February 14, 2005
The Honorable Samuel W. Bodman
Secretary of Energy
1000 Independence Avenue, SW
Washington, DC 20585-1000
Dear Secretary Bodman:
The Defense Nuclear Facilities Safety Board (Board) issued Recommendation 2004-1, Oversight of Complex, High-Hazard Nuclear Operations, on May 21, 2004. In the Department of Energy’s (DOE) acceptance letter of July 21, 2004, DOE emphasized its commitment to safety and agreed that the Columbia accident and Davis-Besse incident provided valuable lessons from which DOE could learn. The lessons learned from these events were to be key inputs in developing DOE’S Implementation Plan for the Recommendation.
The Board received Secretary Abraham’s letter dated December 23, 2004, enclosing DOE’s Implementation Plan for Recommendation 2004-1 and reviewed the plan in the context of the Board’s Policy Statement 1, Criteria for Judging the Adequacy of DOE Responses and Implementation Plans for [Board] Recommendations, and the requirements of the specific subrecommendations. While the plan presents several concepts that will prove key to successful implementation of the Recommendation, the descriptions of how these concepts will be put into action lack the detail necessary to determine whether they will be responsive to the issues they are intended to address. Therefore, the Board is unable to accept the proposed Implementation Plan.
The Board is particularly concerned about the lack of progress in defining the structure of and the functions, responsibilities, and authorities assigned to the Central Technical Authorities. The Board intended for these authorities to bring a higher level of awareness of site conditions to headquarters decision makers, and for mechanisms to enforce required actions to be strong and clearly delineated. This intent has not been realized. As described, the structure and the functions, responsibilities, and authorities of the Central Technical Authorities are not capable of preventing DOE from committing the type of errors that led to the Columbia accident. The Board is also concerned that the nuclear safety research and development function is not adequately defined, and the mechanisms through which the results of safety research will be utilized are not specified. DOE needs to establish a sustainable capability that will maintain and advance the scientific and engineering understanding of nuclear safety.
Recommendation 2004-1 presents DOE with the opportunity to manage its high-consequence operations successfully and to reduce the likelihood of a nuclear accident. DOE should seize this opportunity and develop an approach that will be sustainable beyond the current leadership and become a cornerstone of its safety culture. Further, this change will require the full-time attention of a responsible manager with vision, expertise, will, and authority, selected specifically for and assigned solely to keeping this significant organizational change on course. This manager should have ready access to the Secretary and the Deputy Secretary, and operate with the fully stated support of these offices in directing all subordinate organizations through the completion of the Implementation Plan. The goals of this plan can only be achieved with high-level support. Further, it must be clear that the role of the responsible manager in no way reduces the accountability of the highest levels of the line organizations, including the Central Technical Authorities, for ensuring timely completion of the requirements imposed by this plan.
Specific suggestions focused on the subrecommendations to Recommendation 2004-1 are provided in the enclosure to this letter to assist you in strengthening the Implementation Plan. The Board looks forward to working with you to achieve an acceptable Implementation Plan and to DOE’s execution of that plan as expeditiously as possible.
John T. Conway
c: The Honorable Linton Brooks
The Honorable David K. Garman
The Honorable John S. Shaw
The Honorable Jerald S. Paul
Mr. Mark B. Whitaker, Jr.
Comments on the U.S. Department of Energy’s
Implementation Plan to Improve Oversight of Nuclear Operations
1.a. That delegation of authority for nuclear safety matters to field offices and contractors be contingent upon the development and application of criteria and implementing mechanisms to ensure that... oversight responsibility includes the capability for examining, assessing, and auditing by all levels of the Department of Energy (DOE) organization.
The issue, basis, and resolution approach provided in the Implementation Plan to address this subrecommendation appear to be adequate. As noted in the Board’s letter of December 22, 2004, however, DOE Policy 226.1, DOE Oversight Policy, will be a key instrument in implementing the changes described in this section of the plan. Therefore, development and publication of this policy should be a deliverable in the plan, and the policy should be delivered with or before the associated DOE Order 226.1 (committed for delivery in April 2005).
The schedule for delivery of the supporting DOE Manual 226.1, DOE Safety Oversight Manual (promised for June 2006) is protracted, especially given that the associated Criteria, Review, and Approach Documents (CRAD) are promised for June 2005. If at all possible, DOE should strive to publish the manual within 6 months of development of the CRADs. DOE should also clearly commit to addressing all phases of facility life in this manual―design, construction, operation, and decommissioning. Deliverables to the Board should include a draft outline and a prepublication version of the document.
The CRADs themselves appear to be defined as a field review tool. An important root cause of failure identified in the Columbia Accident Investigation Board Report is the lack of senior management (headquarters) awareness of issues and activities in the field. To address this fact, a set of CRADs focused specifically on a review of headquarters offices that can affect field operations (e.g., program secretarial offices) should be developed.
Overall, the Implementation Plan should be clear that developing and issuing the documentation associated with this subrecommendation will not be allowed to delay action on other key characteristics of the plan in such areas as headquarters operational awareness, technical capacity, and nuclear safety research and development.
1.b. That delegation of authority for nuclear safety matters to field offices and contractors be contingent upon the development and application of criteria and implementing mechanisms to ensure that...the technical capability and appropriate experience for effective safety oversight is in place.
Section 5.1.4 of the Implementation Plan addresses the development of a delegation process. However, technical capability is addressed separately, in Section 5.1.5. It is not clear that the actions contemplated in Section 5.1.5 are clearly tied to those developed in Section 5.1.4, or even in Section 5.1.2 with regard to oversight in general. For example, there should be a commitment to develop criteria and implementing mechanisms to ensure that the requisite technical capability and appropriate expertise are present in a field office before headquarters delegates a specific authority with respect to nuclear safety. There should be commitments directed at developing and implementing compensatory measures for offices found to be deficient. DOE should also include commitments dedicating long-term resources to sustain any progress made in this area. Overall, the sense of urgency in this area should be raised to a level commensurate with that indicated in the Recommendation through a focus on strong, immediate actions instead of further studies and reviews.
The National Nuclear Security Administration’s (NNSA) formal review of the Columbia Accident Investigation Board Report (the Haeckel Report) generated specific recommendations regarding the urgent need to strengthen DOE’s Technical Qualification Program. These specific actions should be addressed either here or in the section responding to the Columbia and Davis-Besse incidents. The current data on participation in the Technical Qualification Program at the headquarters level is indicative of the depth of the issue facing DOE: approximately 70 of 250 NNSA and 10 of 330 Environmental Management headquarters personnel are enrolled in the program. DOE is a technical organization with significant responsibilities for the operation of high-hazard nuclear operations. Therefore, aggressive actions to remediate this situation should also be described in the Implementation Plan. Additionally, the plan should clearly commit the Office of Environment, Safety and Health (EH) and the offices reporting to the Undersecretary of Energy, Science, and Environment (ESE) to evaluate their programs for strengthening technical qualifications in ways that may be indicated by these aspects of the Columbia or Davis-Besse incidents.
1.c. That delegation of authority for nuclear safety matters to field offices and contractors be contingent upon the development and application of criteria and implementing mechanisms to ensure that...corrective action plans consistent with recommendations resulting from internal DOE and NNSA reviews of the Columbia accident and the Davis-Besse incident are issued.
The Implementation Plan addresses this subrecommendation in Section 5.2. However, there must be more urgency in the actions presented. The Columbia accident occurred in February 2003; the Columbia Accident Investigation Board produced its report in August 2003. NNSA conducted a formal review of the investigation through February 2004 (the Haeckel Report). In testimony to the Board on October 21, 2003, the Deputy Secretary of Energy stated that the Secretary had directed all headquarters and senior field managers to review the Columbia investigation report and take necessary actions based on lessons learned. Therefore, the resolution approach should involve more than simply initiating the review effort. The Implementation Plan commits to only one deliverable-developing a corrective action plan by May 2005. There should be additional commitments related to immediate implementation of corrective actions to address items already identified, such as those contained in the Haeckel Report or the Columbia Accident Investigation Board Report itself. (One example of such a corrective action would be establishing a formal, standardized process for disposition of minority opinions. The Haeckel Report concluded that stressing the importance of valuing negative information, as well as positive information, was a key need within NNSA, so the Implementation Plan should commit to moving forward with such a process.)
The corrective actions required of DOE and NNSA as a result of these lessons learned are likely to be profound and difficult to administer. However, the Implementation Plan states that the identified corrective actions will be managed through DOE’s Corrective Action Tracking System. To ensure success, the Implementation Plan should place responsibility for assurance of implementation of these corrective actions with the Central Technical Authorities for NNSA and ESE. Further, the Implementation Plan should include a commitment to complete the identified corrective actions and to verify the effectiveness of those actions.
Section 5.2.2 does commit to developing an enhanced Operating Experience Program based on the model used by the Institute of Nuclear Power Operations. However, the mechanisms to be used to drive corrective actions must be more clearly delineated, with enough detail to make the ultimate course of action apparent.
2.a. That to ensure that any features of the proposed changes will not increase the likelihood of a low-probability, high-consequence nuclear accident, DOE and NNSA take steps to...empower a central and technically competent authority responsible for operational and nuclear safety goals, expectations, requirements, standards, directives, and waivers.
The structure chosen by DOE to implement this subrecommendation is defined as encompassing two Central Technical Authorities. However, the proposed structure really consists of three Central Technical Authorities: with responsibility for defining requirements, standards, directives, and some waivers being retained within EH, EH-1 is a de facto Central Technical Authority. The three Central Technical Authorities also differ in their apparent roles, since the two in NNSA and ESE are in the line organization, while the one in EH is not. Beyond the decision to establish the Central Technical Authorities, few details regarding roles, responsibilities, authorities, staffing, and operating mechanisms are provided; many of the concepts that are provided would be detrimental to the success of the enterprise. For example, the core nuclear safety functions assigned to the Central Technical Authorities reduce them to providing input, improving processes (ownership unknown), and maintaining availability of expertise. This must be corrected. If the Central Technical Authorities are to be effective, their roles, responsibilities, and authorities must be defined in a clear, simple, and unambiguous manner. Lack of a clear structure for the three Central Technical Authorities will lead to confusion, failures of responsibility and accountability, and the subsequent atrophy of this key role.
The support staff for the Central Technical Authorities is only weakly defined for NNSA.
As it stands, the staff size contemplated within the Implementation Plan (presumably half of the 15-20 staff allotted to the entire department) will be inadequate once the roles, responsibilities, and authorities have been adjusted to the proper scope. The Central Technical Authority within ESE must have dedicated staff support and not be required to borrow staff from an Assistant Secretary (EH) who reports above him in the chain of command. Once EH’s roles, responsibilities, and authorities as a de facto Central Technical Authority have been defined, the portions of the EH staff to be dedicated to this function must also be identified.
Until the complete list of roles, responsibilities, and authorities to be assigned to these offices has been compiled and analyzed to determine the optimum mix of skills and technical capabilities, DOE should be able to identify the minimum set of functional areas that will be required under any conditions and begin allocating positions and searching for candidates to fill them. Based on the Board’s experience, identifying and hiring the level of technical talent required for these staffs will be an intensive, time-consuming task. DOE must not delay initiating this hiring effort and must take steps to sustain it for the long term.
Overall, this section of the Implementation Plan must address more clearly the three roles that DOE must fill: customer, owner, and self-governor for nuclear safety. It does not appear that the third role is well understood. In particular, the Implementation Plan does not outline a vision for a clear separation between DOE as the customer/owner and DOE as the self-governor responsible for ensuring that safety requirements are met. It is this separation that is key to the safety of the enterprise, and a commitment to clarify and further differentiate these roles, responsibilities, and authorities should be included in the Implementation Plan. Further discussion of this subject can be found in Section 8.2 of the Board’s technical report DNFSB/Tech-35, Safety Management of Complex, High-Hazard Organizations.
Based on the structure proposed in the Implementation Plan, it appears that DOE intends to parse the duties of the Central Technical Authorities among the three proposed entities: the one in EH will be responsible for establishing the rules and requirements, while the two in NNSA and ESE will be responsible for establishing nuclear safety goals, expectations and waivers. This separation of functions must be made much clearer, and the roles, responsibilities, and authorities assigned to each Central Technical Authority in the Implementation Plan must be carefully defined.
The ability of the Central Technical Authorities to force action must also be strengthened.
Given the proposed structure, it is not clear that the Central Technical Authorities have authority related to such key areas as direction and budget for nuclear safety research and development, start-up of high-consequence operations, corrective actions resulting from lessons learned, and even unfettered access to sites and nuclear facilities.
The resolution approach set forth in Section 5.1.1 of the Implementation Plan correctly portrays many of the decisions that must be made to institutionalize the roles of the Central Technical Authorities, but the results of these decisions must be presented if the Board is to judge the adequacy of the proposed path forward for institutionalizing those roles. The Deputy Secretary of Energy, in a memorandum dated December 17, 2004, established the positions of the Central Technical Authorities in NNSA and ESE, appointed two individuals to fill the positions, and tasked them to work with EH to develop a path forward. The joint recommendations developed in response (Brooks/Garman/Shaw memorandum dated January 12, 2005) do not provide sufficient detail to aid the Board’s evaluation. Further, the role of the Central Technical Authority as described in the January memorandum does not encompass the scope envisioned by the Board.
Section 5.1.1 of the Implementation Plan should also discuss instituting technical qualification requirements for the Central Technical Authorities; Section 5.1.5 would be another appropriate place in which to address these requirements. Institutionalizing these requirements will be necessary to sustain the organizational change envisioned by the Board.
2.b. That to ensure that any features of the proposed changes will not increase the likelihood of a low-probability, high-consequence nuclear accident, DOE and NNSA take steps to...ensure the continued integration and support of research, analysis, and testing in nuclear safety technologies.
Section 5.1.3 of the Implementation Plan addresses research but not analysis and testing.
The framework provided involves (1) assessing safety research needs, taking into account the safety research being conducted by other government agencies and industry; (2) prioritizing those needs identified; (3) integrating both the prioritized needs and the safety research already occurring across the complex; and (4) managing the resulting prioritized research program. This approach falls short of adequately addressing the issues involved.
For example, the Implementation Plan speaks to preserving key safety research needs but does not address actions to be taken on the four elements of the proposed framework noted above. The detailed actions to be taken to achieve these elements must be described in the Implementation Plan. DOE should commit to establishing a formal office to run this program and describe the means by which such an office would continually assess priority safety research needs. The range of matters that would be expected to fall within the purview of this office, such as site-specific safety issues, new information needed to develop new or modify existing technical standards and requirements, and improved methodologies for assessing the effectiveness of oversight programs, should be identified. The safety research office would support nuclear weapon activities, nuclear energy programs, nuclear materials activities, and nuclear waste programs. However, it must be clear that research and development efforts directed and funded through DOE'S program offices should continue to focus on real-time safety issues affecting mission-specific needs. The decision-making body for the safety research program should include or have a well-defined relationship with the Central Technical Authorities. This arrangement should be described in the Implementation Plan. The Implementation Plan should describe the mechanisms through which the results of safety research will be utilized within the complex to improve safety. Additionally, the milestones provided in Section 5.1.3 of the Implementation Plan should identify specific examples that would demonstrate success for this newly established program, as opposed to the broad administrative arrangements shown at present.
2.c. That to ensure that any features of the proposed changes will not increase the likelihood of a low-probability, high-consequence nuclear accident, DOE and NNSA take steps to...require that the principles of Integrated Safety Management (ISM) serve as the foundation of the implementing mechanisms at the site.
Section 5.3 of the Implementation Plan closely focuses on activity-level work planning and the feedback and improvement functional area. While this focus is laudable, it does not ensure that ISM will be revitalized as the foundation for safety across the complex. The principles of ISM should be clearly visible in each section of this Implementation Plan. The Secretary of Energy, the Undersecretaries, and the Deputy Secretary are assigned responsibilities in this section. Leadership at that level is exactly what is required to drive improvement in ISM. However, the actions assigned should be much broader in scope and designed to lead the entire organization to a greater understanding and implementation of the principles of ISM at all levels. As a minimal first step in this area, DOE should take action to address expeditiously those issues raised by previous ISM assessments and reviews.
Lower-tier actions, such as those described in Sections 5.3.1, 5.3.2, and 5.3.3 of the Implementation Plan, will require dedicated attention from the Central Technical Authorities in NNSA and ESE to be successful. This should be specified in the Implementation Plan. The plan should also emphasize the process contemplated to follow up on feedback and lessons learned and force actions to address identified issues.
3. That direct and unbroken line of roles and responsibilities for the safety of nuclear operations―from the Secretary of Energy and the NNSA Administrator to field offices and sites―be insured according to appropriate Functions, Responsibilities, and Authorities documents and Quality Assurance Implementation Plans.
The Implementation Plan indicates that most of DOE’s actions to address this subrecommendation are delineated in Section 5.1.4. However, the issue, basis, and resolution approaches in this section are clearly restricted to delegations of authority from headquarters to the field offices. The Implementation Plan should include actions focused on assignments of roles, responsibilities, and authorities that are not to be delegated. Some roles, responsibilities, and authorities should not be levied upon or delegated to the field, but should be retained at the headquarters level. The Implementation Plan should address identifying these roles, responsibilities, and authorities and ensuring their assignment at the headquarters or field level, as determined to be appropriate.
4. That prior to final delegation of authority and responsibility for defense nuclear safety matters to the field offices and contractors, DOE and NNSA Program Secretarial Officers provide a report to the Secretary of Energy describing the results of actions taken in conformance with the above recommendations.
The Implementation Plan addresses this subrecommendation in Section 5.3.4. No issue, basis, or resolution approach is provided. The Implementation Plan should be modified to include these elements. The Implementation Plan commits to delivering two ISM verifications plus a schedule for follow-on reviews. However, ISM verification reviews that have been conducted to date across the complex would not satisfy the requirements of this subrecommendation. Further, the delivery schedule-two reviews by July 2006, with a schedule that continues onward from that time-would not meet the requirement to complete the actions prior to final delegations of authority.
Section 5.1.4 of the Implementation Plan, Commitment 13, could be crafted to satisfy this subrecommendation, but the scope of the commitment is currently-limited to delegations of authority from headquarters to field offices and does not address the breadth of actions required to respond to subrecommendations 1 through 4. Further, Commitment 13 is not commissioned by the Program Secretarial Officers in DOE and NNSA.
Section 5.1.6 of the Implementation Plan also might be structured to satisfy this subrecommendation. However, this section currently does not include an issue, basis, resolution approach, or milestone/deliverable.
Reporting (discussed in Section 6.2 of the Implementation Plan).
The Implementation Plan commits to triannual briefings to the Board. This proposed schedule does not promote development of a public record of DOE’s and NNSA’s actions on this Recommendation. At a minimum, the proposed briefings should be supplemented by development of an annual report.
Leadership (discussed in Section 6.0 of the Implementation Plan)
The objective of this Implementation Plan is to develop an organizational structure, and deploy human resources within DOE in a manner more closely aligned with the attributes of organizations successfully performing complex, high-hazard operations. Such a major undertaking will require the full-time attention of a responsible manager with vision, expertise, will, and authority, selected specifically for and assigned solely to implementing this plan. The Implementation Plan must provide for such an assignment at the Secretarial level to be effective.
This manager should have ready access to the Secretary and the Deputy Secretary, and operate with the fully stated support of these offices in directing all subordinate organizations through the completion of the Implementation Plan. The goals of this plan cannot be achieved with lesser support. Further, it must be clear that the role of the responsible manager in no way reduces the accountability of the highest levels of the line organizations, including the Central Technical Authorities, for ensuring timely completion of the requirements imposed by this plan.