrastructure applications. Specifically, it provides an overview of Celanese's thermoplastic and elastomer materials that address the functional requirements for various EV charging components, such as charging ports, plugs, cables, and seals, including providing electrical insulation, flame retardancy, impact resistance, and thermal management. Celanese also offers long fiber reinforced thermoplastics and electrically conductive plastics that can enable lightweighting and improved thermal transfer in EVs.
This presentation is about the basics of Urea Formaldehyde. In This presentation you will find the basic method of preparing urea formaldehyde, applications of urea formaldehyde, general properties of urea formaldehyde and some latest research on urea formaldehyde.
On site and offsite emergency plans on chemicalShahrukh Vahora
This document discusses on-site and off-site emergency plans for chemical disasters. It notes that emergency planning is required by law to minimize harm to people, property and the environment. On-site plans address incidents confined to the factory, while off-site plans are needed if effects spread outside. Off-site plans involve risk assessment and committees to control incidents, provide medical support, and restore normal operations when a disaster affects the surrounding community. Regular training and drills are important to ensure emergency plans are effective.
Seveso tragedy occurred in Italy in TCP manufacturing plant,in which lethal dioxin was released to the atmosphere causing the tragedy. This occurred due to instructional violation and unawareness of the fact that runaway reaction can occur at lower temperatures.It also caused cancer and death of animals
This presentation summarizes the hydrotreating process. Hydrotreating reduces sulfur, nitrogen and aromatics in petroleum feeds using hydrogen. It has various applications including desulfurizing naphtha, kerosene, gas oil and fuel oils. The process involves reacting feeds over catalysts in fixed beds to hydrogenate contaminants like sulfur, nitrogen and olefins. Typical hydrotreating removes these through reactions like desulfurization and denitrogenation. The presentation describes specific hydrotreating processes for distillate desulfurization and kerosene smoke point improvement.
Pressure relieving valves like safety valves and safety relief valves are used in thermal power plants to prevent overpressure in pressurized systems. There are different types including safety valves, safety relief valves, and power operated relief valves. Safety valves open fully at a set pressure while safety relief valves can open proportionally. Standards like ASME Section I provide requirements for safety valve installation, capacity, materials, and settings to ensure systems are properly protected from overpressure. Safety valves are part of defense-in-depth protection schemes used in power plants to prevent accidents.
Styrene-butadiene rubber (SBR) is a synthetic rubber produced from styrene and butadiene monomers. It can be produced via emulsion polymerization (E-SBR) or solution polymerization (S-SBR). E-SBR makes up the majority of SBR production and is predominantly used in car and truck tire compounds. SBR has good abrasion resistance, aging stability, and is widely used in tires where it is often blended with natural rubber. The global SBR market was worth approximately $7.84 billion in 2015 with major producers including Asahi Kasei, Lanxess, and LG Chem.
A Hazard and Operability (HAZOP) study is a systematic technique used to identify potential hazards and operability problems in processes. It involves a multidisciplinary team systematically examining a process or operation using guidewords to identify deviations from the design intent and hazards associated with those deviations. The document provides an overview of HAZOP studies, including their objectives, methodology, terminology, and examples of their application.
This document discusses several major industrial accidents involving fires, explosions, and toxic releases from process plants. It begins by describing the 1984 Bhopal disaster in India, where a leak of methyl isocyanate gas from a Union Carbide plant killed thousands. Subsequent sections provide details on additional accidents, including the Piper Alpha oil rig fire in 1988 and the BP Texas City refinery explosion in 2005. The document outlines common hazards in process industries like fires, explosions, and toxic releases, and describes phenomena that can cause accidents such as vapor cloud explosions and BLEVE (boiling liquid expanding vapor explosion) events.
The cement production process involves several hazards at each stage from quarrying to storage that can cause injuries or health issues to workers. Safety countermeasures include proper personal protective equipment, isolating energy sources, controlling dust levels, monitoring noise exposure, and having emergency response plans in place. The document outlines the key hazards at each stage of cement production and the safety practices needed to minimize risks to workers.
An explosion occurred at a British Petroleum oil refinery in Texas in 2005, killing 15 people and injuring 170. The explosion was caused by a buildup of hydrocarbon vapors from a malfunctioning isomerization process unit. An investigation found that safety systems had deficiencies, procedures were not followed, and organizational weaknesses like inadequate training and a culture of noncompliance contributed to the accident. The explosion resulted in OSHA fines against BP and lawsuits from victims' families.
The document describes the modified Claus process for sulfur recovery. It discusses the basic Claus reaction and how the modified process improved on it with a free flame oxidation ahead of the catalyst bed and catalytic step revisions, allowing for higher sulfur recovery efficiencies of 90-99.9%. The key steps of the modified Claus process are presented as the combustion step and multiple catalytic steps. Process variations like the straight-through and split-flow configurations are described along with tail gas handling and other sulfur removal processes. Sample calculations are provided to determine the optimum operating parameters for a 80 long ton per day sulfur recovery unit using the modified Claus process.
Primary processing in petroleum refineries involves distilling crude oil into basic fractions like gasoline, naphtha, and gas oil. Secondary processing further converts and improves these fractions. It includes physical processes like distillation and chemical processes like catalytic and thermal cracking to break large molecules into smaller, more valuable ones. Thermal cracking processes like visbreaking use heat to reduce the viscosity of heavy residues while delayed coking severely cracks residues into lighter products and a carbon residue of coke. The goal of secondary processing is to upgrade the crude oil fractions and maximize refinery profits.
David Alexander - The Impact on Business Continuity of Buncefield and Eyjafja...Global Risk Forum GRFDavos
The document discusses two major disruptive events - the Buncefield oil depot explosion in 2005 and the Eyjafjallajökull volcanic eruption in 2010 - and their impacts on business continuity. It notes that the Buncefield explosion damaged over 1000 homes and disrupted over 300 businesses, while the volcanic ash from Eyjafjallajökull grounded flights across Europe, costing the aviation industry $1.7 billion in losses. The document emphasizes that having business continuity plans is crucial for organizations to withstand such disruptions, as evidenced by companies near Buncefield that were able to continue operating due to such plans. It concludes that more severe or prolonged disasters could have much broader economic implications and that organizations
An oil depot fire in Jaipur, India in 2009 caused devastating damage. [1] A leak of about 1,000 tons of petrol occurred during a transfer operation between two tanks, forming a large vapor cloud that ignited in an explosion around 7:30pm. [2] The fire spread to all 11 tanks on site over the next five days. Eleven people died and 150 were injured in the explosions and fire. Nearby homes and businesses were damaged and 500,000 people had to be evacuated. Investigations found failures to follow safety procedures during the transfer and deficiencies in the site's fire protection systems contributed to the severity of the incident.
Basic understanding of HAZOP it covers:
-Basic understanding of HAZOP
-HAZOP requirements
-How it works
-Case study
-HAZOP team
-Advantage & disadvantage
This document describes the process for manufacturing polyurethane foams. Flexible polyurethane foam is made using a continuous slab stock foaming method where raw materials like polyol, isocyanate, blowing agent, and catalysts are metered into a mixer. The mixed reactants are then poured into a moving paper mold to form a continuous foam block. Common raw materials include polyether polyols, toluene diisocyanate, carbon dioxide or other blowing agents, and tin and amine catalysts. The foam rises to its final volume through the reaction of isocyanate with water to produce carbon dioxide gas.
In modern power plants, extensive protections and interlocks are provided to isolate faulty equipment without causing further damage and allow reserve equipment to start up automatically. Protections detect abnormal parameters and trip equipment to prevent major damage. Interlocks make equipment states dependent to prevent incorrect operation. Protections include tripping the turbine for issues like high/low steam pressure, temperature, exhaust hood temperature, axial shift, differential expansion, eccentricity, pump failures, and low lubricating oil pressure.
This document provides information and guidelines for conducting bottle tests to evaluate demulsifiers for crude oil emulsions. It discusses the typical processing sequence in a gas-oil separation plant, including initial separation in a high pressure production trap and subsequent vessels. Key information needs for bottle tests are outlined, such as processing temperatures, residence times in vessels, typical water separation percentages, and crude oil properties. Factors that influence emulsion stability like aging and crude grade are also explained. The goal of the document is to train technicians on properly conducting bottle tests to formulate effective demulsifier formulations.
HIGH-TECH THERMOPLASTICS AND SUSTAINABLE SOLUTIONS FOR EV CHARGINGiQHub
Celanese Corporation is a global chemical and specialty materials company that manufactures a variety of products for industries including automotive, consumer goods, and electronics. The document discusses Celanese's portfolio of engineered materials and sustainable solutions that are applicable to electric vehicle charging infrastructure applications. Specifically, it provides an overview of Celanese's thermoplastic and elastomer materials that address the functional requirements for various EV charging components, such as charging ports, plugs, cables, and seals, including providing electrical insulation, flame retardancy, impact resistance, and thermal management. Celanese also offers long fiber reinforced thermoplastics and electrically conductive plastics that can enable lightweighting and improved thermal transfer in EVs.
This presentation is about the basics of Urea Formaldehyde. In This presentation you will find the basic method of preparing urea formaldehyde, applications of urea formaldehyde, general properties of urea formaldehyde and some latest research on urea formaldehyde.
On site and offsite emergency plans on chemicalShahrukh Vahora
This document discusses on-site and off-site emergency plans for chemical disasters. It notes that emergency planning is required by law to minimize harm to people, property and the environment. On-site plans address incidents confined to the factory, while off-site plans are needed if effects spread outside. Off-site plans involve risk assessment and committees to control incidents, provide medical support, and restore normal operations when a disaster affects the surrounding community. Regular training and drills are important to ensure emergency plans are effective.
Seveso tragedy occurred in Italy in TCP manufacturing plant,in which lethal dioxin was released to the atmosphere causing the tragedy. This occurred due to instructional violation and unawareness of the fact that runaway reaction can occur at lower temperatures.It also caused cancer and death of animals
This presentation summarizes the hydrotreating process. Hydrotreating reduces sulfur, nitrogen and aromatics in petroleum feeds using hydrogen. It has various applications including desulfurizing naphtha, kerosene, gas oil and fuel oils. The process involves reacting feeds over catalysts in fixed beds to hydrogenate contaminants like sulfur, nitrogen and olefins. Typical hydrotreating removes these through reactions like desulfurization and denitrogenation. The presentation describes specific hydrotreating processes for distillate desulfurization and kerosene smoke point improvement.
Pressure relieving valves like safety valves and safety relief valves are used in thermal power plants to prevent overpressure in pressurized systems. There are different types including safety valves, safety relief valves, and power operated relief valves. Safety valves open fully at a set pressure while safety relief valves can open proportionally. Standards like ASME Section I provide requirements for safety valve installation, capacity, materials, and settings to ensure systems are properly protected from overpressure. Safety valves are part of defense-in-depth protection schemes used in power plants to prevent accidents.
Styrene-butadiene rubber (SBR) is a synthetic rubber produced from styrene and butadiene monomers. It can be produced via emulsion polymerization (E-SBR) or solution polymerization (S-SBR). E-SBR makes up the majority of SBR production and is predominantly used in car and truck tire compounds. SBR has good abrasion resistance, aging stability, and is widely used in tires where it is often blended with natural rubber. The global SBR market was worth approximately $7.84 billion in 2015 with major producers including Asahi Kasei, Lanxess, and LG Chem.
A Hazard and Operability (HAZOP) study is a systematic technique used to identify potential hazards and operability problems in processes. It involves a multidisciplinary team systematically examining a process or operation using guidewords to identify deviations from the design intent and hazards associated with those deviations. The document provides an overview of HAZOP studies, including their objectives, methodology, terminology, and examples of their application.
This document discusses several major industrial accidents involving fires, explosions, and toxic releases from process plants. It begins by describing the 1984 Bhopal disaster in India, where a leak of methyl isocyanate gas from a Union Carbide plant killed thousands. Subsequent sections provide details on additional accidents, including the Piper Alpha oil rig fire in 1988 and the BP Texas City refinery explosion in 2005. The document outlines common hazards in process industries like fires, explosions, and toxic releases, and describes phenomena that can cause accidents such as vapor cloud explosions and BLEVE (boiling liquid expanding vapor explosion) events.
The cement production process involves several hazards at each stage from quarrying to storage that can cause injuries or health issues to workers. Safety countermeasures include proper personal protective equipment, isolating energy sources, controlling dust levels, monitoring noise exposure, and having emergency response plans in place. The document outlines the key hazards at each stage of cement production and the safety practices needed to minimize risks to workers.
An explosion occurred at a British Petroleum oil refinery in Texas in 2005, killing 15 people and injuring 170. The explosion was caused by a buildup of hydrocarbon vapors from a malfunctioning isomerization process unit. An investigation found that safety systems had deficiencies, procedures were not followed, and organizational weaknesses like inadequate training and a culture of noncompliance contributed to the accident. The explosion resulted in OSHA fines against BP and lawsuits from victims' families.
The document describes the modified Claus process for sulfur recovery. It discusses the basic Claus reaction and how the modified process improved on it with a free flame oxidation ahead of the catalyst bed and catalytic step revisions, allowing for higher sulfur recovery efficiencies of 90-99.9%. The key steps of the modified Claus process are presented as the combustion step and multiple catalytic steps. Process variations like the straight-through and split-flow configurations are described along with tail gas handling and other sulfur removal processes. Sample calculations are provided to determine the optimum operating parameters for a 80 long ton per day sulfur recovery unit using the modified Claus process.
Primary processing in petroleum refineries involves distilling crude oil into basic fractions like gasoline, naphtha, and gas oil. Secondary processing further converts and improves these fractions. It includes physical processes like distillation and chemical processes like catalytic and thermal cracking to break large molecules into smaller, more valuable ones. Thermal cracking processes like visbreaking use heat to reduce the viscosity of heavy residues while delayed coking severely cracks residues into lighter products and a carbon residue of coke. The goal of secondary processing is to upgrade the crude oil fractions and maximize refinery profits.
David Alexander - The Impact on Business Continuity of Buncefield and Eyjafja...Global Risk Forum GRFDavos
The document discusses two major disruptive events - the Buncefield oil depot explosion in 2005 and the Eyjafjallajökull volcanic eruption in 2010 - and their impacts on business continuity. It notes that the Buncefield explosion damaged over 1000 homes and disrupted over 300 businesses, while the volcanic ash from Eyjafjallajökull grounded flights across Europe, costing the aviation industry $1.7 billion in losses. The document emphasizes that having business continuity plans is crucial for organizations to withstand such disruptions, as evidenced by companies near Buncefield that were able to continue operating due to such plans. It concludes that more severe or prolonged disasters could have much broader economic implications and that organizations
An oil depot fire in Jaipur, India in 2009 caused devastating damage. [1] A leak of about 1,000 tons of petrol occurred during a transfer operation between two tanks, forming a large vapor cloud that ignited in an explosion around 7:30pm. [2] The fire spread to all 11 tanks on site over the next five days. Eleven people died and 150 were injured in the explosions and fire. Nearby homes and businesses were damaged and 500,000 people had to be evacuated. Investigations found failures to follow safety procedures during the transfer and deficiencies in the site's fire protection systems contributed to the severity of the incident.
The document summarizes several major industrial accidents that occurred between 1974 and 2009, including fires and explosions at oil and chemical plants. It then focuses on describing a major fire that took place at an oil terminal in Jaipur, India in 2009. The fire resulted in 11 fatalities and damage estimated at $60 million. An investigation committee analyzed the causes and contributing factors, and made over 100 recommendations to improve safety at oil installations. Many of the recommendations focused on engineering and operational procedures to prevent similar accidents from occurring in the future.
The fire at Mantralaya, the government headquarters in Mumbai, broke out on the 4th floor on June 21, 2012. Five people died from smoke inhalation and burns, while 14 others were injured. The fire spread to the 5th and 6th floors, destroying important government records and departments. An investigation found the fire was likely caused by a short circuit in the air conditioning system. A structural audit found the building structure was still sound. However, the fire spread due to a lack of fire safety measures mandated by law, such as sprinklers, smoke detectors, and a communication line to the fire brigade. Lessons from the incident highlighted the need for all government buildings to strictly follow fire safety codes and have disaster
Case study: Fire in IOC terminal Jaipur & IOC terminal HaziraAbhishant Baishya
This document summarizes two major oil terminal fires that occurred in India - one in Jaipur in 2009 and one in Hazira in 2013.
The 2009 Jaipur fire occurred during a fuel transfer at an Indian Oil Corporation terminal, resulting in 12 casualties and over 200 injuries. The fire raged for 11 days. The likely cause was identified as a leak during the fuel transfer process.
The 2013 Hazira fire started during welding work to repair a leak in a diesel tank. Three welders were killed. The root cause was determined to be the use of corroded plates for repairs and seepage of vapors that were ignited. Both incidents highlighted lapses in safety procedures and non-compliance
The document discusses industrial disaster management and fire hazards. It covers awareness, preparedness, mitigation, disaster response, and rehabilitation efforts. It describes fire hazards, trends in fire incidents, and classifications of fires. It also discusses safety measures, the incident command system, prevention and preparedness strategies, and rescue approaches for industrial disasters.
This document provides information on industrial accidents, including:
- Defining industrial accidents as disasters caused by industrial companies through accident, negligence or incompetence.
- Examples of major industrial accidents from various industries that caused significant damage, injury or loss of life such as the Bhopal disaster and Willow Island construction accident.
- Mitigation strategies to reduce risks of industrial accidents like hazard mapping, land use planning, and improving community preparedness.
Disaster management involves dealing with and avoiding both natural and man-made disasters through preparedness, response, recovery, and mitigation efforts. It aims to reduce vulnerabilities and impacts through organized and sustained actions to analyze and manage hazards and the underlying risks. Key aspects of disaster management include preparedness before a disaster through activities like risk assessment, warning systems, and stockpiling resources; immediate response efforts during an event; and long-term rehabilitation and reconstruction work after an event to support regrowth. Effective disaster management requires coordination and planning across different levels of government, organizations, and communities.
The document discusses High-Integrity Pressure Protection Systems (HIPPS), which are instrumented systems that can provide overpressure protection as an alternative to pressure relief devices. A HIPPS includes sensors, logic solvers, and final control elements arranged to reach a fail-safe state if overpressure occurs. HIPPS are safety instrumented systems that must meet standards like IEC 61511. They require careful documentation, design, testing and maintenance to ensure the level of protection is equal to or greater than a conventional pressure relief device system.
Planning to Avoid Failure Storage TanksOrlando Costa
This Publication Tank Storage Magazine page 105 106 from tsm sept-oct-13
Accidents involving storage tanks are unfortunately not as uncommon as people in the industry would like.
This document summarizes the costs of France's nuclear power program from 1970 to 2000. Some key points:
1) France successfully scaled up nuclear power, reaching 80% of electricity from nuclear. This was a substantial, rapid, and systemic increase in nuclear deployment.
2) The program was made possible by a unique institutional framework that allowed for centralized decision making, standardization, and regulatory stability.
3) Despite being the most successful nuclear scale-up, costs still escalated substantially over time. Specific reactor costs increased by more than a factor of three between the first and last generations. Operating costs remained stable.
4) The French case shows that large-scale, complex energy technologies face significant
The document discusses SCADA (Supervisory Control and Data Acquisition) systems which are used to remotely monitor and control critical infrastructure like power plants, oil and gas pipelines, and water treatment facilities. It outlines some security issues with SCADA including that these systems have been of interest to terrorists and nation-states due to their ability to disrupt important systems, and that insiders and simple attacks could also potentially target vulnerable SCADA networks.
Process safety risk analysis of a gas compression plant in Brindisi, Italy.Justice Okoroma
This document summarizes a safety risk analysis of a natural gas compression plant in Italy. It describes the qualitative and quantitative risk assessment methods used, including HAZOP, FMECA, ETA, and FTA. The analysis identified unacceptable risks from potential jet fire and UVCE events. Recommendations include routine maintenance of pressure sensors, safety radii around the plant, and continuous maintenance to reduce vulnerability.
OSIsoft White Paper "Impacting the Bottom Line" in O>jeerd Zwijnenberg
In a new era of heightened oil-price volatility, data and technology are crucial in helping operators cut costs and maximise value; 10 real-world examples of oil and gas innovators using data for economic effect
The document provides details from a full condition survey of the self-elevating mobile offshore drilling unit DCl-1, including an inspection of life saving equipment, firefighting equipment, escape routes, lifting gear, and other safety systems. Key findings include the need to replace wire ropes on lifeboat davits, expired certification dates for some liferafts, and missing life jackets and immersion suits in certain locations. Various minor and medium priority recommendations are provided.
This document provides an introduction to best available techniques (BAT) for reducing emissions from oil refineries. It discusses the concept of BAT and CONCAWE's view that the level of emission reduction should be based on environmental quality objectives and risk assessments, not just technical ability. The document also notes that BAT determinations should consider costs and ensure resources are targeted for optimal environmental protection. It then provides an overview of cross-media impacts, cost considerations, and refinery types and processes to provide context for the subsequent sections on air, water, waste, soil and groundwater emissions.
1) As a result of a catastrophic explosion at a fertilizer plant in West, Texas in 2013, OSHA is considering revisions to its Process Safety Management standard.
2) Two key areas OSHA may clarify are exemptions for flammable liquids in atmospheric storage tanks and using New Jersey's Toxic Catastrophe Prevention Act as a model, which defines "catastrophic release" more broadly.
3) The revisions could affect aboveground tank owners by expanding coverage, requiring stricter staffing levels, and defining equipment deficiency timelines.
TWA Flight 800 crashed into the Atlantic Ocean in 1996, killing all 230 people on board. Investigations by the FBI and NTSB found that the most probable cause was a fuel/air explosion in the center wing fuel tank, caused by a short circuit in the fuel quantity indication system wires located near high voltage wiring. The explosion resulted from the certification process allowing heat sources under the fuel tank without a way to prevent combustible fuel vapors. The NTSB issued recommendations focusing on inerting systems and wiring improvements to prevent future fuel tank explosions.
The combustion process has always been considered having the potential for a hazardous event which could lead to personnel injury or loss of production. To mitigate this risk, the process industry is now implementing Safety Instrumented Systems which can identify hazardous operating conditions and correctly respond in such a way to bring the combustion process back to a safe operating condition or implement an automatically controlled shutdown sequence to reduce the risk of operator error causing a catastrophic event. Oxygen and combustible flue gas analyzers are now being utilized in these combustion Safety Instrumented Systems (SIS) to identify hazardous operating conditions and automatically return the process to a safe state. The standards of IEC 61511 and API RP 556 will be reviewed as they apply to flue gas analyzers, as well as the process variables of the oxygen and combustible analyzer available for implementation into the SIS system for combustion monitoring, and the resultant actions required to return the process to a safe condition.
This document provides guidelines for inspecting unfired pressure vessels. It discusses inspection frequency, qualifications of inspectors, pre-inspection activities, the inspection procedure, and aspects of external, internal, thickness, stress, and pressure testing. Specific items to examine include vessel connections, structural attachments, evidence of leakage, surface condition, welded joints, and safety devices. Record keeping and common causes of deterioration are also outlined. The goal is to safely operate and maintain pressure vessels by preventing damage and improving reliability.
This document presents the protocol for a field experiment to quantify the reliability of eddy current inspections of lap splice joints performed in airline maintenance facilities. The experiment will utilize 36 lap splice specimens and 2 large aircraft panels containing simulated flaws. Inspectors from multiple facilities will perform inspections according to established protocols while being monitored. Data on inspection results and factors like inspector experience and facility conditions will be collected and analyzed to develop probability of detection curves and understand factors influencing reliability. The results are intended to provide a quantitative assessment of inspector performance under realistic field conditions.
Smarter, self-diagnostic digital safety switches for temperature, pressure, flow, and level eliminate some of the risks associated with mechanical or pneumatic actuated devices.
A report outlines a hypothetical scenario where a cyberattack on an industrial control system leads to flooding from a dam. The scenario describes how a contractor's credentials are stolen via malware, allowing an attacker to access the dam's control system. The attacker maps the network and identifies devices, then causes flooding by slightly raising water release gates without authorization. The flooding could result in significant property damage and economic losses. The report aims to raise awareness of potential "silent cyber" risks from attacks on critical infrastructure systems.
The document discusses Fault Tree Analysis (FTA), a method used to analyze potential failures in complex systems. FTA uses graphical models and Boolean logic to break down potential causes of an undesired event ("top event"). The document provides an overview of FTA methodology, symbols, history of use in industries like aerospace and nuclear power, and mathematical foundations. It also gives examples of how FTA can be used to identify critical failures, optimize reliability, and assist in system design.
Fuel tank enhancements as a means to decrease risk of fuel tank explosion on ...Mersie Amha Melke
The document discusses fuel tank explosions on commercial passenger aircraft and the FAA's final rule to address this safety issue. It summarizes 9 accidents between 1966-2008 involving fuel tank explosions, noting common factors were the presence of flammable vapor, an ignition source, and oxygen. The rule requires fuel tank designs on new aircraft to prevent explosions by eliminating one of these factors. It aims to address the risk identified in past accidents but excludes some older and cargo aircraft.
Following the 9/11 attacks, the US government implemented new legislation and programs to enhance security of the US maritime system. This included the Container Security Initiative, which aimed to screen high-risk cargo containers before arrival at US ports. New regulations like ISPS and MTSA required facilities, ships, and companies to follow security guidelines and appoint security officers. The Coast Guard also issued rules on vessel and facility security plans. However, complying with these new mandates was very costly for ports and facilities, who felt more funding was needed to implement all the required physical and personnel security upgrades.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Infrastructure Challenges in Scaling RAG with Custom AI modelsZilliz
Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Buncefield Explosion
1. An alternative analysis of theAn alternative analysis of the
conclusions of the official investigationconclusions of the official investigation
in to the cause of the Buncefieldin to the cause of the Buncefield
explosion.explosion.
Andrew Coakley
June 2015
Buncefield Aftermath
Buncefield
– Accident orCyberWarfare?
2. Executive Summary
The official investigation into the Oil
Storage Tank explosion at Buncefield
near Hemel Hempstead on 11th
December 2005 finally concluded with
the release of a report in February
2011 by the Control of Major Accident
Hazards (COMAH) from the Health
and Safety Executive (HSE),
Environment Agency, and Scottish
Environment Protection Agency
(SEPA) titled “Buncefield – Why did it
happen?”
The report summarised the findings
of The Major Incident Investigation
Board (MIIB), set up to investigate the
Buncefield explosion and whose work
was completed in 2008 and published
its final report “The final report of the
Major Incident Investigation Board”
The COMAH report also sought to
bring all of this information together
so that everyone in major hazard
industries – not just those involved in
fuel storage – can learn from this
incident, understand what went
wrong, and take away lessons that
are relevant to them.
The reports published and in the
public domain seek to attribute root
cause failures that led directly to the
explosion. These findings are based
upon methodical investigation by MIB
and have found:
• Management failings;
• Operational failings
including;
• Inadequate
documentation;
• Confused reporting;
•Human Operator Overload;
•Inadequate Maintenance;
and as the root cause, safety system failure,
of systems meant to eliminate the possibility
of Storage Tank Overflow through the
combination of manual and automatic
shutdown procedures, specifically the
investigation concluded the failure of:
• Automated Tank Gauging system (ATG)
and
• Independent High Level Switch (IHLS)
Both of these systems were meant to
provide alerts and data to the control room
SCADA monitoring and process control
system. The investigators conclusions are
based on a mix of hypothesis formulated on
previous events, interviews with key
personnel, and some data readings from
the SCADA and ATG databases.
As we shall see, the investigators based
their conclusions on potentially flawed
assumptions, what if using the events to
draw on alternative assumptions, could
alternative conclusions be drawn that might
suggest the potential of a Cyber warfare
attack on the UK Critical National
Infrastructure?
A report published by the US Department of
Homeland Security (DoHS) Control
Systems Security Centre in November
2005, a month before the Buncefield
explosion, provided an analysis of how such
systems are vulnerable to Cyber attack.
None of the officially documented reports
considered or investigated the potential
possibility of a Cyber attack on the control
systems in use at Kingsbury and Buncefield
as detailed in the DoHS study. This paper
considers that possibility.
3. The Official Buncefield Reports, Evidence,
Assumptions and Conclusions
The official investigation into the
Oil Storage Tank explosion at
Buncefield near Hemel
Hempstead on 11th December
2005 finally concluded with the
release of a report in February
2011 by the Control of Major
Accident Hazards (COMAH) from
the Health and Safety Executive
(HSE), Environment Agency, and
Scottish Environment Protection
Agency (SEPA) titled “Buncefield
– Why did it happen?”
This report by COMAH
summarised the findings of The
Major Incident Investigation Board
(MIIB), set up to investigate the
Buncefield explosion and whose
work was completed in 2008 and
published its final report “The final
report of the Major Incident
Investigation Board”
The COMAH report also sought to
bring other information together so
that everyone in major hazard
industries – not just those involved
in fuel storage – can learn from
this incident, understand what
went wrong, and take away
lessons that are relevant to them.
In addition, the COMAH report
detailed the outcomes of criminal
prosecution into the incident and
said that when passing sentence
on the
defendants at St Albans Crown
Court on 16 July 2010, the Judge,
the Hon Mr Justice Calvert-Smith,
commented that cost cutting per
se was not put forward as a major
feature of the prosecution case,
but the failings had more to do
with slackness, inefficiency and a
more-or-less complacent approach
to matters of safety.
He did not specifically mention or
consider any evidence (because
none was put to him) that
extended to the safety of
protecting critical safety systems
from malicious penetration of the
systems that could mean control of
the systems passed to external
enemies or other organisations
intent on inflicting damage to the
UK Critical National Infrastructure.
This can only be because no
evidence or investigation was ever
considered by the investigating
authorities.
4. HSE Report rr872
In it's research report rr872 the HSE
states “The MIIB has officially stated
that the reason the overfill occurred
was because the level measurement
gauge on the tank did not alter in a
three-hour period, despite the fact it
was being continuously fed unleaded
petrol via a pipeline from the Lindsey
Oil Refinery in Lincolnshire.
The third progress report as presented
in The Buncefield Incident 11
December 2005, The Final Report of
the Major Incident Investigation Board,
Volume 2, stated that findings of the
investigation into the instrumentation
and controls confirmed this.
It emphasised that in the three-hour
period prior to the incident, the level
gauge of this tank remained static,
despite there being a continuous
transfer to it.
This loss of containment (LOC) incident
was in part due to shortcomings in the
control and instrumentation, and in
particular the failings of the tank
gauging system in place on the tank
that monitored the level of fuel stored in
that tank. “
The report provides a very
comprehensive expose on the various
types of mechanical and electrical
systems available for storage tanks in
the UK and beyond.
It closes on page 33, at section 6.2.3
where there is a brief discussion on
communication system software where
it states that the most common
software used to bring information from
tanks to the control room was ENRAF.
ENRAF is a Honeywell Inc product
prevalent in the market. The report
however whilst acknowledging
complexity provides no thought or
guidance as to it's potential
vulnerabilities to information corruption
or usurpation. The core solution at
Buncefield was TAV for the Servo Gage
and Cobham for the High Level Switch
(HLS).
Nowhere in the HSE report is system
security considered as a factor for HSE
concern, in spite of the fact that it is the
rules within the system software that
determine whether an alarm is
triggered, and the vulnerabilities of
such systems to malicious penetration
are now well publicised.
5. 3rd Progress Report – Instrumentation and
Control Systems.
At section 1.3 of the 3rd
Progress
Report titled “Instrumentation and
control systems”, a narritive is
provided about the control SCADA
system in use, it is worth noting what
was said:-
“13 Tank 912 was fitted with
instrumentation that (among other
things) measure and monitored levels
and temperatures of the liquid in the
tank. The instruments were connected
to an automatic tank gauging (ATG)
system in common with all the other
tanks on the site. Tank levels were
normally controlled from a control
room using the ATG system.
14 A servo level gauge measured the
liquid level. The temperature of liquid
in Tank 912 was measured using a
temperature sensor.
15 The ATG system enabled the
operator to monitor levels,
temperatures and tank valve
positions, and to initiate the remote
operation of valves all from the control
room on HSOL West site. The ATG
system was also able to trend data
and had an event logging system,
integrated with the alarm system. The
ATG contained a large database
which recorded levels, temperatures,
alarms, valve positions, and other
related information indexed against
times and dates for a user-
configurable period which can be
several months.
The records from this database are
providing valuable information for the
investigation.
16 The tank also had an independent
safety switch, which provided the
operator with a visual and audible alarm
in the control room when the level of
liquid in the tank reached its specified
maximum level (the ‘ultimate’ high level).
This alarm also initiated a trip function to
close valves on relevant incoming
pipelines. The ultimate high level safety
switch on the tank sensed when the
liquid reached its specified maximum
level, should all other alarms and
controls fail to prevent this. Its purpose
was to provide an alarm to operators in
the control room and to initiate
automatic shutdown of delivery once the
maximum level was reached. The switch
was intended to alert the control room
operator via a flashing lamp (one for
each tank) and an audible buzzer. In
addition, the ultimate high level safety
switch alarm signal from any overflowing
tank in HOSL West would be sent to
computer control and instrumentation
relating to both the FinaLine and BPA
pipelines.
Of interest here is the database
mentioned in section 15 is never
referred to in any of the other
documents except in Mr Justice Steels
sumization where expert evidence was
provided by Samuel Sudler of Total and
and Dr Harri Kytomaa a mechanical
engineering specialist. What the
evidence was is not explained.
6. 3rd Progress Report – Instrumentation and Control
Systems Cont.
“19 Examination of the records for Tank
912 from the ATG system suggest an
anomaly. A little after 03.00 on 11
December, the ATG system indicated
that the level remained static at about
two thirds full. This was below the level
at which the ATG system would trigger
alarms.
20 However, the printouts from the BPA
SCADA systems indicate that the T/K
South line was delivering a batch of
8400 m3 of unleaded petrol, starting
around 19.00 the previous evening (10
December). The delivery was being
split between Tank 912 at the HOSL
West site and BPA’s site at Kingsbury,
giving a flow rate to Tank 912 of around
550 m3/hour. These SCADA printouts
further indicate that approximately
seven minutes before the incident, the
Kingsbury line was closed, leading to a
sharp increase in the flow rate to Tank
912 to around 890 m3/hour.
21 At the time of the incident, automatic
shutdown did not take place.
22 Examination of the valve positions
shown by the ATG database confirm
that the inlet valve to Tank 912, which
was connected to the BPA petrol
manifold, was open at the time of the
incident. Based on this evidence, it is
concluded that Tank 912 was still filling
after 03.00.
.17 When the BPA site received an
alarm/trip signal from the HOSL
West site, the BPA computer
control system should have closed
the relevant pipeline manifold
valve feeding in product to the
tank(s) on the HOSL West site.
BPA also had a high-level
supervisory control and data
acquisition (SCADA) system,
which had the facility for alarm and
event logging both locally at
Buncefield and remotely at the
BPA control centre at Kingsbury,
Warwickshire.
18 An override keyswitch in the
HOSL West control room could be
used to inhibit the alarm/trip signal
to BPA during testing of the
ultimate high level safety switches.
Putting the keyswitch in the
override position would illuminate
a red lamp on the annunciator
panel.”
This then should have been the
process of control for managing
tanks and associated alarms. The
report in the next section 1.4
discusses the resulting evidence
from those control systems as
follows:-
7. 3rd Progress Report – Instrumentation and Control
Systems Cont.
23 Temperature records also provide
evidence that the inflowing fuel was
warmer than the tank contents.
Records for Tank 912 show the tank
temperature continuing to rise after
03.00, supporting the above conclusion
that the product was still feeding into
the tank from the pipeline.
24 The evidence to date is consistent
with continued filling of Tank 912 after
03.00, despite the ATG system showing
a static level reading. On the basis of
calculations, Tank 912 would have
been completely full at approximately
05.20, overflowing thereafter. This
timing is entirely consistent with CCTV
evidence and eyewitness accounts
reporting on a dense vapour cloud at
various times between 05.38 and
06.00. The overflow of unleaded petrol
would therefore have been in the order
of over 300 tonnes by 06.00.
25 Simulation of the ultimate high level
tank alarms (from the relevant electrical
substation on site) and tests on the
annunciator panel and the link to BPA
prove that they worked normally. Tests
on the override switch found that it had
no effect on the audible and visual
alarms from the annunciator, but it did,
when switched to override, inhibit the
alarm/trip signals being sent to BPA.
26 Information from the BPA SCADA
system indicates that no ultimate high
level alarm was received from HOSL
West, but it has not been possible to
test the ultimate high level safety switch
or intervening wiring between Tank 912
and the substation, as they have been
damaged in the fire. However, the
switch has very recently been
located, but it has not yet been
possible to recover it. When it is, it
will be subject to forensic
examination.”
No evidence or follow-up to this
forensic examination has been found in
the reports that can determine the
validity of the assumption regarding the
high level switch operating condition,
the reports indicate that it was not
paddlocked in position following a
recent test however the forensic
examination report does not appear
anywhere.
8. Alternative Assumptions forConsideration
The official investigation of the
Buncefield explosion is predicated on
the failure of 3 independent
electromechanical and IT systems built
to Safety Impact Level (SIL) standards.
It is by and large built upon
assumptions that
1. The servo level gauge became
stuck and continued to send
incorrect data to the TAV ATG
system showing a static level of
tank 912 contents, it is assumed
the ATG system was immune
from attack;
2. The HLS failed to function correctly
– however the switch forensic
analysis has not been published
in the reports, therefore what if it
did work correctly mechanically?
3. The SCADA systems in use at
Kingsbury and HOSL were
secure and immune from Cyber
attacks, however, if the Servo
Level Gauge and HLS did
actually work correctly one or
more of the SCADA systems
and or the ATG Data must have
been compromised.
But how could this have happened?
In a report published in November 2005
entitled “Common Control System
Vulnerability” the Control Systems
Security Center (CSSC) and National
SCADA Test Bed (NSTB) programs on
behalf of the US Department of
Homeland Security advised they had
discovered a vulnerability common to
control systems in all sectors that
allows an attacker to penetrate most
control systems, spoof the operator,
and gain full control of targeted system
elements. This vulnerability has been
identified on several systems that have
been evaluated at Idaho National
Laboratory, and in each case a 100%
success rate of completing the attack
paths that lead to full system
compromise was observed. Since
these systems are employed in multiple
critical infrastructure sectors, this
vulnerability is deemed common to
control systems in all sectors.
The following information is taken from
the DoHS report.
Usually, such penetration attacks follow
a phased approach including
reconnaissance, traffic analysis,
profiling of vulnerabilities, launching
attacks, escalating privilege,
maintaining access, and covering
evidence.
Once the attacker gains access to the
control network through vulnerabilities
in the business LAN, another phase of
reconnaissance begins with traffic
analysis within the control domain.
Thus, the communications between the
workstations and the field device
controllers can be monitored and
evaluated, allowing an attacker to
capture, analyse, and evaluate the
commands sent among the control
equipment. Through manipulation of
the communication protocols of control
systems an attacker can then map out
the control system processes and
functions. With the detailed knowledge
of how the control data functions, as
well as what computers and devices
communicate using this data,
9. the attacker can use a well known Man-
in-the-Middle attack to perform
malicious operations virtually
undetected and gain full control of
targeted system elements.
This method was used by INL to gather
enough information about the system to
craft an attack that intercepts and
changes the information flow between
the end devices (controllers) and the
human machine interface (HMI and/or
workstation). Using this attack, the
cyber assessment team has been able
to demonstrate complete manipulation
of devices in control systems while
simultaneously modifying the data
flowing back to the operator’s console
to give false information of the state of
the system (known as “spoofing”)
This clearly has the potential to form
the basis of an attack at Kingsbury
Central SCADA and hence to
Buncfield whereby the ATG system
could have been corrupted and false
data was inserted into network traffic
to spoof the SCADA system into
believing the tank 912 contents were
less than they really were,
suppressing any alarms to the
SCADA control systems at both
Buncefield and hence Kingsbury.
Network Reconnaissance and Data
Gathering
Once access has been obtained on the
control system network, be it via the
business LAN or some other plausible
attack vector (vendor channel, wireless,
dial-in access, etc), network
reconnaissance is used to gather the
information required to develop a plan
of attack. By passively scanning,
listening, and gathering communication
traffic (i.e., protocols), the attacker is
able to obtain an initial inventory
regarding the architecture components
in the control network, as well as direct
insight into the communications used
by the control devices on the network.
After enough information has been
gathered, the attacker can begin
decoding and assessing the system
information flow. This process of
passively listening to network traffic is
often referred to as ‘sniffing’.
In order to communicate with the end-
point field devices, the application
always communicated directly with the
device-specific controllers. This
identified a critical path on the flow of
system information between the
controllers and/or field devices and the
workstation. Decoding the
communications within this flow of
information is the key to understanding
the system and more importantly,
verifying targets on the control network.
In order to break the communication
layer, the control network traffic had to
be monitored and dissected to develop
a greater understanding of how the
components communicate.
Alternative Assumptions forConsideration (cont)
10. At Buncefield the SCADA system is
connected to each location system by a
point-to-point communications circuit.
Each circuit is implemented as an
analog leased line, with automatic dial-
up fallback. Supplementary dial-up
circuits are also provided. This could
represent a security flaw giving an
attacker potential network access
via a modem dial in.
Reverse Engineering
To reverse engineer a protocol,
communication packets are captured
by the attacker using the compromised
machine on the control network and
dissected to identify the inner working
of the communications. Each packet
contains all the required components to
operate and control the field devices.
The critical aspect of each protocol is to
understand how the packet is put
together and identify which pieces (bits)
within the packet are the commands for
controlling the equipment. These
pieces are identified through reverse
engineering of the protocol, which
allows the attacker the ability to
manipulate each packet as required.
Because Control Systems were
historically “closed” data sent to and
from control devices and to the
operator consoles was usually
considered valid. Each control system
network component could theoretically
communicate with any other
component without any verification of
sender or receiver, such trust has
obvious implications were these
systems to be penetrated, new data,
with possible harmful instructions,
would be
accepted by the target resource and
command would be executed. This is
known a s a “replay attack”
The final task of successfully inserting
the modified rogue traffic into the data
stream requires that the information
flow be uninterrupted.
In order to use the information and
insert the modified packets into the
information flow, a Man-in-the-Middle
attack must be carried out.
Man-in-the-Middle Attack
A Man-in-the-Middle attack requires the
use of the address resolution protocol
(ARP) and an in-depth understanding
of the protocol to be manipulated. (In
the Buncefield case this would be the
TAV ATG system protocols, Allen
Bradley PLC’s and I/O’s) The ARP
Man-in-the-Middle attack is a popular
method used by an attacker to gain
access to the network flow of
information on a target system. This is
done by attacking the network ARP
cache tables of the controller and the
workstation machines. Using the
compromised computer on the control
network, the attacker poisons the ARP
tables on each host and informs them
that they must route all their traffic
through a specific internet protocol (IP)
and hardware address (i.e., the
attacker’s machine). By manipulating
the ARP tables, the attacker can insert
his machine between the two target
machines and/or devices.
11. The Man-in-the-Middle attack works by
initiating gratuitous ARP commands to
confuse each host (referred to as ARP
poisoning). These ARP commands
cause each of the two target hosts to
use the Media Access Control (MAC)
address of the attacker as the address
for the other target host. When a
successful Man-in-the-Middle attack is
performed, the hosts on each side of
the attack are unaware that their
network data is taking a different route
through the attacker’s computer. The
attacker’s computer then needs to
forward all packets to the intended host
so the connection stays in sync and
does not time out. Figure 1 illustrates a
typical Man-in-the-Middle attack in the
Buncefield scenario.
Figure 1. Man in the Middle
The Man-in-the-Middle attack is
effective against any switched network
because it effectively puts the
attacker’s computer between the two
hosts. This means the hosts send their
data to the attacker’s computer,
thinking it is the host to which they
intended to send the data. After the
ARP tables on both target hosts have
been successfully poisoned, the
program shuttles packets back and
forth between the target hosts.
This ensures that all of the current
applications on the target hosts will
continue to work properly. During the
shuttling process, every packet
destined for either target host is
processed through the attacker’s
machine and can be manipulated
(packet crafting) to send specific
commands to each host. In the case of
Buncefield, this meant that the ATG
system traffic could have been
intercepted and replaced with tank level
data that did not change even though
the actual tank level was rising.
The ATG system in the control room
would show a consistent level measure,
which is in fact what happened.
When considering the activities an
attacker will perform during a system
compromise, one key element is to
maintain covert activity and remove
evidence of the attack wherever
possible. Bearing in mind that cyber-
based attacks on control systems are
unique in that they are ‘digital’ attacks
that manifest themselves in ‘physical’
actions, manipulation of the operator’s
information is vital to the success of the
attack. Control of the information that is
accessible by the operator is required
to hide the attack. During the earlier
data capture phase of the attack, data
reflecting normal operations in the
control systems are harvested and can
be played back to the operator as
required. This will ensure that the
operator’s console will appear to be
normal and the attack will go
unobserved as the information
presented to the operator via the HMI.
12. The design of the BPA SCADA system
was undertaken by SC Scicon (a UK
company since acquired by EDS) with
support from BPA staff.
The solution was based on SetPoint Inc
SETCON process control software, a
proprietary product from SetPoint
headquartered in Houston, Texas,
(Since acquired by InfoPlus).
The core SCADA system was located
in Kingsbury , with six location systems
installed at the major plant sites along
the BPA pipeline, one of which was
Buncefield.
The SETCON software was hosted on
a DEC VAX with VMS operating
system. The interface to SETCON
processes was via another SETCON
product SETCON GCS a graphics
based operator interface running on
IBM PC’s. In addition to the core
pipeline SCADA system, additional BPA
pipeline specific applications were
written by SC Scicon in Fortran.
The DEC VAX was hosted on MicroVax
3500 as a hot standby pair with 4 IBM
PS/2 operator terminals. (Kingsbury)
At each location a MicroVaxII was
installed running SETCON with an
operator terminal and an associated
data acquisition system (DAS) . The
DAS is based on an IBM PC .
The core SCADA supervisory system is
connected to each location system by a
point-to-point communications circuit.
Each circuit is implemented as an
analog leased line, with automatic dial-
up fallback. Supplementary dial-up
circuits are also provided.
BPA SCADA Functions
During normal operation, when the
pipeline is controlled by operators at the
supervisory system, each location DAS
acquires plant data twice a second and
passes them to its respective location
system, where it is used to update the
SETCON data base.
The core SCADA supervisory system
then receives sets of plant data from all
the location systems upwards of every 3
sec to give it a complete picture of the
state of the entire pipeline. The SCADA
and custom applications software in
every computer then acts on the data
held in its SETCON data base,
exchanging data with other computers
as required.
Should a location system fail, the local
DAS can bypass the location computer
and pass the plant data directly to the
core SCADA supervisory system, thus
enabling the operators to continue to
control the pipeline. The only
degradation suffered in this case is that
the automatic control facilities normally
performed by the location system are
not available. This could also be a
potential safety/security flaw initself
were for example the Buncefield SCADA
inoperable would the Cobham High level
switch work as designed?
If for any reason the entire supervisory
system is unavailable, fallback operator
terminals are provided at Kingsbury for
the operators to log on to the location
systems via the supplementary dial-up
circuits.
The BPA SCADA Supervision Control System
13. This enables them to control the
location systems directly.
Under these circumstances, the events
and alarms detected by all the locations
systems are logged on a central printer.
The final fallback facility provided for
the operators is the ability to connect
directly to a DAS from a remote
terminal and to examine the plant
inputs and issue either single controls
or to execute predefined sequences of
controls.
This ability to connect directly to a DAS
from a remote terminal (one which
could be controlled potentially by an
external aggressor host) could provide
another mechanism to insert corrupt
data to send to the local and or central
SCADA system, and issue spurious
control commands. The SCAD A
interface itself could also be controlled
by a remote host to suppress
processes such as visual and audio
alarms. At Buncefield no Alarms
were raised because it is said the TVA
Gauge was stuck - an alternative
explanation could be that an attacker
either changed data readings of tank
levels and or suppressed the SCADA
alarm processes then covered their
tracks.
SC Scicon Provided SCADA
applications.
In addition to the “out of the box”
processes provided by SETCON, SC
Scion wrote some custom functions for
BPA.
Of particular note is the Parcel Tracking
function.
The parcel-tracking function not only
provides graphical displays and reports
of the positions of parcels within the
pipeline system, but also monitors the
actual progress of the batches against
the schedule. It then warns the operator
of any potential mis-routings and of any
differences between scheduled and
actual movements, thereby reducing
the risk of erroneous movements.
When viewed against the 3rd Progress
Report findings on page 6, paragraph
20 of this paper, should the central
SCADA system have picked up the fact
that a parcel delivery had been vastly
increased in flow rate into tank 912? Or
was this function maliciously
suppressed?
The system went operational late 1990
well before the internet age when
security against intruder penetration
was less of a consideration in
commercial operations than it is today.
By 2005 the architecture of the
business LAN and control system
could well have been connected
although even if it was not
vulnerabilities in the DEC VAX
operating system could have left the
system open to attack from the outside
using well publicised hacking
techniques.
14. Conclusion:
The Buncefield investigation focused its attention by far on the immediate blast
location, and suggested electro-mechanical failure, operator neglect and poor
testing procedures. In all probability, the results of the investigation arrived at the
correct conclusion. However, should it in fact have focused more effort on the
Kingsbury SCADA system, local SCADA and AGT systems for signs of attack
even if it was to discount it.? Failure to have done so must leave an element of
doubt in the Investigation result, even if such an attack was highly improbable.
References:
The Buncefield Incident 11 December 2005: Volume 1; The final report of the Major
Incident Investigation Board ISBN 978 0 7176 6270 8 (2008)
The Buncefield Incident 11 December 2005 The final report of the Major Incident
Investigation Board Volume 2 ISBN 978-0-7176-6318-7 (2008)
The Buncefield Investigation: Third progress report
COMAH Control of Major Accident Hazards: Buncefield: Why did it happen?
(February 2011)
Identification of instrumented level detection and measurement systems used with
Buncefield in-scope substances Research Report 872 Health and Safety
Executive.
http://www.ogj.com/articles/print/volume-90/issue-13/in-this-issue/general-interest/uk-pr
: Oil and Gas Journal 30/03/1992
Beginners Guide to VAX/VMS Hacking: ENTITY / Corrupt Computing Canada (c)
September 1989
The High Court Of Justice Queen's Bench Division Commercial Court: Case No:
2007 FOLIO NO 1057 ; 20/03/2009 Mr Justice David Steel : Colour Quest Limited
And Others( Claimants)
- And -
(1) Total Downstream UK PLC
(2) Total Uk Limited
(3) Hertfordshire Oil Storage (Defendants)