Information Notice 2010-17, Common Cause Failure of Boiling-Water Reactor Recirculation Pumps with Variable Speed Drives
| ML101330321 | |
| Person / Time | |
|---|---|
| Issue date: | 09/10/2010 |
| From: | Mcginty T, Tracy G Office of New Reactors, Office of Nuclear Reactor Regulation |
| To: | |
| Joseph Giantelli, NRR/DIRS/IOEB | |
| References | |
| IN-10-017 | |
| Download: ML101330321 (4) | |
UNITED STATES
NUCLEAR REGULATORY COMMISSION
OFFICE OF NUCLEAR REACTOR REGULATION
OFFICE OF NEW REACTORS
WASHINGTON, DC 20555-0001 September 10, 2010
NRC INFORMATION NOTICE 2010-17: COMMON CAUSE FAILURE OF BOILING-WATER
REACTOR RECIRCULATION PUMPS WITH
VARIABLE SPEED DRIVES
ADDRESSEES
All holders of an operating license or construction permit for a nuclear power reactor issued
under Title 10 of the Code of Federal Regulations (10 CFR) Part 50, Domestic Licensing of
Production and Utilization Facilities, except those who have permanently ceased operations
and have certified that fuel has been permanently removed from the reactor vessel.
All holders of or applicants for a standard design certification, standard design approval, or
combined license issued under 10 CFR Part 52, Licenses, Certifications, and Approvals for
Nuclear Power Plants.
PURPOSE
The U.S. Nuclear Regulatory Commission (NRC) is issuing this information notice (IN) to inform
addressees about two international events at boiling-water reactor (BWR) plants that
experienced a common cause failure of all recirculation pumps. The NRC expects that
recipients will review this information for applicability to their facilities and consider actions, as
appropriate, to avoid similar problems. However, suggestions contained in this IN are not NRC
requirements; therefore, no specific action or written response is required.
DESCRIPTION OF CIRCUMSTANCES
On June 13, 2008, at Forsmark Unit 2 in Sweden, lightning strikes caused a short circuit on the
offsite power grid. This resulted in a transient that tripped all eight reactor recirculation pumps.
Each recirculation pump circuit contains an integral flywheel to prevent a rapid reduction in
pump speed. The mass of the rotating flywheel stores mechanical energy that is converted to
electrical power by a flywheel-generator and inverter/rectifier to continue to power the drive
system DC-bus (one DC-bus common for two pump-drive inverters) upon a dip in or loss of the
normal electrical power. When the inverter/rectifier is operable, the alternate power allows for
an unchanged pump speed (in case of power dips) or a more gradual reduction in pump speed
(in case of significant loss, signaled by equipment protection). In the case of a reactor
recirculation pump, the coastdown produces a correspondingly more gradual reduction in
recirculation flow. However, at Forsmark Unit 2, the lightning strike tripped the normal electric
power rectifier due to a sensitive protection setting; furthermore, due to a design flaw, the
protective action was not signaled to the inverter/rectifier controller for the flywheel-generator.
As a result, the recirculation pump motors rapidly consumed the flywheel-generators stored
energy. With no available energy storage, the recirculation pumps reduced speed faster than
the assumed transient analyses in the Forsmark Unit 2 safety analysis report. The reduced
coastdown time resulted in a short violation of the safety limit minimum critical power ratio on
84 core channels/fuel elements and a transient dryout condition in 18 of those core channels.
Based on its review of the analysis and inspection results that revealed no fuel damage, the
Swedish Radiation Safety Authority granted the licensees request for continued use of the
affected fuel.
On May 30, 2008, Olkiluoto Unit 1 in Finland had a reactor trip from 60 percent power. An
electrical transient resulted in a common cause failure that caused all six recirculation pumps to
stop unexpectedly. Although the coastdown of the recirculation pumps was shorter than
expected, the transient had no effect on fuel integrity.
BACKGROUND
Related NRC Generic Communications include the following:
- NRC IN 96-56, Problems Associated with Testing, Tuning, or Resetting of Digital Control
Systems While at Power, dated October 22, 1996 (Agencywide Documents Access and
Management System (ADAMS) Accession No. ML031050587). This IN highlighted the
importance of evaluating and controlling on-line manipulations of digital control systems, such as resetting a processor or performing on-line software changes, to avoid reactor
transients and plant trips.
- IN 2010-10, Implementation of a Digital Control System under 10 CFR 50.59, dated
May 28, 2010 (ADAMS Accession No. ML100080281). This IN discusses that for digital
upgrades to systems that are highly safety-significant, a defense-in-depth and diversity
analysis is performed as part of the design process to ensure that the plant has adequate
capability to cope with software common-cause failure vulnerabilities.
DISCUSSION
Unlike Olkiluoto Unit 1 and Forsmark Unit 2, U.S. BWRs do not have recirculation pump designs
that rely on energy storage separate from the recirculation pump motor and generator that could
influence recirculation system flow following a scram. In the U.S. BWR designs, the combined
rotating inertias of the recirculation pump and motor, the motor generator set, and the variable
speed coupling are used to provide a relatively slow coastdown of flow following loss of power
to the drive motors which helps ensure that the core is adequately cooled.
The specific common cause failure that occurred at Olkiluoto and Forsmark is not an issue for
U.S. BWRs. However, digital variable speed drive (VSD) technology may increase the
complexity of the recirculation pump control system and may introduce new failure modes such
as software programming errors, network problems, loss of power, and the failure of control
boards, that can lead to unplanned changes in pump speed. Previous operating experience for
recirculation pump VSD includes instances of unintentional reactivity changes during power
operation. Although the recirculation pump motors are generally non-safety related, as the
industry upgrades their systems to digital VSD, it is important that licensees understand the potential unexpected recirculation pump behaviors that might affect core reactivity or safety
limits. As part of the design process when upgrading to digital VSD technology on recirculation
pump systems, the following are important considerations:
- Perform evaluations to identify failure modes for digital VSDs to include sources of
common-cause failure, such as software.
reactivity events that have not been analyzed in the plant safety analysis.
- Ensure the reactor protection system maintains plant safety within its design basis even
with a common-cause failure.
CONTACT
This IN requires no specific action or written response. Please direct any questions about this
matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor
Regulation (NRR) project manager.
/RA/ /RA by JTappert for/
Timothy McGinty, Director Glenn Tracy, Director
Division of Policy and Rulemaking Division of Construction Inspection and
Office of Nuclear Reactor Regulation Operational Programs
Office of New Reactors
Technical Contacts: Joseph Giantelli, NRR Pong Chung, NRR
301-415-0504 301-415-2473 E-mail: joseph.giantelli@nrc.gov E-mail: pong.chung@nrc.gov
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections. potential unexpected recirculation pump behaviors that might affect core reactivity or safety
limits. As part of the design process when upgrading to digital VSD technology on recirculation
pump systems, the following are important considerations:
- Perform evaluations to identify failure modes for digital VSDs to include sources of
common-cause failure, such as software.
reactivity events that have not been analyzed in the plant safety analysis.
- Ensure the reactor protection system maintains plant safety within its design basis even
with a common-cause failure.
CONTACT
This IN requires no specific action or written response. Please direct any questions about this
matter to the technical contacts listed below or the appropriate Office of Nuclear Reactor
Regulation (NRR) project manager.
/RA/ /RA by JTappert for/
Timothy McGinty, Director Glenn Tracy, Director
Division of Policy and Rulemaking Division of Construction Inspection and
Office of Nuclear Reactor Regulation Operational Programs
Office of New Reactors
Technical Contacts: Joseph Giantelli, NRR Pong Chung, NRR
301-415-0504 301-415-2473 E-mail: joseph.giantelli@nrc.gov E-mail: pong.chung@nrc.gov
Note: NRC generic communications may be found on the NRC public Web site, http://www.nrc.gov, under Electronic Reading Room/Document Collections.
ADAMS Accession Number: ML101330321 TAC ME3898 OFFICE DIRS/IOEB DE/EICB Tech Editor BC/DIRS/IOEB BC/D/EICB D/NRR/DE
NAME JGiantelli PChung CHsu JThorp BKemper PHiland
DATE 07/27/10 07/27/10 08/15/10 e-mail 07/27/10 07/27/10 07/28/10
OFFICE NRR/PGCB NRR/PGCB BC/NRR/PGCB DD/OIP D/NRO/DCIP D/NRR/ DPR
NAME CHawes DBeaulieu SRosenberg SMoore GTracy JTappert TMcGinty
for
OFFICE 08/26/10 08/25/10 08/26/10 09/09/10 09/10/10 09/10/10
OFFICIAL RECORD COPY