March 6, 1996 The Honorable Victor H. Reis Assistant Secretary for Defense Programs Department of Energy Washington, D.C. 20585-0104 Dear Dr. Reis: The Defense Nuclear Facilities Safety Board (Board) continues to closely monitor the Department of Energy's (DOE) efforts to improve the Nuclear Explosive Safety Study (NESS) process. DOE's efforts to implement Board Recommendation 93-1 and the NESS Corrective Action Plan have the potential to result in a much improved NESS process. Members of the Board's staff observed a recent NESS conducted at the DOE's Nevada Operations Office (DOE-NVOO) to evaluate the addition of a Coded Optical Device Enabling System (CODES) to the existing arming and firing system utilized by Lawrence Livermore National Laboratory. The enclosed trip report is forwarded for your information and use. The Board is pleased to note the greater involvement of technically-qualified personnel from the DOE Defense Programs organization in both observing and critiquing the NESS. However, it appears that DOE-NVOO's implementation of the NESS process remains problematic. The Board will continue to focus on this important process as DOE Defense Programs and NVOO personnel work to address the issues raised with the execution of the CODES NESS and would appreciate being informed of your plans regarding upgrading the NESS process at DOE-NVOO. Ms. Cynthia Miller of the Board's staff at (202) 208-6580 is available if you require any additional information or assistance. Sincerely, John T. Conway Chairman c: Mr. Mark Whitaker Mr. Terry Vaeth Enclosure DEFENSE NUCLEAR FACILITIES SAFETY BOARD February 16, 1996 MEMORANDUM FOR: G. W. Cunningham, Technical Director COPIES: Board Members FROM: Derek N. Barboza SUBJECT: Trip Report on the Nuclear Explosive Safety Study for the Coded Optical Device Enable System 1. Purpose: This report documents a review of the Nuclear Explosive Safety Study (NESS) for the Coded Optical Device Enable System (CODES). The study took place at the Nevada Operations Office (NVOO). Members of the Defense Nuclear Facilities Safety Board's (Board) staff, Derek Barboza, Cynthia Miller, and William White, were present for the NESS group meetings on December 12-15, 1995. 2. Background: The staff has conducted extensive reviews of the NESS process over the past several years. The identified deficiencies have resulted in Board Recommendation 93-1 and a letter to the Secretary of Energy dated December 8, 1993, requesting an independent review of the NESS process. This review was conducted and on June 15, 1994, the Secretary issued the NESS Corrective Action Plan (NESSCAP) which accepted many of the recommendations of the independent review team. On February 22, 1994, the Deputy Assistant Secretary for Stockpile Support issued Interim Guidance on the conduct of NESSs, effective immediately. 3. Summary: The CODES NESS showed minimal progress toward the implementation of the NESSCAP. Furthermore, the conduct of the CODES NESS did not meet the intent of the Department of Energy's (DOE) Order 5610.11, DOE-STD-YYYY-95 (Draft), and the NESS Process Guide. The overall process was unstructured and unorganized, and the presentations were incomplete. The briefings emphasized the functionality of CODES, whereas the focus should have been on the effect that CODES has on safety. Input documents did not adequately address the potential impact on safety from the introduction of CODES into the arming and firing (A&F) system. The NESS group appeared to be in agreement that they were not presented adequate information to conclude that CODES meets the second safety standard, "there shall be positive measures to prevent deliberate prearming, arming, or firing of a nuclear explosive except when directed by competent authority," yet concluded that CODES does not pose a threat to nuclear safety. Given the limited information provided to the NESS group, it appeared that inadequate information was available for them to conclude that the installation of CODES into the A&F system meets the five nuclear safety standards of DOE Order 5610.11. Several references are cited in this report; a complete list of these references can be found in the attachment. 4. Discussion/Observations: CODES was developed by Lawrence Livermore National Laboratory (LLNL) after the 1992 Arming & Firing/Timing & Control (A&F/T&C) Master Study, as an enhancement to the LLNL A&F system at the Nevada Test Site. It is intended to provide use control and an additional level of lightning protection. The staff observed several problems with the conduct of the NESS, the NESS group, and the safety analysis presented to the NESS group. There appears to be agreement between the Board's staff and representatives from the DOE Defense Programs organization (DP-21) who attended the CODES NESS that the NESS did not meet the intent of DOE Order 5610.11, DOE-STD-YYYY-95 (Draft), and the NESS Process Guide. DOE DP-21 has indicated to the staff that they intend to discuss their observations with NVOO and take appropriate actions. a. Conduct of the NESS 1. The overall CODES NESS process was unstructured and unorganized. For example, there were no presentations to the NESS group on the performance of CODES in abnormal environments. The NESS group did not raise this issue until the writing of the final report. Presentations to the NESS group were incomplete; insufficient information was presented to the NESS group on the reliability assessment of the system and the layout of CODES with respect to the rest of the A&F equipment is not documented. When the group questioned the system layout, one of the system designers drew a typical layout on the chalk board; no formal documentation on system layout was presented. 2. The briefings given to the NESS group covered the design and functionality of CODES, but did not adequately address hazards and safety issues. It does not appear that the presenters were given the appropriate guidance to satisfactorily brief the NESS group. The Independent Review [1] found that the input documentation has historically been incomplete and recommended that "efforts to improve the . . . quality of the documentation should continue." Neither the briefings nor group discussions focused on positive measures to ensure that CODES meets the safety standards, with the exception of the discussions on the second safety standard (see section c.4). The Interim Guidance [2] directs that "all studies shall have a system risk analysis." An adequate risk analysis was not presented. 3. After one day of briefings and group discussions, a strawman of the NESS report that had been prepared by the Chairman was distributed for consensus review by the group. It included not only a template of the NESS report, but also predetermined observations, conclusions, and a determination of no findings or recommendations. The draft had been prepared by the NESS group Chairman prior to convening the NESS. Although preparation of a strawman is customary practice for a NESS, this one established a preconceived favorable assessment of the system. The rewriting of the draft during the study validated the system design, but failed to assess the merits or shortcomings of the addition of CODES to the A&F system from a safety analysis standpoint. 4. Several deficiencies identified during a staff review of the LLNL A&F/T&C Master Study are still applicable. In the staff trip report [3], several deficiencies were noted concerning the NESS process, such as "it appears that documented analysis of abnormal events is incomplete and inadequate." Additionally, the minority report to the 1992 Master Study [4] (classified report) states that the A&F system violates the second safety standard. The concerns expressed by the NESS group for CODES with respect to the second safety standard shows that actions have not been taken to fully address this issue. b. NESS Group Members 1. Chairman - On several occasions, the Chairman appeared to exert inordinate influence over the discussion of potential safety issues, appearing to steer the conclusions of the NESS group toward his personal views. In several instances the Chairman answered questions from the group members which would have been more appropriately answered by the presenter. This is contrary to the Interim Guidance [2] which states "the member shall not participate in the preparation ... or presentation of briefings." The Chairman also promoted broad hasty review of technical issues (i.e., impact of abnormal environments on the system operation), rather than allow for objective discussions among the NESS group of potential issues. 2. Advisors - During the deliberations, several of the technical advisors stepped outside of their advisory role and argued points of issue with members of the NESS group. The nature of the arguments was more persuasive than advisory. The advisors themselves were not independent as required by DOE STD-YYYY-95. This requirement is a result of a recommendation made by the Independent NESS Review team which states the revised standards "include guidance directing that the independence requirements for NESSG advisors should be the same as for NESSG members." The advisors were drawn mostly from the A&F teams of LLNL and Los Alamos National Laboratory (LANL). The two LLNL advisors, in particular, appeared to have been very involved with the development of the CODES system. c. Safety Analysis 1. The primary function of a NESS is to evaluate proposed operations to assure that there are adequate positive measures to minimize the possibility of unintended nuclear detonation, high explosive (HE) detonation or deflagration, or fire. Presentations to the NESS group did not describe in any detail the positive measures and administrative controls in place to ensure that the nuclear safety standards are met. Plausible accident scenarios that could affect the operation of CODES and the A&F system were not discussed until the group came across the portion of the draft report intended to summarize their assessment. At this point, the group conducted an ad hoc review of the performance of CODES in abnormal environments. There were no briefings on CODES operation in abnormal environments and neither the briefings nor the input document referenced the existing 1992 document, Nuclear Explosive Abnormal Environments at the Nevada Test Site. Very limited information on this subject was provided in the input document. The Interim Guidance states that "the response of that operation or system to abnormal environments is required for input to the NESSG." 2. A reliability assessment for CODES was presented to the group; however, the documentation was incomplete and only the final results were presented. When questions arose as to the methodology utilized and adequacy of the assessment, they could not be answered because the analyst was not present. The Chairman characterized the results as "bonus" information and the group agreed that further quantitative evaluation of the CODES hardware was a nonvaluable exercise since reliability numbers did not exist for the rest of the approved A&F system. The group dismissed reliability for the purposes of this NESS based on a conviction that reliability issues are different than nuclear explosive safety issues, and an open reliability issue did not constitute a violation of a nuclear safety standard. The group agreed that a quantitative reliability assessment for the complete A&F system would be an appropriate issue for the joint (LLNL and LANL) A&F Master Study in the future. It should be noted, however, that they made no recommendation in the report to ensure that this would happen. 3. It was stated in the briefings that the worst case CODES failure (complete shorting of the downhole component of the system) causes the A&F system to revert to the operational mode of the existing system. Certain members of the group and the technical advisors strongly recommended that the NESS group conclude that since the level of risk associated with the existing A&F system was deemed acceptable via the Master Study in 1993, the level of risk associated with the use of CODES is also acceptable. Since the failure of CODES in an open circuit mode would result in an inability to detonate the test device, the group agreed that this failure is not a nuclear explosive safety concern. This determination was made without any safety analysis. 4. The minority opinion to the 1992 LLNL A&F Master Study [5] (classified report) raised the issue of a possible detriment to surety. The NESS group acknowledged that a similar situation may exist with CODES. Several group members argued that the bench and field tests that are performed are only sufficient to verify functionality and do not verify the condition of the actual internal components of the system. The Chairman acknowledged this as part of a larger concern--not limited to CODES--that has been expressed by several groups in the past. The members concluded that they did not have enough information to determine if the system meets the second safety standard, "There shall be positive measures to prevent deliberate prearming, arming, or firing of a nuclear explosive except when directed by competent authority." They, however, went on to conclude that the implementation of CODES would not pose a threat to nuclear explosive safety. 5. CODES can be operated in either an optical mode or an electrical mode. Although the group agreed that restricting use of CODES to the optical mode would be preferable, the group made no such recommendation. The input document identifies the electrical mode as the primary mode of operation. This apparent inconsistency merits further assessment. 5. Future Staff Actions: a. The staff continues to observe NESS reviews to evaluate improvements in the process as proposed by DOE in the 5610 series Orders. b. The staff is coordinating with DOE DP-21 responsible staff to understand the DP assessment and intended actions on this NESS in view of the provisions of DOE Order 5610.11, DOE-STD-YYYY-95 draft, and the Nuclear Explosive Safety Study Process Guide. The staff will monitor the DP-21 approval of this NESS, including any corrective guidance. ATTACHMENT References 1. Department of Energy Nuclear Explosive Safety Study Final Report prepared by the Office of Weapons Surety, April 13, 1994. 2. Memorandum on Nuclear Explosive Safety Study Interim Guidance, Charles J. Beers, Jr., February 22, 1994. 3. Staff trip report on the A&F/T&C Nuclear Explosives Safety Study: System for Lawrence Livermore National Laboratory (LLNL) Devices at the Nevada Test Site, J. McConnell and D. Barboza,October 1993. 4. Nuclear Explosive Safety Study of the Lawrence Livermore National Lab Arming & Firing and Timing & Control System and Operations at the Nevada Test Site, October 1992 (classified). 5. Department of Energy's Response for the Independent Review Team's Report on its Review of the Nuclear Explosive Safety Study Process, June 15, 1994.