Safety Instrumented Systems / Stuxnet

About That Safety and Security Stuff

A Plant That Can Be Easily Penetrated by an Evil-Doer, or a Plant That Can Easily Have a Cyber-Induced Accident Is, by Inspection, Not a Safe Plant

By Walt Boyes

We've been talking about safety in the process industries for more than 100 years. Yet we regularly kill at least 100 people a year in preventable accidents in the process industries worldwide. Most of these accidents happen because of human error. So often the operator's famous last words are, "Oh, <bleep!>"

We've known since the 1960s that concentrating on safety in the process industries correlates quite closely to increased productivity and profits. We can see this by examining the costs of accidents such as the BP Texas City accident in 2005, which idled large parts of the refinery for many years, or the Deepwater Horizon accident in 2010, which threatens to destroy BP as a corporate entity. Between those two accidents alone, BP has spent nearly $100 billion, so far.

Lost production caused by accidents has been estimated at well over $2 billion a year in the process industries. Yet many process manufacturing companies seem to believe that they can defer maintenance, postpone or cancel training, lay off experienced staff, and have no negative effects on the safety and productivity—and therefore profits—of their plants. And we know they are wrong.

Even some of the insurance companies are starting to ask questions about the safety policies and posture of the plant. That's a good thing. It would be a better thing if there were some internationally recognized benchmarks for what a safe plant looks like. Oh, wait, there are. ISA84 and IEC 61511 do just that. Based on the concept of functional safety, they prescribe how to design safety systems into the plant and operate in a safe condition.

A plant that can be easily penetrated by an evil-doer, or one that can easily have a cyber-induced accident is, by inspection, not a safe plant.

How many of your plants scrupulously adhere to the guidelines of these standards? How many of your plants pay only lip service to them? How many of your plants are profit-destroyers waiting to happen?

Now there's a new threat. We now know that cybersecurity attacks can penetrate even down to the controller level in process plants, power plants, the smart grid, and water and wastewater facilities.

We also know that even with all the coverage of the Stuxnet virus, companies are slow to insist that a strong security posture is a way to ensure that profits don't go away when the plant blows up.

It is obvious on the face of it that security is a safety issue.

A plant that can be easily penetrated by an evil-doer, or a plant that can easily have a cyber-induced accident is, by inspection, not a safe plant. Yet many companies in the process industries are taking a jaundice-eyed approach to security, likening it to the "huge losses" from Y2K. The conventional wisdom on Y2K, that it was a tempest in a teapot, is simply not correct. And the conventional wisdom on cybersecurity is false too. As Joe Weiss from Advanced Control Solutions points out in the cover story this month, there have been incidents, some accidental some not, and people have been killed. Now some government or other proved this point by manufacturing the Stuxnet virus.

Do we really have to kill people every so often before we figure out what Levi Leathers at The Dow Chemical Company figured out in the 1960s—that safe plants are profitable plants?

So, what should we do? Safety comes from the top. So does security. If your management isn't truly on board, you won't have safe or secure  plants. If you work in an unsafe plant, vote with your feet—go get another job. If you want to stay where you are, and if your company isn't doing all it can to provide you a safe and secure workplace, tear out this editorial and mail it to your CEO. If enough of us do that, maybe we can crowdsource a solution.