Text

Insp Rept 50-336/92-22 on 920706-22,0909-11 & 1109-17. Violations Noted.Major Areas Inspected:Circumstances Surrounding Partial Loss of Normal Power on 920706
	ML20127D885
Person / Time
Site:	Millstone
Issue date:	01/08/1993
From:	Ruland W; NRC OFFICE OF INSPECTION & ENFORCEMENT (IE REGION I)
To:	;
Shared Package
ML20127D837	List: IR 05000336/1992022; ML20127D831; ML20127D845;
References
	50-336-92-22, NUDOCS 9301190075
	Download: ML20127D885 (72)
	v • d • e

- - _ _ _ _ _ - _ - _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ . _ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ _ .

.

U.S. NUCLliAR REGULATORY COhth11SSION REGION 1 RiiPORT N /92-22 DOCKET N LICENSE N DPR-65 LICl!NSEE: Northeast Nuclear Energy Company P.O. Box 270 llartford, CT 06141-0270 PACILITY: Millstone Nuclear Power Station, Unit 2 INSPECTION AT: Waterford, CT INSPECTION DATES: July 6 - July 22,1992, September 911,1992, and November 9-17,1992 INSPECTORS: R. S. Ilhatia, Reactor Engineer, DRS, Ell A. A. Asars, Resident inspector, Millstone R. J. Arrighi, Resident inspector, Millstone Unit 3 E. T. Ilaker, Senior Project Manager, NRR 1. Ahmed. NRR/SICil C. R. Thomas, NRR/SELil D. A. Dempsey, Resident inspector, Millstone Unit 2 APPROVED llY: . .

W.11. Ruland, Chief, Electrical Section,

[& St^r/ -

/#

3[D Date Engineering Branch, DRS Alentinspreltd: An announced inspection was conducted to review the circumstances surrounding a partial loss of normal power on July 6,1992, inspection followup was directed towcrds the operational and work planning aspects of the event as well as an electrical system single failure vulnerability with respect to the ESAS/LNP logic design and other safety actuation systems involved. The NRC and the licensee met in llQ to discuss the generic implications of the event. Additional inspection reviewed previous licensee actions regarding the potential design denciency with the PORV Results: See Executive Summary for details, 9301190075 930111 PDR ADOCK 05000336 O PDR

_ _ ___ . _ _ . _ . _ . _ _ _ _ _ _

!

. :

I

.

SUMMARY OF DESIGN VULNERABILITIES G. J. Filippides / M. J. Wilson .

SAFETY SIGNIFICANCE M. S. Kai PROPOSED DESIGN CHANGES G. J. Filippides EVALUATION OF ORIGINAL DESIGN R. J. Halleck / M. S. Kai COMMUNICATIONS WITII THE NRC M. J. Wilson AND INDUSTRY SUMMARY COMMENTS H. P. Risley CONCLUDING REMARKS NRC

- - --

. .

~

OVERVIEW OF ELECTRICAL DISTRIBUTION SYSTEM -

OFF-SITE AND ON-SITE DISTRIBUTION TWO VITAL 4160V BUSES; TWO VITAL 480V BUSES (FIGURE 1) ,

VITAL 4160 BUSES SUPPLIED VIA RSST NSST MILLSTONE UNIT NO.1 (VIA BUS 14H)

NORMAL OPERATION: NSST2 UNIT TRIP: FAST TRANSFER TO RSST2 LOSS-OF-NORMAL POWER (LNP): EMERGENCY DG OPERATION TRAIN "A" 24C/22E, TRAIN "B" 24D/22F LEVEL 1 & 2 UNDERVOLTAGE SENSING ESAS SENSOR CHANNELS A, B, C, D ON BOTH 24C & 24D

. .

'

.

_ 1

.

e

'

. .

OVERVIEW OF ELECTRICAL DISTRIBUTION SYSTEM { CONT)

VITAL 125VDC /120VAC l

TWO VITAL 125VDC BUSES (FIGURE 2) <

TWO VITAL 125VDC BATTERIES TWO BATTERY CHARGERS (PLUS ONE SWING)

INVERTERS VIP 1,2,3, & 4 SUPPLIED BY CLASS IE BATTERIES BACKUP INVERTERS VIP 5 AND 6 FOR VA-10 AND VA-20 SUPPLIED BY NON-CLASS 1 E. TURBINE BATTERY BACKUP SUPPLIES FOR VA-30 AND VA-40 ARE REGULATING TRANSFORMERS FOUR 120VAC VITAL PANELS VA-10,20,30 & 40

'

.

'

.

. .

'

OVERVIEW OF ESAS OPERATION ESAS POWER SUPPLY ARRANGEMENT FOUR ESAS SENSOR CHANNEL CABINETS A, B, C, D (FIGURE 3)

(INCLUDES BUS 24C & D UNDERVOLTAGE & RWST LEVEL SIGNAL BISTABLES)

FOUR ESAS SENSOR CHANNEL OUTPUTS TO TWO ACTUATION CABINETS, CABINET # 5 AND CABINET # 6 ACTUATION MODULES WITHIN THE CABINETS PERFORM 2/4 MATRIX LOGIC CABINET #5 ACTUATES ONLY TRAIN "A" EQUIPMENT (ECCS SYSTEMS POWERED BY "A" EDG VIA 24C)

CABINET #6 ACTUATES ONLY TRAIN "B" EQUIPMENT (ECCS SYSTEMS POWERED BY "B" EDG VIA 24 D)

AUTOMATIC TEST INSERTER (ATI) POWERED BY VA10 (TRAIN A)

-

(FIGURE 4)

-

'

. .

DESCRIPTION OF 7/6/92 LNP EVENT DURATION: APPROXIMATELY 19 MINUTES (FIGURE 3)

DEENERGlZED TRAIN B ACTUATION CABINET #6

,DEENERGlZED ESAS SENSOR CABINET "B" DEENERGlZED ESAS SENSOR CABINET "D" 2 OUT OF 4 LOGIC FOR ESAS ACTUATION SATISFIED (LNP SIGNAL)

l BUS 24C ISOLATED, TRAIN "A" LOAD SHED (FIGURE 1)

l

'

A' EDG STARTED, CLOSED ONTO BUS 24C (SEO O)

l ATTEMPTED MANUAL START "A" SW PUMP ATTEMPTED MANUAL START OF SWING SW PUMP SECURED 'A' EDG

. RESTORED POWER TO SENSOR CABINET "D" (FIGURE 3)

' RESET 'UV' SIGNAL ACTUATION CABINET #5, LOAD SHED REMOVED BUS 24C RESTORED FROM RSST (FIGURE 1)

-

.

- _ - - - - - ,

. .

DESCRIPTION OF 7/6/92 LNP EVENT (CONT}

l EVENT ASSESSMENT :

TWO ESAS SENSOR CABINETS INAPPROPRIATELY DE-ENERGlZED WITH 'B' AND 'D' SENSOR CABINETS DE-ENERGlZED, BUS 24C i

'

PO'NER RESTORATION WAS NOT SENSED TWO UV BISTABLES STILL FALSELY SENSED UV AFTER LOAD SEQUENCER COMPLETE, ATI CONTINUED TESTING ATI TESTING RESULTED IN REPEATED LOAD SHEDDING

" D" SENSOR CABINET REENERGlZED, CLEARING 2 OUT OF 4 UV l

UV ACTUATIONS CEASED, BUS 24C RESTORED FROM RSST

.

g

~

.

I

. . .

SCOPE OF INVESTIGATION AND FINDINGS SCOPE OF INVESTIGATION

.

UNIT ENGINEERING DEPARTMENT ANALYSIS EVENT CHRONOLOGY EQUIPMENT RESPONSE ROOT CAUSE DETERMINATION CORRECTIVE ACTION RECOMMENDATIONS INDEPENDENT TASK FORCE INVESTIGATION 9 MEMBER, INTERNAL MULTI - DISCIPLINARY EVENT CHRONOLOGY EQUIPMENT RESPONSE ROOT CAUSE DETERMINATION CORRECTIVE ACTION RECOMMENDATIONS MULTI DISCIPLINE, MULTI-COMPANY ASSESSMENT ABB-CE: HAZARDS ANALYSIS BECHTEL: ATIINTERACTIONS CONSOLIDATED CONTROLS: DESIGN CONSULTATION NU: INVESTIGATION COORDINATION AND REVIEW DESIGN MODIFICATION APPENDIX R REVIEW ASSOCIATED WITH ALL 2

,

OF 4 LOGIC

- - - - - . - - -

. ..

SCOPE OF INVESTIGATION AND FINDINGS (CONT)

FINDINGS 2/4 LOGIC FED BY 2 POWER SOURCES (IE 2 BATTERIES) CAN, UNDER CERTAIN CIRCUMSTANCES, RESULT IN VULNERABILITIE AT MILLSTONE UNIT NO 2 THIS TRANSLATES TO:

REPEATED LOAD SHED COMMANDS INADVERTENT SRAS ACTUATION INADVERTENT PORV ACTUATION

. '

'

.

W

a %

q' O SUMMARY OF DESIGN VULNERABILITIES

.

REPEATED LOAD SHED COMMANDS (FIGURES 5 & 6)

INADVERTENT-PORV ACTUATION (FIGURE 7)

!

INADVERTENT SRAS ACTUATION (FIGURE 4)

i

'

.~

O

__-_____ _ __ ____ _ __-___-___________ _ __-____ _ - __ .

.. . .

SUMMARY OF DESIGN VULNERABILITIES (CONT)

INADVERTENTSRAS ACTUATION SRAS COMPONENT ACTUATIONS CONTAINMENT SUMP OUTLET VALVES OPEN LPSI PUMPS STOP ESF PUMPS MINI FLOW VALVES CLOSE SDC HEAT EXCHANGER RBCCW OUTLET VALVES OPEN SIAS COMPONENT ACTUATIONS HPSI PUMPS START LPSI PUMPS START CS PUMPS START CAR FANS START IN SLOW IMPACT LPSI PUMPS LOST RWST UNAVAILABLE (FIGURE 8)

CAR FAN HEAT REMOVAL DECREASE

. .

. 9 -

.

e s,.

an

'

5 O SAFETY SIGNIFICANCE IMPORTANT FACTORS.AND CONSIDERATIONS

,

'

-

EVALUATE. RANGE OF POTENTIAL DC FAILURES

-

CONSIDER DC BUS FAILURE AS AN INITIATING EVENT AS WELL AS IN

' COMBINATION WITH A DESIGN BASIS ACCIDENT

-

DE-ENERGlZATION OF TWO SENSOR CABINETS WILL RESULT IN THE GENERATION OF ALL ACTUATION SIGNALS INCLUDING SIAS, SRAS, AND PORV OPENING

. ASYMMETRIC CONFIGURATION OF THE DC BUS LOADS ATI POWERED BY VA-10 PORV LOGIC IS POWERED BY DC BUS "B" TURBINE DRIVEN AFW PUMP GOVERNOR POWERED BY DC BUS "B"

'

.10

,

f e

. .. .

SAFETY SIGNIFICANCE { CONT)

POTENTIAL DC BUS FAILURE

-

CASE 1: FAILURE OF DC BUS "A" POWER TO INVERTER 1 LOST; HOWEVER BACKUP PROVIDED BY INVERTER 5 FROM THE TURBINE BATTERY THROUGH STATIC SWITCH; POWER TO VA-10 REMAINS AVAILABLE POWER TO INVERTER 3 LOST; BACKUP POWER SUPPLY UNAVAILABLE DUE TO LACK OF DC POWER FOR FAST TRANSFER; POWER TO VA-30 LOST NET RESULT - BOUNDED B / ANTICIPATED OPERATIONAL OCCURRENCE

- CASE 1 A: FAILURE OF DC BUS "A" WITH NO CREDIT FOR TURBINE BATTERY

. POWER LOST TO BOTH VA-10 AND VA-30 DE-ENERGlZATION OF TWO SENSOR CABINETS RESULTS IN THE GENERATION OF ALL ACTUATION SIGNALS INCLUDING LOSS OF NORMAL POWER, SIAS, SRAS, AND PORV :

OPENING LOSS OF VA-10 DISABLES TRAIN "A"; ATI WILL BE DISABLED; TRAIN "B" LOADS WILL LOAD ON THE DIESEL GENERATOR

"B" PORV WILL OPEN;"A" PORV WILL REMAIN CLOSED DUE TO LOSS OF POWER TO THE SOLENOID NET RESULT - ONE OPEN PORV WITH ONE TRAIN OF SI AVAILABLE FOR MITIGATION

^ '

.'

O

, .

SAFETY SIGNIFICANCE (CONT}

POTENTIAL DC BUS FAILURES .

-

CASE 2: FAILURE OF DC BUS "B" POWER LOST TO INVERTER 2; HOWEVER, BACKUP PROVIDED BY INVERTER 6 FROM THE TURBINE BATTERY THROUGH A STATIC SWITCH; POWER TO VA-20 REMAINS AVAILABLE POWER TO INVERTER 4 LOST; BACKUP POWER SUPPLY UNAVAILABLE DUE TO LACK

OF DC POWER FOR FAST TRANSFER; POWER TO VA-40 LOST NET RESULT - BOUNDED BY ANTICIPATED OPERATION OCCURRENCE

-

CASE 2A: FAILURE OF DC BUS "B" WITH NO CREDIT FOR TURBINE BATTERY POWER LOST TO BOTH VA-20 AND VA-40 DE-ENERGlZATION OF TWO SENSOR CABINETS RESULTS IN GENERATION OF ALL ACTUATION SIGNALS INCLUDING LOSS OF NORMAL POWER, SIAS, SRAS AND PORV OPENING LOSS OF VA-20 DISABLES TRAIN "B"; ATI WILL REMAIN AVAILABLE; ATI WILL PREVENT LOADING OF EMERGENCY LOADS ON TRAIN "A" DIESEL GENERATOR; NO INJECTION AVAILABLE BOTH PORVS WILL REMAIN CLOSED DUE TO LOSS OF DC FOR THE MATRIX LOGIC

- LOSS OF DC BUS "B" WILL DISABLE TURBINE DRIVEN AFW PUMP OVERSPEED GOVERNOR; TURBINE DRIVEN AFW PUMP UNAVAILABLE (LOCAL, MANUAL AVAILABLE)

NET RESULT- ECCS EQUIPMENT UNAVAILABLE WITH NO REMOTE OPERATION OF AFW-

'

12 ;

.

' '

. .

(

SAFETY SIGNIFICANCE { CONT}

OTHER FAILURES i i

I

- LOSS OF VA-10 AND VA-30 WITH DC BUS "A" STILL AVAILABLE DE-ENERGlZATION OF TWO SENSOR CABINETS RESULTS IN THE GENERATION OF ALL ACTUATION SIGNALS INCLUDING LOSS OF NORMAL POWER, SIAS, SRAS, AND PORV OPENING

LOSS OF VA-10 WILL DISABLE TRAIN "A"; ATI WILL BE DISABLED; TRAIN "B" LOADS :

'

WILL LOAD ON THE DIESEL GENERATOR BOTH PORVS WILL OPEN SINCE BOTH DC POWER SUPPLIES WILL STILL BE AVAILABLE NET RESULT -TWO OPEN PORVS WITH ONE TRAIN OF INJECTION AVAILABLE

-

LOSS OF VA-20 AND VA-40 WITH DC BUS "B" STILL AVAILABLE DE-ENERGlZATION OF TWO SENSOR CABINETS RESULTS IN THE GENERATION OF ALL ACTUATION SIGNALS INCLUDING LOSS OF NORMAL POWER, SIAS, SRAS, AND PORV OPENING LOSS OF VA-20 WILL DISABLE TRAIN "B"; ATI WILL STILL BE AVAILABLE; ATI WILL PREVENT LOADS BEING POWERED BY THE TRAIN "A" DIESEL GENERATOR; NO INJECTION AVAILABLE BOTH PORVS OPEN SINCE BOTH DC POWER SOURCES ARE AVAILABLE NET RESULT - TWO PORVS OPEN WITH ECCS EQUIPMENT UNAVAILABLE

.

~

.'

O

. - _ _ _ _ _

. . _ _ _ _ _ _ _ - _

. ..

i SAFETY SIGNIFICANCE (CONT)

LOCA WITH DC BUS FAILURE FAILURE OF DC BUS "A" OR "B" WITH CREDIT FOR TURBINE BATTERY VA-30 OR VA-40 UNAVAILABLE; VA-10 AND VA-20 REMAIN AVAILABLE; TRANSIENT RESPONSE BOUNDED BY FSAR ANALYSIS FAILURE OF DC BUS "A" WITHOUT CREDIT FOR THE TURBINE BATTERY POWER TO VA -10 AND VA-30 LOST DE-ENERGlZATION OF TWO SENSOR CABINETS WILL RESULT IN THE GENERATION OF ALL ACTUATION SIGNALS INCLUDING LOSS OF NORMAL FOWER, SIAS, SRAS, AND PORV OPENING 1 THE GENERATION OF SRAS WILL CAUSE THE FOLLOWING:

LPSI PUMP TRIP MINI RECIRCULATION VALVES FOR ECCS PUMPS CLOSE OPENING OF THE CONTAINMENT SUMP VALVES; IF HIGH CONTAINMENT PRESSURE IS PRESENT, THE RWST CHECK VALVE MAY BACKSEAT; SAFETY INJECTION AND CONTAINMENT SPRAY MAY BE LOST OPENING OF THE RBCCW VALVE FOR CONTAINMENT SPRAY COOLING; REDUCTION IN CAR FAN HEAT REMOVAL CAPABILITY LOSS OF DC BUS "A" WILL DISABLE TRAIN "A"; ATI WILL BE DISABLED; TRAIN "B" LOADS WOULD LOAD ON THE DIESEL

'-

NET RESULT - LOCA WITH ONE DIESEL AVAILABLE FOR ONE TRAIN OF ECCS;

' HOWEVER, NO LPSI INJECTION; HPSI INJECTION AND CONTAINMENT SPRAY MAY BE

, LOST DUE TO RWST CHECK VALVE BACKSEAT .

.- 14

'

.

- - - -- -

. .

RSAFETV SIGNIFICANCE (CONT)

LOCA W/DC BUS FAILURE

'

-

FAILURE OF DC BUS "B" WITH NO CREDIT FOR THE TURBINE BATTERY POWER TO VA-20 AND VA-40 LOST DE-ENERGlZATION OF TWO SENSOR CABINETS WILL RESULT IN THE GENERATION OF ALL ACTUATION SIGNALS INCLUDING LOSS OF NORMAL POWER, SIAS, SRAS, AND PORV OPENING THE GENERATION OF SRAS WILL CAUSE THE FOLLOWING:

LPSI PUMP TRIP MINI FLOW RECIRCULATION VALVES FOR ECCS CLOSE OPENING OF THE CONTAINMENT SUMP VALVES; IF HIGH CONTAINMENT PRESSURE IS PRESENT, THE RWST CHECK VALVE MAY BACKSEAT; SAFETY INJECTION AND CONTAINMENT SPRAY MAY BE LOST OPENING OF THE RBCCW VALVE FOR CONTAINMENT SPRAY COOLING; REDUCTION IN CAR FAN HEAT REMOVAL CAPABILITY LOSS OF BUS "B" WILL DISABLE TRAIN "B"; ATI WILL STILL BE AVAILABLE; ATI WILL PREVENT LOADING OF EMERGENCY LOADS ON TRAIN "A" DIESEL GENERATOR NET RESULT - LOCA WITH NO ECCS AVAILABLE

. .

.

. 15 e

a. *

l SAFETY SIGNIFICANCE <'< CONT)

l SUMMARY e THESE DC FAILURES ARE ESTIMATED TO INCREASE CORE MELT FREQUENCY BY AT LEAST A FACTOR OF 2 (>1.0E-4/ YEAR)

-

ATI INTERACTION WITH DC FAILURES ARE EVALUATED TO BE SAFETY SIGNIFICANT THE TURBINE BATTERY REDUCES THE SAFETY SIGNIFICANCE OF A DC BUS FAILURE IN COMBINATION WITH A DESIGN BASIS ACCIDENT

!

. '

~

.

,

'

.

- - . - - - - - , - - - . - - - - - . - - , . - - - , . , . - - - - - . - - , - - - - - - -

..g - .

PROPOSED DESIGN CHANGES (SHORT TERM} ;

REPEATED LOAD.SHED REPLACE 500 MSEC TEST WINDOW WITH 2 MSEC WINDOW (FIGURE 9)

INSTALL PULSE LIMITER CIRCUlT WITHIN SEQUENCER MODULES (FIGURE 9)

DISABLE ATI DURING ANY UNDERVOLTAGE TRIP CONDITION

, (FIGURE 10)

INADVERTENT SRAS ACTUATION (FIGURE 11)

REDUCE 2/4 LOGIC COMBINATIONS FROM SIX TO FOUR (REMOVE. AC AND BD LOGIC COMBINATIONS)

REQUIRES TECHNICAL SPECIFICATION CHANGE INADVERTENT PORV ACTUATION REVERSE PORV ACTUATION LOGIC WITHIN RPS (FIGURE 12 AND 13)

. .

_

. 17

.

mu-u -

\,

. .

,

PROPOSED DESIGN CHANGES q' CONT}

(LONG TERM)

! AUCTIONEERING OF THE POWER SUPPLIES l

ESAS SENSOR CABINETS

'

INSTRUMENTATION CABINETS l

l l

'

.

.'

&

.

._

,.....g

'

-

c .

i EVALUATION OF ORIGINAL DESIGN l ESAS DESIGN BACKGROUND

, ,

PROCURED UNDER BECHTEL SPECIFICATION REFERENCED STANDARDS: IEEE 279-1971,308-1970,323-1971 CABINETS TO BE POWERED FROM ONE OF 4 REDUNDANT 120 VAC BUSES LATE STARTUP DESIGN CHANGE (1974)

RECOGNIZED LOSS OF DC BUS VULNF_RABILITY

'

BACKUP INVERTERS 5 AND 6 ADDED TO PROTECT AGAINST INADVERTENT ESAS ACTUATION IN SERVICE 1975 NO SEQUENCE 1 BLOCK OF UV MODULES, LOAD SHED COULD NOT BE RESET INADVERTENT SRAS ACTUATION VULNERABILITY PRESENT MODE 5 LNP, SEPTEMBER 1975 LER, ABNORMAL OCCURRENCE AO-50-336/75-17 ESAS CHANNEL "C" AND "D" ACTUATION DIFFICULT CONCLUSIONS DUE TO BLOWN FUSES AND WlRING ERRORS

-

. .

.

. 19

. . .

.. .

.EVALUATON OF ORIGINAL' DESIGN (CONT)

ESAS DESIGN BACKGROUND UV MODULE SEQUENCE 1 BLOCK SIGNAL ADDED - 1976 ADDED AS PART OF DEGRADED VOLTAGE ISSUE TO DEFEAT LOAD SHED SCHEME CREATED ATI FALSE LOGIC FAILURE ALARM ATI MODIFICATION - 1977/1978 CREATED 500 MSEC " UNBLOCKING WINDOW" YlELDED " PROPER" ATI FUNCTION, BUT DEFEATED LOAD SHED BLOCKING FUNCTION MODE 6 LNP EVENT, JANUARY 1988 LOSS OF ESAS SENSOR CABINETS "A" AND "C", ACTUATION CAB #5 DE-ENERGlZED

'B' EDG STARTED WITH PROPER LOAD SEQUENCING, ATI WAS DOWN POWERED-MODE 6 LNP EVENT, JULY 1992 DE-ENERGlZATION OF ESAS SENSOR CABINETS "B" AND "D", AS WELL AS ACTUATION CAB #6

"A" EDG STARTED; LOADS CONTINUOUSLY RE-LOAD SHED l

L:

"

! .-

'

- - - _ _ .

- - - - - - - - - - - - - - - - - _ - - - - _ _ - ..

. . .

EVALUATION OF ORIGINAL DESIGN (CONT)

EVALUATION OF DC FAILURES IN THE PRA (1990-1991) .

THE IMPORTANCE-OF POTENTIAL FAILURES IN THE DC POWER SYSTEM WAS IDENTIFIED IN THE PRA TWO LERS WERE GENERATED; OPERATOR TRAINING IMPROVED; AND PROCEDURES WERE DEVELOPED THE IMPORTANCE OF THE TURBINE BATTERY AND THE POTENTIAL .

FOR PORV OPENING ON LOSS OF DC WAS RECOGNIZED THE ATI INTERACTION WAS NOT IDENTIFIED j SUBTLETY OF THE INTERACTION ATI NOT FUNCTIONALLY MODELED ON THE SIMULATOR

,

f

'

-

. , ,

.

. . . .

_

'

-

COMMUNICATIONS WITH THE NRC AND INDUSTRY

. JULY 6,1992 PROMPT REPORT, ESF ACTUATION

"A" EDG FAILURE TO PICK UP LOADS IDENTIFIED

+ JULY 15,1992 PROMPT REPORT, UPDATE ,

POTENTIAL GENERIC DESIGN FLAW WITH EDG LOAD SHED LOGIC 4 CHANNEL ESAS WITH 2 DC BUS VULNERABILITY IDENTIFIED JULY 24,1992 NRC INSPECTION EXIT, NRC RESIDENT INSPECTOR, R1 SINGLE FAILURE VULNERABILITY IDENTIFIED JULY 29,1992 NUCLEAR NETWORK ENTRY EVENT DESCRIBED DESIGN VULNERABILITIES EVIDENT SEVERAL INDUSTRY INQUIRIES MADE AUGUST 5,1992 LER, REV 0 DESIGN DEFICIENCY IDENTIFIED EFFECTS ON LOCA MITIGATION STATED EVENT CHARACTERIZED AS STILL UNDER EVALUATION r l SUPPLEMENTAL REPORT COMMITMENT MADE l

l l

.

,

l

- .- _ - - _ -- - _ _ -

. . . .

u' COMMUNICATIONS WITH THE NRC AND INDUSTRY (CONT}

i

AUGUST 24,1992 ABB CE, BECHTEL MEETING AMONG THE RESULTS OF THIS MEETING WAS THE ASSESSMENT BY ABB CE OF OTHER CE UNITS THAT MAY BE AFFECTED

+ AUGUST 26,1992 NRC TELCON, REGION I

UPDATE ON DESIGN EVALUATION AND CORRECTIVE ACTIONS SUPPLEMENTAL LER DISCUSSED AS METHOD TO FORMALLY PROVIDE UPDATES

. SEPTEMBER 1,1992 CONFERENCE CALL, REGION I ATI INTERFACE WITH LOAD SHED MODULES IDENTIFIED INADVERTENT SRAS AND LPSI P'JMP EFFECTS DISCUSSED

+ SEPTEMP"R 911,1992 NRC INSPECTION, REGION 1/NRR AL LOWN VULNERABILITIES IDENTIFIED, INCLUDING SRAS/SIAS REPvRTING MEHODS DISCUSSED

+ SEPTEMBER 11,1992 LER, REV 1

+ ATIINTERACTION REPORTED

+ SIMULTANEOUS SRAS/SIAS WITH LPSI PUMP STOP IDENTIFIED

. PORV OFENING INDICATED SUPPLEMENTAL REPORT COMMITMENT MADE SEPTEMBER 24,1992 LER, REV 2 RWST OUTLET CHECK VALVE SEATING PROBLEM DESCRIBED SUPPLEMENTAL REPORT COMMITMENT MADE

OCTOBER '>1,1992 MANAGEMENT MEETING

. FUTURE

FINAL LER

TECHNICAL SPECIFICATION CHANGE

-

_-___ __ . . ..

_ .. . - - . . _ _ - _ . - _ - . _ _ _ _ _ _ . . _ . . . . _ _ . _ . _ _ _ _

.

NRC MANAGEMENT MEETING P MILLSTONE UNIT NO. 2 LOSS OF NORMAL POWER EVENT PRESENTATION FIGURES

'

OCTOBER 21,1992

. . . _ . . . -._ _ . _ _ . _ . _ _ . _ . ,

,,t 3t ; fil lt ;!:{t! ! : i [

.! l: , L t

.

_

S 1 1-2

.

_

T -

_,,

SG >

S5 ) ~

R1 H 4 2 V y 1

~ '

K ( ) e-w F I 4- i 2 v

4

h w % m

m"" I,i: i v i

-

~.

.

LV o A T 0 G

.

-

~) I

4

%

)

.

L

s!

I V 4

S 4

~

2 -

,

22 ~ =%

2 f ~~ % 1

ii; ev w 4 =

T - ~

vn SG ~

S5 ' .:,

R1 -

V K

v' a

!'

I

'. ,

~

l

.

)

,

! i 5 I c U v. + m A" )

,

)

4

v ,!

2 Bo( mC t

-

mn % z v"

l S

8 Q E

F 5 f

U G

I F

% 2 T

L 0T "

'

25 O 6L l

)

2 'O ~+

T - V 4V x I I

-.

L SG S5 ) 0

wn % 1

AT T L O

i N1 (- I 9 VV m"

^ % 5 A

e 4 4 i 1 N0 O 48 v^

d 2 d U

/

v. +

vn %

s

N m~ 1 d A

'

2

% j

) I

% v+ 4 u z

V oM U L en 1

-

K m - KA i

.

- 2-5 *

- 5G

3 u - 1

.

_ X 2 V

_

N-

_

K IA M52 G4

'

-

.

-

.

_

,

. ,I ;

. s

. . .. . - ._.- . . . _ -. - - .. -_ -- -.-.- - .. ..- ..

l

.

a si yl3 g

= ==,,

e i ii-

'I5 I bk

lI i

'b -

%$N 7 lsgj &

-

I v!I

,U{ V

!E 1

l *~

n

~ _ ng{

.

& m R

~ .

~

d 0 ^E 9 _

$. -

8 b i, 7

, , _ ,

i 7-i

-

~

__$4

'7 ngs i <

ig5 (~(pI

}R 4 h,i

~ g

~. i a i r i gh,

. .o > dE

.._

o

@ -^ l Z

$"" . 3:

c

~[;,l"4Ii'?@

j ~

_

.

s oita i inX j -

<t

-

y

.xx

^

- iw

~a #- ii - .; _

' i

~

i i m g

totoa

!* 6Ct00 W

! enoc ^

gU$ Z

~

R >

~ og - Ry J ll 2 '""

?- jf!g; jfig i 291 y e O N 4_ a aa e g 4c'[' ,,,x

_

- .._ o t i 11 - O

@ ag -

7 C i >

m(J j g

-

a'a -- -

jig;j

,

i -

~!;l

!! i vk ,

-

m a

y 90600 -^ - v=

g citoo 0* y

^

, totoa -,-,

E ^ ~" >d 901o3 -

~

Q I ; c g$s <T g a'a

^ ~s 1"li i

-

, m ,ng igg s (f' gi3

~

-

>

uin

'

@ N

-

I

= i Pe,isp ,, ,

da

-

i ei i

,

i<g i e s 58 f g, i h $5 5" g vi a Af I W , g '

A

'm_ 2' .i

!

^8 I q - Egf -

'

O [ [VE

!

j i i i -

Q _

!s<W!

a sy a

_

j59,vV!

z! Esl ,

i d'

80 .

- . .

. .

OVERVIEW OF ESAS OPERATION VA10 VA30 VA40 VA20 i I i

ESAS SENSOR CABINETS A , ,

C , ,

D , ,

B .

,

' ' ' ' ' ' '

r---- - > e i e i i i t_______,

,

- - - - ' ' ' ' ' i i r-- ---- 'i i t____i_________, ,

,

i

,

i

,

r-----'------t____________'_______,

, i

'--J i

,

i

,

,--- '_____________________'_ _ _ _ _ ,

i e i i r i

, , ,

, , , f f f ESAS l ESAS Actuation Actuation -

--

Cabinet Cabinet N N ATI U

V Train "A" Actuation Train "B" Actuatio Figure 3

___ -

. .

OVERVIEW OF ESAS OPERATION

, Four Channel Inouts Pr suri r P ssure p, ,fe ESAS SENSOR CABINETS Sensor Cab net

" fails" to a RWST Level Ctmt Radiation Q channel trip Fuel Area Radiation Steam Gen. Pressure Bus 24C UV & DV Bus 24D UV & DV

'

---

Two Division Actuations l ESAS ESAS Main Steam Iso Safety injection Actuation Actuation Loss of power Ctmt isolation Cabinet % :-- > Cabinet to Actuation

. Encl. Bldg. Fil g N (Train "A")

l

l

N (Train "B")

Cabinet " disables" actuation circuits

-

Aux. Exhaust Load Shed l l'

-

LNP/EDG ATI Ctmt Purge Viv Iso Ctmt Sump Recir y Train "A" Components Only Train "B" Components Only '

- (e.g. Bus 24C Load Shed, EDG"A", etc.) (e.g. Bus 24D Load Shed, EDG"B", etc.) ,

t Figure 4 -

.. _ -_ _ . _ _ . _ ._ _ __ ._ _ . _ ___

.

- SUMMA.RY OF DESIGN VULNERABILITIES Automafic Test inserter .

BUS 24C Ch A Ch B Ch C Ch D PT PT PT PT Potential Transformers -

4 Channels each on Bus 24C & 24D 1r 1r

-

UV Modules -

GN95 6N95 trip @ 70%;

time delay circuit ATI ---- i ATI ---- i Test input Test input '

2 msec 1r1r 2 msec 1r3r

_J"l_ f"l ATI Test 6N88 + Bi t,a_bj,e_Res,et 6N88 p---

l-----

i

- - ]

l j L_ _______J

,

\ ----. .---........

If if l

l l GN89 GN89 '

Isolation Modules

'

j i l l

_ _ . _ _

g -_ _ _ -j- _

Actuation Logic Verifi ation pulse s' Ch D -> 2 msec

>

i j Ch C 2/4 -- > .fl_

' Ch B > !

l' Y Ch A >

' l UV Actuation ATI Ch D > Modules - 2 of 5

.

l

',

Ch C > 2/4 --->'

Ch B >

l- Verifies reset Ch A >

'

of bistables

_ . - ==== -

Figure 5

_ . . _ . . . _

_ . _ _ _ _ _ __

- - - . - -- - . - - - - - - - . .- .- - .

-

.

'. SUMMARY OF DESIGN VULNERABILITIES Automat' c Test nserter

.

ATI DISPLAY PANEL ,

'

CTMT CTMT S/G S/G UV BUS UV BUS AEAS RWST PRES PRES CTMT A PRES B PRES 3A 4A RDN LVL Hi Hi-Hi RDN SEQ A

A A A A A A A A A-S B B B B B B B B B g c c c c c c c c c D D D D D D D D D

,.

.

I a

' Figure 5a

._

w w ~ ~ m e+m uz w a-- a - m y .m

__. _ __ _ _ _ - - - - - _ . _ _ _ _ . _ _ _ . _ _ _ _ _ . _ - _ _ _ . . _ _

.

DIESEL GENERATOR LOAD SEQUENCING DLOCK DIAGRAM STARTUP DESIGN UV TRIP TIMING DIAGRAM *

HUS #4010% YOLT, BVS f ec 70% VOL BUSF4070%VMT A pmC 0 A b A O O A S A C D U**

'l 1 1 f 'l - 1 1 l' 'l 1 1 f i

"""'"*""

UV No Latch UV No Latch UV No Latch t

l Mgulo Mgulo Mgule m.nt uon n

] t 0 I

,10 12 I

l sequence,

'

Modulo } / t-c.,..., my . , $,. ,

BLOCK DIAGRAM - SEO 1 BLOCK DESIGN

, 1970 1977/8 UV TRIP TIMING DIAGRAM

,

!

j tus roc ros vo out#4c ros vot sus i.e 7% u t A eie o A eA C D A N A C D time

'l 1 1 f 'l 1 1 l' 'l 1 1 f , , ,, , ,,,y n UV No Latch UV No Latch UV No Latch M ute M ute ,

Mgule t

t "

t

"

SEO 1 m )"'wwen umntrestn I '

l Block Slgnal t 0 =10 12 W t > t Sequencer LNp coadd=a Q**" 6.unee t sr=t Module

- BLOCK DIAGRAM - ATI TEST WINDOW DESIGN 1977/8 - 1992 DuS 74C 70% VOL 1, BUS P40 70% VOL Bus 74C Tc*% Vot A B A C O A B A C O A B A D D

'l 1 1 f 'l 1 :1 l' 'l 1- 1 f

'

UV No Latch UV No Latch UV No Latch UV TRIP TIMING DIAGRAM Mgulo_ Mgulo Mgute

, time

,

uv unw wumtsins5to w tre,5 n -

' ' ' '

vv unt.a4 es

- * soo en . -

m

" - KMD3300J1 wina ** '"*'( 5

'"d**

ing.[ N I

'

SE01 uv e ' 4 s4 Block signal t 0 =10- 12-u t / t Sequencer (No cona. n e7 s m t svar

" d "' *

n FIGURE 6

-

w--g- r

- - - - - _ - - _ . - - .

f PORV 2/4 Logic 2/4 LOGIC MATRIX A

g --. . . .-.-.-.-.-...-.-.- .-. . . . . - . - . - . . ..-.

.-._,

! [ A-K1 A-K1 -[ B-K1

.

[ C-K1 I -

E / / / / i !

! i i

[ B-K1 [ D-K1

-

' C-K1 / D-K1 ! NOTE: Contacts open dunng 125 VDC 7 / ! eunng non tnp conditm

.

l j DC BU S "B" i.-.- -- -.-.--.-.-.-.. - . - - - . - . - - - - . - - - . --.2 RPS CABINETS l L

63X 63XB v

,

"A" PORV CONTROL CIRCUIT "B" PORV CONTROL CIRCUIT n n ;

i t

HS HS i 63XA 63XB ,

OPEN OPEN !

i

125 VDC 125 VDC DC BUS "A" DC BUS "B" [

ENERGIZESTO OPEN ENERGIZESTOOPEN ,

42 .A* PORV 42 .B" PORV l

,, ,, . ;

FIGURE 7 l

, . .- t

, . , . . , - - , - - . - - . . .

.. - - - - - - - _ - - - - - -

.

,

-

,

l

.

SUMMARY OF DESIGN VULNERABILITIES SRAS Actuation RWST ws -

m l

l

1

-

1 l

ccMaaron mtstunt y N

m,

,

2re- i I

.. ..... ...

<

. . . . .... y 17 ..... . . . . . .

31' - 31 '

l . . . . .

...

.-

ECCS PUMPS

,

Figure 8

_ _ - _ - _ _ _ _ _ _ - __ _ _ - _ - _ - _ _ _ _ _ _ _ _ _ _ _ _ - _ _- _ - _ _ _ _ _ _ ____ _

- - - - - - - -------------_ - - - -- - -

LOAD SHED MODULE UNBLOCK WINDOW i Be" ore Change

4 Seconds : + 6 Tests Performed Every :

27 Seconds soo msee Test Window a

r

,

<

After Change

4 Seconds : 6 Tests Performed Every :

27 Seconds Two 2 msw Test Window

.

. . . . . .

+ k (/

/

i Pulse Limiter Circuit limits the 2 msec pulse -

to a maximum of 2.21.25 mse FIGURE 9

.. . . .

- - - . . .- . - - - - - - . - - - - - - . .

.

, .

ATI Defeat Moci"ication ;

ATI DEFEAT CIRC JIT (Be" ore C1anges).

TB 580 , PS 505 120VAC

-

-O-4

hh .33y . .

ATI 15 Volts to ATI

- + +

AT DEFEAT CIRCJ T (After C1anges)

"

K541

!

/

TB 591 y ,

+

15 Volts K541 to ATI w - .

TB 586

'F506

@-%N +15V

^U

- U l

$--c, . ---o K541 K527A K627A Bus 240 LNP Bus 24D LNP FIGURE 10

-. , - - .,

____--

.

I SRAS Mocifica': ion SRAS Logic (Before Change)

A MO OF FOUR COMBINATIONS B

AB - AC - AD - BC - BD - CD 2/4 C

D SRAS Logic (After Change)

A B

A D REDUCED SET OF MO-OF FOUR COMBINATIONS AB - AD - BC - CD B i C NO AC or BD Combinations C

D

.

FIGURE 11

- _ - _

r

.

R 3S A(Typical)

(Before Change)

m

,

i K4 K27 K29 Trip i-_----..______, (Bypass)

ATU 6 istaWe RPS A 24 VDC

,

3f K 2 7._' K1 To 2/4 Matrix

.JN y PORV Actuation K1 1.ogic i m

-

R 3S A(Typical)

(After Changes)

m ,

K27 Tp j

-- -- . .----- >

B! stable (Bypass)

RPS A 24 VDC

,r

,

K27-i K11 b \

To 2/4 Matrix g[- > PORV Actuation 9'

K1

/

FIGURE 12

-

'4%.mW

,

ummmmmmmm m mmmmmmmmat

,

. .

I PORV 2/4 Logic (After Changes)

4 .._._._ . . _._._._. . _._._. . _ . _ . _ . . . _ . .

7._._'-.A-K1

' A-K1 B-K1 C-K1 !

!

! !

! B-K1 C-K1 D-K1 D-K1 !a i

125 VDC i NOTE: contacts c:ose on f i - - - - - - - - - ' tra con & tion DC BU S * B' * - - - - - - - - - - - - - --~~~ - - ---- RPS CABINETS 63X- 63XE w

"B" PORV CONTROL CIRCUlT

"A" PORV CONTROL CIRCUlT m

u l

HS HS 63XB 63XA CFEN OPEN 125 VDC 125 VDC l

DC BUS A" DC BUS *B*

ENERGiZESTO OPEN ENERGtZESTOOPEN 42 .B PORV -

42 "A*PORV

"

FIGURE 13

. . .

L

--- - - - ___ - - _ _ _ _

e

.

,

A'ITACllh1ENT 9 hillETING A'ITENDANCili!OR MEl! TING OF STAFF WITil.NNECO CONCERNING LOLLO1LNOh\1AL POWElGYENT OF JULY 6.1492 QC'lL31iR 21.1922 AT 9:30 Ahi NethenWudeat_ Energy Comoany R. W. Bates NU MP2 Engineering G. Filippides NU PSD Electrical En R. Italleck NU PSD Electrical En M. Kai NU Safety Analysis R. S. Peterson NU Nuclear Licensing 11. P. Risley NU Project Services LLSJ3udcat_Regula10Iy_ Commission (USNRC)

1. Ahmed NRC/NRIUDRCil D. Dempsey NRC/MS2 Resident inspector J. Ilull NRC/OGC T. Koshy NRC/NRR/IIAll W. l2nning NRC/Rl/DRS 11. D. Liaw NRC/NRR/DE A. Marinos NRC/NRR/DRCil R. Moore NRC/OGCil S. Newl>ctry NRC/lilCB V. Rooney NRC/NRR/PDl-1 W. Ruland NRC/Rl/EB/ES J.Stolz NRC/NRR/PDl-4 D. Thatcher NRC/NRR/DEE/EELB C. O. Thomas NRC/NRR/DRCil C. R. Thomas NRC/NRIUDEE/EELil G. S. Vissing NRC/NRR/PDl-4

-___ - _ - _ _ - _ _ - _ - ____ _ _ __ __

- _ - - - _ _ _ - _ _ - _ -- _ ._. _ _ ._

$

>

-

,

ATI'ACllMENT 10 PARTIAL,1,lST 012 DOCUMENTS REVIEWED Millstone Unit 2 P. A.89-031. Vital AC Invener Replacement Project Description, GEE-90-273, dated August 13,1990

Conceptual Design Review of Millstone Unit 2 P. A.89-031, Vital AC Inverter Replacement Project Description (Draft), NE-90-SAB 225, dated September 4,1990 Millstone Unit 2 - P. A.89-031, Vital AC Inverter Replacement, GEE-90-326, dated October 10,1990

,

90 Day Response on Millstone Two less of DC Power Event, GEB-81-729, dated September 2,1981 Millstone Unit 2 REF #90-84, Vital AC Panels, GEE-90-416, dated December 19, 1990 Millstone Unit 2 - P. A.89-031, Vital AC Inverter Replacement, NE 90-SAH 283, dated November 14, 1990 Millstone Unit 2 Inverter and liattery Charger Allowed Out of Service Times, NE 90-SAll-313, dated December 13,1990 Millstone Unit 2 Inverter Technical Speci0 cation Change Request Support, EN2-91-016, January 11, 1991 New Night Order on Electrical Technical Specifications, EN2-91017, dated January 23,1991 Operations Night Order 1/11/91-1, Revised Use of Electrical Technical Speci0 cations-3.8.2.1/3.8.2.3, dated January 11,1991

,

Millstone Unit 2 - P. A.89-031, inverter Replacement, GEE-91-42, dated January 28,1991 Millstone Unit 2 Inverter Replacement, Approwd Conceptual Project Description, GEE-91-70, dated March 6,1991 Millstone Unit 2 Inverter Allowed Out of Service Times, NE-91-SAU-302, dated November 25,1991 Safety Evaluation ISE/MP2 924X)8, Proposed Technical SpeciGcation Change Request #2-15-91, Revision 0, dated February 21,1992 Plant incident Report #91-0(M, Vital AC Pancis, dated January 18, 1991

_ _-

.c-- y - y _ y __--% y y+ m.m. .m - w..--y- m--irwvewnww ge+v= -- wwe w w -u-

Y o

.

Attachment 10 2 Northeast Utilities Reportability livaluation 1:orm/ Operability Determinations (NEO 2.25),

Vital AC Panels VA-10,20,30,40, REF 90-84(MP2), dated December 4,1991 Licensee livent Report No. 50-336/91-002, Revised Interpretation of Electrical Distribution Technical Specification Requirements, dated l'ebruary 11,1991 Millstone Nuclear Power Station Unit No. 2, Single Line Diagram 125 VDC and 120 VAC Vital System NUSCO Drawing Number 25203 30024, Revision 4 - letter to Mr. R. C. Williams, Project Engineer, Ilechtel Power Corporation, ll-MP2-2452, dated January 3,1974 Millstone Unit 2 Loss of DC Power Event, letter from Northeast Utilities (Counsel) to NRC (Clark), dated October 9,1981

!

l

v t e Inspection Report - Millstone - 1992022
80 \| 81 \| 82 \| 83 \| 84 \| 85 \| 86 \| 87 \| 88 \| 89 \| 90 \| 91 \| 92 \| 93 \| 94 \| 95 \| 96 \| 97 \| 98 \| 99 00 \| 01 \| 02 \| 03 \| 04 \| 05 \| 06 \| 07 \| 08 \| 09 \| 10 \| 11 \| 12 \| 13 \| 14 \| 15 \| 16 \| 17 \| 18 \| 19 \| 20 \| 21 \| 22 \| 23 \| 24 \|
1992 Quarterly Integrated 1Q (0) 2Q (0) 3Q (0) 4Q (0) Assessments Mid Cycle End of Cycle 14(0) 25(0) 26(0) 27(0) 28(0) 29(0) 30(0) 31(0) 32(0) 99(0) 22(0) 26(0) 29(0) 33(0) 23(0) 25(0) Security Operator Exams Emergency Planning Other

IR 05000336/1992022

Text

Navigation menu

Search