ML17207A673
| ML17207A673 | |
| Person / Time | |
|---|---|
| Site: | Saint Lucie  |
| Issue date: | 11/09/1979 |
| From: | Baranowsky P NRC OFFICE OF NUCLEAR REGULATORY RESEARCH (RES) |
| To: | |
| Shared Package | |
| ML17207A672 | List: |
| References | |
| REF-GTECI-A-44, REF-GTECI-EL NUDOCS 7912210324 | |
| Download: ML17207A673 (10) | |
Text
UNITED STATES OF AMERICA NUCLEAR REGULATORY COMMISSION BEFORE THE ATOMIC SAFETY AND LICENSING APPEAL BOARD In the Matter of FLORIDA POWER 8
LIGHT COMPANY (St. Lucie Nuclear Power Plant, Unit 2)
)
)
)
Docket No. 50-389
)
)
TESTIMONY OF PATRICK W.
BARANOWSKY IN
RESPONSE
TO BOARD UESTION Bl I, Patrick W. Baranowsky, am a Senior Reactor Engineer in the Probabilistic Analysis Staff, Office of Nuclear Regulatory Research of the United States Nuclear Regulatory Commission.
A copy of my professional qualifications is attached to this testimony.
The purpose of this testimony is to provide background information on the unresolved safety issue, "Station Blackout" (Generic Task A-44), which is relevant to the concerns implicit in this Board s question Bl.
This testimony does not address literal compliance with existing regulatory requirements since my office has no review responsibility in that regard.
The issue addressed by Task A-44, "Station Blackout" is whether or not the loss of all AC power should be considered in the design basis of nuclear power plants, and, if so, what the design criteria should be.
In the Reactor Safety Study-1/
gl Reactor Safety Study, WASH-1400, Final Report dated October 1975.
(RSS) the accident sequence associated with a station blackout, or loss of all AC power sources, was found to represent a significant fraction of the total risk for the PWR analyzed.
The Office of Nuclear Reactor Regulation formally established the issue of station blackout as a generic task in 1977.
It was originally designated as generic lask 8-57.
However, in November 1978, the Staff's concern regarding the potential risk posed by a station blackout, particularly in older plants not reviewed against the current requirements, resulted in a Staff proposal-1/
(and the Commission agreed) to report this issue to Congress as an "Unresolved Safety Issue" pursuant to Section 210 of the Energy Reorganization Act of 1974, as amended.
Accordingly, Task 8-57 was elevated in priority and redesignated Task A-44.
The responsibility for developing and implementing a program to resolve this issue was transferred to the Probabilistic Analysis Staff in the Office of Nuclear Regulatory Research in August 1979.
This was partly due to NRR manpower limitations and partly in recognition that the approach to resolving this issue would necessarily have to depend strongly on probabilistic analysis techniques.
In particular, it was clear that this issue.extended beyond the single failure criterion.
In October 1979 a simple survey analysis was begun to make a rough estimate of the failure probability for all AC power and the loss of shutdown heat removal capability at currently operating PWR s.
The intent of this work was to provide
+1 Memorandum for the Commissioners from Harold Denton dated November 27, 1978 "Reporting the Progress of Resolution of 'Unresolved Safety Issues'n the NRC Annual Report",
a screening mechanism to identify operating plants most likely to suffer core damage due to station blackout at the outset of the program and to identify appropriate short term actions which could be taken to improve station blackout 1
vulnerability while a more extensive program is undertaken.
The longer term and more extensive, effort for Task A-44 has not as yet been fully scoped.
One I
approach being considered is to incorporate all or part of this effort in the Integrated Reliability Evaluation Program (IREP) which will be conducted through PAS over the next three years to provide safety reliability and accident probability estimates at all operating nuclear power plants.
The attached representative event tree shows several-possible pathways to success or failure (in terms of core cooling and damage) for station blackout as an imitiating event.
The darkened-in pathway is the sequence studied in the plant survey analysis.
This sequence is expected to be a good measure of the plant's susceptibility to the higher probability accidents resulting from a station blackout.
It involves the independent failure of offsite AC power followed by the failure of onsite (emergency)
AC power which may result from a common cause failure of the emergency diesel generators.
The next event considered in the sequence is the dependent or independent failure of the emergency feedwater system (shutdown cooling).
The dependent failure would typically involve reliance on AC power within or by supporting systems of the emergency feedwater system.
For this sequence the time interval following station blackout in which the restoration of AC power must occur to avoid core damage is on the order of one to two hours.
For plants in which the emergency feedwater system is highly
reliable under station blackout conditions, the overall core damage probability for station blackout events should be low, however, other sequences involving reactor coolant system integrety or longer term cooling requirements could be significant.
I In order to provide perspective, the station blackout sequence addressed by the Applicant and HRR Staff is shown as a dashed line on the reference event tree.
This sequence has been defined to include the independent failure of offsite and onsite AC power-supplies and subsequent dependent failures (e.g., reactor coolant seal leakage).
Common mode failure considerations are not apparent.
The probability for the sequence per year was estimated (by the Applicant and NRR) at 10 for an AC restoration time of about two or three hours and 10 for a
-6 restoration time of about one hour.
The survey analysis results which are subject to large uncertainties indicate that the frequency of a station blackout lasting about one hour may be higher than 10 per year at some plants.
Diesel generator reliability appears to have the largest affect on this estimate.
As a point of reference, the RSS estimated a station blackout frequency of 4x10 per year.
This evaluation included the common mode failure of the emergency diesel generators.
The RSS also showed that the most likely sequence resulting in core damage following a station black-out invo'Ived the failure of the steam turbine driven train of the emergency feedwater system.
And,- that the cumulative core damage frequency for station blackout was estimated at approximately 6x10 per year.
Roughly speaking, the consequences in terms of radioactivity released for any of the core melt accidents evaluated in the RSS would equal or exceed the dose limits associated with 10 CFR Part 100. "-The sum of all core melt probability estimates for the PWR analyzed in the RSS was approximately 5x10 per year.
-5 Although the uncertainty estimates and the accuracy of the absolute values estimated in the RSS have had some recent criticism, the continued operation of plants with such core melt frequency predictions has been accepted by the NRC since August 1974 when the draft RSS evaluations were made public.
A useful result stemming from the early work performed on the station blackout issue is the identification of several design and procedural improvements which have the potential for minimizing the accident probability for station blackout sequences.
These are identified as follows:
(1)
The preoperational and periodic testing requirements of Regulatory Guide 1.108 for emergency diesel generators should be implemented in order to demonstrate and maintain a high reliability for these units.
The demonstrated reliability should be considered in the establishment of the limiting conditions for operation when one diesel generator is inoperative.
(2) A shutdown heat removal system (emergency feedwater system) should be provided with at least one train independent of AC power supplied for activation, motive power, control, and required auxiliary or supporting systems.
Following pu ication of the final report of the RSS, the NRC depicted the study findings as a'verification that nuclear plants designed, constructed and operated in accordance with'the NRC's comprehensive regulatory requirements provides adequate assurance to the public health and safety and environment.
The Risk Assessment Review Group Report to the U.S. Nuclear Regulatory Commission (NUREG/CR-400) dated September 1978 and the NRC Policy Statement on Risk Assessment and the Reactor Safety Study dated January 1979 raised several criticisms of WASH-1400 while praising the methodology in general.
Of particular importance is the finding that the uncertainty associated with the RSS probability estimates were understated and that the RSS results should not be used uncrit>cally.
(3)
The limiting conditions of operation should be amended to limit the time that power generation may continue for combinations of offsite power circuits, AC independent shutdown cooling trains, and emergency (onsite)
AC power supplies out of service.
(4)
Emergency procedures should be made available to operators, plant maintenance personnel, and offsite personnel (e.g., grid dispatchers) identifying the functions for coping with a station blackout and restoring offsite and onsite (emergency)
AC power supplies.
Incorporation of these aspects of design and operation should provide improved safety reliability for station blackout while a longer range and more detailed program is implemented to deal with the more subtle and smaller probability risks associated with a station blackout.
EVENT TREE FOR TYPICAL STATION BLACKOUT SCEi'lARIOS a
UJ a
UJ U
UJ D
UUJ cc}
I}-
D D CQ CO UJ A UJ 43 ~
0 cZ Cn D UJ D
UUJ C/>
A UJ UJ D
D I ~
UJ
~ Q UJ D
Cd UJ D
CY (n
0I UJ UJ UJ UJ ~
GO cC
} )
cX:
UJ D
O cn UJ) cr D
UJ D
UUJ I
UJ )
D ol C/)
UJ CL M
D N cC D D
}
I cX:
UJ UJ Q
D D
e UJ D
UUJ UJ D
I Cil UJ FsB Xi I
PnDG PDHR PREG~
Ac RzSroREO 8E<DRZ szAI Le8/<AGE RZsOz,rs pV/~
Loss os unruRwl CiRcv<isnW OK OK EVENTUAL CORE DANAGE POSSIBLE CORE DAf"lAGEOK CORE DANAGE OK'K EVENTUAL CORE DAi'QGE OK OK CORE DAt'IGE CORE DANAGE
.PROFESSIONAL (VALIFI CATIONS PATRICK W.
BARANOMSKY 1978 -
Pr esent:
Senior Reactor Engineer in the Probabilistic Analysis Staff, Office of Nuclear Regulatory
- Research, U. S. Nuclear Regulatory Commission.
Responsible for planning and directing research projects for the study and evaluation of the behavior of emergency safety systems during postulated lightwater nuclear reactors accidents.
This includes technical analyses through the use of probabilistic risk techniques to determine the effectiveness of NRC licensing requirements for commercial nuclear power plants.
In this position, recent respon-sibilities have included the development and implementation of a program to assess the adequacy of safety-related D.C.
power systems at nuclear power plants, and to serve as task manager for the unresolved safety l
issue of "Station Blackout."
1973 - 1978:
Systems Engineer in the Containment Systems Branch, Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission.
Responsible for the technical analysis and evaluation of the design and operating characteristics of the engineering features of the containment systems.
Served as principal engineer responsible for the development of environmental qualification requirements for safety-related electrical equipment.
PROFESSIONAL QUALIFICATIONS (Con')
1971 - 1973:
Lead Nuclear Engineer in the.Nuclear Engineering and Analysis Department at Gilbert Associates, Inc., of Reading, Pennsylvania.
Responsible for the design and evaluation of engineered safety features and nuclear systems including thermal-hydraulic analysis and radiological assessment.
EDUCATION:
B.S. Mechanical Engineering, 1969 University of New Haven M.S. Nuclear Engineering, 1971 The Pennsylvania State University Attended short courses in Nuclear Reactor Safety, Engineering Statistics, Systems Reliability Engineering and Risk Assessment, and Computer Codes for Fault Tree Analysis.