Tuesday, May 3, 2016

Nuclear Safety Culture is Improving at the Waste Isolation Pilot Plant—Maybe

The WIPP
On Feb. 14, 2014, a drum containing radioactive waste exploded at the Department of Energy (DOE) Waste Isolation Pilot Plant (WIPP) resulting in the release of americium and plutonium into the environment.  In our May 3, 2014 review of the DOE’s phase 1 accident report, a weak safety culture (SC) was deemed a significant contributing factor to the incident.  The plant has yet to resume normal operations.

Over the last two years, DOE and Nuclear Waste Partnership (NWP, the prime contractor) have made efforts to strengthen the SC at the WIPP.  Following are two data points we can use to infer how much progress they’ve made.

Incentive Payment to NWP

In FY2015 NWP earned a performance fee* based on both objective and subjective criteria.  Overall, NWP received 85.7% of the total potential fee ($11,714K out of $13,665K.)
 
The objective portion comprised 75% of the total potential fee and NWP was awarded 89.7% of that amount ($9,194K).  Only one objective criterion appears related to SC, viz., “reducing preventive and corrective maintenance backlogs” and NWP received the full fee possible, $550K out of $550K.

The subjective portion comprised 25% of the total potential fee and NWP was awarded 73.7% of that amount ($2,520K).  There is more information about SC in this portion of the award fee determination document.  DOE said NWP’s performance on improving its safety programs reflected “a maturing nuclear safety culture with continuous improvements.”  However, there were signs of SC weakness in the Areas for Improvement including “The contractor did not provide sufficient objective evidence of closure of all of the corrective actions it submitted as complete in FY2015”; “The small number of self-assessments by the contractor in FY2015 was inadequate to measure performance” and “Recent improvements in the nuclear safety culture are slowly being realized in the safe execution of work . . .”

DNFSB Critique of WIPP's Upgraded Documented Safety Analysis 


A recent Defense Nuclear Facilities Safety Board (DNFSB) staff report** reviews the WIPP Documented Safety Analysis (DSA) currently being updated by NWP under the oversight of DOE.  The DNFSB report identifies one significant issue for DOE management attention, summarized below:

The Feb. 2014 explosion occurred because Los Alamos National Laboratory (LANL) shipped ignitable waste to WIPP even though the existing Waste Acceptance Criteria (WAC) prohibited such action.  Currently, other LANL-generated drums containing potentially ignitable waste are securely stored at WIPP.

The draft DSA does not analyze the possibility that some similar accident could occur involving a container arriving at WIPP in the future.  Instead, DOE and NWP argue that improvements to the WIPP WAC and/or WAC compliance program will reliably prevent problems in future waste receipts.  In other words, something that happened before will not happen again because WIPP will be watching for it.  For this approach to work, WAC compliance by the waste generators and WIPP inspectors must be completely effective and 100% reliable.  DNFSB recommends that DOE and NWP management “explore defense-in-depth measures that enhance WIPP’s capability to detect and respond to problems caused by unexpected failures in the WAC compliance program.”

Our Perspective

The performance fee awards indicate that NWP needs to keep working to strengthen its SC to an acceptable level.

The DSA issue is more troublesome.  What kind of effective SC would blow off (pun intended) its responsibility to consider the possibility of recurrence of exactly the kind of problem that occurred before and caused the WIPP to be shut down for over two years?  We criticize other organizations for over-analyzing the specifics of individual accidents while ignoring other possibilities, especially systemic issues, but in this case, NWP and DOE are not even reaching the lowest perceptible bar of repeat incident prevention.

We’ll give the DNFSB points for raising the DSA issue but take away some points because they didn’t make a straightforward recommendation that NWP and DOE complete a more thorough analysis of the specific hazard of another drum of prohibited waste slipping through the system and into the underground.

At best, we can say the SC at the WIPP is incrementally improved.  DOE has always taken a half-hearted approach to SC and their lack of commitment is visible here.


*  T. Shrader (DOE) to P. Breidenbach (NWP), "Contract DE-EM0001971 Nuclear Waste Partnership LLC - Award Fee Determination for the Period October 1, 2014 through September 30, 2015, and FY2015 Fee Determination Scorecard for Total Earned Award Fee and Performance Based Incentives" (April 12, 2016).

**  J.L. Connery (DNFSB) to E.J. Moniz (DOE), letter with DNFSB Staff Issue Report “Waste Isolation Pilot Plant Documented Safety Analysis” dated Jan. 13, 2016 attached (Mar. 28, 2016).

2 comments:

  1. • Known or Knowable Hazard/ Vulnerability

    An inescapable fact is that the competent investigation of every harmful event reveals that the causation of the harm includes the ignorance, denial, discounting, and/or other mismanagement of one or more known or knowable hazards/ vulnerabilities. Often these vulnerabilities are thoroughly, but ineffectively discussed, argued, debated, and otherwise addressed by incompetent and/or intimidated engineers, scientists, and quality professionals.

    There are usually many non-harmful instances of competent and/or lucky organizations that abide the same vulnerabilities successfully and whose success is never compared to the respective failure situations.

    Observation: Many bridge collapses involve the failure of insufficiently redundant structural elements that were non-transparent. These include the Silver Bridge, the Mianus River Bridge, and the I-35W Bridge.

    Observation: The Flint, Michigan Water Fiasco involved lead in pipes and leaching of pipe material constituents by inadequately treated water.

    Observation: The Duodenoscope Infections and Cover-up involved known pathogens and hard-to-clean poorly designed mechanical joints.

    Observation: The Volkswagen Dieselgate cheating scandal involved known diesel pollutants and deceivable regulatory requirements.

    Observation: The Davis-Besse 2002 Near Miss involved known pure water stress corrosion cracking (PWSCC) and the vulnerability of carbon steel to boric acid corrosion.

    Caution: The existence of a fundamental vulnerability resulted from deeper harmful underlying conditions, behaviors, actions, and/or inactions and thus is usually not a “root cause.”

    ReplyDelete
  2. Lew,

    I would like to suggest that the entire WIPP shutdown and the untabulated opportunity cost contain an important lesson regarding the difference between risk-management of a power reactor (concentric defense in depth) and a distributed source such as the TRU Waste program with originating sites spread all over the county.

    Basically, we know from the low level was program that there is an accountability handoff that occurs at the disposal site and there is only so much that the disposal site operator can do to provide defense in depth to the reps and certs that come with the package. Hence the importance of the WAC and the necessity that QC and QA occur mostly at the site of packing. In the case of the WIPP WAC the DOE used a lot of lessons learned in building the national TRU waste disposal program so as to reduce the potential for non-conforming drums to a version of ALARP (practicable) precisely because there is no way to have the site DSA encompass the risk of a material substitution error such as Los Alamos made going undetected for many drums being sequestered before one pops off. The DSA can cover the anticipated consequences of a drum explosion, but only with some non-specific margin of error (similar to bridge design).

    It has been a recurring defect (in my view) of DNFSB Staff thinking about safety analyses that it should be possible to apply reactor style series containment to flow through ventilation systems designed for confinement with filtration.

    In the case of the WIPP instance there has been far too much corrective action getting in the way of restoring waste flow to WIPP. The out of repository consequences fell within the limits of the existing DSA, the event was promptly detected and reasonable investigation conducted promptly. The choice about further risk reduction by removing all the inplace LANL drums was a no-brainer in my view - but that's not the path DOE chose, and my surmise is that DNFSB looking over their shoulder with the wrong protection strategy owns a big part of the complex wide risk ripple of the past several years of delay.

    ReplyDelete

Thanks for your comment. We read them all. We'd like to display them under their respective posts on our main page but that's not how Blogger works.