05000260/LER-2003-004

From kanterella
Jump to navigation Jump to search
LER-2003-004, Cable Separations Design Error Related to Appendix R requirements
Browns Ferry Nuclear Plant Units 2 And 3
Event date: 07-07-2003
Report date: 09-05-2003
Reporting criterion: 10 CFR 50.73(a)(2)(v), Loss of Safety Function
10 CFR 50.73(a)(2)(ii)(B), Unanalyzed Condition
2602003004R00 - NRC Website
v  d  e

I. PLANT CONDITIONS) At the time of the condition's discovery, Unit 2 and Unit 3 were in Mode 1 at 100 percent reactor power (approximately 3458 megawatts thermal). Unit 1 was shutdown and defueled, and therefore it was not affected by this condition.

II. DESCRIPTION OF EVENT

A. Event:

During review and validation of Appendix R-related calculations associated with the restart of BFN Unit 1, it was noted that some associated circuits of certain 4 kV electrical distribution boards and loads were not adequately evaluated in the Unit 2 and Unit 3 calculations. This condition was entered into the corrective action program, and an impact evaluation was undertaken. On July 7, 2003, it was determined that electrical cable routing associated with the Unit 2 and Unit 3 recirculation pump boards was not in compliance with Appendix R requirements. At that time, an Appendix R limiting condition for operation (LCO) was entered, and roving fire watches were established in accordance with the BFN Fire Protection Program.

As physically configured, control power cables which affect power circuit breaker control are routed within 20 feet of the power cables being fed by these same breakers. The plant loads affected are the Unit 2 variable frequency drives (VFDs) and the Unit 3 recirculation motor-generator (MG) sets which provide power to drive the reactor recirculation pumps. As a result of this cable routing, fires in certain zones of the BFN plant could result in electrical faults on power cables which could not be de- energized by automatic breaker operation. Such faults could result in cable insulation fires being initiated in fire areas other than the area where the original fire occurred, thus creating an associated circuit of concern.

Because this design error resulted in the plant being in an unanalyzed condition that significantly degraded plant safety, it is reportable in accordance with 10 CFR 50.73 (a) (2) 0i) (B).

B. Inoperable Structures. Components. or Systems that Contributed to the Event; None C. Dates and Approximate Times of Major Occurrences:

July 7, 2003 � 1500 hours0.0174 days <br />0.417 hours <br />0.00248 weeks <br />5.7075e-4 months <br /> CST Operations was notified that an Appendix R analysis error existed which affected Unit 2 and Unit 3. Roving fire watches were established in accordance with Fire Protection Report requirements

D. Other Systems or Secondary Functions Affected

None

E. Method of Discovery

Design basis calculations and design configurations common to all three BFN units were being reviewed as part of the Unit 1 restart activities. During a review of Appendix R related design documents, this error was identified.

F. Operator Actions

No specific operator response was required for this design deficiency. Appropriate Appendix R limiting conditions for operation were entered as required by the BFN Fire Protection Report, and fire watches were established as compensatory measures.

G. Safety System Responses

The nature of this event was such that no safety-system responses were required.

W. CAUSE OF THE EVENT

A. Immediate Cause

The immediate cause of the plant being in an unanalyzed condition was an error in Appendix R analysis.

B. Root Cause

The event apparent cause was a lack of attention to detail when the subject calculations were performed prior to the restarts of Unit 2 (1991) and Unit 3 (1995). The common vulnerabilities to damage from a single fire of the control and power circuits for the recirculation pump drives (VFDs on Unit 2 and MG sets on Unit 3) was not properly evaluated when the Appendix R calculations were originally performed.

C. Contributing Factors

None

  • MMMMMMM
  • — ..... ....... . ..... .....

4160 VAC power cables Local Control panel A Local Control panel B VFD 2A (MG 3A) VFD 25 (MG 35)

  • .= 250 VDC control power cables ...... . .....

Cable separation less than 20 feet Out to recirc bumps

IV. ANALYSIS OF THE EVENT

It was identified that the control power cables associated with the recirculation pump breakers and the power cables from these breakers to the recirculation pump drives (VFDs on Unit 2 and MG sets on Unit 3) are routed such that a single fire event could potentially damage both types of cabling. Should the control power cables be damaged in such an event, it would then be impossible to remotely operate the recirculation pump drive breakers. Given the current cable routing, it is also possible that the same fire could subsequently damage the recirculation pump drive power cables. With the control power already hypothetically failed by the fire, the recirculation pump drive breakers would not automatically trip to isolate such a fault on the power cables. Under such circumstances, high fault currents could flow uninterrupted along the cable's entire length. As a result, the cable insulation could ignite in other fire areas along the cable run. A fire in a reactor building fire zone could therefore spread to another reactor building fire zone or to a control building fire zone via this propagation mechanism. See the sketch below:

Turbine Building Control Building Reactor Building Following identification of the vulnerability, roving fire watches were established to enhance the fire detection capability already in place. The fire watch presence improves the probability that any fire which might start would be rapidly identified, and the probability of its quick suppression maximized. Existing fire protection program attributes make the initiation probability of a fire in the plant small.

V. ASSESSMENT OF SAFETY CONSEQUENCES

While the condition being reported herein could hypothetically occur, it requires a series of low probability events to occur in a specific order. These events are listed here:

  • A fire of unspecified origin must begin in the reactor building in the vicinity of the recirculation pump drive power and control power cables. While it is possible for a such fire to occur, the plant design, operating practices, and the BFN fire protection program all contribute to making the probability of such a fire low.
  • Given that a fire has been started in the vicinity of the related electrical cables, the fire must become sufficiently severe to damage the cables. Existing fire detection and suppression equipment would operate to minimize this possibility.
  • Damage to these electrical cables must occur in the proper sequence. Damage to both power and control cables must occur, and the control power cable damage must occur first. The DC control power circuit is normally ungrounded, so the fire must damage both the positive and negative conductors such that they are shorted to one another or both are shorted to ground. A single conductor shorting to ground would not fail the circuit. If the control power cables remain intact when the drive power cables sustain damage, proper electrical isolation of the faulted cables would occur per plant design. Also, damage to the control power cables alone would not cause any fire propagation, since these cables are protected by fuses which would isolate any fault currents, thus preventing upstream cable insulation overheating.
  • Once the cable damage has occurred in the necessary sequence, uninterrupted fault current of a magnitude sufficient to ignite cable insulation along the upstream cable routing must occur. Other factors, such as destructive effects from the fault current itself, could act to reduce or even interrupt the current path.

The above factors were evaluated, and the risk value is considered low.

VI. CORRECTIVE ACTIONS

A. immediate Corrective Actions Compensatory fire watches were established in accordance with the BFN Fire Protection Report and the Appendix R program.

B. Corrective Actions to Prevent Recurrence

1. Design changes will be developed to remove the common vulnerability problem.

2. These design changes will be physically implemented on BFN Units 1, 2, and 3 (1) TVA does not consider these corrective actions as regulatory commitments. The completion of these actions will be tracked in TVA's Corrective Action Program.

VII. ADDITIONAL INFORMATION

A. Failed Components

None B. Previous LERs on Similar Events 260/94-002 260/96-01 R1 C. Additional Information, None

D. Safety System Functional Failure Consideration:

The event under consideration did not involve an actual failure of any plant equipment, but rather it was a condition which, under certain postulated conditions, could have resulted in the failure of plant equipment. While certain postulated fire scenarios could have resulted in equipment losses beyond those previously analyzed, the loss of a safety system function was not specifically threatened.

This condition does not constitute a safety system functional failure as referenced in 10 CFR 50.73(a)(2)(v), and it will not be included in Performance Indicator reporting performed in accordance with NEI 99-02.

E. Loss of Normal Heat Removal Consideration:

N/A This event did not involve a reactor scram.

VIII. COMMITMENTS

Nene

Retrieved from "https://kanterella.com/w/index.php?title=05000260/LER-2003-004&oldid=200057"