Pressure vessels are designed to store a gas or liquid at a pressure substantially higher (10,000 psig) than the ambient pressure and are engineered with a safety factor, corrosion allowance, and minimum design temperature (for brittle fracture). A shell and tube heat exchanger is a type of pressure vessel commonly used in buildings. Pressure vessels are typically fitted with a mechanical safety valve or a relief valve to ensure that the design pressure is not exceeded in normal operation; however, the pressure differential is extremely dangerous, and fatal accidents have occurred in the past. Pressure vessels require sophisticated industrial controls to operate properly and this delicate balance is a potential vulnerability to a sophisticated cyber-physical attack by a determined hacker with engineering knowledge of the targeted equipment.
For example, auto-refrigeration is a phenomenon common to liquefied compressed gas. Liquefied compressed gases exist in both the liquid and gaseous phases at ambient temperatures with pressures ranging from 2 psig up to 2,500 psig. Withdrawal of propane gas from a tank reduces the temperature of the liquid propane and the tank itself with the temperature decreasing more as the gas withdrawal rate increases.
Withdrawing gas from a pressure vessel reduces the pressure as well as the temperature within the vessel. The gas that is withdrawn is replaced as the liquid vaporizes by absorbing heat from the remaining liquid and the vessel itself. Auto-refrigeration occurs when the gas is withdrawn at a rapid rate so that cooling exceeds the heat available from ambient sources. Auto-refrigeration of a pressure vessel not designed for low-temperature operation places the safety of the vessel in question because it could be cooled to temperatures at which vessel failure by brittle fracture may occur.
Microscopic flaws in the welds located in areas of high stress are subject to rapid crack growth when vessel temperatures reach the nil ductility temperature (the temperature at which the behavior of the vessel steel changes from ductile to brittle).
A determined hacker tinkering with the pressure vessel controls may be able to simply release the gas or liquid causing an environmental spill or worse, create a potentially dangerous event by taking advantage of a predisposing condition.
Predisposing condition
A condition that exists within an organization, a mission/business process, enterprise architecture, or information system including its environment of operation, which contributes to (i.e., increases or decreases) the likelihood that one or more threat events, once initiated, will result in undesirable consequences or adverse impact to organizational operations and assets, individuals, other organizations, or the nation. (Source: SP 800-30)
Pressure vessels are a special class of equipment that should be segregated from the rest of the building control system in a separate enclave.
Blowdown stack hack
A chimney or vertical stack that is used in an emergency to vent the pressure of components of a chemical, refinery, or other process. The purpose is to prevent loss of containment of volatile liquids and gases. Hacking the controls of a blowdown stack could cause pressure to build up. The failure of the blowdown stack to contain vented hydrocarbons led to a catastrophic explosion at a BP refinery in Texas City in 2005.