[DNFSB LETTERHEAD]
December 1, 1999
Brigadier General Thomas F. Gioconda
Acting Assistant Secretary for Defense Programs
Department of Energy
1000 Independence Avenue, SW
Washington, DC 20585-0104
Dear General Gioconda:
In response to Recommendation 98-2, Safety Management at the Pantex Plant, of the Defense Nuclear Facilities Safety Board (Board), the Department of Energy (DOE) has been attempting to improve and simplify the safety basis for nuclear explosive operations at Pantex. Two enclosed reports prepared by the Board's staff highlight issues that appear to indicate that DOE's efforts in this area have not been entirely successful.
Instead of becoming simpler, the safety basis at Pantex is actually becoming more complex. Significant issues associated with the integration and completeness of the various hazard analyses and associated controls are being observed. In some cases, voids exist in which one analysis depends on another to assess the activity, but it is later discovered that the follow-on analysis has not been completed or implemented. In other cases, there are inconsistencies in similar, if not identical, analyses. The most recent letter from the Board to DOE on this issue is dated July 30, 1999.
In addition, both enclosed reports highlight deficiencies with information on warhead response being provided to the Pantex contractor by the nuclear design laboratories for use in determining the hazards and resulting controls associated with nuclear explosive activities. Although the Pantex contractor is responsible for conducting the necessary safety analyses, only the nuclear design laboratories can provide the information with respect to warhead response to specific environments. This input must be of the highest fidelity possible, with a defensible technical basis and appropriate uncertainties, to be useful for safety basis development.
The Board is aware that DOE has been working to achieve improvements in both of these areas, and in another letter to you has offered its assistance in safely resolving such problems and similar ones at Pantex and the Y-12 Plant. The Board would like to be briefed on your plans and actions for resolution of the problems discussed in the enclosed memoranda when they are sufficiently well developed. If you have any questions on this matter, please do not hesitate to call.
Sincerely,
John T. Conway
Chairman
c: Mr. Richard E. Glass
Mr. Mark B. Whitaker, Jr.
Enclosures
DEFENSE NUCLEAR FACILITIES SAFETY BOARD
Staff Issue Report
October 1, 1999
| MEMORANDUM FOR: | G. W. Cunningham, Technical
Director J. K. Fortenberry, Deputy Technical Director |
| COPIES: | Board Members |
| FROM: | D. L. Burnfield |
| SUBJECT: | Review of Status of W62 Disassembly and Inspection Program, Pantex Plant |
This report summarizes the results of a review by the staff of the Defense Nuclear Facilities Safety Board (Board) in support of the Board's Recommendation 98-2, Safety Management at the Pantex Plant. Staff members F. Bamdad, D. Burnfield, M. Helfrich, and A. Matteucci, along with outside expert R. West, met with representatives of the Department of Energy (DOE) and Mason and Hanger Corporation (MHC) on September 7-10, 1999, to review the preparations for restarting the W62 Disassembly and Inspection (D&I) Program. This review included the final draft Hazard Analysis Report (HAR), the Activity-Based Controls Document (ABCD), and supporting documentation, as well as preparations for the upcoming Nuclear Explosive Safety (NES) review. Following a site review conducted September 10-23, 1999, detailed discussions were held between the Board's staff and DOE regarding the NES review preparations.
Laboratory Support. The supporting documentation for the HAR prepared by Lawrence Livermore National Laboratory's (LLNL) Defense Technologies Engineering Division (DTED) addresses the high explosive (HE) response to W62 HAR scenarios. The cover letter for this report contains the following statement: "HE response is not an exact science and thus requires considered judgment for each scenario, so this information should not be utilized for judgment by anyone other than LLNL/DTED." Thus, the LLNL documentation for the HAR explicitly says it should not be used in a HAR prepared by MHC. In addition, the report does not cite sufficient references to support the data presented. The lack of definitive data limits the ability of MHC to judge whether an operation can be performed safely. In Recommendation 98-2, the Board stressed the role of the contractor with regard to the HAR:
The Pantex contractor is responsible for the safety of operations conducted at the Pantex site. In reality, the HAR should be a submittal made by the Pantex contractor, with appropriate input and review by the weapons laboratories as defined by the DOE, in support of the conclusion that the operation in question will be conducted safely. The Pantex contractor must have agreed with its content and must be prepared to stand behind it. During discussions with the Board's staff, however, MHC personnel were not always able to defend the assertions in the LLNL report.
Performance of Hazards Analysis. As indicated in two previous reports prepared by the Board's staff (dated January 22, 1999, and May 11, 1999) on the performance of the hazards analysis for the W62 D&I, the hazard analysis team did not do a thorough process hazard analysis as recommended by DOE Standard DOE-STD-3016-99, Hazard Analysis Reports for Nuclear Explosive Operations. However, the MHC project team did note the staff's comments and took actions aimed at improving the quality of the final draft of the HAR. Specifically, the project team reviewed the procedures for operations in the radiography and vacuum leak check bays.
Integration of Various Hazards Analyses. The HAR relies on other authorization basis documentation without fully integrating the physical and/or organizational interfaces. For example, the HAR identifies a Technical Safety Requirement (TSR) -like control requiring the shipping container to be inspected for functionality prior to shipment between bays, as well as upon receipt at the Zone 12 loading dock. This practice allows the shipping container to act as a Faraday cage and provide lightning protection to the weapon. However, no similar requirement is contained in the Transportation Basis for Interim Operations, which covers transportation of the weapon between Zones 4 and 12.
NES Review Preparations. In the Implementation Plan for Recommendation 98-2, DOE committed to compensatory measures specific to the W62 D&I that would include "implementation of selected tooling improvements, approval and implementation of a HAR and ABCD controls, contractor and DOE readiness reviews, and a NES review with complete process walk downs and a current assessment of whether the W62 controls satisfy the objectives of the NES Standards." Despite these commitments, DOE made preparations for performing a revalidation of the 1992 Nuclear Explosive Safety Study (NESS). The revalidation would differ from a standard revalidation in two respects:
Discussions between the Board's staff and DOE focused on the need to walk down all pertinent operations and to provide a current assessment of the D&I process (instead of simply reviewing the changes since the 1992 NESS). On October 1, 1999, the DOE Albuquerque Field Office agreed to address the concerns of the staff and provided a planning document that met the intent of the Recommendation 98-2 Implementation Plan. The W62 Project Plan states that the NESS revalidation and the DOE Readiness Assessment will be held concurrently. The performance of these two reviews simultaneously is expected to be difficult with significant numbers of people attempting to observe operations within the manning limits of the bays and cells.
DEFENSE NUCLEAR FACILITIES SAFETY BOARD
Staff Issue Report
October 8, 1999
| MEMORANDUM FOR: | G. W. Cunningham, Technical Director J. K. Fortenberry, Deputy Technical Director |
| COPIES: | Board Members |
| FROM: | A. Matteucci |
| SUBJECT: | Review of Transportation Basis for Interim Operations Module, Pantex Plant |
The staff of the Defense Nuclear Facilities Safety Board (Board) completed a review of the latest draft Transportation Basis for Interim Operations (BIO) Module during and following a trip to the Pantex Plant. The main objective of the Transportation BIO is to identify and assess the full spectrum of potential hazards associated with the movement of nuclear explosives (NEs) within the Pantex Plant. This effort includes identification of the hazards, analysis of weapon response, and estimation of the frequency of occurrence of accident scenarios.
Background. In 1997, after problems occurred in the development of Safety Analysis Reports (SARs), the decision was made to upgrade the BIO for the Pantex nuclear facilities and activities using a modular concept. The first of these modular BIOs, the Transportation BIO, is being developed in two phases: the first phase was submitted to the Department of Energy (DOE) for approval on September 7, 1999; the second phase, to be released October 26,1999, will update phase one.
Discussion. Observations made by the Board's staff during its review fall into three categories: the scope of the Transportation BIO, integration, and identification and implementation of controls.
Scope of Transportation BIO--The scope of the Transportation BIO upgrade is limited to on-site movements of NEs/nuclear explosive-like assemblies (NELAs) in an ultimate user configuration, in shipping containers, in the custody of Mason and Hanger Corporation (MHC). The scope includes ramp, road, and loading and unloading movements at the Pantex site. It stops at bay, cell, and magazine doors, and it does not include transportation of partial assemblies or high explosives by themselves (which can be an initiating event for other accidents). The partial assemblies are currently being covered by some, but not all, individual process Hazard Analysis Reports (HARs). It is unclear when or if these activities will be addressed by the Transportation BIO.
Integration--The integration of the Transportation BIO with other site authorization documents, including other BIOs, appears to be problematic. There is much confusion and no clear path forward with regard to how this BIO module will be integrated into the site's authorization basis. The authorization basis will include the facility BIO (broken down by building type), the BIO modules addressing cross-cutting issues (e.g., transportation, fire protection, and lightning), the General Information Document, weapon process-specific HARs, Technical Safety Requirements (TSRs), and Activity-Based Control Documents (ABCDs). Given this plethora of authorization basis documents, a significant effort will be required to ensure adequate integration and implementation. No evidence was provided to the Board's staff that such an effort had been initiated. Additionally, there is currently no implementation plan for the TSR-level controls, and the implementation budget has not been finalized. A number of identified controls may be difficult to implement from an operational, programmatic, and budgeting standpoint.
Complicating this issue is a lack of communication among the various teams involved in site authorization documentation. For example, the project manager for the Transportation BIO had not seen the transportation portion of the W62 HAR; likewise, the W62 HAR team had not seen the draft Transportation BIO.
Laboratory Support--The hazard analysis methodology used by MHC to develop the BIO results in the postulation of specific weapon environments for each event, initiating event frequencies, weapon responses, and probabilities for these weapon responses. This methodology is then used again with selected safety controls to identify the residual risk. The specific weapon environments were determined through plant walkdowns and a review of various documents, including current ABCDs from other weapon programs. The initiating event frequencies were determined through statistical means and engineering judgement. On the basis of the initiating event scenarios produced by MHC, the design agencies predicted weapon responses and weapon response frequency bins (roughly two orders of magnitude). The Transportation BIO and its supporting documentation provide little or no qualitative or quantitative rationale for these weapon response frequencies. During the staffs review, no design agency personnel were available to provide support for their probability numbers. In addition, several of the design agency documents cited in the Transportation BIO include caveats indicating that the weapon response probabilities are neither supportable nor statistically valid. The use of statistically invalid assumptions with little or no qualitative supporting rationale is incompatible with safety.
Given the range of issues noted with the Transportation BIO, it would appear that MHC continues to experience problems with analyzing accidents, determining adequate controls, and establishing a path forward for adequately integrating the modular authorization basis documents into a coherent, comprehensive document. Deficiencies in the inputs of the design agencies to the hazard analysis contribute significantly to the problems with the safety analysis. The accident analyses in the Transportation BIO do not include sufficient qualitative detail or rationale to support and defend the many assertions made in the document. The errors noted with regard to accuracy of references and correlation of information also indicate a lack of adequate review prior to submission of the BIO.