Integrated Safety, Security Unify Workers, Technology
By Gregory Hale
Abu Dhabi Gas Development Company knew they had to hike the domestic gas supply in the Emirate, so they created the Shah Gas Development Project. When it reaches full production in 2014, the site will process 1 billion cubic feet of gas per day.
But there is a catch.
The site, which Abu Dhabi Gas has owned for over 40 years, has dangerously high levels of hydrogen sulfide. This prevented the subsidiary of Abu Dhabi National Oil Co. (ADNOC) from extracting the gas a long time ago. That energy source is increasingly vital for domestic and industrial growth in the region.
To get the gas out of the ground and producing energy, and to keep the potentially-volatile plant and all its workers productive and moving forward, ADNOC wanted an integrated safety and security solution that could help corral the potential danger lurking underneath the ground. All it would take was one split second for a disaster to appear.
Simply put, integrated plant safety and security is a symbiotic relationship between people and machines. They have to work together, understand each other and act as one. Top-notch technology is key, but equally important is human understanding and development.
Humans and technology have individual roles in the production process, and each is one link in a chain of events that lead to a safe and secure plant operation. Increasing productivity and allowing for greater production to enhance profitability is the goal, along with eliminating as much unplanned downtime as possible.
Each link in that chain adds an additional layer of protection capable of building a safe, secure and very profitable operation.
Ensuring safety requires reducing the risk of incidents, faults and failures that can disrupt normal operations. This effort goes far beyond installing fail-safe controllers, a safety instrumented system, a firewall and anti-virus. To eliminate the threat of a serious or catastrophic incident, it is important to consider safety and security from all aspects of a plant’s operation.
Safety and security go hand-in-hand. Safety protects people from machines, and security protects machines from people. A system under attack not only means the process is in danger, but it also means the safety of plant workers and the surrounding area could be in peril.
“Layers of protection describe how no one specific technology is going to be perfect or will guard against every single threat, or if they do guard against multiple threats, there will be holes,” said Scott Hillman, manager of the Global Technical Assistance Center (GTAC) at Honeywell Process Solutions. “That is obvious when we read about cyber security attacks in the newspaper every day. People are finding new and ingenious ways to get through a layer, and thus the idea is the next layer will stop that threat and will prevent that accident from occurring and will prevent that threat from getting through. By creatively layering these different defenses together in a complete, holistic approach and strategy, you can maximize the risk reduction you are taking in the plant and minimize costs and resources invested.”
The idea of an integrated safety and security program can scare off those who need one the most. It is a foreign concept in an industry that shies away from change.
So, where can a user start to plan for an integrated safety and security program?
“It really depends on the entry point and where the manufacturer is,” Hillman said. “It depends on if it is a new or greenfield facility versus a brownfield facility. There are many different approaches depending on the nature of the threat that you are trying to examine and the overall perspective.”
“In the security world, we will talk about a security vulnerability assessment — an SVA. In the process safety world, we have used a HAZOP (Hazard and Operability study) or process hazard analysis (PHA). There are other techniques. One technique to examine the multiple layers of protection for an integrated approach is the layer of protection analysis or LOPA. It really depends on the site’s objectives, perceived threats, and where they feel comfort at a certain layer of protection and a given perceived threat,” Hillman said.
“The first and most important aspect in defining a defense-in-depth strategy is to conduct a risk assessment to understand where vulnerabilities may exist,” said Shawn Gold, global solutions leader of Open System Services for Honeywell Process Solutions. “By identifying potential threats, the sources, types and likelihood, you can then design and implement a strategy that works for your business, and then make sure you are managing it on an ongoing basis and keeping it current.”
“The multiple layers involved in that include anti-virus, patch management, intrusion protection, intrusion detection systems, physical security, and limiting use of USBs when necessary. Authentication requirements should be established to make sure user accounts are set up properly to ensure only people that have appropriate access to control stations and systems have the ability to log in,” Gold said. “The strategy needs to involve multiple layers and deploy tactics to safeguard the plant, and that is what makes up a good defense-in-depth policy.”
When it all comes down to it, how can the end user and the system provider work together to create a complete plan of attack to keep the plant safe and secure?
“Providing a layer of protection is like an onion,” said Erik de Groot, manager with Safety Systems at Honeywell Process Solutions. “On the inside, we have stable control, and we have layers of protection around that center or system.”
That sphere of protection goes beyond applying layers. The team has to provide the correct protection for the individual process.
“It can be applications like boundary management and alarm management, each providing an extra layer of security and safety to the plant,” de Groot said. “On the outer side of that onion, we have (Honeywell’s) Safety Manager. It can be used as an emergency shutdown system. The next shell around that is the mitigation system, and there Safety Manager can be used as a fire and gas system, providing mitigation actions in case of an event in your facility. Next is the outer layer that is providing physical security. This consists of access control, radar control and video surveillance. That information can all be fed back into the central system, and Safety Manager is a crucial part of it, as is the fire and gas system.”
Focus on the Process
At the core of this sphere of protection is process design, which brings together the business, safety and production parameters needed for productive and profitable operations. Managing those assets ensures the process design continues to function normally while protecting the plant from incidents with an early indication of failing assets.
In a plant operation, no one ever knows what could happen next, which is why an integrated solution brings in tools and procedures for abnormal situation management (ASM).
When a situation does arise, the alarm management, early event detection and ASM-designed displays makes sure the operator has the proper information in the right context to make the correct decision. Crisis averted.
Think the Unexpected
An extreme case of an abnormal situation occurred when an 8.9 earthquake and ensuing tsunami devastated Japan and its nuclear power plant in Fukushima.
“The nature of natural disasters by definition says there will be multiple faults,” Hillman said. “An integrated safety and security strategy will be of the utmost importance in those situations because it gives you a defense–in-depth or layer-of-protection strategy. You had an earthquake, tsunami and mechanical and infrastructure failure as a result of all of that. With layers of protection in those plants, probably one layer could have survived any one of those, but there were three critical ones in rapid succession that were very difficult to foresee or plan on. An integrated approach gives the plant operator the best set of tools to draw on to prevent further escalation and to mitigate any further incidents from occurring.”
If an incident escalates, there needs to be an emergency shutdown system and automated procedures that can quickly move a plant to a safe state. If the event goes beyond that, the fire and gas system kicks into gear, coupled with rapid location of individuals and a carefully-designed emergency response procedure that will help contain and minimize the impact.
“The fire and gas system utilizes the same hardware as Safety Manager,” said Gijs-Jan Peek, safety solutions consultant for safety management systems at Honeywell Process Solutions. “Basically, Safety Manager is configured as a safety system, and the additional system is configured as a fire and gas system. The interlocks between the systems are done via a (Safety Integrity Level) SIL-rated link, so we can exchange safety interlocks between the fire and gas and the safety system. Based on the risk, we can mitigate and allow the safety system to adjust for the risk in the fire and gas system.”
“The fire and gas system mitigates risk by detecting flame and smoke through various field sensors. By detecting it and reaching various levels, the fire and gas system will take various mitigations as programmed by the users. This can mean releasing fire suppression agents, warning alarms, horns and beacons,” Peek said.
Physical Safety, Security
One last area of protection is the physical security component that safeguards the perimeter of the plant securing access to structures, and monitors traffic approaching the area.
“Physical security really comes into play in an integrated solution by improving domain awareness from beyond the perimeter, through the plant itself, right up to the command and control center,” said Adrian Fielding, senior manager of industrial security solutions at Honeywell’s Automation and Control Solutions.
“Physical security assists you in a safety incident at the plant by cueing cameras automatically to the event location, which improves situational awareness,” Fielding said. “In parallel with this, it is providing operators with instructions so they can respond effectively and efficiently.”
For operators to react effectively, it also comes down to how well they react and proper technology training – the human element.
In the case of Abu Dhabi Gas, they will rely on the UniSim operations simulation technology, which the energy company will train plant personnel to use for several months in advance of startup.
“There are a lot of technologies that can be applied to improve safety and security in the process industries,” Hillman said. “They are good, and they continue to improve. But at the end of the day, it is all about the people.”
“It is about people deploying those technologies; it is about people utilizing those technologies; it is about people maintaining those technologies. Safety and security is about people using processes on a daily basis that ensure technologies are utilized the way they should be,” Hillman said.
“The human element ties technologies together, and provides a better safety and security strategy to reduce the overall risk to the operations,” he said. “It does take humans, experts from the plant, to put these technologies together in a holistic manner to help improve the safety and security at the plant.”
The reality is technology is the driver behind the Shah Gas Development Project as it would not have been possible to build this development five years ago. But the true backbone for the project will be the workers’ understanding of the technology’s capabilities that will allow Abu Dhabi Gas to produce more energy while keeping the environment safe and secure from day one.
Gregory Hale is the editor and founder of ISSSource.com.