ML23338A278

From kanterella
Jump to navigation Jump to search
Perspectives on Risk-Informed Decision Making & Regulation
ML23338A278
Person / Time
Issue date: 11/30/2023
From: Coyne K
NRC/RES/DRA
To:
References
Download: ML23338A278 (1)
v  d  e


Text

Perspectives on Risk-Informed Decision-Making & Regulation Kevin Coyne Senior Level Advisor for PRA Division of Risk Analysis Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission Kevin.Coyne@nrc.gov November 30, 2023

What can go wrong?

What are the consequences?

How likely is it?

And most importantly - why do we care?

2

Outline

  • Motivation for Using Risk Information

- What are the potential costs of an accident?

- Learning from Operating Experience

- Regulating

  • How are PRAs Developed
  • Regulatory Applications
  • Concluding Thoughts 3

What are the potential costs of an Accident?

4

Nuclear Liability But what are the costs and likelihood of a nuclear reactor accident?

Is this enough?

Backgrounder on Liability https://www.nrc.gov/reading-rm/doc-collections/fact-sheets/nuclear-insurance.html 5

Pessimistic Consequence Analysis WASH-740, Theoretical Possibilities and Consequences of Major Accidents in Large Nuclear Power Plants,"

(1957)

Performed to gauge liability costs for nuclear power plants Pessimistic consequence analysis (upper bound: 3,400 fatalities, $7 billion (~$80 billion in 2023 dollars) in property damage)

Exceedingly low probability of a catastrophic reactor accident Some experts held that there is no such thing as a numerical value for the probability of occurrence of a catastrophic accident; that such a thing is unknowable.

Other experts ventured probabilistic opinions (but study stated the numbers had no demonstrable basis in fact)

Core Damage / no release outside reactor vessel: 1E-02/yr to 1E-4/yr Core Damage / release contained: 1E-3/yr to 1E-4/yr Major release: 1E-5/yr to 1E-9/yr WASH-740 - https://www.osti.gov/servlets/purl/4344308 6

The emergence of a new tool

  • For a method or approach to be considered a PRA, it must provide:
1) quantitative assessment of the identified risk in terms of scenarios that result in undesired consequence (e.g., core damage or large early release) and their frequencies, and
2) is comprised of specific technical elements in performing the quantification.

NUREG-2122 - PRA Glossary 7

leads to a more rational approach WASH-1400, Reactor Safety Study (1975)

  • Commissioned in 1972; led by Norman Rasmussen
  • One stated purpose of the study was "to provide a basis for submitting recommendations to the Congress regarding the extension or modification of the Price-Anderson Act (ML11129A163)
  • Analyzed two plants: Surry (PWR) and Peach Bottom (BWR)
  • Concluded that risks from nuclear power were very small in comparison to other risks

- PWR core melt probability of 6 x 10-5 /reactor year

- BWR core melt probability of 3 x 10-5/reactor year

- Noted that Previous AEC studies have been based on unrealistic assumptions and have predicted relatively large consequences WASH-1400 - https://www.nrc.gov/docs/ML1533/ML15334A199.pdf 8

WASH-1400 9

WASH-1400 Frequency Property Damage Cost 5E-05/reactor/year <$1 million (< ~$5.9 million - 2023$)

1E-05/reactor/year $150 million (~$890 million - 2023$)

1E-06/reactor/year $1 billion (~$5.9 billion - 2023$)

1E-09/reactor/year $14 billion (~$83 billion - 2023$)

Costs considerations included: For perspective, one event

  • Relocation occurring during the 4.5
  • Denial of land use billion year lifetime of earth
  • Loss of property (housing, translates to a frequency of

~2E-10 events/year factories, etc.)

  • Land cleanup 10

WASH-1400

  • But WASH-1400 drew some criticism - An NRC chartered Risk Assessment Review Group concluded:

- The Executive Summary did not adequately indicate the full extent of the consequences and did not sufficiently emphasize the uncertainties

- Data in the report did not support the conclusions about the relative risks of nuclear power

- Weaknesses in the peer review process

  • In January 1979, the NRC Commission withdrew its endorsement of the executive summary

- However, also noted that WASH-1400 made the study of reactor safety more rational, established the topology of many accident sequences, and delineated procedures through which quantitative estimates of the risk can be derived 11

NUREG-1150 NUREG-1150,Severe Accident Risks: An Assessment of Five U.S. Nuclear Power Plants (1990)

- Surry - W 3 Loop, Subatmospheric

- Zion - W 4 Loop, Large dry

- Sequoyah - W 4 Loop, Ice

- Peach Bottom - GE BWR4, Mark I

- Grand Gulf - GE BWR6, Mark III

  • Updates the estimates of the WASH-1400 Reactor Safety Study;
  • Includes extensive peer review and quantitative estimates of risk uncertainty in response to a principal criticism of the Reactor Safety Study; and
  • Supported the later development of the NRC's individual plant examination (IPE) process - The IPE (and IPEEE process for external hazards) was an important step in closing out post Three Mile Island severe accident concerns.

NUREG-1150: https://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr1150/

12

NUREG-1150 13

Recent Cost Estimates Facility/ Unit Reactor Rated Geography Offsite Frequency Environmental Type Power Economic ( /year)

NUREG-1150 Report Level Cost Accession # (MW(t)) (Billions did not provide of 2019$)

detailed cost estimates, but Indian Point/ 2 PWR 3,216 Urban/ 42.2 6.50E-07 ML071210562 Landlocked cost estimate 3 PWR 3,216 Urban/ 36.8 9.43E-07 information can Landlocked be found in Nine Mile Point/ 1 BWR 1,850 Rural/ 6.05 3.09E-06 ML041490222 Shoreline Severe 2 BWR 3,467 Rural/ 10.89 6.82E-06 Accident Shoreline Sequoyah/ 1 PWR 1,148 Rural/ 11.96 Management ML13024A010 Landlocked 6.43E-06 Alternative 2 PWR 1,126 Rural/ 11.96 7.41E-06 (SAMA) reviews Landlocked Fermi/ 2 BWR 1,535 Urban/ 56.8 done for license ML14121A540 Shoreline 7.20E-06 renewals under Waterford/ 3 PWR 3,716 Urban/ 29.7 1.88E-06 ML16088A324 Shoreline 10 CFR 54.

Data extracted from Table 3-1 of NUREG/CR-7293 14

Learning from Operating Experience 15

What can go wrong?

Three Mile Island Accident, March 28, 1979

  • TMI-2 was operating at between 97% and 98% full power. A loss of feedwater occurred at 4 am, resulting in a turbine trip

- Emergency feedwater starts, but block valves are closed

- PZR PORV opens ~3 seconds after turbine trip

- Reactor trips ~8 seconds after turbine trip

- PZR PORV reaches closure setpoint ~13 seconds after turbine trip, but does not close.

  • ~2 minutes after turbine trip, engineered safeguards initiate to provide RCS makeup water. Operators manually decrease injection flow and increase letdown to prevent solid PZR.
  • At 5:41 last two operating RCPs are stopped (due to high vibration). Fuel begins overheating.
  • At 6:18 am, the PORV block valve is closed

Three Mile Island Accident A few Recommendations from the Rogovin Report (NUREG/CR-1250) include

  • new mechanisms to evaluate operating experience and to ensure that necessary changes are implemented in the regulatory program Two similar events happened prior to TMI - Beznau (Switzerland, 1975) and Davis Besse (1977). Operators in these cases appropriately addressed the events, but operating experience was not shared broadly
  • Substantial changes in the bases used to review the safety of reactor designs, including the application of quantitative risk assessment methods to potential accident sequences in order to augment the current design basis accident approach.
  • it is time for the NRC to strive to establish a substantive risk objective for nuclear powerplants, a clear guideline as to "how safe is safe enough."

https://www.osti.gov/servlets/purl/5395798 17

Advancing Risk-Informed Decision Making What can we do with PRA and risk techniques?

18

NRC PRA Policy PRA Policy Statement (60 FR 42622; August 16, 1995)

(1) The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRCs deterministic approach and supports the NRCs traditional defense-in-depth philosophy.

(2) PRA and associated analyses should be used in regulatory matters, where practical within the bounds of the state-of-the-art, to reduce unnecessary conservatism associated with current regulatory requirements, regulatory guides, license commitments, and staff practices. Where appropriate, PRA should be used to support the proposal for additional regulatory requirements in accordance with 10 CFR 50.109 (Backfit Rule).

https://www.nrc.gov/reading-rm/doc-collections/commission/policy/60fr42622.pdf 19

NRC PRA Policy PRA Policy Statement (cont)

(3) PRA evaluations in support of regulatory decisions should be as realistic as practicable and appropriate supporting data should be publicly available for review.

(4) The Commissions safety goals for nuclear power plants and subsidiary numerical objectives are to be used with appropriate consideration of uncertainties in making regulatory judgments on the need for proposing and backfitting new generic requirements on nuclear power plant licensees.

20

Development of PRAs 21

End States Core damage frequency - The sum of the accident sequence frequencies of those accident sequences whose end state is core damage. A core damage is typically defined as the onset of sufficient damage to the core that (1) if not immediately arrested could potentially result in a release of radioactive material from the core, and (2) if released from the vessel and containment, could result in offsite public health effects.

Large early release frequency -The frequency of a rapid, unmitigated release of airborne fission products from the containment to the environment that occurs before effective implementation of offsite emergency response, and protective actions, such that there is a potential for early health effects.

(see NUREG-2122: https://www.nrc.gov/docs/ML1331/ML13311A353.pdf )

22

Assembling the PRA CORE DAMAGE SEQUENCES:

Reactor Trip SUCCEEDS & CORE DAMAGE CUTSETS:

High Pressure Injection FAILS &

Reducing Pressure SUCCEEDS &

Low Pressure Injection FAILS HPI TANK FAILS &

LPI PUMP A FAILS & LPI PUMP B FAILS

  • may be many for each tree!!)

HPI PUMP A FAILS & HPI PUMP B FAILS &

SYSTEM CUTSETS: LPI TANK FAILS

  • PUMP A FAILS & PUMP B FAILS * (many combinations per sequence!)
  • TANK FAILS
  • may be many for each tree!
  • CORE DAMAGE FREQUENCY
  • UNCERTAINTY ANALYSIS
  • IMPORTANCE MEASURES FAILURE PROBABILITIES &
  • SENSITIVITY STUDIES INITIATING EVENT FREQUENCIES
  • RISK INSIGHTS 23

PRA Applications

  • Risk-Informed Licensing
  • Regulatory and Cost-Benefit Analysis
  • Oversight 24

Regulatory Guidance 25

RG 1.174: Risk-Informed Licensing RG 1.174, Revision 3 - https://www.nrc.gov/docs/ML1731/ML17317A256.pdf 26

Defense in Depth Considerations:

  • Preserve a reasonable balance among the layers of defense.
  • Capability of design features without an See also overreliance on programmatic activities NUREG/KM-0009, Historical Review
  • Redundancy, independence, and diversity and Observations of

- (including consideration of uncertainty) Defense-in-Depth (https://www.nrc.gov/

  • Adequate defense against potential docs/ML1610/ML161 Common Cause Failures 04A071.pdf )
  • Multiple fission product barriers
  • Defense against human errors
  • Meet the intent of the plants design criteria.

27

Safety Margins Considerations:

  • Assess the impact of the proposed licensing basis change on the functional capability, reliability, and availability of affected equipment.
  • Fundamental safety principles that are the basis of design and operation are not compromised
  • With sufficient safety margins:

- (1) the codes and standards or their alternatives approved for use by the NRC are met and

- (2) safety analysis acceptance criteria in the licensing basis (e.g., FSAR, supporting analyses) are met or proposed revisions provide sufficient margin to account for uncertainty in the analysis and data.

28

Small Risk Changes

Also evaluate the impact of uncertainties - see NUREG-1855 for additional information And remember -

PRAs reveal uncertainty, they do not generate it!

29

Performance Monitoring Considerations:

  • Ensure that no unexpected adverse safety degradation occurs because of the change(s) to the licensing basis.
  • Track the performance of equipment that can affect the conclusions of the engineering evaluation and integrated decision-making
  • Include provisions for specific cause determination, trending of degradation and failures, and corrective actions
  • Can leverage other programs such as monitoring performed under 10 CFR 50.65, Monitoring the Effectiveness of Maintenance 30

Risk-Informed Licensing Specific licensing applications include

  • Technical Specification changes (e.g., risk-informed completion times, end states)
  • Risk-Informed treatment and categorization of systems, structures, and components
  • Performance based fire protection (NFPA-805)

https://www.nrc.gov/about-nrc/regulatory/risk-informed/rpp.html 31

Regulatory Analysis Draft Final NUREG/BR-0058, Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission, Revision 5, SECY 2020-0008 (https://www.nrc.gov/docs/ML1710/ML17100A480.pdf )

32

Past Reactor Assessment Process Between 1980 and 1998, the Systematic Evaluation of Licensee Performance (SALP) process was used. SALP evaluations were conducted every 12 to 24 months.

However, issues were identified with the SALP process:

(1) Assessments (at times) not clearly focused on the most safety important issues, (2) Assessment process consists of redundant actions and outputs, and (3) Assessments are overly subjective the NRC staff informed Millstone Unit 3, American Electric Power Co. is listed on the with NRC action taken in a manner Watch List as a of declining performance at that is at times neither scrutable D.C. Cook Units 1 and 2. "Category 2" plant nor predictable. authorized to operate with close NRC monitoring.

SECY 99-007, January 8, 1999 33

Revised Reactor Assessment Process

  • Performance indicators used to monitor performance

Significance Determination Process

  • Green - indicates that licensee performance is acceptable and cornerstone objectives are fully met CDF < 1E-6 LERF < 1E-7 with nominal risk and deviation. Green
  • White - indicates an acceptable level of performance by the licensee, but 1E-6 < CDF < 1E-5 1E-7 < LERF < 1E-6 outside the nominal risk range. White
  • Yellow - indicates a decline in licensee performance that is still acceptable with 1E-5 < CDF < 1E-4 cornerstone objectives met, but with 1E-6 < LERF < 1E-5 Yellow significant reduction in safety margin.
  • Red - indicates a decline in licensee CDF > 1E-4 LERF > 1E-5 performance that is associated with an Red unacceptable loss of safety margin.

IMC 0308, Reactor Oversight Process Basis Document 35

Current Assessment Process IMC 0305, Operating Reactor Assessment Process

Accident Sequence Precursor Analysis

  • Program recommended by the WASH-1400 Risk Assessment Review Group (1978)*
  • Program Objectives Include:

- Evaluate operating events and trends for safety implications and to enhance the regulatory framework as warranted.

- Assists in the prevention of accident precursors and reductions of safety margins at commercial nuclear power plants that are of high safety significance.

- Provide a partial validation of the current state of practice in risk assessment.

- Provide feedback to regulatory activities ad programs.

- Supports the NRCs Congressional Budget Justification

Accident Sequence Precursor Program Precursor -

CCDP or CDP greater than or equal to 10-6 U.S. Nuclear Regulatory Commission Accident Sequence Precursor Program 2022 Annual Report, https://www.nrc.gov/docs/ML2311/ML23116A067.pdf 38

Accident Sequence Precursor Analysis Historical ASP Results (1969-2020)

ASP Webpage: https://www.nrc.gov/about-nrc/regulatory/research/asp.html 39

Concluding Thoughts

  • Risk-informed regulatory approaches can benefit the regulator, public, and industry

- Focus attention on issues most pertinent to public health and reduce unnecessary conservatism

- Help ensure regulatory response is commensurate with safety impact

- Provides a framework to organize complex information

- Can foster a more open and transparent regulatory process 40

Careers at the NRC

  • NRC is an independent agency established to ensure public health and safety, to promote the common defense and security, and to protect the environment.

- NRC budget (FY2023) is roughly $930 million, including

~ 2,900 full time staff

- Core positions include engineers (nuclear, mechanical, chemical, electrical, environmental, materials), scientists (health physicists, geologists, hydrologists, seismologists), and security specialists.

- Many staff have advanced degrees and help us take on emerging complex challenges

  • Opportunities for students, co-ops, and recent graduates

- Undergraduate scholarships and graduate fellowships (through University Grant Awards)

- Co-operative Education Program

- Summer Student Program

- Nuclear Regulator Apprenticeship Network

  • More information about careers at the NRC (including benefits of Federal employment) can be found here:

https://www.nrc.gov/about-nrc/employment.html 41

Questions?

42

Background Slides 43

Nuclear Liability Price Anderson Act (Sept. 2, 1957)

  • Removed barriers to private sector participation in the nuclear industry by placing a cap on the total amount of liability each nuclear power plant licensee faces in the event of an accident
  • Assured that a significant amount of funds would be available to satisfy claims following a nuclear event Melvin Price (D-IL)

($13.5 billion in 2022)

  • Periodically reviewed - the Energy Policy Act of 2005 extended the Price-Anderson Act coverage to Dec. 31, 2025.
  • NRC recently provided a report to Congress recommending continuation (NUREG/CR-7293)

Clinton Anderson (D-NM)

Backgrounder on Liability https://www.nrc.gov/reading-rm/doc-collections/fact-sheets/nuclear-insurance.html 44

Three Mile Island 45

Three Mile Island Accident Several operator challenges

  • Failure to recognize open PZR PORV valve despite several indications (discharge temperature, reactor drain collecting tank pressure, containment sump level)
  • Failure to recognize EFW block valves closed
  • Interpretation of PZR Level and recognition of saturated conditions in the RCS As noted in NUREG-1250, Volume 1: The operators on duty at TMI-2 early on the morning of March 28 were faced with misleading instruments, plant parameters they had never been trained to understand, and procedures that offered no useful assistance.

46

Three Mile Island Accident

  • Population Dose and Health Impact of the Accident at the Three Mile Island Nuclear Station," NUREG-0558
  • "Investigation into the March 28, 1979 Three Mile Island Accident by the Office of Inspection and Enforcement, NUREG-0600
  • "Three Mile Island; A Report to the Commissioners and to the Public," by Mitchell Rogovin and George T.

Frampton, NUREG/CR-1250, 1980 (Vol. I, Vol. II Pt.

1, Vol. II Pt. 2, Vol. II Pt. 3)

  • "Lessons learned From the Three Mile Island - Unit 2 Advisory Panel," NUREG/CR-6252
  • The Status of Recommendations of the President's Commission on the Accident at Three Mile Island," (A ten-year review), NUREG-1355
  • "Environmental Impact Statement related to decontamination and disposal of radioactive wastes resulting from March 28, 1979 accident Three Mile Island Nuclear Station, Unit 2," NUREG-0683 (Vol.

I, Vol. II)

  • "Three Mile Island Accident of 1979 Knowledge Management Digest - Overview", NUREG/KM-0001 47

Building the PRA Model Develop understanding how the facility responds to perturbations

  • Physical responses (neutronic, thermal-hydraulic)
  • Automatic responses (reactor trip/turbine trip, mitigating equipment actuations
  • Operator responses (per procedures)

Define end states of interest 48

Building the PRA Model

- Event trees to model the sequence of events from an initiating event to an end state

- Fault trees to model failure of mitigating system functions, including equipment dependencies to function as required

- Frequency and probability estimates for model elements (e.g., initiating events, component failures, operator errors)

  • Outputs may include

- Core damage frequency (Level 1 PRA)

- Release frequencies (Level 2)

- Radiological consequences to public (Level 3) 49

Retrieved from "https://kanterella.com/w/index.php?title=ML23338A278&oldid=3644114"