ML041480354
| ML041480354 | |
| Person / Time | |
|---|---|
| Site: | Nine Mile Point  |
| Issue date: | 05/17/2004 |
| From: | William Holston Constellation Energy Group |
| To: | Document Control Desk, Office of Nuclear Reactor Regulation |
| References | |
| NMP2L 2117 | |
| Download: ML041480354 (11) | |
Text
Q..Constellation Energy-
- Nine Mile Point Nuclear Station P.O. Box 63 Lycoming, New York 13093 May 17, 2004 NMP2L 2117 U. S. Nuclear Regulatory Commission Attn: Document Control Desk Washington, DC 20555
SUBJECT:
Nine Mile Point Unit 2 DocketNo. 50-410 License No. NPF-69 Review and Comment: Nine Mile Point Unit 2 Preliminary Accident Sequence Precursor Analysis of the August 14, 2003 Operational Event Gentlemen:
By letter dated March 18, 2004, the NRC forwarded for review and comment a preliminary Accident Sequence Precursor (ASP) Analysis for Nine Mile Point Unit 2 (NMP2) of the August 14, 2003, operational event involving loss of offsite power associated with the regional transmission grid blackout of the same date. The March 18 letter provided a risk assessment of the event based upon current NRC models and solicited licensee comment on the technical adequacy of the preliminary analysis, including the depiction of plant equipment and equipment capabilities. Written guidance was provided for peer review and comment, including specific supporting documentation requirements.
The requested review has been completed for NMP2. Results based upon the current NMP2 Probabilistic Risk Assessment (PRA) model are in general agreement with those of the preliminary ASP analysis, but show a lower conditional core damage probability.
Details and supporting documentation are provided by attachment to this letter.
If you have any questions, please contact Mr. Ted Kulczycky, Principal Engineer, Reliability Engineering, at 315-349-1949.
Very truly yours, William C. Holston Manager, Engineering Services WCHI/JRHIjm Attachment cc:
Mr. H. J. Miller, NRC Regional Administrator, Region I Mr. G. K. Hunegs, NRC Senior Resident Inspector Mr. P. S. Tam, Senior Project Manager, NRR (2 copies)
C 1
ATTACHMENT 1 to NMP2L 2117 NINE MILE POINT 2 Review of NRC Preliminary Precursor Analysis (PPA) of August 14,2003 NMP2 Grid Disturbance Event
ATTACHMENT 1 to NMP2L 2117 Review of NRC Preliminary Precursor Analysis (PPA) of August 14,2003 NMP2 Grid Disturbance Event In a letter dated 3/18/20041 the Nuclear Regulatory Commission (NRC) provided a preliminary analysis of the risk significance of the August 14, 2004 offsite grid related event at Nine Mile Point Unit 2 (NMP2). The NRC letter solicited comment on the preliminary analysis and this "White Paper" provides the comments from the NMP Probabilistic Risk Assessment (PRA)
Team.
We agree with the overall conclusion of the PPA. Namely, that the event represented a significant plant challenge and should be included in the Accident Sequence Precursor Program (ASP) database. However, we note significant conservatisms in the analysis and believe that the reported conditional core damage probability (CCDP) of 4.7E-4 is more appropriately less than 1E-4.
The conservatisms that we recommend should be reviewed and adjusted are as follows:
Page 2 of 10
ATTACHMENT 1 to NMP2L 2117 EDG Failure Data:
The NRC PPA report indicates that NMP2 Emergency Diesel Generator (EDG) failure rate is higher than industry average and references NUREG/CR-5500 Volume 52. The NMP2 PRA Team has reviewed this NUREG and found inconsistencies with the data reported. Table DATA-1, below, shows a summary of the NUREG data along with associated PRA team information.
Table DATA-i: NMP2 PRA Team Evaluation of NUREG/CR-5500 EDG Failure Data Date NUREG PRA Team Comment Failure Assigned (NUREG)
Failure Mode to PRA database?
7/21/88 FTS Division 2 FTS noted on 7/28/88 Y
12/21/88 FTR Division 2 FTS, low lube oil trip prior to loading Y but FTS 2/15/89 FTS Division 2 Overspeed trip Y
9/20/89 FTS Division I FITS noted on 3/12/89 Y
12/2/89 FTS Division 2 FTS, Governor Y
9/30/90 FITS Invalid failure - Post Maintenance Test (PMT)
N 5/21/91 FTR Line 5 failure; License Event Report (LER) 41091012 N
and its associated Deviation Event Report (DER) do not indicate any EDG failures. Frequency was noted low but within limits. A subsequent DER investigated and noted failed troubleshooting test but not judged PRA failure.
5/21/91 RFP Line S failure; LER 41091012, EDG Log, DER 1991-N 276, DER 1991-398 do not indicate any restoration failures. If a misalignment caused unavailability, it would be included as maintenance unavailability failure mode.
9/15/91 RFP EDG log does not indicate any demands on 9/15/91.
N Also, no LERs were identified by the PRA team.
NUREG references Special Report 41091, which could not be identified by the PRA Team. If a misalignment caused unavailability, it would be included as maintenance unavailability failure mode.
3/23/92 MOOS Shutdown Loss of Offsite Power (LOSP), Division I N
EDG in maintenance. No demand failures. NMP2 PRA model includes maintenance unavailability as separate failure mode.
4/6/92 FTS Output breaker failure Y
4/29/92 FTR Division 1 fuel leak, test aborted. EDG log declared Y
invalid test, PRA considered event an EDG failure 4/30/92 FTR PMT of 4/29/92 failure, not considered an additional N
failure by PRA 8/13/92 RFR Division I FTS noted on 8/14/92 Y
8/17/93 MOOS Switchgear trip caused by radio-frequency interference N
during pre-planned EDG maintenance. Not considered a demand failure. NMP2 PRA model includes maintenance unavailability as separate failure mode.
Page 3 of 10
ATTACHMENT 1 to NMP2L 2117 Key for Table DATA-1 (NUREG Failure Mode Designators)
FTS - Fail to Start FTR - Fail to Run RFP - Restoration Failure, Offsite Power RFR - Restoration Failure, EDG MOOS - Out Of Service for Maintenance Table DATA-2 provides a summary of Raw EDG related data for the Division 1 and 2 EDGs and Table DATA-3 provides similar information for the Division 3 EDG. Table DATA-4 provides EDG values if Raw data were used compared to the Bayesian updated values included in the updated PRA.
The NRC PPA uses older data for EDG failure probability. Also, as can be seen from Tables DATA-2 and DATA-3, NMP2 EDG performance has improved substantially over time.
Therefore, it is recommended that the NRC consider using lower values for EDG failure rate. It is also recommended that NRC delete the statement that NMP2 EDG failure rate is "... higher than industry average..." or at least modify the statement to clarify that the data used is over 11 years old and not reflective of current reliability.
Page 4 of 10
ATTACHMENT 1 to NMP2L 2117 Table DATA-2: NMP2 EDG PRA Data Summary (Division 1 and 2)
Period Start Start 1st Hour 1It hour Post 1I" Post 1St Comment Failures Demands Run Run Time Hour Run Hour Run Failures (HRS)
Failures Time (Hrs) 5/15/88 -
5 265 1
258 0
264 Individual Plant Examination (IPE) 12/31/91 period 1/1/92 -
2 63 0
50 1
208 5/88 to 12/31/93 period used for 12/31/93 NUREG/CR-5500, Vol 5 1/1/94 -
2 128 1
103 0
425 First PRA Update 12/31/97 1/1/98 -
0 96 0
96 0
56 Second PRA Update (EDG Allowed 12/31/2001 I Outage Time (AOT) Evaluation)
Total 9
552 2
507 1
953 Table DATA-3: NMP2 EDG PRA Data Summary (Division 3)
Period Start Start 1st Hour 1s hour Post I" Post 1" Comment Failures Demands Run Run Time Hour Run Hour Run Failures (HRS)
Failures Time
.M (Hrs) 5/15/88 -
5 149 0
144 0
96 IPE period 12/31/91 1/1/92 -
0 24 0
23 0
39 5/88 to 12/31/93 period used for 12/31/93
.NUREG/CR-5500, Vol 5 1/1/94 -
0 48 0
47 0
79 First PRA Update 12/31/97 1/l/98 -
0 48 0
48 N/A N/A Second PRA Update (EDG AOT 12/31/2001.
Evaluation)
Total 5
269 0
262 0
214 1
1 Page 5 of 10
ATTACHMENT 1 to NMP2L 2117 Table DATA-4: NMP2 EDG Failure Mode Summary Raw Data Totals Bayesian Update D1/2 Fail to Start - Per Demand 1.63E-2 1.36E-2*
D1/2 Fail to Run (1st Hour) - Per Hr 3.94E-3 5.59E-3*
D1/2 Fail to run (After 1't Hour) - Per Hr 1.05E-3 2.35E-3*
D1/2 Unavailability - (8/94 - 7/97 M-Rule 3.3E-3* (Div 1)
N/A Data) 6.4E-3* (Div 2)
D3 Fail to Start - Per Demand 1.86E-2 1.3E-2*
D3 Fail to Run (Ist Hours) - Per Hr 1.9E-4+
4.43E-3*
D3 Fail to run (After 1st hour) - Per Hr 2.34E-3+
1.48E-3*
D3 Unavailability - (8/94 - 7/97 M-Rule Data) 3.08E-3*
N/A
- Used in Current PRA model
+ Assuming 0.5 Failures Page 6 of 10
ATTACHMENT 1 to NMP2L 2117 Table DATA-5 Summary of Div 1&2 EDG Failures in PRA Database Date Event Failure Mode FTS FTR 1st hr FTR >1 hr 7/28/88 Div 2 EDG fails during monthly test 1
2/15/89 Div 2 EDG fails during test I
3/12/89 Div 1 EDG fails during monthly test 1
12/2/89 Div 2 EDG fails during monthly test 1
1/29/90 Div 1 EDG fails during monthly test 1
11/26/90 Div 1 EDG fails during monthly test 1
4/6/92 Div 1 EDG output breaker fails to close during 1
monthly test. Invalid in EDG Log but maintained by PRA.
4/29/92 Div 1 EDG fuel leak during 24 hr run. Invalid 1
in EDG Log but maintained by PRA.
8/14/92 Div 1 EDG fails during monthly test.
1/26/95 Div I EDG fails during monthly test.
1 5/16/95 Div 2 EDG breaker 2ENS*SWG103-14 Failed 1
to Close.
9/11/95 Div 1 EDG Output Breaker Failed to Close.
1 Totals 9
2 1
Page 7 of 10
ATTACHMENT I to NMP2L 2117 EDG Recovery:
No basis for the assumption that EDGs cannot be recovered is provided in the PPA. The NMP2 PRA model includes credit for EDG recovery based on NUREG-1032. It is recommended that the PPA consider crediting EDG recovery.
Offsite Power/Offsite Power Recovery:
The assumption that offsite power failed and was not recoverable for over 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br /> is overly conservative. The PPA assumes that offsite power was unavailable until reported stable by load dispatchers but this assumption unduly penalizes the plant for appropriate conservative operational decision-making.
The safety related Alternating Current (AC) switchgear experienced under-voltage conditions and EDGs started, as designed. However, one division of non-safety (i.e., balance of plant (BOP)) AC Power remained available from offsite sources and the other division was readily recovered after operators took manual control of a transformer tap changer. While some BOP equipment tripped and some was manually secured, condenser vacuum was maintained throughout the event, supported by offsite power. Operators used Reactor Core Isolation Cooling (RCIC) in lieu of condensate-feedwater for Reactor Pressure Vessel (RPV) level control. The PRA Team considers this to be an issue of conservative operational decision-making that was appropriate based on conditions encountered but not a declaration of BOP inadequacy. If RCIC was unavailable, operators could have, and would have, been able to use condensate-feedwater to maintain RPV level control.
With EDGs operating as designed and grid conditions uncertain, operators elected not to attempt to restore offsite AC power to the emergency switchgear. However, should the EDGs have failed, operators would have been instructed by procedures to attempt offsite power recovery.
The state of offsite power would have readily allowed offsite power recovery much earlier than actually demonstrated.
Plant data indicates that voltage from offsite sources remained above required levels between 16:45 and 17:00, 34 to 49 minutes following event initiation. There was a brief period of minor over-voltage at approximately 18:00 and it has been concluded that this would not have significantly affected equipment operation. Between 17:30 and 17:45 frequency recovered to within the required range. At 17:00 frequency was 57.97 Hz which is slightly below the required 58.49 Hz. If EDGs had not functioned, offsite power would have been completely available at approximately lh 45m after event initiation.
As a simplification, it is appropriate to model the event as a loss of offsite power (LOSP) initiator but offsite power recovery factors should be left as in the base model (i.e., not set to failure) to reflect actual grid conditions encountered during this particular event. Also, extended EDG run time should not be applied to the model due to the assumption regarding offsite power availability.
Page 8 of 10
ATTACHMENT 1 to NMP2L 2117 Sequence 46-02:
The PPA summarizes a set of dominant accident cutsets wherein a LOSP initiator occurs followed by Division 1 EDG failure, Division 2 EDG failure, Division 3/High Pressure Core Spray (HPCS) success, and failure to recover AC power in 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. Given this sequence, operators have procedural direction to cross-tie the HPCS EDG to the Division 1 or 2 switchgear. This alignment allows the HPCS EDG to maintain Safety-Related Direct Current (DC) power over the long term, as well as providing for Low Pressure Coolant Injection (LPCI)/Residual Heat Removal (RHR) with low pressure ECCS. This capability is modeled in the NMP2 PRA as redundant to AC power recovery and should be credited in the PPA as well. The alignment is fairly time-consuming and the NMP2 PRA does not credit the action before 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> after the initiating event occurs.
Sequence 46-49:
The PPA summarizes a set of dominant accident cutsets wherein a LOSP initiator occurs followed by Div 1 EDG failure, Div 2 EDG failure, Div 3 EDG Failure, and failure of RCIC to start. For this event, condensate-feedwater would have been available and redundant to RCIC.
Condensate-feedwater is supplied by the non-safety AC system which remained available from offsite power. With loss of 115 kV to the emergency switchgear and no EDGs operating, service water pumps would be idle. This would eliminate the heat sink for Turbine Building Closed Loop Cooling (TBCLC), which is required for pump cooling. Therefore, condensate-feedwater could not be credited with RPV level control over the long term but it would support success throughout the first phases of Station Blackout (SBO) response. It is recommended that the PPA analysis model this case using an "AND" gate for feedwater and early RCIC operation such that these sequences would be recoverable up to 2 to 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br />. When combined with fire pump or Control Rod Drive (CRD) operation, see below, AC recovery for up to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> may also be justifiable in the PPA model. Note that CRD has a similar support requirement to feedwater in that reactor building closed loop cooling (RBCLC) is required for long term component cooling.
Sequence 46-41:
The PPA summarizes a set of dominant accident cutsets wherein a LOSP initiator occurs followed by Div 1 EDG failure, Div 2 EDG failure, Div 3 EDG failure, and failure of the diesel fire pump (DFP). The SBO event tree included in the analysis appears to require fire water for long-term RPV injection following RCIC success. Fire water is required for the 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> AC recovery case but not the 4 hour4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> case. However, RCIC can support RPV control for at least 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> independent of Diesel Fuel Pump (DFP) operation. The NMP2 PRA requires the DFP only if RCIC operates for 2 hours2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> and then fails prior to 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. If RCIC operates successfully for 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, the 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> AC recovery case is applied independent of DFP status. It is recommended that the PPA model success criteria be reconsidered.
Also, independent of the 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> versus 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> success criteria, in the 8/2003 event, the electric fire pump was available from powerboard 2NNS-SWG012. Also, CRD was available from powerboards 2NNS-SWG014 and 2NNS-SWG015. For the evaluation of this event, these sources should be considered redundant to the DFP.
Page 9 of 10
ATTACHMENT 1 to NMP2L 2117 8-Hour Offsite Power Recovery:
In the PPA analysis, the value for failure to recover AC power in 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> was increased from IE-3 to 1E-2. This appears to be due to the time window available between when load dispatchers declared the grid stable and the expiration of the 8 hour9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br /> time window. Even if it were assumed that operators would have waited for the load dispatchers before trying to recover offsite power given EDG failures, it is highly doubtful that they would also wait for the load dispatchers before staging their actions. In this regard, the reduction from 1E-3 to IE-2 is overly conservative.
Operator focus regarding offsite power recovery would have been keen throughout the event.
Given failure of EDGs, elapse of 6 hours6.944444e-5 days <br />0.00167 hours <br />9.920635e-6 weeks <br />2.283e-6 months <br />, and staffing of the emergency response facilities, it is difficult to believe the PPA's 2 hour2.314815e-5 days <br />5.555556e-4 hours <br />3.306878e-6 weeks <br />7.61e-7 months <br /> recovery window (i.e., from hour 6 to hour 8) is reflective of the non-response probability related to the conditions encountered in this event. It is therefore recommended that NRC reconsider the penalty applied to the 8-hour AC power recovery basic event.
References:
- 1) Boska, J.P, "Nine Mile Point Nuclear Station, Unit No. 2 Re: Review Of Preliminary Accident Sequence Precursor Analysis Of August 14, 2003, Operational Event," Letter to Spina, J.A, March 18, 2004.
- 2) Grant, G.M., et. al., "Reliability Study: Emergency Diesel Generator Power System, 1987-1993," NUREG/CR-5500, Volume 5, September, 1999.
- 3) Goodney, D., "Engineering Reply for August 14, 2003 grid Blackout Event NMP Offsite Power Recovery Analysis," Constellation Energy Group White Paper, 5/11/04.
Page 10 of 10