[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: The UCS study on Nuclear Plant Risk Studies
Jim Phelps forwarded to RISKANAL (and someone else, I believe, forwarded to
RADSAFE) the Executive Summary of a Union of Concerned Scientists'
report on the NRC and nuclear utility use of probabalistic risk
assessment techniques. This is an area in which I have worked, both at
the laboratory and with previous employers. I have reviewed the summary
and the report itself, written by UCS's nuclear safety director, David
Lochbaum. I have interspersed comments on the summary and report.
Best regards.
Jim Dukelow
Pacific Northwest National Laboratory
Richland, WA
jim.dukelow@pnl.gov
These comments are mine and have not been reviewed and/or approved by my
management or by the U.S. Department of Energy.
=================
[DOEWatch] NRC Relies on Falsified Safety Studies
Source:
http://www.ucsusa.org/energy/nuc_risk.html
=========================================================
NRC Relies on Falsified Safety Studies
This is the executive summary of the UCS report "Nuclear Plant Risk
Studies: Failing the Grade"
<General JSD comment>: A few months ago, I defended Dave Lochbaum's
technical credentials, in the wake of a four-day tantrum on the RADSAFE
radiation safety mailing list. Sadly, his current report does not
justify my defense of his credentials (a 17-year career as a reactor
operator and shift technical advisor, mostly at TVA). Although he
obviously spent a lot of time looking through the records in the NRC's
Public Document Room, he appears to have started out without much
knowledge of PRA techniques and ended his research in not much better
shape. His full report several times confuses the concepts of event
trees and fault trees, a very basic distinction between the two major
tools used in PRAs. Many of the sources he cites are 20 to 25 years old
and not relevant to the current status of probabilistic risk assessment
or the issue of how it should be used to support regulation. The
report features very selective use of evidence, rather than an attempt
to produce a balance evaluation of the strengths and weaknesses of PRA
techniques. The choice of the phrase "Falsified Safety Studies" in the
title of the UCS press release carries with it connotations of
fraudulent analysis and reporting. The UCS report provides no evidence
of this. It has assertions, with varying quality of evidence, that the
assumptions and methods used in performing nuclear probabalistic risk
assessment are flawed. <End JSD comment>
An accident at a US nuclear power plant could kill more people than were
killed by the atomic bomb dropped on Nagasaki.1 The financial
repercussions could also be catastrophic. The 1986 accident at the
Chernobyl nuclear plant cost the former Soviet Union more than three
times the economical benefits accrued from the operation of every other
Soviet nuclear power plant operated between 1954 and 1990.2
<JSD comment>: The "more people than ... Nagasaki" assertion relies on
roughly 20-year-old analytical results calculated using a computer code
that was superceded almost that long ago. Subsequently, we have had the
experience of the Chernobyl accident, which dispersed more of the
reactor core to the environment than any plausible accident occurring in
U.S. power reactors, all of which have designs not subject to the
failure mechanisms in the Chernobyl accident and all of which have
containment structures designed to, well, contain the consequences of
severe accidents. The short term consequences of Chernobyl do not
begin to approach the short term consequences of the Nagasaki bomb and
there is no reason to believe that the long-term (cancer induction)
consequences of Chernobyl will exceed the long-term consequences of the
Nagasaki bomb, which are well-described by the epidemiological studies
of the Radiation Effects Research Foundation and are much smaller that
the immediate effects of the bomb. Further, the NUREG-1150 PRA study of
severe accident consequences, which evaluates consequences of severe
accidents at five different reactors, does not support the "more than
... Nagasaki" assertion. <End JSD comment>
But consequences alone do not define risk. The probability of an
accident is equally important. When consequences are very high, as they
are from nuclear plant accidents, prudent risk management dictates that
probabilities be kept very low. The Nuclear Regulatory Commission (NRC)
attempts to limit the risk to the public from nuclear plant operation to
less than 1 percent of the risk the public faces from other accidents.
<JSD comment>: The full report has the correct figures for the NRC
Safety Goals. The NRC tries to assure that the risk to the public of an
early fatality resulting from a reactor accident is less than 0.1% or
the risk of accidental death due to other causes. The NRC has a
complementary goal that the risk of a fatal cancer caused by a nuclear
accident should also be less that 0.1% or the risk of developing cancer
due to all other causes.
The comment about consequences and probabilities is certainly true.
This interplay of probability and consequences was the reason the NRC
supported the development in the late 60s and early 70s of probabilistic
risk assessment techniques for application to reactor saftety issues.
This development resulted in the Reactor Safety Study (the Rasmussen
report), completed in 1973. The Commission has continued to support
critical review and development of PRA techniques. <End JSD comment>
The Union of Concerned Scientists (UCS) examined how nuclear plant risk
assessments are performed and how their results are used. We concluded
that the risk assessments are seriously flawed and their results are
being used inappropriately to increase -- not reduce -- the threat to
the American public.
Nuclear plant risk assessments are really not risk assessments because
potential accident consequences are not evaluated. They merely examine
accident probabilities -- only half of the risk equation. Moreover, the
accident probability calculations are seriously flawed. They rely on
assumptions that contradict actual operating experience:
<JSD comment>: The assertion that nuclear plant PRAs look only at
accident probabilities is simply false, and the body of the UCS report
suggests that Lochbaum has read enough of the literature to know that it
is false. There is a sequential structure to nuclear PRAs. The Level 1
PRA evaluates the probabilities of sequences leading to a specific
consequence, serious core damage. If Level 1 PRAs were all that were
done, the UCS comment about merely examining probabilities would be
sort of true. Level 2 PRAs further evaluate the sequences identified
in the Level 1 PRA to estimate releases of radioactivity from the
reactor core to the primary and secondary cooling systems, from the
cooling systems to the reactor containment and the environment, and
from containment to the outside environment. A Level 3 PRA will take
the estimates of probabilities of releases to the environment and
quanities of radionuclides released and combine those with information
about demographics and weather to estimate exposures to the public.
The original Reactor Safety Study consisted of two Level 3 PRAs, one
for a pressurized water reactor and one for a boiling water reactor.
It was followed by a number of additional Level 1 PRAs. During the
80s, the NRC supported the development of 5 Level 3 PRAs that used a
much more detailed and sophisticated modeling of severe accidents and
their public consequences that earlier studies. These studies were
published as NUREG-1150 in the 1987 and subsequently every US reactor
has performed an IPE (Individual Plant Examination) that was either a
full Level 3 PRA or just short of it. These IPEs have been reviewed by
the NRC and by independent reviewers. <End JSD comment>
The risk assessments assume nuclear plants always conform with safety
requirements, yet each year more than a thousand violations are
reported.
<JSD comment>: This is an apparent reference to Licensee Event Reports,
many of which have no relationship to safety issues. The number of LERs
submitted per plant per year has been dropping steadily. The 1996 NRC
Annual Report (the most recent historical table I was able to find in a
brief search) shows a decrease from 26 LERs per plant in 1987 to 12 LERs
per plant in 1996. <End JSD comment>
Plants are assumed to have no design problems even though hundreds are
reported every year.
<JSD comment>: Identification of design weaknesses and errors is a
significant part of the rationale for performing full-scope PRAs. <End
JSD comment>
Aging is assumed to result in no damage, despite evidence that aging
materials killed four workers.
<JSD comment>: The NRC has not attempted to assess the impact of aging
using PRAs, although it has investigated the possibility of
incorporating consideration of component aging into PRAs. The NRC
supported a roughly 10-year, $50 million research program to consider
the impact of aging on all classes of reactor components. Results of
that program support consideration of continued licensing of reactors
and of applications to extend the license past the original 40-year
period.
The four workers referred to above were killed when a pipe on
the non-nuclear side of the Surry plant in Virginia ruptured.
Investigation of that accident resulted in the identification of a
previously unknown failure mechanism, erosion-corrosion, affecting pipe
segments containing mixtures of steam and water. All piping in all
nuclear plants was evaluated and some plants replaced 20-30% of their
secondary-side piping. Erosion-corrosion affects a number of industries
with process piping. It was one of the causes of the accident a couple
of years ago at the Tosco refinery in Martinez, CA that killed four
workers and disabled one. It is probably a candidate cause for the
natural gas pipeline rupture south of Carlsbad, NM a week or so ago
that killed 11 campers. To the best of my knowledge, other industries
have not dealt with their erosion-corrosion issues in the same
comprehensive fashion as the nuclear utilities. Parenthetically, the
nuclear utility industry has one of the best worker safety records of
any "heavy" industry. <End JSD comment>
Reactor pressure vessels are assumed to be fail-proof, even though
embrittlement forced the Yankee Rowe nuclear plant to shut down.
<JSD comment>: The assumption is that the probability of failure is
less than the one in a million per year cut-off for inclusion in a PRA.
Utilities and reactor vendors are not flying blind on this however.
Each reactor contains a number of small metal "coupons", consisting of
the same metals as the reactor vessel and positioned at the midline of
the vessel where radiation levels are highest. Each time the reactor is
refueled, some of the coupons are removed and tested for embrittlement.
My understanding is that the cost of annealing the Yankee Rowe reactor
vessel (which essentially "repairs" the embrittlement), combined with
other needed repairs, when balanced against the value of continuing to
operate an old and small reactor, did not justify keeping it in
operation. <End JSD comment>
The risk assessments assume that plant workers are far less likely to
make mistakes than actual operating experience demonstrates.
<JSD comment>: I don't believe this to be the case. I was one of the
authors of a paper, published in the December 1997 issue of Risk
Analysis, Conservatism of the Accident Sequence Evaluation Program HRA
Procedure, by B.F. Gore et al., which used results of reactor operator
requalification exams to validate the methods used to estimate operator
error probabilities for use in PRAs. <End JSD comment>
The risk assessments consider only the threat from damage to the reactor
core despite the fact that irradiated fuel in the spent fuel pools
represents a serious health hazard. The results from these unrealistic
calculations are therefore overly optimistic.
<JSD comment>: The NRC has used PRA techniques to investigate the risks
associated with potential spent fuel pool accidents. This class of
accidents have not been part of the reactor PRAs, but neither have they
been ignored. <End JSD comment>
Furthermore, the NRC requires plant owners to perform the calculations,
but fails to establish minimum standards for the accident probability
calculations. Thus, the reported probabilities vary widely for virtually
identical plant designs. Four case studies clearly illustrate the
problem:
<JSD comment>: There is **some** justification for these remarks. The
NRC has sponsored quite a bit of research aimed at standardizing PRA
techniques, but they have not compelled the various groups performing
PRAs to adhere to any particular standard. This is similar to the
reactor standardization issue. The NRC has allowed the five reactor
vendors and 10 or so architect engineer firms and the 50 or so nuclear
utilities to design, build, and operate a bewildering array of different
designs. By contrast, France has a single reactor vendor and a single
utility and just a few different reactor designs, those representing a
refinement of the original design over time. France gets something on
the order of 70% or their electricity from nuclear and has had a
generally good operating record. France is also a smaller country with
a history of administrative centralization. Interestingly, one of the
consequences of deregulation in the electrical utility industry is that
operation of nuclear power plants is tending to become concentrated in
the hands of some of the larger and more competent nuclear utilities.
<End JSD comment>
The Wolf Creek plant in Kansas and the Callaway plant in Missouri were
built as identical twins, sharing the same standardized Westinghouse
design. But some events at Callaway are reported to be 10 to 20 times
more likely to lead to reactor core damage than the same events at Wolf
Creek.
The Indian Point 2 and 3 plants share the same Westinghouse design and
sit side by side in New York, but are operated by different owners. On
paper, Indian Point 3 is more than 25 percent more likely to experience
an accident than her sister plant.
The Sequoyah and Watts Bar nuclear plants in Tennessee share the same
Westinghouse design. Both are operated by the same owner. The newer
plant, Watts Bar, was originally calculated to be about 13 times more
likely to have an accident than her sister plant. After some
recalculations, Watts Bar is now only twice as likely to have an
accident.
<JSD comment>: Here in the Executive Summary and in the Full Report
Lochbaum implies sinister intent and results to a re-analysis that
reduces the calculated risk. Anyone familiar with design analysis will
be aware of the trade-off between the accuracy of the analysis and the
cost of analysis. If a simple, conservative analysis is sufficient to
verify the adequacy or the safety of the design, well and good. If
not, then perhaps a more realistic, less conservative, and more than
coincidentally, more expensive design analysis will be performed.
Sometimes the design itself will be modified to eliminate the need for
more involved analysis. <End JSD comment>
Nuclear plants designed by General Electric are equipped with a backup
system to shut down the reactor in case the normal system of control
rods fails. On paper, that backup system is highly reliable. Actual
experience, however, shows that it has not been nearly as reliable as
the risk assessments claim. To make matters worse, the NRC is allowing
plant owners to further increase risks by cutting back on tests and
inspections of safety equipment. The NRC approves these reductions based
on the results from incomplete and inaccurate accident probability
assessments.
<JSD comment>: There are a couple of issues here. The backup control
system floods the reactor coolant system with borated water. Since it
is the backup to a fairly high reliability control rod system, and is
only required to function when that system fails, the overall plant
risk is not very sensitive to the reliability assumed (or demonstrated)
for the backup system. One of the systems for which the NRC has
allowed (and even encouraged) reduction in test frequency is the
emergency diesel generators used in many plants to provide emergency
electrical power in situations where off-site power is lost due to
weather events, etc. The rationale for reduced test frequency is that
the fairly stressful monthly testing regime was demonstrated to be the
major cause of wear and failure in these diesels. <End JSD comment>
UCS recommends that the NRC immediately stop cutting safety margins and
postpone any further cuts until the faults in the probability
assessments are corrected. The US Congress must provide the NRC with the
budget it needs to restore the safety margins at America's nuclear power
plants.
<JSD comment>: I disagree that the NRC has been cutting safety margins
but agree that they have been starved for funding by a Congress
essentially hostile to the very idea of government regulation. The
last time I visited (a few years ago) NRC staff, they were getting
pretty frazzled from the work load.
In a situation in which most of the risk of nuclear reactors is
hypothetical (that is, the risk is mostly in accident sequences that
can be imagined, but which have never occurred), UCS is recommending
that the best tool for assessing those risks and making decisions about
what to inspect, what to regulate and how much, what systems and
operational practices to modify and how, and where to spend research
dollars, not be used because it isn't perfect yet.
The NRC adoption of risk-based regulation can hardly be described as
rash or hasty -- they have been considering the implications of PRA for
25 years and are only now adopting a fairly consistent risk-based
approach to regulation, even though they funded the initial and much of
the subsequent development. <End JSD comment>
1 US House of Representatives, Committee on Interior and Insular Affairs
Subcommittee on Oversight & Investigations, "Calculation of Reactor
Accident Consequences (CRAC2) for US Nuclear Power Plants (Health
Effects and Costs) Conditional on an 'SST1' Release," November 1, 1982;
and Nuclear Regulatory Commission, "A Safety and Regulatory Assessment
of Generic BWR and PWR Permanently Shutdown Nuclear Power Plants,"
NUREG/CR-6451, Washington, D.C., August 1997.
2 Richard L. Hudson, "Cost of Chernobyl Nuclear Disaster Soars in New
Study," Wall Street Journal, March 29, 1990.
UNION OF CONCERNED SCIENTISTS
2 Brattle Square
Cambridge, MA 02238
617-547-5552
************************************************************************
The RADSAFE Frequently Asked Questions list, archives and subscription
information can be accessed at http://www.ehs.uiuc.edu/~rad/radsafe.html