Senate Testimony on the Chemical Industry CWHIBgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Just some lite reading material. I have Edited it a bit
U. S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD
Senate Special Committee Chemical Reports Online
Year 2000 Computer Technology Problem
And Chemical Safety Issues
Gerald V. Poje, Ph.D.
U.S. Senate Special Committee on the Year 2000 Technology Problem
United States Senate
Trenton, New Jersey
May 10, 1999
Good afternoon, Mr. Chairman and Senator Lautenberg. I am Gerald V. Poje, Ph.D., one of four members nominated by the President and confirmed by the U.S. Senate to the U.S. Chemical Safety and Hazard Investigation Board (CSB).
The U.S. Chemical Safety and Hazard Investigation Board, at the request of Senators Bennett and Dodd of the U.S. Senate Special Committee on the Year 2000 Technology Problem, has investigated the issues of chemical safety and the year 2000 computer technology problem.
The board members have reviewed and approved the report which is available via Adobe Acrobat at the Chemical Safety Boards website: http://www.csb.gov/y2k/y2k01.pdf.
In synopsis, the Year 2000 Problem is a significant problem in the chemical manufacturing and handling sector. All enterprises with sufficient awareness, leadership, planning, lead time, financial and human resources are unlikely to experience catastrophic failures and business continuity problems unless their current progress is interrupted or there are massive failures of utilities. Many larger corporate entities fit this profile. The overall situation with small and mid-sized enterprises is indeterminate, but efforts on the Y2K problem appears to be less than appropriate based upon inputs from many experts. While the impact of the Risk Management Plans should be positive, there are no special emphases or even specific mention of Year 2000 technology hazards in either U.S. Environmental Protection Agency (EPA) or Occupational Safety and Health Administration (OSHA) regulations regarding process safety. Federal agencies are aware of and involved in Year 2000 technology and chemical safety issues. However, significant gaps exist, and there do not appear to be specific plans to address these gaps.
Scope of Issues
The Expert Workshop, as well as the research conducted for our report, concluded that the Year 2000 problem is one of major proportions and has the potential for causing disruption of normal operations and maintenance at the nations chemical and petroleum facilities. Compliance activities reported to the Chemical Safety Board to date have not found a single failure (embedded microchips or software) which by itself could cause a catastrophic chemical accident. However, it is unclear what the outcome might be from multiple failures, e.g., multiple control system failures, multiple utility failures, or a combination of multiple utility and control system failures. Surveillance of the industrial sector that handles high hazard chemicals is insufficient to draw detailed conclusions applicable to all localities.
One theme upon which experts agree is that failures from Y2K non-compliance at small and mid-sized enterprises is more likely. The reason is a lack of awareness regarding process safety in general and the Y2K impact in particular, lack of resources, and technical know-how for fixing the problems. Given the time constraints, altering this situation would require a massive effort. The Board has concluded that this effort should focus on: 1. providing easy-to-use tools, 2. promoting accessible resources, and 3. providing attractive incentives for Y2K compliance efforts. Additional efforts should be the focus of an urgent meeting of agencies convened by the Administration.
The potential for catastrophic events, at US chemical process plants, stemming from Year 2000 non-compliance, can be divided into three categories: failures in software or embedded microchips within the process plants, external Y2K-related problems (e.g., power outages), and multiple Y2K-related incidents that may strain emergency response organizations. A check list of devices to be assessed for Year 2000 compliance at a chemical plant is identified in Appendix A.
While existing disaster recovery plans focus on loss of data centers, facilities, or communications circuits, Year 2000 contingency planning must focus on loss of external services and multiple simultaneous occurrences. With Y2K issues, problems will be more complex and they will happen simultaneously. Unpredictable human behavior will make them worse. The same problem may occur in multiple places, and some problems will ripple into other areas threatening health and safety, individual business continuity and supply chain failures.
The CSB conclusions vis-à-vis large and multinational companies should not be construed to mean that there is no potential for Y2K-related catastrophic events at these facilities. It is possible that some Y2K-impacted components may not have been identified, compliance programs may not achieve 100% completion before critical dates, or multiple failures that may not have been considered may result in accidents.
In addition, the erosion of commodity pricing, merger and acquisition activity and loss of critical Y2K staff through 1999 may create unique threats to successful completion of Y2K projects.
The major control and instrumentation vendors canvassed in our study are involved in an extensive program to provide Y2K compliance for their products. There is, however, reason to believe that some independent control systems integrators may have developed and implemented control systems for which there is little or no documentation of Y2K-related vulnerabilities. In addition, some vendors are no longer in business or not as cooperative as the major control and instrumentation vendors.
- After the Bhopal, India disaster in December 1984, Congress enacted Title III of the Superfund Amendments and Reauthorization Act (SARA) in 1986. SARA Title III required states to establish state and local emergency planning committees (LEPCs), mandated that facilities must make information on hazardous chemicals available to the public, created basic research programs at universities, and established training programs for workers and emergency responders. Additional catastrophic failures in the United States during 1988 and 1989 prompted the 1990 Clean Air Act Amendments which established: a general duty obligation in regard to process safety, OSHA Process Safety Management (PSM) rule, the EPA Risk Management Program (RMP) Rule, and the formation of the Chemical Safety and Hazard Investigation Board.
- If Y2K failures become sufficiently apparent in 1999-2000, policy makers likely will need to consider three major issues: 1. The absence of adequate data regarding Y2K compliance, despite widespread recognition of the problem, deadlines for compliance and consequences, 2. Inadequate application of established principles for managing process safety in facilities, particularly as it relates to automation and information technologies, and 3. Gaps in process safety training, technical assistance, and research, particularly as it applies to small to medium sized facilities and those in low income and minority communities.
The following recommendations were developed based on input from the workshop attendees and research conducted during the CSB Y2K study.
Executive Administrative Agencies
- The Administration should promote the development of an information clearing-house. Information such as checklists and lists of devices or equipment susceptible to Y2K failures should be provided specific to industry sectors. A Federal government agency should be a focal point for the clearing-house in coordination with other public and private entities, and thereby shielding organizations that provide Y2K-related information from the threat of lawsuits.
- The Presidents Council on the Year 2000 should coordinate a contingency planning phase to build public awareness and promote the ability of emergency response infrastructure at the federal, state, and local levels. The U.S. Environmental Protection Agency (EPA) should promote the development of contingency plans to assure capable emergency response and promote communications among facilities, local governmental agencies and the nearby communities should problems arise. Federal initiatives should include the organization of regional conferences focusing on ways to assess risks appropriately and how to prioritize which systems and facilities pose greater risks.
- EPA and the Occupational Safety and Health Administration (OSHA) and other safety organizations should increase Y2K awareness in small and mid-sized enterprises (SMEs).
- All processors that will run through the transition should have plans and sufficient and trained staff on hand to manually take control of the process. Facility managers should be prepared to shut down the process quickly and safely should control problems occur. Manual operations, especially over extended periods of time, may require significant changes in staffing and comprehensive training of managers, operators and other workers.
- Batch processors should consider delaying batches involving hazardous materials that will be in the process as the clocks turn to 2000, and at other sensitive dates, for processes where testing was not done or testing results were inconclusive.
- Chemical workers, emergency responders and local governmental agencies that focus on environmental health and emergency response should be provided with training and tools (e.g., guidelines, checklists, and software) to address Y2K issues.
- Facility managers should phase-in and coordinate shut downs, resulting either intentionally as a safeguard against Y2K-related failures or as a direct result of Y2K failures, and startups with local utilities and agencies, including emergency response agencies and Local Emergency Planning Committees.
- Power outages and other utility failures could constitute as much of a threat, or even more so, than internal process plant Y2K-related failures. Thus, utilities and oversight agencies should expend every effort to preserve the integrity of the national power grid system, local power supplies and other appropriate utilities. Chemical facilities individually and aggregately can exacerbate unusual loading patterns and minimum generation condition on the electrical grid. Therefore, contingency plans for utilities and chemical facilities should incorporate specific elements for cross sector communication.
In summary, the Year 2000 technology problem is a significant problem in the chemical manufacturing and handling sector, posing unique risks to business continuity and worker and public health and safety. All enterprises with sufficient awareness, leadership, planning, financial and human resources are unlikely to experience catastrophic failures and business continuity problems unless their current progress is interrupted or there are massive failures of utilities. Many larger corporate entities fit this profile. The overall situation with small and mid-sized enterprises is indeterminate, but efforts on the Y2K problem appears to be less than appropriate based upon inputs from many experts. Federal agencies are aware of and involved in Year 2000 technology and chemical safety issues. However, significant gaps exist, and there do not appear to be specific plans to address these gaps.
-- Brian (email@example.com), May 17, 1999
Damn. Not good news.
yes - no single point embedded failures have been found - disasters rarely happen when only one thing fails. Every one I've aware off happens exactly as stated: multiple - seemingly unrelated things happen at the right time, combined with human intervention at the wrong time, combined with unusual events.
Sorry, there are no happy answers in this report.
-- Robert A. Cook, PE (Kennesaw, GA) (firstname.lastname@example.org), May 17, 1999.
Moderation questions? read the FAQ