Nuclear Power Plant Design Basis J.A. Mahn
1
Presentation Objective • After nuclear plant accident like Fukushima, questions on the order of the following inevitably arise: – Shouldn’t all nuclear power plants located near the ocean be permanently shut down? – Shouldn’t nuclear power plants located anywhere near known earthquake faults be permanently shut down? – Aren’t nuclear power plants just too dangerous to continue operating in the U.S.? 2
Presentation Objective (cont.) • Answers to such questions contained in nuclear power plant’s primary design basis documents – Safety analysis report – Probabilistic risk assessment
• Presentation will address – Natural phenomena and manmade events considered in assessing safety of nuclear power plant – How level of “risk” associated with such events is determined – What level of risk considered acceptable and why 3
Nuclear Plant Operational/Accident Safety Objectives • Core reactivity control (i.e., control of fission reaction) • Reactor coolant inventory control • Core heat removal capability • Containment heat removal capability • Radioactivity containment
4
Nuclear Reactor Safety • Basic purpose of nuclear reactor safety is to maintain integrity of multiple barriers to fission product release; supported by three-level defense-indepth approach • Control strategies developed to facilitate steady-power operations and to limit severity and/or mitigate consequences of potential accidents
5
Fission Product Retention Barriers • Fuel Pellet – fission products confined in ceramic matrix • Fuel Pin Cladding – fission products confined by zircalloy or stainless steel clad encapsulating fuel pellets • Cooling Water – retains fission products, especially chemically active semi-volatile elements
6
7
Fission Product Retention Barriers (cont.) • Primary Cooling System Boundary – cooling water and fission products confined within piping and vessels of reactor cooling system • Reactor Containment Building – low leak rate containment building provides barrier to atmospheric release of radionuclides
8
Multiple Barriers Close-up of steam generator showing the 3rd Barrier
1st & 2nd Barriers Pellet & Fuel Rod Cladding
3rd Barrier Primary System Boundary
4th Barrier Reactor Containment
9
Defense-in-Depth Levels • Prevention – seeks to completely avoid operational occurrences that could result in system damage, loss of fuel performance, and abnormal releases of radioactivity • Protection – seeks to halt or deal with unlikely, low-probability incidents and operational occurrences that cause reactor shutdown and potentially lead to minor fuel damage and small releases of radioactivity 10
Defense-in-Depth Levels (cont.) • Mitigation – seeks to limit consequences of accidents if they occur despite execution of prevention and protection measures
11
Aspects of Defense in Depth • Identification of necessary plant redundancies (relies on correct identification of hazards) • Quality in design, construction, and operation • Identification of safety structures, systems, and components • Focus on accident mitigation and containment of radioactive material • Emergency planning
12
Design Basis Accidents • Consistent with defense-in-depth approach to reactor design, wide range of potential “design basis” accidents evaluated to determine overall design acceptability
• Include trivial incidents with little or no release of radioactivity to postulated failures of one or more important reactor plant systems • Potential radiological consequences must be within pre-established limits 13
Design Basis Accident General Event Characterizations • Overcooling – increase in secondary-side heat removal • Undercooling – decrease in secondary-side heat removal • Overfilling – increase in reactor coolant inventory • Loss of coolant flow – decrease in reactor coolant system flow rate • Loss of coolant – decrease in reactor coolant inventory 14
Design Basis Accident General Event Characterizations (cont.) • Reactivity excursion – core reactivity and power distribution anomalies • Anticipated transient without reactor scram • Spent fuel/radioactive waste system release – radioactivity release from a spent fuel assembly or waste handling subsystem or component
15
Design Basis Accident General Event Characterizations (cont.) • External event – natural or human-caused events that can affect plant operating and safety systems – Natural events include phenomena such as floods, hurricanes, tornadoes, earthquakes, and tsunamis – Non-natural events include aircraft impacts and nearby industrial explosions
16
Calculating Risk Risk = Likelihood of Event Occurrence x Event Consequence Example: If the likelihood of occurrence for an event is once in one thousand years (i.e., 1x10-3 per year), and one death is the likely consequence for a group of individuals experiencing the event, then the risk of death for each individual is expressed as 1x10-3 per person per year
17
Quantitative Risk Assessment • Generally necessary for informed risk decisionmaking • Necessarily involves quantifying value of human life – Not intented to value human life or injury in moral sense, but to assign values to life and other loss categories for purpose of making social decisions
• Used to develop perspective on relative risk of reactor operation compared to other energy production technologies, industrial operations, general human activities, and natural events 18
Quantitative Risk Assessment (cont.) • Risk perception generally driven more by consequence magnitude than by event frequency (risk is function of both event probability and consequence) • Technological risk – Perception driven more by extent to which materials and processes are understood (very large complex systems perceived as very high risk) – Readily calculated, but human attitudes toward risk much more complicated ➢Rough correlation of risk magnitude and relative attitude toward death exhibited in following tables 19
U.S. Accident Fatality Statistics Accident
Total Deaths*
Approximate Probability of Death (per person per year)**
Motor vehicles
46,263
2 x 10-4
Falls
11,937
5 x 10-5
Drowning
4,444
2 x 10-5
Medical mishaps
2,463
1 x 10-5
Air travel
1,234
5 x 10-6
Ship/boat travel
1,131
5 x 10-6
570
2 x 10-6
Rail travel All other events
25,031
All accidental death events
93,073
* Source: Vital Statistics of the United States 1985 ** For 1984 total population of approximately 236 million
4 x 10-4
20
General Risk/Attitude Correlation for Involuntary Risk of Death* Involuntary Risk (deaths per person per year) General Attitude 10-2
Natural death reference
10-3
Unacceptable; activities having this involuntary risk difficult to find
10-4
Acceptable; effort and money spent to reduce risk to this level
10-5
Only mild inconvenience acceptable to avoid this level of risk
10-6
Considered an “act of God”
* Starr, C., 1969: “Social Benefits vs. Technological Risk,” Science, Vol. 168, September 19, pp. 1232-1238 21
Risk Acceptability • Quantitative risk assessments generally do not address risk perceptions, or what constitutes “acceptable or tolerable level of risk” • Acceptable level of risk – What individuals or societies willing to accept or tolerate in exchange for perceived benefits – What individuals or societies willing to accept or tolerate in order to avoid taking undesired mitigation measures or costly protective measures – Associated with most acceptable or tolerable option in a decision-making activity 22
Risk Management Maxims* • Everything has hazards, and all hazards have risk • Man lacks omniscience – some risks won’t be known • Man lacks precognition – some risks won’t be foreseen • Resources available to control risks are limited • Things are “safe” only to degree that risks are acceptable – there is no absolute safety • Risk probabilities are finite; low probability mishaps will occur – sometime, somewhere * P.L. Clemens and R.R. Mohr, Concepts in Risk Management, February 2002 23
Operational Risk • As long as people, systems and processes remain imperfect, operational risk cannot be fully eliminated • Nonetheless, operational risk can be managed to keep losses within some level of risk tolerance, determined by balancing costs of risk reduction against expected benefits
24
Nuclear Power Plant Risk • Who specifies minimum acceptable NPP risk? – U.S. NRC specifies tolerable level of risk associated with nuclear power plant operations • Five Commissioners appointed by President and confirmed by Senate for 5-year terms
• What are obligations of power generator with respect to risk compliance? – Plant must be designed, constructed and operated in accordance with U.S. industry standards and best practices imposed by NRC rules and regulations to minimize potential for internal and external events to adversely affect health and safety of plant personnel and general public 25
NPP Risk Assessment • Plant probabilistic risk assessments (PRA) performed to provide realistic and systematic assessments of public risk associated with operation of commercial nuclear power reactors – Reactor Safety Study (WASH-1400) evaluated risks for Surry 1 (PWR) and Peach Bottom 2 (BWR) in 1975, and extrapolated results to 100 nuclear plants expected to be operating in early 1980s – WASH-1400 PRA followed by plant probabilistic safety assessments (PSA) and independent plant examinations (IPE) 26
NPP Risk Assessment (cont.) • Assessment of power plant risk intended to achieve following objectives: – Identify initiating events and event sequences that might contribute significantly to public risk – Provide realistic quantitative measures of the likelihood of risk contributors – Provide realistic evaluation of potential consequences associated with hypothetical accident sequences – Provide reasonable risk-based framework for making decisions regarding nuclear power plant design and operation 27
NPP Risk Assessment (cont.) • In addition to meltdown-accident sequences, effects of earthquakes, tornadoes, floods, aircraft impact, and tidal waves evaluated in WASH-1400 – All found to have relatively low risks because they had been accommodated in plant design basis – Overall reactor accident risk in each area calculated by integrating spectrum of accident consequences and their frequencies
28
NPP Risk Assessment (cont.) • WASH-1400 study drew following conclusions for reference 100-LWR population expected to be operating during 1980s 1. Most likely core meltdown accident has modest public consequences (validated by TMI-2 accident) 2. Reactor accidents have consequences no larger, and often much smaller, than those to which public already exposed 3. Frequency of reactor accidents smaller than most other accidents with similar consequences
29
NPP Risk Assessment (cont.) • Nuclear reactor safety continues to evolve, and risk-informed activities have become ingrained in U.S. nuclear power plant operation – Major use of PSA and related techniques is accident management – Industry performance improvements translate directly into reduced plant risk levels – “Risk” has become context for both safety assessment and communication with public
30
NPP Risk Assessment (cont.) • How much risk is general public exposed to by operation of nuclear power plant? – ~2000 reactor-years of experience accumulated without fatal accident suggests that probability of nuclear-caused fatality should be <<10-3/reactor year for accident events considered by WASH-1400 – Since Three Mile Island and Fukushima nuclear power plant accidents resulted in no fatalities (immediate or latent radiation-induced cancers) despite being core melt events, WASH-1400 latent cancer fatality risk curves represent valid measures of public risk from nuclear power plant operation 31
Exceedance Probability for Latent Cancer Fatalities Per Year (WASH-1400)
32
Caution Re: Risk Probability • We can easily get caught in trap of believing that because we can calculate event frequency we therefore know likelihood of occurrence of an event – Such calculations, although necessary for performing bona fide risk assessments, must not be afforded absolute status – Low probability events do occur despite best efforts to minimize their likelihood of occurrence
33
Occurrence of Low Probability Events Just because an event has an extremely low probability or frequency, it can still happen today, tomorrow, or next week. In fact, it can occur today, and tomorrow, and next week. It is not likely, but neither are any other catastrophes that strike without any apparent schedule (e.g., earthquakes, floods, tsunamis, etc.).
34
Caution Re: Radiation Risk Consequences • Radiation exposure consequence assessments exceed what is actually observed – LNT dose-response model assumes that any radiation exposure, no matter how small, produces cancer (not consistent with epidemiological data) – Very large number of people each receiving small dose can result in “collective dose” (person-rem) that exceeds ICRP risk consequence of 1 cancer fatality per 2000 person-rem of exposure (not consistent with real world observations)
35
Caution Re: Radiological Risk Predictions • While calculated radiation release event probability may be small, unrealistically high consequence estimate results in (unrealistically) high radiation risk prediction – No one died from radiation-induced latent cancer due to TMI accident, despite prediction of large numbers of such deaths – Predictions of very large number of radiation-induced latent cancer deaths due to Chernobyl accident also not realized – Fukushima accident will have similar radiological outcome 36
Risk is Relative
Risk is mostly a relative quantity, which by itself is rather meaningless. A risk value only makes sense when compared to values from other events, or the same event over a different time interval.
37
PRA Observations Based On TMI and Fukushima Accidents • Optimistic with respect to some potential accident probabilities of occurrence (i.e., less frequent occurrence assumed than observed) • Pessimistic with respect to potential accident consequences (i.e., over-estimate latent radiation-induced cancers relative to actual observations) • Safety of high risk systems under uncertain hazardous events, such as earthquake and accompanying tsunami, is significantly complex and defies analytical certainty 38
NRC Safety Goals â&#x20AC;˘
For use in regulatory decisionmaking process 1. Individual members of the public should be provided a level of protection from the consequences of nuclear power plant operation such that individuals bear no significant additional risk to life and health. 2. Societal risks to life and health from nuclear power plant operation should be comparable to or less than the risks of generating electricity by viable competing technologies and should not be a significant addition to other societal risks.
39
NRC Quantitative Health Objectives â&#x20AC;˘
For use in assessing achievement of safety goals 1. The risk to an average individual in the vicinity of a nuclear power plant of prompt fatalities that might result from reactor accidents should not exceed 0.1 percent of the sum of prompt fatality risks resulting from other accidents to which members of the U.S. population are generally exposed. 2. The risk to the population in the area near a nuclear power plant of latent cancer fatalities that might result from nuclear power plant operation should not exceed 0.1 percent of the sum of cancer fatality risks resulting from all other causes. 40
Risk Metrics for Operating Reactors • Core Damage Frequency (CDF) < 10-4 /yr ➢1 event in 10,000 years is surrogate for latent cancer fatalities in Nuclear Regulatory Commission’s quantitative health objective (CDF x 0.1% < 10-7/yr)
• Large Early Release Frequency (LERF) < 10-5 /yr ➢1 event in 100,000 years is surrogate for prompt fatalities in quantitative health objective (LERF x 0.1% < 10-8/yr) 41
Risk Goals for New Reactors • Core Damage Frequency (CDF) < 10-5 /yr
• Large Release Frequency (LRF) < 10-6 /yr
42
Beyond-Design-Basis Accidents • What constitutes “beyond-design-basis” event – Probability driven (extremely low probability of occurrence) – No formalized analysis approach ➢ Understand risk and controls ➢ Assess costs and benefits to mitigate ➢ Assess emergency preparedness ➢ Understand impacts and safety equipment survivability
– Involves successive failures of multiple barriers provided for fission product retention – Has potential to cause serious core damage, including meltdown – Has potential for public harm
43
108
44
Fukushima – Beyond Design Basis? • Design basis tsunami set before 1970 – 5.5 m wave height (actual wave height was ~15 m)
• 1971 design basis – plant met all standards, operating license granted
• 14 tsunamis with fatalities since 1895 – 1896 tsunami had 25 m wave height (at origin), 22,000 fatalities
• 2005 and 2007 earthquakes shook three reactors with beyond-design-basis ground accelerations 45
Beyond-Design-Basis Events: What is Risk to Operating U.S. Nuclear Plants? An Electric Power Research Institute (EPRI) March 2014 report on beyonddesign-basis seismic events for nuclear power plants in the eastern and central U.S. concludes that plant CDFs are between 10-7/yr and 10-4/yr (meets current NRC risk metrics for operating plants)
46
Backup Slides
47
Return
48
Probability vs. Frequency • 1 in 1000 (1x10-3) • 1 in 1,000,000 (1x10-6) • 1 in 500 (2x10-3)
• Once in 1000 years (1x10-3/yr) • Once in 1,000,000 years (1x10-6/yr) • 500 year flood (2x10-3/yr)
49
Relative Rate of Nuclear Industry Safety Events* vs. Risk Levels
* Reactor scrams and unplanned outages
50
Fukushima Tsunami • Tsunami-induced events – Loss of grid power from offsite – Loss of emergency diesel generators
• What were thought to be independent power sources were disabled by same event
51
Fukushima Daiichi NPS
52
53