ML23338A278
| ML23338A278 | |
| Person / Time | |
|---|---|
| Issue date: | 11/30/2023 |
| From: | Coyne K NRC/RES/DRA |
| To: | |
| References | |
| Download: ML23338A278 (1) | |
Text
Perspectives on Risk-Informed Decision-Making & Regulation Kevin Coyne Senior Level Advisor for PRA Division of Risk Analysis Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission Kevin.Coyne@nrc.gov November 30, 2023
What can go wrong?
What are the consequences?
How likely is it?
And most importantly - why do we care?
2
Outline
- Motivation for Using Risk Information
- What are the potential costs of an accident?
- Learning from Operating Experience
- Regulating
- How are PRAs Developed
- Regulatory Applications
- Concluding Thoughts 3
What are the potential costs of an Accident?
4
Nuclear Liability But what are the costs and likelihood of a nuclear reactor accident?
Is this enough?
5 Backgrounder on Liability https://www.nrc.gov/reading-rm/doc-collections/fact-sheets/nuclear-insurance.html
Pessimistic Consequence Analysis WASH-740, Theoretical Possibilities and Consequences of Major Accidents in Large Nuclear Power Plants,"
(1957)
Performed to gauge liability costs for nuclear power plants
Pessimistic consequence analysis (upper bound: 3,400 fatalities, $7 billion (~$80 billion in 2023 dollars) in property damage)
Exceedingly low probability of a catastrophic reactor accident
Some experts held that there is no such thing as a numerical value for the probability of occurrence of a catastrophic accident; that such a thing is unknowable.
Other experts ventured probabilistic opinions (but study stated the numbers had no demonstrable basis in fact)
Core Damage / no release outside reactor vessel: 1E-02/yr to 1E-4/yr
Core Damage / release contained: 1E-3/yr to 1E-4/yr
Major release: 1E-5/yr to 1E-9/yr 6
WASH-740 - https://www.osti.gov/servlets/purl/4344308
The emergence of a new tool Probabilistic Risk Assessment (PRA) - A systematic method for assessing the likelihood of accidents and their potential consequences For a method or approach to be considered a PRA, it must provide:
- 1) quantitative assessment of the identified risk in terms of scenarios that result in undesired consequence (e.g., core damage or large early release) and their frequencies, and
- 2) is comprised of specific technical elements in performing the quantification.
NUREG-2122 - PRA Glossary 7
leads to a more rational approach WASH-1400, Reactor Safety Study (1975)
Commissioned in 1972; led by Norman Rasmussen One stated purpose of the study was "to provide a basis for submitting recommendations to the Congress regarding the extension or modification of the Price-Anderson Act (ML11129A163)
Analyzed two plants: Surry (PWR) and Peach Bottom (BWR)
Concluded that risks from nuclear power were very small in comparison to other risks
- PWR core melt probability of 6 x 10-5 /reactor year
- BWR core melt probability of 3 x 10-5/reactor year
- Noted that Previous AEC studies have been based on unrealistic assumptions and have predicted relatively large consequences 8
WASH-1400 - https://www.nrc.gov/docs/ML1533/ML15334A199.pdf
WASH-1400 9
WASH-1400 Frequency Property Damage Cost 5E-05/reactor/year
<$1 million (< ~$5.9 million - 2023$)
1E-05/reactor/year
$150 million (~$890 million - 2023$)
1E-06/reactor/year
$1 billion (~$5.9 billion - 2023$)
1E-09/reactor/year
$14 billion (~$83 billion - 2023$)
10 Costs considerations included:
- Relocation
- Denial of land use
- Loss of property (housing, factories, etc.)
- Land cleanup For perspective, one event occurring during the 4.5 billion year lifetime of earth translates to a frequency of
~2E-10 events/year
WASH-1400
- But WASH-1400 drew some criticism - An NRC chartered Risk Assessment Review Group concluded:
- The Executive Summary did not adequately indicate the full extent of the consequences and did not sufficiently emphasize the uncertainties
- Data in the report did not support the conclusions about the relative risks of nuclear power
- Weaknesses in the peer review process
- In January 1979, the NRC Commission withdrew its endorsement of the executive summary
- However, also noted that WASH-1400 made the study of reactor safety more rational, established the topology of many accident sequences, and delineated procedures through which quantitative estimates of the risk can be derived 11
NUREG-1150 NUREG-1150,Severe Accident Risks: An Assessment of Five U.S. Nuclear Power Plants (1990)
Surry - W 3 Loop, Subatmospheric Zion - W 4 Loop, Large dry Sequoyah - W 4 Loop, Ice Peach Bottom - GE BWR4, Mark I Grand Gulf - GE BWR6, Mark III Updates the estimates of the WASH-1400 Reactor Safety Study; Includes extensive peer review and quantitative estimates of risk uncertainty in response to a principal criticism of the Reactor Safety Study; and Supported the later development of the NRC's individual plant examination (IPE) process - The IPE (and IPEEE process for external hazards) was an important step in closing out post Three Mile Island severe accident concerns.
12 NUREG-1150: https://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr1150/
NUREG-1150 13
Recent Cost Estimates 14 NUREG-1150 did not provide detailed cost estimates, but cost estimate information can be found in Severe Accident Management Alternative (SAMA) reviews done for license renewals under 10 CFR 54.
Data extracted from Table 3-1 of NUREG/CR-7293 Facility/
Environmental Report Accession #
Unit Reactor Type Rated Power Level (MW(t))
Geography Offsite Economic Cost (Billions of 2019$)
Frequency
( /year)
Indian Point/
PWR 3,216 Urban/
Landlocked 42.2 6.50E-07 3
PWR 3,216 Urban/
Landlocked 36.8 9.43E-07 Nine Mile Point/
BWR 1,850 Rural/
Shoreline 6.05 3.09E-06 2
BWR 3,467 Rural/
Shoreline 10.89 6.82E-06 Sequoyah/
PWR 1,148 Rural/
Landlocked 11.96 6.43E-06 2
PWR 1,126 Rural/
Landlocked 11.96 7.41E-06 Fermi/
BWR 1,535 Urban/
Shoreline 56.8 7.20E-06 Waterford/
PWR 3,716 Urban/
Shoreline 29.7 1.88E-06
Learning from Operating Experience 15
What can go wrong?
Three Mile Island Accident, March 28, 1979 TMI-2 was operating at between 97% and 98% full power. A loss of feedwater occurred at 4 am, resulting in a turbine trip Emergency feedwater starts, but block valves are closed PZR PORV opens ~3 seconds after turbine trip Reactor trips ~8 seconds after turbine trip PZR PORV reaches closure setpoint ~13 seconds after turbine trip, but does not close.
~2 minutes after turbine trip, engineered safeguards initiate to provide RCS makeup water. Operators manually decrease injection flow and increase letdown to prevent solid PZR.
At 8 minutes after turbine trip, the operators open emergency feedwater block valves.
At 5:41 last two operating RCPs are stopped (due to high vibration). Fuel begins overheating.
At 6:18 am, the PORV block valve is closed At 7:50 pm, one reactor coolant pump restarted and reasonably stable conditions are established.
https://www.osti.gov/servlets/purl/6881334 16
Three Mile Island Accident A few Recommendations from the Rogovin Report (NUREG/CR-1250) include new mechanisms to evaluate operating experience and to ensure that necessary changes are implemented in the regulatory program Two similar events happened prior to TMI - Beznau (Switzerland, 1975) and Davis Besse (1977). Operators in these cases appropriately addressed the events, but operating experience was not shared broadly Substantial changes in the bases used to review the safety of reactor designs, including the application of quantitative risk assessment methods to potential accident sequences in order to augment the current design basis accident approach.
it is time for the NRC to strive to establish a substantive risk objective for nuclear powerplants, a clear guideline as to "how safe is safe enough."
https://www.osti.gov/servlets/purl/5395798 17
Advancing Risk-Informed Decision Making What can we do with PRA and risk techniques?
18
NRC PRA Policy PRA Policy Statement (60 FR 42622; August 16, 1995)
(1) The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRCs deterministic approach and supports the NRCs traditional defense-in-depth philosophy.
(2) PRA and associated analyses should be used in regulatory matters, where practical within the bounds of the state-of-the-art, to reduce unnecessary conservatism associated with current regulatory requirements, regulatory guides, license commitments, and staff practices. Where appropriate, PRA should be used to support the proposal for additional regulatory requirements in accordance with 10 CFR 50.109 (Backfit Rule).
19 https://www.nrc.gov/reading-rm/doc-collections/commission/policy/60fr42622.pdf
NRC PRA Policy PRA Policy Statement (cont)
(3) PRA evaluations in support of regulatory decisions should be as realistic as practicable and appropriate supporting data should be publicly available for review.
(4) The Commissions safety goals for nuclear power plants and subsidiary numerical objectives are to be used with appropriate consideration of uncertainties in making regulatory judgments on the need for proposing and backfitting new generic requirements on nuclear power plant licensees.
20
Development of PRAs 21
Core damage frequency - The sum of the accident sequence frequencies of those accident sequences whose end state is core damage. A core damage is typically defined as the onset of sufficient damage to the core that (1) if not immediately arrested could potentially result in a release of radioactive material from the core, and (2) if released from the vessel and containment, could result in offsite public health effects.
Large early release frequency -The frequency of a rapid, unmitigated release of airborne fission products from the containment to the environment that occurs before effective implementation of offsite emergency response, and protective actions, such that there is a potential for early health effects.
(see NUREG-2122: https://www.nrc.gov/docs/ML1331/ML13311A353.pdf )
22 End States
Assembling the PRA 23 CORE DAMAGE SEQUENCES:
- Small LOCA OCCURS &
Reactor Trip SUCCEEDS &
High Pressure Injection FAILS &
Reducing Pressure SUCCEEDS &
Low Pressure Injection FAILS
- may be many for each tree!!)
SYSTEM CUTSETS:
- PUMP A FAILS & PUMP B FAILS
- TANK FAILS
- may be many for each tree!
FAILURE PROBABILITIES &
INITIATING EVENT FREQUENCIES CORE DAMAGE CUTSETS:
- SMALL LOCA &
HPI TANK FAILS &
LPI PUMP A FAILS & LPI PUMP B FAILS
- SMALL LOCA &
HPI PUMP A FAILS & HPI PUMP B FAILS &
LPI TANK FAILS
- (many combinations per sequence!)
- CORE DAMAGE FREQUENCY
- UNCERTAINTY ANALYSIS
- IMPORTANCE MEASURES
- SENSITIVITY STUDIES
- RISK INSIGHTS
PRA Applications
- Risk-Informed Licensing
- Regulatory and Cost-Benefit Analysis
- Oversight 24
Regulatory Guidance 25
RG 1.174: Risk-Informed Licensing 26 RG 1.174, Revision 3 - https://www.nrc.gov/docs/ML1731/ML17317A256.pdf
Defense in Depth Considerations:
- Preserve a reasonable balance among the layers of defense.
- Capability of design features without an overreliance on programmatic activities
- Redundancy, independence, and diversity
- (including consideration of uncertainty)
- Adequate defense against potential Common Cause Failures
- Multiple fission product barriers
- Defense against human errors
- Meet the intent of the plants design criteria.
27 See also NUREG/KM-0009, Historical Review and Observations of Defense-in-Depth (https://www.nrc.gov/
docs/ML1610/ML16104A071.pdf )
Safety Margins Considerations:
- Assess the impact of the proposed licensing basis change on the functional capability, reliability, and availability of affected equipment.
- Fundamental safety principles that are the basis of design and operation are not compromised
- With sufficient safety margins:
- (1) the codes and standards or their alternatives approved for use by the NRC are met and
- (2) safety analysis acceptance criteria in the licensing basis (e.g., FSAR, supporting analyses) are met or proposed revisions provide sufficient margin to account for uncertainty in the analysis and data.
28
Small Risk Changes
- PRA Acceptance Guidelines (RG 1.174) 29 Also evaluate the impact of uncertainties - see NUREG-1855 for additional information And remember -
PRAs reveal uncertainty, they do not generate it!
Performance Monitoring Considerations:
Ensure that no unexpected adverse safety degradation occurs because of the change(s) to the licensing basis.
Track the performance of equipment that can affect the conclusions of the engineering evaluation and integrated decision-making Include provisions for specific cause determination, trending of degradation and failures, and corrective actions Can leverage other programs such as monitoring performed under 10 CFR 50.65, Monitoring the Effectiveness of Maintenance 30
Risk-Informed Licensing 31 Specific licensing applications include
- Technical Specification changes (e.g., risk-informed completion times, end states)
- Risk-Informed treatment and categorization of systems, structures, and components
- Performance based fire protection (NFPA-805)
- New reactor licensing risk insights (10 CFR 52)
- Low Safety Significance Issue Resolution Process See the NRCs Risk-Informed Activities webpage for more information:
https://www.nrc.gov/about-nrc/regulatory/risk-informed/rpp.html
Regulatory Analysis Draft Final NUREG/BR-0058, Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission, Revision 5, SECY 2020-0008 (https://www.nrc.gov/docs/ML1710/ML17100A480.pdf )
32
Past Reactor Assessment Process Between 1980 and 1998, the Systematic Evaluation of Licensee Performance (SALP) process was used. SALP evaluations were conducted every 12 to 24 months.
However, issues were identified with the SALP process:
(1) Assessments (at times) not clearly focused on the most safety important issues, (2) Assessment process consists of redundant actions and outputs, and (3) Assessments are overly subjective with NRC action taken in a manner that is at times neither scrutable nor predictable.
SECY 99-007, January 8, 1999 the NRC staff informed American Electric Power Co.
of declining performance at D.C. Cook Units 1 and 2.
Millstone Unit 3, is listed on the Watch List as a "Category 2" plant authorized to operate with close NRC monitoring.
33
34 https://www.nrc.gov/reactors/operating/oversight.html Revised Reactor Assessment Process
- Performance indicators used to monitor performance
- Baseline and supplemental inspections
Significance Determination Process Green - indicates that licensee performance is acceptable and cornerstone objectives are fully met with nominal risk and deviation.
White - indicates an acceptable level of performance by the licensee, but outside the nominal risk range.
Yellow - indicates a decline in licensee performance that is still acceptable with cornerstone objectives met, but with significant reduction in safety margin.
Red - indicates a decline in licensee performance that is associated with an unacceptable loss of safety margin.
35 CDF < 1E-6 LERF < 1E-7 1E-6 < CDF < 1E-5 1E-7 < LERF < 1E-6 1E-5 < CDF < 1E-4 1E-6 < LERF < 1E-5 CDF > 1E-4 LERF > 1E-5 Green White Yellow Red IMC 0308, Reactor Oversight Process Basis Document
IMC 0305, Operating Reactor Assessment Process Current Assessment Process
Accident Sequence Precursor Analysis
- Program recommended by the WASH-1400 Risk Assessment Review Group (1978)*
- Program Objectives Include:
- Evaluate operating events and trends for safety implications and to enhance the regulatory framework as warranted.
- Assists in the prevention of accident precursors and reductions of safety margins at commercial nuclear power plants that are of high safety significance.
- Provide a partial validation of the current state of practice in risk assessment.
- Provide feedback to regulatory activities ad programs.
- Supports the NRCs Congressional Budget Justification 37
Accident Sequence Precursor Program 38 U.S. Nuclear Regulatory Commission Accident Sequence Precursor Program 2022 Annual Report, https://www.nrc.gov/docs/ML2311/ML23116A067.pdf Precursor -
CCDP or CDP greater than or equal to 10-6
Accident Sequence Precursor Analysis 39 Historical ASP Results (1969-2020)
ASP Webpage: https://www.nrc.gov/about-nrc/regulatory/research/asp.html
Concluding Thoughts
- Risk-informed regulatory approaches can benefit the regulator, public, and industry
- Focus attention on issues most pertinent to public health and reduce unnecessary conservatism
- Help ensure regulatory response is commensurate with safety impact
- Provides a framework to organize complex information
- Can foster a more open and transparent regulatory process 40
Careers at the NRC 41 NRC is an independent agency established to ensure public health and safety, to promote the common defense and security, and to protect the environment.
NRC budget (FY2023) is roughly $930 million, including
~ 2,900 full time staff Core positions include engineers (nuclear, mechanical, chemical, electrical, environmental, materials), scientists (health physicists, geologists, hydrologists, seismologists), and security specialists.
Many staff have advanced degrees and help us take on emerging complex challenges Opportunities for students, co-ops, and recent graduates Undergraduate scholarships and graduate fellowships (through University Grant Awards)
Co-operative Education Program Summer Student Program Nuclear Regulator Apprenticeship Network More information about careers at the NRC (including benefits of Federal employment) can be found here:
https://www.nrc.gov/about-nrc/employment.html
Questions?
42
Background Slides 43
44 Nuclear Liability Price Anderson Act (Sept. 2, 1957)
Removed barriers to private sector participation in the nuclear industry by placing a cap on the total amount of liability each nuclear power plant licensee faces in the event of an accident Assured that a significant amount of funds would be available to satisfy claims following a nuclear event
($13.5 billion in 2022)
Periodically reviewed - the Energy Policy Act of 2005 extended the Price-Anderson Act coverage to Dec. 31, 2025.
NRC recently provided a report to Congress recommending continuation (NUREG/CR-7293)
Backgrounder on Liability https://www.nrc.gov/reading-rm/doc-collections/fact-sheets/nuclear-insurance.html Melvin Price (D-IL)
Clinton Anderson (D-NM)
Three Mile Island 45
Three Mile Island Accident Several operator challenges Failure to recognize open PZR PORV valve despite several indications (discharge temperature, reactor drain collecting tank pressure, containment sump level)
Failure to recognize EFW block valves closed Interpretation of PZR Level and recognition of saturated conditions in the RCS As noted in NUREG-1250, Volume 1: The operators on duty at TMI-2 early on the morning of March 28 were faced with misleading instruments, plant parameters they had never been trained to understand, and procedures that offered no useful assistance.
46
Three Mile Island Accident Population Dose and Health Impact of the Accident at the Three Mile Island Nuclear Station," NUREG-0558 "Investigation into the March 28, 1979 Three Mile Island Accident by the Office of Inspection and Enforcement, NUREG-0600 "Three Mile Island; A Report to the Commissioners and to the Public," by Mitchell Rogovin and George T.
Frampton, NUREG/CR-1250, 1980 (Vol. I, Vol. II Pt.
1, Vol. II Pt. 2, Vol. II Pt. 3)
"Lessons learned From the Three Mile Island - Unit 2 Advisory Panel," NUREG/CR-6252 The Status of Recommendations of the President's Commission on the Accident at Three Mile Island," (A ten-year review), NUREG-1355 "Environmental Impact Statement related to decontamination and disposal of radioactive wastes resulting from March 28, 1979 accident Three Mile Island Nuclear Station, Unit 2," NUREG-0683 (Vol.
I, Vol. II)
"Three Mile Island Accident of 1979 Knowledge Management Digest - Overview", NUREG/KM-0001 47
Building the PRA Model Develop understanding how the facility responds to perturbations
- Physical responses (neutronic, thermal-hydraulic)
- Automatic responses (reactor trip/turbine trip, mitigating equipment actuations
- Operator responses (per procedures)
Define end states of interest 48
Building the PRA Model
- PRA models use
- Event trees to model the sequence of events from an initiating event to an end state
- Fault trees to model failure of mitigating system functions, including equipment dependencies to function as required
- Frequency and probability estimates for model elements (e.g., initiating events, component failures, operator errors)
- Outputs may include
- Core damage frequency (Level 1 PRA)
- Release frequencies (Level 2)
- Radiological consequences to public (Level 3) 49