TRANSMITTED TO M. WHITAKER 07/26/95 DEFENSE NUCLEAR FACILITIES SAFETY BOARD February 17, 1995 MEMORANDUM FOR: G. W. Cunningham, Technical Director COPIES: Board Members FROM: C. H. Keilers, Jr. SUBJECT: Device Assembly Facility Review 1 Purpose: This trip report documents a review of the status, safety basis, safety and electrical systems, and fire protection for the Device Assembly Facility (DAF) at the Nevada Test Site (NTS). The review was performed on February 7-9, 1995, by T. Davis, A. Gwal, C. Keilers and C. Martin of the Defense Nuclear Facilities Safety Board (Board) technical staff. 2. Summary: The DAF is a new, moderate hazard facility for nuclear explosive operations. An integrated Nuclear Explosive Safety Study (NESS) is anticipated in June 1995, followed by an Operational Readiness Review (ORR) in August 1995. Although originally intended for assembling one-of-a-kind devices, the DAF mission has the potential to evolve to a broader range of operations. Additional missions may include assembly, disassembly, modification, staging, maintenance, repair, retrofit, and surveillance of nuclear weapons. The staff is continuing to follow DAF preparations. 3. Background: The DAF was designed 10 years ago to consolidate NTS nuclear explosive operations and to replace aging facilities that are closer to the public and have fewer safety features. Construction started in 1988 and is now nearing completion. The facility consists of about two dozen independent buildings connected by a corridor and buried in a hillside. 4. Discussion: DOE, laboratory, site contractor, and consulting personnel briefed the staff on NESS/ORR preparations, as well as the DAF safety basis, safety and electrical systems, and fire protection. The staff has the following key comments and observations (other observations are included in the attachment): a. Although originally intended for assembling one-of-a-kind nuclear test devices, the DAF mission has the potential to evolve to a full range of nuclear explosive operations. This is already reflected in the DAF Environmental Assessment, recently submitted to the state of Nevada. The Final Safety Analysis Report (FSAR) is also being revised to reflect the other potential missions. b. The proposed DAF organization includes a permanent facility management team and temporary laboratory project teams that report up a different chain of command. This organization has been used successfully before for assembling unique test devices (i.e., for research). However, it may need to be reevaluated as the DAF mission evolves. In particular, a single chain of command may be more appropriate if the future mission includes operations comparable in scope to those at Pantex. c. At NTS, the NESS and the FSAR are still two relatively independent activities described as "ratcheting" each other. This is different from Pantex which is adopting a "seamless" philosophy recommended by the Department of Energy (DOE) Nuclear Explosive Safety Study Final Report (April 1994). It is not evident that the Pantex process is being imported into NTS. d. The FSAR for DAF is based on a 25 Rem evaluation guideline for dose to the public following postulated accidents. The staff is still reviewing a separate DOE proposal to use 25 Rem across the complex as the evaluation guideline for such postulated events. e. DAF has certain capabilities that DOE no longer intends to use and that are outside the safety envelope described in the draft FSAR (e.g., certain features in the 305 cell and 351 high bay). It would be worthwhile to clearly identify all such capabilities in the FSAR and thereby assist facility management in performing Unreviewed Safety Question (USQ) determinations if those capabilities are later needed. f. Ventilation in the DAF battery room is inadequate to prevent buildup of hydrogen gas. DAF personnel stated that the batteries will be replaced in October 1995 with "maintenance free" batteries. The staff observes that even "maintenance free" batteries may still require some maintenance to eliminate any potential for explosion. The staff will follow this effort. g. Studies on protective device coordination have recently been performed for the DAF electrical distribution system; however, the studies do not include the emergency distribution system. Coordination of the emergency distribution system is necessary to ensure backup power is available and reliable during a loss of normal power. h. DAF does not appear to have any personnel familiar with the design details of the electrical distribution system. A qualified electrical engineer is needed to ensure safe operation of the electrical distribution system during abnormal situations and to ensure equipment maintenance and replacement are performed adequately. i. DAF has not performed a fire hazard analysis (FHA) in accordance with DOE Orders 6430.1A and 5480.7A. DAF personnel believe that the substance of a FHA has been developed but has not been consolidated into a FHA format. Such analysis is necessary to demonstrate facility fire hazard adequacy. 5. Future Planned Activities: The staff is still reviewing key DAF analyses and will separately update its plan for following DAF preparations for operation. Attachment Board Staff Review of the Device Assembly Facility February 7-9, 1995 I. Introduction: This attachment provides additional and augmented staff comments and observations on the status, safety basis, safety and electrical systems, and fire protection for the Device Assembly Facility (DAF) at the Nevada Test Site (NTS). II. Facility Description: The facility consists of about two dozen independent buildings, all connected by a corridor and buried in a hillside (i.e., cut and cover construction). The buildings include five assembly cells with gravel gerties, seven assembly or high bays, two radiography rooms, several bunkers, and an administration building. DAF was designed so that, if an explosion were to occur in one building, workers in other buildings would be protected from blast, missiles, and spreading contamination. By design, this level of protection does not extend to corridors connecting buildings or to the shipping/receiving areas. Most assembly operations will be done in the cells and bays. The assembly cells are the only facilities in which bare conventional high explosives (HE) and special nuclear materials (SNM) are collocated. The cell safety systems include gravel gerties, resilient flooring, blast valves, and redundant blast doors. The redundant doors are interlocked so that at least one door is closed at all times when explosive operations are underway. The assembly bays and high bays can be used for operations involving SNM and less sensitive explosives (i.e., encased HE and encased or bare IHE). The bay safety systems include resilient flooring and blast doors. Unlike the assembly bays, the high bays do not have redundant equipment blast doors and will require more operational controls. DAF Operational Safety Requirements include mass limits on HE/SNM for each facility, as well as restrictions on operations if safety systems are nonfunctional. Resilient flooring is to be installed in all HE handling areas. No HE machining is permitted anywhere in DAF. III. Board Staff Comments and Observations: 1. Mission: Historically, nuclear test devices were assembled at either the Able or Baker facilities in Area 27. The DAF was designed to consolidate test device assembly in one facility that would also have upgraded safety features. The DAF Environmental Assessment, recently submitted to the state of Nevada, indicates that the DAF mission may extend beyond just test device assembly to also potentially include assembly, disassembly, modification, staging, maintenance, repair, retrofit, and surveillance of nuclear weapons. The staff is closely following anticipated FSAR changes that will reflect the evolving mission. 2. Management: The DAF management organization is based on that used before at the Able and Baker facilities. The organization includes a permanent facility management team and a temporary project team associated with each unique test device. These teams report up different chains of command, and each has a responsibility for ensuring safe facility operation. This organization has been appropriate in the past when NTS activities were focused on laboratory research involving one-of-a-kind test devices. However, the staff is concerned that this management structure may dilute the lines of responsibility if the DAF mission evolves to the scale of nuclear explosive operations at Pantex. 3. FSAR-NESS Interaction: DAF personnel are developing the FSAR and the NESS independently. Where the requirements of the two activities overlap, the most restrictive or conservative requirement will be used by the facility. This process is different than the approach adopted by Pantex which integrates the two activities based on a "seamless" safety philosophy, as recommended in the DOE Nuclear Explosive Safety Study Final Report (April 1994) and referred to as the "Stockpile Stewardship 21" (SS 21) initiative. The DOE Nuclear Explosive Safety Study Final Report also recommended that DOE/NV closely monitor the Pantex SS 21 effort and import applicable portions into NTS operations. Although DOE/NV may be monitoring the Pantex effort, it is not evident that any of the Pantex process is being transferred to NTS. Furthermore, although the FSAR places a high reliance on individual training and qualification, the NESS process is not explicitly set up to evaluate these aspects. 4. Procedures: Much work remains to prepare all the necessary procedures required to operate the DAF, particularly for laboratory, planning for maintenance, configuration management, high explosive safety, and industrial safety, health, and fire protection. 5. Order Compliance: a. DAF has trained personnel to perform self-assessments for administrative order compliance. Letter assessments were completed for two orders ,. Applicable requirements in 51 remaining DOE orders are currently being assessed and documented in the Standards/Requirements Identification Database (STRIDE). The facility intends to submit their assessment to DOE/NV in March 1995. b. DAF was designed to an earlier version of the DOE General Design Criteria (DOE Order 6430.1), and subsequently, an outside contractor (UE&C) performed a requirement-by-requirement assessment of the facility to the latest revision (DOE Order 6430.1A). The DAF management next formed a backfit review committee to assess the several hundred deviations from the latest version and to make recommendations based on cost and safety implications. The staff observes that the backfit committee addressed several safety-related deviations by referencing the draft FSAR; however, the draft FSAR does not explicitly identify these as DOE Order deviations, which may be worthwhile. The staff is still reviewing the backfit committee recommendations for safety-related requirements. 6. Configuration Management: DAF management reported that facility drawings and documentation frequently do not reflect the as-built facility. Effort is underway to remedy this. The primary cause appears to be that much of the DAF construction was under contract management by the U. S. Army Corps of Engineers and the subsequent turnover to the Department of Energy was not well executed. The staff is concerned that the existing situation may be exacerbated by the facility/project team management organization discussed above. 7. Safety Basis: a. Even though the draft FSAR was done to an earlier DOE safety analysis order , it appears to cover the key technical areas described in the current order . DOE has not yet approved the FSAR. The staff anticipates some changes and will review those changes as they become available. b. The current DAF plan for addressing the evolving mission is to use the Unreviewed Safety Question (USQ) determination process. DAF management anticipates that the risks in the evolving mission will be lower than those for assembling one-of-a-kind experiments. The staff expects that the risk impact will need to be systematically evaluated as the mission becomes better defined. c. The original design of the DAF included additional capabilities which are not described in the FSAR (e.g., certain design features in the 305 cell and 351 high bay). These capabilities may be required for possible new DAF mission requirements. The staff believes that such capabilities should be described in the FSAR to assist in resolving Unreviewed Safety Question determinations if those capabilities are later needed. d. Certain operations are also outside the FSAR safety envelope, such as HE machining or high corridor occupancy during nuclear explosive operations. Most of these are obvious. However, the staff believes that a systematic approach needs to be taken to ensure all these restrictions are captured in DAF administrative controls. e. The draft FSAR evaluates a full range of postulated accident scenarios, presents public doses, and compares those doses to a 25 Rem evaluation guideline. The projected 50-year doses to the maximally exposed off-site individual are below the evaluation guideline and range from 25 mRem for a small detonation in a cell (deemed unlikely) to 10 Rem for a large detonation in a bay (deemed incredible). DOE has not yet provided approved direction on evaluation guidelines for postulated accident exposures to the public. The staff is separately reviewing a DOE proposal to use 25 Rem as the evaluation guideline across the DOE complex. f. Unlike the Pantex design, the DAF blast valves are a simpler, less-costly, nonlatching design that will release more SNM after the initial blast. The staff is still reviewing the tradeoffs that were made to arrive at this design. 8. Electrical Systems: a. Battery Ventilation: Lead-acid batteries at the DAF are not adequately ventilated in accordance with the ANSI C2, National Electric Safety Code. Inadequate ventilation could allow hazardous buildup of hydrogen gas and subsequent explosion. DAF personnel stated that the batteries will be replaced in October 1995 with "maintenance free" batteries that release only a small amount of hydrogen. In the meantime, the facility will need to periodically monitor the battery room to detect any hydrogen accumulation. "Maintenance free" batteries are not entirely maintenance free. They still require some maintenance to eliminate any potential for explosion, such as periodically torquing battery terminals to detect loose connections. The staff will continue to follow the battery replacement program and any ventilation design modifications. b. Electrical Calculations: The facility electrical design calculations were performed in 1987 by Raytheon Service Nevada (RSN). However, during a facility review it was identified that the protective device coordination studies, in accordance with IEEE 242, "IEEE Recommended Practice for Protection and Coordination of Industrial and Commercial Power Systems," have not been performed. Subsequently, these studies were performed by RSN in 1994. Based on these calculations, approximately $100,000 dollars in electrical upgrades have been identified and will be performed to correct facility deficiencies. Staff review of these recent calculations identified that the coordination studies for the emergency distribution system were not performed. DAF personnel stated that a coordination of the emergency buses will be accomplished. During a review of the short circuit calculations performed in 1987, the staff noted that the short circuit currents identified in the calculations appeared to exceed some of the component specifications. DAF personnel stated that components in the facility electrical distribution system may have changed since 1987. Based on the potential changes and because the electrical distribution system components have already been identified and entered in a software program for the coordination studies, DAF personnel stated that they would recalculate the short circuit currents and compare the calculations with the equipment short circuit ratings. Short circuit currents exceeding the equipment short circuit ratings could result in an electrical fire or explosion. c. Facility Electrical Support: RSN personnel, associated with DAF construction, located the original design calculations and presented them to the staff. However, nobody was familiar with the facility electrical distribution design. For example, DAF personnel presented the backup diesel generator system as a redundant system with two diesel generators. After reviewing the design documentation, it was determined that the generators were intended to be operated in parallel and have only approximately 13% load margin. In addition, one-line drawings presented in the FSAR were not consistent with the facility design. A cognizant engineer for the DAF electrical systems is needed to provide guidance during abnormal situation and ensure equipment maintenance and replacement are adequately reviewed. d. Oil Insulated Transformers: Two oil-insulated transformers located inside the DAF structure are parts of the facility power distribution system. The transformer oil provides cooling for the transformer. Because the oil is flammable, it is a fire hazard if the transformer leaks or fails catastrophically. The National Electrical Safety Code and National Fire Protection Association (NFPA) 70, National Electric Code, require indoor oil- insulated transformers be located in a transformer vault. The code requirements for the transformer vault include fire walls and doors, ventilation and oil containment. The room did not appear to have the required fire walls. DAF personnel are reviewing the room design and will inform the staff as to the design. e. Lightning Protection: DAF has designed the lightning protection system in accordance with NFPA 780. The system has been fully installed and tested to ensure all terminals are properly grounded. In addition, a lightning detection system will be installed in the facility that interfaces with remote electromagnetic detectors which detect the presence of lightning storms and will allow the facility to cease work. Details of the lightning protection and detection system will be included in the electrical phenomena report which is scheduled to be issued in July 1995. f. Single Point Failure: The NTS electrical distribution system can receive power from two separate power generation plants. However, the NTS site distribution system is fed on a single line to the DAF and other facilities. This above ground distribution system has been damaged and power has been unavailable for extended periods several times in the past. g. DAF Distribution System: During meetings within the DAF, the facility lighting system would dim periodically and the gradually become brighter. The facility personnel were not sure what was causing the deficiency. Reduction in the facility light intensity indicates that the facility distribution system may be near its electrical loading capacity. Because facility loads tend to grow over time, the staff believes that this situation should be evaluated and corrected. 9. Fire Protection: a. Fire Hazard Analysis: A Fire Hazard Analysis (FHA), which is required by DOE Orders 6430.1A and 5480.7, provides an analysis of the hazards associated with a facility fire. This document is essential in determining whether adequate fire prevention, detection and suppression systems have been implemented. Although DAF personnel believe that the substance of a FHA has been developed for the facility, this material has not been consolidated into FHA format. b. Seismic Qualification of Emergency Lighting: DAF personnel were unsure whether the emergency lighting system (e.g., UPS and lights) were seismically qualified. These lights are necessary for safe egress following an earthquake. DAF personnel will review the system design and inform the staff as to the emergency lighting system capability following a seismic event.