Testimony by Gerald V. Poje, Ph.D.
U.S. Chemical Safety and Hazard Investigation Board
Senate Environment and Public Works Committee
February 24, 1999
"...impact of the Risk Management Plans should be positive, there are no special emphases or even specific mention of Year 2000 technology hazards"
Good afternoon, Mr. Chairman and distinguished members of the Subcommittee. I am Gerald V. Poje, Ph.D., one of four members of the U.S. Chemical Safety and Hazard Investigation Board (CSB) nominated by the President and confirmed by the U.S. Senate. Today I appear before you at the behest of our Chairman, Dr. Paul L. Hill, Jr. to whom you addressed your request for testimony from our agency. Dr. Hill and I thank you for inviting the CSB to testify regarding this critical issue.
The Chemical Safety Board is an independent federal agency with the mission of ensuring the safety of workers and the public by preventing or minimizing the effects of industrial and commercial chemical incidents. Congress modeled it after the National Transportation Safety Board (NTSB), which investigates aircraft and other transportation accidents for the purpose of improving safety. Like the NTSB, the CSB is a scientific investigatory organization. The CSB is responsible for finding ways to prevent or minimize the effects of chemical accidents at commercial and industrial facilities and in transport. The CSB is not an enforcement or regulatory body. Additionally, the CSB conducts research, advises Congress, industry and labor on actions they should take to improve safety, and makes regulatory recommendations to the U.S. Environmental Protection Agency and the U.S. Department of Labor.
I am a specialist in toxicology and policies dealing with chemical hazards. I oversee the board's efforts on reducing risks of accidents associated with Year 2000 computer problems. Currently, I work with the Intergovernmental Forum on Chemical Safety and the Organization for Economic Cooperation and Development to promote global remediation and contingency planning concerning Y2K problems.
The U.S. Chemical Safety and Hazard Investigation Board at the request of Senators Bennett and Dodd of the U.S. Senate Special Committee on the Year 2000 Technology Problem has investigated the issues of chemical safety and the year 2000 computer technology problem. On December 18, 1998, our board convened an expert workshop on "Y2K and Chemical Safety," involving leaders from industries, equipment vendors, insurance companies, regulatory agencies, research agencies, universities, labor organizations, environmental organizations, trade associations, professional engineering associations, and health and safety organizations. The CSB has continued the dialogue with the participants over the last two months. I recommend the process of our safety board's efforts for addressing other critical issues associated with the year 2000 technology problem.
The board members are completing review and approval for the final draft report, and our staff is currently formatting that document. We will soon release the report to the Special Committee and it will be available at the Chemical Safety Board's website: http://www.chemsafety.gov.
The Senate Special Committee requested evaluation of: the extent of the Year 2000 Problem as it pertains to the automation systems and embedded systems that monitor or control the manufacture of toxic and hazardous chemicals, or safety systems that protect processes the awareness of large, medium, and small companies within the industry of the Year 2000 threat, their progress to date in addressing the Year 2000 problem, the impact of the Year 2000 technology problem on the Risk Management Plans required in June 1999, and the role federal agencies are playing in preventing disasters due to the Year 2000 problem.
Synopsis The Year 2000 Problem is a significant problem in the chemical manufacturing and handling sector posing unique risks to business continuity and worker and public health and safety. According to the U.S.
Environmental Protection Agency, 85 million Americans live, work and play within a 5 mile radius of 66,000 facilities handling regulated amounts of high hazard chemicals. The CSB has developed the following findings from our investigative efforts:
Large enterprises with sufficient awareness, leadership, planning, financial and human resources are unlikely to experience catastrophic failures and business continuity problems unless their current progress is interrupted or there are massive failures of utilities.
The overall situation with small and mid-sized enterprises is indeterminate, but efforts on the Y2K problem appears to be less than appropriate based upon inputs from many experts.
While the impact of the Risk Management Plans should be positive, there are no special emphases or even specific mention of Year 2000 technology hazards in either U.S. Environmental Protection Agency or Occupational Safety and Health Administration regulations regarding process safety.
Federal agencies are aware of and involved in Year 2000 technology and chemical safety issues. However, significant gaps exist, and there do not appear to be specific plans to address these gaps.
Scope of Issues
The Expert Workshop as well as the research conducted for our report concluded that the Year 2000 (Y2K) problem is one of major proportions and has the potential for causing disruption of normal operations and maintenance at the nation's chemical and petroleum facilities. It is important to point out that Y2K compliance activities reported to the Chemical Safety Board to date have not found a single failure (embedded microchips or software) which by itself could cause a catastrophic chemical accident. However, it is unclear what the outcome might be from multiple failures, e.g., multiple control system failures, multiple utility failures, or a combination of multiple utility and control system failures. Surveillance of the industrial sector that handles high hazard chemicals is insufficient to draw detailed conclusions regarding Y2K compliance efforts.
One theme upon which experts agree is that failures from Y2K noncompliance at small and mid-sized enterprises is more likely. The reason is a lack of awareness regarding process safety in general and the Y2K impact in particular, lack of resources, and technical know-how for fixing the problems. Given the time constraints, altering this situation requires a massive effort. The Board has concluded that this effort should focus on: 1. providing easy-to-use tools, 2. promoting accessible resources, and 3. providing attractive incentives for Y2K compliance efforts. Additional efforts should be the focus of an urgent meeting of agencies convened by the administration.
The potential for catastrophic events, at US chemical process plants, stemming from Year 2000 non-compliance, can be divided into three categories: failures in software or embedded microchips within the process plants, external Y2K-related problems (e.g., power outages), and multiple Y2K-related incidents that may strain emergency response organizations. A check list of devices to be assessed for Year 2000 compliance at a chemical plant and the consequence of their failure is identified in Appendix A.
The limited scope of the Y2K Expert Workshop and the research conducted for this study concluded that large multinational companies are, in general, following a well-thought out and well-managed path towards Y2K compliance. These multinational enterprises have, in addition to their Y2K compliance efforts, made contingency plans, including, in some cases, plans to shutdown batch operations for limited periods at the turn of the century.
I have appended the PowerPoint presentations regarding approaches to managing this issue from two major chemical manufacturers: Appendix B
from the OxyChem corporation and Appendix C from the Rohm & Haas company. Both companies have demonstrated significant leadership by sharing their information within the industry and with many others. Many more examples of facility-specific Year 2000 compliance efforts are urgently needed.
These conclusions vis-a-vis large and multinational companies should not be construed to mean that there is no potential for Y2K-related catastrophic events at these facilities. It is possible that some Y2K-impacted components may not have been identified, compliance programs may not achieve 100% completion in time, or multiple failures that may not have been considered may result in accidents.
The major control and instrumentation vendors canvassed in this study are involved in an extensive program to provide Y2K compliance for their products. There is, however, reason to believe that some independent control systems integrators may have developed and implemented control systems for which there is little or no documentation of Y2K-related vulnerabilities. In addition, some vendors are no longer in business or not as cooperative as the major control and instrumentation vendors.
EPA's Risk Management Program and OSHA's Process Safety Management program mandated by the Clean Air Act Amendments of 1990 may provide significant benefit in terms of improving overall safety programs, reliability of chemical process plants, emergency response plans, and other programs. As a result, the overall capability and readiness of the chemical process industry to deal with and effectively overcome the Y2K threat is very high. However, it must be pointed out that none of these regulatory programs or activities have any direct relationship with Y2K compliance.
Instituting new regulations to standardize testing or certification is not a reasonable approach for three reasons. First, in the remaining time, it is not possible to develop the mechanism and logistics needed for rulemaking, standard development, and establishment of reporting procedures. Second, implementation of any standardized method or regulation may cause penalties and unnecessary complications for many companies that do not fit the selected standard but have already expended an extensive amount of effort on Y2K compliance. Third, it is critical to minimize overall administrative efforts in order to focus available resources on the remedial efforts within this limited time frame. This should not be construed to minimize the need for independent verification and validation of Year 2000 compliance programs and contingency planning.
Priority Issues and Findings
Special Expert Workshop attendees reached consensus on the importance of four issue areas related to Y2K problems and chemical safety: 1. Small and medium-size enterprises (SMEs) risks and needs, 2. Risk management programs and their applicability, 3. Utility continuity, and 4. Responsive communication among the stakeholders. The following findings were developed based on input from the workshop attendees and research conducted during this study.
1. Small and Mid-sized Enterprises (SMEs) The Y2K Expert Workshop members were quite concerned about Y2K failures at SMEs, particularly since their risks to public health and safety can be quite significant. Multinational companies and other organizations may be willing to make available Y2K information and tools to SMEs. However, this willingness is tempered by concerns about legal liability to individual companies or trade associations that contribute the information. For example, if Y2K checklists or tools are made available through a website used by an SME, and yet that SME still has a Y2K problem for whatever reason, could the SME sue the information provider? SMEs also have lesser access to associations that have helped larger corporate entities become educated on safety issues. The experiences with some SMEs on other issues seems to indicate that in order to be useful, the information provided has to be very detailed and specific to the SMEs.
However, large businesses and even SMEs have restructured and thus may have fewer resources to devote towards time limited technical problems. To compound the problem, trade associations have also undergone restructuring and as a result may not have the resources needed to serve their membership.
2. Risk Management There is a general consensus that facilities doing an effective job in managing their risks should not see any major health and safety problems. Risk management generally consists of a variety of programs and activities to assess and manage risks. To be fully effective theses programs must be implemented with the complete involvement of the management, labor, and local responders. Risk management also includes the utilization of best practices (e.g., equipment, procedures, auditing, testing, and certification), adherence to industrial and professional society standards, and compliance with applicable regulations. The chemical processing industry has practiced these risk management principles for a long time. However, the Y2K issue will test the existing system of safety, and failure may engender review of policy issues as well as review of industrial programs and practices.
3. Utility Continuity A major concern of the participants at the Y2K Expert Workshop was that the main threat to facilities could be from external failures, such as electrical, natural gas, water and waste water utilities. Many members of the chemical process industry are concerned about the reliability of electric power supply and are seeking ways to assess the vulnerability of their specific utility.
For some managers of facilities that draw high power loads prudent safety practice may determine that the plant be shut down during critical time periods and restarted at a later date. However, such decisions should not be made without communicating these planned actions with their utilities in order to prevent problems on the power grid.
4. Responsive Communications among Stakeholders Communication and trust between stakeholders is of tremendous importance in resolving Y2K related problems. Stakeholders, in the context of chemical safety, include: corporate and facility managers, operators, other workers, vendors, equipment manufacturers, unions, trade associations, regulators, non-regulatory agencies, emergency responders, insurance companies, community organizations and environmental organizations. Stakeholder communication has various dimensions.
While logistic and timing problems may prevent a regulatory approach for assuring Y2K compliance, voluntarily communicating accurate and relevant information to the public on the status of Y2K compliance is essential. Given the extent of work being done for Y2K compliance, this communication will avoid creating chaos and panic, allay public fears and promote rational behavior. Contingency planning, risk management, and decisions concerning shutdown must also involve communication among stakeholders.
Equally as important is the communication between different companies, both large and small, and communications across sectors of the economy. The complex interdependency of modern society assures that all entities have a stake in the Y2K efforts of others. The sharing of information and building experience has a much greater chance of reducing or even completely eliminating the catastrophic threat of Y2K-related failures. Historically, safety-related issues have been addressed on a non-competitive basis, and the safety-related year 2000 issues should follow the same path.
Knowledge is key to responsive communication. Public agencies and the private sector already support training and education for chemical managers, workers and Hazardous Materials (HAZMAT) emergency responders through programs which tailor training modules to specific targeted groups of responders at the awareness, operations, technician and specialist levels. Y2K contingency planning and responsive communications should be enhanced through training and education efforts developed to address the challenges of Y2K related incidents and scenarios.
In summary, the Year 2000 technology problem is a significant problem in the chemical manufacturing and handling sector posing unique risks to business continuity and worker and public health and safety. Large enterprises with sufficient awareness, leadership, planning, financial and human resources are unlikely to experience catastrophic failures and business continuity problems unless their current progress is interrupted or there are massive failures of utilities. The overall situation with small and mid-sized enterprises is indeterminate, but efforts on the Y2K problem appears to be less than appropriate based upon inputs from many experts. Federal agencies are aware of and involved in Year 2000 technology and chemical safety issues. However, significant gaps exist, and there do not appear to be specific plans to address these gaps.
Download Appendices (700K, PDF Format)
RTK or Left-To-Wonder?