ML21138A792

From kanterella
Jump to navigation Jump to search
RES Seminar Part 2 - Short Takes
ML21138A792
Person / Time
Issue date: 05/13/2021
From: Nathan Siu
NRC/RES/DRA
To:
Siu, Nathan - 301 415 0744
Shared Package
ML21138A647 List:
References
Download: ML21138A792 (133)
v  d  e


Text

ShortTakes:

SnippetsonSomePRATopics*

NathanSiu SeniorTechnicalAdviserforPRAAnalysis OfficeofNuclearRegulatoryResearch DivisionofRiskAnalysis RESStaffTechnicalSeminar(Virtual)- Part2 May13,2021(3:004:00)

  • TheviewsexpressedinthispresentationarenotnecessarilythoseoftheU.S.NuclearRegulatoryCommission.

2 TheMenu

  • DynamicPRA
  • IdentifyingScenarios-WeirdStuffandthe ImportanceofActiveSearching
  • InternalRiskCommunication
  • ABriefHistory:PRAandtheCharacterization ofUncertainties
  • PRALessonsfromNPPAccidentsand Incidents
  • RiskRelatedRegulatoryR&D(R4&D)
  • TreatmentofUncertainties
  • AdditionalResources Notes 1)

Eachsnippetprovidesa1520minutetalkonthe subject.

2)

Mostsnippetsareaccompaniedbyextraslides providingadditionaldetails.

3)

Linkstoadditionalpresentations(pdfversions)are providedintheAdditionalResourcesportionof thisslideset.

4)

PowerPointpresentations(withfullresolution graphicsandfullfunctioningnavigationlinks)will beuploadedintoanADAMSpackage.

a.

Slidesfromthisseminar b.

PresentationsidentifiedinAdditional Resources c.

Miscellaneousadditionalpresentations, snippets,andnotes1 1ExtendedandillustratednotesonasubjectnotintendedasanactualpresentationbutprovidedinPowerPointformforconvenience.

3 DYNAMICPRA

  • Whatisit?
  • Whydowecare?
  • Wherearethingsnow?

4 FukushimaDaiichi1,3/11/2011:StaticDescription

{LossofPower}

AND{LossofIsolationCondenser}

AND{FailureofAlternateCooling}

={CoreDamage}

CD CORE DAMAGE LODHR LOSSOFDECAY HEATREMOVAL

LOP LOSSOFALL ACANDDCPOWER Ext LOIC LOSSOFISOLATION CONDENSER Ext FALTC FAILUREOF ALTCOOLING Ext

5 AddingTime,Motion(Kinematics)

  • EarthquakeandLOOP(T=0:00)
  • Tsunami(T+0:40)
  • Lossofallpower(T+0:50)
  • ICoutboardvalveclosed(T+3:40)*
  • Coredamage(T+4:00,estimated postaccident)
  • WhatbutnotWhy

- Closureofisolationcondenser

- Delayinimplementingalternate cooling(firepumps)

LOOPEQ EPS ISO EXT DCL OPR DGR LTC LOOP (Seismic)

Emergency Power (EDGs)

Isolation Condenser (IC)

Actionsto Extend ICOps Actionsto Shed DCLoads Offsite Power Recovery EDG Recovery LongTerm Cooling CD CD CD CD CD CD CD CD CD CD CD CD CD 1

2 3

4 5

6 7

8 9

10 11 12 13 14 15 16 17 18 19 20 21 22 1hr 1hr 4hr 4hr 8hr 8hr 12hr 12hr

  • Manualactionthathadlittleactualeffect;inboardvalvesalreadyclosed

6 DynamicInteractions=>Context=>Why Time

Time Hazard Systems Indications Operators/Workers ERC/ERteam EP 14:46 0:00 Earthquake Scram 14:47 0:01 MSIVsclose,turbinetrips,EDGs startandload Rxleveldrops 14:52 0:06 ICsstartautomatically RVpressuredecreases;RVlevel innormalrange 15:03 0:17 ICsremovedfromservice Cooldownrateexceedingtech speclimits ManuallyremoveICfromservice 15:06 0:20 DisasterHQestablishedinTEPCO Tokyo 15:10 0:24 Determineonly1trainIC needed;cycleAtrain 15:27 0:41 Firsttsunami arrives 15:35 0:49 Secondtsunami arrives 15:37 0:51 LossofAC 15:37 0:51 15371550:Graduallossof instrumentation,indications (includingICvalvestatus,RV level),alarms,MCRmainlighting DetermineHPCIunavailable 15:42 0:56 TEPCOentersemergencyplan (lossofACpower);ERC established 16:35 1:49 D/DFPindicatorlampindicates "halted" 16:36 1:50 Reviewaccidentmanagement procedures,startdeveloping proceduretoopencontainment ventvalveswithoutpower CannotdetermineRVlevelor injectionstatus;worktorestore levelindication;donotputICin service Reviewaccidentmanagement procedures,startdeveloping proceduretoopencontainment ventvalveswithoutpower Declaredemergency(inabilityto determinelevelorinjection) 40minutesbetweenearthquakeandtsunami; transitionfromconfidentcontroltodisbelief Degradationandfailureovertime, graduallyaffectingoperator informationandabilitytocontrol

7 DynamicPRA-WhatIsIt?

DynamicPRAPRAthatexplicitlytreatsinteracons amongsystemelementsandresultingmotions (includingratesofchange),e.g.,

- Hardwarecomponenttransitions(e.g.,availableto unavailable,orevenintermediatestates)

- Changesinoperatingcrewsituationawareness

- Changesinplantthermalhydraulicstate Degreeoftreatmentofdynamics=>continuumof analyses,e.g.,

- CurrentPRA(phenomenologicalsubmodel;somedirect dependencies,e.g.,supportsystems)

- Taskorientednetworkmodelsandsimulations

- Largelymechanisticsimulationswithstochasticelements Crew Plant I&C Environment FrequentconceptualizationofdynamicPRA Complexity

8 DynamicPRA-PotentialBenefits Additionalinsights(suggestingalternativeriskmanagementstrategies),e.g.,

- Untreatedmechanisms(e.g.,feedbackloops)

- Timingofkeyevents

- Causesofkeyevents Fewerintermediateandoftenconservativelyorientedsimplifications(e.g.,discretization,success criteria)

- Morerealisticresults

- Improveduseofavailableevidence(whatweknow)=>improvedDMconfidence Directlysupportiveofphenomenologicalwhatifandoptimizationanalyses,e.g.,

- Assessingeffectofdifferentparametervalues(e.g.,ATFproperties,arrivaltimesforoffsiteaid)

- Identifyingpotentiallytroublesomerangesofparametervalues(cliffedgeeffects)1 Modelingindisciplinespecificterms(nativelanguage)

- Reducedchanceoftranslationerrors

- Increasedstakeholderinvolvementandbuyin Engineeringtrends(integratedsimulation) 1AnalysisrequirescouplingofdynamicPRAmodelwithappropriatemathematicalsearchingandoptimizationtools.

9 DynamicPRA-WhereAreWe?

  • Stronginterest:academia,international
  • NPPs:tools,demonstrations
  • Nonnuclear:decisionsupportapplications(e.g.,aerospace,hydropower)

DevelopmentalStage Late (Mature,Stable)

Intermediate (Adolescent,Developing)

Early (Infancy,Emerging)

Methodologiesfor CurrentPSA (PhasedMission, CompetingRisks, Level3PSA)

HighFidelity, SimulationBased DynamicPSA DynamicPSA Toolsand Toolboxes

10 DynamicPRA-ConcludingRemarks

  • AllNPPaccidentshaveinvolvedsignificantdynamic interactionsamongsystemelements
  • ExplicittreatmentoftheseinteractionscanbenefitPRAstudies andthePRAenterprise
  • Work(particularlydecisionsupportapplications)isneededto achievethesebenefits

11 Dynamic PRA-ExtraSlides

12 IndicatorsofTechnologyMaturity1 Early (Infancy,Emerging)

Intermediate (Adolescent,Developing)

Late (Mature,Stable)

Practitioners

Smallresearchcommunity

Smallnumberofpractitioners

Strongpersonalityinfluences, competingschoolsofthought

Largernumberofpractitioners

Largernumberofexperienced researchers

Manywelltrainedandexperienced practitioners

Recognizelimitsofapplicabilityof methods

Canadaptmethodstonewsituations

Canworkwithresearcherstoidentify importantissues Research Agenda

Drivenbyperceivedneeds

Problemselectionaffectedbypersonal choice(e.g.,duetoeaseofformulation orsolution)

Newpracticedrivenresearchproblems

Someconsensuspositionsforsome broadlydefinedproblemareas

Someunproductiveresearchlines abandoned

Incompletecoverageoftopics

Mostresearchdrivenbyneedsof practice

Moreabstractresearchaddresses needsclearlyidentifiablebyall concerned Applications

Localapplications(addressingsmall partsoflargerproblems)

Nobroaderframework

Fastgrowth

Developingvocabulary

Optimisticviewsonnewmethods; limitationsnotwellunderstood

Vocabularyhasevolved

Generalframeworkexists

Littlesellingofarea 1 Adaptedfrom:Cornell,C.A.,Structuralsafety:somehistoricalevidencethatitisahealthyadolescent,ProceedingsofThird InternationalConferenceonStructuralSafetyandReliability(ICOSSAR81),Trondheim,Norway,June2325,1981.

13 U2:shutdown coolingestablished U1:enterRB toassessSSC conditions TVAnotified U2:startdepressurization (stuckRV,thencontinue)

U1:startdepressurization U2:DDGtripped, multipleboardslost U2:controlpanelmalfunctions,scram, turbinetrip,FWtrip,MSIVsclose U1:FWtripped,HPCIand RCICstopped,useCRDpump U1:scram,2/3FWpumps tripped,multipleboardslost BrownsFerry1&2 19750322 U1:RVcontrol restored U1:spuriousalarms,actuations FirereportedtoU1/U2MCR TimefromStart(hr) 0 2

4 6

8 10 12 OFDnotified Fireout Startusingwater U2:conditions stabilized U1:lossofoperatingreliefvalves CSRCO2 discharge Smoke,CO2 enterMCR Firestart U1:prepareforRHRcooling CSRfireout,resume RBfirefighting U1:shutdown coolingestablished (15hr,50min)

14 EFWrestored (powertoEFPs)

Startlayingtemporary cabletopowerEFPs Naturalcirculation:

useSVsandcoldFW tocontrolprimary LossofEFW (burnedcable to2nd EFP)

Trialanderrorfaultdiagnosis actions=>morefailures (includinginstrumentation)

Closeprimaryhotleg maingatevalves,start forcedcirculation Greifswald1 19751207 Stable cooling DGsstart,powerto 1/2emergencybuses Turbine trip Heavysmoke, needrespirators TimefromStart(hr) 0 2

4 6

8 10 12 MCRpowerrestored; pressurizerSVsopen,2/6failtoreclose; emergencycoolingpumpstarted Fire out Startfirefighting Fire alarm Firestart, spread Corridor ventilation restored

15 Feedwatermakeupto SGs(temporarycable)

Startlayingtemporarypowercablefrom U2DGtoU1emergencymakeuppump Armenia1&2 19821015 MCRpower restored PowertoU1emergency makeuppumpfromDG U1:onlyinstrumentationis primarypressure(localstation)

SGSRV opened Station Blackout Lossofmaincoolantpumps,MCR lights,readouts,alarms,phones, power,normalandemergencymakeup Manual tripU1&2 Offsite FBsarrive Breakcablespreading roomwalltoaccessfire FBarrives,openMCR hatchtosprayvault TB,transformerfires undercontrol Firestart, spread Smoke inMCR MCRsmoke unbearable H2,transformer explosions OperatorsmanuallyopenSGdumpvalves inupperTB(wearingbreathingmasks)

Fireout Fire controlled TimefromStart(hr) 0 2

4 6

8 10 12

16 Blayais 14 19991227 U1:shutdown U4:400kVrestored U1:TrainAESWS pumpssubmerged U2:400kVrestored U1&U2:LHSIandCSS pumproomsflooded Level2EmergencyPlanactivatedforU1;utility andregulatornationalemergencyteams activated;agreetoSGcooldownstrategy Usefireenginestoassist inpumpfloodwaters WalkdowndiscoversU1TrainA ESWSpumpssubmerged U2&U4:Lossof400kV (gridinstability),scram Regulator informedofU1&

U2statusandSG cooldown strategy 225kVpower restored(U1U U1U4:Lossof225kV power(fallentrees)

Level1EmergencyPlanactivated:onsitepumps forfloodwaters,recoversubmergedequipment Siteaccessregained;needed offsiteworkerscanarrive U4:High tidealarm Floodovertops dyke,siteaccess lost Floodwaterpumping (continuesto~50hr)

TimefromStart(hr) 0 2

4 6

8 10 12 14 16 18 20 22 24 26 28 30 19:00 12/27 0:00 12/28 0:00 12/29

17 FukushimaDaiichi1 20110311 (1of3) 17 Time Relative Time Hazard Systems Indications Operators/Workers ERC/ERteam EP 14:46 0:00 Earthquake Scram 14:47 0:01 MSIVsclose,turbinetrips, EDGsstartandload Rxleveldrops 14:52 0:06 ICsstartautomatically RVpressuredecreases;RV levelinnormalrange 15:03 0:17 ICsremovedfromservice Cooldownrateexceeding techspeclimits ManuallyremoveICfrom service 15:06 0:20 DisasterHQestablishedin TEPCOTokyo 15:10 0:24 Determineonly1trainIC needed;cycleAtrain 15:27 0:41 Firsttsunami arrives 15:35 0:49 Secondtsunami arrives 15:37 0:51 LossofAC 15:37 0:51 15371550:Graduallossof instrumentation, indications(includingIC valvestatus,RVlevel),

alarms,MCRmainlighting DetermineHPCI unavailable 15:42 0:56 TEPCOentersemergency plan(lossofACpower);

ERCestablished 16:35 1:49 D/DFPindicatorlamp indicates"halted" 16:36 1:50 Reviewaccident managementprocedures, startdeveloping proceduretoopen containmentventvalves withoutpower CannotdetermineRVlevel orinjectionstatus;workto restorelevelindication;do notputICinservice Reviewaccident managementprocedures, startdeveloping proceduretoopen containmentventvalves withoutpower Declaredemergency (inabilitytodetermine levelorinjection)

DynamicPRA 40minutesbetweenearthquakeandtsunami; transitionfromconfidentcontroltodisbelief Degradationandfailureovertime, graduallyaffectingoperator informationandabilitytocontrol

18 Time Relative Time Hazard Systems Indications Operators/Workers ERC/ERteam EP 16:45 1:59 DetermineRVlevel Emergencycancelled 16:55 2:09 Tsunamialert Workersonwaytocheck D/DFPhadtoturnback 17:07 2:21 Loseabilitytodetermine RVlevelorinjectionstatus Reenteredemergencyplan 17:12 2:26 Sitesuperintendentdirects investigationofusingfire protectiontoinjectwater 17:15 2:29 Estimatedcoreuncovery in1hr 17:19 2:33 Tsunamialert cleared 17:30 2:44 Dieseldrivenfirepump startedandlefttoidle Pressureabove100psi Manuallyopenvalves(in dark)fromfireprotection systemtocorespray system;taketurnsholding D/DFPswitchtokeepin standby 18:18 3:32 DCpowerpartially returned MO3AandMO2A indicateclosed 18:18 3:32 MO3AandMO2A opened OpenICvalvesMO3Aand 2A.Steamfromcondenser observed 18:25 3:39 MO3Aclosed RemoveICfromservice (concernedaboutfailing lines).EnteredR/BandT/B tomanuallyopenMOVfor FPlineup.Hardtime findingvalve,hadwrong key,hardtooperatehand wheel.Longtime.

DynamicPRA Errorofcommission(disabling passivesafetysystem)possibly basedonassumedlowinventory (usage)

Externalinfluence triggeringwork stoppage,temporary evacuation, accountability FukushimaDaiichi1 20110311 (2of3)

19 Time Relative Time Hazard Systems Indications Operators/Workers ERC/ERteam EP 18:50 4:00 Coredamage(45hr aftertrip) 19:00 4:14 Closevalvesforbroken outdoorFPpipes.Broke locktoallowpassage betweenUnits2and3.

AskTokyoformorefire engines 19:03 4:17 Govt.declares nuclear emergency 20:07 5:21 Nopressureindicationin MCR;Reactorpressure=

6.89 MPa(1000psi) local indication 20:49 6:03 Smallportablegenerator installed MCRhastemporarylighting 20:50 6:04 Localauthoritiesorder evacuationwithin 2km 21:19 6:33 Levelindication restored; level=0.20m(8)above TAF 21:23 6:37 Prime ministerorders evacuationwithin3km; shelteringoutto10km 21:30 6:44 MO3Aopened PlaceICinservice;steam observed 21:51 7:05 AccesstoRBrestricteddue todoserates-indirect indicationofcoreuncovery 22:00 7:14 Level= 0.55m(21.7) aboveTAF 23:50 9:04 Drywellpressure=0.50 MPa(87psi)abovedesign Restorationteamfrom ERCenablesreading 23:59 9:13 Offsitepowersupply trucksarrivebymidnight Inhindsight,coredamage GameOverfor1F1; continuing1F1recovery activitiesandeventsimpact otherunits(1F2and1F3core uncovery on3/14)

FukushimaDaiichi1 20110311 (3of3)

20 Earthquake 2nd Tsunami SBO(U1U5)

LossofDC(U1U4)

U1Core Damage(est.)

U1RB Explosion U3Core Uncovery U3RB Explosion U4RB Explosion U2Core Uncovery U5Level=

TAF+0.95m U1Cont.

Venting U3Cont.

Venting U2Cont.

Venting U5Rx Depressurizing Confirmed:

LocalEvac.

Order:

LocalEvac.

Request:Suspend SeawaterInjection Order:Vent U1andU2 3/11 3/12 3/13 3/14 3/15 FukushimaDaiichi16 20110311

21 3/11 3/17 3/18 3/19 3/20 3/12 3/13 3/14 3/15 3/16 3/21 Earthquake 2nd Tsunami SBO(U1U5)

U1Core Damage(est.)

U1RB Explosion U3Core Uncovery U3RB Explosion U4RB Explosion U2Core Uncovery U5Level=

TAF+0.95m U5SFP CoolingRestored U6SFP CoolingRestored SDFTruckSpray U4SFP U4SFPLeve

<0.5mabovef 4/

FukushimaDaiichi16 20110311

22 Adaptedfrom:R.Gauntt,FukushimaDaiichiAccidentStudy:MELCORAnalysesandResults,OECD/NEAFukushimaAccidentAnalysisWorkshop,IssylesMoulineaux,France,June1820,2012.

SeealsoR.Gauntt,etal.,MELCORSimulationsoftheSevereAccidentattheFukushima1F1Reactor,ANSWinterMeetingandNuclearTechnologyExpo,SanDiego,CA,November1115,2012.

ContainmentVenting:

Preventscatastrophic failure Causesreleaseto environment Pressure(MPa) 1.0 0.5 0.0 0

5 10 15 30 25 20 Time(hr) steamdome drywell wetwell RPVTEPCO DWTEPCO WWTEPCO manual ventingof wetwell lowerheadfailure steamlinerupture pressurizationfromcore relocationtolowerhead Startprep forventing Govt orders venting Localevacuationconfirmed,1st teamdispatched 2nd teamdispatched,turnedback(radiation)

UnsuccessfulattemptstoopenAO90 OpenAO72 3/11/2011 14:46

23 IDENTIFYINGSCENARIOS-WEIRDSTUFFAND THEIMPORTANCEOFACTIVESEARCHING INTERESTING Clickbait

  • Whatistheconcern?
  • Whattoolsareavailable?
  • Howmightwedobetter?

24 Reminders

1) Risk={si,Ci,pi}
2) Allmodelsarewrong,butsomeareuseful.1
  • WhatisntinthePRAmodelwontbequantified
  • Whatisntconceivedofmightnotbeaddressedinariskinformed decision Scenarios:whatcangowrong?(qualitative) 1G.E.P.BoxandN.R.Draper,EmpiricalModelBuildingandResponseSurfaces,JohnWileyandSons,1987.SeetheWikipediaarticleAll modelsarewrongforbackground.

25 YoureanalyzingafloatingNPP.Haveyouthoughtofthisone?

Chazhma Bay(August10,1985)1

  • EchoIIclasssubmarineK431isnearlydonerefueling.Freshfuelhasbeenloaded, workersarepreparingtoreattach12tonreactorvesselheadwhichhascontrol rodsattached.
  • Workersseesealisnottight(thereareleaks),decidetoliftheadusingrefuelingship crane.(Decisionisagainstregulationsandmadewithoutconsultingsupervisor.Did notdrainprimarylooptoensurenomoderation,didnotdetachlatticeusedtokeep controlrodsinplace.)
  • Reactivityexcursioncausessteamexplosionwhichblowsheadandfuelassemblies outofthereactorcompartment,destroysthesubmarinepressurehull.

1SeeM.Takano,V.Romanova,H.Yamazawa,Y.Sivintsev,K.Compton,V.Novikov,andF.Parker,ReactivityAccidentofNuclearSubmarine nearVladivostok,JournalofNuclearScienceandTechnology,Vol.38,No.2,pp.143157(February2001).

26 WhatCanGoWrong?

  • Complementarymethodstoidentifystartingpoint:

- Inductive(e.g.,FMEA,HAZOP)

- Deductive(e.g.,MasterLogicDiagram,HeatBalanceFaultTree)

- Lists(e.g.,possiblehazards,actualevents,otherPRAs)

  • Notes:

- Conventionalfocusonpostinitiatorscenariocanblurorevenmiss importantfactorsinpreinitiatorbuildup

- Realeventscaninvolveunanticipatedmechanismsandsequencesof eventsthatappearperfectlyreasonableinhindsight.Clickhere formore examples.

27 Checklistscanbeusefulbut

  • Mightnotactuallybeexhaustive
  • Canbeconfusing(e.g.,overlapping categories)
  • Canpromoteoneatatimeconsideration (actualeventscaninvolvemultiple categories)
  • Canbeinefficient(e.g.,excessiveattention onultimatelyunimportantcategories)
  • Lengthylistsmighttriggerimpulsetoscreen ratherthanexplore Aircraftimpact Localintenseprecipitation Avalanche Lowlakeorriverwaterlevel Biologicalevents Lowwintertemperature Coastalerosion Meteororsatellitestrike Drought Onsitechemicalrelease Externalfire Pipelineaccident Externalflooding Riverdiversion Extremewindsandtornadoes Sandstorm Fog Seiche Forestfire Seismicactivity Frost Severetemperatures Hail Snow Highsummertemperature Soilshrinkswell Hightide Spaceweather Hurricane Stormsurge Icecover Transportationaccident Industrial/militaryfacilityaccident Tsunami Internalflooding Turbinegeneratedmissiles Landslide Volcanicactivity Lightning

28 ActiveSearching

  • Searchingemphasizedintheearlydays ofnuclearpower
  • Afundamentalfirstprinciplesattitude:

usingunderstandingofsystem,lookfor potentialproblems(ratherthanexpect themtoberevealedbysomeanalytical process)

  • Potentiallyvaluablefornew/novel situationswhereoperationalexperience isweakorentirelylacking itisincumbentuponthenewindustryand theGovernmenttomakeeveryeffortto recognizeeverypossibleeventorseriesof eventswhichcouldresultinthereleaseof unsafeamountsofradioactivematerialto thesurroundingsandtotakeallsteps necessarytoreducetoareasonable minimumtheprobabilitythatsuchevents willoccurinamannercausingserious overexposuretothepublic.

W.F.Libby(1956)1 1W.F.Libby(ActingChairman,AEC)- March14,1956responsetoSenatorHickenlooper[SeeD.Okrent,ReactorSafety,Universityof WisconsinPress,1981.(NRCTechnicalLibraryTK9152.O35,multiplecopies)]

29 HazardIdentificationExample:ChecklistvsActiveSearch Checklist ActiveSearch(akaRedTeaming)

GeneralProcess Steppingthroughlist

1) Askwhateachhazardmightdo
2) Screenorretainforfurtheranalysisusing establishedcriteria Lookingatundesiredstate(e.g.,failureof keycomponents),ask
1) Whatconditionsmightcausethis undesiredstate
2) Whathazardsorhazardcombinations mightcreatetheseconditions
3) Ifthereareprotectivebarrierspreventing theundesiredconditions,whatmightfail thesebarriers Advantages Morecomplete Methodical,easytodocument Moredirect Lessrestrictedbycategorization Engagesimagination Challenges Notwastingtimeonunimportantcategories Avoidingurgetoscreen(tofinishthejob)

Temperingimaginationwithplausibility Ensuringreasonablecompleteness

30 ActiveSearch>>DrawingFaultTree

  • Needtoidentifyplausiblemechanisms

- Possiblefailurescanalwaysbeaddedtoafaulttree

- Reasonablecausalityneededforretentionandquantification

  • Examples

- Operatordisablingofsafetysystems(errorsofcommission)

- Seismicallyinducedreactivitytransients

31 Example:DisablingaBWRIsolationCondenser ISOXHEEOCTERM OPERATORTERMINATES ISOLATIONCONDENSER OPERATION Possible butwhat reason?

32 Example:SeismicallyInducedReactivityExcursion

  • Observations

- Globaloperationalexperience:atleast4(perhaps5) earthquakescausingfluxinducedtripsat7(perhaps9) reactors1

- Somereactordesignshaveunstableoperatingregimes

- Systemswithtimedelayedfeedback(e.g.,restorative forces)canoscillate,evenresonate

  • Q:Canaseismiceventinducearesonanceleading toarunawayreaction?Underwhatconditions?

1Groundmotiontripseithernotavailable(e.g.,powerloss)ornottriggered(e.g.,accelerationsaretoolow)

Adaptedfrom:https://earthquake.usgs.gov/earthquakes/

NorthAnnaNuclear GeneratingStation

33 Example:SeismicallyInducedReactivityExcursion Plausible?

OperationalExperience ThermalHydraulics Neutronics Controls Structures SeismicHazard SystemsIntegration Movement?Bowing?

Reactivityeffects?

Fluidflow&densityeffects?

Heattransfereffects?

Resonance?

Excursion?

Feedback?

Timescales?

Perhapsnot,but askthequestion

34 LookingForward:OpE +AdvancedTechnology

  • Empiricalevidence:strongargumentfor plausibility
  • Challenges

- Enormousandgrowingdatabase(notjust nuclear)

- Unstructured,naturallanguageand heterogeneous(content,form,quality)data

- Inferencing

  • Exploratorystudy:advancedtechnology (AI/ML,BigData)canhelp1 1See,forexample N.Siu,K.Coyne,andF.Gonzalez,KnowledgeManagementandEngineeringataRiskinformedRegulatoryAgency:Challenges AndSuggestions,whitepaper,U.S.NuclearRegulatoryCommission,2017.(ML17089A538)

F.GonzalezandN.Siu,AccidentSequencePrecursors:CurrentAnalyses,Challenges,andFutureResearch,WGRISKAnnual Meeting,NEAHQ,BoulogneBillancourt,France,March2022,2019.(ML19071A160)

Adaptedfrom:

1) https://str.llnl.gov/str/March02/March50th.html 2) https://en.wikipedia.org/wiki/History_of_supercomputing#/media/File:Supercomputershistory.svg 3) https://www.top500.org/news/japancapturestop500crownarmpoweredsupercomputer/

35 IdentifyingScenarios-ConcludingRemarks

  • AlongstandingandcontinuingPRAgoal:ensuring completeness
  • Animportantmindset:activesearching(especiallywhen dealingwithnew/novelsituations)
  • Currentlyavarietyoftoolsandresourcestosupportsearching; advancedtechnology(e.g.,AI/ML)canleadtofurther improvements

36 ExtraSlides-ExamplesofRealWorldEvents andMechanisms

37 Externalflooding:obviousnowbutbackthen?

FukushimaDaiichi(1990s)

- AddedEDGstosupplementexistingunits(SAM modification)

- AircooledEDGs1 installedatUnits2,4,6;crossties providedwithUnits1,3,5

- AllwatercooledEDGsinbuildingbasements

- AircooledEDGsinstalledongroundfloor,metalclad switchgearinbasement GreatEastJapanEarthquake(March11,2011)

- Earthquake=>LOOP

- Tsunami=>SBOforUnits14(W/CEDGs,M/Cswitchgear)

- Unit6EDGsuppliesUnits5and6;airlouver~1mabove tsunamiheight 1972DB 2009DB 2011 NewM/C Switchgear New EDG 10m 1Notaffectedbylossofservicewater,e.g.,duetotsunami.(PumpsareatelevationO.P.+4m.)PerIAEADirectorGeneralsreport, choiceofaircooledisduetocurrentservicewaterloads;unclearifdiversitywasamajorfactor.

38 SomeOtherAccidents Accident NotableMechanisms/Events SodiumReactor Experiment(1959)

Reactorcoolantpumporganiccoolantleaksintotheprimarycircuit,causesflowblockages, higherfueltemperatures,interactionwithcladdingandformationofalowmelting temperaturealloy,coolantchannelblockage,fueldamage,andreleaseofradioactivegases andsomevolatilesintothesodiumcoolantandeventuallytheenvironment.

Fermi1(1966)

Segmentsofzirconiumsheets(installedlateinconstructionasasafetybarrier)tearloose duringpowerascension,blockingcoolantflow.Twofuelassembliesmelt.Followingradiation alarms,reactorismanuallyscrammed.

Chernobyl4(1986)

InterruptionofaplannedtestduetooffsitegridneedsleadstoXenonpoisoning,inabilityto achieveplannedtestconditions.Crewdecidestoproceedwiththetestdespitetheplant beinginanunstableoperatingregimeanddisablesanautomaticscramtofacilitatetesting.A plantcomputersignaldictatingimmediateshutdownisignored.Thetestinitiatesapositive reactivityexcursionwithacatastrophicsteamexplosionandcoredestructionsome44 secondslater.

39 SomeInterestingIncidents Incident NotableMechanisms/Events Vogtle1(1988)

Smokedetectoractuation(burnoff inaductheater)ledtopressurizationofapreactiondeluge systemincablespreadingroom,waterdischargethroughleakoff valves(asdesigned),water seepagethroughafloorpenetrationintothemaincontrolroom,andspuriousopeningofa PORVatpower.Floorpenetrationdesignwasfaulty-assumedsealwelding(ofembeddedseal anglesandupperangleironassembly)wouldbewatertight.SeeLER424/88016.

IndianPoint3 (2015)

Activationofanoutdoordelugesystem(inresponsetoatransformerexplosionandfire)ledto bleedoffwaterinavalveroomadjacenttoavital480Vswitchgearroom.Duetoinsufficient drainsystemcapacity,waterbackedupintotheswitchgearroom.[Note:Althoughthewater wasnothighenoughtoaffecttheswitchgear,itconstitutedapotentialindustrialhazardthat couldhaveinhibitedoperatoraccesstothatroom.]SeeSpecialInspectionReport ML15204A499.

40 SomeRealWorldMechanisms(1of4)

Mechanism Plant(Year)

Description Unexpected

/Unusual Loadings U.S.plant EDGoilfireduetofatiguecrackingofundocumentedinstrumentationline.

Failureoccurredduringfollowupexaminationofareportedsmalloilleak;linewas movedslightly[cause?]

Nogent (2006)

Unit2condensercirculatingwatersystemleakcausesp betweenTurbine Buildingfoundationandfloor,liftsfloor,failsmanhole.

WaterfloodsUnit1TurbineBuilding,entersESWsystemgallerythrough penetrations,CCWpumproomthroughdrains.

Inadequate Protective Systems Forsmark 1 (2006)

OffsiteswitchyardtwophaseshortcircuitduringmaintenancecausesLOOP Invertersfailedonovervoltage,causinglossof2/4trainsofACandDCpower

41 SomeRealWorldMechanisms(2of4)

Mechanism Plant(Year)

Description Secondary Hazards Maanshan 1 (2001)

SaltspraycausedLOOP;electricalfaultcausedhighenergyarcingfault(HEAF),loss offaultedsafetybus HeavysmokefromHEAFdelayedaccesstoswitchgearroomtorestorepowerto undamagedsafetybus=>2hourstationblackout Cruas 24 (2009)

Floodmanagementactionsleadtovegetationdebrisdownstream,cloggingof servicewaterintake TotallossofservicewaterforUnit4,partiallossforUnits2and3 Declared Inoperability Blayais 12 (1999)

Duringsiteflooding,roomscontainingUnit1andUnit2lowheadsafetyinjection andcontainmentspraypumpspartiallyflooded Pumpsdeclaredinoperable LaSalle12 (1996)

Foreignmaterial(injectablesealantfoam)foundonfloorofservicewatertunnel Corestandbycoolingsystem,emergencycorecoolingsystem,anddiesel generatorsdeclaredinoperable,bothunitsshutdown

42 SomeRealWorldMechanisms(3of4)

Mechanism Plant(Year)

Description Worker Safety Concerns PointBeach (2000)

CommunicationslostwithdiverworkinginUnit2(shutdown)circulatingwater pumphouse ManualshutdownofUnit1 U.S.plant Oilfirenearreactorcoolantpump Spuriousevacuationalarm(smokecloggedradiationmonitor)

Reactorbuildingevacuated Operator Choices Greifswald1 (1975)

Duringaseverepowercablefiretriggeredbyanelectrician(performinga demonstrationforatrainee),operatorsmanipulatedswitchgeartofindintactcables forpower(trialanderrorproblemsolving)buttheseactionscausedadditional failures TMI2 (1979)

Duringalossoffeedwaterevent,operatorsthrottledhighpressuremakeupinthe mistakenbeliefthatthereactorcoolantsystemwasgoingsolid

43 SomeRealWorldMechanisms(4of4)

Mechanism Plant(Year)

Description Operator Choices (cont.)

DavisBesse (1985)

Duringalossoffeedwatertransient,theshiftsupervisordidnotimplement operatingproceduresforfeedandbleedcooling(whichwouldcontaminate containment),counting(correctly)ontimelyrestorationofauxiliaryfeedwater Inhastetoentertheauxiliaryfeedwaterpumproom(accessedviaalockedgrate),

anequipmentoperatortossedkeystoanothertenfeetahead Vandellos (1989)

DuringaTurbineBuildingfire(hydrogendeflagration,cascadingburningoil),

operators(usingbreathingapparatus)entereddark,smokefilledareastoperform recoveryactions Fukushima Daiichi1 (2011)

Operatorsisolatetheisolationcondenserinthemistakenbeliefthatitwascloseto dryingoutandfailing(whichwouldprovideadirectreleasepathtotheenvironment)

Maintenance Error Rancho Seco (1978)

Amaintenanceworkerdroppedalightbulbintoacabinet,shortingoutnonnuclear instrumentation.Propagatingfaultsledtoascenariothatcouldeasilyhaveresulted inanoutcomeasseriousasthatoftheaccidentatThreeMileIslandayearlater

44 SomeResources 1.

FukushimaDaiichi(2011):InternationalAtomicEnergyAgency,TheFukushimaDaiichiAccident,DirectorGeneralReport,Vienna, Austria,2015.

2.

SodiumReactorExperiment(1959):P.Pickard,SodiumReactorExperimentAccidentJuly1959,SandiaNationalLaboratories,August29,2009.(Availablefrom:

https://www.etec.energy.gov/Library/Main/Pickard%20SRE%20presentation.pdf) 3.

Fermi1(1966):FermiFuelMeltAccident,Nuclepedia.

4.

Chernobyl4(1989):U.S.DepartmentofEnergy,ElectricPowerResearchInstitute,EnvironmentalProtectionAgency,FederalEmergencyManagementAgency,InstituteofNuclearPowerOperations, andtheU.S.NuclearRegulatoryCommission,ReportontheAccidentattheChernobylNuclearPowerStation,NUREG1250,January1987.

5.

Vogtle1(1988):WaterLeakageintoControlRoom/PotentialExistsforaSafetySystemFailure,LicenseeEventReport424/88016,November22,1988.

6.

IndianPoint3(2015):U.S.NuclearRegulatoryCommission,IndianPointNuclearGenerating-SpecialInspectionReport05000286/2015010,July23,2015.

7.

Nogent (2006):U.S.NuclearRegulatoryCommission,ConstructionRelatedExperiencewithFloodProtectionFeatures,IN200906,July21,2009.(ML090300546) 8.

Forsmark 1(2006:U.S.NuclearRegulatoryCommission,SignificantLossofSafetyRelatedElectricalPoweratForsmark,Unit1,inSweden,IN200618,August17,2006.

9.

Maanshan 1(2001):AtomicEnergyCouncil,Taiwan,TheStationBlackoutIncidentoftheMaanshan NPPUnit1,April18,2001.(Availablefrom:

https://www.aec.gov.tw/webpage/control/report/safety/safety_04_002.pdf) 10.

Cruas 24(2009):P.Dupuy,G.Georgescu,andF.Corenwinder,TreatmentofthelossofultimateheatsinkinitiatingeventsintheIRSNLevel1PSA,NEA/CSNI/R(2014)9,NuclearEnergyAgency, BoulogneBillancourt,France,2014.

11.

Blayais 12(1999):Blayais Flood,Nuclepedia.

12.

LaSalle12(1996):ForeignMaterialInjectedIntoServiceWaterTunnelCausesDualUnitShutdownDuetoInadequateWorkControl,LicenseeEventReport373/96008R01,November25,1996.

13.

PointBeach(2000):ManualReactorTripDuetoConcernsforDiverSafety,PointBeachNuclearPlantUnit1,LicenseeEventReport266/00010R00,November22,2000.

14.

Greifswald1(1975):M.Rwekamp andE.Gelfort,Sicherheitsrelevanter Kabeltrassenbrand im Kernkraftwerk Greifswald Beschreibung undEinschtzung,GRSVSR24491,Gesellschaftfür AnlagenundReaktorsicherheit (GRS)mbH,Kln,Germany,June2004.

15.

TMI2(1979):D.Marksberry,F.Gonzalez,andK.Hamburger,ThreeMileIslandAccidentof1979KnowledgeManagementDigest,Overview,NUREG/KM0001,rev.1,U.S.NuclearRegulatory Commission,June2016.

16.

DavisBesse (1985):U.S.NuclearRegulatoryCommission,LossofMainandAuxiliaryFeedwaterEventattheDavisBesse PlantonJune9,1985,NUREG1154,July1985 17.

Vandellos (1989):S.P.Nowlen,M.Kazarians,andF.Wyant,RiskMethodsInsightsGainedfromFireIncidents,NUREG/CR6738,U.S.NuclearRegulatoryCommission,September2001.

18.

RanchoSeco (1978):R.M.Bernero andF.H.Rowsome,SingleFailurePotentiallyLeadingtoCoreDamage,memorandumtoH.R.DentonandC.Michelson,U.S.NuclearRegulatoryCommission, March14,1980.(ML19323J370)

45 INTERNALRISKCOMMUNICATION

  • Whatisit?
  • Whyisithard?
  • Howmightweimprove?

46 InternalRiskCommunication:SupportRIDM OtherConsiderations Currentregulations Safetymargins Defenseindepth Monitoring Quantitative

+

Quantitative AdaptedfromNUREG2150 With To

47 RiskInformation:NotJustforCurrentDecisions Specific Analyses Methods,Models, Tools,Databases, Standards,

Guidance, FoundationalKnowledge Prior(foundational) informationaffectsDM processingofnewinformation Recognition Interpretation Judging/Weighting

48 RiskInformation:InherentlyComplex

  • Lowlikelihood=>beyondpersonal experience,intuition
  • Hyperdimensional

- Scenarios

- Likelihood

- Multipleconsequencemeasures

  • Uncertain

- Sparseornonexistentdata

- Multiplemodels

- Partialcoverage OtherComplications

  • Heterogeneous o Qualitativeandquantitative o Multipleviews (organizations,disciplines)
  • Dynamic o Systemchanges(e.g.,

differentoperationalmodes, effectsofdecisions) o Newapplications(and contexts)

49 OtherChallenges

  • Individualuserdifferences,e.g.,

- Knowledge

- Preferences/heuristics

  • Socialfactors,e.g.,

- Trust

- Decisionandgroupdynamics

  • Situationalcontext,e.g.,

- Availabletimetoconsider

- Decisionsupportvs.informational Source:https://www.nrc.gov/readingrm/doccollections/commission/slides/2019/20190618/staff20190618.pdf

50 HowtoEnsureMessageCaptureandRetention?

  • Intrinsicvalueofcontent

- Risklevel(absolute,relative)

- Riskimportance(absolute,relative)

- Surprise

  • Communicationprocess

- Messageformulation

- Deliverymethod

- Tools Fire InternalEvents Internal Flooding Seismic HighWinds ExternalFlooding

51 CurrentMechanisms Documentsand Presentations (Flatland)

Interactive Discussion (Storytelling)

52 CanWeDoBetter?DifferentDocuments?

Conventional TwoColumn,Conversational Graphical Questions Embedded Graphics Sidebars SmallFont GraphicElements

53 CanWeEscapeFlatland?

  • Tufte model:userichdisplaysandreports,encourageusertoexplore

- Promotesactiveinvolvementofdecisionmaker

- Increasesgeneraltrust?

  • Agraduatedtechnicalapproachtoassist?

Interface InteractionMode

Hyperlinkeddashboards,reports

Manual

Video(withsound?)

AIassist

Visualimmersion

Multisensoryimmersion Time

54 Graphicadaptedfrom https://www.flickr.com/photos/83823904@N00/64156219/

(permissionCCBY2.0)

FromStatictoInteractiveDashboard.ThentoSciFi?

M.Korsnick,RiskInformingtheCommercialNuclearEnterprise,PromiseofaDiscipline:Reliability andRiskinTheoryandinPractice,UniversityofMaryland,April2,2014.

55 InternalRiskCommunication-ConcludingRemarks

  • Generalcommunicationgoodpracticesarehelpfulbutnotsufficient:special characteristicsofriskinformationposeadditionalchallenges
  • Intuitivelybetterapproachesarebeingdeveloped;scientifictestingcouldbehelpful
  • Communicationinvolvespeople:oneriskcommunicationsolutionmaynotwork forallactors Communication Technical Communication Risk Communication

56 InternalRiskCommunication-ExtraSlides

57 RiskInformation:Qualitative+Quantitative*

Risk{ i, i,

i }

  • Whatcangowrong?
  • Whataretheconsequences?
  • Howlikelyisit?
  • Kaplan/GarricktripletdefinitionhasbeenadoptedbyNRC.See:

WhitePaperonRiskInformedandPerformanceBasedRegulation(Revised),SRMtoSECY98144,March1,1999 GlossaryofRiskRelatedTermsinSupportofRiskInformedDecisionmaking,NUREG2122,May2013 ProbabilisticRiskAssessmentandRegulatoryDecisionmaking:SomeFrequentlyAskedQuestions,NUREG2201,September2016

58 SourcesofBreakdowns:RiskCommunication BetweenRiskManagersandPublic*

  • Differencesinperceptionofinformation

- Relevance

- Consistencywithpriorbeliefs

  • Lackofunderstandingofunderlying science
  • Conflictingagendas
  • Failuretolisten
  • Trust
  • J.L.Marble,N.Siu,andK.Coyne,Riskcommunicationwithinariskinformedregulatorydecisionmakingenvironment,International ConferenceonProbabilisticSafetyandAssessment(PSAM11/ESREL2012),Helsinki,Finland,June2529,2012.(ADAMSML120480139)

59 DifferencesinPerspective(Example)

Decision Makers Practitioners Developers Ourtendencyistofocusonthingsthatareinterestingand makethemimportant.Thethingthatwehavetodoisfocus onwhatreallyisimportant RonRivera,2020 ThePRA/RIDMCommunity Whatsinterestingimportant is(developer) mightbe(practitioner) isnt*(decisionmaker)

  • Or,atleast,isntnecessarily-interestingandimportantareindependence.

60 Preference:AvoidChartJunk Visualeffects(e.g.,noninformative3Dwithperspective)canadd popbutdistractfromorevendistortmessages.

Advancedanimationtoolscanbeevenstrongerattentiongrabbers withevengreaterdistractionpotential

- Focusattentiononeffectsratherthanmessage

- Saturateaudiences,leadingtotheneedforevenstrongereffectsin futurepresentationstograbattention Useeffectswithmoderation(ifatall),recognizingthatyour audience

- haspreferencesthatvaryfrompersontopersonandovertime(maybe theyprefer3Dcharts!)

- islikelysubjecttomanypresentationsbesidesyours(imaginethe clamorofhighlyanimatedpresentationsseekingattentiontotheir specificmessages)

Fire InternalEvents Internal Flooding Seismic HighWinds ExternalFlooding Fire Internal Events Internal Flooding Seismic High Winds External Flooding

61 SpatialInformation-UnderusedResource?

  • Commonpracticeineverydayriskcommunication
  • Goingbeyond-addchangesovertime?

62 AnOftIgnoredExternalRiskCommunicationLesson:

ComparisonsDontWorkforEverybody 0

100,000 200,000 300,000 400,000 500,000 600,000 700,000 Deaths U.S.AnnualDeaths,VariousCauses(20102019)

Flu Auto Guns Cancer COVID19 (2020)

63 OneSizeDoesntFitAll,PartII:

1,000words(astory)>apicture?

OntheeveningofJune25,afreshlygraduatedhighschool starQBwasgoingover100mphonaneighborhoodroad, tryingtogofastenoughtoavoidspeedcameradetection

("whipping").Outofcontrolonasweepingcurve,thecarhit afenceandtwotrees,andflipped.Twounbeltedpassengers wereejectedanddiedatthescene.TheQBandthefront seatpassengerwereseriouslyinjured.Allfourwere teenagers.Allhadjustleftanunderagedrinkingpartyand weredrunk.TheQBwasindictedoncountsofvehicular manslaughter,alcoholrelatedvehicularhomicideandcausing alifethreateninginjurywhiledrivingundertheinfluenceof alcohol.Theparentofthegirlhostingtheparty,whowas presentandknowledgeable,pledguiltytotwocriminal citationsforallowingunderagedrinkingathishomeandwas orderedtopay$5,000infines.

DrunkDrivingAccidentFatalities(2018)

NoAlcohol BAC>0.08g/DL 0.01<BAC<0.07g/DL 24,100 10,600 1,800 Datafrom"TrafficSafetyFacts2018Data:StateAlcoholImpaired DrivingEstimates,"DOTHS812917,June2020.(Availablefrom:

https://crashstats.nhtsa.dot.gov/#!/DocumentTypeList/11)

64 ABRIEFHISTORY:PRAANDTHE CHARACTERIZATIONOFUNCERTAINTIES

  • Whatdroveustowherewearenow?
  • Whataresomeofthemajormilestones?

65 PRAHistory:ChallengesandResponses 1940 1950 1960 1970 1980 1990 2000 2010 2020 HanfordtoWASH1400 Early PRAs ExpansionAcross Industry ModernApplications Quantifyingaccidentprobability Meanstocommunicaterisk Fillingknowngaps(completenessuncertainty)

Clarifyingmeaning:modelsandresults Characterizingthefleet(variability)

DevelopingconfidenceformainstreamingRIDM RIDMissues(e.g.,realism,heterogeneity,aggregation)

PostFukushimaissues(e.g.,externalhazards)

New/advancedreactors(e.g.,conductofoperations)

66 TMI2 FromHanfordtoWASH1400 SGHWR analysis WASH740 Formoreinformation:T.R.Wellock,AFigureofMerit:QuantifyingtheProbabilityofaNuclearReactorAccident, TechnologyandCulture,58,No.3,July2017,pp.678721.

CredibleAccident System reliability studies Recommend:

accident chain analysis Hanford AEC/NRC UKAEA TechnicalChallenges:1)Quantifyingaccidentprobability 2)Meanstocommunicaterisk notinthegeneration oftheACRSmembers present FarmerCurve WASH1400 Estimates:

OpE (pessimistic)

Decomposition (optimistic)

Windscale 1950 1960 1970 1980 Systemreliability studies Systemreliability studies

67 WASH1400Uncertainties(Level1)

WASH1400:itisreasonabletobelievethatthe coremeltprobabilityofabout5x105 perreactoryear predictedbythisstudyshouldnotbesignificantly largerandwouldalmostcertainlynotexceedthevalue of3x104 whichhasbeenestimatedastheupper boundforcoremeltprobability.

RiskAssessmentReviewGroup (NUREG/CR0400):

Weareunabletodefinewhethertheoverall probabilityofacoremeltgiveninWASH1400ishigh orlow,butwearecertainthattheerrorbandsare understated.Wecannotsaybyhowmuch.

1.E05 1.E04 1.E03 CDF(/ry)

WASH1400Uncertainties(Estimated*)

Surry PeachBottom 5th 50th 95th mean

  • BasedondatafromTablesV314(PWR)and316(BWR)ofAppendixV, assumingdistributionsarelognormal;medianvaluesaresomewhathigher thanreportedinSection7.3.1oftheMainReport.

68 TMI2 Chernobyl SomeEarlyDevelopmentsandPRAs Challenges:1)Fillingknowngaps(completenessuncertainty) 2)Clarifyingmeaning:modelsandresults ClinchRiver (LMFBR)

Limerick Millstone Seabrook (fullscope)

Fleming (factor)

Zion (fullscope)

TMI1 (fullscope)

Oconee (fullscope) 1980 1985 1975 Apostolakis (subjective probability)

Forsmark Koeberg

(~WASH1400)

Super Phénix (FBRDHR)

AIPA (HTGR)

USDOE NRC USIndustry International OtherNotable Kaplan/

Garrick (risk)

EC/JRCBenchmarks (systems,CCF,HRA)

RSSMAP/IREP Sizewell

(+DI&C)

IndianPoint (fullscope)

OysterCreek

(+seismic)

Biblis

(+aircraft)

NUREG/CR2300

69 SampleLevel1ResultsDisplay

70 SampleResults-SubModelUncertaintyEffect Effectsoffiremodel(COMPBRN)uncertaintyonfiregrowthtime N.Siu,"ModelingIssuesinNuclearPlantFireRiskAnalysis,"inEPRIWorkshoponFireProtectioninNuclearPowerPlants,EPRINP 6476,J.P.Sursock,ed.,August1989,pp.141through1416.

71 SampleResults-ModelUncertainty(UserEffect)

DamageStateFrequency(/yr),Review DamageStateFrequency(/yr),Original 1010 108 106 104 1010 108 106 104 Earlycoremelt,containmentcooling Earlycoremelt,nocontainmentcooling Steamgeneratortuberupture Containmentbypass Directcontainmentfailure Latecoremelt,containmentcooling Latecoremelt,nocontainmentcooling 1.E11 1.E10 1.E09 1.E08 1.E07 1.E06 1.E05 1.E04 1.E03 1.E11 1.E10 1.E09 1.E08 1.E07 1.E06 1.E05 1.E04 1.E03 Original Review InternalEvents 1.E11 1.E10 1.E09 1.E08 1.E07 1.E06 1.E05 1.E04 1.E03 1.E11 1.E10 1.E09 1.E08 1.E07 1.E06 1.E05 1.E04 1.E03 Original Review ExternalEvents Datasource:G.J.Kolb,etal.,ReviewandEvaluationoftheIndianPointProbabilisticSafetyStudy,NUREG/CR2934,December1982.

(ML091540534)

72 Chernobyl 9/11 ExpansionAcrossIndustry(US)

Technicalchallenges:1)Characterizingthefleet(variability) 2)DevelopingconfidenceformainstreamingRIDM 1985 1990 2000 1995 GL8820 GL8820 Supplement4 NUREG1560 NUREG1742 NUREG1150 (final)

NUREG1150 (draft)

Severe AccidentPolicy Statement SafetyGoal Policy Statement PRAPolicy Statement ASPPlantClassModels 1982 SPARModels NRC USIndustry IPEs IPEEEs

73 NUREG1150Estimated*Uncertainties(Level1)

ModelUncertainty ModelUncertainty

  • Notes:totalsshowninthis 1)

NUREG1150doesnotaggregatethehazardspecificresults.ThetotalsshownareroughestimatesassumingthattheNUREG1150distributionsarelognormal.

2)

TheWASH1400distributionsarebasedondatafromTablesV314(PWR)and316(BWR)ofAppendixV,assumingthatthedistributionsarelognormal.The medianvaluesaresomewhathigherthanreportedinSection7.3.1oftheMainReport

74 IPE/IPEEE-VariabilityAcrossFleet 0

10 20 30 40 Number BWR PWR CDF(/ry) 1x106 3x106 1x105 3x105 1x104 3x104 1x103 InternalEvents+InternalFloods 0

10 20 30 40 Number BWR PWR CDF(/ry) 1x106 3x106 1x105 3x105 1x104 3x104 1x103 Total

75 9/11 TheModernEra(US)

Technicalchallenges:1)RIDMissues(e.g.,realism,heterogeneity,aggregation) 2)PostFukushimaissues(e.g.,externalhazards) 3)New/advancedreactors(e.g.,conductofoperations)

NUREG1855 Fukushima RG1.174 ASMEPRA Standard 10CFR50.48(c)

(FireProtection)

Risk Informed ROP NFPA805 NUREG2150 NTTFRequest forInformation (Reevaluations) 2000 2010 2020 2005 2015 NRC USIndustry SECY98144 RiskInformedLicenseAmendmentRequests(LARs)

SAMAs(LifeExtension)

SPARModels NFPA805LARs(FireProtection)

76 VariabilityinRecentResults(Level1) 0.00 0.05 0.10 0.15 0.20 0.25 0.30 0.35 6.0 5.5 5.0 4.5 4.0 3.5 3.0 1E6 1E5 1E4 1E3 CDF(perreactoryear)

FractionofPlants Highest Reported:

1.3x104 Lowest Reported:

3.5x106 PopulationMean:

4.7x105

77 VariabilityinResults-ComparisonwithIPE/IPEEE 0.00 0.10 0.20 0.30 0.40 0.50 1

2 3

4 5

6 7

8 9

10 NFPA805 IPE/IPEEE 0.01 0.1 1

10 100 1000 FireCDF/InternalEventsCDF FractionofPRAs 0.00001 0.0001 0.001 1.00E05 1.00E04 1.00E03 TotalCDF(IPE+IPEEE)

TotalCDF(RecentLARs) 1E5 1E4 1E3 1E5 1E4 1E3

78 Parameter,Model,andCompletenessUncertainty:

APracticalCategorization M(ModeloftheWorld):

Scope,structure i: Parameters

Universe KnownUnknowns UnknownUnknowns mod*el,n. a representationofreality createdwithaspecific objectiveinmind.

A.Mosleh,N.Siu,C.Smidts,andC.Lui,Model Uncertainty:ItsCharacterizationand Quantification,CenterforReliability Engineering,UniversityofMaryland,College Park,MD,1995.(AlsoNUREG/CP0138,1994)

PRAmodelsforNPPs Typicallyanassemblageofsub modelswithparameters Implicitlyincludeissues consideredbutnotexplicitly quantified Formorediscussion,seesnippetonTreatmentofUncertainties

79 PRAHistory-ConcludingRemarks NPPPRA:

  • Hasdecadesofexperiencewithanalysesanddecisionsupport applications
  • Isstronglyadvocatedandwidelyusedinternationally
  • Hasevolvedinresponsetotheoreticalandpracticalchallenges andwilllikelycontinuetodosowithnewchallenges

80 PRALESSONSFROMOPERATIONALEXPERIENCE

  • HowcaninformationfromoperationalexperiencehelpPRA?
  • Howhasthisbeenexploredandwhathasbeenlearned?
  • Whatmightwedonext?

SeeN.Siu,NuclearPowerAccidentsandIncidents:LessonsforPRA,ResearchSeminar,UniversityofIllinoisUrbanaChampaign (virtual),February2,2021(ML20339A570)forafullseminarslideset.

81 OpE InputtoRiskAssessment OtherConsiderations Currentregulations Safetymargins Defenseindepth Monitoring Quantitative Qualitative AdaptedfromNUREG2150 Operational Experience

(>statistics)

82 TMI2 PWR,US LossofFeedwater Windscale1 GraphitePile,UK UMetalFire FukushimaDaiichi13 BWRs,Japan EQ+Tsunami,LossofPower Leningrad1 RBMK,Russia ReactivityAccident Paks 2 VVER,Hungary SpentFuelPoolAccident Chernobyl4 RBMK,Ukraine ReactivityAccident Bohunice A1 HWGCR,SlovakRepublic FuelLoadingAccidents Fermi1 LMR,US FlowBlockage St.Laurent1 GCR,France FuelMisload 1990 1960 1970 1980 1950 2000 2010 2020 SomeReactorFuelDamageAccidentsandIncidents*

  • Eventsinvolvingfueldamageatpowerand/orproductionreactors

83

  • Selectednonfueldamageeventswithchallengestocorecooling 1990 1960 1970 1980 1950 2000 2010 2020 RanchoSeco PWR,US MaintenanceError LOFW,TMIprecursor DavisBesse PWR,US LOFW,noB/F H.B.Robinson PWR,US BusFire(Arc)

RCPSealChallenge Madras2 PHWR,India Tsunami LOUHS TurkeyPoint3&4 PWR,US Storm(Hurricane)

LOOP Maanshan PWR,Taiwan Storm(Spray)

SBO Gundremmingen A VVER,EastGermany TrainingError PartialLOOP,RVLOCA Narora PHWR,India TurbineFire SBO,LOMCR FukushimaDaiichi5 BWR,Japan EQ+Tsunami Lossofallpower BrownsFerry1&2 BWR,US CableFire ComplicatedTrip Armenia VVER,Armenia CableFire SBO Blayais 1&2 PWR,France Storm(Wind+Flood)

LOOP,DegradedUHS Cruas 24 PWR,France Flood(Debris)

LOUHS LaCrosse BWR,US SwitchyardFire PartialUncovery DuaneArnold BWR,US Storm(Wind)

LOOP B/F LOCA LOFW LOMCR LOOP LOUHS RV SBO Bleedandfeedcooling Lossofcoolantaccident Lossoffeedwater Lossofmaincontrolroom Lossofoffsitepower Lossofultimateheatsink Reliefvalve Stationblackout(lossofACpower)

AndSomeOther SeriousIncidents*

84 NPPOpE Narratives

  • Incidentdatabases

- Manypublic(e.g.,LERs,ETH)andnonpublic(e.g.,IAEAIRS, INPOICES)sources

- Varyingpurposes(affectingfields,entrycriteria),degreesof coverage

- Allcontainnarratives(unstructuredtext)

  • OpE narratives

- Content:subjectivebutpotentiallyrich;canstimulateAND temperimagination(possiblemechanismsandscenarios)

- Volume:rangesfromterse(passingmentions)tooverwhelming

- PerspectivesandusefulnessforPRA:varied ETH=Eidgenssische Technische Hochschule IRS=IncidentReportingSystem ICES=INPOConsolidatedEventSystem 0

2000 4000 6000 8000 10000 12000 03/11/2011 03/10/2012 03/10/2013 03/11/2014 03/11/2015 03/11/2016 03/11/2017 03/11/2018 Pages Date SelectedReportsonFukushima:

CumulativePages

85 TextMiningCautions Beawareof2020hindsight,a.k.a.

- MMQB(MondayMorningQuarterbacking)

- Iknewitallalongsyndrome asabarriertolearning Factualinformationisoftenuncertain,limitationscan persistinlaterrecords

- Simplifications

- Inconsistencies

- Factualerrors Posteventjudgmentsaresubjecttonormalhumanbiases

- Confirmationbias

- Underestimation/undervaluationofuncertainty Reviews

- Oftenreflecttechnicaldisciplineperspectives

- Oftenusedtoassessblameratherthanidentifyopportunities forimprovement Wasntthere amajor humanerror?

Thebigissuewas thehydrogen bubble...

86 SomeOpE MiningCaseStudies

  • PRAorientedreviewsof

- 30fireevents*

- GreatEastJapanEarthquakeandTsunami(2013,2016)

- Selectedstormandfloodevents(2018)

- Selectedseismicevents(20192020

  • GeneralObjectives

- Developinsights(observedmechanisms,scenarios)tosupport PRAtechnologydevelopment

- Supportstafflearning(familiarizationwithevents,PRA approaches)

- Supportfutureactivities(e.g.,smarttooldevelopment)

Lasttwocasestudies

87 InsightsRelevanttoPRATechnology Casestudies:

Strengthenedbasisformanypreviouslyrecognizedmessages(e.g.,potentialimportanceof externalhazards,errorsofcommission)

Identifiedinstanceswhere(dependingonthedecisionproblem)PRAscopemightneedto beextended(e.g.,multisiteevents,longdurationevents)

Identifiedmechanisms/scenariosneedingmultidisciplinaryattention(e.g.,multipleshocks, inducedhazards,scenariodynamics)

IdentifiedphenomenapotentiallywarrantingPRAcommunityattention(seismicallyinduced reactivityexcursions,seismicallyinducedHEAFs*)

Identifiedpreviouslyunrecognized/underpublicizedprecursorstoFukushima(HinkleyPoint, TurkeyPoint,Blayais)

Identifiedpotentialneedforsupplementarymeasures/meanstohighlightincidents(boost thesignal)forPRAcommunityattention

  • ThepossibilityofaseismicallyinducedHEAFhasbeenrecognizedduetothe2007KashiwazakiKariwa (stationtransformer)andthe 2011Onagawa (nonsafetyswitchgear)events.Theinsightsare:a)generatingmechanismsforobservednonseismicallyinducedHEAFS mightbeactivatedbyaseismicevent,andconsequentiallyb)seismicallyinducedHEAFsmightberisksignificant(basedontheimpactof theMaanshan 2001nonseismicHEAF).

88 KnowledgeManagementand KnowledgeEngineeringToolInsights

  • KnowledgeManagement

- Usefullearningexperienceforallparticipants

- Demonstratedvalueofmultidisciplinaryperspectives

- Wouldhavebenefittedfromincreasedteaminteractions

  • KnowledgeEngineeringTools

- Stillneeddeepsubjectmatterexpert(SME)expertiseto connectthedots,developinsights(notyetjustanalytics)

- Toolsneedtodealwithenormous,heterogeneousdatabase

- Withhumanintheloopimplementation,coulduseimproved toolsforscreeningdocuments,prioritizingremainderfor furtherexamination 0

2000 4000 6000 8000 10000 12000 03/11/2011 03/10/2012 03/10/2013 03/11/2014 03/11/2015 03/11/2016 03/11/2017 03/11/2018 Pages Date Wheredoesitsay?

Connectthedots

89 PRALessonsfromOpE - ConcludingRemarks

  • NotmanyNPPaccidentsandseriousincidents,butperhaps morethanrealized
  • Eventsillustratehowthingscanfail,sometimesby unexpectedpathwaysandmechanisms
  • Reviewofevents

- CaninformPRAmodeling(identificationofpossiblescenarios)

- Canbroadenknowledgebaseofreviewer

- Cansupportdevelopmentofsmarttoolsfordatamining

90 LessonsFromOpE - ExtraSlides

91 Reminder:Accidentsarearealpossibility 1990 1960 1970 1980 1950 2000 2010 2020 TMI2 PWR,US LossofFeedwater Windscale1 GraphitePile,UK UMetalFire FukushimaDaiichi13 BWRs,Japan EQ+Tsunami,LossofPower Leningrad1 RBMK,Russia ReactivityAccident Paks 2 VVER,Hungary SpentFuelPoolAccident Chernobyl4 RBMK,Ukraine ReactivityAccident Bohunice A1 HWGCR,SlovakRepublic FuelLoadingAccidents Fermi1 LMR,US FlowBlockage St.Laurent1 GCR,France FuelMisload

[BeforeTMI]coredamagewasnevernever land R.Bari*

  • PlenaryPanel:PerspectivesonNuclearSafetySincetheThreeMileIslandEvent,ANSIntlMtgProbabilisticSafetyAssessment(PSA2019),Charleston,SC,2019.

ClosingRemarks

92 Reminder:Accidents[often]haveprecursors 1990 1960 1970 1980 1950 2000 2010 2020 Madras Unpublicized HinkleyPoint Unpublicized Fukushima Blayais aFrenchproblem Leningrad Unconfirmeduntil1990 Chernobyl TMI RanchoSeco TMIsimilarityrecognized1980*

  • atwoyearoldincidentthatcouldeasilyhaveresultedinanoutcomeasseriousasthatoftheaccidentatThree MileIsland.[R.M.Bernero andF.H.Rowsome,SingleFailurePotentiallyLeadingtoCoreDamage,memorandumto H.R.DentonandC.Michelson,U.S.NuclearRegulatoryCommission,March14,1980.(ML19323J370)]

93 Reminder:IncreasingRealismReducingConservasm

/

ClosingRemarks

  • Knowngaps*inbroadscenariocategories
  • Knowngapsintreatmentofcontributorswithincategories Rationale CommonExample(s)

Outofscope security/sabotage,operationoutsideapprovedlimits Lowsignificance(preanalysisjudgment) externalfloods(manyplantspreFukushima)

AppropriatePRAtechnologyunavailable managementandorganizationalfactors PRAnotappropriate software,security Category Example(s)

Externalhazards multiplecoincidentorsequentialhazards Humanreliability errorsofcommission,nonproceduralized recovery Passivesystems thermalhydraulicreliability

  • TerminologyofGuidanceontheTreatmentofUncertaintiesAssociatedwithPRAsinRiskInformedDecisionMaking,NUREG1855Rev.1,March2017; a.k.a.knownunknowns

94 References N.Siu,NuclearPowerAccidentsandIncidents:LessonsforPRA,ResearchSeminar,UniversityofIllinoisUrbanaChampaign(virtual),

February2,2021.(ML20339A570)

S.P.Nowlen,M.Kazarians,andF.Wyant,RiskMethodsInsightsGainedfromFireIncidents,NUREG/CR6738,September2001.

N.Siu,D.Marksberry,S.Cooper,K.Coyne,andM.Stutzke,PSAtechnologychallengesrevealedbytheGreatEastJapanEarthquake, ProceedingsofPSAMTopicalConferenceinLightoftheFukushimaDaiIchiAccident,Tokyo,Japan,April1517,2013.(Paper:

ML13038A203,Presentation:ML13099A347)

N.Siu,K.Compton,S.Cooper,K.Coyne,F.Ferrante,D.Helton,D.Marksberry,andJ.Xing,PSAtechnologyremindersandchallenges revealedbytheGreatEastJapanEarthquake:2016update,Proceedingsof13thInternationalConferenceonProbabilisticSafety AssessmentandManagement(PSAM13),Seoul,Korea,October27,2016.(Paper:ML16245A871,Presentation:ML16270A522)

N.Siu,I.Gifford,Z.Wang,M.Carr,andJ.Kanney,QualitativePRAinsightsfromoperationalevents,Proceedingsof14thInternational ConferenceonProbabilisticSafetyAssessmentandManagement(PSAM14),LosAngeles,CA,September1621,2018.(Paper:

ML18135A109,Presentation:ML18249A340),NonPublicReport:ML18248A117)

N.Siu,J.Xing,N.Melly,F.Sock,andJ.Pires,QualitativePRAInsightsfromSeismicEvents,Proceedings25thConference on Structural MechanicsinReactorTechnology(SMiRT25),Charlotte,NC,August49,2019.(Paper:ML19162A422,Presentation:ML19210D835),

NonPublicReport:ML20309A718)

Note:ExpandedversionsofthePSAM14paper(stormsandfloods)andSMiRT25paper(seismicevents)canbefoundinnonpublicstaff reportsandpublicversionsofthesereports(ML21081A038 andML21081A040,respectively)

95 RISKRELATEDREGULATORYR&D(R4&D)

  • WhatisthepurposeofR4&D?
  • HowhasR4&DsupportedNRCsriskinformedactivities?
  • WhycanitbedifficulttoassessthepotentialbenefitsofR4&D?

96 NRCUsesofRiskInformation PRAPolicyStatement(1995)

  • IncreaseuseofPRAtechnologyinall regulatorymatters

- ConsistentwithPRAstateoftheart

- Complementdeterministicapproach, supportdefenseindepthphilosophy

  • Benefits:

(1) Considersbroadersetofpotentialchallenges (2) Helpsprioritizechallenges (3) Considersbroadersetofdefenses U.S.NuclearRegulatoryCommission,UseofProbabilistic RiskAssessmentMethodsinNuclearActivities;Final PolicyStatement,FederalRegister,60,p.42622(60FR 42622),August16,1995.

Decision Support Regulations and Guidance Licensing and Certification Oversight Operational Experience R&D

97 RegulatoryR&DinDecisionSupport Typicalproducts(regulatoryresearch)

Waystolookatand/orapproach problems(e.g.,frameworks, methodologies)

Pointsofcomparison(e.g.,reference calculations,experimentalresults)

Jobaids(e.g.,computationaltools, databases,standards,guidance:best practices,procedures)

Problemspecificinformation(e.g.,

results,insights,uncertainties)

Sidebenefits Education/trainingofworkforce Networkingwithtechnicalcommunity RegulatoryDecisionSupport Specific Analyses Methods,Models, Tools,Databases, Standards,

Guidance, FoundationalKnowledge Decision R&D Detailed Problemdriven Needitnow Broad Busypeople=>limited timefornonurgent communication Potentialfutureuses=>

needstopersist

98 R4&DProductExamples-Frameworks/Methodologies DynamicPRA1 Inspiredbyaccident experience(TMI2, Chernobyl)

NRCsponsored exploratoryR&D (universities,labs)

International interest(WGRISK, IAEA)

Futurefocused research Modeluncertainty-quantification2 Focusedon betweenmodel outputandreality Bayesianestimation Includesuser effectaswellas fundamental model/toolerrors 1N.Siu,DynamicPRAforNuclearPowerPlants:NotIfButWhen?U.S.NuclearRegulatoryCommission,March2019.(ML19066A390; seealsoslidesinthispresentation) 2E.Droguett andAliMosleh,Bayesianmethodologyformodeluncertaintyusingmodelperformancedata,RiskAnalysis,28,No.5,1457 1476,2008.

Time(s)

Experiment(K)

DRM(K) 180 400 450 360 465 510 720 530 560 840 550 565

99 R4&DProductExamples-ReferencePoints FirePRAmaturity andrealism1 Opinionpapers sparkedbyongoing debate

Maturityvs.

Realism

Availableevidence Quantitativeand qualitativeanalyses Basisforlater WGRISKTechnical OpinionPaper PRAlessonsfrom accidents/Incidents2 Reviewsof accidentsand incidentsforreal worldscenariosand mechanisms

3/11/2011

Fireevents

Stormsandfloods

Earthquakes AlsoKMandKE benefits 1N.Siu,K.Coyne,andN.Melly,FirePRAMaturityandRealism:ATechnicalEvaluation,U.S.NuclearRegulatoryCommission,March 2017.(ML17089A537;seealsoML15035A678 andNEA7417) 2N.Siu,D.Marksberry,S.Cooper,K.Coyne,andM.Stutzke,PSAtechnologychallengesrevealedbytheGreatEastJapanEarthquake, ProceedingsofPSAMTopicalConferenceinLightoftheFukushimaDaiIchiAccident,Tokyo,Japan,April1517,2013.(ML13038A203; seealsothispresentationsslidesonOpE lessons)

100 R4&DProductExamples-JobAids COMBPRN1 Developedwith NRCsupportfor NPPfirePRA (NUREG/CR2258)

Zonemodel

Timetotarget (cable)damage

Uncertainty analysis Usedinmultiple industryPRAs ContentAnalytics2 Exploratorystudyof Watsontech Unstructured database(corpus)

Identifyand characterizemulti unitevents

CurrentCDFs Basisforinputto currentNRCAI/ML initiatives 1N.Siu,"ProbabilisticModelsfortheBehaviorofCompartmentFires,"NUREG/CR2269,1981.

2N.Siu,K.Coyne,andF.Gonzalez,KnowledgeManagementandKnowledgeEngineeringataRiskInformedRegulatoryAgency:

ChallengesandSuggestions,U.S.NuclearRegulatoryCommission,March2017.(ML17089A538;seealsoML16355A373)

101 R4&DProductExamples-DecisionSupport Post9/11studies Shorttermanalyses tosupportorders Longerterm confirmatory analyses Advanced communication Video Nonlinear papers PressurizedThermal Shock1 Technicalbasisfor revisionPTS screeninglimit(10 CFR50.61)

Quantitative

Eventsequence analysis

T/Hanalysis(PT)

PFManalysis (TWCF)

Qualitative(Level2) 1M.EricksonKirk,etal,TechnicalBasisforRevisionofthePressurizedThermalShock(PTS)ScreeningLimitinthePTSRule(10CFR50.61):

SummaryReport,NUREG1806,2006.

102 FromR4&DtoRIDM 1970 1980 1990 2010 2000 2020 NUREG 2150 NUREG/CR 2300 NUREG 1150 Indian PointPRA SafetyGoal Policy PRA Policy SECY98144 RG1.174 Level3 PRA WASH 1400 Revised ROP IPE/IPEEE NUREG 1860 ASME/ANS PRAStandard NEI1804

103 R4&D-FromNearTermtoBlueSky Now BlueSky ShortTitle Activity Description DoB Notes AutomaticPRA Model Construction Characterizecurrent technologies Light 1.

Alreadyinusebysomeorganizations;unknowneffectiveness.

2.

TopicpreviouslysuggestedbyFSR,acceptedconceptuallybyDRA/PRAB 3.

Notrequestedbyuseroffices,resistedbyPRAoldguard 4.

Challenges:developingunderstandingoftechnologies,obtaininginformationfrom users(international,private)

Treatmentof Uncertaintyin PRA Identifyand prioritizegapsand potential improvement activities Light 1.

Widelyrecognizedbutvaguelycharacterizedissueinmovetowardsriskinformed regulation;activitygoesbeyondcurrentpractices 2.

Conceptlikelytohavebroadsupport 3.

Challenges:prioritizinggapsconsideringabilitytodosomething(quantifyingmodel uncertainty,reducingcompletenessuncertainty,improvingcommunicationof uncertainties,)

DynamicPRA Prepareforfuture applicationsofmore simulationoriented PRA Light Moderate 1.

Oldresearchconceptenabledbyimprovedcomputationalcapabilities,external(U.S.

&international)R&Dinvestments.

2.

Likelyafeatureofsomeadvancedreactorapplications.

3.

PushedbyR&Dcommunity,interestingtononPRAtypes,resistedbyPRAoldguard 4.

Challenge:demonstratingsufficientvalue RiskImpactof Regulation Characterizevalue ofregulatory requirementsbyrisk impact Moderate 1.

Notanewconcept,buttoolsarebetter;couldinvolveapplicationofNRCsLevel3 PRAmodel.

2.

Couldexaminesomefundamentalconcepts(e.g.,singlefailurecriterion, containment) 3.

Likelytoberesistedbysomestaff.

4.

Challenges:definingriskmetrics,treatmentofuncertainties,extendinglessons beyondsingleplant.

Piloting Through Hyperspace Exploreadvanced technologiesforrisk communication Strong 1.

Currentapproachesinvolveflatlanddisplays(possiblyanimated)andstorytelling.

Potentialforadvancedtechnologies(AR,VR,multisensoryinputs)notyetdiscussed.

2.

Possibleresistancefromdecisionmakers 3.

Challenge:completelyunknownpotentialbenefits DoB =f{technologicalreadiness, clarityofapplication, userskepticism}

104 ConcludingRemarks

  • R4&DisanessentialelementofNRCscontinuingeffortstoincreaseitsuseof riskinformationinregulatorydecisionmaking
  • R4&Dhasmanypurposes,longtermaswellasshortterm

- Waystolookatand/orapproachproblems

- Pointsofcomparison

- Jobaids

- Problemspecificinformation

  • ThebenefitsofR4&Dcanbedisruptive,butalsounforeseenanddelayed
  • BlueSkyproposalsarewelcome:submittotheNRCsFutureFocused ResearchProgram

105 R4&D-EXTRASLIDES

106 DegreesofBlue-MoreR4&DExamples DecisionMaking ComputationalMethods Human/OrgFactors NaturalHazards Blue Sky FullsimulationbasedPRA DynamicPRA Automaticmodelconstruction AIbaseddatamining AIassistedRIDM Advancedtechniquesfor riskcommunication AdvancedmetricsforRIDM AutonomousReactors OrgFactorsinPRA ErrorsofCommission CorrelatedHazards SimulationBased ExtremeHazards ClimateChange User Needs DoB =f{technologicalreadiness, clarityofapplication, userskepticism}

107 NRCsponsoredFirePRA R&D(universities)

StartedafterBrowns Ferryfire(1975)

DevelopedfirePRA approachfirstusedin ZionandIndianPoint PRAs(early80s),same generalframework usedtoday Startedpathleadingto riskinformedfire protection(NFPA805)

MoreProductExamples-Frameworks/Methodologies TechnologyNeutral Framework Exploreduseofrisk metricstoidentify licensingbasisevents Inspirationandpart basisforcurrent Licensing Modernization Program

108 MoreProductExamples-ReferencePoints NUREG1150 Continuingpointof comparisonfor Level1,2,3results Expectations (ballpark)

Basisforregulatory analysis (backfitting,generic issueresolution)

NUREG1150(Surry)

SOARCA Detailedanalysisof potentialsevere accidentsandoffsite consequences Updatedinsightson marginstoQHOs PeachBottom Surry Sequoyah

109 MoreProductExamples-Methods/Models/Tools SPAR Independentplant specificmodels (genericdata)

Allhazards(many)

SupportSDP,MD8.3, ASP,GSI,SSCstudies Adaptableforspecific circumstances SAPHIRE Generalpurpose modelbuildingtool Multipleuser interfaces IDHEASG Improvedsupportfor qualitativeanalysis Explicittieswithcognitive science(models,data)

Generalframeworkfor developingfocused applications(e.g.,IDHEAS ECA)

BenefitsfromNPP simulatorstudies Consistentwithcurrent HRAgoodpractices guidance(NUREG1792)

Fromhttps://en.wikipedia.org/wiki/SAPHIRE

110 FromR4&DtoRiskInformedFireProtection 1970 1980 1990 2010 2000 2020 NUREG 1150 Browns Ferry RG1.205 ASME/ANS PRAStandard NUREG/CR 2258,2269 NFPA805 BTP9.51 RG1.75 10CFR50.48 AppendixR Indian PointPRA 10CFR50.48(c)

NUREG/CR6850 EPRI1011989 IPEEE NFPA805LARs

111 TREATMENTOFUNCERTAINTIES

  • Whatdoestreatmentmean?
  • Whatarethecurrentapproaches?Challenges?
  • Canwedobetter?How?

112 DecisionMakingUnderUncertainty

  • Uncertainties

- Aboutoutcomeofalternative

- Conditionedonsituation, stateofknowledge

  • Aim:treatuncertainties toensure1

- Effectiveness(best alternative)

- Efficiency

- Stakeholderconfidence pij =P{outcomeCijlsituation,knowledge}

Safety Security Environment Cost Reputation

11

C11 C12 C1M p11 p12 p1M

C21 C22 C2N p21 p12 p2N A1 A2 1Alternatively,canbounceapproachesagainstthePrinciplesofGoodRegulation:independence,openness,efficiency,clarity,reliability

113 Treatment>Characterization Characterization Communication UseinDecision Making

114 CharacterizingUncertainties-APragmaticFramework M(ModeloftheWorld):

Scope,structure i: Parameters

Universe KnownUnknowns UnknownUnknowns

115 CharacterizationChallenges

  • ParameterUncertainties

- Rawdatapreprocessing(selectionand interpretation)

- PotentiallynonintuitiveBayesianupdating results

- Stateofknowledgedependencies

- Appropriatesimplification:expertelicitation

  • ModelUncertainties

- Seriousconsiderationofalternativemodels

- Mainstreamingofquantitativeapproaches

  • CompletenessUncertainties

- Systematicidentificationofgaps

- Seriouseffortstoreduce(transitiontomodel)

Opinions

1) Failuretouseuncertaintycharacterization bestorevengoodpracticesprovides aneasytargetforcritics,canaffect stakeholderconfidence.
2) Proforma,cookbookanalysescanmiss potentiallyusefulinsights.

Earlycoremelt,containmentcooling Earlycoremelt,nocontainmentcooling Steamgeneratortuberupture Containmentbypass Directcontainmentfailure Latecoremelt,containmentcooling Latecoremelt,nocontainmentcooling Datasource:G.J.Kolb,etal.,Review andEvaluationoftheIndianPoint ProbabilisticSafetyStudy,NUREG/CR 2934,December1982.(ML091540534)

116 CommunicatingUncertainties

  • Content/formatdependonaudienceandexpecteduse

- Different(andchanging?)levelsofcomfortwith

  • Uncertainty
  • Formalframeworks(parameter/model/completeness; aleatory/epistemic;probabilistic/nonprobabilistic)anddisplays

- Differentdecisions=>differentinformation

  • Fundamentalquestions

- HowconfidentamI(theanalysisteam)inthekeyresults, insights,andimplications?

- Whyshouldyou(thedecisionmaker)beconfidentinmy characterization?

Willsomebodyfindmea onehandedscientist?!

SenatorEdmundMuskie (Concordehearings,1976)

QuotefromI.Flatow,Truth,Deception,andtheMythoftheOneHandedScientist,October18,2012.Availablefrom:

https://thehumanist.com/magazine/novemberdecember2012/features/truthdeceptionandthemythoftheonehandedscientist

117 CommunicationChallenges Simplerthanriskcommunication(fewerdimensions,perhapsless visceralreaction)

MeetingtheGoldilocksPrinciple

- Aredifferenttypes(percharacterizationframeworks)importantto thedecision?

- Doestoomuchuncertaintyinformationcausealossofattention?

Reducesalienceofkeyresults,insights,implications?

- Doestoolittleuncertaintyinformationbreedoverconfidenceoreven asuboptimaldecision?

Designingtoincreasecognitiveengagement

- Likelyimportantformajor,nonroutinedecisions

- Activelearning=>reducepackagepolishtoencourageaudience internalprocessinganddialogwithteam?1 HurricaneModelWarning:

UsefulAdviceorJustVenting?

Ifanythingontheseproducts causesconfusion,ignorethe entireproduct.

1Ofcoursethispossible(anduntested)approachrequiresawillingaudience.

118 UsingUncertaintyInformationinDecisionMaking (AnOutsidersView)

  • Deliberativevs.NaturalisticDecisionMaking
  • Structuredapproaches

- MultiAttributeUtilityTheory(late1960s,1 used byASCE?)

- Simplifications(e.g.,AnalyticHierarchyProcess,2 early1980s)

- Nowadays?

  • Technicalandsocialinfluences

- Needsofproblem

- Viewsonuncertaintyinformation(e.g.,usefulor confusingorevenobfuscating?)

- Heuristicsandbiases 1SeeforexampleH.Raiffa,DecisionAnalysis:IntroductoryLecturesonChoicesunderUncertainty,AddisonWesley,NewYork,1968.(NRC TechnicalLibraryHD69.D4R13c.1) 2SeeforexampleT.L.Saaty,DecisionMakingforLeaders:TheAnalyticalHierarchyApproachforDecisionsinaComplexWorld,Lifetime Learning,Belmont,CA,1982.(HD30.23.S24c.1)

AdaptedfromNUREG2150 FromNUREG2114

119 ChallengesinUsingUncertaintyInformation (AnOutsidersView)

  • Demonstratingvalueof/creatingdemandfor beyondproformatreatment
  • Balancing

- Rulebased(repeatable,transparent)

- Knowledgebased(optimaluseofevidence)

  • Effectivecommunication

- Withproviders(whatisthequestion)

- Withstakeholders(basisfordecision)

120 TreatmentofUncertainties-ConcludingRemarks

  • Treatmentcoverscharacterization,communication,anduse
  • AlongstandingconcernforRIDMwith

- Acceptedpractices

- Remainingchallenges

  • Improvedmethodsandtoolsfortreatment

- Arefeasible

- Willprovidebettersupportforagencytransformation

- Mayneedculturechangeforinvestmentanduse

121 TreatmentofUncertainties-ExtraSlides

122 UncertaintiesandDecisionMaking (TwoDaysBeforeLandfall)

Andrew(1992)

Irma(2017)

HurricanetracksadaptedfromUniversityofWisconsinMilwaukee (https://web.uwm.edu/hurricanemodels/models/archive/)

EmergencyresponsebasedondatafromNationalHurricaneCenter:

(https://www.nhc.noaa.gov/1992andrew.html)

HurricaneWarning HurricaneWatch Evacuated

123 ParameterUncertainty:CurrentPractice

  • Treatmentinvolves Estimation(including expertelicitation, Bayesianupdating)

Propagation

  • Straightforward mathematicsand mechanics
  • Somepractical challenges

124 ParameterUncertaintyChallenges

  • Datapreprocessing

- Selection

- Interpretation

  • Effectofanalysisshortcuts

- Standard(e.g.,noninformative) priordistributions

- Simplifiedexpertelicitation

- Independenceassumption

  • Ensuringcorrespondencewith stateofknowledge

- Basicevents(microview)

- Overallresults(macroview) 0.00 0.20 0.40 0.60 0.80 1.00 1.00E09 1.00E08 1.00E07 1.00E06 1.00E05 1.00E04 1.00E03 ProbabilityDensityFunction (Normalized)

FailureRate(/hr)

RuntimeFailures(MotorDrivenPumps)

ServiceWater NormallyRunning Standby 2015Industrywideestimatesfrom:https://nrcoe.inl.gov/resultsdb/AvgPerf/

ServiceWaterPumps:2failuresin16,292,670hours NormallyRunningPumps:225failuresin59,582,350hours StandbyPumps(1st houroperation):48failuresin437,647hours

125 ModelUncertainty:

CurrentPractice

  • Importanttoacknowledge andtreat(incontextof decision)
  • Multipleapproaches

- Consensusmodel

- Sensitivityanalysis

- Weightedalternatives(e.g.,SSHAC)

- Outputuncertainties HurricaneAndrew 8/22/1992,1200UTC AdaptedfromUniversityofWisconsin Milwaukee(https://web.uwm.edu/hurricane models/models/archive/)

AdaptedfromV.M.Andersen,SeismicProbabilisticRiskAssessment ImplementationGuide,EPRI3002000709,ElectricPowerResearchInstitute, PaloAlto,CA,December2013 M.H.Salley andA.Lindeman,Verificationand ValidationofSelectedFireModelsforNuclearPower PlantApplications,NUREG1824Supplement1/EPRI 3002002182,November2016.

126 QuantificationofModelOutputUncertainty

  • Bayesianmethods

- FrameworkconsistentwithoverallPRA

- EarlyapproachesusedinpastPRAs

- Canaddresspracticalissues(e.g.,non homogeneousdata)*

  • Challengesinclude

- Uncertaintiesinunmeasuredparameters

- Submodellimitsofapplicability

- Representativenessofcomputedresults

- Useinactualdecisionmaking Time(s)

Experiment(K)

DRM(K) 180 400 450 360 465 510 720 530 560 840 550 565

  • SeeE.Droguett andAliMosleh,Bayesianmethodologyformodeluncertaintyusingmodelperformancedata, RiskAnalysis,28,No.5,14571476,2008.

Temperature(K)

Percentile Assume Homogeneous Data AssumeNon Homogeneous Data 1st 415.2 372.8 5th 437.5 400.7 50th 457.1 470.5 95th 479.7 559.4 99th 509.1 608.7 Data OutputUncertainty

127 ModelUncertainty Commentary

  • Modeluncertaintiescanbelarge;importance dependsondecision
  • SomepracticalNPPRIDMapproaches(e.g.,

consensusmodels,deterministicscreening)can understateuncertainties

  • Ensembleapproaches(withSMEdetermined bestestimate)usedbyotherdisciplines
  • Subjectiveprobabilityframework=>

- Needtoconsiderusereffect

/

- Raisesquestionregardingfundamentalmeaningof weightedaverageapproaches PlotadaptedfromUniversityofWisconsinMilwaukee (https://web.uwm.edu/hurricanemodels/models/archive/)

HurricaneIrma:9/8/2017,0000UTC (about2daysbeforeFLlandfall)

Outer prediction isclosest toactual course

128 CompletenessUncertainty:

CurrentPractice

  • Recognizedconcerns

- Knowngaps(missingscope)

  • Scenariocategories
  • Contributorswithincategories

- Unknowngaps

  • Treatment(MindtheGap)

- Analysisguidance

- Additionalanalysis/R&D

- Riskinformeddecisionmaking NUREG1855Rev.1(2017)

Options:

Progressiveanalysis (screening,bounding, conservative,detailed)

Changescopeofrisk informedapplication RG1.174Rev.3 (2018)

129 NPPPRAKnownGaps1

  • Broadscenariocategories
  • Contributorswithincategories Rationale CommonExample(s)

Outofscope security/sabotage,operationoutsideapprovedlimits Lowsignificance(preanalysisjudgment) externalfloods(manyplantspreFukushima)

AppropriatePRAtechnology*unavailable managementandorganizationalfactors PRAnotappropriate software,security Category Example(s)

Externalhazards multiplecoincidentorsequentialhazards Humanreliability errorsofcommission,nonproceduralized recovery Passivesystems thermalhydraulicreliability 1akaKnownUnknowns

130 CompletenessUncertainty:PossibleR&D

  • Continuetodeveloptechnologytoaddress knowngaps

- Riskinformedprioritization

- Fullyengageappropriatedisciplines

- Takeadvantageofgeneralcomputationaland methodologicaldevelopments

  • Facilitatereemphasisonsearching

- Demonstrateefficiencyandeffectivenesswith currenttools(e.g.,MLD,HBFT)vs.

checklist/screening

- Developimprovedtools(includingOpE mining)

Event(NUREG/CR4839),1992 Aircraftimpact Avalanche Coastalerosion Drought Externalflooding Extremewindsandtornadoes Fire Fog Forestfire FrostHail Hightide,highlakelevel,orhigh riverstage

131 DifferentPerspectives:LogarithmicvsLinearDisplays

132 ADDITIONALRESOURCES

133 SelectedLectures,Seminars,andTalks1,2 NuclearPowerAccidentsandIncidents:LessonsforPRA,ResearchSeminar,UniversityofIllinoisUrbanaChampaign(virtual),

February2,2021.(ML20339A570)

PRAandRiskInformedDecisionMakingattheNRC:SomeTrendsandChallenges,NuclearEngineeringResearchSeminar(Virtual),

NorthCarolinaStateUniversity,Raleigh,NC,October22,2020.(ML20293A370)

PRAandRiskInformedDecisionMakingattheNRC:SomeTrendsandChallenges,Modeling,Experimentation,andValidationSummer School(Virtual),IdahoNationalLaboratory,July27,2020.(ML20195B157)

TechnologyfortheTreatmentofUncertainties:History,Status,CommentaryandChallenges,preparedforCRIEPI/NRRCand OECD/NEAWorkshopontheProperTreatmentofUncertaintiesinSafetyAnalyses,Tokyo,Japan,May2627,2020(postponed,new dateTBD).(ML20080N774)

PRAandRiskInformedDecisionmaking attheNRC:SomeTrendsandChallenges,B.J.GarrickInstituteforRiskSciences,Universityof California,LosAngeles,February21,2020.(ML20035G249)

ResearchandIntegratedDecisionMaking(IDM):APersonalPerspective,Workshop:IntegratedandRiskInformedDecisionmaking ForumforManagers,U.S.NuclearRegulatoryCommission,November13,2019.(ML19310F243)

DynamicPRA:NotIfButWhen?InvitedTalk,IAEAWorkshoponAdvancedPSAApproachesandApplications,Alkmaar,The Netherlands.September913,2019.(ML19248C656)

NuclearPowerPlantProbabilisticRiskAssessment(PRA)andRiskInformedDecisionMaking(RIDM),IndependentActivitiesPeriod, MassachusettsInstituteofTechnology,January1623,2019.3 (ML19011A416)

AdvancedKnowledgeEngineeringToolstoSupportProbabilisticRiskAssessment(PRA)Activities AWholeNewWorld?NRC KnowledgeManagement(KNOWvember)Webinar,November21,2017.(WebinarVideo)

PRAR&D-ChangingtheWayWeDoBusiness?InvitedPlenaryLecture,ANSInternationalTopicalMeetingonProbabilisticSafety Assessment(PSA2017),Pittsburgh,PA,September2428,2017.(ML17292A552) 1TheMLnumbersrefertopdfversions.PowerPointversions(withfullresolutiongraphics)willbeprovidedinaseparateADAMSpackage.

2Althoughsomeofthetalktitlesareduplicative,thematerialhasbeentailoredtothedifferentaudiencesandvenues.

3Lectures,workshops,andreferencematerialfora1weekintensivecourse(meanttocovermaterialnormallyprovidedinasemester).

Retrieved from "https://kanterella.com/w/index.php?title=ML21138A792&oldid=5459491"