[DNFSB
LETTERHEAD]
May 21, 2004
The Honorable Spencer Abraham
Secretary of Energy
1000 Independence Avenue, SW
Washington, DC 20585-1000
Dear Secretary Abraham:
On May 21, 2004, the Defense
Nuclear Facilities Safety Board (Board), in accordance with 42 U.S.C. § 2286d(a), unanimously approved
Recommendation 2004-1, which is enclosed for your consideration. Recommendation 2004-1 deals with Oversight of
Complex, High-Hazard Nuclear Operations.
After your receipt of this
recommendation and as required by 42 U.S.C. § 2286d(a),
the Board will promptly make it available to the public. The Board believes that the recommendation
contains no information that is classified or otherwise restricted. To the extent this recommendation does not
include information restricted by DOE under the Atomic Energy Act of 1954, 42 U.S.C.
§§ 2161-68, as
amended, please see that it is promptly placed on file in your regional public
reading rooms. The Board will also
publish this recommendation in the Federal Register.
Sincerely,
John T. Conway
Chairman
Enclosure
c: Mr. Mark B. Whitaker, Jr.
DEFENSE
NUCLEAR FACILITIES SAFETY BOARD
RECOMMENDATION
2004-1 TO THE SECRETARY OF ENERGY
Pursuant
to 42 U.S.C. §
228a(a)(5)
Atomic
Energy Act of 1954, As amended.
Dated: May 21, 2004
In furtherance of its statutory
duty to oversee the Department of Energy’s (DOE) protection of workers and the
public from hazards at defense nuclear facilities operated for DOE and the
National Nuclear Safety Administration (NNSA), the Defense Nuclear Facilities
Safety Board (Board) conducted eight public hearings to examine DOE’s current
and proposed methods of ensuring safety at its defense nuclear facilities.
In these hearings, the Board
also sought to benefit from the lessons learned as a result of investigations
conducted following the Columbia Space Shuttle disaster and the discovery of
the deep corrosion in the reactor vessel head at the Davis-Besse Nuclear Power
Plant. The Board received testimony from
representatives of the Nuclear Regulatory Commission; the Naval Reactors
Program; the Columbia Accident Investigation Board; the Deputy Secretary of
Energy; the Administrator of NNSA; DOE’s Under Secretary of Energy, Science and
Environment; DOE’s Assistant Secretary for Environment, Safety, and Health; and
selected site managers of DOE’s facilities, senior contractor managers, and
members of the public.
The overall objective of the
hearings was to gather information that could be helpful in assessing DOE’s
proposals for changing the methods it uses for contract management and nuclear
safety oversight, as they have been controlled through the DOE Directives
System. NNSA has proposed shifting
responsibility for safety oversight from DOE Headquarters to the DOE field
offices and site contractors. The key
question the Board sought to address was: Will modifications proposed by DOE/NNSA to
organizational structure and practices, as well as increased emphasis on
productivity, improve or reduce safety, and increase or decrease the possibility
of a high-consequence, low-probability nuclear accident?
DOE’s programs for national
security and environmental protection are complex, with potentially high
consequences if not safely performed. Mishandling of nuclear materials and radioactive
wastes could result in unintended nuclear criticality, dispersal of radioactive
materials, and even nuclear detonation. DOE has a long and successful history of
nuclear operations, during which it has established a structure of requirements
directed to achieving nuclear safety. That structure is based on such methods as
defense in depth, redundancy of protective measures, robust technical
competence in operations and oversight, extensive research and testing, a
Directives System embodying nuclear safety requirements, Integrated Safety Management,
and processes to ensure safe performance.
The United States owns the
defense nuclear facilities at which its programs are carried
out by a government agency—DOE. Each such facility is operated by a contractor
that was selected by DOE on the basis of being best suited to conduct the work
for DOE at that site. Under the original
Atomic Energy Act of 1946 and continuing to date in the Atomic Energy Act of
1954, as amended, the government officials in charge (i.e., the Secretary of Energy
and other line officers) have a statutory responsibility to protect health and
minimize danger to life or property. In
any delegation of responsibility or authority to lower echelons of DOE or to contractors,
the highest levels of DOE continue to retain safety responsibility. While this responsibility can be delegated, it
is never ceded by the person or organization making the delegation. Contractors are responsible to DOE for safety
of their operations, while DOE is itself responsible to the President,
Congress, and the public.
This reality was highlighted
during the course of the Board’s hearings. Many important lessons were cited in the
testimony provided. These included the
importance of a centralized and technically competent oversight authority,
central control of technical safety requirements and waivers for departure from
those requirements, an ability to operate in a decentralized mode when
appropriate, a willingness to accept criticisms, the need for retention of
technical expertise and capabilities at high levels of any organization in
which technical failure could have high consequences, and an awareness that
complacency can arise from a history of successes. DOE representatives testified that DOE’s
attention to safety has continued to improve with better on-site oversight and
self-assessment programs, use of Integrated Safety Management, careful attention
to safety statistics, and stabilization and disposal of high risk nuclear
materials. However, cause for concern
with regard to the potential increase in the possibility of nuclear accidents
was also evident in: (1) the increased
emphasis on productivity at the possible expense of safety, (2) the loss of
technical competency and understanding at high levels of DOE’s and NNSA’s
organizational structure, (3) the apparent absence of a strong safety research
focus, and (4) the reduced central oversight of safety.
Clearly, safety performance can
benefit from attention to detail and lessons learned from small incidents and
minor accidents. However, failures
leading to high-consequence, low-probability accidents would likely have their
roots in interactions between engineering failures and improper human actions. Because the consequences of large nuclear
accidents would be unacceptable, the nuclear weapons complex cannot permit them
to occur. While the potential for such
accidents cannot be completely eliminated, their likelihood can be held to an
insignificant level by rigorous attention to Integrated Safety Management with
technical and operational excellence based on nuclear safety standards subject
to rigorous oversight. In addition,
nuclear safety must be founded on solid research, analysis, and testing to
ensure an adequate understanding of energetic initiating mechanisms under
off-normal conditions.
DOE has taken some preliminary
steps toward its proposed changes in safety practices. These actions may have contributed to some
unfortunate consequences, such as the following:
Proposed modifications to DOE
and NNSA’s organizational structure, manpower, contract management, oversight
policies and practices, and safety directives could have unintended
consequences. These include reduction of
defense in depth, potentially inconsistent safety-related decisions caused by
decentralization of safety authority, emphasis on performance as opposed to
safety, and reduction of technical capability at key points in the
organizational structure. DOE and NNSA
line managers could be left with inadequate awareness of safety issues.
As a result of testimony it has
received, the Board is not convinced of the benefit of the changes to DOE’s and
NNSA’s organizational structure and practices as they have been described. The Board cautions that if any such changes
are made, they must be done formally and deliberatively, with due attention
given to unintended safety consequences that could reduce the present high
level of nuclear safety. DOE should take
full advantage of lessons learned from safety problems discovered by National
Aeronautic Space Administration and Nuclear Regulatory Commission, and it
should learn from the success of the good organizational and safety practices
championed by the Naval Reactors Program. The Board needs to be sure that any
fundamental reorganization does not degrade nuclear safety, and that the
likelihood of a serious accident, facility failure, construction problem, or
nuclear incident will not be increased as a result of well-intentioned changes.
As a result of testimony
received at the public hearings and the potential effects on safety at defense
nuclear facilities outlined above, the Board recommends:
a.
oversight
responsibility includes the capability for examining, assessing, and auditing
by all levels of the DOE organization,
b.
the
technical capability and appropriate experience for effective safety oversight
is in place, and
c.
corrective
action plans consistent with recommendations resulting from internal DOE and
NNSA reviews of the Columbia accident and the Davis-Besse incident are issued.
a.
empower
a central and technically competent authority responsible for operational and
nuclear safety goals, expectations, requirements, standards, directives, and waivers;
b.
ensure
the continued integration and support of research, analysis, and testing in nuclear
safety technologies; and
c.
require
that the principles of Integrated Safety Management serve as the foundation of
the implementing mechanisms at the sites.
John T. Conway, Chairman