July 9, 2003
The Honorable Linton Brooks
National Nuclear Security Administration
U.S. Department of Energy
1000 Independence Avenue, SW
Washington, DC 20585-0701
Dear Ambassador Brooks:
The Defense Nuclear Facilities Safety Board (Board) recently reviewed the proposed safety-class instrumentation and control systems for the critical assemblies at Technical Area 18 (TA-18) at Los Alamos National Laboratory (LANL).
As noted in the enclosed report, the existing scram systems do not appear to fully meet the Department of Energy’s safety-class requirements. Furthermore, design of the new temperature measurement systems will require additional effort if they are to function as intended in the recently approved safety basis. These designs have not yet had an appropriate independent design review, and it may be difficult to verify that the new systems will fulfill their safety functions when installed.
Therefore, pursuant to 42 U.S.C. § 2286b(d), the Board requests that the National Nuclear Security Administration provide a report, prior to removing the interim controls that protect fuel and sample temperature, but no later than September 2004, that demonstrates that the high-temperature scrams will operate reliably and effectively to prevent critical assemblies from overheating.
As a result of its review of the proposed safety-class instrumentation at TA-18, the Board observed deficiencies that appear to be institutional. The Board has raised similar concerns in the past (Board letter dated February 22, 2002), and some corrective actions are being taken. However, additional improvement will be required to address issues such as the consistent use of applicable codes and standards, the use of independent design reviews and the performance of backfit analyses. The Board intends to further evaluate these areas in the future.
John T. Conway
c: Mr. Mark B. Whitaker, Jr.
DEFENSE NUCLEAR FACILITIES SAFETY BOARD
Staff Issue Report
May 15, 2003
MEMORANDUM FOR: J. K. Fortenberry, Technical Director
COPIES: Board Members
FROM: R. Quirk
SUBJECT: Instrumentation and Control Systems at Los Alamos Critical Experiments Facility
This report documents a review by members of the staff of the Defense Nuclear Facilities Safety Board (Board) of instrumentation and control (I&C) systems for the critical assemblies at Technical Area 18 (TA-18) at Los Alamos National Laboratory (LANL). Staff members R. Quirk, C. Keilers, and A. Jordan conducted this review.
The staff identified both strengths and deficiencies during the review. Several deficiencies were similar to findings from previous staff reviews (as documented in letters from the Board dated April 23, 2002, and August 6, 2002) and may indicate systemic issues in the formality of LANL engineering for new and existing safety-related systems. LANL is making improvements in the LANL Engineering Manual as part of a multiyear facility revitalization program, and in response to the Board’s reporting requirement dated February 22, 2002, related to the implementation of DOE Order 420.1, Facility Safety. However, these improvements have not yet been effected.
Chapter 8 of the LANL Engineering Manual addresses I&C systems, and among other items, identifies I&C consensus standards that should be followed. However, the communication of best engineering practices, guidance, and directives to engineers has not been completely successful at LANL to date, particularly for research and development efforts such as those at TA-18. Additionally, the manual allows deviating from required standards, but does not require documentation, independent review, and approval of these deviations.
New Safety-Class Controls at TA-18. TA-18 has three remote laboratories housing five operating critical assemblies that are controlled individually from a central control building.
Most of the structures are four to five decades old. The critical assemblies include two general-purpose machines (Comet and Planet), one highly reflected spherical benchmark assembly (Flattop), one fast-burst assembly (Godiva IV), and one solution high-energy burst assembly (SHEBA). TA-18 is located approximately 0.5 miles from the nearest site boundary and 3 miles from the town of White Rock. Previous safety analyses of TA-18, dated 1998 and before, did not include unmitigated accident analyses and concluded that the engineered safety features were not required to be functionally classified as safety-class or safety-significant. This approach is inconsistent with 10 CFR 830, which is now in effect.
In July 2002, the National Nuclear Security Administration (NNSA) approved a new TA-18 safety basis that included analyses consistent with current DOE requirements. The analyses concluded that the unmitigated accidents with the highest off-site consequences would be uncontrolled reactivity insertions leading to melting and partial vaporization of fuel and/or irradiated samples. The estimated site boundary dose for these events would exceed DOE’s evaluation guideline of 25 rem by more than an order of magnitude.
Accordingly, NNSA approved a peak fuel temperature safety limit. To prevent this safety limit from being reached, NNSA approved a fuel temperature limiting control setting for the initiation of a reactivity scram. New administrative controls to limit excess reactivity and new administrative controls and safety-significant engineered features to limit the reactivity insertion rate were approved to ensure the fuel temperature reactivity scram would be effective in avoiding the safety limit.
NNSA and LANL designated the existing scram mechanisms, the existing scram chains, and the new fuel (incore) temperature measurement systems as safety-class systems. A scram chain is the instrument circuit that will cause the system to scram if certain relays are de-energized. The new fuel temperature measurement system is still being developed and should be completed by September 2004. Two interim controls have been put in place until the new fuel temperature measurement systems are installed: a sample size limit, and a reduction in the trip set point for nuclear instrument scram to one decade above the expected value for any particular experiment.
The staff concurs that these interim controls should provide adequate compensatory protection for the short period until the new fuel measurement system is scheduled to be completed.
Design of Safety-Class Fuel Temperature Limit Controls. The staff reviewed portions of the new temperature measurement design package now under development for all the critical assemblies. The staff also reviewed the existing scram chains for SHEBA and Planet. Subsequent to the on-site review, the staff evaluated the other related controls discussed above.
The staff had the following observations on the proposed new fuel temperature measurement systems and existing scram chains:
Based on the above observations, the staff believes a temperature-based scram meeting standard safety-class requirements will be difficult to implement, and that it will also be difficult to verify that the scram could perform its intended safety function. The staff also believes that the design of new safety systems or the major upgrade of existing systems requires more attention to applicable codes and standards.
LANL Institutional Issues. The staff believes that the LANL personnel designing the new fuel temperature measurement system are aware of many of the above issues. However, they are encumbered by weaknesses in current LANL institutional guidance on what is acceptable. Reviews performed by the Board’s staff during the last year have collectively identified several weaknesses in the conduct of engineering, including the following:
The staff understands that LANL is preparing new sections of the LANL Engineering Manual that will focus on nuclear safety and the interface between safety analysis and design. These sections are expected to be completed in the next fiscal year and may help address the issues raised above.