ML19011A423
| ML19011A423 | |
| Person / Time | |
|---|---|
| Issue date: | 01/16/2019 |
| From: | Office of Nuclear Regulatory Research |
| To: | |
| Nathan Siu 415-0744 | |
| Shared Package | |
| ML19011A416 | List:
|
| References | |
| Download: ML19011A423 (24) | |
Text
Early History Lecture 2-1 1
Key Topics
- Major studies
- Key lessons
- From PRA
- About PRA (technology)
Overview
Resources T.R. Wellock, A figure of merit: quantifying the probability of a nuclear reactor accident, Technology and Culture, 58, No. 3, 678-721, July 2017.
W. Keller and M. Modarres, A historical overview of probabilistic risk assessment development and its use in the nuclear power industry: a tribute to the late Professor Norman Carl Rasmussen, Reliability Engineering and System Safety, 89, 271-285, 2005.
M. R. Hayns, The evolution of probabilistic risk assessment in the nuclear industry, Transactions Institute of Chemical Engineers, 77, Part B, 117-142, May 1999.
B.J. Garrick, Lessons learned from 21 nuclear plant probabilistic risk assessments, Nuclear Technology, 84, No. 3, 319-339(1989).
Risk Analysis, Special Issue on Nuclear Probabilistic Risk Analysis, 4, No. 4, December 1984.
3 Overview
Other References J.S. Walker and T.R. Wellock, A Short History of Nuclear Regulation, 1946-2009, NUREG/BR-0175, October 2010.
F.E. Haskin, A.L. Camp, S.A. Hodge, and D.A. Powers, Perspectives on Reactor Safety, NUREG/CR-6042, Revision 2, March 2002.
G.D. Bell, The calculated risk - a safety criterion, in F.R. Farmer (ed.), Nuclear Reactor Safety, Academic Press, London, 1977.
J.R. Beattie, G.D. Bell, and J.E. Edwards, Methods for the Evaluation of Risk, AHSB (S) R159, UKAEA, 1969.
M.C. Pugh, "Probability Approach to Safety Analysis," TRG Report 1949, UKAEA, 1969.
U.S. Nuclear Regulatory Commission, Reactor Safety Study: An Assessment of Accident Risks in U.S.
Commercial Nuclear Power Plants, WASH-1400, (NUREG-75/014), October 1975.
H.W. Lewis, et al., Risk Assessment Review Group Report to the U.S. Nuclear Regulatory Commission, NUREG/CR-0400, September 1978.
A. Birkhofer, The German risk study for nuclear power plants, IAEA Bulletin, 22, No. 5/6, October 1980.
U.S. Nuclear Regulatory Commission, Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants, NUREG-1150, December 1990.
U.S. Nuclear Regulatory Commission, Individual Plant Examination Program: Perspectives on Reactor Safety and Plant Performance, NUREG-1560, December 1997.
U.S. Nuclear Regulatory Commission, Perspectives Gained from the Individual Plant Examination of External Events (IPEEE) Program, NUREG-1742, April 2002.
4 Overview
The past might not predict the future Besides providing credit where credits due, past studies and records can provide
- Improved starting points for research and analysis (e.g.,
for new designs and scenarios)
- Examples of mistakes and biases to be protected against
- Previous regulatory precedents
- Decisions
- Supporting Rationale 5
Why History?
but it certainly provides useful lessons
Old topic, still valuable?
Paper Title*
Modern Topic Probabilistic analysis of rupture in nuclear reactor coolant piping Credit for Leak Before Break using probabilistic fracture mechanics The use of quantitative risk and probabilistic safety criteria in the conceptual design of a large pool-type LMFBR Selection of licensing-basis accidents in Licensing Modernization Program Investigations of the adequacy of the meteorological transport model developed for the Reactor Safety Study Advanced atmospheric transport modeling Tornado missile simulation and risk analysis Risk-informed tornado missile protection Human reliability analysis of dependent events Quantitative impact of dependence between human errors 6
Why History?
- Proceedings, ANS Topical Meeting on Probabilistic Analysis of Nuclear Reactor Safety (PSA 78), Newport Beach, CA, May 8-10, 1978.
Le Blayais 1999 French PWR Le Blayais undergoes serious flooding, leading to mobilization of national resources. (See Lecture 7-2) 2000-2005 French utility (EDF) and regulatory TSO (IPSN) deliver papers on event at various conferences.
2009 ASME/ANS PRA standard includes language indicating flooding is likely to be unimportant.
2010 EDF delivers talk on the Blayais event at NRCs Regulatory Information Conference.
2011 An earthquake-generated tsunami floods Fukushima Dai-ichi NPP, leading to core melt at Units 1-3.
7 Why History?
Caveat Emptor Be wary of all oral histories (including this one)
Speakers need to simplify. (7+/-2)
Example (WASH-1400):
Main Report (~140 pages) + 11 Appendices (~2260 pages)*
Executive Summary (12 pages)
Oral Version (2 slides of bullets)
Potential for important gaps and biases Potential for lore to perpetuate incorrect characterizations or even myths Search tools can find facts; understanding is more difficult.
Well-researched documents, especially by trained historians (e.g., see Wellock) are extremely useful.
An NRC NUREG/KM is in the works 8
Why History?
- NUREG-1150 main report has ~550 pages, 14 companion NUREG/CR reports
(~10,000 pages) and 15 other supporting reports.
A PRA Timeline 9
PRA/RIDM History 1940 1950 1970 1960 1980 1990 2010 2000 2020 Indian Point IPE/
IPEEE Atomic Energy Act No undue risk Safety Goal Policy PRA Policy Price-Anderson (non-zero risk)
RG 1.174 ASME/ANS PRA Standard Revised Reactor Oversight Level 3 PRA NUREG-1150 WASH-740 Farmer Curve WASH-1400 German Risk Study UKAEA SGHWR NRC created Fukushima Chernobyl TMI EU Stress Tests AEC created
Before PRA - Reliability Engineering*
- Post-WW I: qualitative comparisons lead to multi-engine aircraft designs
- 1930s: quantification (average number of failures, mean failure rates)
- WW II: V-1 missile
- Chain cant be stronger than weakest link => strengthen weakest link. Still 100% failures
- Realized a large number of fairly strong links can be more unreliable than a single weak link. Ultimately achieved 60%
reliability.
10
- A.E. Green and A.J. Bourne, Reliability Technology, Wiley, London, 1972.
PRA/RIDM History
1949: Reactor Safeguard Committee expresses concern with possibility and consequences of runaway reactions, desire for information on accident probabilities.
1950s:
Hanford staff recommend bottom up methodology for calculating probabilities based on concept of accidents as chains of events (1953).
WASH-740 includes alarming estimates of consequences for a major reactor accident with no credible estimates of likelihood (1957).
1960s:
Full-scale probabilistic calculations not yet successful. (Too conservative or too optimistic.) USAEC relies on remote siting and ESFs.
Fault tree analysis (Bell Labs) spreading in reliability engineering.
USAEC funds small-scale nuclear applications (e.g., at Holmes and Narver).
Other countries (Canada, UK, Japan) advocate probabilistic approaches. UKAEA (F.R. Farmer) proposes a risk-based siting criterion (1967), applies to a prototype SGHWR design (1969).
Post WW II - Safety and Feasibility Concerns 11 Hanford Site. From T. Wellock, WASH-1400 and the Origins of Probabilistic Risk Assessment (PRA) in the Nuclear Industry, 2015.
F.R. Farmer, Reactor safety and siting: a proposed risk criterion, Nuclear Safety, 8, 539-548(1967).
PRA/RIDM History
WASH-1400 - The Study Initiated 1972, draft 1974, final 1975 Director: Prof. Norman C. Rasmussen (MIT)
Objectives Estimate public risks from potential accidents Provide a perspective through comparison with non-nuclear risk Scope Level 3, at power, focus on internal events Two plants: Surry (PWR) and Peach Bottom (BWR)
Key Finding: Risks are comparatively small Other NPP PRA is feasible Accident likelihoods higher than previously assumed (around 6x10-5/ry vs. 1x10-8) but consequences are lower Risk can be dominated by less severe, more likely scenarios (SLOCA>LLOCA) 12 Professor Norman C. Rasmussen, MIT (National Academies Press)
Major Studies
WASH-1400 - The Aftermath Criticized by Risk Assessment Review Group (Lewis Committee) and others (e.g., UCS, NRC staff)
Executive Summary (advocates brief)
Other concerns Criticisms swamped good points Systematic identification and analysis of accident scenarios Freedom to think creatively beyond Maximum Credible Accidents Commission withdrew endorsement of Executive Summary and requested staff review of report uses in decisions => chilling effect TMI (1979) started change in views.
13 Some Technical and Regulatory Concerns Credit for human adaptability Conservative biases in treating uncertainties Common cause failure analysis Meaningfulness of absolute risk estimates Need to change existing licensing process Training costs Major Studies
Indian Point PRA UCS Petition to close Unit 1, suspend operation of Units 2 and 3 pending resolution of safety issues (1979)
Indian Point Probabilistic Safety Study (IPPSS): Level 3, full-scope PRA (1980-1982)
- Quantifies risk
- Assesses severe accident management alternatives Study plus BNL and SNL reviews provided basis for ASLB finding(1983) and Commission decision to allow continued operation (1985)
Along with earlier study for Zion, led wave of industry-sponsored PRAs 14 Major Studies
Some Activities after WASH-1400 Studies Biblis B (1978)
Oyster Creek (1979)
RSSMAP (1981-1982): Sequoyah 1, Oconee 3, Grand Gulf 1, Calvert Cliffs 2Big Rock Point (1981)
IREP (1981-1983): Crystal River 3, Browns Ferry, ANO-1, Millstone 1 Zion 1 and 2 (1981)
Limerick 1 and 2 (1981)
Indian Point 2 and 3 (1982)
Sizewell B (1982)
Millstone 3 (1983)
Seabrook 1 and 2 (1983)
Oconee-3 (1984) 15 See M. R. Hayns, The evolution of probabilistic risk assessment in the nuclear industry, Transactions Institute of Chemical Engineers, 77, Part B, 117-142, May 1999 for sample results.
Research Programs (c. 1984)
Improved Reactor Safety Program Probability of initiating events Probability of failure of safety systems to control course of events Probability of failure of safety systems to inhibit radioactive releases PRA Reference Document Purpose and content of a PRA PRAs performed to date, results, generic insights Level of maturity and uncertainties of different elements Risk Methods Integration and Evaluation Program (RMIEP)
Integrated treatment of internal, external, and CCF events Evaluate PRA technological developments, lay basis for improvements Identify, evaluate, display uncertainties Conduct a PRA for LaSalle (BWR 5, Mk II)
See R. Bernero, Probabilistic Risk Analyses: NRC Programs and Perspectives, Risk Analysis, 4, No. 4, 287-297, December 1984.
More Studies
Safety Goal Policy Statement (51 FR 30028; 1986)
- How safe is safe enough?
- Qualitative health objectives
- Individuals should bear no significant additional risk
- Societal risks should be risks from other generating technologies, should not be a significant addition to other societal risks
- Quantitative health objectives (QHOs)
- Prompt fatality risk for an average, nearby individual <
0.1% risks from all other accidents
- Cancer fatality risk for population in area) < 0.1%
cancer fatality risks from all other causes Surrogate risk measures
- Prompt fatality: LERF < 10-5/ry
- Latent cancer: CDF < 10-4/ry 16 PRA/RIDM History
NUREG-1150 (1990)
Objectives
- Current snapshot of severe accident risks
- Models and results for prioritizing issues and R&D Scope
- Surry, Peach Bottom: internal events, fire, seismic
- Sequoyah, Grand Gulf, Zion: internal events Representative results shown elsewhere (e.g., Lecture 2-2)
Notes
- Initial draft published 1987; criticisms led to major revisions
- No Executive Summary, no short summary of findings
- Hazard results reported separately (not aggregated)
- Intended to be the simple study; companion RMIEP study used as vehicle for advanced methods development and application
- Results widely used in subsequent NRC activities 17 Major Studies
PRA Policy Statement (60 FR 42622; 1995)
Policies:
Increase use of PRA technology to the extent supported by the state of the art and data.
Complement deterministic approach, support defense-in-depth philosophy Reduce unnecessary conservatism, support additional requirements as appropriate Analyses should be as realistic as practicable; data should be publicly available for review Consider uncertainties when using the Commissions Safety Goals and subsidiary objectives Expected Benefits:
(1)
Considers broader set of potential challenges (2)
Helps prioritize challenges (3)
Considers broader set of defenses 18 PRA/RIDM History
Individual Plant Examinations Generic Letter 88-20 (11/23/1988), 88-20 Supplement 4 (6/28/1991)
Plants pose no undue risk but systematic examinations are useful to identify severe accident vulnerabilities that can be fixed with low-cost improvements Letters request licensee analyses Individual Plant Examinations (IPE): internal events and internal flooding Individual Plant Examinations of External Events (IPEEE):
seismic, fire, others (high winds, flooding, )
Submittal guidance: NUREG-1335 (IPE), NUREG-1407 (IPEEE)
Vulnerabilities not defined and PRA not required Most plants use PRA for internal events Many plants use margin analyses for seismic and/or fire No vulnerabilities found but numerous improvements identified; studies provide starting point for other applications.
19 0.0 0.1 0.2 0.3 Fraction CDF (/ry) 10-3 10-4 10-5 10-6 Major Studies
Modern History
- Risk-informed applications - Lecture 8-1
- Fukushima Dai-ichi - Lecture 7-2 20 TEPCO photo from The Yoshida Testimony, Asahi Shinbun, 2014.
PRA/RIDM History
Some Forgotten Studies and Lessons RSSMAP (Reactor Safety Study Methods Application Program) - simplified extensions to four plants IREP (Interim Reliability Evaluation Program) -
search for unique features increasing susceptibility to severe accidents.
RMIEP (Risk Methods Integration and Evaluation Program) - vehicle for advanced methods development and application.
ASP (Accident Sequence Precursor) studies -
evaluated risk significance of operational events; proposed as possible alternate, statistically-oriented approach to PRA 21 Modern Relevance Disappointment with simplified analyses Continuing desire to find vulnerabilities - barriers?
Lack of patience with extended studies; need for near-term applications Lure of direct statistical estimation Polarization from alternative vs.
complementary approach Key Lessons
Some Historical Lessons - PRA Results
- Importance of full spectrum of accidents, potential dominance of lesser accidents (e.g., small loss of coolant accidents - SLOCA)
- Importance of station blackout (SBO), loss of ultimate heat sink (LOUHS), human errors, fire, external hazards
- Relatively low likelihood of large-scale health effects, potential for land contamination 22 Key Lessons
Some Historical Lessons - PRA Technology
- Feasibility of useful analysis
- Importance of process (not just numbers)
- Key technical challenges
- Human reliability analysis (HRA)
- External hazards analysis
- Common cause failure (CCF) analysis
- No free lunch - limitations of simplified analyses 23 Key Lessons
Some Historical Lessons About PRA in RIDM*
- Despite technical challenges, judged sufficiently mature to support practical decisions, major as well as minor
- Long-running (and continuing) challenges in interpretation and use of numerical results
- Appropriateness of adding results of heterogeneous analyses to support comparisons with decision criteria
- Demonstration of acceptable level of safety
- Importance of review (peer and regulatory)
- Identification and correction of problems
- Confidence in decision applications 24 Key Lessons
- See Lectures 2-3, 8-4, and 9-1 for more discussion on challenges