ML22004A391

From kanterella
Jump to navigation Jump to search
Summary Report - 691st Meeting of the Advisory Committee on Reactor Safeguards, November 30 - December 2, 2021
ML22004A391
Person / Time
Issue date: 01/31/2022
From: Rempe J
Advisory Committee on Reactor Safeguards
To: Christopher Hanson
NRC/Chairman
Burkhart L
Shared Package
ML22032A098 List:
References
Download: ML22004A391 (12)
v  d  e


Text

UNITED STATES NUCLEAR REGULATORY COMMISSION ADVISORY COMMITTEE ON REACTOR SAFEGUARDS WASHINGTON, DC 20555 - 0001 January 31, 2022 The Honorable Christopher T. Hanson Chairman U.S. Nuclear Regulatory Commission Washington, D.C. 20555-0001

SUBJECT:

SUMMARY

REPORT - 691st MEETING OF THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS, NOVEMBER 30 - DECEMBER 2, 2021

Dear Chairman Hanson:

During its 691st meeting, November 30 - December 2, 2021, which was conducted in person and virtually, the Advisory Committee on Reactor Safeguards (ACRS) discussed several matters. The ACRS completed the following correspondence:

LETTERS Letters to Daniel H. Dorman, Executive Director for Operations (EDO), NRC, from Matthew W. Sunseri, Chairman, ACRS Proposed Draft Regulatory Guide 5.71, Revision 1, Cyber Security Programs for Nuclear Power Reactors, dated December 16, 2021, ADAMS Accession No. ML21342A263, Safety Evaluation of the Kairos Topical Report, KP-TR-012-P, Revision 1, "KP-FHR Mechanistic Source Term Methodology, dated December 20, 2021, ADAMS Accession No. ML21342A179, and Research Information Letter (RIL) 2021-13 on Interpretation of Research on Fuel Fragmentation, Relocation, and Dispersal at High Burnup, dated December 20, 2021, ADAMS Accession No. ML21347A940.

MEMORANDA Memoranda to Daniel H. Dorman, EDO, NRC, from Scott W. Moore, Executive Director (ED),

ACRS:

Regulatory Guides, dated December 7, 2021, ADAMS Accession No. ML21340A228, and

C. Hanson Documentation of Receipt of Applicable Official NRC Notices to the Advisory Committee on Reactor Safeguards for December 2021, dated December 8, 2021, ADAMS Accession No. ML21340A233.

HIGHLIGHTS OF KEY ISSUES

1. Proposed Draft Regulatory Guide 5.71, Revision 1, Cyber Security Programs for Nuclear Power Reactors RG 5.71 is intended to provide an approach that the staff finds acceptable for complying with the NRC cyber security regulations. Such an approach would promote consistency among licensee submittals, reviewer evaluations, and inspector activities, thereby providing effective cyber security.

This proposed Revision 1 to RG 5.71 incorporates lessons learned from operating experience since original publication of the guide in January 2010. Specifically, this revision clarifies issues identified from cyber security milestone inspections, additional insights gained through the Security Frequently Asked Questions process, documented cyber security attacks, new technologies, and new regulations. Also, this revision considers the changes in the most recent revision to National Institute of Standards and Technology Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, Revision 5, September 2020, and updates reference to RG 1.152, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, Revision 3.

The staff organizes, in RG 5.71, a broad range of issues that must be addressed in any cyber security program for nuclear power plants. They begin by identifying an extensive list of the elements of a cyber security plan. The heart of the guidance is Section C.3 on establishing and implementing the program. They proceed to explain how to analyze digital systems to identify critical digital assets, including a process to limit the extent of this work by focusing on the more important assets. As they begin the discussion of how to protect those assets, the Committee finds that the staff misses an opportunity to identify what is unique about digital systems compared to the earlier analog systems. For most attack pathways, such as attacks on the supply chain, portable media and mobile devices, wireless equipment, and physical presence pathways, the protection strategies are the same for both types of systems. However, digital systems, despite their many advantages, open up a new attack pathway: some entity outside (or inside) the facility using digital signals to attack the assets. Here, the most reliable mechanism to interfere with the ability to send signals into the systems and networks is the use of uni-directional hardware-based data communications mechanisms (not implemented in software), typically called a data diode. The data diode and physical access control each provide protection for the attack pathway the other cannot provide. It is also important to protect against bypass of the data diode function for any reason, by including defense-in-depth options.

The guidance goes on to describe security controls to prevent attacks including technical, operational, and management security controls. To support the important area of technical control of access, the staff provides Appendix B with many details and examples to support users of the guidance. However, the Committee continues to be concerned about electronic control of access for internal digital instrumentation and control (DI&C) systems or for communication from in-plant to external systems and in-plant systems to in-plant systems both across and within the same defensive level. RG 5.71 should explicitly recognize that reactor safety, engineered safeguards, reactor and plant controls, monitoring and many balance of plant

C. Hanson (BOP) systems cannot have malware detection and mitigation software incorporated into their digital/computer-based operating system software without impairing functionality. To ensure that the new electronic access pathways introduced for digital data transmission cannot be compromised, these systems must rely on incorporating data diodes in the overall DI&C architecture design during the design phases of both DI&C license amendment request (LAR) upgrades and new reactor design applications for situations where there are communications between high safety-significance systems and those of lower safety-significance both across and within defensive security levels.

Data diodes prevent either remote (internet susceptible) introduction of malware or its propagation from lower safety significance to higher safety significance systems, if not detected by access controls (e.g., the administrative personnel physical presence pathways/access to the equipment and supply chain controls system detection processes). The Committees concern is time-sensitive given potential applications related to DI&C systems for new designs and upgrade replacements. The staff does not have any plans, in the near future, to revise the guidance documents used during design reviews for any operating plant upgrades or new plant design application reviews. Waiting until cyber reviews are performed is too late. RG 5.71 is the only document currently under revision that could clarify that only data diodes should be used when there are communications between high safety-significance systems and those of lower safety-significance both across and within defensive security levels. This is important during design reviews before a cyber security program has been established.

The letter also included a list of specific changes proposed by the Committee.

Committee Action The Committee issued a letter on December 16, 2021, with the following conclusions and recommendations:

1. The efforts by the staff to revise the application of RG 5.71 over the last 10 years were important, timely, and fruitful. The original guidance was revised to be more clear in its application and less cumbersome to maintain and monitor the critical area of cyber protection.
2. Reactor safety, engineered safeguards, reactor and plant controls, monitoring and many BOP systems cannot have malware detection and mitigation software incorporated into their digital/computer-based operating system software without impairing functionality.

To ensure that the new electronic access pathways introduced by digital data transmission are not compromised, DI&C LAR upgrades and new reactor design applications must rely on DI&C architecture designs that incorporate uni-directional, hardware based, not configured by software devices (i.e., data diodes) where needed.

3. The Committee recommends several changes [provided in the letter] for incorporation into proposed draft RG 5.71, Revision 1, to provide context and improve clarity prior to issuing for public comment.
2. Safety Evaluation of the Kairos Topical Report, KP-TR-012-P, Revision 1, "KP-FHR Mechanistic Source Term Methodology The topical report presents the methodology proposed by Kairos to calculate a mechanistic source term for fission products, activation products and corrosion products generated in the

C. Hanson KP-FHR core. Mechanistic source term models are designed to calculate the transport and retention processes based on fundamental chemistry, thermodynamics, and kinetics of the reactor system and its environs. This topical report is to be used to calculate source terms during anticipated operational occurrences, design basis events, and design basis accidents. It does not cover beyond design basis events.

There is no NRC guidance on source terms specifically applicable to non-light water reactor (LWR) designs. However, generic guidance exists in current NRC documents including NUREG-0800, RG 1.183 (Regulatory Position 2), RG 1.145 and RG 1.194. SECY-16-0012 and SECY-93-092 provide additional information for calculating a mechanistic source term and its relationship to functional containment. Finally, RGs 1.232 and 1.233 provide additional considerations related to mechanistic source terms as part of establishing the licensing basis for advanced reactors. The approach in the topical report incorporates many of the key features of the high-level guidance found in these documents.

The topical report defines a number of sources of materials at risk (MAR) in the reactor design including radionuclides in the fuel and graphite pebbles, the molten salt coolant, and the graphite reflector as well as in the cover gas that will be located at the top of the reactor vessel.

The methodology assesses release of radionuclides from each of these sources. A series of codes will be used as part of the methodology: SERPENT2 for fission product inventory, KP-BISON for fission product release from the fuel, KP-SAM for Flibe coolant transport, RADTRAD for transport in the gaseous spaces, and ARCON96 for atmospheric dispersion of the release and conversion to radiation doses. (Note that Flibe is a mixture of lithium fluoride (LiF) and beryllium fluoride (BeF2), with a nominal chemical composition of 2LiF:BeF2.)

The staff found the overall methodology to be acceptable. They found the use of the concept of MAR and release fractions from each barrier to be reasonable. The approach to screening out de minimus inventories was acceptable to the staff. The computer codes to be used in the methodology are acceptable (subject to validation) and chemical modeling based on fundamental chemical principals was reasonable. The approach to aerosol generation and transport was also acceptable.

The topical report provides 8 self-identified limitations of the methodology related to:

1. Approval of the KP-BISON code,
2. Justification of the thermodynamic analysis and associated vapor pressure data,
3. Validation of the tritium transport model,
4. Confirmation of minimal ingress of Flibe into a fuel pebble,
5. Establishment of operational limits on circulating activity, concentration of radionuclides relative to solubility limits in the coolant, cover gas and radioactive waste systems,
6. Quantification of the transport of tritium in the secondary nitrate coolant salt,

C. Hanson 7. Restriction to molten not solid Flibe, and

8. Restriction to the design features of the KP-FHR.

The staff agrees with these limitations and proposed two additional:

1. The use of the topical report is limited to the KP-FHR and is not applicable to other molten salt reactor designs given that the use of TRISO fuel in the KP-FHR design limits the potential for fission product release.
2. Additional information is needed to justify that the calculation of tritium absorption into graphite is not sensitive to assumptions on diffusivity and solubility in the Flibe.

The topical report presents the methodology used by Kairos to mechanistically calculate the source term of fission products, activation products and corrosion products produced in the KP-FHR core. The approach is consistent with existing high-level regulatory guidance on source terms for advanced reactors.

Staff review of an application that employs this methodology will need to ensure that the assumptions on the number of failed pebbles as well as the experimental limitations related to tritium behavior in Flibe and diffusion and trapping effects in graphitic components are adequately considered in conservative safety analyses and relevant sensitivity studies.

The staff safety evaluation (SE) does not require experimental validation of vaporization of fission products from Flibe. This has an important effect on the overall source term and experimental validation data are needed to confirm the approach used by the applicant. The SE should be changed to address this concern.

Committee Action The Committee issued a letter on December 20, 2021, with the following conclusions and recommendations:

1. The topical report presents the methodology used by Kairos to calculate the mechanistic source term of fission products, activation products, and corrosion products produced in the Kairos Power fluoride salt-cooled high temperature reactor (KP-FHR) core. The approach is consistent with existing high-level regulatory guidance on source terms for advanced reactors.
2. Staff review of an application that employs this methodology will need to ensure that the assumptions on the number of failed pebbles as well as the experimental limitations related to tritium behavior in the molten salt coolant for the KP-FHR (Flibe) and diffusion and trapping effects in graphitic components are adequately considered in conservative safety analyses and relevant sensitivity studies.

C. Hanson 3. The staff SE does not require experimental validation of vaporization of fission products from Flibe. This has an important effect on the overall source term, and experimental validation data are needed to confirm the approach used by the applicant. The SE should be changed to address this concern.

3. Research Information Letter (RIL) 2021-13 on Interpretation of Research on Fuel Fragmentation, Relocation, and Dispersal at High Burnup The RIL evaluates the publicly available experimental data related to fuel fragmentation, relocation, and dispersal (FFRD) at high burnup during a loss-of-coolant accident (LOCA) and is an update to LOCA research that has been ongoing for over 40 years. It began with study of cladding embrittlement and performance during a LOCA and has evolved to include fuel fragmentation and dispersal at high burnup.

The RILs purpose is to provide a current assessment of the results of the latest experimental programs on FFRD and to suggest conservative, empirical thresholds for FFRD-related phenomena. It is intended that the RIL will serve as a foundation for the next steps in evaluating the effects of FFRD on LOCA performance at high burnup, which may include developing regulatory guidance.

The goal of the analysis performed by the Office of Nuclear Regulatory Research (RES) staff was to provide important and timely interpretations of a complex technical issue regarding high burnup fuel behavior during a LOCA. To this end the staff sponsored or participated in experimental programs to determine the potential impacts of FFRD on fuel performance at and beyond the current approved limits. These include the Studsvik Cladding Integrity Program (SCIP)-III research conducted at U.S. National Laboratories and the Halden reactor.

The results of the staffs analysis for the experimental conditions of the data base suggested that FFRD manifests itself in regions of the core with the following specific characteristics:

1. It appears that fine fragmentation is limited to regions with burnups above 55 GWd/MTU pellet average burnup.
2. Axial fuel relocation was observed in regions of the fuel rod with a local cladding strain greater than 3%. Relocated fuel fragments could occupy between 60% and 85% of the fuel rod cross-sectional area in the balloon region. The propensity for fuel dispersal was correlated with fuel fragment size and burst opening size. However, cladding burst and fuel relocation were prerequisites.
3. The data suggest that significant quantities of fission gas may be released during a LOCA transient. Transient fission gas release becomes increasingly significant with increasing burnup, with releases as high as 20% percent observed from a fuel rod segment with an average burnup of 70 GWd/MTU.

The above observations provided the bases for the staff to suggest that FFRD should be evaluated at rod average burnup limits below the current limit of 62 GWd/MTU. Moreover, the RIL provided suggestions for models that should be considered in such an evaluation.

The staff proposed a conservative approach to FFRD. Fuel fragmentation should be assumed for rods that exceed burnups of 55 GWd/MTU. The subsequent potential for

C. Hanson relocation and dispersal should be assessed once a calculated cladding strain of 3% is reached during the LOCA. The staff acknowledges that the model uncertainty is high given limited data but may be considered reasonably conservative for this data set.

The staff also questioned whether the publicly available experiments adequately represent the conditions affecting FFRD in the design basis LOCA event and whether these experimental results are truly conservative. External peer review group members suggested that this concern was not warranted. However, the staff concludes that much uncertainty in performance data and modeling remains.

Regarding thoughts on future work on this topic, the Committee identified [in the letter] a number of cautions that should be considered going forward:

1. The conditions of the experiments often differed significantly from conditions that would exist at pressurized water reactor (PWR) operating conditions. Depending on the specific test, key variables that were not always prototypic include: linear heat generation rate (low), terminal temperature (high) and heatup rate (low).
2. The fuel/thermal variables influencing fragmentation and relocation phenomena are many. While fuel burnup is easily calculated, and verified by measurement, the cladding strain must be calculated - a calculation fraught with uncertainty. Fuel pellet cracking occurs almost immediately on initial startup. The evolution of fuel microstructure during burnup, including the rim, also introduces uncertainty.
3. Operational variables, including flow-induced vibration (normal and accident) can strongly influence the fragmentation and relocation process as well as dispersal after cladding breach.
4. It is one thing to determine an observed burnup at which fuel fragmentation begins to occur. In this case, it is essential to determine the difference between conditions of a test/examination and the conditions that would exist under actual operating conditions.

A careful evaluation of uncertainty will be key. It is quite another thing to determine the point at which FFRD actually influences LOCA performance. The RIL made no claims in this area, one that is critical to determination of practical consequences.

There are a number of experimental programs that will produce data that more closely approach PWR conditions including the TREAT tests. These results will likely provide more prototypic data and hence reduce uncertainty.

5. Lastly, the larger picture should be considered. The document would benefit from additional context by identifying the entire scope necessary to resolve the safety issues related to FFRD and describing the role of the RIL as a specific piece of that overall scope. Because this RIL suggests a numerical threshold burnup for the onset of fragmentation that is different than that used presently for licensing actions, the document should identify the purpose for transmitting this different burnup limit to the Office of Nuclear Reactor Regulation and identify plans to provide additional information relative to its potential impact on any future regulatory activity.

Additional experimental programs and data sets that examine a broader range of transient conditions and fuel types are important to resolve these remaining uncertainties and address these cautions. In addition, the Committee recommends a risk-informed approach be undertaken that examines both the likelihood of expected

C. Hanson event conditions combined with a more complete modeling evaluation of FFRD consequences. This activity could add substantial value to future research program development and to the regulatory decision-making process.

The Committee notes that they look forward to the results of additional tests (SCIP-IV, TREAT) that will shed further light on the FFRD phenomena and its likely effect on fuel performance under LOCA conditions at high burnup.

Committee Action The Committee issued a letter on December 20, 2021, with the following conclusions and recommendations:

1. The current data set on FFRD has been expanded. However, there remains a significant degree of uncertainty in large part because the problem is multivariate and the experiments from which the data were developed did not always represent actual light water reactor (LWR) conditions. The Committees letter suggests a number of cautions that should be considered when applying this RIL. They are described in detail in the Committees final thoughts section.
2. The staff recognized, and the Committee agrees, that this document would benefit from additional context by identifying the entire scope necessary to resolve the safety issues related to FFRD and describing the role of the RIL as a specific piece of that overall scope.
3. A risk informed approach should be undertaken that examines both the likelihood of expected event conditions combined with a more complete modeling evaluation of FFRD consequences. This activity could add substantial value to future research program development and to the regulatory decision-making process.

Note that Chairman Rempe recused herself from deliberation of RIL 2021-13 due to potential conflict of interest.

4. Discussions at the Planning and Procedures (P&P) Session a) The Committee discussed the Full Committee and Subcommittee schedules through April 2022 as well as the planned agenda items for Full Committee meetings.

b) The ACRS Executive Director also led a discussion of significant notices issued by the Agency since the last Full Committee meeting in November 2021 (this activity is documented in the memorandum dated December 8, 2021).

c) The Committee discussed recommendations on review of several draft and final regulatory guides (DGs and RGs), as documented in the memorandum mentioned above, dated December 7, 2021.

d) Member Brown led a discussion about the need for the Committee to review DI&C upgrades for research and test reactors. It was agreed that during the Committees interactions with the NRC staff on the Kairos construction permit application review, the Committee would request the NRC staff to address in some detail how the staff reviews

C. Hanson the DI&C portion of research and test reactors. Note that this construction permit application is for a HERMES test reactor.

e) Member Ballinger led a discussion about a recent Subcommittee meeting on RG 1.26, Revision 6. The following was agreed upon by the Committee to document in this report:

During a meeting of the Advisory Committee on Reactor Safeguards, Materials & Fuels Subcommittee, November 16, 2021, the Committee completed its review of Regulatory Guide 1.26, Revision 6, Quality Group Classifications and Standards for Water-, Steam-and Radioactive-Waste-Containing Components of Nuclear Power Plants. During these reviews, the Committee benefited from discussions with the NRC staff. The Committee also had the benefit of the documents referenced.

Revision 6 of RG 1.26 provides a structure for assigning quality group classifications and is an update for Revision 5. The committee has previously reviewed Revision 5. As a result of this review, the Committee made several recommendations. Revision 6 of RG 1.26 is largely responsive to the Committees recommendations as well as other stakeholder comments. It now includes an appendix (Appendix A), Alternative Classification for Components in Light-Water-Cooled Nuclear Power Plants, and expands the discussion of component classifications. This represents a substantial expansion. Revision 6 also provides an expanded discussion of the use of risk-informed input to the classification of components.

In conclusion, Revision 6 of RG 1.26 provides a detailed structure for assigning quality group classifications. The staff was responsive to our concerns expressed in the Committees review of Revision 5 and the Committee appreciate the staffs actions to update RG 1.26. Based on the Committees review and the staff presentation, the subcommittee recommends that a full committee presentation and formal Full Committee letter is not needed. Revision 6 of this RG should be issued.

f) Executive Director Moore led a discussion about the upgraded audio-visual capabilities of the ACRS rooms. The Committee recognized the hard work and effort that the PMDA staff invested in this project.

During this Full Committee meeting the Committee gained experience with the new systems and hosted several NRC staff presenters. As a result, the Committee decided that, starting in February 2022, Subcommittee meetings will be conducted in a hybrid manner. [Subsequent to the December full committee meeting, in response to the rapid spread of the COVID-19 Omicron variant, NRC expanded use of project-based telework for staff through February 26, 2022. ACRS will re-visit the February 2022 Subcommittee meeting format at its February Full Committee meeting.]

g) Member March-Leuba led a discussion on a readout from a recent Accident Analyses:

Thermal Hydraulics SC meeting. The Committee agreed to document the following on this issue:

C. Hanson On November 17, 2021, the ACRSs Accident Analyses - Thermal Hydraulics Subcommittee met with members of the Office of Nuclear Regulatory Research (RES).

They presented conclusions from their analysis of oscillatory flow data collected by RES at the KATHY facility, which provides conditions prototypical for modern BWR fuel bundles. The specifics can be found in the meeting transcript and associated staff publications. These data are extremely valuable, especially because they show some previously unexpected trends on fuel temperature excursions that are not predicted by well-known correlations that were developed based on non-oscillatory-conditions data.

This type of RES activity is worthwhile and emphasizes fundamental research principles as opposed to narrow efforts directed at specific licensing efforts.

Member March-Leuba, in consultation with the members present at the Subcommittee meeting, recommended that the Full Committee not review this issue further and not issue a letter because the Subcommittee agreed that the approach taken by the staff is sound and adequate. The Subcommittee was especially impressed by the use of the Morris method to evaluate sensitivity to relevant parameters. Several members suggested that this method could be of value for uncertainty analyses, especially for risk calculations.

h) Member Ballinger led a discussion about what is known currently about the status of the SHINE operating license application review and when ACRS interactions could take place. Member Ballinger provided a notional schedule on the production of safety evaluation reports and possible ACRS meetings. The Committee members had many questions, and it was agreed that Member Ballinger and the ACRS staff would interact with the NRC staff to obtain more information. Also, the applicant and NRC staff are scheduled to present information to the SHINE Subcommittee in February.

i) Member Petti led a discussion about the status of the recently docketed Kairos (HERMES test reactor) construction permit application. The ACRS staff is currently working with the NRC staff to obtain information about the review and dates for possible ACRS interactions. It was stated that the current schedule has the NRC staff issuing a final safety evaluation report in September 2023.

j) Member Dimitrijevic led a discussion about the work being done by RES on the level 3 Probabilistic Risk Assessment topic and that ACRS interactions and letters may be warranted. She and the ACRS staff will provide more details at future meetings.

k) Member Petti led a discussion of the reconciliation on the topic of Kairos fuel performance methodology topical report with a recommendation to accept the staffs response.

l) Annual Officer elections were conducted in accordance with the bylaws. The following persons will assume their respective duties for the year starting on January 1, 2022:

Chair - Joy Rempe Vice Chair - Walt Kirchner Member-at-large - Dave Petti

C. Hanson 5. Scheduled Topics for the 692nd ACRS Meeting The following topics were on the agenda for the 692nd ACRS meeting scheduled for February 2 - 4, 2022:

Proposed Rule Language for Title 10 to the Code of Federal Regulations (10 CFR)

Part 53 re: Subpart F - Staffing, Personnel Qualifications, Training, and Human Factors Holtec Spent Fuel Pool Heatup Calculation Methodology Topical Report North Anna Subsequent License Renewal Application NuScale Topical Report on Building Design and Analysis Methodology for Safety-Related Structures Sincerely, Signed by Rempe, Joy on 01/31/22 Joy L. Rempe Chairman

C. Hanson January 31, 2022

SUBJECT:

SUMMARY

REPORT - 691st MEETING OF THE ADVISORY COMMITTEE ON REACTOR SAFEGUARDS, NOVEMBER 30 - DECEMBER 2, 2021 Accession No: ML22004A391 Publicly Available (Y/N): Y Sensitive (Y/N): N If Sensitive, which category?

Viewing Rights: NRC Users or ACRS only or See restricted distribution OFFICE ACRS SUNSI Review ACRS ACRS ACRS NAME LBurkhart LBurkhart SMoore (SWM) MSunseri JRempe DATE 1/4/22 1/4/22 1/28/22 1/29/22 1/31/22 OFFICIAL RECORD COPY

Retrieved from "https://kanterella.com/w/index.php?title=ML22004A391&oldid=3424097"