ML20028G682

From kanterella
Jump to navigation Jump to search
Testimony of s Levine Re Contentions on Class 9 Accidents. Plant Design Provides Substantial Protection Against Severe or Class 9 Accidents
ML20028G682
Person / Time
Site: Byron  Constellation icon.png
Issue date: 02/15/1983
From: Levine S
COMMONWEALTH EDISON CO., NUS CORP.
To:
Shared Package
ML20028G677 List:
References
ISSUANCES-OLA, NUDOCS 8302170298
Download: ML20028G682 (35)
v  d  e


Text

__

UNITED STATES OF AMERICA '

NUCLEAR REGULATORY COMMISSION BEFORE THE ATOMIC SAFETY AND LICENSING BOARD-In the Matter of ) C{j}((ED

)

COMMONWEALTH EDISON COMPANY ) Docket No. 50-454-OLA (Byron' Station, Units 1 and 2)

) '83 FEB 16 5R04 M-OLA

)

COVER SHEET Y f". s,t

' S *IM /

o a 3Egyp~

DiMNCH The testimony of Mr. Saul Levine, an expert and consultant to Commonwealth Edison Company, addresses the

" Class 9" contentions in this proceeding, namely Rockford League of Women Voters' Contentions 8 and 62, and DAARE/ SAFE contention 2(a). Mr. Levine describes and discusses:

1. NRC's use of the deterministic approach for making safety decisions, and the evolution, uses and limita-tions of PRA methodology;
2. the development of WASH-1400 and the Lewis Committee's critique'of that document;
3. his evaluation of and concurrence with the NRC Staff's discussion of severe accidents in the Final Environ-mental Statement for the Byron Station;
4. design features incorporated in the Byron design that provide protection against accidents beyond the design basis; and
5. the incremental risk to the residents in the Rockford environs from accidents at Byron Station, taking into consideration the existing risk from other nearby operating nuclear power plants.

Mr. Levine concludes that:

1. Contrary to the assertions in Contention 8, ~

WASH-1400 and its methodology are appropriate for use in esti-mating public risk from reactor accidents as part of NRC's i Final Environmental Statements for reactors, and that the NRC

! Staff evaluation for Byron Station is reasonable and conserva-

! tive.

4

2. Contrary to the assertion in Contention 62, the

! design of the Byron Station does provide substantial protec-l tion against severe or " Class 9" accidents.

3. The incremental risk to residents of the l Rockford environs from accidents at Byron Station taking into l account the risk from accidents at other nearby operating j nuclear power plants is small.

I j B302170298 830215 PDR ADOCK 05000454 T PDR l '

9 UNITED STATES OF AMERICA NUCLEAR REGULATORY COMMISSION BEFORE THE ATOMIC SAFETY AND LICENSING BOARD IN THE MATTER OF COMMONWEALTH EDISON COMPANY (Byron Nuclear Power Station Units 1 & 2) 4 TESTIMONY OF SAUL LEVINE

1. Introduction My name is Saul Levine, and I am Vice President and Consulting Group Executive, NUS Corporation, Gaithersburg, Maryland.

The NUS Corporation is an internationally known consulting company in the field of energy and has some 1300 employees.

My organization is responsible for performing nuclear power plant safety ana3yses, probabilistic risk assessments and reliability analyses; providing quality assurance services; supplying environmer.tal services; and assisting NUS clients in

reactor licensing.

l I have been involved with the application of nuclear energy l

for nearly 30 years. I hold a B.S. degree from the U. S.

Naval Academy and two degrees from the Massachusetts Institute of Technology: a B.S. in electronics engineering and an M.S.

in nuclear engineering. After serving in the U. S. Submarine f Service from 1945 to 1954, I reported, from 1955 to 1958, to l

1 NUS COAPOAATION

f Admiral Rickover as Project Officer for the U.S.S. Enterprise, the world's first nuclear powered aircraft carrier. In this position, I was responsible for directing all technical, financial, production, and administrative aspects of the re-actor plant prototypes and the production plants for the U.S.S. Enterprise. From 1958 to 1962, I worked in the U. S.

Naiy's Special Projects Office, which was responsible for pro-aucing the submarine based Polaris Missile System. I managed the design, integration, installation, testing, and perfor-mance evaluation of the Polaris Missile Submarine Navigation System.

From 1962 through the end of 1979, I was with the U. S. Atomic

Energy Commission (AEC) and its successor, the U.S. Nuclear Regulatory Commisson (NRC). During those years, I was Assis-tant Director for Reactor Technology, Assistant Director of the Division of Environmental Affairs, Project Staff Director for the Reactor Safety Study.(WASH-1400)(1) , which represented the first comprehensive evaluation of the likelihood and con-sequences of nuclear power plant accidents, Assistant Director, Division of Reactor Safety Research, Deputy Director, Of fice of Nuclear Regulatory Research, and Director, Office of Nuclear Regulatory Research. In 1980 I joined NUS l Corporation as Vice President and Consulting Group Executive.

l

2. Purpose l

l The purposes of my testimony are to present and support my judgements that (1) the NRC staff evaluation of the probabilities and consequences of severe accidents at the Byron 2

l l

NUS CORPORATION

- Station, as presented in the By con Final Environ-mental Statement, represents a reasonable approach and results in a prediction of public risks higher than that which might occur and is therefore con-servative.

(2) the Byron Station design, as those of all U.S.

commercial nuclear power plants, provides signifi-cant protection against severe (so called Class 9) accidents, that is accidents more severe than the traditionally analyzed design basis accidents (DBAs), and (3) that the cumulative risk to DeKalb-Sycamore and Rockford area residents from accidents at the Byron Station and other plants in northern Illinois is negligible.

My testimony is related to Contentions 8 and 62 introduced by the Rockford League of Women Voters, and Contention 2(A) introduced by DAARE/ SAFE.

3. Standard NRC Safety Evaluations Before proceeding with these discussions, it would be useful to describe briefly the way safety evaluations of nuclear power plants are performed in the Nuclear Regulatory Commission's licensing process. Each plant that is licensed by the NRC has to demonstrate that it meets an extensive set j of NRC regulations and other requirements to ensure that opera-tion of the plant will not represent undue risk to the health and safety of the public. These requirements cover the engi-neering aspects of the plant to achieve high quality in design 3

NUS CORPORATION

4 and construction so that failures of equipment such as pipes, valves, pumps, electrical and control equipment will not cause accidents that can release large amounts of radioactivity that could harm the public. There are also requirements for the

.i plant to withstand severe external events such as earthquakes, floods and tornadoes that might cause failure's in the plant.

In addition to these requirements, several explicitly defined accidents, called design basis accidents or DBAs, are analyzed

in the licensing process to demonstrate that people living near the plant will not be subjected to undue risk from radio-active releases. In these accidents,.some specified set of initial failures are assumed. The safety systems that are in-

! stalled in the plant are then analyzed to ensure that they

. will fulfill their designed functions, and that, as a result, I no significant amounts of radioactivity will be released from i l the plant. All safety systems have redundant components so that failure of single components within the systems will not i ,cause the systems to fail.

l As part of the NRC process, it is required that emergency 1

plans be developed so that, in the very unlikely event of a large release of radioactivity, people in the vicinity of the plant can be protected by evacuation.

This NRC process has come to be called " deterministic" because it is not probabilistic in nature. That is, over the years the entire nuclear community, by participating in NRC's pro-cess, has defined, by qualitative engineering judgement, as opposed to quantitative probabilistic estimates, those ele-ments that must be considered in safety evaluations and those that need not be considered. This approach to nuclear power 1

i 4 NUS COAPORATION

l s

plant safety is followed throughout the world and has produced nuclear power plants with good safety records.

However, the safety evaluations performed in NRC's licensing

. process do not make quantitative estimates of risk to the pub-

]

lic that might occur from plant accidents. Complementary analyses, which are not required by NRC regulations, called probabilistic risk assessments, can be performed to estimate I

both the probability and the consequences to the public of plant accidents.

4. Probabilistic Risk Assessment Probabilistic risk assessment can be thought of in simple terms as being a combination of logic structures (event trees, .

fault trees, etc.) that permits estimates to be made of the likelihood and consequences of accidents that have not been observed because of their low frequency of occurrence.

Because equipment failures and human errors are of higher fre-quency than entire system failures, they are, in fact, observed in the operation of plants. The logic structure of fault trees is such that data obtained on plant equipment failures and human errors can be used to estimate the proba-bility of plant system failures that have not been observed because of their low frequency. The logic structure of event trees is such that the combinations of system failures (acci-l dent sequences) that can cause releases of radioactivity to

['

the environment can be defined and their probabilities of occurrence can be estimated from the system failure proba-bilities supplied by the fault trees.

4 NUS CORPORATION

When the probabilities of various accident sequences have been l

determined, the physical processes that could occur during these sequences must be analyzed to estimate the amount of radioactivity that could be released to the environment by the various accident sequences. With the probability of releases of various amounts of radioactivity in hand, a further analysis is needed to predict the dispersion of radioactivity in the environment and the health effects induced in people who may be exposed to this radioactivity.

The logic structures described above permit consideration of l (1) internal plant failures (equipment failures; human errors in testing, maintenance, and operation; fires; internal

) floods), (2) events external to the plant (earthquakes, hurri-I canes, tornadoes, floods) that might cause plant failures, and (3) protective actions like ' evacuation if a severe accident were to occur.

Before proceeding with a discussion of the Reactor Safety l Study it is useful to examine the question of why PRA studies are not and should not be required in safety-related licens-ing, as opposed to environmental licensing, of individual nuclear power plants such as Byron. There are several reasons for this:.

o As I have noted earlier, the existing deterministic regulations have been shown to provide nuclear power plants that present very small risks to the public; thus, a radical departure in the basic philosophy supporting the structure of NRC regulatory require-ments is neither necessary nor desirable.

6 NUS CORPORATION u _- - . -__ . _ _ _ _ _ _

^

l ,

h o . The predictions of public risk in PRAs have large uncertainties which make the use of such predictions in the safety-related licensing of reactors questionable at this time. However ~ the approach

]'

followed by the NRC in its FES is useful because, even in using conservative estimates to account for uncertainties, it is able to show that the risks j from potential accidents at the Byron Station are small compared to other risks to which the popula-j tion in the vicinity of the plant are already exposed.

j o It is still too early to codify the performance of l full PRAs. PRA is a rapidly evolving methodology

, and much research is being done that will aid the understanding of, and ultimately reduce the uncertainties involved in predicting, the physical j processes associated with molten fuel and fission product behavior. The performance of an increasing i number of PRAs is resulting in improvements associ-l ated with many other aspects of PRA methods. While I

the use of full PRAs is now of little utility in the safety-related licensing process, part of the over-all PRA methodology, especially that associated with the prediction of system reliability, can some-times be of help in resolving safety issues in indi-vidual licensing-cases.

5. Reactor Safety Study (WASH-1400)

As stated earlier, the application of probabilistic risk assessment techniques to nuclear power plants was first done .

I 7

i NUS CORPOAATION  !

i i

most comprehensively in the Reactor Safety Study -(WASH-1400) .

l This was a landmark study that developed a significant portion of the methodology now used both in the United States and i abroad. It has also been demonstrated that WASH-1400 has pre- '

dicted essentially correctly events that have occurred, such as the accident at the Three Mile Island-2 nuclear power I plant.

! Of course, since the Reactor Safety Study was completed seven years ago, improvements in the methodology have been made so that the state-of-the-art of probabilistic risk assessment is today significantly advanced over WASH-1400. For example, the data base for equipment performance has been increased signif-icantly by the efforts of the NRC in analyzing Licensee Event Reports and by the efforts of utilities in collecting plant-specific data for PRAs. Much better models are now available

, for seismic and fire analyses in comparison with the rudimen-tary models used in WASH-1400. Further, although WASH-1400 made significant steps forward in the modeling of common-cause

~

failures and human errors, further improvements have also been made in these models. Finally, the NRC's research program has led to a better understanding of how unlikely large steam ex-i plosions are and of the much slower reaction that would occur

'between molten fuel and concrete; also industry's efforts in better describing the physical phenomena associated with molten fuel are important.

The charter of tha Reactor Safety Study (WASH-1400) was to i make quantitative predictions of the risks to the public from

potential accidents from 100 operating nuclear power plants.

l This was done by analyzing in great detail two specific react-ors (a pressurized water reactor and a boiling water reactor) 1 8

NUS CORPORATION

1

-l and extrapolating this information to an assumed population of

' 100 reactors at a " composite" site that included the signifi-cant characteristics of the sites at which these reactors were

located. The site characteristics included population and l meteorological features of 68 different sites. The major result of the Reactor Safety Study was that the risk from a i population of 100 reactors in the United States was estimated to be very small when compared to other existing risks in our society.

The Reactor Safety Study generated a considerable amount of controversy when it was published. In response to a request

from the Congress, the Nuclear Regulatory Commission estab-lished a Risk Assessment Review Group, chaired by Professor i

i Harold Lewis, University of California, Santa Barbara. This 3

group has subsequently become known as the Lewis Committee.

The charter for this group was, in part, to clarify the l

achievements and limitations of WASH-1400, to study the.

present state of such risk assessment methodology, and to recommend to the Commission how such methodology could be used in the regulatory and licensing process.

6. Contention 8 I have examined Contention 8 and note that it is incorrect in many respects. It states that "...the Lewis Committee has now called into serious question the entire methodology, as well

]

. as the findings and conclusions, of the Rasmussen Report. . . "

(WASH-1400). It is true of course that the Lewis R? port did l

criticize certain aspects of WASH-1400, especially the Execu-4 tive Summary and the uncertainty associated with its probabil-ity predictions. However, I should note a few points from the

! 9 NUS COAPOAATION

summary and findings of the Lewis Committee Report (NUREG/CR-0400)(2) that will demonstrate the basic inaccuracy of this statement. I share these viewpoints.

o Event tree / fault tree methodology is demonstrably sound.

! o These methods provide a substantial advance over previous attempts to estimate the public risks from l

nuclear power plants. Event tree / fault tree method-ology and other aspects of the modeling have set a ,

framework that can be used broadly to assess choices

! involving both technical consequences and impacts .

on humans.

o The event tree / fault tree approach with an adequate data base is the best available tool with which to quantitatively predict the probabilities of reactor accidents.

The Lewis Report also contained a number of important recom-mendations, the complete text of which is included as an addendum to my testimony. The basic thrust of these recommen-dations is that the WASE-1400 methodology should be applied to i re-examine and improve the fabric of the entire regulatory process. Clearly the authors of the Lewis Report share my views that the proper application of the WASH-1400 methodology is of great value.

Similarly, the statement by the NRC Commissioners in light of the Lewis Committee Report is not as negative as asserted by Contention 8. After citing the Lewis Committee discussion of 10 NUS CORPORATION

the limitations of WASH-1400, the Commission statement (3) con-cludes as foilows:

"Taking due account of the reservations expressed in the Review Group Report and in its presentation to the Commis-sion, the Commission supports the extended use of proba-bilistic risk assessment in regulatory decisionmaking."

It is important to draw a distinction between r69ulatory de-cisionmaking, which encompasses virtually all of the activi-f ties of NRC, and licensing decisionmaking, which is the much narrower NRC function of making decisions on whether or not to issue construction permits or operating licenses for individ-ual plants. It is my view that PRA has several uses in generic regulatory decisionmaking, where precision is not required, but very limited applications in making decisions on specific l

licenses, where the focus is on compliance with regulations. ,

Examples of useful generic regulatory applications involve the

examination of existing and proposed regulatory requirements, establishing research priorities, evaluating priorities and

^

proposed resolutions for generic safety issues, and' evaluating the significance of selected individual safety issues. Licen-sing applications of PRA on individual plants should be limited to specific safety issues in controversy where the in-s(ghts attainable from PRA techniques are helpful in under-i standing the significance of the issues.

More recently, the use of PRA in generic regulatory decision-making has been strongly endorsed by the reports of the Presi- -

dent's Commission on the accident at Three Mile Island (Kemeny neport)I4) and the NRC Special Inquiry Group (Rogovin i

i l

11 NUS CORPOAATION

Report) (5) . The NRC staff has used the PRA techniques pioneered by WASH-1400 in many different contexts, including i final environmental statements (6) ,

i The following are some examples of recent Commission state-ments on using PRA techniques:

a. In an October 8, 1981 letter U) to the NRC Executive
Director for Operations establishing a Generic Require-ments Review Committee (GRRC), NRC Chairman Palladino l states, " Tools used by the GRRC for scrutiny would be ex-pected to include cost-benefit analysis and probabilis-tic risk assessment where data for its proper use are adequate." This means that PRA techniques will be used, where sufficient data exists, to contribute to NRC decisions concerning whether proposed new regulatory reguirements are necessary.

i b. In the discussion paper accompanying the proposed policy

! statement on safety goals (NUREG-0880) (8) , issued by the Commission, is the following statement:

"In summary, we believe that progress in the development of probabilistic risk assessment and the accumulation of the relevant data base are sufficient to make it feasible i to use quantitative reactor safety guidelines for limited purposes."

c. The summary of the NRC statement of interim policy on nu-clear power plant accident considerations under NEPA(10) states as follows:

12 NUS CORPORATION l -. --_ --

"It is the Commission's position that its Environmental Impact Statements shall include considerations of the site-specific environmental impacts attributable to accident sequences that lead to releases of radiation and/or radioactive materials, including sequences that-can result in inadequate cooling of reactor fuel and to melting of the reactor core. In this regard, attention shall be given both to the probability of occurrence of such releases and to the envinronmental consequences of such releases."

In my earlier position as Directer of the Office of Nuclear Regulatory Research at NRC I directed several useful applica-tions of PRA, and I would like to discuss three of these

  • applications here.

One interesting application was the divergent opinions ex-pressed by four NRC staff members several years ago. They raised fifteen issues supposedly related to safety and not being handled adequately by the Regulatory staff. I received a letter from Senator Glenn asking me for my independent views on these issues.

l The issues fitted into one of several categories. Four of the issues related to procedural matters which had no safety im-pact on reactors. The remaining fit into one of two cate-l gories. One category was accident sequences that had very small releases of radioactivity to the environment which would result in negligible public health impacts and, therefore, were not of significant concern to safety. The remaining se-quences fit into a category of accidents that could have sig-nificant potential releases of radioactivity; but the items of concern in these accident sequences were so far down the chain 13 NUS CORPORATION

~. .- __

of probabilities that they could not affect the outcome of the accident'in any significant way. Thus, through the applica-tion of PRA techniques, these issues were demonstrated _to be insignificant in terms of risk to the public.

An NRC staf f ef fort, which I directed, used PRA techniques in a reliability context in a comprehensive generic study I9)of the reliability of auxiliary feedwater systems .in reactors de-signed by different manufacturers. Although this study examined a specific issue, namely the reliability of auxiliary feedwater systems, it was also generic in that a large number (25) of pressurized water reactor auxiliary feedwater systems were examined. The results showed a wide variation in relia-bility from plant to plant. As a direct result of the study, modifications to improve reliability were identified in several plants, and these modifications were implemented.

i Another application that I was involved in concerned generic safety issues. There had existed for some time 133 unresolved or generic safety issues that had arisen in the licensing process. These were examined by the use of probabilistic techniques and it was determined that only about 20 of these were of any direct safety significance and the others were of very l little concern. Thus, the 133 items were reduced to about 20

'in a one month analysis.

I therefore conclude, contrary to the assertions in Contention 8, that both the Lewis Report itself and the subsequent NRC statement on WASH-1400 in light of the Lewis Report were sup-portive of the concept of making use of the PRA methodology pioneered by WASH-1400 in NRC's regulatory process. In addi-tion, recent independent evaluations of the NRC, by the Kemeny 14 NUS CORPORATION

and Rogovin Committees, have recognized the advantages of PRA methods 'and specifically recommended their use in regulatory decisionmaking. I have given many papers and speeches over the last few years that reached the same conclusion. (Examples are References 15, 16, and 17.)

Continuing with the discussion of Contention 8, it states, re-ferring to WASH-1400, that "...the staff still regulates upon the validity of the basic conclusions therein." This state-ment is fundamentally in error. The NRC staff does not, and has not, regulated nuclear power plant safety based on the conclusions of WASH-1400 or of any probabilistic risk assess-ment; it uses the deterministic approach discussed earier in Section 3 of this testimony. PRA evaluations have not been and are not a part of the licensing process for nuclear power plants such as the Byron Station.

Contention 8 further concludes that "the withdrawal of NRC's endorsement of the Reactor Safety Study and its findings leaves no technical basis for concluding that the actual risk is low enough to justify operation of Byron." This excerpt from the contention contains two errors of fact. First, the NRC did not withdraw its endorsement of the study and its findings, but rather withdrew its endorsement of the Executive Summary of the study, which has nothing to do with the tech-nical quality of the study itself. Secondly, as just stated, the NRC staff does not use, and has not in the past used, the Reactor Safety Study as the technical basis for safety decisions regarding nuclear power plants.

Contention 8 characterizes the Byron site as a "high popula-tion density" site. An NRC document I11) is available that 15 NUS CORPORATION

compiles and presents demographic characteristics for all ex-isting or proposed nuclear power reactor sites. This document reveals that the Byron population density is generally much less than the average of the 111 sites . shown, for distances out to 50 miles. It is therefore incorrect to chara'cterize the Byron site as a "high population density" site.

l With regard to the substance of the Byron FES, I have examined pages 5-44 through 5-67 thereof, daaling with the risks of se-vere accidents.

With regard to the core fission product inventory release fractions tabulated in Table 5.11, I share the judgement, j growing in the nuclear technical community, that these values are too large. The approach used to calculate the numerical values of probabilities, public exposures and health effects presented in Table 5.12, " Summary of Environmental Impacts and Probabilities," appears reasonable. Evolving work on source terms and other accident phenomena will almost surely show,

<within a few years, that the tabulated impacts are conserv-ative. The complementary cumulative distribution functions (CCDFs) for early and latent fatalities, shown in Figures 5.8 and 5.9 respectively, appear to be conservative approximations based on current knowledge.

In reaching a judgement on the adequacy of the Class 9 acci-i dent calculations reported in the Byron FES, I considered the following:

o the adequacy of the methods and results reported in the FES as compared to those from other PRA evalua-tions; i

l J

16 NUS CORPORATION

c i

o the balance between uncertainties and conservatisms l in the reported analysis, and

o. the degree of precision required in the way the re-sults are applied to decisionmaking.

Each of these considerations is discussed below.

The approach used in the Byron FES is consistent with present practices by PRA practitioners. The body of knowledge accumu-lated since (and including) the Reactor Safety Study (WASH-l 1400) supports the general levels of risk reported in the FES, and suggests that the FES values are conservative.

Probable conservatisms in source terms (the fractions of core fission product inventories released) have been referred to .

above. Other probable sources of conservatism that seem to be emerging from ongoing research are a reduced likelihood of steam explosions, which would make this failure mode of the i pressure vessel or containment less likely than previously estimated; longer times for containment failure, which would allow more time for fission product plateout and deposition, resulting in smaller releases; and a reduced rate of contain-ment basemat penetration by a molten core which would result i in delays and reductions in fission product release to ground-water.

These probable conservatisms must be balanced against uncer-tainties. For example, there is substantial uncertainty in i the accident sequence probabilities cited in Table 5.11 on

page 5-45 of the FES. These uncertainties relate to the quan-tification of human error probabilities, inadequacies in the data base for component failure rates, and the frequencies of 17
NUS CORPORATION

~

external events (tornadoes, floods, earthquakes) or success-ful sabotage of the plant. Additional uncertainty is intro-duced in the models and techniques used for site-dependent consequence calculations, including those for weather condi-tions, public protective actions and health effects. In sum, the FES strikes a balance between conservatisms and uncertain-ties on the side of conservatism.

The third consideration listed above was the degree of preci-sion required in the way the analytical results were applied in decisionmaiting. The FES PRA results are used, as reported in Table 6.1 of the FES (p 6-3), to assist in formulatir.g a judgement as to whether the radiological impact on human health from reactor accidents should be classified as small, moderate or large. It is my view that great precision is not required for this application, especially since the risks predicted from nuclear power plant accidents are so much smaller than the risks to which society is already exposed.

I conclude that the approach described in the FES is reason-able, and further that the estimated risks are conservative in light of current and evolving knowledge concerning fission product source terms and other severe accident phenomena. I concur with the NRC staff judgement (FES P 5-67) that the risks of acute fatality from potential accidents at the site are small in comparison with acute fatality risks from other human activities in a comparatively sized population.

7. Contention 62, Accident Mitigation Contrary to the assertion of Contention 62, the design of Byron Station does provide substantial protection against se-vere (so called " Class 9") accidents. The protection provided 18 NUS COAPORATION

by Byron Station design features falls into two categories, prevention of severe accidents and mitigation of their conse-quences should they occur. The WASH-1400 Report and later PRA studies have all shown that plant structures, systems and com-ponents incorporated in the design to protect against design basis accidents have substantial capabilities for providing protection against more severe accidents as well. A few of the relevant Byron design features, and their protective func-tions provided, are described below,

a. Reactor Protection System and Backup Shutdown System These systems assist in preventing severe accidents by shutting down the neutron chain reaction and thereby reducing the core power to very low levels in response to specified signals. This makes the probability of accidents characterized by failure to shut down the reactor very small.
b. Emergency Core Cooling System (ECCS)

The ECCS consists of several sources of water and delivery systems designed to prevent severe acci-dents by preventing reactor core melting in the unlikely event that normal fuel cooling water is lost. The Byron ECCS design incorporates both hot leg and cold leg injection, and includes a low-

. pressure passive accumulator system, consisting of four pressure vessels partially filled with borated water; two high head injection system pumps, two intermediate head injection sy. stem pumps, and two low head residual heet removal pump subsystems. The 19 l

NUS COAPORATION

l appropriate injection systems take suction from the refueling water storage tank (350,000 gallons) during the short-term injection phase, and are aligned to other water sources for long-term recir-culation. The ECCS will perform its design function with one accumulator failed and with only one of the i

l redundant trains of safety injection at the appli-l cable pressure level. The Byron ECCS design features make the probability of losing core cooling very small.

c. Containment building Provides protection against both design basis acci-dents and more severe accidents by either preventing l releases of significant amounts of radioactive ma-terials to the environment or, for very unlikely severe accidents, substantially reducing the size of releases. The Byron containment has a free volume of about 3 million cubic feet and a design pressure cr 50 psig. This combination of volume and l pressure capacity results in a very low probability l of containment overpressure failure for severe ac-

! cidents; furthermore, even in those accidents where

{ the containment might ultimately rupture, this would occur some hours after the accident, thus allowing significant time for removal and plateout of radioactive materials from the containment atmo-sphere so that the amount released to the environ-ment would be significantly reduced. The end result is a low probability of containment failure with the

, Byron design.

20 NUS COAPORATION

d. Containment Spray and Fan Coolers These safety-grade systems perform two important functions that mitigate the consequences of severe accidents and design basis accidents. These func-tions are (1) decreasing the containment pressure by cooling the containment atmosphere to reduce leak-age from the containment to the environment and pre-vent overpressure rupture of the containment, and (2) removing radioactive matarials from the con-tainment atmosphere so that only small amounts would be released to the environment. Both of these functions reduce the probability of large releases of radioactivity to the environment.
e. Auxiliary Feedwater System i

The auxiliary feedwater system (AFWS) is designed to provide an alternate means of providing water to the secondary side of the steam generators in the event of a loss of main feedwater supply. This backup system provides redundancy in the important acci-dent prevention function of removing heat from the reactor coolant system and, in turn, from the reactor fuel. The system consists of two redundant, safety-related essential trains and one nonessen-tial (startup) train, all of which supply water to all four steam generators. Redundant power supplies are also provided, and the pumps start automatically in transient or accident situations. This system has been shown to be important in many PRA studies, and the Byron design has benefited from the know- f l ledge gained in these earlier studies.

1 e

21 NUS CORPORATION

i

f. Items (a) through (e) above do not constitute an all-in-clusive list. Many other components and systems could be added, including post-TMI modifications such as the safe-ty parameter display system, reactor vessel head vent system, core saturation monitors, reactor vessel water l level indication, improved accident monitoring instru-mentation and dedicated emergency response facilities.

Many of the post-TMI modifications are directed touard improving the cognitive reaction of the operators, i.e.

assisting the operators in correctly diagnosing the condition of the plant. The precise value of these cognitive aids is difficult to quantify in terms of risk reduction, but they are being incorporated and will assist in providing protection against both design basis accidents and more severe accidents.

i Based on the foregoing discussion I conclude that it is incor-rect to assert, as in Contention 62, that the Byron Station design does not provide protection against severe accidents.

8. Incremental Risk from Byron Station DAARE/ SAFE Contention 2 (A) contends that, with the addition of two more nuclear power units in operation at Byron, the poten-tial for cumulative dose effects from discrete accident events at plants in Northern Illinois poses an unreasonable level of risk to the health and safety of DeKalb-Sycamore and Rockford area residents.

Risk is composed of two component parts, the probability of an occurrence and its consequences. Consequences are probably conservatively estimated by present techniques, as discussed 22 NU'3 CORPORATION

earlier. Most of the plant-specific PRA evaluations that I have seen to date indicate that the probabilities of core melt accidents at nuclear plants are small, generally on the order of one in ten thousand per reactor-year. Further, few core melts are estimated to result in off-site health effects.

Important factors affecting the public risks from nuclear power plant accidents are the distances from the plant to pop-ulation centers. In terms of distance, Rockford is located about fifteen miles from the Byron Station, and sixty miles or more from the Zion Station, the next nearest plant to Rockford. DeKalb and Sycamore are about thirty miles from the Byron Station, and forty miles or more from the Dresden and LaSalle plants, which are about equally distant from these I

communities.

In considering the possibility of increased risks to the

~

residents of the Rockford and DeKalb-Sycamore areas, one should examine the two principal health effects that might occur as a result of nulcear plant accidents. These are early

. fatalities and latent cancer fatalities.

PRA evaluations have shown that the accident risk of early fatality to people living at distances.of fifteen miles or

( more from a nuclear plant is exceedingly small. Thus there wdb1d be no coupling of early fatality risks from multiple plante to the localities being discussed here.

[ With regard to latent cancer f atality risks, typical estimates from PRA studies show that the probability that an individual I will die from cancer as a result of radiation exposure from l

23 l

NUS CO APOAATION

e very severe nuclear power plant accidents is negligibly small compared to the probability of dying from cancer contracted from other sources. The average probability of cancer fatal-ity per year per individual in the United States is about one i in five hundred. NUS estimates indicate that the chance of a person dying from reactor accident caused cancer in the region ten to twenty miles from the reactor is about one chance in a billion per year.

An examination of these probabilities shows that the naturally -

occurring cancer risk is on the order of two million times larger than the cancer risk from nuclear plant accidents at

, the distances of interest. It is therefore inconsequential to an individual's cancer f atality risk whether he resides at the distances of interest from one or several nuclear power plants.

In a September 10, 1982 Memorandum and Order (12) , this Board referred to an NRC report, NUREG/CR-2497 (13) , commonly known as the precursor report. The precursor report presents an estimate

  • of the frequency of severe core damage based on accident precursor events identified from Licensee Event Reports (LERs). One of the events, the accident at Three Mile i

Island, did indeed lead to core damage, and since during the time period covered by the report there were 432 years of domestic reactor operation, the frequency of core damage from this type of event was estimated as 1/432 per reactor-year, or about 2 X 10-3, The impact of the precursor events identified in the LERs on the predicted frequency of occurence of severely damaged cores 24 NUS CORPORATION

i was analyzed by means of event trees to identify the possible accident sequences that might occur given that event. The conditional probability of " severe core damage" was then cal-culated by associating the LER frequency with the probabil-ities of failure of the remaining mitigating functions that could prevent core melt. These probabilities of failure were obtained either from LERs, from PRAs, or from other published documents. The important point, however, is that the precur-sor report used generic numbers that were fed into generic

event trees. Thus no account is taken of the particular plants to which the very infrequent precursor events apply or of the specific event trees and the specific system failure probabilities that would be applicable to that particular plant. The generic approach used in the precursor report will almost certainly yield predicted failure probabilities that

, are too high.

The recently released Institute of Nuclear Power Operations (INPO) analysis I14) of the precursor report is properly directed to the specific plants where the precursor events occurred. This INPO report found that when the actual detailed plant configurations are taken into account, ,

l generally lower core damage probabilities are obtained, often

! by factors of 1/10 to 1/1000. The core damage probability estimates in the precursor report, not including the TMI-2 accident, average about 30 times higher than the INPO esti-mates. These differences are due principally to the simpli-I fled models and simplified assumptions used in the precursor report.

While the idea of using precursor events as data to help im-prove the predicted probabilities of accident sequences is l

I 25 NUS CORPORATION

1 conceptually interesting, it appears to have been misused in the precursor report. If this type of analysis is to be done, it must be done in such a way that the precursor event is analyzed using event trees and system failure data that are applicable to the plant at which the precursor event occurred. I Anything less than this leads to ill-defined and murky re-sults. It is my judgement that the INPO estimates of severe l core damage probabilities are technically superior to those of the precursor report, and generally in agreement with earlier studies.

Conclusions As a result of the examination I have made of Contention 8, 62 and 2A, I conclude that they raise issues which are either in-correct or have no significant impact on the validity of Commonwealth Edison's or the NRC's approach to the safety of the Byron Station.

In regard to Contention 8, the principal points raised are that the NRC regulates nuclear power plant safety on the validity of the basic conclusions in WASH-1400 and that the NRC has withdrawn its endorsement of WASH-1400, thus leaving no technical basis for concluding that the " risk is low enough to justify operation of Byron." As stated in Section 3 of l

this testimony, the NRC has not and does not license the safe-ty of reactors based on the conclusions of WASH-1400 or of any other PRA but on the basis of its regulations and the deter-ministic licensing process. Nor, as discussed in Section 6 of this testimony, has the NRC withdrawn its endorsement of WASH-1400, but in fact supports the use of PRA methodology for appropriate purposes and has instructed the staff to use these methods in estimating public risk from reactor accidents as part of NRC's final environmental statements for reactors.

i 26 NUS CORPORATION l

I In regard to Contention 62, as noted in Section 7 of this testimonir, the Byron Station design does incorporate design features that provide substantial protection against severe (so called Class 9) accidents. These design features reduce the probabilities and significantly mitigate the consequences of severe accidents.

In regard to Contention 2A, the incremental risk from acci-dents at Byron Station to the residents of the Rockford and DeKalb-Sycamore areas is estimated to be exceedingly small.

The " precursor report," which estimates higher probabilities of severe core damage accidents than had previously been esti-mated, is flawed and its probability estimates are too high.

This concludes my prepared testimony.

27 NUS CORPORATION

References -

1. WASH-1400 (NUREG-75/014), " Reactor Safety Study, An Assessment of Accident Risks in U.S. Commercial Nuclear Power Plants," U. S. Nuclear Regulatory Commission, October 1975
2. NUREG/CR-0400, " Risk Assessment Review' Group Report to the U. S. Nuclear Regulatory Commission," H. W. Lewis, Chairman, September 1978
3. "NRC Statement on Risk Assessment and the Reactor Safety Study Report (WASH-1400) in Light of the Risk Assessment Review Group Report," U. S. Nuclear Regulatory Commission, January 19, 1979
4. Report of the President's Commission on the Accident at

. Three Mile Island, J. G. Kemeny Chairman, October 31, 1979

5. Three Mile Island, A Report to the Commissioners and to the Public, Nuclear Regulatory Commission, Special Inquiry Group, M. Rogovin, Director, January 1980 l
6. "Various Applications of Probabilistic Risk Assessment Techniques Related to Nuclear Power Plants," presented by Saul levine, NUS Corporation, at the Annual meeting of the National Safety Council, Chicago, Illinois, October 1980 28 NUS CORPORATION
7. Memorandum for William Dircks, Executive Director for i

Operations, f rom N. J. Palladino, Chairman USNRC, " React-or Requirements and Regional Office Reorganization,"

October 8, 1981. (Note that the name of the Generic Re-quirements Review Committee was later changed to tne Committee to Review Generic Requirements.)

8. NUREG-0880, for comment, " Safety Goals for Nuclear Power

' Plants: A Discussion Paper," U. S. Nuclear Regulatory Commission, February 1982

9. NUREG-0560, " Staff Report on the Generic Assessment of

! Feedwater Transients in Pressurized Water Reactors Designed by the Babcock & Wilcox Company," US NRC, May 1979 NUREG-0611, " Generic Evaluation of Feedwater Transients -

and Small Break Loss-of-Coolant Accidents in Westing-house-Designed Operating Plants," U S NRC, January 1980 NUREG-0626, " Generic Evaluation of Feedwater Transients and Small Break Loss-of-Coolant Accidents in GE-Designed Operating Plants and Near-Term Operating License Appli-cations," U S NRC, January 1980 NUREG-0635, " Generic Evaluation of Feedwater Transients and Small Break Loss-of-Coolant Accidents in Combustion Engineering Designed Operating Plants,." January 1980 29 NUS CORPORATION

_ _ . _ _ _ _ _ _ _ _ . ~ _ _ _ - - __. ,___ __. , . - . . - _ . _ _ _ . . _ _ . - __

10. 45 iR 40101, " Statement of Interim Policy, Nuclear Power Plant Accident Considerations Under the National Environmental Policy Act of 1969," U. S. Nuclear Regula-tory Commission, June 13, 1980
11. NUREG-0348, " Demographic Statistics Pertaining to Nu-clear Power Reactor Sites," U. S. NRC, October 1979
12. USNRC, Atomic Safety and Licensing Board, In the Matter of Commonwealth Edison Company (Byron Station, Units 1 and 2) , " Memorandum and Order Ruling on Motions for Sum-mary Disposition of DAARE/ SAFE Contentions," September 10, 1982, P. 12
13. NURG/CR-2497, " Precursors to Potential Severe Core Dam-age Accidents
1969-1979, A Status Report," prepared for l U S NRC by Oak Ridge National Laboratory, June 1982 l
14. INPO 82-025, " Review of NRC Report: Precursors to Potential Severe Core Damage Accidents: 1969-1979, A Status Report, NUREG/CR-2497," Institute of Nuclear Power Operations , September 1982
15. "Various Applications of Probabilistic Risk Assessment Techniques Related to Nuclear Power Plants", presented by Saul Levine, NUS Corporation, at the Annual Meeting of l the National Safety Council, Chicago, Illinois, October 1980.

l 30 NUS CORPOAATION i

' 1p

16. " Light Water Reactor Safety", presented by Saul Levine, NUS Corporation, to the American Nuclear Society Annual Meeting, Miami, Florida, June 1981.

17 "PRA for Safety Goal Compliance", presented by Saul Levine, NUS Corporation, to the American Nuclear Society Winter Meeting, Washington, D.C., November 15, 1982.

I

{

31 NUS COAPORATION

o l

ADDENDUM Recommendations from NUREG/CR-0400, " Risk Assessment Review j Group Report to the U. S. Nuclear Regulatory Commission,"

l September 1978 1

I i

i A-1

RECOMMENDATIONS o Re-evaluate NRC's inspection and quality assurance sys-tem and licensing criteria to determine the extent to which they incorporate those things that have been learned from WASH-1400 and other relevant literature.

o Use WASH-1400 probabilistic methodology more effectively to guide the reactor safety research pro ~ ram so as to re-duce the uncertainties in analysis, and to gain greater understanding of those points of risk uncovered.

o Where there is an inadequate data base, the methodology of WASH-1400 can still be used to uncover the topology of accident sequences. In such cases the limits of know-ledge should be stated, without pressure to quantify (other than bounding) that which is unquantifiable.

o Communicate to the relevant branches of Government (e.g, Department of Energy) the desirability of performing risk assessments on electric generating technologies alter-( native to light-water reactors.

o In general, avoid use of the probabilistic risk analysis methodology for the determination of absolute risk proba-bilities for subsystems unless an adequate data base exists and it is possible to quantify the uncertainties.

However, the methodology can also be used for cases in l which the data base will only support a bounding analysis, and for other cases in the absence of any better information if the results are properly qualified.

o Fault-tree / event-tree analyses should be among the prin-cipal means used to deal with generic safety issues, to formulate new regulatory requirements, to assess and revalidate existing regulatory requirements, and to evaluate new designs.

A-2

o NRC should encourage closer coordination among the research and probabilistic analysis staff and the licens-ing and regulatory staff, in order to promote the effec-tive use of these techniques.

o The consequence model used in WASH-1400 should be substantially improved, and its sensitivities explored, before it is used in the regulatory process.

t l

A-3

. _ . _ _ . __ _ _ _ _ _ _ . _ _ _ _ _ _ _ _ . - _ __. _ _ _ _ _ _ _ _ _ . _ _ _ _ __ _ _ _ _

Retrieved from "https://kanterella.com/w/index.php?title=ML20028G682&oldid=2513810"