SAFETY & SECURITY NEWSLETTER

November 2012 Issue

MESSAGE DESK

.

CONTENTS

1 Snake-bite First-aid Management

2 Safety training

3 Lessons learned

4 Safe use of ladders

5 Root Cause Analysis of Incidents - Oct’12

6 Security network- hacking – article contributed by col. Dalvi

7. Security Highlights

Thought for the month

Safety rules are your best tools

1. Snake-bite First-aid Management - Courtesy: Enercon (I) Pvt. Ltd

A snake bite does not necessarily mean an envenomed bite; injection of venom is under the snake's control. Snakes will often (about 50% of the time) deliver a "dry bite" where venom is not injected. Should you be bitten, remain calm under all circumstances. Panic and shock are bigger killers than venom.

General symptoms of Snakebite: Most snake bite victims also experience one or more of the following symptoms:

Snake Bite – A List of Do’s & Don’ts If you ever find yourself snake bitten out in the wild then just remember the “DO’s” and “DON'TS” when it comes to treating yourself or others.

Things to remember NOT TO DO: • DO NOT cut the wound and try sucking

the venom out yourself. • DO NOT put a tourniquet on the bite site. • DO NOT take any medication unless

advised by medical practitioner. • DO NOT take anything else orally by

mouth. • DO NOT consume any alcohol. • DO NOT try to catch or kill the snake. • DO NOT drive yourself to the hospital if

you are alone unless it is absolutely necessary.

• DO NOT over exert yourself. Things to remember to DO: • DO separate yourself or the victim from the snake to prevent additional bites. • DO call 108 or 102 as soon as possible. • DO call the Hospital in advance if at all possible to inform them of the snakebite so they can

keep the anti-venom ready. • DO take a picture of the snake if possible or quickly draw yourself a note with colours,

shapes, and markings. This will help doctors identify the snake to ensure that you get the correct Anti-Venom.

• DO remain calm and try to slow down your breathing. • DO maintain the wounded portion of the body below your heart level. DO lay the victim flat

with his/her hand/feet raised about 1 foot above the body. • DO keep the portion of the body that was bitten immobilized and move it as little as possible.

• DO wash the wound with soap and water (Dettol, Boric acid or Potassium permanganate powder) if available.

• DO remove any rings, necklaces, watches, ankle wraps, knee braces, or anything else that could be restrictive to proper blood flow.

• DO loosely apply a bandage roughly 2 to 4 inches above the bite on the side closest to your heart if you are unable to seek specialized care within approximately 30 minutes. However, the bandage should be loose enough to be able to place 1 to 2 fingers underneath it. The idea here is to slow down the venom without significantly disrupting blood flow or cutting off blood flow all together. Be sure to check the bandage frequently to ensure it remains semi-loose as the limb may continue to swell and require the bandage be readjusted. Check the pulse / circulation frequently. DO NOT let the bandage become a tourniquet as swelling increases; at that point it‘s better to have NO bandage than too tight one!

• DO monitor your or the victims vital signs. • DO trying to awake the victim (if going to sleeping condition) • DO life saving procedure if required (mouth to mouth breathing or CPR) • DO transport the victim to the nearest medical facility (Hospital) as soon as possible.

Snakebite First Aid: Pressure – immobilization method:

Snakebite Prevention

• As always, prevention is better than cure. • Keep your yard, office, containers, work

place area, tidy by clearing away undergrowth, toys and tools that make great hiding places for snakes. Especially be careful about wet & marshy areas.

• Clean up any spilled food, fruit or bird seed, which can attract rodents—and therefore snakes—to your yard.

• Before opening any door / Window, slightly tap on it or move it slowly. Stand at some distance from the door.

• Take care when clearing vegetation, raking dry leaves in your garden.

• Keep walkways clear of bushes, flowering plants and shrubs.

• Supervise kids in the outdoors, especially in a green neighborhood.

• Use torch/ flashlight at night and keep wearing safety shoes.

• Wear loose, long pants and high, thick rubber or leather shoes.

• Check shoes before wearing them.

• When moving through tall grass or weeds, poke in front of you with a long stick to scare away snakes.

• Watch where you step and where you sit when outdoors.

• If you see a snake, do nothing. Let it go.

• Do not try to pick it up or kill it.

• If a snake has entered your premises, call professional snake rescuer.

2. Safety training

Super-Vision for safety at Gadag (wind) Awareness session on Near-miss reporting

and fire fighting at Samana (wind)

3. Lessons learned

3.1 Fall of person due to low sugar

Date : 11th October 2012

Time : 11:30 Hrs Location : Outside of Pit 18 - Valve house near

tunnel pressure gauge Injury Details : Fracture on left elbow Description : While taking pressure gauge reading, a company employee fell down due to hypoglycemia (low sugar) / giddiness. He sustained minor fracture in his left elbow. Root Cause Analysis:

Human Factors 1.5 Improper position or posture for the task – Took the reading by standing on the side of staircase instead of going / entering in the pit 4.3 Inattention to footing and surroundings – The victim turned to go back without given proper attention to footing and surrounding

Physical Factors 8.1 Congestion/ Restricted motion

System Factors 2.2 Fatigue – Fasting due to ―Ekadashi‖, 2.4 Blood Sugar Insufficiency – The victim is a diabetic patience

Lessons learned: 1. Shift the pressure gauge from pit to above ground level. 2. Provide hand railing to the steps in addition to the existing hard barrier which already exists. 3. Consider issuing identification batch to the diabetic and blood pressure patients. Create

awareness on the Dangers of Hypoglycemia.

3.2 Steam release- HIPOT Near-miss

Date : 17th October 2012

Time : 11:30 Hrs Location : Unit#2, Zero meter Description : On 17th October 2012, a PTW was taken by Mechanical Department to replace the non functioning valve provided on pipeline connecting atmospheric flash tank of unit#2 at zero meter and HPBP(High Pressure By Pass) upstream pipeline. After closing the main Steam Stop Valve at boiler outlet, steam pressure was reduced from 60Kg/cm 2 to 2.5Kg/cm2 in Main steam-line. Even after repetitive efforts of absolute closing of valve, pressure was not dropped below2.5Kg/cm2.

Root Cause Analysis: Physical Factors 5-7 Inadequate isolation of process or equipment–No means of cross checking the depressurization in this particular case. 6-1 Defective equipment-Gland leakage of MS Bypass valve. 8-1Congestion or restricted motion-The MS Bypass valve was hard to access. Human Factors 3-4 Servicing of energized equipment–Low pressure Steam persisting in line. System Factors 10-8 Inadequate evaluation and/or documentation of change–Work Instruction not present.

Lessons learned 1. Issuance of permit to be done only after ensuring 100% depressurization of fluid energy. 2. Planned jobs should be discussed in advance between operations & services dept. in all

practical purposes. 3. Reinforcement of Horizontal/Vertical communication between peers.

4. Safe use of ladder and stepladder

1. Follow the 4-to-1 rule 2. Face front

3. One person at a time 4. Lock a stepladder

5. Use a good ladder 6. Hoist up material

7. Don’t overreach 8. Level legs

Ladder should be one

rung length out from the

wall for every four rungs

to where the ladder

touches

Avoid twisting or turning

on the ladder. Don‘t step

on the top rung

Wait until the ladder is

clear before you take

your turn

Check the condition of

the rungs periodically.

Use ladder that has

safety fleet

You need both hands

to climb. Wear a tool

belt - pull materials to

you after you reach

the top

Spread the legs of a

stepladder to their limit.

Check the locking

mechanism

If your belt buckle

reaches past the

uprights, you have gone

too far… move the

ladder

The uprights of the

ladders should be

vertical. Shore up the

legs if the ground is

uneven

5. Root Cause Analysis (RCA) of incidents – Oct’12

Human Factors Physical Factors

System Factors

6. Security network- hacking – article contributed by col. Dalvi

The difference between hacktivists today and those 15 years ago or more, and you won't get a

simple answer. Technology has changed, social norms are different and political motivations are

diverse.

Back then there was less interest in the techniques of breaking into people's systems and

exposing data that you see today. Indeed, today's hacktivists – notably those affiliated with

Anonymous – are slightly different than the original hacktivists groups, such as Cult of the Dead

Cow (cDc). Experts say the cDc was more centralized, granting membership to individuals

based on their skills. The cDc's aim mainly was to defend human rights and freedom of

expression and later to get organizations to find and repair serious vulnerabilities. Now,

hacktivists use a variety of automated tools, many shared by financially motivated

cybercriminals, to detect website vulnerabilities and carry out distributed denial-of-service

(DDoS) attacks. Unlike a cybercriminal whose intent is solely on making money, the ultimate

goal of the modern hacktivist is to sully the reputation of a company for one cause or another.

Clearly, today's hacktivists with their assorted political and social purposes pose a different

breed of attacker than the average cybercriminal. Security experts say hacktivists have caused

widespread damage to the infrastructure and reputation of organizations they target, making it

critical that companies have a well-organized response plan in place for the hacktivist threat.

MAJOR BREACH FACTOR

Hacktivists had a tremendous impact on data breaches in 2011, according to the 2012 Verizon

Data Breach Investigations Report; it identified two basic hacktivist types: Individuals who

attempt to bring down or deface a website and individuals who pull off far more complex

attacks using sophisticated tools. It is surprising to see how far we've seen some hacktivists

go to cover their tracks, sometimes successfully penetrating a network again and again. Fifty-

eight percent of all breached organizations knew in advance that they were going to be

attacked, Verizon found , Often hacktivists leave broadly worded warning messages in a forum,

on a website or a social network, such as Twitter,. In almost every one of the cases, a DDoS

attack was used as a diversionary tactic.

Anonymous and its associated group Lulzsec have gotten the most notoriety for recent

hacktivism. The group doesn't have a known leader. Anyone with a computer can affiliate him or

herself as an Anonymous hacktivist.

The group's actions have caused widespread damage. Members of LulzSec are responsible for

hacking into Sony Pictures in 2011, compromising user accounts and forcing Sony to halt its

gaming platform until it could contain the breach. The group's members also gained access into

the network of HBGary Federal, stealing research and email, including those of its co-founder.

DDOS: THE WEAPON OF CHOICE

Security experts agree that hacktivists typically carry out DDoS attacks to either disrupt a

website's operation or obscure far more nefarious attack. While the IT security team deals with

the flood of malicious traffic, other hacktivists are busy trying to gain access to another part of

the network in an attempt to steal data. Hacktivists typically use fairly standard DDoS attacks

using the popular open source Low Orbit Ion Cannon tool. Lyon says the power of social

networks has helped groups with similar political views to use their power collectively to bring

down websites.

The attackers also brought down the websites associated with the Federal Trade Commission

and the U.S. Department of Transportation (DOT) as well as some South Korean government

sites. Other high-profile websites were targeted, including the New York Stock Exchange

(NYSE), the NASDAQ and the Washington Post. An individual hacktivist can launch a more

complex DDoS attack by renting a botnet to control 100,000 systems or more and launch an

attack against an individual website.

The market for DDoS appliances and services has matured, giving both large and small and

midsize businesses the ability to mitigate the threat. Still, most attacks cause an initial disruption

until the service can weed out the bad traffic.

LAW ENFORCEMENT CRACKDOWN

Hacktivism is something that is here to stay. These are individuals who are mainly unaffiliated

with any one group, taking advantage of the fact that law enforcement doesn't have the

bandwidth to go after them. Hacktivists attacks gain widespread media attention, which has

fueled interest in security technology and services to address it,

BUILDING A DEFENSE

So how do you defend against a threat actor that isn't clearly identifiable, has an unknown

number of members and a loosely defined set of principles?

Experts say the high-profile nature of hacktivist attacks makes planning for a hacktivist related

breach essential. Many security vendors offer threat feeds, which can alert security teams when

a new threat is detected and provide guidance on defense mechanisms. Security best practices

– from keeping software updated to maintaining an intrusion prevention system and proactive

log monitoring – prevail in defending against any security threat.

But post-breach response, which includes communicating with authorities and customers,

should be done carefully. Hacktivists have raised the stakes, making breach response and

disclosure a messy process.

There's a fine line of having all the processes in place, but you also need to make sure the

people on the ground and in the trenches can do what they need to do to put out the fires.

Mature organizations have most incident response processes documented and everyone on the

incident response team knows their role if a problem is detected.

7. Security Highlights

TROMBAY

04th & 31st Oct‘12 ‗SAGARI KAVACH‘ Police exercise for coastal security was declared & accordingly entire security in the plant area including CW Jetty/Coal Berth Jetty was kept on the ‗High Alert‘.

ISPS Training for Solaris security staff at coal berth jetty was conducted to improve vigilance skills of staff at port.

Elaborate security arrangements were made for Dassera Pooja celebrations.

T & D

As per Quarterly schedule Phase III (Oct- Dec) training for Permanent security staff was conducted by Maj. H J Gurung at Dharavi.

Similar training was conducted for Security Guards deployed at Carnac, Backbay, Parel & Mahalaxmi Receiving station at Parel receiving station. As a part of training fire fighting demonstration was also carried out by Exxon fire services. 20 guards participated in this training.

CGPL

A costal security exercise ‗SAGAR KAVACH‘ was conducted off Gujarat & Maharashtra coast including Daman & Diu. CGPL security team participated in the exercise in coordination with Coast Guard & Marine Police. Foot patrol, QRT movement and special checking at entry and exit gate were strengthened by CGPL Security team.

First-aid Training Camp was organized by CGPL medical team for security personnel. 47 security personnel participated

Security personnel (62) participated in Fire Fighting Training at Fire Control Building.

Traffic team conducted various check Nakas and drills to regularize the traffic movement and prevent unauthorized parking in the plant premises.

A mock drill depicting an accident scenario was conducted. Safety, Fire, Medical & Security Team actively participated.

Safety and Security co-ordination meeting was held for discussing DMP (Disaster Management Plan) and the response.

JOJOBERA

Security awareness sessions were conducted for contract workmen (328).

Security guards and Security

officers actively participated in

annual sports day.

Surprise checking of Gate passes conducted inside the

plant for contract workmen.

MPL

MPL security team won against Madandih cricket club,

when match was stopped due to heavy rain. Man of the

match and man of the series were clinched by MPL

security team. Team was awarded with a beautiful trophy

and cash prize of Rs 2000/-.

MPL security is checking Coal Hywa Drivers with the help of alcohol Detector breathing

analyzer.

Safety training was organized for Fire Staff deployed at MPL (39) through IFSS, Baroda.

We invite your feedback on this newsletter. Write to us at safety@tatapower.com