Oversight of Complex, High-Hazard Nuclear Operations
The Defense Nuclear Facilities Safety Board has unanimously approved Recommendation 2004-1, for DOE to consider. Recommendation 2004-1 deals with Oversight of Complex, High-Hazard Nuclear Operations.
Comments, data, views, or arguments concerning the recommendation are due on or before July 7, 2004.
Send comments, data, views, or arguments concerning this recommendation to: Defense Nuclear Facilities Safety Board, 625 Indiana Avenue, NW., Suite 700, Washington, DC 20004-2001.
For further information contact:
Kenneth M. Pusateri or Andrew L. Thibadeau at the address above or telephone (202) 694-7000.Dated: June 1, 2004. John T. Conway, Chairman.
Oversight of Complex, High-Hazard Nuclear Operations
Dated: May 21, 2004.
In furtherance of its statutory duty to oversee the Department of Energy's(DOE) protection of workers and the public from hazards at defense nuclear facilities operated for DOE and the National Nuclear Safety Administration (NNSA), the Defense Nuclear Facilities Safety Board (Board) conducted eight public hearings to examine DOE's current and proposed methods of ensuring safety at its defense nuclear facilities.
In these hearings, the Board also sought to benefit from the lessons learned as a result of investigations conducted following the Columbia Space Shuttle disaster and the discovery of the deep corrosion in the reactor vessel head at the Davis-Besse Nuclear Power Plant. The Board received testimony from representatives of the Nuclear Regulatory Commission; the Naval Reactors Program; the Columbia Accident Investigation Board; the Deputy Secretary of Energy; the Administrator of NNSA; DOE's Under Secretary of Energy, Science and Environment; DOE's Assistant Secretary for Environment, Safety, and Health; and selected site managers of DOE's facilities, senior contractor managers, and members of the public.
The overall objective of the hearings was to gather information that could be helpful in assessing DOE's proposals for changing the methods it uses for contract management and nuclear safety oversight, as they have been controlled through the DOE Directives System. NNSA has proposed shifting responsibility for safety oversight from DOE Headquarters to the DOE field offices and site contractors. The key question the Board sought to address was: Will modifications proposed by DOE/NNSA to organizational structure and practices, as well as increased emphasis on productivity, improve or reduce safety, and increase or decrease the possibility of a high-consequence, low-probability nuclear accident?
DOE's programs for national security and environmental protection are complex, with potentially high consequences if not safely performed. Mishandling of nuclear materials and radioactive wastes could result in unintended nuclear criticality, dispersal of radioactive materials, and even nuclear detonation. DOE has a long and successful history of nuclear operations, during which it has established a structure of requirements directed to achieving nuclear safety. That structure is based on such methods as defense in depth, redundancy of protective measures, robust technical competence in operations and oversight, extensive research and testing, a Directives System embodying nuclear safety requirements, Integrated Safety Management, and processes to ensure safe performance.
The United States owns the defense nuclear facilities at which its programs are carried out by a government agency—DOE. Each such facility is operated by a contractor that was selected by DOE on the basis of being best suited to conduct the work for DOE at that site. Under the original Atomic Energy Act of 1946 and continuing to date in the Atomic Energy Act of 1954, as amended, the government officials in charge (i.e., the Secretary of Energy and other line officers) have a statutory responsibility to protect health and minimize danger to life or property. In any delegation of responsibility or authority to lower echelons of DOE or to contractors, the highest levels of DOE continue to retain safety responsibility. While this responsibility can be delegated, it is never ceded by the person or organization making the delegation. Contractors are responsible to DOE for safety of their operations, while DOE is itself responsible to the President, Congress, and the public.
This reality was highlighted during the course of the Board's hearings. Many important lessons were cited in the testimony provided. These included the importance of a centralized and technically competent oversight authority, central control of technical safety requirements and waivers for departure from those requirements, an ability to operate in a decentralized mode when appropriate, a willingness to accept criticisms, the need for retention of technical expertise and capabilities at high levels of any organization in which technical failure could have high consequences, and an awareness that complacency can arise from a history of successes. DOE representatives testified that DOE's attention to safety has continued to improve with better on-site oversight and self-assessment programs, use of Integrated Safety Management, careful attention to safety statistics, and stabilization and disposal of high risk nuclear materials. However, cause for concern with regard to the potential increase in the possibility of nuclear accidents was also evident in: (1) The increased emphasis on productivity at the possible expense of safety, (2) the loss of technical competency and understanding at high levels of DOE's and NNSA's organizational structure, (3) the apparent absence of a strong safety research focus, and (4) the reduced central oversight of safety.
Clearly, safety performance can benefit from attention to detail and lessons learned from small incidents and minor accidents. However, failures leading to high-consequence, low-probability accidents would likely have their roots in interactions between engineering failures and improper human actions. Because the consequences of large nuclear accidents would be unacceptable, the nuclear weapons complex cannot permit them to occur. While the potential for such accidents cannot be completely eliminated, their likelihood can be held to an insignificant level by rigorous attention to Integrated Safety Management with technical and operational excellence based on nuclear safety standards subject to rigorous oversight. In addition, nuclear safety must be founded on solid research, analysis, and testing to ensure an adequate understanding of energetic initiating mechanisms under off-normal conditions.
DOE has taken some preliminary steps toward its proposed changes in safety practices. These actions may have contributed to some unfortunate consequences, such as the following:
• A glovebox fire occurred at the Rocky Flats closure site, where, in the interest of efficiency, a generic procedure was used instead of one designed to identify and control specific hazards. Apparently, success of the cleanup project resulted in management complacency. DOE site management had given the impression that safety was less important than progress, and contract management had not emphasized oversight of work control processes.
• Downsizing of safety expertise has begun in NNSA's NA-53 organization, while field organizations such as the Albuquerque Service Center have not developed an equivalent technical capability in a timely manner. As a result, NNSA field offices are left without an adequate depth of understanding of such important matters as seismic analysis and design, training of nuclear workers, and protection against unintended criticality.
• DOE's Office of Environmental Safety and Health, with assistance from some sites and contractors, has reviewed DOE Directives to simplify safety requirements, with the objective of supporting accelerated operations that are also more efficient. This shift has led to proposals for downgrading some worker safety Directives to the level of guidance and modifying some radiation protection requirements. It has also led to a proposed modification of the Order on Worker Safety and Health to reduce requirements for protecting workers from the consequences of fires,explosions, and discharges from high-pressure systems.
Proposed modifications to DOE and NNSA's organizational structure, manpower, contract management, oversight policies and practices, and safety directives could have unintended consequences. These include reduction of defense in depth, potentially inconsistent safety-related decisions caused by decentralization of safety authority, emphasis on performance as opposed to safety, and reduction of technical capability at key points in the organizational structure. DOE and NNSA line managers could be left with inadequate awareness of safety issues.
As a result of testimony it has received, the Board is not convinced of the benefit of the changes to DOE's and NNSA's organizational structure and practices as they have been described. The Board cautions that if any such changes are made, they must be done formally and deliberatively, with due attention given to unintended safety consequences that could reduce the present high level of nuclear safety. DOE should take full advantage of lessons learned from safety problems discovered by National Aeronautics and Space Administration and Nuclear Regulatory Commission, and it should learn from the success of the good organizational and safety practices championed by the Naval Reactors Program. The Board needs to be sure that any fundamental reorganization does not degrade nuclear safety, and that the likelihood of a serious accident, facility failure, construction problem, or nuclear incident will not be increased as a result of well-intentioned changes.
As a result of testimony received at the public hearings and the potential effects on safety at defense nuclear facilities outlined above, the Board recommends:
1. That delegation of authority for nuclear safety matters to field offices and contractors be contingent upon the development and application of criteria and implementing mechanisms to ensure that:
a. Oversight responsibility includes the capability for examining, assessing, and auditing by all levels of the DOE organization,
b. The technical capability and appropriate experience for effective safety oversight is in place, and
c. Corrective action plans consistent with recommendations resulting from internal DOE and NNSA reviews of the Columbia accident and the Davis-Besse incident are issued.
2. That to ensure that any features of the proposed changes will not increase the likelihood of a low-probability, high-consequence nuclear accident, DOE and NNSA take steps to:
a. Empower a central and technically competent authority responsible for operational and nuclear safety goals, expectations, requirements, standards, directives, and waivers;
b. Ensure the continued integration and support of research, analysis, and testing in nuclear safety technologies; and
c. Require that the principles of Integrated Safety Management serve as the foundation of the implementing mechanisms at the sites.
3. That direct and unbroken line of roles and responsibilities for the safety of nuclear operations—from the Secretary of Energy and the NNSA Administrator to field offices and sites—be insured according to appropriate Functions, Responsibilities, and Authorities documents and Quality Assurance Implementation Plans.
4. That prior to final delegation of authority and responsibility for defense nuclear safety matters to the field offices and contractors, DOE and NNSA Program Secretarial Officers provide a report to the Secretary of Energy describing the results of actions taken in conformance with the above recommendations.John T. Conway, Chairman.