Doubtful that the acronym would make it past any corporate review, but the linkage between ESH risk and IT management is real. There have been plenty of reports on energy consumption by IT hardware, e-waste disposal concerns and chemical/metals content of electronics.
But what has not seen much attention is the potential ESH risk posed from internet security breaches.
Internet security breaches? A risk to environmental, health and safety?
There has been a tremendous growth in computer-based operational controls in manufacturing and process lines. These computer systems can – and sometimes do – control activities such as chemical mixing, fuel flow, exhaust venting and pollution control equipment operation. If these computer systems were to become controlled through unauthorized remote access (in other words, a hacker), a great deal of damage could result.
Here are a few scenarios that actually happened.
- During an IT security test, the “hacker” – a paid consultant in this case – found a way to control the fuel flow to a power generator. The “hacker” ended up running the generator far beyond safety limits, causing it to overheat and start a fire. Fortunately, this was done under controlled circumstances so no one was hurt, no collateral property damage was incurred and there were no environmental violations. If such a situation were to happen during third shift in a remote area of the plant (where generators are commonly located because of the noise), the result would likely be far different.
- A friend of ours in the IT security business recently told a story of an engagement his company was doing for a manufacturer. During the project, they found some strange coding in the computer system that didn’t seem to make sense. Our friend’s company brought this to the client’s attention, who determined that this code controlled critical pressure relief valving in the plant. The code appeared to have been secretly embedded in software that had been developed by contractor hired by the plant but who was located in a country with ties to several terrorist organizations.
Information technology security certainly impacts more than credit cards and personal data theft. Breaches in safeguards on process control systems can result in significant EHS events – whether intentional or accidental.