Lecture 9-1 Challenges 2019-01-23

ML19011A442
Person / Time
Issue date:	01/16/2019
From:	Office of Nuclear Regulatory Research
To:
Nathan Siu 415-0744
Shared Package
ML19011A416	List: ML19011A417 ML19011A418 ML19011A419 ML19011A420 ML19011A421 ML19011A422 ML19011A423 ML19011A424 ML19011A425 ML19011A426 ML19011A427 ML19011A428 ML19011A429 ML19011A430 ML19011A431 ML19011A432 ML19011A433 ML19011A434 ML19011A435 ML19011A436 ML19011A437 ML19011A438 ML19011A439 ML19011A440 ML19011A441 ML19011A442 ML19011A443 ML19011A444 ML19011A445 ML19011A446 ML19011A447 ML19011A448 ML19011A449 ML19011A450 ML19011A451
References
Download: ML19011A442 (38)
v • d • e

Text

Challenges for NPP PRA Lecture 9-1 1

Course Overview Schedule Wednesday 1/16 Thursday 1/17 Friday 1/18 Tuesday 1/22 Wednesday 1/23 3: Characterizing 7: Learning from Module 1: Introduction Uncertainty 5: Basic Events Operational Events 9: The PRA Frontier L3-1: Probabilistic L5-1: Evidence and L9-1: Challenges for NPP 9:00-9:45 L1-1: What is RIDM?

modeling for NPP PRA estimation L7-1: Retrospective PRA PRA 9:45-10:00 Break Break Break Break Break L1-2: RIDM in the nuclear L3-2: Uncertainty and L5-2: Human Reliability L7-2: Notable events and L9-2: Improved PRA using 10:00-11:00 industry uncertainties Analysis (HRA) lessons for PRA existing technology L9-3: The frontier: grand W1: Risk-informed W2: Characterizing W6: Retrospective 11:00-12:00 thinking uncertainties W4: Bayesian estimation Analysis challenges and advanced methods 12:00-1:30 Lunch Lunch Lunch Lunch Lunch 4: Accident 6: Special Technical 8: Applications and Module 2: PRA Overview 10: Recap Sequence Modeling Topics Challenges L8-1: Risk-informed L2-1: NPP PRA and RIDM: regulatory applications 1:30-2:15 early history L4-1: Initiating events L6-1: Dependent failures L8-2: PRA and RIDM L10-1: Summary and closing remarks infrastructure 2:15-2:30 Break Break Break Break L2-2: NPP PRA models L4-2: Modeling plant and L6-2: Spatial hazards and L8-3: Risk-informed fire Discussion: course 2:30-3:30 and results system response dependencies protection feedback L6-3: Other operational L2-3: PRA and RIDM: W3: Plant systems modes 3:30-4:30 point-counterpoint modeling L6-4: Level 2/3 PRA:

L8-4: Risk communication Open Discussion beyond core damage 4:30-4:45 Break Break Break Break W3: Plant systems W5: External Hazards 4:45-5:30 modeling (cont.) modeling Open Discussion Open Discussion 5:30-6:00 Open Discussion Open Discussion 2

Overview Key Topics

• Stakeholder perspectives

• Sample viewpoints

- Fleming (2003)

- Mosleh (2012)

- Siu et al., (2013, 2016) 3

Overview Resources

• K.N. Fleming, Issues and Recommendations for Advancement of PRA Technology in Risk-Informed Decision Making, NUREG/CR-6813, April 2003.

• A. Mosleh, Delivering on the Promise: PRA, Real Decisions, and Real Events, Closing Plenary Talk, International Conference on Probabilistic Safety Assessment and Management (PSAM 11/ESREL 2012), Helsinki, Finland, June 25-29, 2012. (Available from:

http://www.iapsam.org/www.psam11.org/www/fi/program/PSAM11-ESREL_2012_CL-Fr4_Ali_Mosleh.pdf)

• Siu, N., et al., PSA technology challenges revealed by the Great East Japan Earthquake, Proceedings of PSAM Topical Conference in Light of the Fukushima Dai-Ichi Accident, Tokyo, Japan, April 15-17, 2013. (ADAMS ML13038A203)

• N. Siu, et al., PSA technology reminders and challenges revealed by the Great East Japan Earthquake: 2016 update, Proceedings of 13th International Conference on Probabilistic Safety Assessment and Management (PSAM 13), Seoul, Korea, October 2-7, 2016.

4

Other References

• N. Siu, PRA R&D - Changing the Way We Do Business? Invited Plenary Lecture, ANS International Topical Meeting on Probabilistic Safety Assessment (PSA 2017), Pittsburgh, PA, September 24-28, 2017. (ADAMS ML17263B165) 5

Many Identified Technical Challenges

• PRA is a critically-oriented enterprise

• Recognized good practice (and required by PRA standards): identify/discuss key sources of uncertainty

=> Many views and lists of areas for improvement 6

Risk Assessment Review Group (Lewis Committee) - 1978

• Inadequate data base, wrong statistical methods

• Common cause failure analysis

• Human reliability analysis (particularly operator adaptability)

• Unconvincing screening of some initiators (fires, earthquakes, human-initiated events)

• Site-specific atmospheric dispersion modeling

• Biological effects modeling

• Understated error bounds 7

Perspectives What to Fix? Domain Perspectives 42 Loose nuts Those Guys Here be dragons Seismic LPSD Level 2 Level 3 HRA Other Hazards Fire Level 1 R&D 8

Perspectives What to Fix? Functional Perspectives Analysts/

Users Reviewers Developers 9

Perspectives Developers

• Challenges include

- Academic contribution

- Nexus between personal/professional and $$$

external interests

- Support (especially with declining budgets!)

• Solutions include

- Frameworks, methodologies, conceptual demonstrations

- N+1 projects (New Analysis Technology +

Interesting Problem) 10

Perspectives Analysts/Reviewers

• Challenges include:

- Near-term solutions: heavy time/budget pressure

- Huge problem size and complexity

- Multiple technical communities/cultures

- State of technology: Too much/little diversity, Holes

• Solutions include:

- Approved approaches (Tried and true)

- Engineering judgment

- Acknowledgment of completeness uncertainty 11

Perspectives Users

• Challenges include:

- Fundamental nature of risk problem (complexity, uncertainty, multiple consequence types and potentially large magnitude, multiple stakeholders, )

- Competing problems with attentional and resource demands

- Declining budgets

- Predicting the future (value added, additional benefits) Data from NUREG-1350 (NRC Information Digest)

• Solutions include:

- Near-term focus (today problems)

- Leveraging opportunities (interesting to others?)

12

Perspectives Three Example Perspectives

• Fleming (2003) - what are the technical issues in advancing RIDM, and how might they be addressed?

• Mosleh (2011) - what needs to be done to deliver on the promise of PRA?

• Siu et al. (2013, 2016) - what technical lessons can be developed from the Fukushima Dai-ichi reactor accidents?

13

Fleming Fleming (2003)

• Performed to support ACRS

• Sources

- Interviews

- Case studies in risk-informed regulation (including Davis-Besse head corrosion)

- Experience in performing/reviewing PRAs 14

Fleming Risk-Informed Regulation Success Stories

• Regulatory Guide 1.174 (licensing basis changes)

• Reactor Oversight Process

• Maintenance Rule (10 CFR 50.65)

• Consensus on need to [formally] ensure technical adequacy

• Consensus on improvement of industry PRAs 15

Fleming Risk-Informed Regulation Difficulties

• Scope, level of detail, and technical adequacy of existing PRAs

• Treatment of uncertainties in submittals and reviews

- Unverified modeling assumptions (shared with deterministic analyses)

• Minimum capabilities needed to support RIDM

• Consistency in submittals and reviews

• Potential for risk insights for applications meeting deterministic requirements*

• Could be viewed as a success 16

Fleming Technical Issues

• Use of limited scope PRAs in RG 1.174 applications

• Lack of completeness within specified scope

• Model fidelity

• Lack of uncertainty treatment

• Multi-unit site issues

• Lack of capability to treat ageing issues

• Risk metric issues

• Lack of coherence between probabilistic and deterministic safety approaches 17

Fleming Recommendations

• Update PRA Procedures Guide (NUREG/CR-2300)

• Guidance for treatment of uncertainties

- Analysis

- Use in decision making

• Guidance for deterministic safety evaluations

• Generic estimates for risk contributors from missing PRA scope

• PRA validation program

• Consistent definition of risk 18

Mosleh Mosleh (2012)

• Closing plenary speech at PSAM 2011/ESREL 2012 conference

• Key questions

- Has PRA delivered on its promise?

- How do we gauge PRA performance?

- Are there disparities between what we get and what we think we are getting from PRA and its various derivatives?

- What should be our expectation, and how do we address potential gaps?

19

Mosleh PRA Successes

• PRAs have successfully identified many vulnerabilities that were unknown, not adequately safeguarded against in the original designs, or simply viewed to be unimportant.

• Through ranking of risk contributors by probability and consequence, PRAs have provided a consistent basis for prioritization and implementation of many safety improvements and design decisions 20

Mosleh Main Sources of Uncertainty

• Scenario identification (completeness)

• Level of resolution (binning)

- Level of causality

- Fidelity of definition of basic events

- Probability estimation 21

Mosleh Level of Causality Example: H.B. Robinson Fire (March 28, 2010)

• Complicated event

- Non-vital cable failure => arc flash + breaker failure => reactor trip

- Subsequent equipment malfunctions + operator situation assessment and action failures => complicated shutdown, could have led to reactor coolant pump (RCP) seal LOCA

• Important HRA factors

- Simulator training didnt match actual plant response

- Deficient operating procedure

- Poor command and control

• PRA concerns

- Events would have been screened based on probability

- Important features not easily captured by current methods 22

Mosleh General Concerns and Suggestions

• Concerns

- Potential for screening to miss important scenarios

- How to see vulnerabilities irrespective of the numbers

- Major accidents go beyond initial physical and organizational boundaries: closed systems become open systems

• Suggestions

- Improve causal models for some applications (e.g., SDP)

- Feed accident insights back into PRA methodology

- Make better use of computer power

• Qualitative information from risk models

• Simulation for complex interactions

- Remember risk-informed also means consequence-informed 23

Siu, et al.

Siu, et al. (2013, 2016)

• Performed to support R&D planning

• Limited to lessons directly linked to accidents

• Detailed review of multiple sources for accident progression and conditions

- Official reports

• Government of Japan, National Diet of Japan, TEPCO

• U.S. organizations (National Research Council, INPO, EPRI, ANS)

• International organizations (e.g., IAEA, WHO, UNSCEAR)

- Other papers

- Briefings

• Highlighted key topics and issues + detailed table of challenges and reminders 24

Siu, et al.

Highlighted Topics (2013)

Topic Issues Multiple units/sources, systems not normally analyzed (e.g.,

PSA scope security systems), off-site organizations, post-accident risk Feedback from Level 3 to Level 1/Level 2 (e.g., venting delays Feedback loops due to delayed evacuation), multi-unit/source interactions Intentional conservatisms skewing risk results and insights, Game over modeling masking important scenarios, de-valuing mitigative activities Offsite resources, additional warnings and shocks, toll on Long duration scenarios operators, definition of safe and stable state Beyond design basis events, multiple correlated hazards, External hazards analysis multiple shocks, finite duration of elevated hazard, multiple damage mechanisms Errors of commission, technical support center and external Human reliability analysis decision making, ex-control room actions, new/re-defined (HRA) performance influencing factors, support of creative HRA methods applications Varying views and treatments of uncertainty (e.g., sensitivity Uncertainty in cases, ensemble modeling, probabilistic/non-probabilistic phenomenological codes methods) across technical disciplines Screening of beyond design basis hazards, biases (e.g., focusing Searching vs. screening on extreme events), systematic methods to search for failures 25

Siu, et al.

Highlighted Topics (2016)

Topic Issues Using PSA to ensure defense-in-depth (DID),

External Hazards dealing with full hazard spectrum, treating correlated hazards Human Performance Decision making under severe accident and Human Reliability conditions, ex-control room actions, teamwork Long-duration scenarios, equipment survivability Level 2 PRA and I&C system-related impacts, environmental conditions and habitability Effect of offsite hazard on response, intentional Level 3 PRA venting, onsite contractors, aqueous pathway, training and resources, assessment endpoints 26

Siu, et al.

R&D Implications - HRA example Topic

• Decision making under Advanced Methods severe accident Needed?

conditions

• Mechanistic treatment of many challenges, e.g.,

• Ex-control room actions Choices among options Communications

• Teamwork

• Approximations?

Robotic follower Individual cognition with communications Social organization

• Approximate > None?

27

Siu, et al.

PRA Topics - One View Technical Topic Technical Topic Reactors Level 1 internal events at power Special Topics Human reliability analysis Level 2 Ageing Level 3 Passive components Low power and shutdown (LPSD) Passive systems Digital systems Operational data Common Cause Failure Event analysis Integrated site risk (including multi-unit events, SFP)

Generic safety issues (GSI)

Design and construction Performance indicators and thresholds Internal hazards (e.g., fire, flood, heavy load drop)

New reactors (evolutionary) External hazards (e.g., seismic, flood, wind)

Advanced reactors Security-related events, safety-security interface Emergency preparedness and response Research and test reactors General Systems PRA tools Non-Reactor Geologic repositories Analysis Methods Uncertainty and sensitivity analysis methods and tools Facilities and High-level waste (HLW) and Tools Activities Advanced computational methods Low-level waste/decommissioning Advanced modeling methods (e.g., simulation)

Fuel cycle facilities Elicitation methods Transportation Implementation PRA quality (e.g., guidance, standards)

Sources and Application Risk-informed regulation infrastructure Risk-informed regulation applications Risk perception and communication 28

Comment

• General agreement on broad topic areas, e.g.,

- Human and organizational factors

- External hazards

- Common cause failures

• No consensus sought (yet) or achieved on prioritization of specific items (e.g., errors of commission)

- Varying technical and organizational perspectives on need, value, achievability, cost

- An additional consideration: enterprise risk

• Potential consequences if work is not done (or even attempted)

• Requirements in some countries to use state-of-the-art 29

Additional Slides 30

External Hazards Topic

• Using PSA to ensure Advanced Methods defense-in-depth Needed?

• Dealing with full hazard

• Conceptually straightforward spectrum

• Data (e.g., penetration

• Treating correlated seal failures for flooding)?

hazards

• Need to treat dynamics?

31

Level 2 PSA Topic

• Long-duration scenarios Advanced Methods

• Equipment survivability Needed?

and I&C system-related

• Current technology Temperature impacts Lighting

• Environmental

• Radiation?

Source number, strengths, conditions and and locations habitability Transport Crew information, effect on planning

• Simplifications?

32

Level 3 PSA Topic

• Effect of offsite hazard Advanced Methods on response Needed?

• Intentional venting

• Improved transport and dispersion?

• Onsite contractors Higher resolution

• Aqueous pathway Broader coverage

• Training and resources

• Human behavior (affecting costs)?

• Assessment endpoints Psychological impacts Social response 33

Fukushima Lessons - A More Detailed Look (1 of 5)

Topic/Area Challenges [C] and Reminders [R]

Reactors

1) Extending the PSA scope to address: a) multiple units and sites, b) post-accident shutdown risk, and c) on- and off-site emergency response organizations [C]

2) Treatment of the feedback from offsite consequences to plant decision making [C]

Level 1/2/3 PRA 3) Improving realism of accident progression modeling [C]

4) Addressing long-duration scenarios, including availability of supplemental offsite resources (e.g., fuel oil, water, equipment) [C]

5) Characterizing uncertainty in phenomenological codes [C]

Low Power and 1) Treatment of post-accident shutdown risk [R]

Shutdown 2) Treatment of shutdown risk associated with a pre-emptively shutdown plant [R]

1) Ensuring appropriate use of Fukushima data (and worldwide events) in high-level estimates of CDF [R].

Operational 2) Ensuring adequate basis for excluding operational data, especially for rare or infrequent occurrences [R]

Data 3) Ensuring adequate reliability data for temporary mitigating equipment and systems [C]

4) Ensuring adequate reliability data for containment penetration integrity [R]

Event Analysis 1) Performing real-time on-the-fly event risk analysis for incident response and early investigations [C]

1) Identification and treatment of errors of commission (EOCs), including those involving intentional disabling of passive safety systems [C]

New Reactors 2) Treatment of operator performance when digital systems are lost [C]

3) Addressing staffing requirements (possibly including offsite personnel) when responding to accidents [R]

4) Addressing reliability of passive components (e.g., rupture disks) [R]

34

Fukushima Lessons - A More Detailed Look (2 of 5)

Topic/Area Challenges [C] and Reminders [R]

Non-Reactor Facilities and Activities

1) Treatment of competing resource demands associated with multi-source (e.g., reactor and spent fuel pool -

High Level SFP) scenarios [C]

Waste

2) Treatment of external hazards effects on stored spent fuel [R].

1) Treatment of wastewater concerns (e.g., storage, leakage, area accessibility) on operator actions [C]

2) Treatment of aqueous transport of wastewater and consequences (public safety, environmental, and Low Level economic) [C]

Waste

3) Treatment of groundwater contamination [C]

4) Addressing pre-accident wastewater storage capacity [R]

Implementation and Application PSA Standards 1) Ensuring appropriate treatment of issues identified in this table, especially with respect to external event and Guidance screening [R]

Metrics 1) Development of appropriate risk metrics for multi-unit/source and multi-site scenarios [C]

Risk Perception 1) Treatment of the psychological impact on operators, experts, and decision makers [C]

and 2) Treatment of anticipated non-radiation related fatalities and health effects in evacuation decision making [C]

Communication 3) Framing the risks of NPP operation to allow comparison to other societal and individual risks [C]

35

Fukushima Lessons - A More Detailed Look (3 of 5)

Topic/Area Challenges [C] and Reminders [R]

General Systems Analysis Methods and Tools PSA Tools 1) Ability of PSA codes to solve detailed, multi-source models in reasonable timeframes [C]

Uncertainty 1) Consistent characterization of model uncertainties associated with phenomenological code predictions and Sensitivity (e.g., severe accident progression, earthquake/tsunami prediction, atmospheric transport) [C]

Analysis 2) Quantitative treatment of uncertainties in external hazard analysis [R]

3) Assessment of the effects of model uncertainty on overall results (e.g., combinations of key modeling uncertainties) [R]

Advanced 1) Probabilistic treatment of factors affecting observed accident evolution (e.g., multiple shocks over time; Modeling partial successes, failures, and recoveries; uncertain information; conscious allocation of recovery Methods resources; feedback loops) [C]

2) Treatment of concurrent and correlated hazards (e.g., seismically induced fires) [C]

Elicitation 1) Eliciting (and using) the technical communitys state of knowledge regarding the frequency and Methods magnitude of key (rare) external hazards [R]

36

Fukushima Lessons - A More Detailed Look (4 of 5)

Topic/Area Challenges [C] and Reminders [R]

Special Topics

1) Identification and treatment of errors of commission (EOCs) involving intentional disabling of safety systems [R]

2) Treatment of different or multiple decision makers, including external distractions [C]

3) Treatment of the psychological impact on operators, experts, and decision makers [C]

Human 4) Treatment of the feedback from offsite consequences to plant decision making [C]

Reliability 5) Assessment of the feasibility of recovery actions and delays in performing these actions [R]

Analysis 6) Assessment of the effects of uncertainty (including uncertainties due to loss of instrumentation and control) on operator actions and decision making [R]

7) Assessment of cumulative effects (e.g., fatigue, radiation exposure) on operators [C]

8) Assessment of the variability in plant crew performance [R]

9) Assessment of the possibility of control room or even site abandonment due to hazardous conditions [C]

1) Treatment of failure location(s) and mode(s) for primary system (e.g., suppression pool welds, primary Passive containment penetrations) during severe accident analysis. [C]

Components

2) Addressing reliability of passive components (e.g., rupture disks, drywell penetration and head seal) [R].

Passive 1) Identification and treatment of EOCs involving intentional disabling of passive safety systems [C]

Systems

1) Treatment of operator performance when digital control or safety systems are lost [C]

Digital systems

2) Reliability of digital systems, particularly under harsh or severe accident conditions [C]

1) Treatment of multi-unit and multi-source interactions (e.g., common threats, physical interconnections, Multiple Units physical effects, area events, resource/staffing allocations) [C]

and Sites 2) Treatment of multi-site interactions (e.g., common threats, resource/staffing allocations) [C]

3) Development of appropriate risk metrics for multi-unit/source and multi-site scenarios [C]

37

Fukushima Lessons - A More Detailed Look (5 of 5)

Topic/Area Challenges [C] and Reminders [R]

Special Topics (Cont.)

Internal 1) Treatment of the multiple effects of internal explosions on operations (e.g., scattered radioactive debris Hazards limiting area access, damaged barriers, evacuation on non-essential staff) [C]

1) Characterization and treatment of full spectrum of hazards [C]

2) Treatment of correlated hazards (e.g., earthquake-induced tsunamis and fires) [C]

3) Treatment of multiple shocks (and associated component fragilities) and periods of elevated hazard (e.g.,

tsunami warnings), including direct and psychological effects on staff [C]

External 4) Avoiding premature screening [R]

Hazards 5) Addressing all damage mechanisms for hazards and associated fragilities (e.g., dynamic loadings, water drawdown, debris loading/blocking) [R]

6) Addressing effects of on- and offsite damage caused by external hazard (e.g., anticipated damage to underground piping, availability/installation of portable equipment, effect on offsite resource availability and timing) [R]

Safety-Security 1) Addressing event effects on access systems (e.g., gates, doors) [R]

Interface

1) Treatment of general Level 2 concerns [C,R]

Accident 2) Treatment of Level 2 HRA concerns [C,R]

Management 3) Addressing effects of external event on accident management [R]

4) Modeling of human and organizational behavior in a post core damage environment [C]

1) Treatment of non-radiation related fatalities and health effects, and impact of anticipated effects in evacuation decision making [C]

Emergency 2) Probabilistic treatment of failures in on-site/offsite emergency response, evacuation, and mitigation [C]

Preparedness 3) Addressing delays in evacuation due to poor communication, lack of information, or unavailability of and Response offsite emergency facilities [R]

4) Addressing effects of external event (including but not limited to damage) on evacuation [R]

5) Treatment of multiple offsite population moves due to expanding evacuation zones [R] 38