[DNFSB
LETTERHEAD]
February 14, 2005
The Honorable Samuel W. Bodman
Secretary of Energy
1000 Independence Avenue, SW
Washington, DC 20585-1000
Dear Secretary Bodman:
The Defense Nuclear Facilities
Safety Board (Board) issued Recommendation 2004-1, Oversight of Complex,
High-Hazard Nuclear Operations, on May 21, 2004. In
the Department of Energy’s (DOE) acceptance letter of July 21, 2004, DOE
emphasized its commitment to safety and agreed that the Columbia accident and
Davis-Besse incident provided valuable lessons from which DOE could learn. The lessons learned from these events were to
be key inputs in developing DOE’S Implementation Plan for the Recommendation.
The Board received Secretary
Abraham’s letter dated December 23, 2004, enclosing DOE’s Implementation Plan
for Recommendation 2004-1 and reviewed the plan in the context of the Board’s
Policy Statement 1, Criteria
for Judging
the Adequacy of DOE Responses and Implementation Plans for [Board] Recommendations, and the requirements of the
specific subrecommendations. While the
plan presents several concepts that will prove key to successful implementation
of the Recommendation, the descriptions of how these concepts will be put into action
lack the detail necessary to determine whether they will be responsive to the
issues they are intended to address. Therefore, the Board is unable to accept the
proposed Implementation Plan.
The Board is particularly
concerned about the lack of progress in defining the structure of and the
functions, responsibilities, and authorities assigned to the Central Technical
Authorities. The Board intended for
these authorities to bring a higher level of awareness of site conditions to headquarters
decision makers, and for mechanisms to enforce required actions to be strong
and clearly delineated. This intent has
not been realized. As described, the
structure and the functions, responsibilities, and authorities of the Central
Technical Authorities are not capable of preventing DOE from committing the
type of errors that led to the Columbia accident. The Board is also concerned that the nuclear
safety research and development function is not adequately defined, and the
mechanisms through which the results of safety research will be utilized are
not specified. DOE needs to establish a
sustainable capability that will maintain and advance the scientific and
engineering understanding of nuclear safety.
Recommendation 2004-1 presents
DOE with the opportunity to manage its high-consequence operations successfully
and to reduce the likelihood of a nuclear accident. DOE should seize this opportunity and develop
an approach that will be sustainable beyond the current leadership and become a
cornerstone of its safety culture. Further, this change will require the
full-time attention of a responsible manager with vision, expertise, will, and authority,
selected specifically for and assigned solely to keeping this significant
organizational change on course. This
manager should have ready access to the Secretary and the Deputy Secretary, and
operate with the fully stated support of these offices in directing all
subordinate organizations through the completion of the Implementation Plan. The goals of this plan can only be achieved
with high-level support. Further, it
must be clear that the role of the responsible manager in no way reduces the
accountability of the highest levels of the line organizations, including the
Central Technical Authorities, for ensuring timely completion of the requirements
imposed by this plan.
Specific suggestions focused on
the subrecommendations to Recommendation 2004-1 are provided in the enclosure
to this letter to assist you in strengthening the Implementation Plan. The Board looks forward to working with you
to achieve an acceptable Implementation Plan and to DOE’s execution of that
plan as expeditiously as possible.
Sincerely,
John T. Conway
Chairman
c: The Honorable Linton Brooks
The
Honorable David K. Garman
The
Honorable John S. Shaw
The
Honorable Jerald S. Paul
Mr.
Mark B. Whitaker, Jr.
Enclosure
Enclosure
Comments
on the U.S. Department of Energy’s
Implementation
Plan to Improve Oversight of Nuclear Operations
1.a. That delegation of authority for nuclear safety
matters to field offices and contractors be contingent upon the development and
application of criteria and implementing mechanisms to ensure that... oversight
responsibility includes the capability for examining, assessing, and auditing
by all levels of
the
Department of Energy (DOE) organization.
The issue, basis, and resolution
approach provided in the Implementation Plan to address this subrecommendation
appear to be adequate. As noted in the
Board’s letter of December 22, 2004, however, DOE Policy 226.1, DOE Oversight Policy, will be a key instrument in implementing
the changes described in this section of the plan. Therefore, development and publication of this
policy should be a deliverable in the plan, and the policy should be delivered with
or before the associated DOE Order 226.1 (committed for delivery in April 2005).
The schedule for delivery of the
supporting DOE Manual 226.1, DOE
Safety Oversight Manual (promised
for June 2006) is protracted, especially given that the associated Criteria, Review,
and Approach Documents (CRAD) are promised for June 2005. If at all possible, DOE should strive to
publish the manual within 6 months of development of the CRADs. DOE should also clearly commit to addressing
all phases of facility life in this manual―design, construction, operation, and decommissioning. Deliverables to the Board should include a
draft outline and a prepublication version of the document.
The CRADs themselves appear to
be defined as a field review tool. An
important root cause of failure identified in the Columbia Accident
Investigation Board Report is
the lack of senior management (headquarters) awareness of issues and activities
in the field. To address this fact, a
set of CRADs focused specifically on a review of headquarters offices that can
affect field operations (e.g., program secretarial offices) should be developed.
Overall, the Implementation Plan
should be clear that developing and issuing the documentation associated with
this subrecommendation will not be allowed to delay action on other key
characteristics of the plan in such areas as headquarters operational
awareness, technical capacity, and nuclear safety research and development.
1.b. That delegation of authority for nuclear safety
matters to field offices and contractors be contingent upon the development and
application of criteria and implementing mechanisms to ensure that...the technical capability and appropriate experience
for effective safety oversight is in place.
Section 5.1.4 of the
Implementation Plan addresses the development of a delegation process. However, technical capability is addressed
separately, in Section 5.1.5. It is not
clear that the actions contemplated in Section 5.1.5 are clearly tied to those
developed in Section 5.1.4, or even in Section 5.1.2 with regard to oversight
in general. For example, there should be
a commitment to develop criteria and implementing mechanisms to ensure that the
requisite technical capability and appropriate expertise are present in a field
office before headquarters delegates a specific authority with respect to
nuclear safety. There should be
commitments directed at developing and implementing compensatory measures for
offices found to be deficient. DOE
should also include commitments dedicating long-term resources to sustain any progress
made in this area. Overall, the sense of
urgency in this area should be raised to a level commensurate with that
indicated in the Recommendation through a focus on strong, immediate actions
instead of further studies and reviews.
The National Nuclear Security
Administration’s (NNSA) formal review of the Columbia Accident Investigation Board Report (the Haeckel Report) generated
specific recommendations regarding the urgent need to strengthen DOE’s
Technical Qualification Program. These
specific actions should be addressed either here or in the section responding
to the Columbia and Davis-Besse incidents. The current data on participation in the
Technical Qualification Program at the headquarters level is indicative of the
depth of the issue facing DOE: approximately 70 of 250 NNSA and 10 of 330
Environmental Management headquarters personnel are enrolled in the program. DOE is a technical organization with
significant responsibilities for the operation of high-hazard nuclear
operations. Therefore, aggressive
actions to remediate this situation should also be described in the
Implementation Plan. Additionally, the
plan should clearly commit the Office of Environment, Safety and Health (EH)
and the offices reporting to the Undersecretary of Energy, Science, and
Environment (ESE) to evaluate their programs for strengthening technical
qualifications in ways that may be indicated by these aspects of the Columbia
or Davis-Besse incidents.
1.c. That delegation of authority for nuclear safety
matters to field offices
and contractors
be contingent upon the development and application of criteria and implementing
mechanisms to ensure that...corrective action
plans consistent with recommendations resulting from internal DOE and NNSA
reviews of the Columbia accident and the Davis-Besse incident are issued.
The Implementation Plan
addresses this subrecommendation in Section 5.2. However, there must be more urgency in the
actions presented. The Columbia accident
occurred in February 2003; the Columbia Accident Investigation Board produced
its report in August 2003. NNSA
conducted a formal review of the investigation through February 2004 (the
Haeckel Report). In testimony to the
Board on October 21, 2003, the Deputy Secretary of Energy stated that the
Secretary had directed all headquarters and senior field managers to review the
Columbia investigation report and take necessary actions based on lessons
learned. Therefore, the resolution
approach should involve more than simply initiating the review effort. The Implementation Plan commits to only one
deliverable-developing a corrective action plan by May 2005. There should be additional commitments related
to immediate implementation of corrective actions to address items already identified,
such as those contained in the Haeckel Report or the Columbia Accident
Investigation Board Report itself.
(One example of such a corrective action
would be establishing a formal, standardized process for disposition of
minority opinions. The Haeckel Report
concluded that stressing the importance of valuing negative information, as
well as positive information, was a key need within NNSA, so the Implementation
Plan should commit to moving forward with such a process.)
The corrective actions required
of DOE and NNSA as a result of these lessons learned are likely to be profound
and difficult to administer. However,
the Implementation Plan states that the identified corrective actions will be
managed through DOE’s Corrective Action Tracking System. To ensure success, the Implementation Plan
should place responsibility for assurance of implementation of these corrective
actions with the Central Technical Authorities for NNSA and ESE. Further, the
Implementation Plan should include a commitment to complete the identified corrective
actions and to verify the effectiveness of those actions.
Section 5.2.2 does commit to
developing an enhanced Operating Experience Program based on the model used by
the Institute of Nuclear Power Operations. However, the mechanisms to be used to drive
corrective actions must be more clearly delineated, with enough detail to make
the ultimate course of action apparent.
2.a. That to ensure that any features of the proposed
changes will not increase the likelihood of a low-probability,
high-consequence nuclear accident, DOE and NNSA take steps to...empower a central and technically competent
authority responsible for operational
and nuclear safety goals, expectations, requirements, standards, directives,
and waivers.
The structure chosen by DOE to
implement this subrecommendation is defined as encompassing two Central
Technical Authorities. However, the
proposed structure really consists of three Central Technical Authorities: with
responsibility for defining requirements, standards, directives, and some
waivers being retained within EH, EH-1 is a de
facto Central Technical Authority. The
three Central Technical Authorities also differ in their apparent roles, since
the two in NNSA and ESE are in the line organization, while the one in EH is
not. Beyond the decision to establish
the Central Technical Authorities, few details regarding roles, responsibilities,
authorities, staffing, and operating mechanisms are provided; many of the concepts
that are provided would be detrimental to the success of the enterprise. For example, the core nuclear safety functions
assigned to the Central Technical Authorities reduce them to providing input,
improving processes (ownership unknown), and maintaining availability of expertise.
This must be corrected. If the Central Technical Authorities are to be
effective, their roles, responsibilities, and authorities must be defined in a
clear, simple, and unambiguous manner. Lack of a clear structure for the three
Central Technical Authorities will lead to confusion, failures of
responsibility and accountability, and the subsequent atrophy of this key role.
The support staff for the
Central Technical Authorities is only weakly defined for NNSA.
As it stands, the staff size
contemplated within the Implementation Plan (presumably half of the 15-20 staff
allotted to the entire department) will be inadequate once the roles,
responsibilities, and authorities have been adjusted to the proper scope. The Central Technical Authority within ESE must
have dedicated staff support and not be required to borrow staff from an
Assistant Secretary (EH) who reports above him in the chain of command. Once EH’s roles, responsibilities, and
authorities as a de facto Central Technical Authority have been defined, the portions
of the EH staff to be dedicated to this function must also be identified.
Until the complete list of
roles, responsibilities, and authorities to be assigned to these offices has
been compiled and analyzed to determine the optimum mix of skills and technical
capabilities, DOE should be able to identify the minimum set of functional
areas that will be required under any conditions and begin allocating positions
and searching for candidates to fill them. Based on the Board’s experience, identifying
and hiring the level of technical talent required for these staffs will be an
intensive, time-consuming task. DOE must
not delay initiating this hiring effort and must take steps to sustain it for
the long term.
Overall, this section of the
Implementation Plan must address more clearly the three roles that DOE must
fill: customer, owner, and self-governor
for nuclear safety. It does not appear that
the third role is well understood. In
particular, the Implementation Plan does not outline a vision for a clear
separation between DOE as the customer/owner and DOE as the self-governor responsible
for ensuring that safety requirements are met. It is this separation that is key to the safety
of the enterprise, and a commitment to clarify and further differentiate these
roles, responsibilities, and authorities should be included in the
Implementation Plan. Further discussion
of this subject can be found in Section 8.2 of the Board’s technical report DNFSB/Tech-35, Safety Management of Complex, High-Hazard
Organizations.
Based on the structure proposed
in the Implementation Plan, it appears that DOE intends to parse the duties of
the Central Technical Authorities among the three proposed entities: the one in
EH will be responsible for establishing the rules and requirements, while the
two in NNSA and ESE will be responsible for establishing nuclear safety goals,
expectations and waivers. This
separation of functions must be made much clearer, and the roles,
responsibilities, and authorities assigned to each Central Technical Authority
in the Implementation Plan must be carefully defined.
The ability of the Central
Technical Authorities to force action must also be strengthened.
Given the proposed structure, it
is not clear that the Central Technical Authorities have authority related to
such key areas as direction and budget for nuclear safety research and
development, start-up of high-consequence operations, corrective actions
resulting from lessons learned, and even unfettered access to sites and nuclear
facilities.
The resolution approach set
forth in Section 5.1.1 of the Implementation Plan correctly portrays many of
the decisions that must be made to institutionalize the roles of the Central Technical
Authorities, but the results of these decisions must be presented if the Board
is to judge the adequacy of the proposed path forward for institutionalizing
those roles. The Deputy Secretary of
Energy, in a memorandum dated December 17, 2004, established the positions of the
Central Technical Authorities in NNSA and ESE, appointed two individuals to
fill the positions, and tasked them to work with EH to develop a path forward. The joint recommendations developed in
response (Brooks/Garman/Shaw memorandum dated January 12, 2005) do not provide
sufficient detail to aid the Board’s evaluation. Further, the role of the Central Technical
Authority as described in the January memorandum does not encompass the scope
envisioned by the Board.
Section 5.1.1 of the
Implementation Plan should also discuss instituting technical qualification
requirements for the Central Technical Authorities; Section 5.1.5 would be
another appropriate place in which to address these requirements. Institutionalizing these requirements will be
necessary to sustain the organizational change envisioned by the Board.
2.b. That to ensure that any features of the proposed
changes will not increase the likelihood of a low-probability, high-consequence
nuclear accident, DOE and NNSA take steps to...ensure
the continued integration and support of research, analysis, and testing in
nuclear safety technologies.
Section 5.1.3 of the
Implementation Plan addresses research but not analysis and testing.
The framework provided involves (1)
assessing
safety research needs, taking into account the safety research being conducted
by other government agencies and industry; (2) prioritizing those needs
identified; (3) integrating both the prioritized needs and the safety research
already occurring across the complex; and (4) managing the resulting prioritized
research program. This approach falls
short of adequately addressing the issues involved.
For example, the Implementation
Plan speaks to preserving key safety research needs but does not address
actions to be taken on the four elements of the proposed framework noted above.
The detailed actions to be taken to
achieve these elements must be described in the Implementation Plan. DOE should commit to establishing a formal
office to run this program and describe the means by which such an office would
continually assess priority safety research needs. The range of matters that would be expected to
fall within the purview of this office, such as site-specific safety issues,
new information needed to develop new or modify existing technical standards
and requirements, and improved methodologies for assessing the effectiveness of
oversight programs, should be identified. The safety research office would support
nuclear weapon activities, nuclear energy programs, nuclear materials
activities, and nuclear waste programs. However, it must be clear that research and
development efforts directed and funded through DOE'S program offices should
continue to focus on real-time safety issues affecting mission-specific needs. The decision-making body for the safety
research program should include or have a well-defined relationship with the
Central Technical Authorities. This
arrangement should be described in the Implementation Plan. The Implementation Plan should describe the
mechanisms through which the results of safety research will be utilized within
the complex to improve safety. Additionally, the milestones provided in
Section 5.1.3 of the Implementation Plan should identify specific examples that
would demonstrate success for this newly established program, as opposed to the
broad administrative arrangements shown at present.
2.c. That to ensure that any features of the proposed
changes will not increase the likelihood of a low-probability, high-consequence
nuclear accident, DOE and NNSA take steps to...require
that the principles of Integrated Safety Management (ISM) serve as the
foundation of the implementing mechanisms at the site.
Section 5.3 of the
Implementation Plan closely focuses on activity-level work planning and the
feedback and improvement functional area. While this focus is laudable, it does not ensure
that ISM will be revitalized as the foundation for safety across the complex. The principles of ISM should be clearly
visible in each section of this Implementation Plan. The Secretary of Energy, the Undersecretaries,
and the Deputy Secretary are assigned responsibilities in this section. Leadership at that level is exactly what is
required to drive improvement in ISM. However, the actions assigned should be much
broader in scope and designed to lead the entire organization to a greater
understanding and implementation of the principles of ISM at all levels. As a minimal first step in this area, DOE
should take action to address expeditiously those issues raised by previous ISM
assessments and reviews.
Lower-tier actions, such as
those described in Sections 5.3.1, 5.3.2, and 5.3.3 of the Implementation Plan,
will require dedicated attention from the Central Technical Authorities in NNSA
and ESE to be successful. This should be
specified in the Implementation Plan. The plan should also emphasize the process
contemplated to follow up on feedback and lessons learned and force actions to
address identified issues.
3. That direct and
unbroken line of roles and responsibilities for the safety of nuclear operations―from
the Secretary of Energy and the NNSA Administrator to field offices and sites―be
insured according to appropriate Functions, Responsibilities, and Authorities
documents and Quality Assurance Implementation Plans.
The Implementation Plan
indicates that most of DOE’s actions to address this subrecommendation are
delineated in Section 5.1.4. However,
the issue, basis, and resolution approaches in this section are clearly
restricted to delegations of authority from headquarters to the field offices. The Implementation Plan should include actions
focused on assignments of roles, responsibilities, and authorities that are not
to be delegated. Some roles,
responsibilities, and authorities should not be levied upon or delegated to the
field, but should be retained at the headquarters level. The Implementation Plan should address
identifying these roles, responsibilities, and authorities and ensuring their
assignment at the headquarters or field level, as determined to be appropriate.
4. That prior to final delegation of authority and
responsibility for defense nuclear safety matters to the field offices and
contractors, DOE and NNSA Program Secretarial Officers provide a report to the
Secretary of Energy describing the results of actions taken in
conformance with the above recommendations.
The Implementation Plan
addresses this subrecommendation in Section 5.3.4. No issue, basis, or resolution approach is
provided. The Implementation Plan should
be modified to include these elements. The Implementation Plan commits to delivering
two ISM verifications plus a schedule for follow-on reviews. However, ISM verification reviews that have
been conducted to date across the complex would not satisfy the requirements of
this subrecommendation. Further, the
delivery schedule-two reviews by July 2006, with a schedule that continues
onward from that time-would not meet the requirement to complete the actions prior
to final delegations of authority.
Section 5.1.4 of the
Implementation Plan, Commitment 13, could be crafted to satisfy this subrecommendation,
but the scope of the commitment is currently-limited to delegations of authority
from headquarters to field offices and does not address the breadth of actions
required to respond to subrecommendations 1 through 4. Further, Commitment 13 is not commissioned by
the Program Secretarial Officers in DOE and NNSA.
Section 5.1.6 of the
Implementation Plan also might be structured to satisfy this subrecommendation.
However, this section currently does not
include an issue, basis, resolution approach, or milestone/deliverable.
Reporting (discussed in Section 6.2 of the
Implementation Plan).
The Implementation Plan commits
to triannual briefings to the Board. This proposed schedule does not promote
development of a public record of DOE’s and NNSA’s actions on this Recommendation.
At a minimum, the proposed briefings
should be supplemented by development of an annual report.
Leadership (discussed in Section 6.0 of the
Implementation Plan)
The objective of this Implementation
Plan is to develop an organizational structure, and deploy human resources
within DOE in a manner more closely aligned with the attributes of organizations
successfully performing complex, high-hazard operations. Such a major undertaking will require the
full-time attention of a responsible manager with vision, expertise, will, and
authority, selected specifically for and assigned solely to implementing this
plan. The Implementation Plan must
provide for such an assignment at the Secretarial level to be effective.
This manager should have ready
access to the Secretary and the Deputy Secretary, and operate with the fully
stated support of these offices in directing all subordinate organizations
through the completion of the Implementation Plan. The goals of this plan cannot be achieved with
lesser support. Further, it must be
clear that the role of the responsible manager in no way reduces the
accountability of the highest levels of the line organizations, including the
Central Technical Authorities, for ensuring timely completion of the
requirements imposed by this plan.