ML20293A370
| ML20293A370 | |
| Person / Time | |
|---|---|
| Issue date: | 10/22/2020 |
| From: | Nathan Siu NRC/RES/DRA |
| To: | |
| Nathan Siu | |
| References | |
| Download: ML20293A370 (161) | |
Text
PRA and Risk-Informed Decision Making at the NRC:
Some Trends and Challenges*
Nathan Siu Senior Technical Advisor for PRA Office of Nuclear Regulatory Research Nuclear Engineering Research Seminar (Virtual)
North Carolina State University, Raleigh, NC October 22, 2020
- The views expressed in this presentation are not necessarily those of the U.S. Nuclear Regulatory Commission
2 Thats so cool Are we there yet?
Outline
- A decision making challenge
- Use of risk information at NRC
- Some PRA technology challenges (audience participation)
- Closing thoughts
- Additional material
3 Acknowledgments I would like to thank many colleagues (especially Jing Xing, James Chang, Susan Cooper, Keith Compton, Tina Ghosh, Chris Hunter, Shivani Mehta, Stacey Rosenberg, Tom Wellock, Sunil Weerakkody, John Garrick, and Andreas Bye) for their assistance and discussions in developing material for this presentation. I would also like to thank Jorge Luis Hernandez and Shahen Poghosyan (IAEA) for organizing a recent international workshop that provided current perspectives on a number of key topics. Any errors or changes in emphasis in material are my own.
4 DAEDALUS, ICARUS, AND RISK-INFORMED REGULATORY DECISION MAKING Just for fun
5 3000+ Years Ago Greetings Daedalus!
Y-200: Earthquake, conquest Y-5: Developer complaints to King Minos (impediments to innovation)
Y-450: Thera explosion, earthquake, giant waves Today Y-100: Minoan Transportation Development Agency (MinTDA)
Y-75: MinTDA =>
Minoan Ministry of Transportation (MinMoT)
Minoan Transportation Regulatory Commission (MinTRC)
MinTRC Chronology
Daedalus Proposal
- Design concept: human-powered wings (imitate birds)
- Construction: feathers attached by wax and thread/twine, assembly bent into slight curve
- Procedures: oral
- Dont fly too high (scorching) or too low (damp feathers)
- Stick together; dont navigate by stars or constellations
- Testing:
- Demonstration of principle
- Two-person flight north
A Risk-Informed Decision Making Problem Current regulations Defense-in-depth Safety margins Risk Monitoring Integrated Decision Making Adapted from RG 1.174
- Current regulations: none applicable
- Defense-in-depth: none
- Safety margins: unknown, heavy reliance on Daedalus skill
- Risk assessment: possible scenarios recognized but incomplete (see next)
- Performance monitoring: possible
Known Unknowns Unknown Unknowns Conceivability (Daedalus)
Scenarios Altitude Effects?
External Events Deity Action Mid-Air Collision Design Error Clear Air Turbulence Mechanical Failure Pilot Inexperience Long-Flight Logistics Modern hang gliders, scenario not identified Modern hang gliders, scenario identified by Daedalus Possible, scenario not identified Risk Assessment Concerns
- Completeness of risk metrics
- Correctness of models for identified scenarios
- Other possible scenarios
- Peer review
- Structural failure Scorching
? Wax failure (heat, cold)
? Thread/twine failure
- Lift failure Dampness
? Fatigue
- Pilot error Flight parameters Navigation 1000 1100 1200 1300 1400 0
5000 10000 Irradiance (W/m2)
Altitude (m)
Irradiance vs Altitude Mt Ida Models CALL 1-800-HELP-RES
- Additional impacts Public health and safety Environment
Construction
Post-accident Culture
- Unsanctioned uses of technology and potential consequences Risk Metrics
10 NRC USE OF RISK INFORMATION It is of the highest importance in the art of detection decision making to be able to recognize, out of a number of facts, which are incidental and which vital. Otherwise your energy and attention must be dissipated instead of concentrated.
With apologies to Sherlock Holmes (The Hound of the Baskervilles)
11 Building Confidence NRC Use of Risk Information Full PRA desired but not feasible*
Technology available Regulatory guidance established Regulatory policy established 1940 1950 1960 1970 1980 1990 2000 2010 2020 Hanford to WASH-1400 Early PRAs Expansion Across Industry Modern Applications
- See T.R. Wellock, A figure of merit: quantifying the probability of a nuclear reactor accident, Technology and Culture, 58, No. 3, 678-721, July 2017.
12 Triplet Definition of Risk (Kaplan and Garrick, 1981)*
Risk {si, Ci, pi }
Features
- Vector, not scalar
- Qualitative and quantitative
- Differences across accident spectrum
- What can go wrong?
- What are the consequences?
- How likely is it?
- Adopted by NRC. See:
- White Paper on Risk-Informed and Performance-Based Regulation (Revised), SRM to SECY-98-144, March 1, 1999
- Glossary of Risk-Related Terms in Support of Risk-Informed Decisionmaking, NUREG-2122, May 2013
- Probabilistic Risk Assessment and Regulatory Decisionmaking: Some Frequently Asked Questions, NUREG-2201, September 2016 NRC Use of Risk Information
13 NRC Uses of Risk Information PRA Policy Statement (1995)
- Increase use of PRA technology in all regulatory matters
- Consistent with PRA state-of-the-art
- Complement deterministic approach, support defense-in-depth philosophy
- Benefits:
(1) Considers broader set of potential challenges (2) Helps prioritize challenges (3) Considers broader set of defenses U.S. Nuclear Regulatory Commission, Use of Probabilistic Risk Assessment Methods in Nuclear Activities; Final Policy Statement, Federal Register, 60, p. 42622 (60 FR 42622), August 16, 1995.
Regulations and Guidance Licensing and Certification Oversight Operational Experience Decision Support NRC Use of Risk Information Not just design approval
14 Recent Application (2019)
In any licensing review or other regulatory decision, the staff should apply risk-informed principles when strict, prescriptive application of deterministic criteria such as the single failure criterion is unnecessary to provide for reasonable assurance of adequate protection of public health and safety.
Staff Requirements - SECY-19-0036 - Application of the Single Failure Criterion to NuScale Power LLCs Inadvertent Actuation Block Valves, SRM-SECY-19-0036, July 2, 2019.
Risk-Informed Regulatory Decision Making (RIDM) a philosophy whereby risk insights are considered together with other factors to establish requirements that better focus licensee and regulatory attention on design and operational issues commensurate with their importance to public health and safety. [Emphases added]
White Paper on Risk-Informed and Performance-Based Regulation, SECY-98-144, January 22, 1998.
Current regulations Defense-in-depth Safety margins Risk Monitoring Integrated Decision Making Adapted from RG 1.174 Adapted from: U.S. Nuclear Regulatory Commission, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Regulatory Guide 1.174, Revision 3, January 2018.
NRC Use of Risk Information Not just risk information
15 Multiple Products and Uses Risk Information
- Results
- Insights
- Explanations
- Uncertainties
- Qualifications Adapted from NUREG-2150 NRC Use of Risk Information Not just immediate decision support
16 Photo courtesy of NEA Halden Reactor Project Some Trends
- Market forces
- Increased number of applications
- Increased credit for capabilities (e.g., FLEX)
- Greater role in design (e.g., LMP)
- Novel designs, technologies, and operational concepts
- Improving analysis capabilities
- Computational resources
- Smart technologies (e.g., content analytics)
- Changing workforce (KSAs, preferences)
Challenge to NRC:
Be Ready!
NRC Use of Risk Information
17 SOME PRA TECHNOLOGY CHALLENGES*
Audience Participation
- In this presentation Technology = {methods, models, tools, data}
it is incumbent upon the new industry and the Government to make every effort to recognize every possible event or series of events which could result in the release of unsafe amounts of radioactive material to the surroundings and to take all steps necessary to reduce to a reasonable minimum the probability that such events will occur in a manner causing serious overexposure to the public.
W. F. Libby (Acting Chairman, AEC) - March 14, 1956 response to Senator Hickenlooper
[from D. Okrent, Reactor Safety, U. Wisconsin Press, 1981]
18 Identifying Challenges: Many Perspectives Fukushima Review*
PRA scope (2)
Feedback loops (1)
Game over modeling and intentional conservatisms (4)
Long duration scenarios (3)
External hazards analysis (12)
Human reliability analysis (HRA) (5)
Representation of uncertainty in phenomenological codes (1)
Searching (vs. screening) (5)
IAEA Technical Meeting**
Dynamic PSA (7)
Combinations of hazards (3)
Portable equipment (4)
Use of PSA in development of SAMGs (6)
Level 3 PSA (4)
Software reliability and modelling (4)
Incorporation of ageing aspects (5)
- N. Siu, et al., PSA technology challenges revealed by the Great East Japan Earthquake, PSAM Topical Conference in Light of the Fukushima Dai-Ichi Accident, Tokyo, Japan, April 15-17, 2013.
[ML13038A203 (paper), ML13099A347 (presentation)]
- IAEA Technical Meeting on the Enhancement of Methods, Approaches and Tools for Development and Application of Probabilistic Safety Assessments, September 29-October 2, 2020.
- M. Drouin, et al., Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decisionmaking, NUREG-1855, Rev. 1, 2017.
Uncertainty Typology***
Parameter uncertainty (3)
Model uncertainty (6)
Completeness uncertainty (8)
PRA Technology Challenges
+ Internal risk communication (9)
Pick a topic
19 PRA TECHNOLOGY INSIGHTS FROM 3/11 Qualitative lessons from a PRA-oriented review PRA Technology Challenges
[Fukushima Review]
Topics PRA scope Feedback loops Game-over modeling Long-duration scenarios External hazards analysis Human reliability analysis (HRA)
Representation of uncertainty in phenomenological models Searching (vs. screening)
20 PRA Technology Insights from 3/11*
- Review: 2013, updated 2016
Purpose:
support ongoing activities (Level 3 PRA, R&D planning, international discussions)
- Scope: all affected plants
- Approach
- Literature review
- Event review
- Timeline-based
- PSA-topic based
- Results: PRA-technology Reminders, Challenges, and discussions of selected topics PRA Technology Challenges
[Fukushima Review]
- See:
1)
N. Siu, et al., PSA technology challenges revealed by the Great East Japan Earthquake, PSAM Topical Conference in Light of the Fukushima Dai-Ichi Accident, Tokyo, Japan, April 15-17, 2013. [ML13038A203 (paper), ML13099A347 (presentation)] (used for this presentation) 2)
N. Siu, et al., PSA technology reminders and challenges revealed by the Great East Japan Earthquake: 2016 update, 13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13), Seoul, Korea, October 2-7, 2016. [ML16245A871 (paper), ML16270A522 (presentation)]
21 PRA Scope (1/2)
Dimension Typical U.S. (c. 2011)
Observations (3/11/2011)
Space Single unit (reactor)
Frontline mitigating systems + support Multiple reactors, SFP; multiple sites Additional systems (e.g., security access)
Time At power operation Accident Shutdown operations (incl. testing)
Post-accident susceptibility Organization Onsite staff Offsite involvement (directions, requests for information)
PRA Technology Challenges Recovery Preparedness Preparedness Reconstitution
+ Analysis
Response
time Warning Event Stabilize site Permanently restore site Identify and promulgate lessons Improve posture Damage control Reduce vulnerabilities, plan, prepare for effective response Reduce vulnerabilities, plan, prepare for effective response
[Fukushima Review]
22 PRA Scope (2/2): Multi-Site Events March 11, 2011 August 14, 2003 PRA Technology Challenges
[Fukushima Review]
23 Feedback Loops (1/1)
PRA Technology Challenges General Analysis Flow Analysis Refinements Onsite actions inhibited by radiation, explosion effects Containment venting delayed until local evacuation confirmed
[Fukushima Review]
24 Game Over Modeling (1/4)
- Conventional PRA analysis: core damage (if AC power is not recovered)
- Deterministic analysis: rapid onset of fuel damage
- System Level: Loss of DC
- Isolation condenser, RCIC, and HPCI fail (unable to control)**
PRA Technology Challenges
- Unmitigated short-term station blackout (STSBO). See N. Bixler, et al.,
State-of-the-Art Reactor Consequence Analyses Project Volume 1:
Peach Bottom Integrated Analysis, NUREG/CR-7110, Rev. 1, 2013.
Plant Core Damage Onset (hr)
Peach Bottom (NUREG/CR-7110)*
1.0 Fukushima Daiichi Unit 1 19 Fukushima Daiichi Unit 2 89 Fukushima Daiichi Unit 3 52
- DC power is used to operate a number of control valves. Uncontrolled RCIC and/or HPCI could lead to RPV overfill, water in the RCIC/HPCI steam line, and failure of the RCIC/HPCI turbine(s). During the accident, operators bypassed some flow through a mini-flow test line (which returns water to the Condensate Storage Tank) to reduce the possibility of RPV overfill.
[Fukushima Review]
25 PRA Technology Challenges Game Over Modeling (2/4): Loss of DC
[Fukushima Review]
26 Game Over Modeling (3/4): RIDM Implications
- Useful simplification for applications focused on total results
- Concerns
- Potential overemphasis on scenarios that are actually not as important as others (masking effect)
- Training resources
- Establishing expectations (bias)
- Strong constraints on mitigation actions considered as viable, worth emphasizing (e.g., through procedures and training)
- Loss of PRA model credibility to key stakeholders PRA Technology Challenges
[Fukushima Review]
Fire Internal Events Internal Flooding Seismic High Winds External Flooding Fire Internal Events Internal Flooding Seismic High Winds External Flooding
?
27 Game Over Modeling (4/4): Other Notes
- Assuming immediate failures is not necessarily conservative
- in reality, lacking omniscience, operators might spend time trying to implement a non-feasible path
- Other common game over modeling assumptions
- Lack of credit for recovery or repair
- Assumed loss of structure contents on failure of structure PRA Technology Challenges
[Fukushima Review]
28 Long Duration Scenarios (1/3): Fukushima Early PRA Technology Challenges Data from multiple sources, including:
1)
International Atomic Energy Agency, The Fukushima Daiichi Accident: Report by the IAEA Director General, STI/PUB 1710, Vienna, Austria, 2015.
2)
Government of Japan, Investigation Committee on the Accident at the Fukushima Nuclear Power Stations of Tokyo Electric Power Company, Interim Report.
December 26, 2011.
[Fukushima Review]
29 Long Duration Scenarios (2/3): Fukushima Late PRA Technology Challenges Data from multiple sources, including:
1)
International Atomic Energy Agency, The Fukushima Daiichi Accident: Report by the IAEA Director General, STI/PUB 1710, Vienna, Austria, 2015.
2)
Government of Japan, Investigation Committee on the Accident at the Fukushima Nuclear Power Stations of Tokyo Electric Power Company, Interim Report.
December 26, 2011.
[Fukushima Review]
30 Long Duration Scenarios (3/3): Modeling Challenges
- Recovery and repair
- Human reliability analysis (HRA)
- Site and equipment conditions (debris, roads, tools, spares, housing, )
- Non-binary behavior (e.g., intermittent and/or degraded performance)
- Offsite
- Conditions (site access, demands on emergency services, )
- Organizational response PRA Technology Challenges Yuriage - Before and After 3/11 Tsunami
[Fukushima Review]
31 External Hazards Analysis (1/12) 3/11/2011: Seismically-induced loss of offsite power, tsunami-induced loss of all power and multiple severe accidents Long-standing general approach, e.g.,
- Zion/Indian Point PRAs (1982)*
- PRA Procedures Guide (1983)*
Typical practice
- General emphasis on internal events, earthquakes, internal fires and floods
- Other external hazards (including external floods) sometimes dismissed (pre-3/11)
Typical results
- Important or even dominant contributor to risk
- Uncertainty driver: hazards analysis PRA Technology Challenges
- See:
1)
B.J. Garrick, Lessons learned from 21 nuclear plant probabilistic risk assessments, Nuclear Technology, 84, No. 3, 319-339(1989) 2)
American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, 1983.
[Fukushima Review]
32 External Hazards Analysis (2/12): Past PRA Results PRA Technology Challenges
[Fukushima Review]
An early study (c. 1980)
NUREG-1150 (1990)
Note: Orders-of-magnitude uncertainties
33 External Hazards Analysis (3/12): Past PRA Results PRA Technology Challenges
[Fukushima Review]
1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 IPEEE CDF IPE CDF IPEEE vs IPE CDF 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 External Internal External vs. Internal CDF (SAMA)
Note: External includes internal fires
34 External Hazards Analysis (4/12): A Fukushima Precursor
- Wind-driven waves + major storm surge
- Overtop and sweep around dike, damage dike, flood site
- Flood waters pass through penetrations, burst an internal fire door, and flood key areas
- System impacts
- Loss of offsite power (LOOP) at Units 2 and 4
- Unit 1 service water degraded
- Units 1 and 2 low-head safety injection and containment spray pumps lost
- Site access lost E. de Fraguier, Lessons learned from 1999 Blayais flood: overview of EDF flood risk management plan, NRC Regulatory Information Conference, Rockville, MD, March 9-11, 2010.
PRA Technology Challenges Le Blayais (December 27, 1999)
[Fukushima Review]
35 0.00 0.05 0.10 0.15 0.20 0.25 0.30 probability density Major Flood Frequency (/yr)
External Hazards Analysis (5/12): PFHA*
Background
Parameter of interest: frequency of major flooding ()
Prior state-of-knowledge: minimal Evidence: 12 major floods over 1932-2019 (87 years)
Bayes Theorem:
Posterior state-of-knowledge:
Date Flood Height (ft) 5/14/1932 15.25 2/27/1936 14.69 3/19/1936 28.10 4/28/1937 23.30 10/30/1937 15.62 10/17/1942 26.88 4/29/1952 14.17 8/20/1955 17.60 6/24/1972 22.03 11/7/1985 17.99 1/21/1996 19.29 9/8/1996 17.84 05 = 0.079/yr 50 = 0.13/yr 95 = 0.21/yr mean = 0.14/yr prior posterior PRA Technology Challenges 1, =
, 0 0
, 0 Poisson Non-informative
- Notes:
1)
PFHA = probabilistic flooding hazards analysis 2)
Data from: https://water.weather.gov/ahps2/crests.php?wfo=lwx&gage=brkm2&crest_type=historic 3)
Major Flood: height > 14 ft Potomac River (Little Falls, VA)*
[Fukushima Review]
36 External Hazards Analysis (6/12): PFHA Background 10 12 14 16 18 20 22 24 26 28 30 Flood Height (ft)
Potomac River Flooding (Little Falls, VA)
Major Flood Moderate Flood 1930 1940 1950 1960 1970 1980 1990 2000 2010 2020 0
10 20 30 40 50 60 70 9
12 15 18 21 24 27 30 More Count Flood Height (ft)
PRA Technology Challenges
[Fukushima Review]
Notes:
1)
Data from: https://water.weather.gov/ahps2/crests.php?wfo=lwx&gage=brkm2&crest_type=historic 2)
Major Flood: height > 14 ft; Moderate Flood: 12 ft < height < 14 ft
37 External Hazards Analysis (7/12): PFHA Challenge 0.00 0.20 0.40 0.60 0.80 1.00 5
10 15 20 25 30 P{X > x}
Flood Height (ft)
Potomac River Floods (Little Falls): 1932-2019 Weibull CCDF Weibull pdf (scaled)
Gumbel CCDF Gumbel pdf (scaled)
Empirical CCDF Major Flood Moderate Flood PRA Technology Challenges Beyond historical experience:
how to estimate for RIDM?
[Fukushima Review]
38 External Hazards (8/12): PFHA Challenge PRA Technology Challenges
[Fukushima Review]
39 External Hazards Analysis (9/12): PFHA Challenge PRA Technology Challenges
[Fukushima Review]
40 External Hazards Analysis (10/12): Lessons from Some Other Flood-Related Operational Events*
- Qualitative review of 5 floods and 5 storms
- Observations:
- See: N. Siu, et al., Qualitative PRA insights from operational events, 14th International Conference on Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018. [paper (ML18135A109), presentation (ML18249A340)]
Confirmatory Multiple hazards Asymmetrical multi-unit impacts Less-than-extreme hazards Hazard persistence Failure of mitigation SSCs Failure of implicitly considered SSCs Warning times and precautionary measures HRA and emergency response complexities Less discussed Multiple shocks Scenario dynamics Geographical extent and potential for multi-site impacts PRA Technology Challenges
[Fukushima Review]
41 External Hazards Analysis (11/12): Lessons from Some Seismically-Initiated Operational Events*
- Qualitative review of 50 events
- Observations:
- Reported PGAs << max values considered in recent PRAs
- Other than offsite power, no direct damage to major mitigating systems due to ground motion; major effects due to induced hazards (fire, external flood)
- Some reactor trips/safety system actuations for events with very low onsite PGAs
- If one unit affected, typically all units onsite also affected
- Some events affected multiple sites:
- Reactivity effects:
- Flux-induced trips (Onagawa, 1993; North Anna, 2011)
- Stuck control rod (Kashiwazaki-Kariwa, 2007)
- See: N. Siu, et al., Qualitative PRA insights from seismic events, 25th Conference on Structural Mechanics in Reactor Technology (SMiRT-25), Charlotte, NC, August 4-9, 2019. [paper (ML19162A422), presentation (ML19210D835)]
Impacts at Multiple Sites
- Events Minimal response** or greater 10 Reactor trip 3
Serious challenge 1
PRA Technology Challenges
[Fukushima Review]
42 External Hazards Analysis (12/12): Challenges Hazards analysis
- Relevance of historical data Natural trends Man-made trends
- Need for knowledgeable experts
- Role of simulation
- Combination of hazards
- Technical cultures What is the hazard (varying points of view)
Buy-in for risk assessment (especially rare events)
Fragility analysis
- Full range of hazards (dynamic loads, clogging, )
Plant response analysis
- Human reliability analysis (HRA)
- Dynamics PRA Technology Challenges
[Fukushima Review]
https://commons.wikimedia.org/wiki/File:Storms_Lothar_and_Martin_december_1999.png Treatment of consecutive events (and pre-conditioning)?
Hurricane tracks adapted from University of Wisconsin-Milwaukee (https://web.uwm.edu/hurricane-models/models/archive/)
Emergency response based on data from National Hurricane Center:
(https://www.nhc.noaa.gov/1992andrew.html)
Role of stochastic simulation?
43 HRA (1/5): Observations from 3/11
- Error of commission (isolation of 1F1 Isolation Condenser)
- Psychological impacts
- External interventions in decision making
- Seawater injection
- Containment venting
- Uncertainty in plant conditions
- Loss of instrumentation
- Loss of access
- Loss of communication systems => messengers (with associated delays for transit, reporting)
- Evolving conditions (radiation, explosions, evacuating staff and contractors) affecting recovery actions PRA Technology Challenges
[Fukushima Review]
See next slides
44 PRA Technology Challenges ISO-XHE-EOC-TERM OPERATOR TERMINATES ISOLATION CONDENSER OPERATION BUT WHY?
HRA (2/5): Current PRA and EOCs
[Fukushima Review]
45 HRA (3/5): Adding EOCs Detection Action Execution Decisionmaking Understanding Interteam Coordination (1) Cognitive Basis (2) Dynamic Context*
PRA Technology Challenges
[Fukushima Review]
- Approaches to address context in a classical event tree/fault tree PRA framework include:
1)
L. Podofillini, V.N. Dang, O. Nusbaumer, and D. Dres, A pilot study for errors of commission for a boiling water reactor using the CESA method, Reliability Engineering and System Safety, 109, 86-98 (January 2013).
2)
C. Picoco and V. Rychkov, Advanced thermal-hydraulic simulations for HRA, IAEA Technical Meeting on Enhancement of Approaches and Tools for the Development and Application of Probabilistic Safety Assessments (Virtual), September 29-October 2, 2020.
46 HRA (4/5): The Human Dimension (3/11)
- Decision maker frustrations
- Limitations of available accident management guidance
- Offsite organizational interventions
- Staff stressors
- Progressive loss of situation awareness and control
- Onsite conditions (aftershocks, tsunami warnings, radiation, dark, debris, open manholes, )
- ERC conditions (food, sleep, sanitation, )
- Offsite conditions PRA Technology Challenges
[Fukushima Review]
Yoshida was asked if he opened up the accident management manual and used it as a reference. He said he never referred to it or even opened it up.
He explained how ineffective measures thought up by people beforehand can be.
Yoshida also explained that nuclear plants in Japan were designed with priority placed on internal factors leading to malfunctions. He went on to explain that no thought was given to malfunctions occurring simultaneously at a number of plants due to external factors, such as tsunami, tornado, a plane crash or an act of terrorism.
- The Yoshida Testimony (2014)
The Yoshida Testimony: The Fukushima nuclear accident as told by plant manager Masao Yoshida, Asahi Shimbun, 2014.
(Available from: http://www.asahi.com/special/yoshida_report/en/)
47 HRA (5/5): Beyond Fukushima Other analysis concerns
- Need for improved qualitative analysis (little stories)
- Basis for analysis assumptions
- Qualitative dimension of risk: what can go wrong
- Treatment of new situations
- Ex-MCR (particularly portable equipment)
- Level 2
- Event and conditions assessment
- Collection and use of empirical data A RIDM concern: recognition and treatment of model uncertainty - more benchmarks?
Same method, different teams Same team, different methods NRI, CREAM NRI, DT+ASEP NRC, SPAR-H INL, SPAR-H PRA Technology Challenges
[Fukushima Review]
Integrated Human Event Analysis System (IDHEAS)
Scenario Authoring, Characterization, and Debriefing Application (SACADA)
Some IDHEAS and SACADA references:
1)
Y.J. Chang and J. Xing, The general methodology of an Integrated Human Event Analysis System (IDHEAS) for human reliability analysis method development, 13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13), Seoul, Korea, October 2-7, 2016. (ML16298A411) 2)
Y.J. Chang, et al., The SACADA database for human reliability and human performance, Reliability Engineering & System Safety, 125, 117-133 (2014).
A Bye, et al., International HRA Empirical Study, NUREG/IA-0216, 2011.
48 Representation of Uncertainties (1/1)
Post-3/11 Fukushima Forensic study (SNL, ORNL):*
- Reconstructs accident progression at Units 1-3 and Unit 4 SFP
- Key challenge: accident data gaps and uncertainties
- Demonstrates that current tools (MELCOR, TRACE) and modeling approaches can reproduce general trends, with good quantitative agreement in portions of the results Questions
- How to incorporate findings into a PRA? Into RIDM?
- How to represent and communicate analysis uncertainties?
Challenges
- Subject complexity
- Multiple purposes
- Personal and discipline viewpoints, sometimes strongly held PRA Technology Challenges
[Fukushima Review]
- R. Gauntt, et al., Fukushima Daiichi Accident Stuy (Status as of April 2012), SAND2012-6173, Sandia National Laboratories, July 2012.
Uncertainty Frameworks and Typologies Subjective (Bayesian) vs.
Objective (frequentist)
Aleatory/Epistemic Parameter/Model/Completeness Probabilistic vs. Non-Probabilistic Additional discussion on parameter, model, and completeness uncertainty
49 Searching (1/5): Active Supplement?
Typical PRA approach for identifying external hazards:
systematically generate possibilities, then screen Post-3/11 observations
- IPEEE guidance* allowed screening of external floods based on deterministic, design-basis considerations
- ASME/ANS PRA standard addenda (2009 and 2013) allowed similar screening
- The Blayais flood (1999) can be viewed as a non-seismically induced precursor to the Fukushima Daiichi reactor accidents Active searches for hazards and hazard combinations (red teaming) might support efficient identification
- Logic-based approaches (e.g., Master Logic Diagram, Heat Balance Fault Tree, STAMP/STPA, )
- Functional classifications
- Operational experience PRA Technology Challenges
[Fukushima Review]
- U.S. Nuclear Regulatory Commission, Procedural and Submittal Guidance for the Individual Plant Examination of External Events (IPEEE) for Severe Accident Vulnerabilities, Final Report, NUREG-1407, 1991.
What is needed to cause a reactivity excursion?
How can an earthquake cause a reactivity excursion?
50 Searching (2/5): Example Deductive Approach PRA Technology Challenges
[Fukushima Review]
Heat Balance Fault Tree
51 Searching (3/5):
External Hazards Scenario-Based Classification Example PRA Technology Challenges
[Fukushima Review]
52 Searching (4/5): Empirical Experience Accidents Year Plant(s)
Precursor?
1979 TMI Davis-Besse (1977) 1986 Chernobyl Leningrad (1975) 2011 Fukushima Blayais (1999)
Some Significant* U.S. Precursors Year Plant(s)
Notes 1975 Browns Ferry Worst precursor Fire => loss of U1 ECCS 1978 Rancho Seco Next worst precursor Human error (maintenance) => loss of NNI, LOFW 2002 Davis-Besse Most recent significant precursor Multiple human/organizational faults
=> RPV head corrosion
[Fukushima Review]
53 Searching (5/5): Other Interesting Events Year Plant(s)
Scenario Type Notes 1957 Windscale 1 (UK)
Fire Graphite fire in core, release to environment.
1975 Greifswald 1 (East Germany)
Fire Power cable fire, loss of main feedwater, pressurizer safety valves fail to re-seat.
1977 Gundremmingen A (East Germany)
LOOP/LOCA Partial loss of offsite power (LOOP) and subsequent loss of cooling accident (LOCA) with internal flooding.
1978 Beloyarsk 2 (Soviet Union)
Fire Turbine Building fire spreads into Main Control Room, collapses Turbine Building roof.
1981 Hinkley Point A-1, A-2 (UK)
External Flood; LOOP (weather)
Severe weather LOOP and loss of ultimate heat sink (LOUHS).
1982 Armenia 1 (Soviet Union)
Fire Fire-induced station blackout (SBO).
1989 Vandellos 1 (Spain)
Fire Fire-induced internal flood.
1991 Chernobyl 2 (Soviet Union)
Fire Fire-induced Turbine Building roof collapse.
1993 Narora 1 (India)
Fire Fire-induced SBO.
1993 Onagawa 1 (Japan)
Reactivity Excursion Seismically-induced reactivity excursion.
1999 Blayais 1, 2 (France)
External Flood Severe weather LOOP and partial LOUHS.
2001 Maanshan 1 (Taiwan)
Severe weather LOOP and subsequent SBO.
2003 Pickering 4-8; Darlington 1, 2, and 4; Bruce 3, 4, and 6 (Canada);
Fermi 2, Fitzpatrick, Ginna, Indian Point 2 and 3, Nine Mile Point 1 and 2, Oyster Creek, Perry (U.S.)
LOOP (weather)
Northeast Blackout.
2004 Madras 2 (India)
External Flood Tsunami-induced LOUHS.
2009 Cruas 2-4 (France)
External Flood LOUHS due to flood debris.
2011 Fukushima Dai-ichi 5-6, Fukushima Dai-ni 1-4, Onagawa 1-3, Tokai Dai-ni, Higashidori 1-2 (Japan)
External Flood Earthquake-and tsunami-induced incidents (in addition to accidents at Fukushima Dai-ichi 1-3).
PRA Technology Challenges
[Fukushima Review]
54 IAEA TECHNICAL MEETING (TM) ON PSA TECHNOLOGY ENHANCEMENT: TOPICS Perspectives on selected advanced PRA topics
[IAEA TM]
PRA Technology Challenges Topics Dynamic PSA Combinations of hazards Portable equipment Use of PSA in development of SAMGs Level 3 PSA Software reliability and modelling Incorporation of ageing aspects
55 IAEA TM on PSA Technology Enhancement*
Technical Meeting on the Enhancement of Methods, Approaches and Tools for Development and Application of Probabilistic Safety Assessments (virtual), September 29-October 2, 2020 Objectives:
- Discuss current status of and Member State experience with advanced PSA methods, approaches and applications
- Update information on relevant topics in a draft technical report on advanced PSA approaches and applications.
Highlighted topics (candidate areas for enhancements):
- Dynamic PSA
- Combinations of hazards
- Portable equipment
- Development of SAMGs
- Level 3 PSA
- Software reliability and modelling
- Incorporation of ageing aspects
[IAEA TM]
PRA Technology Challenges T: Technology K: Knowledge A:
Analyses Analyses (for application)
Technology (provides capability)
Knowledge (provides context)
Why?
- Including state-of-practice as well as technology
56 Dynamic PRA (1/7): Reality Adapted from: R. Gauntt, Fukushima Daiichi Accident Study: MELCOR Analyses and Results, OECD/NEA Fukushima Accident Analysis Workshop, Issy-les-Moulineaux, France, June 18-20, 2012.
See also R. Gauntt, et al., MELCOR Simulations of the Severe Accident at the Fukushima 1F1 Reactor, ANS Winter Meeting and Nuclear Technology Expo, San Diego, CA, November 11-15, 2012.
Containment Venting:
Prevents catastrophic failure Causes release to environment PRA Technology Challenges
[IAEA TM]
Pressure (MPa) 1.0 0.5 0.0 0
5 10 15 30 25 20 Time (hr) steam dome drywell wetwell RPV-TEPCO DW-TEPCO WW-TEPCO manual venting of wetwell lower head failure steam line rupture pressurization from core relocation to lower head Start prep for venting Govt orders venting Local evacuation confirmed, 1st team dispatched 2nd team dispatched, turned back (radiation)
Unsuccessful attempts to open AO-90 Open AO-72 3/11/2011 14:46
57 Dynamic PRA (2/7): Classical Representation PRA Technology Challenges
[IAEA TM]
58 Dynamic PRA (3/7): Basics
- Risk {scenarios, consequences, likelihoods}
- PRA: likelihood expressed using probabilities
- Dynamic PRA:
- A simple view: PRA that explicitly models system dynamics (what not how)
- Typically envisioned as a form of direct simulation but doesnt have to be
- Not intended to address dynamically changing PRAs (e.g., risk monitors)
PRA Technology Challenges
[IAEA TM]
Dy*nam*ics, n. a branch of mechanics that deals with forces and their relation primarily to the motion but sometimes also to the equilibrium of bodies Typical Modeling Approaches State-transition (cell-to-cell)
Dynamic event trees Direct simulation Related Names/Concepts Integrated Deterministic-Probabilistic Safety Assessment (IDPSA)
Integrated Safety Assessment (ISA)
Computational risk assessment (CRA)
Integrated PRA (I-PRA)
Simulation modeling (e.g., discrete event simulation)
59 Dynamic PSA (4/7): Benefits of Enhancement
- Analyses (anticipated, potential)
- Advanced reactor design approvals
- Operating reactor risk-informed applications (e.g.,
FLEX, security)
- External hazards scenarios (e.g., flooding)
- Severe accidents
- Technology
- Improved realism (fewer modelling approximations)
- Reduced completeness uncertainties (e.g., EOCs, passive systems)
- Improved synergy (other fields, educational trends)
- Knowledge
- Improved risk insights (margins, contributors)
PRA Technology Challenges
[IAEA TM]
Long history (starting with fast rx)
J.M. Lanore, et al, Progress in Methodology for Probabilistic Assessment of Accidents: Timing of Accident Sequences," ANS/ENS Intl Mtg Probabilistic Risk Assessment, Port Chester, NY, 1981.
A. Amendola and G. Reina, Event Sequences and Consequence Spectrum: A Methodology for Probabilistic Transient Analysis," Nuclear Technology, 77, 297-315(1981).
See also draft white paper (ML19066A390) and presentation from 2019 IAEA workshop (ML19248C656)
60 Dynamic PSA (5/7): Status and Technical Challenges
- Current status
- U.S.: technology development, multiple demonstrations
- International: some applications
- Technical Challenges
- Phenomenological models (particularly operating crews)
- Data
- Computational requirements (for complex scenarios)
- Treatment of uncertainties
- Post-processing for insights PRA Technology Challenges
[IAEA TM]
61 Dynamic PSA (6/7): Modeling Operating Crews PRA Technology Challenges
[IAEA TM]
Based on data from A Bye, et al.,
International HRA Empirical Study, NUREG/IA-0216, 2011.
62 Dynamic PSA (7/7): Implementation Challenge
- Challenge: transition from R&D to RIDM support
- Conflicting goals: technology advancement vs. problem solving
- Communication and perception
- Investment requirements, cost/benefit
- Cultural resistance PRA Technology Challenges
[IAEA TM]
Not always complicated T. J. McIntyre and N. Siu, "Electric Power Recovery at TMI-1, A Simulation Model," ANS/ENS Intl Topical Mtg Thermal Reactor Safety, San Diego, California, February 2-6, 1986.
TAF Computational capabilities + investments (e.g.,
DOE, TSOs, universities) => time to reap benefits?
63 Combination of Hazards (1/3): Background
- Historical treatment
- Hazards (earthquakes, fires, floods, high winds, aircraft crashes, offsite industrial accidents, ) typically one-at-a-time
- Specific combinations (seismically-induced fires and floods) recognized and addressed in PRA guidance
- Increased interest in broader consideration following the Fukushima Daiichi reactor accidents (3/11/2011)
PRA Technology Challenges
[IAEA TM]
American Nuclear Society and the Institute of Electrical and Electronics Engineers, PRA Procedures Guide, NUREG/CR-2300, 1983.
J.A. Lambright et al., "Fire Risk Scoping Study: Investigation of Nuclear Power Plant Fire Risk, Including Previously Unaddressed Issues, " NUREG/CR-5088, 1989.
The Great Lisbon Earthquake (November 1, 1755) https://commons.wikimedia.org/wiki/File:Lissabon-2.jpg
64 Combination of Hazards (2/3): Benefits of Enhancement
- Analyses (ongoing)
- Current risk-informed applications (specific combinations)
- Technology
- Improved realism (correlation of hazards)
- Reduced completeness uncertainties
- Improved synergy with natural hazards community
- Knowledge
- Additional/improved insights PRA Technology Challenges
[IAEA TM]
65 Combination of Hazards (3/3): Status and Challenges
- Current status
- U.S.: some methods developed and used, included in PRA standards and guidance
- International: active development (focus on systematic, exhaustive approaches)
- Challenges
- Efficient identification and prioritization
- Data augmentation (simulation?)
- Communication (discipline-specific frameworks - what is a hazard? Area of responsibility when performing analyses https://commons.wikimedia.org/wiki/File:Storms_Lothar_and_Martin_december_1999.png Treatment of consecutive events (and pre-conditioning)?
Hurricane tracks adapted from University of Wisconsin-Milwaukee (https://web.uwm.edu/hurricane-models/models/archive/)
Emergency response based on data from National Hurricane Center:
(https://www.nhc.noaa.gov/1992andrew.html)
Role of stochastic simulation?
PRA Technology Challenges
[IAEA TM]
66 Portable Equipment (1/4): Early Perspectives
- McCullough, Mills, and Teller (1955): nuclear fire-fighters
- Indian Point 3 PRA (1983): alternatives to fixed measures (e.g., core catcher, filtered/vented containment)
- IPE/IPEEE (1988-2002) plant improvements:
- Portable pumps (e.g., isolation condenser makeup)
- Portable generators (battery chargers)
- Portable fans (room cooling, smoke removal)
- Severe accident management alternatives (SAMAs, 2002-2018) include similar ideas
- Reluctance to credit in PRA without incorporation in procedures and training PRA Technology Challenges
[IAEA TM]
See also presentation from 2019 IAEA workshop (ML19248C655)
67 Portable Equipment (2/4): Some Pre-3/11 Events
- Major External Events
- Hurricane Andrew/Turkey Point 3&4 (1992)
- Winter Storm Martin/Blayais 1&2 (1999)
- Major Internal Fires
- Greifswald 1 (1975)
- Armenia 1&2 (1982)
- Lesser events
- San Onofre 1 (1982): submersible pump for intake structure
- Diablo Canyon (2000): generator for switchyard battery charger
- Non-Nuclear Events
- Northridge Earthquake, M 6.7 (1994)
- Kobe Earthquake, M 6.9 (1995)
Onsite damage, loss of site access, offsite damage; portable fire pumps, debris removal Loss of power and control, smoke, explosions (A);
temporary cables Facility and infrastructure damage, fires, emergency service demands; portable generators, pre-planning, workarounds PRA Technology Challenges
[IAEA TM]
Turkey Point Turbine Deck Effect of Hurricane Andrew on the Turkey Point Nuclear Generating Station from August 20-30, 1992, NUREG-1474, March 1993 (ML063550235)
68 Portable Equipment (3/4): Benefits of Enhancement Analyses (ongoing)
- U.S.: RIDM applications (FLEX, other non-safety related equipment)
- International: PSA updates (PSR),
EOP/SAMG improvement, margins assessments Technology
- Improved HRA for ex-MCR activities (possibly including task-based simulation)
- Improvements (practice, methods?) in constructing informed priors (potential)
Knowledge
- Improved insights PRA Technology Challenges
[IAEA TM]
M.T. Lawless, K.R. Laughery, and J.J. Persensky, Using Micro Saint to Predict Performance in a Nuclear Power Plant Control Room: A Test of Validity and Feasibility, NUREG/CR-6159, 1995.
S. Fogarty, Approaches and Tools to Quantifying Facility Security Risk, INMM Workshop on Risk-Informed Security, Stone Mountain, GA, February 11-12, 2014.
Task-Based Simulation: Old Idea, Recent Applications
69 Portable Equipment (4/4): Status and Challenges
- Current status
- Strong interest U.S. and abroad
- Many applications (e.g., NOED, CRM, SDP, licensing actions, NTTF 2.1 seismic PRA)
- Further applications being developed
- Improved HRA demonstration (IDHEAS)
- Challenges
- Reliability data (higher failure rates)
- HRA (e.g., granularity/aggregation, quantification, credit for non-proceduralized actions)
PRA Technology Challenges
[IAEA TM]
Mobile Pumps Diesel Fuel Supply To SG To Core Adapted from T. Hong, Application of Portable Equipment in PSA Model for WH-type Nuclear Power Plant, IAEA Technical Meeting on the Enhancement of Methods, Approaches and Tools for Development and Application of Probabilistic Safety Assessments, September 29-October 2, 2020.
70 Use of PSA in Development of SAMGs (1/6): Background
- SAMG/SAMGs = Severe Accident Management Guidance/Guidelines
- Severe Accident Policy Statement*
- [T]he commitment of utility management to the pursuit of excellence in risk management is of critical importance.
- 1983 draft criticized for perceived over-reliance on PRA
- SECY 88-147: NRC plan for closing severe accident issues**
PRA Technology Challenges
[IAEA TM]
- U.S. Nuclear Regulatory Commission, Policy Statement on Severe Reactor Accidents Regarding Future Designs and Existing Plants, 50 FR 3218, August 8, 1985.
- U.S. Nuclear Regulatory Commission, "Integration Plan for Closure of Severe Accident Issues," SECY 88-147, May 25, 1988.
- Nuclear Energy Institute, Severe Accident Issue Closure Guidelines, NEI 91-04, Rev. 1, (formerly NUMARC 91-04), December 1994. (ML072850981)
Severe Accident An accident more severe than design basis accidents; involves substantial damage to reactor core regardless of offsite consequences.*
71 Development of SAMGs (2/6): Responding in extremis PRA Technology Challenges
[IAEA TM]
[Before TMI] core damage was never never land
- R. Bari1 The NPS ERC [Emergency Response Center] received reports that the nuclear reactors were successively losing their power supplies and Units 1, 2 and 4 in particular had lost all of their power sources. Everyone at the NPS ERC was lost for words at the ongoing unpredicted and devastated state.
- Investigation Committee Interim Report2
[Site Superintendent] Yoshida was asked if he opened up the accident management manual and used it as a reference. He said he never referred to it or even opened it up. He explained how ineffective measures thought up by people beforehand can be.
- The Yoshida Testimony3 1)
Plenary Panel: Perspectives on Nuclear Safety Since the Three Mile Island Event, ANS Intl Mtg Probabilistic Safety Assessment (PSA 2019), Charleston, SC, 2019.
2)
Government of Japan, Interim Report (Main Text), Government of Japan Investigation Committee on the Accident at Fukushima Nuclear Power Stations of Tokyo Electric Power Company), Tokyo, Japan, 2011.
3)
The Yoshida Testimony: The Fukushima nuclear accident as told by plant manager Masao Yoshida, Asahi Shimbun, 2014. (Available from:
http://www.asahi.com/special/yoshida_report/en/)
72 Development of SAMGs (3/6): Responding in extremis PRA Technology Challenges
[IAEA TM]
The Fukushima Daiichi accident extended over multiple days and imposed severe mental and physical fatigue on control room operators, field staff, and personnel in the plants emergency response center. Control room operators and field personnel were also exposed to physical stressors (e.g., loss of lighting and high radiation) as well as psychological stressors associated with risk to their lives and those of their co-workers and families.
- National Research Council1 we never had enough time, so the pump--the fire engine--ran out of fuel, and it could no longer pump water in when it was time to do so when reactor pressure had fallen. That gave us another letdown, and we talked about sending (workers) to pump in (water). That was when I thought we were coming to the end.
- M. Yoshida, The Yoshida Testimony2 1)
National Research Council, Lessons Learned from the Fukushima Nuclear Accident for Improving Safety of U.S. Nuclear Plants, National Academies Press, Washington, DC, 2014.
2)
The Yoshida Testimony: The Fukushima nuclear accident as told by plant manager Masao Yoshida, Asahi Shimbun, 2014. (Available from:
http://www.asahi.com/special/yoshida_report/en/)
73 Development of SAMGs (4/6): Forms and Implications
- Forms
- Tactical direction (procedure-like)
- Strategic guidance
- PRA considerations
- Scenario development (e.g., RCS conditions, site conditions)
- Instrumentation survivability, trustworthiness
- Crew factors
- PSFs/PIFs and effect on performance
- Cognition, decision making
- Execution, coordination
- Crew-to-crew variability PRA Technology Challenges
[IAEA TM]
Strategic Identify available means to perform function (e.g., reducing containment release)
Identify preferred strategy to perform function
Systems and lineups
Detection means for negative impacts
Limitations on uses of means
Special parameters to monitor Direct Control Room to implement strategy Verify strategy implementation Determine if challenge is being mitigated Tactical IF [condition(s)]
THEN [specific action(s)]
74 Development of SAMGs (5/6): Benefits of Enhancement Analyses
- Improved SAMGs and implementation (e.g.,
new scenarios, prioritization for training)
Technology
- Improved HRA for post-core damage, guidance-oriented responses
- Improved phenomenological models (e.g., for severe-accident induced cascading failures)
Knowledge
- Additional/improved insights (e.g., safety margins, priorities for severe accident R&D)
- Improved realism => improved acceptance and appreciation of Level 2 PRA PRA Technology Challenges
[IAEA TM]
75 Development of SAMGs (6/6): Status and Challenges Current status (use of PRA)
- U.S.
- SOARCA analyses of benefit
- Some changes identified during FLEX implementation
- International: widespread Challenges
- Level 2 PRA uncertainties
- Severe accident phenomenology
- Scope: which scenarios/possibilities
- Appropriate realism
- Dependencies (e.g., multi-source)
- Use of Game Over modeling
- Low likelihood of event, incentives for full Level 2 PRA PRA Technology Challenges
[IAEA TM]
D. Collins, et al., Modeling Potential Reactor Accident Consequences, NUREG/BR-0359 Rev. 1, 2012. (ML12347A049)
SOARCA Assessment of B.5.b Measures
76 Level 3 PSA (1/4): Background
- Includes analysis of offsite consequences; some terminology ambiguity
- Initiating event to offsite consequences
- Release category to offsite consequences
- Scope of early PRAs
- NRC: WASH-1400 (1975), NUREG-1150 (1990)
- Industry: Oyster Creek (1979), Zion (1981), Indian Point (1982), Limerick (1982), Millstone (1983),
Seabrook (1983), Oconee (1984)
focus on core damage and large early release PRA Technology Challenges
[IAEA TM]
77 Level 3 PSA (2/4): Probabilistic Consequence Assessment Key elements
- Weather and dispersion (atmospheric)
- Response (sheltering, evacuation, interdiction)
- Consequences
- Dose (individual, societal)
- Health effects (LNT, other)
- Economic Tools
- MACCS (U.S.)
- COSYMA (EU)
- PACE (UK)
- OSCAR (Japan)
PRA Technology Challenges
[IAEA TM]
78 Level 3 PSA (3/4): Benefits of Enhancement Analyses
- Demonstration of Licensing Modernization Program (LMP) for operating plants (pilot)
- Regulatory analysis guidance revisions (potential)
- Applications to Emergency Planning Zone (EPZ) sizing (potential)
Technology
- Developments in selected areas (e.g., multi-source PRA)
- Assessment of impact of more detailed models (e.g.,
dispersion)
Knowledge
- Improved insights regarding safety margins
- Improved insights for performing analyses (risk, feasibility of and benefits from future Level 3 studies)
- Improved staff capabilities for performing and reviewing PRAs PRA Technology Challenges
[IAEA TM]
"Risk-Informed Performance-Based Technology-Inclusive Guidance for Non-Light Water Reactors," NEI 18-04, Rev. 1, August 29, 2019.
79 Level 3 PSA (4/4): Status and Challenges
- Status
- U.S.: reference plant state-of-practice study ongoing
- International: some RIDM applications, e.g.,
- Generic design assessments (UK)
- Safety margins (Korea)
- Challenges
- Technical
- Current elements (dispersion, etc.)
- Unaddressed elements (e.g., aquatic pathways, non-radiological consequences)
- Uncertainties
- Programmatic (scope and resources)
PRA Technology Challenges
[IAEA TM]
Level 3 PRA Project Scope
80 Software Reliability and Modeling (1/4): I&C Example Passive isolation condenser: flow (and cooling) controlled by opening/closing DC motor-operated isolation valve Possible control approaches
- Analog (relays)
- Digital
- Manual (operators)
- Combination Possible I&C failure modes include
- Loss of signal(s)
- Incorrect signal(s)
- Incorrect (for situation) criteria
- Incorrect decision (signal/criteria processing)
- Incorrect command (decision implementation)
PRA Technology Challenges
[IAEA TM]
Hardware Software Wetware Signals Criteria AC power, dTRCS/dt,
- LIC,
C DC Command Power
81 Software Reliability (2/4): Diversity and Commonality Diverse views
- Software doesnt fail randomly like hardware; important software failures are due to erroneous/inadequate requirements => improper to model in classical PRA framework
- Software is part of an overall X-ware system (hardware, software, wetware) where similar arguments can be made about other system components => OK to model as a component at conventional PRA level of abstraction Diverse problems
- Certification of I&C systems
- Risk-informed plant design, operation, and oversight Common current view: Too many items to address deterministically => risk-informed approaches are needed PRA Technology Challenges
[IAEA TM]
P{XlC,H}
subjective proposition conditions knowledge
[A]ll models are wrong, but some are useful.
G.E.P. Box G.E.P. Box and N.R. Draper, Empirical Model-Building and Response Surfaces, John Wiley and Sons, 1987.
82 Software Reliability (3/4): Benefits of Enhancement
- Analyses
- Licensing digital upgrades
- Approving new designs
- General risk-informed applications
- Technology
- Improved hazard identification
- Reduced completeness uncertainties
- Improved synergy with I&C community
- Knowledge
- Improved insights PRA Technology Challenges
[IAEA TM]
83 Software Reliability (4/4): Status and Challenges Current status
- Conventional fault tree analyses (AP600, Sizewell
)
- U.S.: Technology development (e.g., integration of STAMP/STPA with conventional PRA)
- International: multiple activities Individual countries (e.g., Finland, France, Korea)
WGRISK benchmarking study (DIGMAP)
IAEA review Challenges*
- Technical Software CCF Data
- Implementation: standards and guidance
- Cultural M. Porthin, et al., Comparative application of digital I&C modeling approaches for PSA, International Topical Meeting on Probabilistic Safety Assessment (PSA 2019), Charleston, SC, April 28-May 3, 2019.
WGRISK Benchmarking Study PRA Technology Challenges
[IAEA TM]
- See also S. Arndt, E. Thornsbury, and N. Siu, What PRA needs from a digital systems analysis, 6th International Conference on Probabilistic Safety Assessment and Management (PSAM 6), San Juan, Puerto Rico, June 23-28, 2002.
84 Incorporation of Ageing Effects (1/5): Background
- Conventional PRA models
- Failures are memoryless
- Fail on demand: Bernoulli process (binomial distribution)
- Failure during operation: Poisson process (Poisson and exponential distributions)
- Failure rates can be adjusted to reflect ageing
- More general model: time-dependent failure rates
- Burn-in, steady-state, ageing (degradation) => bathtub curve
- Different aging and repair/replacement for different SSCs
=> more complex model (Renewal Theory)
PRA Technology Challenges
[IAEA TM]
As good as new
= 1
0
85 Ageing Effects (2/5): Experiences
- Active components
- Subject to testing and renewal
- Large uncertainty bands
- Passive components
- More difficult to inspect and renew
- Subject to phenomena potentially amenable to mechanistic modeling and analysis
- Famous example: Davis-Besse (2002)
Davis-Besse Reactor Pressure Vessel Head Degradation Adapted from NUREG/BR-0353, Rev. 1 PRA Technology Challenges
[IAEA TM]
86 Ageing Effects (3/5): Modeling Approaches
- Statistical
- Parametric models for failure rate (e.g., linear)
- Quantification via operational experience data
- Challenges
- Data collection (current systems are insufficient)
- Data characterization (failure? rectifiability?)
- Mechanistic
- First principles causal models for SSCs
- Challenges
- Completeness (e.g., unexpected mechanisms, combinations and synergies; detection and response)
- Treatment of uncertainties
[IAEA TM]
M (Model of the World):
Scope, structure i:
Parameters Universe Known Unknowns Unknown Unknowns
87 Ageing Effects (4/5): Benefits of Enhancement Analyses
- Risk-informed treatment of other degradation mechanisms (potential)
Technology
- Capabilities should regulatory need arise (e.g.,
- Improved perspectives and approaches to mechanistic modeling (including the treatment of uncertainties)
- Improved synergy with non-PRA technical communities Knowledge
- Improved insights supporting awareness and prioritization of mechanisms/scenarios/mitigation measures (as compared with other risk contributors)
- Improved understanding of modeled mechanisms PRA Technology Challenges
[IAEA TM]
88 Ageing Effects (5/5): Status and Challenges Current status (U.S.)
- U.S.: long history of R&D, PTS application*
- International: research with demonstration applications (European Union Aging PSA Network)
Challenges
- Data
- Physics of failure modeling
- Recognition and treatment of other trends, e.g.,
- Technology (NDE, prognostics, )
- Workforce
- Fleet (unique reactors)
- Implementation
- Separating advocacy wants from RIDM needs
- Incorporation in RIDM standards and guidance)
PRA Technology Challenges
[IAEA TM]
D. Rudland and C. Harrington, xLPR Pilot Study Report, NUREG-2110, 2012. (ML12145A470)
Blending mechanistic and statistical perspectives changes PRA approach?
M. EricksonKirk, et al., Technical Basis for Revision Of the Pressurized Thermal Shock (PTS) Screening Limit in the PTS Rule (10 CFR 50.61): Summary Report, NUREG-1806, 2006.
89 TREATMENT OF PARAMETER, MODEL, AND COMPLETENESS UNCERTAINTY Perspectives on the analysis and communication of uncertainties for RIDM PRA Technology Challenges
[Uncertainty Typology]
Topics Parameter Uncertainty Model Uncertainty Completeness Uncertainty Internal Risk Communication
90 Parameter, Model, and Completeness Uncertainty M (Model of the World):
Scope, structure i: Parameters
- Universe Known Unknowns Unknown Unknowns mod*el, n. a representation of reality created with a specific objective in mind.
A. Mosleh, N. Siu, C. Smidts, and C. Lui, Model Uncertainty: Its Characterization and Quantification, Center for Reliability Engineering, University of Maryland, College Park, MD, 1995. (Also NUREG/CP-0138, 1994)
PRA models for NPPs Distinctions are not necessarily crisp Regardless of allocation to categories, need to consider in characterization of uncertainties PRA Technology Challenges
[Uncertainty Typology]
See:
M. Drouin, et al., Guidance on the Treatment of Uncertainties Associated with PRAs in Risk-Informed Decisionmaking, NUREG-1855, Rev. 1, 2017.
U.S. Nuclear Regulatory Commission, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant-Specific Changes to the Licensing Basis, Regulatory Guide 1.174, Revision 3, January 2018.
91 Parameter Uncertainty (1/3): Current Practice Routinely estimated (Bayesian inference) and propagated (e.g.,
direct Monte Carlo, Latin Hypercube)
PRA Technology Challenges
[Uncertainty Typology]
92 Parameter Uncertainty (2/3): Bayesian Example Parameter of interest: frequency of major flooding ()
Prior state-of-knowledge: minimal Evidence: 10 events over 1877-2017 (140 years)
Bayes Theorem:
Posterior state-of-knowledge:
Date Flood Height (ft) 3/19/1936 36.5 6/1/1889 34.8 10/16/1942 33.8 10/1/1896 33.0 11/6/1985 30.1 9/8/1996 29.8 1/21/1996 29.4 11/25/1877 29.2 4/27/1937 29.0 6/23/1972 27.7 0.00 0.05 0.10 0.15 0.20 0.25 0.30 Probability Density
- Major Flood Frequency (/yr) 05 = 0.040/yr 50 = 0.069/yr 95 = 0.11/yr mean = 0.071/yr prior posterior return period = 12 yr 1880 1900 1920 1940 1960 1980 2000 PRA Technology Challenges 1, =
, 0 0
, 0 Poisson Non-informative Potomac River (Harpers Ferry, VA)*
- Notes:
1)
Data from: https://water.weather.gov/ahps2/crests.php?wfo=lwx&gage=hfew2&crest_type=historic 2)
Major Flood: height > 24 ft
[Uncertainty Typology]
93 Parameter Uncertainty (3/3): Challenges
- Data pre-processing
- Selection
- Interpretation
- Effect of analysis shortcuts
- Standard (e.g., non-informative) prior distributions
- Simplified expert elicitation
- Independence assumption
- Ensuring correspondence with state-of-knowledge
- Basic events (micro view)
- Overall results (macro view)
PRA Technology Challenges 0.00 0.20 0.40 0.60 0.80 1.00 1.00E-09 1.00E-08 1.00E-07 1.00E-06 1.00E-05 1.00E-04 1.00E-03 Probability Density Function (Normalized)
Failure Rate (/hr)
Runtime Failures (Motor-Driven Pumps)
Service Water Normally Running Standby 2015 Industry-wide estimates from: https://nrcoe.inl.gov/resultsdb/AvgPerf/
Service Water Pumps: 2 failures in 16,292,670 hours0.00775 days <br />0.186 hours <br />0.00111 weeks <br />2.54935e-4 months <br /> Normally Running Pumps: 225 failures in 59,582,350 hours0.00405 days <br />0.0972 hours <br />5.787037e-4 weeks <br />1.33175e-4 months <br /> Standby Pumps (1st hour operation): 48 failures in 437,647 hours0.00749 days <br />0.18 hours <br />0.00107 weeks <br />2.461835e-4 months <br />
[Uncertainty Typology]
94 Hurricane Andrew: 8/22/1992, 1200 UTC (about 2 days before FL landfall)
Model Uncertainty (1/6):
Hurricane Example PRA Technology Challenges Hurricane tracks adapted from University of Wisconsin-Milwaukee: (https://web.uwm.edu/hurricane-models/models/archive/)
Emergency response based on data from National Hurricane Center: (https://www.nhc.noaa.gov/1992andrew.html)
[Uncertainty Typology]
95 Model Uncertainty (2/6):
Hurricane Example Hurricane Irma: 9/8/2017, 0000 UTC (about 2 days before FL landfall)
PRA Technology Challenges Hurricane tracks adapted from University of Wisconsin-Milwaukee: (https://web.uwm.edu/hurricane-models/models/archive/)
Emergency response based on data from National Hurricane Center: (https://www.nhc.noaa.gov/1992andrew.html)
[Uncertainty Typology]
96 Model Uncertainty (3/6): HRA Example Same method, different teams Same team, different methods All teams, all methods NRI, CREAM NRI, DT+ASEP NRC, SPAR-H INL, SPAR-H A Bye, et al., International HRA Empirical Study, NUREG/IA-0216, August 2011.
PRA Technology Challenges
[Uncertainty Typology]
97 Model Uncertainty (4/6): HRA Example HFE 2A HFE 1C HFE 1A HFE 3A HFE 1B HEPs by HFE (All Methods)
Decreasing difficulty Human Error Probability (HEP) 1.0E+0 1.0E-1 1.0E-2 1.0E-3 1.0E-4 1.0E-5 ASEP Team 1 ASEP Team 2 SPAR-H Team 1 SPAR-H Team 2 CBDT & HCR/ORE Team 1 CBDT & HCR/ORE Team 2 CBDT & HCR/ORE Team 3 ATHEANA Team 1 ATHEANA Team 2 Empirical 95th Percentile Empirical 5th Percentile Adapted from NUREG-2156 PRA Technology Challenges
[Uncertainty Typology]
98 Model Uncertainty (5/6): Current Approaches
- Important to acknowledge and treat (in context of decision)
- Standards and guidance:
characterize
- Alternatives
- Consensus model
- Sensitivity analysis
- Weighted alternatives (e.g., SSHAC)
- Output uncertainties Adapted from V.M. Andersen, Seismic Probabilistic Risk Assessment Implementation Guide, EPRI 3002000709, Electric Power Research Institute, Palo Alto, CA, December 2013 PRA Technology Challenges
[Uncertainty Typology]
99 Model Uncertainty (6/6): Challenges
- Different technical points of view on treatment:
- Competition between models vs. multiple (correlated) sources of evidence
- Quantify vs. characterize
- Include or exclude user effects
- Methods to quantify model output uncertainty exist;* challenges include
- Uncertainties in unmeasured parameters
- Sub-model limits of applicability
- Representativeness of computed results M.H. Salley and A. Lindeman, Verification and Validation of Selected Fire Models for Nuclear Power Plant Applications, NUREG-1824 Supplement 1/EPRI 3002002182, November 2016.
- See, for example, E. Droguett and Ali Mosleh, Bayesian methodology for model uncertainty using model performance data, Risk Analysis, 28, No. 5, 1457-1476, 2008.
PRA Technology Challenges
[Uncertainty Typology]
100 Completeness Uncertainty (1/8)
PRA Technology Challenges
- Sources
- Known gaps (missing scope)
- Unknown gaps
- Concerns
- Excessive amplification (Fear of the dark)
- Excessive discounting (availability heuristic:
Out of sight, out of mind)
It would cease to be a danger if we could define it.
Sherlock Holmes (The Adventure of the Copper Beeches)
Adapted from B. Fischhoff, P. Slovic, S. Lichtenstein, Fault trees:
Sensitivity of estimated failure probabilities to problem representation, Journal of Experimental Psychology: Human Perception and Performance, 4(2), May 1978, 330-344.
Car Wont Start Battery Charge Insufficient Starting System Defective Ignition System Defective Mischievous Acts Of Vandalism All Other Problems Fuel System Defective Other Engine Problems
[Uncertainty Typology]
101 Completeness Uncertainty (2/8): Terminology Model Known Gaps (Known Unknowns)
Unknown Gaps (Unknown Unknowns)
- Explicit or implicit?
- Extent of coverage?
- Known by whom?
- Known when?
- Time from idea to theory to PRA implementation?
Viewpoint Precise classification is important only if it affects:
- Understanding
- Communication
- Decision making
[Uncertainty Typology]
PRA Technology Challenges
102 Completeness Uncertainty (3/8): Known Gaps*
- Broad scenario categories
- Contributors within categories Rationale Common Example(s)
Out of scope security/sabotage, operation outside approved limits Low significance (pre-analysis judgment) external floods (many plants pre-Fukushima)
Appropriate PRA technology* unavailable management and organizational factors PRA not appropriate software, security Category Example(s)
External hazards multiple coincident or sequential hazards Human reliability errors of commission, non-proceduralized recovery Passive systems thermal-hydraulic reliability PRA Technology Challenges
- aka Known Unknowns
[Uncertainty Typology]
103 https://en.wikipedia.org/wiki/Hurricane_Irma#/media/File:Irma,_Jose_and_Katia_2017-09-07.png Multiple Hurricanes: A Known Unknown PRA Technology Challenges
[Uncertainty Typology]
104 Completeness Uncertainty (5/8): Unknown Gaps*
Model Known Gaps Unknown Gaps Then (a surprise?)
Now (treated in current PRAs?)
Browns Ferry fire (1975) - a long-recognized hazard; not in draft WASH-1400 but routinely treated now Chernobyl (1986) - precursor at Leningrad (1975); non-routine test during shutdown in any LPSD analyses?
TMI (1979) - precursors include Davis-Besse (1977); operator EOCs not in models; current recognition and some explorations Blayais flood (1999) - external floods often screened at time; current recognition, multi-hazard under development Maanshan HEAF/SBO (2001) - HEAF phenomenon known, in any PRAs at time? Now included as an initiator; smoke effect?
Davis-Besse RPV corrosion (2002) - RPV failure analyses focused on crack propagation; M&O failure not in PRAs Fukushima Daiichi (2011) - precursors: Blayais (1999), Indian Ocean (2004), hazard under review at time; PRA models under development PRA Technology Challenges
- aka Unknown Unknowns
[Uncertainty Typology]
105 Completeness Uncertainty (6/8): Current Approaches
- Mind the gap
- Analysis guidance (NUREG-1855)
- Progressive analysis (screening, bounding, conservative, detailed)
- Change scope of risk-informed application
- Risk-informed decisionmaking (RG 1.174)
- Fill (or at least reduce) the gap (R&D)
PRA Technology Challenges
[Uncertainty Typology]
106 Completeness Uncertainty (7/8): Role of R&D
- Continue to develop technology to address known gaps
- Risk-informed prioritization
- Fully engage appropriate disciplines
- Take advantage of general computational and methodological developments
- Facilitate re-emphasis on searching
- Demonstrate efficiency and effectiveness with current tools (e.g., MLD, HBFT) vs.
checklist/screening
- Develop improved tools (including OpE mining)
Event (NUREG/CR-4839), 1992 Aircraft impact Avalanche Coastal erosion Drought External flooding Extreme winds and tornadoes Fire Fog Forest fire Frost Hail High tide, high lake level, or high river stage
PRA Technology Challenges
[Uncertainty Typology]
107 Completeness Uncertainty (8/8):
From Lampposts to Search Beacons Wheres the goat???
PRA Technology Challenges
[Uncertainty Typology]
108 Internal Risk Communication (1/9): Context Other Considerations Current regulations Safety margins Defense-in-depth Monitoring Quantitative Qualitative Adapted from NUREG-2150 With To PRA Technology Challenges
[Uncertainty Typology]
109 Internal Risk Communication (2/9): Reminder Mean = 7.6 x 10-5 /yr 95th = 2.6 x 10-4 /yr 50th (Median) = 3.9 x 10-5 /yr probability density function frequency (/yr)
Mean 0
Mathematically defined Affected by tail Does not correspond to a specific percentile PRA Technology Challenges
[Uncertainty Typology]
110 Internal Risk Communication (3/9): Current Practice
- Often implicit (focus on mean values)
- Various graphic displays
- Includes story as well as numbers Documents and Presentations (Flatland)
Interactive Discussion (Storytelling)
Likelihood Class 5 (10-5/yr) 4 (10-4/yr) 3 (10-3/yr) 2 (10-2/yr) 1 (10-1/yr)
Severity Class A
Marginal Undesirable Undesirable Critical Critical B
Marginal Marginal Undesirable Undesirable Critical C
No Action Marginal Marginal Undesirable Undesirable D
No Action No Action Marginal Marginal Undesirable E
No Action No Action No Action Marginal Marginal PRA Technology Challenges
[Uncertainty Typology]
111 Internal Risk Communication (4/9): Breakdowns*
- Differences in perception of information
- Relevance
- Consistency with prior beliefs
- Lack of understanding of underlying science
- Conflicting agendas
- Failure to listen
- Trust
- Sources of breakdowns with public, also at least partially relevant for internal risk communication. J.L. Marble, N. Siu, and K. Coyne, Risk communication within a risk-informed regulatory decision-making environment, International Conference on Probabilistic Safety and Assessment (PSAM 11/ESREL 2012), Helsinki, Finland, June 25-29, 2012. (ADAMS ML120480139)
PRA Technology Challenges
[Uncertainty Typology]
112 Internal Risk Communication (5/9): Information Complexity Hyperdimensional
- Scenarios
- Likelihood
- Multiple consequence measures Heterogeneous
- Qualitative and quantitative
- Multiple technical disciplines Dynamic
- System changes (e.g., different operational modes, effects of decisions)
- Changing information (learning, adding/discounting data)
- New applications (and contexts)
Uncertain
- Sparse or non-existent data
- Outside range of personal experience PRA Technology Challenges Uhh, we seem to have a TEP vulnerability, maybe, I think Thermal Exhaust Port
[Uncertainty Typology]
113 Internal Risk Communication (6/9): More Complexities
- Individual user differences, e.g.,
- Knowledge
- Preferences/heuristics
- Social factors, e.g.,
- Trust
- Decision and group dynamics
- Situational context, e.g.,
- Available time
- Decision support vs. informational Will somebody find me a one-handed scientist?!
- Senator Edmund Muskie (Concorde hearings, 1976)
I. Flatow, Truth, Deception, and the Myth of the One-Handed Scientist, October 18, 2012. Available from:
https://thehumanist.com/magazine/november-december-2012/features/truth-deception-and-the-myth-of-the-one-handed-scientist PRA Technology Challenges
[Uncertainty Typology]
114 Internal Risk Communication (7/9): Stakeholder Trends
- Experiences, knowledge
- Information content and delivery preferences
- Comfort with analytics, risk, probability
- Mobility Source: https://www.nrc.gov/reading-rm/doc-collections/commission/slides/2019/20190618/staff-20190618.pdf Language is not merely a tool for human communication; language is itself a means by which the realities of the world are divided and viewed.
- P.S. Dull, 1978 P.S. Dull, A Battle History of the Imperial Japanese Navy (1941-1945), Naval Institute Press, Annapolis, MD, 1978 PRA Technology Challenges
[Uncertainty Typology]
115 Internal Risk Communication (8/9): Solution Trends
- Tufte model: escape Flatland using rich displays and reports, encourage user to explore
- Promotes active involvement of decision maker
- Increases general trust?
- A graduated technical approach to assist?
Interface Interaction Mode Hyperlinked dashboards, reports Manual Video AI assist Visual immersion Multisensory immersion Time
- Target audience(s)
- Heterogeneous
- Changing
- Constrained resources
- Schema
- No standards:
currently an art
- Solutions being developed intuitively; no scientific testing Continuing Challenges PRA Technology Challenges
[Uncertainty Typology]
116 Graphic adapted from https://www.flickr.com/photos/83823904@N00/64156219/
(permission CC-BY-2.0)
Internal Risk Communication (9/9): The Future?
M. Korsnick, Risk Informing the Commercial Nuclear Enterprise, Promise of a Discipline: Reliability and Risk in Theory and in Practice, University of Maryland, April 2, 2014.
PRA Technology Challenges
[Uncertainty Typology]
117 CLOSING THOUGHTS And what if the bird wont sing?
Nobunaga: Make it sing.
Hideyoshi: Make it want to sing.
Tokugawa: Wait.
- Eiji Yoshikawa (Taik)
Closing Thoughts
118 Is Winter Coming?
Anyone submitting a PRA for use in the LWR regulatory process should feel that his long-term technical reputation is on the line.
- D. Okrent (1981) 100 Reactors Closing Thoughts Increasing realism Reducing conservatism
/
119 Challenge to NRC/RES and Opportunities To increase effectiveness and efficiency
- [Enterprise] risk-informed prioritization
- Consider new technical approaches
- Better target available resources (e.g., university grant funds)
- Leverage other programs
- Observe (learn, provide feedback)
- Cooperate
- Collaborate
- Good ideas are welcome!
Dial 1-800-CALL-RES Closing Thoughts
120 ADDITIONAL SLIDES
121 PRA HISTORY: TREATMENT OF UNCERTAINTIES Additional Slides
122 TMI-2 From Hanford to WASH-1400 SGHWR analysis WASH-740 For more information: T.R. Wellock, A Figure of Merit: Quantifying the Probability of a Nuclear Reactor Accident, Technology and Culture, 58, No. 3, July 2017, pp. 678-721.
Credible Accident System reliability studies Recommend:
accident chain analysis Hanford AEC/NRC UKAEA Technical Challenges: 1) Quantifying accident probability
- 2) Means to communicate risk not in the generation of the ACRS members present Farmer Curve WASH-1400 Estimates:
OpE (pessimistic)
Decomposition (optimistic)
Windscale 1950 1960 1970 1980 System reliability studies Additional Slides
[PRA History: Treatment of Uncertainties]
123 Early Views on Completeness W. F. Libby (Acting Chairman, AEC) - March 14, 1956 response to Senator Hickenlooper: it is incumbent upon the new industry and the Government to make every effort to recognize every possible event or series of events which could result in the release of unsafe amounts of radioactive material to the surroundings and to take all steps necessary to reduce to a reasonable minimum the probability that such events will occur in a manner causing serious overexposure to the public. [Emphasis added]
- L. Silverman (Chairman, ACRS) - October 22, 1960 letter to AEC Chairman John A. McCone: We believe that a searching analysis which is necessary at this stage [reactor siting approval] should be done independently by the owner of the reactor [Emphases added]
Additional Slides
[PRA History: Treatment of Uncertainties]
124 WASH-1400 Uncertainties (Level 1)
WASH-1400: it is reasonable to believe that the core melt probability of about 5x10-5 per reactor-year predicted by this study should not be significantly larger and would almost certainly not exceed the value value of 3x10-4 which has been estimated as the upper bound for core melt probability.
Risk Assessment Review Group (NUREG/CR-0400):
We are unable to define whether the overall probability of a core melt given in WASH-1400 is high or low, but we are certain that the error bands are understated. We cannot say by how much.
1.E-05 1.E-04 1.E-03 CDF (/ry)
WASH-1400 Uncertainties (Estimated*)
Surry Peach Bottom 5th 50th 95th mean
- Based on data from Tables V 3-14 (PWR) and 3-16 (BWR) of Appendix V, assuming distributions are lognormal; median values are somewhat higher than reported in Section 7.3.1 of the Main Report.
Additional Slides
[PRA History: Treatment of Uncertainties]
125 ACRS Concerns with WASH-1400 Methodology*
ACRS Concern Example Events[1]
Post-WASH-1400 Accident initiator quantification (Presumably external events)
Fukushima Extensive treatment: fires, earthquakes Inconsistent treatment: floods Atypical reactors Fermi 1 [2]
Multiple PRAs for non-LWRs Design errors
[3]
Many design and operational improvements identified by PRAs; database includes events involving design problems Operator error quantification TMI-2 Multiple methods emphasizing importance of context; still an active area of development Consequence modeling Chernobyl, Fukushima Continuing, evolutionary improvements (MACCS)
Data Many Improved hardware database; fits and starts with HRA; extreme natural hazards a continuing challenge
- ACRS letter to Congressman Udall re: adequacy for estimating likelihood of low probability/high consequence events (Dec. 16, 1976)
Table Notes:
1.
Events whose key characteristics (for the given topic) might not have been captured by a WASH-1400 vintage analysis.
2.
Fermi 1 had limited fuel melting. However, without an analysis, it isnt clear if a WASH-1400 vintage analysis would have captured this scenario.
3.
Design weaknesses have played a role in multiple events. More detailed review is needed to determine if: a) these are errors, and b) if they would have been missed by a WASH-1400 vintage analysis.
Additional Slides
[PRA History: Treatment of Uncertainties]
126 TMI-2 Chernobyl Some Early Developments and PRAs Challenges: 1) Filling known gaps (completeness uncertainty)
- 2) Clarifying meaning: models and results Clinch River (LMFBR)
Limerick Millstone Seabrook (full scope)
Fleming
(-factor)
Zion (full scope)
TMI-1 (full scope)
Oconee (full scope) 1980 1985 1975 Apostolakis (subjective probability)
Forsmark Koeberg
(~WASH-1400)
Super Phénix (FBR DHR)
AIPA (HTGR)
USDOE NRC US Industry International Other Notable Kaplan/
Garrick (risk)
EC/JRC Benchmarks (systems, CCF, HRA)
RSSMAP/IREP Sizewell
(+DI&C)
Indian Point (full scope)
Oyster Creek
(+seismic)
Biblis
(+aircraft)
NUREG/CR-2300 Additional Slides
[PRA History: Treatment of Uncertainties]
127 Sample Level 1 Results Display Additional Slides
[PRA History: Treatment of Uncertainties]
128 Sample Results - Sub-Model Uncertainty Effect Effects of fire model (COMPBRN) uncertainty on fire growth time N. Siu, "Modeling Issues in Nuclear Plant Fire Risk Analysis," in EPRI Workshop on Fire Protection in Nuclear Power Plants, EPRI NP-6476, J.-P. Sursock, ed., August 1989, pp. 14-1 through 14-16.
Additional Slides
[PRA History: Treatment of Uncertainties]
129 Sample Results - Model Uncertainty (User Effect)
Damage State Frequency (/yr), Review Damage State Frequency (/yr), Original 10-10 10-8 10-6 10-4 10-10 10-8 10-6 10-4 Early core melt, containment cooling Early core melt, no containment cooling Steam generator tube rupture Containment bypass Direct containment failure Late core melt, containment cooling Late core melt, no containment cooling 1.E-11 1.E-10 1.E-09 1.E-08 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 1.E-11 1.E-10 1.E-09 1.E-08 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 Original Review Internal Events 1.E-11 1.E-10 1.E-09 1.E-08 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 1.E-11 1.E-10 1.E-09 1.E-08 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 Original Review External Events Data source: G.J. Kolb, et al., Review and Evaluation of the Indian Point Probabilistic Safety Study, NUREG/CR-2934, December 1982. (ML091540534)
Additional Slides
[PRA History: Treatment of Uncertainties]
130 Chernobyl 9/11 Expansion Across Industry (US)
Technical challenges: 1) Characterizing the fleet (variability)
- 2) Developing confidence for mainstreaming RIDM 1985 1990 2000 1995 GL 88-20 GL 88-20 Supplement 4 NUREG-1560 NUREG-1742 NUREG-1150 (final)
NUREG-1150 (draft)
Severe Accident Policy Statement Safety Goal Policy Statement PRA Policy Statement ASP Plant Class Models 1982 SPAR Models NRC US Industry IPEs IPEEEs Additional Slides
[PRA History: Treatment of Uncertainties]
131 NUREG-1150 Estimated* Uncertainties (Level 1)
Model Uncertainty Model Uncertainty
- Notes: totals shown are estimated.
1)
NUREG-1150 does not aggregate the hazard-specific results. The totals shown are rough estimates assuming that the NUREG-1150 distributions are lognormal.
2)
The WASH-1400 distributions are based on data from Tables V 3-14 (PWR) and 3-16 (BWR) of Appendix V, assuming that the distributions are lognormal. The median values are somewhat higher than reported in Section 7.3.1 of the Main Report Additional Slides
[PRA History: Treatment of Uncertainties]
132 Parameter Uncertainties:
Industry Studies Industry results from: Garrick, B.J., Lessons learned from 21 nuclear plant probabilistic risk assessments, Nuclear Technology, 84, No. 3, 319-339(1989).
Additional Slides
[PRA History: Treatment of Uncertainties]
133 Parameter Uncertainties: Logarithmic vs Linear Additional Slides
[PRA History: Treatment of Uncertainties]
134 IPE/IPEEE - Variability Across Fleet 0
10 20 30 40 Number BWR PWR CDF (/ry) 1x10-6 3x10-6 1x10-5 3x10-5 1x10-4 3x10-4 1x10-3 Internal Events + Internal Floods 0
10 20 30 40 Number BWR PWR CDF (/ry) 1x10-6 3x10-6 1x10-5 3x10-5 1x10-4 3x10-4 1x10-3 Total Additional Slides
[PRA History: Treatment of Uncertainties]
135 IPE/IPEEE - Contribution of External Events 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 IPEEE CDF IPE CDF IPEEE vs IPE CDF Additional Slides
[PRA History: Treatment of Uncertainties]
136 9/11 The Modern Era (US)
Technical challenges: 1) RIDM issues (e.g., realism, heterogeneity, aggregation)
- 2) Post-Fukushima issues (e.g., external hazards)
- 3) New/advanced reactors (e.g., conduct of operations)
NUREG-1855 Fukushima RG 1.174 ASME PRA Standard 10 CFR 50.48(c)
(Fire Protection)
Risk-Informed ROP NFPA 805 NUREG-2150 NTTF Request for Information (Reevaluations) 2000 2010 2020 2005 2015 NRC US Industry SECY-98-144 Risk-Informed License Amendment Requests (LARs)
SAMAs (Life Extension)
SPAR Models NFPA 805 LARs (Fire Protection)
Additional Slides
[PRA History: Treatment of Uncertainties]
137 SAMA - Contribution of External Events 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 1.E-07 1.E-06 1.E-05 1.E-04 1.E-03 External Internal External vs. Internal CDF (SAMA)
Note: External includes internal fires Additional Slides
[PRA History: Treatment of Uncertainties]
138 Variability in Recent Results (Level 1) 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35
-6.0
-5.5
-5.0
-4.5
-4.0
-3.5
-3.0 1E-6 1E-5 1E-4 1E-3 CDF (per reactor year)
Fraction of Plants Highest Reported:
1.3x10-4 Lowest Reported:
3.5x10-6 Population Mean:
4.7x10-5 Additional Slides
[PRA History: Treatment of Uncertainties]
139 Variability in Results - Comparison with IPE/IPEEE 0.00 0.10 0.20 0.30 0.40 0.50 1
2 3
4 5
6 7
8 9
10 NFPA 805 IPE/IPEEE 0.01 0.1 1
10 100 1000 Fire CDF/Internal Events CDF Fraction of PRAs 0.00001 0.0001 0.001 1.00E-05 1.00E-04 1.00E-03 Total CDF (IPE + IPEEE)
Total CDF (Recent LARs) 1E-5 1E-4 1E-3 1E-5 1E-4 1E-3 Additional Slides
[PRA History: Treatment of Uncertainties]
140 DRIVE TO RIDM AND TRENDS Additional Slides
141 RIDM and NRCs Principles of Good Regulation
- Independence
- Openness
- Efficiency
- Clarity
- Reliability U.S. Nuclear Regulatory Commission, Principles of Good Regulation (ADAMS ML14135A076)
Highest Standards Best Information Public Coherent Logical Practical Competence Acceptable Readily Understood Candid Independence Openness Efficiency Clarity Reliability Risk Safety Margins Defense-In-Depth Current Regulations Performance Monitoring Integrated Decision Making Additional Slides
[Drive to RIDM and Trends]
142 Drive to RIDM: Back to the Future
- Early years: progressive evolution of protection considering maximum credible accident
- Remote siting
- Containment
- Engineered safeguards, single failure criterion
- Current: engineering solutions considered
- Single failure
- Containment?
SECY-19-0036, April 11, 2019 (ML19060A081):
the staff is seeking Commission affirmation that the most damaging single active failure of safety-related equipment is required to be considered in performing design, and transient and accident analyses, unless such a failure can be shown with high confidence to not be credible.
SRM-SECY-19-0036, July 19, 2019 (ML19183A408): In any licensing review or other regulatory decision, the staff should apply risk-informed principles when strict, prescriptive application of deterministic criteria such as the single failure criterion is unnecessary to provide for reasonable assurance of adequate protection of public health and safety.
Additional Slides
[Drive to RIDM and Trends]
143 Looking Ahead: Possible Futures U.S. Nuclear Regulatory Commission, The Dynamic Futures for NRC Mission Areas, 2019. (ADAMS ML19022A178)
Additional Slides
[Drive to RIDM and Trends]
144 Drive to RIDM: Transformation
- Evolving situation (market forces, new nuclear technologies, new analytical methods and data, new professionals)
Applying the Principles of Good Regulation as a Risk-Informed Regulator, October 15, 2019 (ADAMS ML19260E683)
- Vision: make safe use of nuclear technology possible
- Continuing standard: reasonable assurance of adequate protection
- Attitude: recognize potentially different ways of achievement - embrace change Additional Slides
[Drive to RIDM and Trends]
145 0
10 20 30 40 50 FY-17 FY-18 FY-19 FY-20 Number Fiscal Year Risk-Informed LARS Received*
Miscellaneous Risk Insights TMRE Fire Seismic GSI-191 EPU 50.69 TSTF-XXX RI TS Comp Time RI-ISI ILRT
- As of June 8, 2020 Drive to RIDM: Effect of Market Forces "Risk-Informed Performance-Based Technology-Inclusive Guidance for Non-Light Water Reactors," NEI 18-04, Rev. 1, August 29, 2019.
Operating Rx - More use of PRA models New Rx - Early use of PRA in design Additional Slides
[Drive to RIDM and Trends]
146 Drive to RIDM: New Technologies
- New designs
- New operational concepts
- Smart Reactor Systems
- Improved Analysis Im worried about the mission, Dave.
Cmon HAL, open the pod bay door Photo courtesy of NEA Halden Reactor Project Additional Slides
[Drive to RIDM and Trends]
147 Drive to RIDM: New Professionals Changing
- Experiences, knowledge
- Information content and delivery preferences
- Comfort with analytics, risk, probability
- Mobility Source: https://www.nrc.gov/reading-rm/doc-collections/commission/slides/2019/20190618/staff-20190618.pdf Additional Slides
[Drive to RIDM and Trends]
148 Trends and Impacts: A Two-Way Street Trends Increasing # RI-applications New licensing approaches New designs New operational concepts New technologies New analytical methods New professionals
Decision Making Issue Identification Option Identification Analysis Deliberation Implementation Monitoring PRA Technology Methods Models Tools Data Challenge to NRC:
Be Ready!
Additional Slides
[Drive to RIDM and Trends]
149 Who?
What?
When?
Where?
How?
Why?
NRC/RES/DRA: The Cardinal Questions DRA Users Needs Applications Suppliers Contractors Grantees Collaborators Non-NRC R&D Policy/Decision Makers Near Term (User Need)
Long Term (Future-Focused)
Additional Slides
[Drive to RIDM and Trends]
150 PRA/RIDM:
Topic Areas for Potential R&D Technical Area Topic Area Reactors Level 1 internal events at power Level 2 Level 3 Low power and shutdown (LPSD)
Operational data Event analysis Generic safety issues (GSI)
Performance indicators and thresholds New reactors (evolutionary)
Advanced reactors Research and test reactors Non-Reactor Facilities and Activities Geologic repositories High-level waste (HLW)
Low-level waste/decommissioning Fuel cycle facilities Transportation Sources Implementation and Application PRA quality (e.g., guidance, standards)
Risk-informed regulation infrastructure Risk-informed regulation applications Risk perception and communication Technical Area Topic Area Special Topics HRA Ageing Passive components Passive systems Digital systems CCF Design and construction Fire Seismic Other external events Security-related events EP&R General Systems Analysis Methods and Tools PRA tools Uncertainty and sensitivity analysis methods and tools Advanced computational methods Advanced modeling methods (e.g., simulation)
Elicitation methods Ive got a little list Additional Slides
[Drive to RIDM and Trends]
151 Need for Focus 0
5 10 15 20 25 30 35 40 45 50 0
100 200 300 400 500 600 700 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019
% NRC Total Contracting Budget ($M)
Year NRC Research Budget (FY 1976 - FY 2019)
Actual ($M)
Inflation Adjusted ($M)
% NRC Total Budget data from NUREG-1350 (NRC Information Digest)
Additional Slides
[Drive to RIDM and Trends]
152 RIDM APPLICATION EXAMPLES Additional Slides
153 Risk Info Uses - Regulations Example (Risk-Informed Fire Protection)
- Browns Ferry Nuclear Power Plant fire (3/22/75)
- Candle ignited foam penetration seal, initiated cable tray fire; water suppression delayed; complicated shutdown
- Second-most challenging event in U.S.
nuclear power plant operating history
- Spurred changes in requirements and analysis TVA File Photo 8.5m 11.5m 3m Adapted from NUREG-0050 Additional Slides
[RIDM Application Examples]
154 Risk Info Uses - Regulations Example (Risk-Informed Fire Protection)
Post-Browns Ferry deterministic fire protection (10 CFR Part 50, Appendix R) hour fire barrier, OR
- 20 feet separation with detectors and auto suppression, OR hour fire barrier with detectors and auto suppression Risk-informed, performance-based fire protection (10 CFR 50.48(c), NFPA 805)
- Voluntary alternative to Appendix R
- Deterministic and performance-based elements
- Changes can be made without prior approval; risk must be acceptable
- More than 1/3 U.S. fleet has completed transition Methods adopted by international organizations From Cline, D.D., et al., Investigation of Twenty-Foot Separation Distance as a Fire Protection Method as Specified in 10 CFR 50, Appendix R, NUREG/CR-3192, 1983.
Additional Slides
[RIDM Application Examples]
155 Risk Info Uses - Licensing Example (Changes in plant licensing basis - RG 1.174)
- Voluntary changes: licensee requests, NRC reviews
- Small risk increases may be acceptable
- Change requests may be combined
- Decisions are risk-informed Additional Slides
[RIDM Application Examples]
156 Risk Info Uses - Oversight Example (Reactor Oversight Program)
- Inspection planning
- Determining significance of findings
- Characterize performance deficiency
- Use review panel (if required)
- Obtain licensee perspective
- Finalize
- Performance indicators CDF < 1E-6 LERF < 1E-7 1E-6 < CDF < 1E-5 1E-7 < LERF < 1E-6 1E-5 < CDF < 1E-4 1E-6 < LERF < 1E-5 CDF > 1E-4 LERF > 1E-5 Additional Slides
[RIDM Application Examples]
157 Risk Info Uses - OpE Example (Accident Sequence Precursor Program)
- Program recommended by WASH-1400 review group (1978)
- Provides risk-informed view of nuclear plant operating experience
- Conditional core damage probability (events)
- Increase in core damage probability (conditions)
- Supported by plant-specific Standardized Plant Analysis Risk models Licensee Event Reports 1969-2018 (No significant precursors since 2002) significant precursor precursor Additional Slides
[RIDM Application Examples]
158 Risk Info Uses - Decision Support Example (Research)
Typical products (regulatory research)
Ways to look at and/or approach problems (e.g.,
frameworks, methodologies)
Points of comparison (e.g., reference calculations, experimental results)
Job aids (e.g., computational tools, databases, standards, guidance: best practices, procedures)
Problem-specific information (e.g., results, insights, uncertainties)
Side benefits Education/training of workforce Networking with technical community Regulatory Decision Support Specific Analyses Methods, Models, Tools, Databases, Standards,
- Guidance, Foundational Knowledge Decision R&D re*search, n. diligent and systematic inquiry or investigation in order to discover or revise facts, theories, applications, etc.
Additional Slides
[RIDM Application Examples]
159 Risk Info Uses - Decision Support Example (Research: Frameworks/Methodologies)
NRC-sponsored Fire PRA R&D (universities)
Started after Browns Ferry fire (1975)
Developed fire PRA approach first used in industry Zion and Indian Point PRAs (early 80s), same basic approach today Started path leading to risk-informed fire protection (NFPA 805)
Technology Neutral Framework Explored use of risk metrics to identify licensing basis events Inspiration and part basis for current Licensing Modernization Program Additional Slides
[RIDM Application Examples]
160 Risk Info Uses - Decision Support Example (Research: Reference Points)
NUREG-1150 Continuing point of comparison for Level 1, 2, 3 results Expectations (ballpark)
Basis for regulatory analysis (backfitting, generic issue resolution)
NUREG-1150 (Surry)
SOARCA Detailed analysis of potential severe accidents and offsite consequences Updated insights on margins to QHOs Peach Bottom Surry Sequoyah Additional Slides
[RIDM Application Examples]
161 Risk Info Uses - Decision Support Example (Research: Methods/Models/Tools)
SPAR Independent plant-specific models (generic data)
All-hazards (many)
Support SDP, MD 8.3, ASP, GSI, SSC studies Adaptable for specific circumstances SAPHIRE General purpose model-building tool Multiple user interfaces IDHEAS-G Improved support for qualitative analysis Explicit ties with cognitive science (models, data)
General framework for developing focused applications (e.g., IDHEAS-ECA)
Benefits from NPP simulator studies Consistent with current HRA good practices guidance (NUREG-1792)
From https://en.wikipedia.org/wiki/SAPHIRE IDHEAS is coming.
Resistance is futile!
Additional Slides
[RIDM Application Examples]