CCPA: CCPA’s members believe that communities situated near their operations have a right to know the risks in the event of a worst-case scenario, although post 9/11, this attitude of transparency creates some dilemmas. In your opinion, does a free exchange of information give would-be terrorists a blueprint for committing an atrocity with many civilian casualties?
Dr. Peter M. Sandman: There are occasions when there is a piece of information that you really ought not to give people, because if you give it to your neighbours, you may give it to terrorists, but it’s much more the exception than the rule. Terrorists need to know where the valves are, and the public doesn’t. It reminds me of the battle in the U.S. when they were first passing community right-to-know legislation, and the chemical industry objected, on the grounds that they would have to reveal trade secrets. I can remember telling them: “Look, what the public wants to know and what your competitors want to know are 98% of the time completely different. The other 2% of the time, you apologize to the public and say, ‘we have to make this a little vague, so we don’t give our competitors information we don’t want them to have.’” It’s essentially no different with terrorism. There is less risk of giving terrorists information you don’t want them to have, if you’re thoughtful, than there is of that being used as an excuse by those companies that want to be less than transparent.
The single thing the public most wants to know about worst-case scenarios is “what will you do in the event of an accident?” Terrorists are much less interested in that. The public wants to know what you’re doing to prevent the accident. There are some things you don’t want to say about prevention and emergency response because it might warn terrorists. It certainly makes sense that you have one or two tricks up your sleeve that you don’t want to tell people about. Nuclear power plants have been dealing with this situation for decades – being transparent enough for the public, but not enough for a saboteur.
It’s very rare that plant managers can’t solve the problem of not revealing too much, while keeping their neighbours informed.
CCPA: Have September 11 and regular warnings of another terrorist strike on the United States altered the chemical industry’s reaction to your message of more openness to the community and lessening outrage? Have you had to tailor your message for the times?
Dr. Sandman: I think the main message is still lessening outrage. The likelihood of Al-Qaeda coming after a plant in Sarnia (Ontario) is relatively low. What is quite high is the likelihood of an angry employee or ex-employee going after a plant in Sarnia. For me, the big positive benefit from the preoccupation with terrorism is that we will not just focus on Al-Qaeda but sabotage from other quarters, such as disgruntled employees. It’s been true for a long time that, as companies improve their ability to prevent accidents, they almost by definition increase the likelihood of sabotage. When you teach your people how not to have an accident, you are teaching them how to have an accident on purpose if they want to.
What can happen is that managers downsize, have a big fight with the union, and morale goes into the toilet, and you’ve taught people how to blow up the plant! I think that is a much bigger issue than terrorism. There is a lot more expertise inside the plant on how to create a catastrophe. And yet most of the attention to worst-case scenarios has focused on accidents.
Prior to 9/11, I had a very difficult time persuading my clients that employee outrage was a source of hazard. Angry employees can blow up your plant. Bhopal, in Union Carbide’s judgement, was sabotage, although it’s never been proved. The essence of Union Carbide’s argument was that there was an extremely low probability of completely unrelated systems all going wrong at the same time. But a well-trained, technically sophisticated person who wanted to screw things up could create a catastrophe. It’s much more logical to think that someone did three unrelated things on purpose than that God did three unrelated things by accident.
I believe that – yes, it was sabotage and yes, it was Union Carbide’s fault. Union Carbide had as much responsibility to keep its employees from blowing up the plant as it did to prevent an accident from blowing up the plant. Of course, there were many lawsuits on behalf of the victims of Bhopal and legally, if it were sabotage, the plaintiffs’ case would be much harder to prove.
So even before September 11, sabotage was a major concern. Here is a question I ask clients: “Let’s assume there is an employee in a risk-relevant facility who has the capability of turning the right valve to cause a major accident, and let’s assume that this employee is going through a terrible divorce and has been muttering at lunch to his friends for weeks that the world sucks and life is not worth living and he’s going to get even with all the people who mistreated him. Does this employee’s supervisor under union regulations have the right to get that employee away from the valve with which he could cause a major accident for the duration of this crisis in his life?” Most clients tell me the answer to that question is “no,” especially in Canada where unions are much stronger than they are in the U.S. The supervisor can’t reassign the employee; he can only recommend counselling to the employee. If you’re serious about risk but don’t deal effectively with a person who has the capacity to kill a thousand people, and he’s talking about wanting to and you’re not allowed to stop him, that’s a bigger problem than Al-Qaeda. It’s a bargaining issue. Managers have to sit down with their unions and bargain a protocol to deal with sabotage.
I ask my clients to list five scenarios that would make sense if you were trying to do great harm, using the chemical plant as a weapon. I’m sure that sabotage is now the most probable high-magnitude risk left in the plant. I had trouble getting heard before 9/11. It’s much easier to get that message heard now.
Copyright © 2002 by Peter M. Sandman