ML20114E273

From kanterella
Jump to navigation Jump to search
SER Annotated Ouline - 2019.07.12
ML20114E273
Person / Time
Issue date: 07/12/2019
From: Christopher Hunter
NRC/RES/DRA/PRB
To:
Hunter C (301) 415-1394
References
Download: ML20114E273 (9)
v  d  e


Text

INSRP Predecisional Annotated Mars 2020 INSRP Safety Evaluation Report Outline July 12, 2019 Note: The SER is a work-in-progress, and all aspects of this annotated outline are subject to change. In addition, much of this material was assembled prior to the release of the July 2019 FSAR, so some aspects may be dated.

Executive Summary This section will serve the normal role of an Executive Summary (to summarize the document and its key findings).

1.0 Nuclear Safety Launch Approval Process 1.1 Nuclear Safety Launch Policy This section reviews the PD/NSC-25 and INSRP empanelment. It covers the pending Nuclear Safety Launch Policy Memorandum that will replace the PD, as well as the new Air Force Manual 91-110 launch approval criteria applicable to Mars 2020.

1.2 Nuclear Safety Process Background This section gives a historical background of the INSRP process, including the process changes experienced during the Mars 2020 INSRP empanelment.

1.3 SER Development This section reviews the INSRPs development of the SER, the expertise utilized, and the primary documents used as the basis for creating the SER.

1.3.1 Scope of Evaluation This section briefly describes the way in which traditional engineering principles (e.g., safety margin) are part of the overall design, manufacturing, and review process, and how they complement the risk evaluation that is done within the SAR and the SER, so the lay reader is not left with the impression that launch authorization is a risk-based process (i.e., a process where the outcome of a risk calculation dictates the outcome).

1.3.2 Integration and Deviation Process This section briefly describes the processes in place at the organizations responsible for the hardware manufacturing (ULA, JPL, KSC, Idaho RPS) that dictate how integration of processes occur, and how deviations are identified and handled. These descriptions are based on summaries provided by the Program (DOE and NASA). It goes on to provide a few high-level observations about these processes, and the limitations of INSRPs review in these areas. It also points out the limitations in INSRPs influence relative to deviations that arise subsequent to SER completion.

1 INSRP Predecisional - Work-in-Progress

INSRP Predecisional 1.3.3 Past Concerns This section describes at a summary level how the INSRP factored in to its review concerns that were raised to INSRP by individuals that were not part of the INSRP panel or working groups. It provides a few categorical examples of the concerns, but does not identify specifics of the concerns or the identities of those raising the concerns. This discussion serves to demonstrate the integrity of the process. The section also describes, again at a summary level, challenges that arose to INSRPs independence during the review, how INSRP handled these challenges, and why INSRP believes that the SER represents a sufficiently independent review. Again, this discussion does not identify individuals.

1.3.4 Security-Related Risk This section simply points out that the SER does not consider threat, theft, and sabotage, but points out that their exclusion from the scope of the SAR/SER does not mean that they are not considered as part of the overall mission.

2.0 Mission Overview This section provides an overview of NASAs Mars 2020 mission, including mission profile, launch vehicle, spacecraft, rover, and MMRTG. This includes information related to change from the GEM-63 motor to heritage AJ-60 solid motors and effects on launch vehicle configuration, event timing, trajectory, etc.

3.0 Mars 2020 Mission Risk Evaluation 3.1 Introduction This section introduces the mission risk evaluation methodology and conduct.

3.2 Approach This section describes that the INSRP safety evaluation spans the Mars 2020 mission from prelaunch (Phase 0) to the possibility of long-term reentry (Phase 5), including that:

  • INSRP has focused on examining those accident scenarios that have the highest likelihood of radioactive releases and the largest potential for subsequent health effects and land contamination.
  • In this safety evaluation, the Mars 2020 accidents have been divided into two broad categories: Launch Area Accidents (Phases 0 and 1) and Late-Launch and Reentry Impact Accidents (Phases 2, 3, 4 and 5).

The section goes on to describe that the INSRP assessment of launch area accidents is based on the source term and consequence analyses of the FSAR and independent INSRP analyses, including that:

  • Sensitivity analyses provided quantitative and qualitative indications of conservative/non-conservative assumptions and results.
  • The INSRP and the Mars 2020 Program analyses use an approach based on multiple trials or analysis runs (e.g., Monte Carlo methods) to simulate accident outcomes.

2 INSRP Predecisional - Work-in-Progress

INSRP Predecisional

  • The probability distributions generated from the results of these simulations were statistically combined to develop risk estimates.

3.3 Launch Area Accidents This section describes that launch area accidents include those accidents that can occur during Mission Phases 0 and 1 (Prelaunch and Early Launch). Prelaunch accidents generally involve mishaps that occur during the integration of the MMRTG with the SV, failure of MMRTG cooling and the movement of the LV to the launch pad. Early launch accidents involve the SV alone or the SV with either the entire LV (full stack intact impact) or a portion of the Centaur III second stage impacting the ground near the launch area. The released material can be subsequently transported to populated areas.

Because of these accident environments and the proximity of the accidents to populated areas, launch area accidents make up the largest contribution to mission risk. The following sections describe the evaluations conducted by INSRP of these potential accidents.

3.3.1 Pre-Launch Accident Probabilities This section explains that INSRP evaluated the completeness of prelaunch accident scenarios and failure probabilities provide by the Program. This evaluation included identifying relevant available failure data and scenarios from applicable launches to conduct reliability studies of prelaunch systems. Additional evaluations for a variety of hazards (e.g., crane issues, component failures, high winds, power losses) were conducted to better estimate the probability of prelaunch accidents. Due to additional evaluation performed by INSRP, INSRP used its prelaunch scenario and probability modeling for its risk evaluations.

3.3.2 Post-Launch Accident Probabilities The Program used a bottom up approach that is built from individual components and expert elicitations, including select flight histories as starting probability distributions. INSRP developed an overall launch accident failure probability based on LV history using a top down approach that is then decomposed (using past operational experience) into lower-level contributors to each phase. The top down approach starts with determining a population of past launch LVs that are similar to the one being used. The launch histories of these LVs are then analyzed and Bayesian updating is used to estimate a launch probability of failure (POF). These POF values are used in an event tree scenario structure in order to quantify potential accident scenarios, tracing a scenario from the initial upset condition out through various consequence measures such as public health effects and land contamination.

INSRP evaluated the probability of release conditional upon failure of the LV (e.g., an accident). The INSRP conditional release probabilities (PoRlAccident) and total release probabilities (PoR) were integrated into the event tree scenario models.

3 INSRP Predecisional - Work-in-Progress

INSRP Predecisional 3.3.3 Launch Area Radiological Releases This section describes the INSRPs evaluation of the Programs modeling of postulated accident environments and resulting radiological release, including the myriad of phenomena at play. To illustrate this evaluation, a set of key uncertainties and key concerns are provided below.

Preliminary Key Uncertainties (in this portion of the evaluation)

RTG and Fragment Impact Effects

  • Prelaunch thermal gradients in the clad, which can introduce residual stresses to the clad material prior to the first impact.

Solid Propellant Impact Phenomenology

  • Potential changes in risk landscape by moving back to AJ60 SRBs instead of GEM 63. AJ60 SRBs contain a larger dome of propellant which, in MSL, caused rare but very large mechanical and thermal releases (accounting for at least half of the MSL mission risk). (FRAG software does not look at this).

o Change may cause a significant risk increase for Mars 2020 o Frequency of solid propellant impacts on/near the RTG is currently predicted to be negligible. Is this supported by the best available science?

Fire and Thermal Effects on Source Term

  • The amount of thermal energy applied to the plume as it is passed out of LASEP through IAT into HYSPLIT is uncertain .

o Possible underrepresentation of thermal energy in in the plume is also a key concern [not separately stated below].

  • Sensitivity of HYSPLIT transport of the release to these thermal uncertainties.

Preliminary Key Concerns (in this portion of the evaluation) - based on January FSAR RTG and Fragment Impact Effects

  • SIERRA simulation results appear to show counterintuitive temperature sensitivities: in some cases, high temperature clads (with greater ductility) appear to show higher expected breach areas than comparable impacts with lower-temperature clads.

Solid Propellant Impact Phenomenology

  • Unexpectedly low frequency at which GPHS components see a propellant fragment impact or fire environment (may consider an independent method to calculate frequency).

o SNSWG is performing independent confirmatory analyses 4

INSRP Predecisional - Work-in-Progress

INSRP Predecisional Preliminary Key Concerns (in this portion of the evaluation) - based on limited review of the July FSAR

  • At the very tail of the distribution, the January FSAR showed larger releases compared to the July FSAR (Phase 0 and Phase 3). Why is this not uniform for all RASs.
  • Regarding causes of release between January and July FSARs, solid propellant impact blast (secondary fragmentation detonation) went up from January by two orders of magnitude based on frequency of occurrence for trials that have a release. It gained two orders of magnitude that it causes a release as well.
  • Regarding source terms, two events drive results: Ground impact of intact RTG and rain of debris using honeycomb plate impact.
  • Use of crushable volume approach to modeling FSII.

3.3.4 Atmospheric Transport and Diffusion This section describes the comprehensive, independent evaluation of the Mars 2020 FSAR for aspects related to atmospheric transport and diffusion, and their effects on predicted consequences. The primary focus was on:

  • Application of the Initial Atmospheric Transport (IAT) model
  • Usage of Hybrid Single Particle Lagrangian Integrated Trajectory (HYSPLIT) model
  • Representativeness of meteorological data used as input The section describes the analytical approach taken:
  • Documents and Data Sources Reviewed o Databook, gap analyses and FSAR
  • Meteorological data o Plume rise and initial transport o Atmospheric transport and diffusion o Gap identification and closure
  • Corroborative Evaluations Conducted o Model fidelity o Reasonable computational threshold (RCT) o Climatology importance sampling o Meteorological data resolution o Impact of local climatology o Plume rise o Trajectory impacts Finally, it documents the associated conclusion, which includes that the results should be considered to have an uncertainty of a minimum of +/- one order of magnitude. Particular (preliminary) issues of concern include:
  • Limited model verification/validation
  • Limited or no sensitivity studies
  • Computational details inadequate to establish meteorological impacts 5

INSRP Predecisional - Work-in-Progress

INSRP Predecisional

  • Meteorological data resolution
  • Model limitations o Particle transformation o Cloud physics processes o Deposition from wet/dry removal processes o Resuspension o Pyrocumulus clouds
  • Resolvable and unresolvable uncertainty
  • Reasonable computation threshold (RCT) 3.3.5 Health Effects This section describes the portion of the INSRP evaluation related to the estimation of health effects. No summary of the work has been developed at this time.

3.3.6 Land Contamination This section describes the portion of the INSRP evaluation related to the estimation of land contamination. No summary of the work has been developed at this time.

3.4 Late Launch and Re-entry Impact Accidents This section addresses reentry-class accidents, where flight speed is sufficiently high that aerodynamic heating and loads may cause either PuO2 fuel to be released in the atmosphere before ground impact, or fuel to be released by ground impact. Applicable phases are described. Ground impact configurations, the potential for fuel release, and the extent of ground coverage affected are briefly summarized. Conclusions from INSRP Reentry Working Group assessment of the Mars 2020 program safety analysis are briefly stated.

3.5 Software Assurance This section describes that the Launch Safety Code Suite used for the Mars 2020 Program is a major update to the set of codes used for the MSL mission, and involves a large number of codes/routines. In order to determine the confidence in the results of the codes by themselves and with each other, the INSRP conducted a comprehensive vertical slice evaluation of three (3) of the codes, PEVACI, LASEP, and IAT; each is considered crucial to the launch risk conclusions in the Mars 2020 FSAR. The section describes the role of these 3 codes in the overall analysis.

The evaluation also looked at the information exchange and flows between some of the codes to determine whether there were any boundary condition concerns, so that there would be more confidence in the FSAR launch risk conclusions. In particular, the data exchanges between PEVACI and IAT through LASEP were of keen interest to the review.

Further, processes were evaluated to detect and prevent software quality problems as well as efforts to identify the causes of problems when they occur, and corrective action planning to prevent recurrence of detected problems. This section provides a description 6

INSRP Predecisional - Work-in-Progress

INSRP Predecisional of this evaluation, including the role of the Software Issue Reporting and Corrective Action Plan and the Input Issue Reporting and Corrective Action Plan.

The section goes on to describe that the administrative practices appear to be mature and the review of the Self-Assessment Report for Fiscal Year 2018 provides evidence of SQA training of the relevant management and staff.

Next, the section provides observations and concerns related to each of the codes reviewed. Examples are provided below for the SQA review of PEVACI:

  • The interface model does not account for the effects of burning aluminum drops, as suggested by the FT-P-2 gap and gap FT-G-1.
  • Although the new Force Balance Model addressed the FT-O-1 gap, it did not address effects that are identified in the FT-O-2 gap, which may make entrainment more likely (e.g., kinetic energy transfer from other debris blowing through the physical gap, explosive spallation of concrete).
  • Gaps FT-F-1, FT-F-2, and FT-F-4 that consider the effects of chemical interactions were not directly addressed. However, sensitivity to the vaporization models was captured as a sensitivity in PEVACI analyses; this is done in the Uncertainty Cases as described in FSAR Section H.5.1.
  • Importantly, the Program conceded that due to time and resource constraints, it was unable to make any changes to PEVACI to account for any of the group FT-D gaps.
  • It is acknowledged that there is no real validation opportunity in the absence of experimental data, as in the case of the entrainment models. For these situations, INSRP recognizes that an extra effort would be needed to determine uncertainties and selected sensitivity studies would also be helpful to determine which parameter(s) to focus further experimental studies.

4.0 Mars 2020 INSRP Radiological Risk Estimates 4.1 Dominant Contributors to Risk The INSRP probabilistic risk assessment model for the Mars 2020 launch is designed to provide the different risk metrics (Risk = Probability of failure times consequence). The risk model is developed in the SAPHIRE software to perform different evaluations and sensitivities. The SAPHIRE software is developed to evaluate event tree and fault tree logic models. The risk model starts with information provided about the different potential pathways that can lead to different breaches of the MMRTG or non-catastrophic failures.

An example of a non-catastrophic failure would be the launch vehicle does not follow proper launch coordinates and the mission is lost, but no failure of the MMRTG; therefore, no potential release. The process to identify the different pathways (MMRTG breach or loss of mission) utilizes event sequence diagrams (ESDs). Event sequence diagrams provides the pathway from the starting of a scenario to the end point, either MMRTG breach or loss of mission.

The different pathways through the event tree models are coupled to a consequence event tree. This event tree is designed to evaluate the different risks from the potential breach of the MMRTG under accident conditions, and has 6 different top events that were determined as important consequences to track:

7 INSRP Predecisional - Work-in-Progress

INSRP Predecisional

  • POR = probability of release
  • MHE = mean health effects
  • MID = maximum individual dose
  • LANDCONT = land contamination (km2)
  • CROPLANDCONT = crop land contamination (km2)

These different consequences are important to determining the risk potentials of the launch. From the total risk model, we find risk results for each accident sequence for the different RASs and for the overall mission.

4.2 Risk Integration The complementary cumulative distribution function (CCDF) is a plot typically presented to show the probability of a variable being less than or equal to a value for a given function. It is also known as the tail distribution or simply exceedance. This is a popular method for representing overall risk and is used for the Mars 2020 launch analysis. The CCDFs are simulated 25,000 times for each consequence. These integrated risk plots the mean and 90% confidence interval.

In addition to the integrated risk results, INSRP calculated sensitivity measures for many of the parameters present in the event tree risk models. These sensitivity calculations (called importance measures) varies each parameter one-at-a-time to both low and high-values of the parameters.

4.3 Risk Uncertainty Each of the three major elements, probability of failure, probability of release, and corresponding conditional consequences, have their respective uncertainties considered. For example, the probability of failure uses a fully Bayesian approach where past operational launch information is used in a mission-phase, top down approach in order to have the complete probabilistic distribution that can be used in the SAPHIRE risk model. In some cases the uncertainty was a result of expert opinion - for example the consequence measures were determined by collaboration with other INSRP working groups and was decided that these measures should have approximately a factor of 10 plus-minus uncertainty around the mean values provided by the Program. This type of uncertainty is then embedded in the SAPHIRE risk model and is used when determining the overall integrated risk results.

4.4 Additional Risk Issues of Note This section provides expanded discussion on items that have significant uncertainty and significant influence on the results. It also discusses the SAR/SER results in the context of the USAF acceptance guidelines. Finally, it will provide a list of key assumptions that are highly influential on the SAR/SER results, such that changes or deviations considered after SER completion can be viewed through the lens of their impact on the SAR/SER.

5.0 Conclusions This section fulfills the traditional role of a concluding section.

8 INSRP Predecisional - Work-in-Progress

INSRP Predecisional Appendices:

The SER will have several appendices, which will include material such as:

  • The Presidential Directive
  • A high-level comparison of the FSAR versus SER risk estimates
  • References
  • INSRP member listing The STIVs will be separate volumes that support the SER, with one STIV per INSRP Working Group.

9 INSRP Predecisional - Work-in-Progress

Retrieved from "https://kanterella.com/w/index.php?title=ML20114E273&oldid=2941990"