[DNFSB LETTERHEAD]

August 6, 2002

The Honorable Everet H. Beckner
Deputy Administrator for Defense Programs
National Nuclear Security Administration
U.S. Department of Energy
1000 Independence Avenue, SW
Washington, DC 205850104

Dear Dr. Beckner:

Enclosed is a report detailing observations made by members of the staff of the Defense Nuclear Facilities Safety Board (Board) concerning electrical and lightning protection systems employed at the Pantex Plant. These observations were developed through document reviews, facility walkdowns, and discussions with representatives of the National Nuclear Security Administration (NNSA) and BWXT-Pantex.

The Board is pleased to learn that Sandia National Laboratories has completed low-voltage testing of all selected nuclear facilities as part of the Pantex Plant's Project Plan for Lightning Protection Authorization Basis Post-Start Implementation. However, the Board is concerned that the schedule for completion of reports documenting the results of these tests continues to slip. Information contained in these reports is critical for validating the conservatism of analytical voltage estimates that are used to derive controls in site safety basis documentation. Accordingly, the Board considers the timely generation of these reports essential for verifying the adequacy of existing lightning controls employed by the Pantex Plant. The enclosed staff report provides additional observations concerning electrical and lightning protection systems at the Pantex Plant, for your information and action, as appropriate.

Sincerely,

John T. Conway
Chairman

c: Mr. Daniel E. Glenn
Mr. Mark B. Whitaker, Jr.

Enclosure

DEFENSE NUCLEAR FACILITIES SAFETY BOARD

Staff Issue Report

July 2, 2002

MEMORANDUM FOR:	J. K. Fortenberry, Technical Director
COPIES:	Board Members
FROM:	B. Broderick
SUBJECT:	Status of Lightning Protection and Electrical Systems, Pantex Plant

This report documents a series of reviews pertaining to lightning protection and electrical systems at the Pantex Plant, performed by members of the staff of the Defense Nuclear Facilities Safety Board (Board). Staff members A. Gwal, A. Matteucci, and B. Broderick, assisted by the Board's Pantex site representative, W. White, met with personnel from the National Nuclear Security Administration (NNSA) and BWXT-Pantex (BWXT) during May 7-9,2002, and again on June 27, 2002, to assess safety-related electrical systems, the electrical safety program, and the lightning protection program at the site.

Classification of Electrical Systems. Historically, the adequacy of controls used to mitigate hazards in Pantex facilities that handle nuclear explosives has been determined by Nuclear Explosive Safety studies in lieu of formal authorization basis documentation. However, in response to changes in the Department of Energy (DOE) orders during the past several years and the issuance of 10 Code of Federal Regulations 830, Nuclear Safety Management, the Pantex Plant has been engaged in a program to upgrade the authorization bases for its nuclear facilities. Safety Analysis Reports (SAR) developed as part of this upgrade effort have precipitated the reclassification of a number of existing systems as safety-class.

The Board's staff found that, in at least one case, existing electrical systems identified as safety- class in Pantex authorization basis documentation did not comply with safety-class design expectations set forth in DOE orders and consensus industry standards. Safety-class uninterruptible power supply (UPS) units are not seismically qualified, nor do they exhibit the level of isolation, separation, and redundancy specified in Institute of Electrical and Electronics Engineers standards that are cited in DOE Order 420.1, Facility Safety, and its associated implementation guide, DOE Guide 420.1-1. The original designs of these electrical systems are inadequate for their current applications as safety-related systems; furthermore, no substantial enhancement projects to upgrade the pedigree or reliability of these systems have been initiated. Therefore, it is not clear that these safety-class systems can provide a level of protection commensurate with the importance of their safety functions. Moreover, the Pantex Plant does not have a documented backfit policy, such as that in use at the Savannah River Site (SRS) (SRS Procedure 3.41, Backfit Analysis Process), which could identify appropriate actions to be taken when differences between as-built safety system configurations and applicable standards are identified.

Specific Deficiencies in Electrical Systems. The Board's staff observed several specific deficiencies in electrical equipment at the Pantex Plant.

Water Leak in Equipment Room--Standing water was observed in the electrical equipment room that services bays in Building 12-84 East. According to Pantex Plant personnel, the water entered the facility through the roof, which has been leaking for more than a year. The leak point is located directly above a motor control center (MCC), which is adjacent to safety-class UPS equipment. Certain MCC failure modes, including fire or explosion initiated by water-induced short-circuiting of electrical components, could negatively impact the operability of the safety-related UPS system. To provide some measure of protection for the MCC, plastic tarps had been taped together and hung over the unit to catch incoming water, and a garden hose had been attached to the tarps to divert the collected water to a nearby floor drain.

In response to concerns regarding the roof leak expressed by the Board's staff at the time of its initial review, BWXT has taken additional compensatory measures to temporarily fill and seal problematic portions of the Building 12-84 roof to provide an elevated level of protection until more substantial roof improvements are completed in August 2002. These actions appear to be adequate to address the situation.

Unprotected UPS--Many UPS units, which are relied upon to provide emergency power to Pantex bays and cells, are constructed with a wire mesh top panel that aids in heat dissipation. Numerous safety-related UPS units with these types of discontinuous upper panels were found to be located directly under fire suppression system sprinkler heads. Water spray from activation of the sprinkler system would penetrate the UPS equipment and could initiate water-induced short- circuiting, a common-cause failure that would leave safety-related loads in nuclear explosive areas without uninterruptible emergency power.

Battery Rooms--The Board's staff identified the following deficiencies related to battery storage rooms in the course of facility walkdowns:

In several battery rooms, the staff observed a lack of alarm instrumentation to signal a loss of ventilation, as required by American National Standards Institute C2, National Electric Safety Code. In addition, BWXT was unable to provide the staff with an analysis demonstrating that battery room exhaust ventilation was adequate. Batteries can produce hydrogen gas during normal operation, and proper ventilation in these areas is needed to ensure that hydrogen does not accumulate in quantities sufficient to create the potential for explosion.

In the Building 12-116 equipment room, 30 batteries were observed to have labels indicating that they should have been replaced in June 200 1. BWXT personnel could offer no clear technical explanation for why the batteries were deemed fit for continued service.

Lightning Protection Implementation Plan. The Pantex Plant has issued a series of revisions to its Project Plan for Lightning Protection Authorization Basis Post-Start Implementation (Project Plan) to address open issues identified in the Lightning Basis for Interim Operation (L- BIO), the Safety Evaluation Report accompanying the L-BIO, and the Nuclear Explosive Safety, Master Study of the Lightning Protection System at the DOE Pantex Plant. Previous versions of the Project Plan relied almost exclusively on Sandia National Laboratories (SNL) for lightning-related testing, analysis, and validation. The Board sent a letter to DOE on June 22, 2001, to express its concern regarding the facility testing backlog due to the inability of limited SNL resources to support the Pantex lightning protection workload. This letter encouraged the contractor to develop in-house testing, analysis, and validation capabilities. Since that time, BWXT has hired two full-time employees with doctoral degrees in engineering and physics, and work has begun on developing in-house computer modeling capabilities to study and understand the effects of lightning on nuclear explosive facilities. The maturation of these local resources prompted BWXT to further revise and rebaseline its Project Plan to reflect more accurately who will perform specific tasks and when this work will be completed.

The revised version of the Project Plan was briefed to the Board's staff during a follow-up review conducted on June 27, 2002. Work elements contained in the revised Project Plan include the systematic qualification of facility faraday cages (including shipping containers and transportation carts) using functional criteria developed by SNL, the evaluation of electromagnetic effects introduced by bond wire inductance, and the performance of a more detailed investigation of lightning-induced spalling hazards. Another important component of the revised Project Plan is the rebaselined schedule for the completion of reports documenting the results of low-voltage facility testing. Testing has been completed for all facility types, and SNL is currently working on draft reports to document test results that include extrapolations providing an empirical quantification of facility voltage environments in the event of actual lightning strikes. Test results and extrapolated facility voltages obtained from test data will be used to assess the validity and conservatism of analytical maximum voltage estimates that are currently used to derive controls in the site's safety basis documentation. The schedule for completion of draft reports has continued to slip, with the revised Project Plan calling for all draft documentation to be finished by January 2003. The Board's staff considers the timely generation of these reports essential for verifying the adequacy of existing lightning controls employed at Pantex.

The Board's staff is also concerned that BWXT's Project Plan still does not appear to address some potentially important indirect magnetic coupling mechanisms. Recent computer modeling efforts have indicated that significant currents can reside on large-diameter penetrations, such as heating, ventilation, and air conditioning ductwork, even if the penetration is well bonded. Lightning current flowing on these penetrations would produce strong time-varying magnetic fields that could induce significant voltage on conductors inside facility faraday cages.

Suspension of Transportation Operations During Lightning Warnings. Given the lack of defensible lightning protection in ramps at Pantex, transportation of nuclear explosives is prohibited during lightning warnings. Efforts are under way to replace this administrative control with engineered transportation design features, such as enhanced transportation carts, that provide defensible protection against lightning strikes. However, the recently approved Transportation SAR Module also credits the shutdown of transportation operations during lightning warnings as providing protection for transportation activities against potential tornados at Pantex.

Given the desire to remove such operational restrictions based on lightning warnings, Office of Amarillo Site Operations directed BWXT to use National Weather Service tornado warnings as the criterion for suspending transportation operations vulnerable to tornados. However, the response time provided by these National Weather Service declarations is variable, and it is not clear that they would allow sufficient time to secure assets in transit. When the L-BIO was being developed, the contractor performed a study entitled An Evaluation of the Time Required to Suspend Operations Upon Lightning Warning Notification. The purpose of this study was to ensure that the methods used to determine and declare a lightning warning would provide sufficient time to secure vulnerable operations. No such study has been performed to provide reasonable assurance that the tornado warning criterion provides adequate time to suspend transportation operations.

Site Electrical Safety Program. A letter from the Board dated June 21, 2001, raised the issue of possible safety hazards posed by electrical equipment that has not been tested and approved by a nationally recognized testing laboratory (NRTL). Since that time, BWXT has investigated equipment used in 760 of 78 1 buildings, including all nuclear explosive areas, and more than 5000 non-NRTL-approved items have been identified and cataloged. Substantive equipment evaluation efforts began in April 2002, and BWXT has set an aggressive goal of testing 50 units per day. If this testing frequency can be sustained, all non-NRTL equipment evaluations will be completed by October 2002. Measures have also been instituted to stem the flow of non-NRTL equipment into the site. New procedures have been implemented to ensure that non-NRTL equipment arriving at Pantex will be tested and qualified in the receiving area before being transported to its ultimate on-site destination. Provided the identification and evaluation program continues at its current pace and the new procedures are strictly enforced, it appears that BWXT is adequately addressing the nonlisted equipment issue raised in the Board's June 21, 2001, letter regarding electrical safety.