ML23338A278

From kanterella
Jump to navigation Jump to search
Perspectives on Risk-Informed Decision Making & Regulation
ML23338A278
Person / Time
Issue date: 11/30/2023
From: Coyne K
NRC/RES/DRA
To:
References
Download: ML23338A278 (1)
v  d  e


Text

Perspectives on Risk-Informed Decision-Making & Regulation

Kevin Coyne Senior Level Advisor for PRA Division of Risk Analysis Office of Nuclear Regulatory Research U.S. Nuclear Regulatory Commission Kevin.Coyne@nrc.gov

November 30, 2023 What can go wrong?

What are the consequences?

How likely is it?

And most importantly - why do we care?

2 Outline

  • Motivation for Using Risk Information

- What are the potential costs of an accident ?

- Learning from Operating Experience

- Regulating

  • How are PRAs Developed
  • Regulatory Applications
  • Concluding Thoughts

3 What are the potential costs of an Accident?

4 Nuclear Liability

But what are the costs and likelihood of a nuclear reactor accident?

Is this enough?

Backgrounder on Liability https://www.nrc.gov/reading -rm/doc -

collections/fact-sheets/nuclear-insurance.html

5 Pessimistic Consequence Analysis WASH-740, Theoretical Possibilities and Consequences of Major Accidents in Large Nuclear Power Plants,"

(1957)

Performed to gauge liability costs for nuclear power plants Pessimistic consequence analysis (upper bound: 3,400 fatalities, $7 billion (~$80 billion in 2023 dollars) in property damage)

Exceedingly low probability of a catastrophic reactor accident Some experts held that there is no such thing as a numerical value for the probability of occurrence of a catastrophic accident; that such a thing is unknowable.

Other experts ventured probabilistic opinions (but study stated the numbers had no demonstrable basis in fact)

Core Damage / no release outside reactor vessel: 1E-0 2/yr to 1E-4/yr Core Damage / release contained: 1E-3/yr to 1E-4/yr Major release: 1E-5/yr to 1E-9/yr WASH-740 - https://www.osti.gov/servlets/purl/4344308 6

The emergence of a new tool

  • For a method or approach to be considered a PRA, it must provide:
1) quantitative assessment of the identified risk in terms of scenarios that result in undesired consequence (e.g., core damage or large early release) and their frequencies, and
2) is comprised of specific technical elements in performing the quantification.

NUREG-2122 - PRA Glossary 7

leads to a more rational approach WASH-1400, Reactor Safety Study (1975)

  • Commissioned in 1972; led by Norman Rasmussen
  • One stated purpose of the study was "to provide a basis for submitting recommendations to the Congress regarding the extension or modification of the Price-Anderson Act (ML11129A163)
  • Analyzed two plants: Surry (PWR) and Peach Bottom (BWR)
  • Concluded that risks from nuclear power were very small in comparison to other risks

- PWR core melt probability of 6 x 10-5 /reactor year

- BWR core melt probability of 3 x 10-5/reactor year

- Noted that Previous AEC studies have been based on unrealistic assumptions and have predicted relatively large consequences WASH-1400 - https://www.nrc.gov/docs/ML1533/ML15334A199.pdf 8 WASH-1400

9 WASH-1400

Frequency Property Damage Cost 5E-05/reactor/year <$1 million (< ~$5.9 million - 2023$)

1E-05/reactor/year $150 million (~$890 million - 2023$)

1E-06/reactor/year $1 billion (~$5.9 billion - 2023$)

1E-09/reactor/year $14 billion (~$83 billion - 2023$)

Costs considerations included: For perspective, one event

  • Relocation occurring during the 4.5
  • Denial of land use billion year lifetime of earth
  • Loss of property (housing, translates to a frequency of factories, etc.) ~2E-10 events/year
  • Land cleanup 10 WASH-1400
  • But WASH-1400 drew some criticism - An NRC chartered Risk Assessment Review Group concluded:

- The Executive Summary did not adequately indicate the full extent of the consequences and did not sufficiently emphasize the uncertainties

- Data in the report did not support the conclusions about the relative risks of nuclear power

- Weaknesses in the peer review process

  • In January 1979, the NRC Commission withdrew its endorsement of the executive summary

- However, also noted that W AS H-1400 made the study of reactor safety more rational, established the topology of many accident sequences, and delineated procedures through w hich quantitative estimates of the risk can be derived

11 NUREG-1150

NUREG-1150,Severe Accident Risks: An Assessment of Five U.S. Nuclear Power Plants (1990)

- Surry - W 3 Loop, Subatmospheric

- Zion - W 4 Loop, Large dry

- Sequoyah - W 4 Loop, Ice

- Peach Bottom - GE BWR4, Mark I

- Grand Gulf - GE BWR6, Mark III

  • Updates the estimates of the WASH-1400 Reactor Safety Study;
  • Includes extensive peer review and quantitative estimates of risk uncertainty in response to a principal criticism of the Reactor Safety Study; and
  • Supported the later development of the NRC's individual plant examination (IPE) process - The IPE (and IPEEE process for external hazards) was an important step in closing out post Three Mile Island severe accident concerns.

NUREG-1150: https://www.nrc.gov/reading-rm/doc -collections/nuregs/staff/sr1150/

12 NUREG-1150

13 Recent Cost Estimates

Facility/ Unit Reactor Rated Geography Offsite Frequency Environmental Type Power Economic ( /year)

NUREG-1150 Report Level Cost did not provide Accession # (MW(t)) (Billions of 2019$)

detailed cost estimates, but Indian Point/ 2 PWR 3,216 Urban/ 42.2 6.50E -07 cost estimate ML071210562 Landlocked 3 PWR 3,216 Urban/ 36.8 9.43E -07 information can Landlocked be found in Nine Mile Point/ 1 BWR 1,850 Rural/ 6.05 3.09E -06 Severe ML041490222 Shoreline 2 BWR 3,467 Rural/ 10.89 6.82E -06 Accident Shoreline Management Sequoyah/ 1 PWR 1,148 Rural/ 11.96 6.43E -06 ML13024A010 Landlocked Alternative 2 PWR 1,126 Rural/ 11.96 7.41E -06 (SAMA) reviews Landlocked done for license Fermi/ 2 BWR 1,535 Urban/ 56.8 7.20E -06 ML14121A540 Shoreline renewals under Waterford/ 3 PWR 3,716 Urban/ 29.7 1.88E -06 10 CFR 54. ML16088A324 Shoreline

Data extracted from Table 3-1 of NUREG/CR-7293 14 Learning from Operating Experience

15 What can go wrong?

Three Mile Island Accident, March 28, 1979

  • TMI-2 was operating at between 97% and 98% full power. A loss of feedwater occurred at 4 am, resulting in a turbine trip

- Emergency feedwater starts, but block valves are closed

- PZR PORV opens ~3 seconds after turbine trip

- Reactor trips ~8 seconds after turbine trip

- PZR PORV reaches closure setpoint ~13 seconds after turbine trip, but does not close.

  • ~2 minutes after turbine trip, engineered safeguards initiate to provide RCS makeup water. Operators manually decrease injection flow and increase letdown to prevent solid PZR.
  • At 5:41 last two operating RCPs are stopped (due to high vibration). Fuel begins overheating.
  • At 6:18 am, the PORV block valve is closed

16 Three Mile Island Accident

A few Recommendations from the Rogovin Report (NUREG/CR-1250) include

  • new mechanisms to evaluate operating experience and to ensure that necessary changes are implemented in the regulatory program Two similar events happened prior to TMI - Beznau (Switzerland, 1975) and Davis Besse (1977). Operators in these cases appropriately addressed the events, but operating experience was not shared broadly
  • Substantial changes in the bases used to review the safety of reactor designs, including the application of quantitative risk assessment methods to potential accident sequences in order to augment the current design basis accident approach.
  • it is time for the NRC to strive to establish a substantive risk objective for nuclear powerplants, a clear guideline as to "how safe is safe enough."

https://www.osti.gov/servlets/purl/5395798 17 Advancing Risk-Informed Decision Making

What can we do with PRA and risk techniques?

18 NRC PRA Policy

PRA Policy Statement (60 FR 42622; August 16, 1995)

(1) The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of -the-art in PRA methods and data and in a manner that complements the NRCs deterministic approach and supports the NRCs traditional defense-in-depth philosophy.

(2) PRA and associated analyses should be used in regulatory matters, where practical within the bounds of the state-of-the-art, to reduce unnecessary conservatism associated with current regulatory requirements, regulatory guides, license commitments, and staff practices. Where appropriate, PRA should be used to support the proposal for additional regulatory requirements in accordance with 10 CFR 50.109 (Backfit Rule).

https://www.nrc.gov/reading -rm/doc -collections/commission/policy/60fr42622.pdf 19 NRC PRA Policy

PRA Policy Statement (cont)

(3) PRA evaluations in support of regulatory decisions should be as realistic as practicable and appropriate supporting data should be publicly available for review.

(4) The Commissions safety goals for nuclear pow er plants and subsidiary numerical objectives are to be used with appropriate consideration of uncertainties in making regulatory judgments on the need for proposing and backfitting new generic requirements on nuclear power plant licensees.

20 Development of PRAs

21 End States

Core damage frequency - The sum of the accident sequence frequencies of those accident sequences whose end state is core damage. A core damage is typically defined as the onset of sufficient damage to the core that (1) if not immediately arrested could potentially result in a release of radioactive material from the core, and (2) if released from the vessel and containment, could result in offsite public health effects.

Large early release frequency -The frequency of a rapid, unmitigated release of airborne fission products from the containment to the environment that occurs before effective implementation of offsite emergency response, and protective actions, such that there is a potential for early health effects.

(see NUREG-2122: https://www.nrc.gov/docs/ML1331/ML13311A353.pdf )

22 Assembling the PRA

CORE DAMAGE SEQUENCES:

Reactor Trip SUCCEEDS & CORE DAMAGE CUTSETS:

High Pressure Injection FAILS &

Reducing Pressure SUCCEEDS &

Low Pressure Injection FAILS HPI TANK FAILS &

LPI PUMP A FAILS & LPI PUMP B FAILS

  • may be many for each tree! !)

HPI PUMP A FAILS & HPI PUMP B FAILS &

SYSTEM CUTSETS: L P I TAN K FAI L S

  • PUMP A FAILS & PUMP B FAILS * (many combinations per sequence!)
  • TAN K FAI L S
  • may be many for each tree!
  • CORE DAMAGE FREQUENCY
  • UNCERTAINTY ANALYSIS FAILURE PROBABILITIES &
  • IMPORTANCE MEASURES INITIATING EVENT FREQUENCIES
  • SENSITIVITY STUDIES
  • RISK INSIGHTS

23 PRA Applications

  • Risk-Informed Licensing
  • Regulatory and Cost-Benefit Analysis
  • Oversight

24 Regulatory Guidance

25 RG 1.174: Risk-Informed Licensing

RG 1.174, Revision 3 - https://www.nrc.gov/docs/ML1731/ML17317A256.pdf 26 Defense in Depth Considerations:

  • Preserve a reasonable balance among the layers of defense.
  • Capability of design features without an See also overreliance on programmatic activities NUREG/KM-0009,
  • Redundancy, independence, and diversity Historical Review and Observations of

- (including consideration of uncertainty) Defense-in -Depth

docs/ML1610/ML161 Common Cause Failures 04A071.pdf )

  • Multiple fission product barriers
  • Defense against human errors
  • Meet the intent of the plants design criteria.

27 Safety Margins

Considerations:

  • Assess the impact of the proposed licensing basis change on the functional capability, reliability, and availability of affected equipment.
  • Fundamental safety principles that are the basis of design and operation are not compromised
  • With sufficient safety margins:

- (1) the codes and standards or their alternatives approved for use by the NRC are met and

- (2) safety analysis acceptance criteria in the licensing basis (e.g., FSAR, supporting analyses) are met or proposed revisions provide sufficient margin to account for uncertainty in the analysis and data.

28 Small Risk Changes

Also evaluate the impact of uncertainties - see NUREG-1855 for additional information

And remember -

PRAs reveal uncertainty, they do not generate it!

29 Performance Monitoring

Considerations:

  • Ensure that no unexpected adverse safety degradation occurs because of the change(s) to the licensing basis.
  • Track the performance of equipment that can affect the conclusions of the engineering evaluation and integrated decision-making
  • Include provisions for specific cause determination, trending of degradation and failures, and corrective actions
  • Can leverage other programs such as monitoring performed under 10 CFR 50.65, Monitoring the Effectiveness of Maintenance

30 Risk-Informed Licensing

Specific licensing applications include

  • Technical Specification changes (e.g., risk-informed completion times, end states)
  • Risk-Informed treatment and categorization of systems, structures, and components
  • Performance based fire protection (NFPA-805)

See the NRCs Risk-Informed Activities webpage for more information:

https://www.nrc.gov/about-nrc/regulatory/risk-informed/rpp.html

31 Regulatory Analysis

Draft Final NUREG/BR-0058, Regulatory Analysis Guidelines of the U.S. Nuclear Regulatory Commission, Revision 5, SECY 2020-0008 ( https://www.nrc.gov/docs/ML1710/ML17100A480.pdf )

32 Past Reactor Assessment Process

Between 1980 and 1998, the Systematic Evaluation of Licensee Performance (SALP) process was used. SALP evaluations were conducted every 12 to 24 months.

However, issues were identified with the SALP process:

(1) Assessments (at times) not clearly focused on the most safety important issues, (2) Assessment process consists of redundant actions and outputs, and (3) Assessments are overly subjective the NRC staff informed Millstone Unit 3, with NRC action taken in a manner American Electric Power Co. is listed on the that is at times neither scrutable of declining performance at Watch List as a D.C. Cook Units 1 and 2. "Category 2" plant nor predictable. authorized to operate with close NRC monitoring.

SECY 99-007, January 8, 1999 33 Revised Reactor Assessment Process

  • Performance indicators used to monitor performance
  • Baseline and supplemental inspections

https://www.nrc.gov/reactors/operating/oversight.html

34 Significance Determination Process

  • Green - indicates that licensee performance is acceptable and CDF < 1E-6 cornerstone objectives are fully met LERF with nominal risk and deviation. Green
  • White - indicates an acceptable level of performance by the licensee, but 1E-6 < CDF 1E outside the nominal risk range. 1E-7 < LERF White
  • Yellow - indicates a decline in licensee performance that is still acceptable with 1E-5 < CDF 1E cornerstone objectives met, but with 1E-6 < LERF Yellow significant reduction in safety margin.
  • Red - indicates a decline in licensee CDF 1E performance that is associated with an LERF Red unacceptable loss of safety margin.

IMC 0308, Reactor Oversight Process Basis Document 35 Current Assessment Process

IMC 0305, Operating Reactor Assessment Process Accident Sequence Precursor Analysis

  • Program recommended by the WASH -1400 Risk Assessment Review Group (1978)*
  • Program Objectives Include:

- Evaluate operating events and trends for safety implications and to enhance the regulatory framework as warranted.

- Assists in the prevention of accident precursors and reductions of safety margins at commercial nuclear power plants that are of high safety significance.

- Provide a partial validation of the current state of practice in risk assessment.

- Provide feedback to regulatory activities ad programs.

- Supports the NRCs Congressional Budget Justification

Precursor -

CCDP or CDP greater than or equal to 10-6

U.S. Nuclear Regulatory Commission Accident Sequence Precursor Program 2022 Annual Report, https://www.nrc.gov/docs/ML2311/ML23116A067.pdf 38 Accident Sequence Precursor Analysis Historical ASP Results (1969-2020)

ASP Webpage: https://www.nrc.gov/about-nrc/regulatory/research/asp.html 39 Concluding Thoughts

  • Risk-informed regulatory approaches can benefit the regulator, public, and industry

- Focus attention on issues most pertinent to public health and reduce unnecessary conservatism

- Help ensure regulatory response is commensurate with safety impact

- Provides a framework to organize complex information

- Can foster a more open and transparent regulatory process

40 Careers at the NRC

  • NRC is an independent agency established to ensure public health and safety, to promote the common defense and security, and to protect the environment.

- NRC budget (FY2023) is roughly $930 million, including

~ 2,900 full time staff

- Core positions include engineers (nuclear, mechanical, chemical, electrical, environmental, materials), scientists (health physicists, geologists, hydrologists, seismologists), and security specialists.

- Many staff have advanced degrees and help us take on emerging complex challenges

  • Opportunities for students, co-ops, and recent graduates

- Undergraduate scholarships and graduate fellowships (through University Grant Awards)

- Co-operative Education Program

- Summer Student Program

- Nuclear Regulator Apprenticeship Network

  • More information about careers at the NRC (including benefits of Federal employment) can be found here:

https://www.nrc.gov/about-nrc/employment.html 41 Questions?

42 Background Slides

43 Nuclear Liability

Price Anderson Act (Sept. 2, 1957)

  • Removed barriers to private sector participation in the nuclear industry by placing a cap on the total amount of liability each nuclear power plant licensee faces in the event of an accident
  • Assured that a significant amount of funds would be available to satisfy claims following a nuclear event Melvin Price (D-IL)

($13.5 billion in 2022)

  • Periodically reviewed - the Energy Policy Act of 2005 extended the Price-Anderson Act coverage to Dec. 31, 2025.
  • NRC recently provided a report to Congress recommending continuation (NUREG/CR-7293)

Clinton Anderson (D-NM)

Backgrounder on Liability https://www.nrc.gov/reading -rm/doc -collections/fact-sheets/nuclear-insurance.html 44 Three Mile Island

45 Three Mile Island Accident

Several operator challenges

  • Failure to recognize open PZR PORV valve despite several indications (discharge temperature, reactor drain collecting tank pressure, containment sump level)
  • Failure to recognize EFW block valves closed
  • Interpretation of PZR Level and recognition of saturated conditions in the RCS

As noted in NUREG-1250, Volume 1: The operators on duty at TMI-2 early on the morning of March 28 were faced with misleading instruments, plant parameters they had never been trained to understand, and procedures that offered no useful assistance.

46 Three Mile Island Accident

  • Population Dose and Health Impact of the Accident at the Three Mile Island Nuclear Station," NUREG-0558
  • "Investigation into the March 28, 1979 Three Mile Island Accident by the Office of Inspection and Enforcement, NUREG-0600
  • "Three Mile Island; A Report to the Commissioners and to the Public," by Mitchell Rogovin and George T.

Frampton, NUREG/CR-1250, 1980 ( Vol. I,Vol. II Pt.

1, Vol. II Pt. 2, Vol. II Pt. 3)

  • "Lessons learned From the Three Mile Island - Unit 2 Advisory Panel," NUREG/CR-6252
  • The Status of Recommendations of the President's Commission on the Accident at Three Mile Island," (A ten-year review), NUREG-1355
  • "Environmental Impact Statement related to decontamination and disposal of radioactive wastes resulting from March 28, 1979 accident Three Mile Island Nuclear Station, Unit 2," NUREG-0683 ( Vol.

I, Vol. II)

  • "Three Mile Island Accident of 1979 Knowledge Management Digest - Overview", NUREG/KM-0001

47 Building the PRA Model

Develop understanding how the facility responds to perturbations

  • Physical responses (neutronic, thermal-hydraulic)
  • Automatic responses (reactor trip/turbine trip, mitigating equipment actuations
  • Operator responses (per procedures)

Define end states of interest

48 Building the PRA Model

- Event trees to model the sequence of events from an initiating event to an end state

- Fault trees to model failure of mitigating system functions, including equipment dependencies to function as required

- Frequency and probability estimates for model elements (e.g., initiating events, component failures, operator errors)

  • Outputs may include

- Core damage frequency (Level 1 PRA)

- Release frequencies (Level 2)

- Radiological consequences to public (Level 3)

49

Retrieved from "https://kanterella.com/w/index.php?title=ML23338A278&oldid=3683978"