Use of Distributed Control System (DCS) Data in Forensic Investigations

Thomas D. Traubert, P.E.

Most modern, large industrial complexes such as petrochemical and power generation facilities utilize computers to control and monitor the production equipment. Such systems are known as Distributed Control Systems or DCS.  The DCS allows one or two operators, located within a central control room, to monitor and control large, multiple processes, many times spread out over acres of real estate.  The little brother of the DCS is a control device known as a Programmable Logic Controller or PLC.  Smaller processes, such as control of heating, ventilating and air conditioning (HVAC) systems in commercial buildings, or the operation and monitoring of remote compressor stations, use PLCs.  Many times the DCS utilizes inputs from multiple PLCs scattered throughout a processing facility.

The Process Control Loop

The DCS monitors and controls operating parameters such as flowrate, pressure, temperature, and level associated with a given process.  A desired value for the operating parameter, known as a set point, is input into the DCS.  Automated valves (also called control valves) are regulated by the DCS so as to maintain the operating parameter at the desired set point.  The interrelationship between the device used to monitor the operating parameter (flow meter, pressure, temperature or level sensor), the regulating device (the control valve) and the DCS is known as a process control loop. 

Let’s Look at a Simple Process Control Loop

A process control loop is used to regulate the temperature of crude oil being heated in a furnace as part of a refining process.  The process control loop consists of a flow meter on the line feeding the crude oil to the furnace, a temperature sensor on the crude oil line exiting the furnace, and a control valve used to regulate fuel gas flow to the burners in the furnace.  The desired setpoint of the crude oil temperature exiting the furnace is input into the DCS by the plant operators.  As the cold crude oil flows past the temperature sensor at the furnace outlet, the fuel gas valve to the burners is opened, increasing the heat input to the furnace.  As the exit temperature of the crude oil approaches the desired temperature setpoint, the fuel gas valve closes just enough to maintain the desired crude oil outlet temperature.  If the crude oil flowrate increases, the outlet temperature begins to drop below the setpoint, resulting in the fuel gas valve opening to increase heat input to the furnace.  In order to prevent overheating of the tubes inside the furnace, an upper limit on the temperature of the crude oil leaving the furnace, as well as a minimum flowrate of crude oil flowing through the furnace tubes is set in the DCS.  Should these limits be reached, the control system will first provide an alarm to alert the operators of the situation.  If no action is taken by the operators, further deviations beyond the limits result in automatic closure of the fuel gas valve, thus shutting down the furnace.

The DCS:  The Black Box of the Forensic Engineer

Most DCS have the capability of storing operating data, including alarms as well as the positions of control valves and the speed of rotating equipment.  Like the black box that is accessed during an investigation of an airplane crash, the data stored in the DCS provides valuable information as to what was happening in a process before, during and after an incident, such as a fire or explosion.

Use of Process Data from a DCS in a Forensic Investigation

Inspection of a crude oil heating furnace revealed the presence of a number of overheated/ruptured tubes that resulted in a fire.  The DCS had recorded the crude oil flowrate to the furnace, fuel gas flow to the furnace burners, and the temperature of the oil out of the furnace.  A control valve was used to regulate fuel gas flow to the burners so as to maintain the required crude oil temperature out of the furnace. 

The data from the DCS was downloaded into a spreadsheet and plotted through the incident timeframe.  The incident took place during a period when the flowrate of crude oil to the furnace was being reduced.  However, examination of the data from the DCS revealed that the flowrate of fuel gas to the burners was not being regulated downward commensurate with the decrease in crude oil flowrate.  The outlet temperature of the crude oil continued to rise, triggering the high temperature alarm, but no action was taken by the operators.  The high temperature shutdown was activated, but fuel gas continued to flow to the furnace burners, resulting in overheating and rupture of the tubes in the furnace.  Analysis of the DCS data indicated an issue with the operation of the fuel gas control valve.  A subsequent physical examination of the fuel gas control valve revealed a mechanical failure had prevented the control valve from regulating the fuel gas in response to the DCS control system signals.

As you can see, a DCS not only controls a process, but also stores information that provides an unbiased “insider view” into the health of any chemical or power generation process.  As such, the DCS serves as a key tool for forensic investigation of incidents such as fires, explosions and operational upsets.