EPA Alert

Below is an Alert issued by the US EPA.

Chemical Accident Prevention: Site Security

The Environmental Protection Agency (EPA) is issuing this Alert
as part of its ongoing effort to protect human health and the environment by
preventing chemical accidents. EPA is striving to learn the causes and
contributing factors associated with chemical accidents and to prevent their
recurrence. Major chemical accidents cannot be
prevented solely through regulatory requirements. Rather,
understanding the fundamental root causes, widely disseminating the
lessons learned, and integrating these lessons learned into safe
operations are also required. EPA publishes Alerts to increase
awareness of possible hazards. It is important that facilities,
SERCs, LEPCs, emergency responders, and others review this
information and take appropriate steps to minimize risk. This
document does not substitute for EPA's regulations, nor is it a
regulation itself. It cannot and does not impose legally binding
requirements on EPA, states, or the regulated community, and the
measures it describes may not apply to a particular situation based
upon circumstances. This guidance does not represent final agency
action and may change in the future, as appropriate.

PROBLEM

Facilities that handle chemicals are actively engaged in managing
risks to ensure the safety of their workers and the community. Most
of their efforts focus on ensuring that the facility is designed and
operated safely on a day-to-day basis, using well-designed equipment,
preventive maintenance, up-to-date operating procedures, and
well-trained staff. Because of today's increased concern about
terrorism and sabotage, companies are also paying increased attention
to the physical security of facility sites, chemical storage areas,
and chemical processes. All companies, big and small, should have
some measure of site security in place to minimize crime and to
protect company assets. This is especially true for facilities that
handle extremely hazardous substances.

Under section 112(r) of the Clean Air Act (CAA), EPA developed Risk
Management Program (RMP) regulations that require facilities to
examine their chemical accident risk and develop a plan to address
it. The increased concern for the physical security of facilities
that handle extremely hazardous substances
is also reflected in
recent government actions. Highlighting site security, the Chemical
Safety Information, Site Security and Fuels Regulatory Relief Act
contains a major provision that requires the Department of Justice to
prepare reports to be submitted to Congress describing the
effectiveness of RMP regulations in reducing the risk of criminally
caused releases, the vulnerability of facilities to criminal and
terrorist activity, and the security of transportation of listed
toxic and flammable substances.

This Alert is intended as a public service. It highlights security
areas that companies may want to review to ensure that appropriate
measures are being implemented. More importantly, it provides
sources of information and help to assist facilities that routinely
handle chemical substances in their efforts to have secure and
accident-free operations.

EXAMPLES

The following examples illustrate the range of damage that can occur
at facilities handling hazardous substances because of criminal
activity:

A manufacturer uses flammable naphthalene to produce mothballs.
Received in molten form, the naphthalene solidifies when cooled and
looks similar to candle wax. Trespassing teenagers found the vats of
naphthalene that were left outside to cool. They ignited the
naphthalene and started an uncontrollable fire. Approximately 40
acres of industrial property burned, at an estimated cost of $100
million.

Every few weeks, EPA receives reports that thieves, looking for
ammonia to use to make illegal drugs, have broken into fertilizer
dealers, refrigerated warehouses, or ice manufacturing facilities,
frequently leaving valves open. In some cases, the thieves have been
overcome by the ammonia and needed to be rescued; in other cases, the
community has been evacuated, and there have been injuries to the
general public and to law enforcement personnel from exposures to the
released ammonia.

There are cases where vandals have attempted unsuccessfully to
break into chlorine tank cars. Fortunately, the design of the
chlorine tank car includes a heavy steel dome and additional lock out
devices that discourage even well-equipped vandals.

These examples illustrate the need to examine security measures at a
facility, especially those handling highly hazardous substances, to
guard against criminal acts, including vandalism.

AREAS OF CONCERN

Threats may come in different forms and from different sources.
Threats from outside the facility could affect people and the
facility itself, and may involve trespassing, unauthorized entry,
theft, burglary, vandalism, bomb threats, or terrorism.

Threats from inside the facility may arise from inadequate designs,
management systems, staffing or training, or other internal problems.
These may include theft, substance abuse, sabotage, disgruntled
employee or contractor actions, and workplace violence, among others.

Threats are not restricted to people and property, but could also
involve sensitive facility information. Both facility outsiders and
employees or contractors could pose threats to data storage and data
transmission of, for example, confidential information, privacy data,
and contract information. They could also pose a threat to
computer-controlled equipment. These threats may include breaches in
data access and storage, uncontrolled dissemination of information,
destruction of information or threats to automated information
systems.

COMMON SECURITY MEASURES

Most security measures are intended to prevent intruders from gaining
access to the site or to limit damage. The following sections
present a number of design and procedural approaches that facilities
have successfully implemented. The appropriateness of any one of
these depends on site-specific conditions that you would need to
consider in assessing any security needs for your facility.

Preventing Intrusion

Most facilities have some measures that are intended to prevent
intruders from entering the grounds or buildings. These measures may
include fences, walls, locked doors, or alarm systems. The location
of the facilities and the types of structures will determine how much
and what type of protection a facility needs.

In addition to basic measures, some facilities also provide physical
protection of site utilities at the fence perimeter. Security
lighting (good lighting around buildings, storage tanks, and storage
areas) can also make it very difficult for someone to enter the
facility undetected.

Some facilities augment these measures with intrusion detection
systems

--------------------

ù video surveillance, security guards at fixed posts,
rounds/mobile patrols, alarm stations, and detectors for explosives
and metal. If you have guards, it may be useful to consider their
training in detection and response and the availability to them of
equipment for appropriate protective force.

To protect against unauthorized people coming in through normal
entrances, security clearances, badges, procedures for daily
activities and abnormal conditions, as well as vehicular and
pedestrian traffic control, can provide efficient access for
employees while ensuring that any visitors are checked and cleared
before entering.

Most facilities have procedures to recover keys from employees who
leave and to immediately remove the employee's security codes from
systems. At times it may be wise to consider additional measures,
such as changing locks, when a disgruntled employee leaves.

Limiting Damage

In addition to protecting a facility from intruders, it is important
to limit the damage that an intruder (whether physically at the site
or "hacking" into the company's computers) or an employee could do.
Most of the steps to limit damage are probably things you already do
as part of good process safety management, because they also limit
the loss of chemicals if management systems or equipment fails or an
operator makes a mistake. These steps can be related to either the
design of the facility and its processes or to procedures implemented.

Facility Design

A well-designed facility, by its layout, limits the possibility that
equipment will be damaged and, by its process design, limits the
quantity of chemical that could be released. Facility and process
design (including chemicals used) determine the need for safety
equipment, site security, buffer zones, and mitigation planning.
Eliminating or attenuating to the extent practicable any hazardous
characteristic during facility or process design is generally
preferable to simply adding on safety equipment or security measures.

The option of locating processes with hazardous chemicals in the
center of a facility can thwart intruders and vandals who remain
outside the facility fenceline. Transportation vehicles, which are
usually placarded to identify the contents, may be particularly
vulnerable to attack if left near the fenceline or unprotected.
However, for some facilities and processes, the option of locating
the entire process at the center of the site may not be feasible.
You may need to consider external versus internal threats, such as
the threat to workers if an accidental release occurs, or the access
to the process in case of an emergency response.

Where feasible, providing layers of security will protect equipment
from damage. These layers could include, for example, blast
resistant buildings or structures. Enclosing critical valves and
pumps (behind fences or in buildings) can make it less likely that an
intruder will be able to reach them, a vehicle will be able to
collide with them, or that releases are compounded because of damage
to neighboring equipment.

Chlorine tanker valves are an example of equipment design with
several layers of security: (1) a heavy steel dome with lid; (2) a
heavy cable sealing system that requires cable cutters to remove; (3)
a heavy duty valve that can withstand abuse without leaking; and (4)
a seal plug in each valve. As many as three different tools would be
needed to breach the container's integrity.

If equipment is located where cars, trucks, forklifts, or
construction equipment could collide with it or drop something on it,
the equipment should be constructed from materials that could stand
some abuse. In general, you should give consideration to collision
protection to any equipment containing hazardous chemicals with, for
example, collision barriers.

The idea of layers of security may also be applied to
communications/computer security. Some companies have developed
alternate capabilities and systems to protect receipt and
transmission of confidential information. Backup power systems
and/or conditioning systems can be important, particularly if
processes are computer controlled. Access to computer systems used
to control processes may need to be controlled so that unauthorized
users cannot break in; appropriate computer authentication and
authorization mechanisms on all computer systems and remote access
may prove useful; entrance into control rooms may need to be
monitored and limited to authorized personnel. For emergency
communications, some companies use radios and cell phones as a backup
to the regular phone system.

Well-designed equipment will usually limit the loss of materials if
part of a process fails. Excess flow check valves, for example, will
stop flow from an opened valve if the design flow rate is exceeded.
These valves are commonly installed on chlorine tankcars and some
anhydrous ammonia trailers, as well as on many chemical processes.
Like excess flow valves, fail-safe systems can ensure that if a
release occurs, the valves in the system will close, shutting off the
flow. Breakaway couplings, for example, shut off flow in transfer
systems, such as loading hoses, to limit the amount released to the
quantity in the hose.

If you store hazardous liquids, you may want to consider containment
systems (e.g., buildings, dikes, and trenches) that can slow the rate
at which the chemical evaporates and provide time to respond.
Double-walled vessels can also protect against attempts to rupture a
tank.

The installation of chemical monitors that automatically notify
personnel of off-hour releases could be important if your facility is
not staffed during certain periods (e.g., overnight). Such monitors,
however, are not available for all chemicals. The appropriateness of
monitors, and any other equipment design solutions, will depend on
site-specific conditions.

Procedures and Policies

Your facility's policies and procedures can also limit the damage
caused by a release. As with design issues, the procedural steps you
routinely take to operate safely also help protect your facility from
attacks. Maintaining good labor relations may protect your facility
from actions by either employees or contractors. Open negotiations,
workplace policies emphasizing that violence and substance abuse are
not tolerated, and adequate training and resources to support these
policies are important considerations. The goal is to develop a
workforce and management capacity to identify and solve problems by
working together. Following are several examples of specific areas
where procedures and policies can prevent or limit the damage of a
release.

As a matter of good practice, as well as site security, you may
consider disconnecting storage tanks and delivery vehicles from
connecting piping, transfer hoses, or distribution systems when not
in use. Leaving the tanks linked to the process or pipeline
increases the chance of a release because the hoses or pipes are
often more vulnerable than the tanks.

In addition to accurately monitoring your inventory, another practice
you may want to adopt is limiting the inventory of hazardous
materials to the minimum you need for your process. This policy
limits the quantity of a hazardous material that could be released.
You could also consider actions such as substituting less hazardous
substances when possible to make processes inherently safer.

Your written procedures are also an important tool in protecting your
facility. As part of your regular operating procedures, you probably
have emergency shutdown procedures. These procedures, and workers
trained in their use, can limit the quantity released. The
procedures are particularly important if you have processes that
operate under extreme conditions (high or low pressures, temperature)
where rapid shutdown can create further hazards if done improperly.

As you review your contingency plan, consider, if necessary,
revisions to address vandalism, bomb threats, burglary - including
evaluating the desirability of your facility as a target - working
with local law enforcement, and providing extra security drills and
audits. Many companies find that working with local law enforcement
is an effective means of evaluating security risks.

As a matter of good practice, for both process and response
equipment, it is important to have a program that ensures that all
equipment is subject to inspection and to corrective and preventive
maintenance. In this way, you can be sure that the safety systems
you install will operate as designed.

SITE-SPECIFIC DECISIONS

The steps you take to operate safely will often serve to address
security concerns as well. Considering inherent safety in the design
and operation of any facility will have the benefit of helping to
prevent and/or minimize the consequences of any release. Before
taking steps to improve site security, you may want to evaluate your
current s
ystem and determine whether it is adequate. Factors you
might consider include:

The chemicals stored at your site; some chemicals may be
particularly attractive targets because of the potential for greater
consequences if released.

The location of the site; sites in densely populated areas may need
more security than those at a distance from populations.

The accessibility of the site; are the existing security systems
(e.g., fences, security lighting, security patrols) adequate to limit
access to the site?

The age and type of buildings; older buildings may be more
vulnerable because they have more windows; some newer building are
designed for easy access.

Hours of operation; a facility that operates 24-hours day may need
less security than a facility that is unoccupied at night.

Decisions about improving site security should be made after
evaluating how vulnerable your site is to threats and what additional
measures, if any, are appropriate to reduce your vulnerability. Each
facility should make its own decision based on its circumstances.

IT IS YOUR DUTY

If you produce, process, handle, or store extremely hazardous
substances you have, under the Clean Air section 112(r)(1), a general
duty "to identify hazards which may result from such releases, using
appropriate hazard assessment techniques, to design and maintain a
safe facility taking such steps as are necessary to prevent releases,
and to minimize the consequences of accidental releases which do
occur."

INFORMATION SOURCES

Several organizations (e.g., ASTM, ANSI) have standards for site
security or include site security issues in their codes. The
National Fire Protection Association (NFPA) has a standard NFPA- 601,
Standard for Site Security Services for Fire Loss Prevention. The
American Petroleum Institute addresses security issues in RP 554,
Process Instrumentation and Control. Likewise, the Chemical
Manufacturers Association addresses this issue through the
Responsible Care Employee Health and Safety Code Site Security
Management Practice. Protocols developed under the Responsible
Distribution Process cover security concerns.
You can contact the following websites for additional security
information:

www.energysecuritycouncil.org
The Energy Security Council is a national industry association to
assist law enforcement agencies and energy companies in combating all
types of criminal activity.

www.nfpa.org
The National Fire Protection Association provides standards,
research, training, and education to reduce the burden of fire and
other hazards.

www.nsc.org
The National Safety Council provides general safety information on
chemical and environmental issues.

www.asisonline.org
www.securitymanagement.com
The American Society for Industrial Security develops educational
programs and materials that address security concerns. Its Security
Management Magazine site provides an online version of its magazine.

www.siaonline.org
The Security Industry Association provides general security
information.

www.atsdr.cdc.gov
The Agency for Toxic Substances and Disease Registry site provides a
10-step procedure to analyze, mitigate, and prevent public health
hazards resulting from terrorism involving industrial chemicals.

www.aiche.org/ccps
The Center for Chemical Process Safety (CCPS) is an industry-driven,
non-profit professional organization affiliated with the American
Institute of Chemical Engineers (AIChE). It is committed to
developing engineering and management practices to prevent or
mitigate the consequences of catastrophic events involving the
release of chemicals that could harm employees, neighbors and the
environment.

www.cdc.gov/niosh
The National Institute for Occupational Safety and Health provides
multiple resources on workplace violence prevention.

The Complete Manual of Corporate and Industrial Security, by Russell
L. Bintliff (Prentice Hall, 1992) provides detailed discussions of
the advantages and disadvantages of various security systems as well
as checklists for security inspections.

The Handbook of Loss Prevention and Crime Prevention, 3rd Edition,
L.J. Fennelly, Ed., (Butterworth-Heinemann, 1996) includes
information on conducting security surveys as well as chapters on a
broad range of security subjects.

Guidelines for Investigating Chemical Process Incidents.
(AIChE/CCPS). These Guidelines establish a basis for successful
investigation of process incidents to determine causes and implement
changes, which can prevent recurrence. Primary focus is on incidents
with catastrophic potential but the concepts should also be used for
investigating environmental incidents, minor injuries, less
significant property damage events, or near misses.

Process Plants: A Handbook for Inherently Safer Design, by Trevor
Kletz. (Taylor & Francis 1998) illustrates the principles of
inherent safety and demonstrates the advantages of considering safety
approaches in the design stages of a process.

Inherently Safer Chemical Processes: A Life Cycle Approach.
(AIChE/CCPS) This book presents the principles and strategies for
applying inherently safer thinking from the start of the life cycle
to the very end.

STATUTES AND REGULATIONS

The following are a list of some federal statutes and regulations
related to process safety management and accident prevention:

EPA

Clean Air Act (CAA)

General Duty Clause [Section 112(r)(1) of the Act] - Facilities
have a general duty to prevent and mitigate accidental releases of
extremely hazardous substances.

Risk Management Program (RMP) Rule [40 CFR part 68] - Facilities
that have a listed toxic or flammable substance above a certain
threshold are required to develop a hazard assessment, a prevention
program, and an emergency response program.

Chemical Safety Information, Site Security and Fuels Regulatory
Relief Act

A major provision requires the Department of Justice to submit
reports to Congress describing the effectiveness of the RMP
regulations in reducing the risk of criminally caused releases, the
vulnerability of facilities to criminal and terrorist activity, and
the security of transportation of substances listed under CAA Section
112(r).

Emergency Planning and Community Right-to-Know Act (EPCRA)

Emergency Planning [40 CFR part 355] - Facilities that have listed
chemicals above a certain threshold must report to their Local
Emergency Planning Committee (LEPC) and State Emergency Response
Commission (SERC) and comply with certain requirements for emergency
planning.

Comprehensive Environmental Response, Compensation, and Liability Act
(CERCLA)

Under the authority of CERCLA, EPA's Chemical Safety Audit program
examines site security as part of a standard audit protocol.

Clean Water Act (CWA) as Amended by the Oil Pollution Act of 1990
(OPA)

Spill Prevention Control and Countermeasures Plan (SPCC) [40 CFR
part 112] - Facilities storing oil above a certain threshold must
prepare and implement an SPCC plan. These plans need to address
security elements such as locks, guards, access, lighting, and
vandalism.

OSHA

General Duty Clause [OSH Act section 654] - Employers are required
to provide a safe workplace free of recognized hazards.

Process Safety Management (PSM) Standard [29 CFR 1910.119] -
Facilities that have a highly hazardous substance above a certain
threshold are required to implement a number of actions to manage
hazards including performing a process hazards analysis and
maintaining mechanical integrity of equipment. External threats must
be considered when conducting a process hazard analysis.

Hazard Communication Standard [29 CFR 1910.1200] - Facilities
handling hazardous chemicals must maintain information on the hazards
and train employees in how to handle the chemicals safely and protect
themselves if exposed.

Other OSHA regulations address some security issues for specific
types of hazardous materials (e.g., flammables).

Department of Transportation

The US Department of Transportation has a number of regulations that
address security at transportation terminals. These regulations can
be found in Titles 14, 33, and 49 of the Code of Federal Regulations.