[DNFSB LETTERHEAD]

 

March 7, 2003

 

The Honorable Jessie Hill Roberson

Assistant Secretary for Environmental Management

U.S. Department of Energy

1000 Independence Avenue, SW

Washington, DC 20585-0113

 

Dear Ms. Roberson:

 

Enclosed is a report detailing observations made by members of the staff of the Defense Nuclear Facilities Safety Board (Board) concerning electrical distribution and instrumentation and control systems being designed for the Hanford Site’s Waste Treatment Plant.  These observations were developed through document reviews and discussions with representatives of the Office of River Protection and Bechtel National, Incorporated.  At this early stage, the Board believes the overall design philosophy being employed with respect to these systems is sound.  Several specific areas were noted, however, that may warrant increased attention as the design progresses.  These areas are discussed in the enclosed report, which is forwarded for your information and use, as appropriate.

 

Sincerely,

 

John T. Conway

Chairman

 

c:  Mr. Roy J. Schepens

Mr. Mark B. Whitaker, Jr.

 

Enclosure

 

 

---

 

DEFENSE NUCLEAR FACILITIES SAFETY BOARD

 

Staff Issue Report

 

January 21, 2003

 

MEMORANDUM FOR:      J. K. Fortenberry, Technical Director

 

COPIES:                                 Board Members

 

FROM:                                   B. Broderick, R. Quirk

 

SUBJECT:                             Electrical Distribution and Instrumentation and Control Systems, Hanford’s Waste Treatment Plant

 

This report documents a review by the staff of the Defense Nuclear Facilities Safety Board (Board) of the design of electrical distribution and instrumentation and control (I&C) systems for the Waste Treatment Plant (WTP) at the Hanford Site.  Members of the Board’s staff B. Broderick, A. Gwal, S. Stokes, and R. Quirk assessed the design with the participation of on-site representatives of the Department of Energy’s (DOE) Office of River Protection (ORP) and its contractor, Bechtel National, Incorporated (BNI).

 

Background.  Large-scale construction for the WTP project has recently begun.  However, the portions of the design pertaining to important-to-safety (ITS) electrical distribution and I&C systems are still being developed.  BNI has estimated the design maturity for these systems at approximately 25 percent.

 

Although they have not been formally approved by DOE, there are two major design amendments proposed by BNI for the WTP project that would significantly alter the configuration and demands on ITS electrical systems.  The first potential modification would alter the number of production melters from three in the Low-Activity Waste (LAW) Facility and one in the High-Level Waste (HLW) Facility, to a two and two configuration.  Given the reliance on emergency power and I&C systems to operate and actuate hazard controls that would prevent or mitigate postulated melter accidents, changes in the quantity or location of the melters will require associated design changes to ITS electrical systems.  The other potential change would reduce the number of redundant emergency load trains and, by extension, the number of emergency diesel generators, from three to two.  There is currently no reason to believe that these design changes will adversely impact safety, however, if implemented, they will require vigilance on the part of both BNI and ORP to ensure that associated design changes are thoughtfully and effectively realized in this fast-paced project.

 

Electrical Distribution Systems.  At this stage of design, it appears that the design philosophy being applied to the normal and emergency power distribution systems is sound.  Several specific areas were noted, however, that may warrant increased attention as the design progresses.  These areas are detailed below.

 

Functional Classification of Support Systems―The staff noted an example of a safety-design-class (SDC) ITS system being supported by equipment whose functional classification is currently listed as general service.  In the HLW and LAW facilities, the ambient thermal environment in which SDC uninterruptible power supply (UPS) systems operate is controlled by non-ITS heating, ventilation, and cooling (HVAC) systems.  If the non-ITS HVAC systems were to fail, temperature conditions in the UPS rooms could drift outside the ranges specified for proper operation, potentially rendering the UPS systems incapable of performing their credited safety functions.  BNI personnel had identified this potential deficiency independent of input from the Board’s staff, and are currently evaluating a functional reclassification of the HVAC systems planned for use in the HLW and LAW UPS rooms.

 

Identification of Risk-Reduction―Class Structure, Systems, and Components-The Safety Requirements Document (SRD), in Section 1.0-8, establishes a unique classification of Structures, Systems and Components (SSC) called Risk Reduction Class (RRC).  These RRC SSCs are defined as those SSCs which are ITS but do not meet the criteria that would necessitate an SDC or safety-design significant (SDS) designation.  The Board’s staff identified two SSCs-the lightning protection system and standby diesel generators-that are currently categorized as non-ITS despite performing functions that appear to fit the SRD definition of RRC.

 

The uncontrolled propagation of lightning energy through structures can adversely impact safety in a variety of ways.  Lightning-induced voltage surges can damage unprotected equipment, and even surge-suppressed systems can be rendered unavailable by overvoltage tripping.  Uncontrolled lightning energy also serves as an initiating event for fires and explosive arcing and can pose serious electrical hazards to workers.  Lightning protection systems provide convenient attachment points for lightning strikes and a low-impedance path to ground that guides lightning current away from the building interior.  By providing a means for controlling the energy (including its path and dissipation media) associated with a lightning strike, an effectively installed and maintained lightning protection system can reduce challenges to SDC and SDS SSCs, in addition to reducing or eliminating fire and electrical hazards associated with lightning.  Consequently, it appears that the function of the lightning protection system is appropriate for RRC classification.

 

The offgas system for the LAW melter is an SDC SSC credited for maintaining a continuous flow path from the melter to the exhaust stack.  This system prevents exposure of facility workers to oxides of nitrogen generated during the vitrification process.  Should a loss of offsite power occur, each of the melter offgas exhausters is backed up by an SDC UPS unit with the capacity to power the equipment for only a finite amount of time.  While this arrangement appears adequate, the Preliminary Safety Analysis Report (PSAR) for the LAW Facility states the following:

 

If offsite power is lost, the UPS will supply the exhausters for [a matter of seconds] (until the standby diesel generators are available and loaded).  Only after a loss of the standby diesel generators would there be a significant draw on the UPS. . . .

 

The standby diesel generators referenced above are provided for asset protection purposes and are currently classified as non-ITS SSCs.  However, the PSAR for the LAW Facility explicitly cites the standby emergency generators as SSCs that directly minimize challenges to the SDC UPS systems.  The Board’s staff believes that in this context, the function of the standby diesel generators meets the SRD definition of ITS and is appropriate for RRC classification.

 

BNI representatives stated they will evaluate both the lightning protection system and the standby diesel generators for possible reclassification as RRC.

 

Radiation-Related Cable Degradation―Electrical cables employed in nuclear facilities can suffer serious operational degradation as a result of prolonged exposure to radiation.  The current WTP design calls for the use of modular cable sections in high-radiation areas in the HLW and Pretreatment facilities.  These modular sections, known as jumpers, facilitate easy disconnection and replacement of cable prone to radiation damage without the need to remove and replace cables that remain undamaged by virtue of increased shielding or distance from radioactive sources.  This approach has proven efficient and effective in other Hanford facilities.  However, BNI representatives could not provide any analysis or identify any standards or criteria that will be used in determining the allowable cable lifetime as a function of the anticipated radiation environments in the HLW and Pretreatment facilities.  To help ensure the ability of SDC and SDS cabling to perform adequately throughout its installed lifetime, the Board’s staff suggested employing cable qualification principles found in Institute of Electrical and Electronics Engineers (IEEE) Standard 383, IEEE Standard or Type Test of Class ZE Electric Cables, Field Splices, and Connections for Nuclear Power Generating Stations, a consensus industry standard that contains requirements for safety-related cables installed in nuclear environments.  Application of these principles would serve to establish a defensible cable lifetime limitation to be used in the eventual WTP high-radiation cable replacement regime.

 

Sizing Margins for Emergency Diesel Generators―Sizing of emergency diesel generators is an iterative process that will culminate in July 2003, when the generators are slated for procurement.  A nominal 25 percent spare capacity is to be built into the ultimate procurement specification, of which 10 percent will be dedicated to load growth, 10 percent to uncertainty, and 5 percent to normal electrical losses.  At this stage of the design, with significant load changes (stemming from the emergency load train and melter rearrangements discussed above) expected in the near future, the magnitude of the total load that will have to be supplied by the emergency diesel generators is uncertain.  The Board’s staff is concerned that if major design changes are made subsequent to diesel generator procurement, significantly more than 10 percent of the overall margin could be used to accommodate short-term load additions, thereby leaving inadequate spare margins for uncertainty and electrical losses.

 

Instrumentation and Control Systems.  The following concerns were noted by the Board’s staff with regard to ITS I&C systems.

 

Important-to-Safety Digital Controls―The staff began its review of the control system used to initiate safety-related automatic protective actions.  This system, called the programmable protection system (PPS), will be designed to meet all ITS automated control responses.  In conducting its review, the staff found that the design standard currently identified for the PPS would allow higher failure rates than are currently found in similar nuclear applications.  At this time, the PPS hardware has not yet been procured, and the actual system performance could well exceed the minimum cited in the current design standard.  The staff will review the PPS specification once a procurement decision has been made to evaluate the adequacy of the system reliability.

 

High-Level Waste Melter and Offgas Systems―The staff reviewed the status of the HLW melter and offgas systems, which are designated as SDS because they are the primary boundary for confinement of hazardous material, and they are the second physical barrier for severity level-l and -2 events.  The staff determined that the melter and offgas system models had not been exercised with anticipated system pressure surges in combination with single failures, such as an exhaust fan stopping or an exhaust valve closing.  The contractor stated that additional analysis was planned, with an expected completion date of October 2003, to verify the adequacy of the design under all anticipated conditions.  The Board’s staff intends to review the results when they are available.