Upload
others
View
5
Download
0
Embed Size (px)
Citation preview
1
PRA R&D at NRC:Selected Topics
N. Siu and J. ChangOffice of Nuclear Regulatory Research
NRC/KAERI Cooperative Research MeetingDaejeon, Korea
October 10, 2016
Topics
• Organizational overview• Site risk assessment• External hazards• HRA• Digital I&C reliability analysis• Emerging issues in PSA• Advanced PSA• Fire PSA
2
PRA at the NRC
3
The who, what, when, where, how, and why
Why PRA: 1995 PRA Policy Statement
• “The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRC’s deterministic approach and supports the NRC’s traditional defense-in-depth philosophy…”
• A probabilistic approach extends a traditional, deterministic approach to regulation, by:(1)Allowing consideration of a broader set of potential
challenges to safety, (2)providing a logical means for prioritizing these challenges
based on risk significance, and (3)Allowing consideration of a broader set of resources to
defend against these challenges.
4
PRA at the NRC
Who/Where: NRC, Contractors, and Others
• NRC (HQ and Regions)– Analysts– Reviewers– Policy and decision makers
• National Laboratories• Private Firms• Universities
– Contracts– Grants– Fellowships
• Cooperating Organizations– Other government agencies– Industry (licensees, owners groups,
R&D)– International (IAEA, OECD/NEA)
• Standards Organizations• Public
– Industry– PRA community– General public
5
PRA at the NRC
NRR
NRO
NSIR
NMSS
RES
Regions
How: Risk-Informed Decision Making (RIDM)
6
PRA at the NRC
6
Adapted from RG 1.174
ChernobylTMI
When: A PRA Timeline
7
1940 1950 19701960 1980 1990 20102000 2020
PRA at the NRC
NUREG-1150
AECcreated
WASH-740
Fukushima
IndianPoint
WASH-1400
NRCcreated
IPE/IPEEE
Atomic Energy Act“No undue risk”
SafetyGoalPolicy
PRAPolicy
Price-Anderson(non-zero risk)
RG 1.174
ASME/ANSPRA Standard
RevisedReactor Oversight
Level 3 PRA
What: NRC Applications of PRA
8
Risk Assessment
Regulations and Guidance
Licensingand
Certification
Oversight
Operational Experience
PRA at the NRC
Fire Protection (“NFPA 805”)• Post-Browns Ferry deterministic fire
protection (10 CFR Part 50, App R)• Risk-informed, performance-based fire
protection (10 CFR 50.48, NFPA 805)– Voluntary alternative to Appendix R– Deterministic and performance-based
elements– Changes can be made without prior
approval of Authority Having Jurisdiction (AHJ)
– Ensure risk is “acceptable” to AHJ– As of January 2016:
• 24 units (16 sites) transitioned• 22 units (13 sites) in process
9
From Cline, D.D., et al., “Investigation of Twenty-Foot Separation Distance as a Fire Protection Method as Specified in 10 CFR 50, Appendix R,” NUREG/CR-3192, 1983.
PRA at the NRC
Changing Plant Licensing Basis (RG 1.174)
• Voluntary changes: licensee requests, NRC reviews
• Small risk increases may be acceptable
• Change requests may be combined
• Decisions are risk-informed
10
U.S. Nuclear Regulatory Commission, “An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant Specific Changes to the Licensing Basis,” Regulatory Guide 1.174, Revision 2, 2011.
PRA at the NRC
Projected Risk-Informed Licensing
• Projected ~60% increase in new risk-informed submittals (FY15/16 to FY17/18)
• Submittals of greatest increase:– Seismic PRA – 50.69 – Risk-informed GSI-191 – Tornado Missile– TSTF-505
11
PRA at the NRC
Reactor Oversight Program
• Inspection planning• Determining significance of findings
– Characterize performance deficiency– Use review panel (if required)– Obtain licensee perspective– Finalize
• Performance indicators
• Non-reactor: Risk-Informed Fuel Cycle Oversight Program (RFCOP) under development
12
∆CDF < 1E-6∆LERF < 1E-7
1E-6 < ∆CDF < 1E-51E-7 < ∆LERF < 1E-6
1E-5 < ∆CDF < 1E-41E-6 < ∆LERF < 1E-5
∆CDF > 1E-4∆LERF > 1E-5
CDF = Core damage frequencyLERF = Large early release frequency
PRA at the NRC
Accident Sequence Precursor Program• Program recommended by WASH-
1400 review group (1978)• Provides risk-informed view of
nuclear plant operating experience– Conditional core damage probability
(events)– Increase in core damage probability
(conditions)• Supported by plant-specific
Standardized Plant Analysis Risk models
13
3(≥ 10-1)
5 (10-2 to 10-1)
26 (10-3 to 10-2)
171 (10-4 to 10-3)
260 (10-5 to 10-4)
316 (10-6 to 10-5)
64,446 Total LERs Reviewed
Licensee Event Reports 1969-2010(No significant precursors since 2002)
significant
PRA at the NRC
Accident Sequence Precursor Program
14
PRA at the NRC
Other Risk-Informed Applications
• Risk Prioritization InitiativeSRM-SECY-15-0050 (ADAMS ML15237A142) - Commission did not approve RPI activities, but supported the consideration of risk insights in regulatory decision-making through existing processes
• DC/COL-ISG-028, “Technical Adequacy of the Advanced Light-Water Reactor Probabilistic Risk Assessment”
Draft for use http://pbadupws.nrc.gov/docs/ML1423/ML14230A111.pdf
• Debris Accumulation on PWR Sump Performance, GI-19150.46c - provision allowing, on a case-by-case basis, licensees to use risk-informed alternatives to address containment debris
15
PRA at the NRC
Day-to-Day Models and Tools• SPAR* Models
− 79 operating plant models (event tree/fault tree)
− 4 new reactor plant models
• SAPHIRE** code− Idaho National Laboratory (NRC-
sponsored)− Features to support event and
condition analysis
16
*Standardized Plant Analysis Risk **Systems Analysis Programs for Hands-on Integrated Reliability Evaluation
PRA at the NRC
Role of NRC R&D
17
Adapted from National Research Council, “World-Class Research and DevelopmentCharacteristics for an Army Research, Development and Engineering Organization,”National Academy Press, Washington, DC, 1996, ISBN 0-309-05589-X.
PROCESSING SYSTEMRECEIVING
SYSTEM
OUTPUT OUTCOMESINPUT
MEASUREMENT AND FEEDBACK
MEASUREMENT AND FEEDBACK
R&D needsResources- People- Funds- Infrastructure- Information
Facts/KnowledgeRecommendationsMethodsModelsToolsDataGuidance
SafetySecurityEnvironment
MEASUREMENTAND FEEDBACK
NRC/RES
ActivitiesTests/experimentsSurveys/reviewsTechnical analysesDevelopment
…
Nuclear:NRC
U.S. IndustryInternational Orgs
Other:U.S. Congress
OGAsTechnical Community
General Public
PoliciesDecisionsActionsInformation
MEASUREMENT AND FEEDBACK
LicensedFacilities
&Activities
Other
THE WORLD
RESPONSES
PRA at the NRC
For Further Reading*• “A Proposed Risk Management Regulatory Framework,” NUREG-2150, 2012.• “Status of the Accident Sequence Precursor Program and the Standardized
Plant Analysis Risk Models,” SECY-15-0124, 2015. • “Annual Update of the Risk-Informed Activities Public Web Site,” SECY-15-
0135, 2015. (http://www.nrc.gov/about-nrc/regulatory/risk-informed/rpp.html)• “Probabilistic Risk Assessment and Regulatory Decision Making: Some
Frequently Asked Questions,” NUREG-2201, 2016.• “Historical Review and Observations of Defense-in-Depth,” NUREG/KM-0009,
2016.• Upcoming CSNI/WGRISK report on PSA use and development.
18*References can be found at www.nrc.gov
PRA at the NRC
Site Risk Assessment
19
Level 3 PRA project overview
20
• Develop a Level 3 PRA generally based on current state of practice that
– reflects technical advances since the last NRC-sponsored Level 3 PRAs – addresses scope considerations not previously considered
• Extract new insights to enhance regulatory decisionmaking and to help focus limited agency resources on issues most directly related to the agency’s mission
• Enhance PRA staff capability and expertise and improve documentation practices
• Demonstrate technical feasibility and evaluate the realistic cost of developing new Level 3 PRAs
Project Objectives
Site Risk Assessment
Project Scope
21
• All major site radiological sources (all reactor cores, spent fuel pools, and dry storage casks).
• All internal and external hazards, all modes of plant operation. Excludes initiating events involving malevolent acts.
• Incorporates improvements in PRA technology and changes in plant operational performance and safety since completion of NUREG-1150
• Single multi-unit site; results in some limits in the general applicability of risk insights
Site Risk Assessment
Vogtle Electric Generating Plant
Technical Approach Philosophy
• Generally based on the current state of practice.• Considers:
1) ASME and ANS PRA standards2) Results of earlier scoping study (SECY-11-0089)3) Interactions with NRC experts4) Input from internal Technical Advisory Group (TAG)
• Peer Reviewed
22
Site Risk Assessment
Other Considerations• Tools and models
– SAPHIRE 8– MELCOR– MACCS2– SPAR– Informed by licensee model
• Risk metrics– Public health effects and offsite economic costs– Core damage frequency and large early release frequency
• Communication plan• Documentation
– Top tier (NUREG report) will be publicly available– Lower tier (interim deliverables) will likely contain proprietary information
23
Site Risk Assessment
Key Elements• Reactor, at-power, Level 1
– Internal events and floods– Internal fires– Seismic events– High winds, external flooding, and
other hazards• Reactor, at-power, Level 2• Reactor, at-power, Level 3• Reactor, low power and shutdown• Spent fuel pool (SFP)• Dry cask storage (DCS)• Integrated site risk
24
Site Risk Assessment
Major Accomplishments
• Completed initial version of model and PWROG-led, ASME/ANS PRA standard-based peer review for eight scope elements:– Reactor, Level 1 PRA for internal events and floods, high winds,
and other hazards– Reactor, Level 2 PRA for internal events and floods– Reactor, Level 3 PRA for internal events and floods
• Completed initial version of reactor, Level 1 PRA for internal fires and seismic events
• Completed initial version of dry cask storage Level 1, 2, and 3 PRA
• Completed expert elicitation for frequency of interfacing systems LOCA
• Completed substantive update of reactor, Level 1 PRA for internal events and internal floods
25
Site Risk Assessment
Other Key Activities
• Based on internal and external feedback, complete substantive updates to the following models:– Reactor, Level 2, internal event and flood PRA– Reactor, Level 3, internal event and flood PRA
• Complete initial models for:– Reactor, LPSD, Level 1, internal event PRA
• Complete revised models for:– Reactor, Level 1, seismic PRA– Reactor, Level 1, internal fire PRA
26
Site Risk Assessment
External Hazards
27
Seismic, flooding, and other hazards
Post-Fukushima Activities
• Most Phase 1 seismic and flooding re-evaluations using current guidance and methods (Stage 1) are complete.
• Licensees assessing plant response to reevaluated hazards (Stage 2) as necessary– Seismic: limited scope assessments or seismic PRA– Flooding: focused evaluations or integrated assessments
(NEI-16-05, as endorsed by JLD-ISG-2016-01)• Other external hazards
– “Assessment of Fukushima Tier 2 Recommendation Related to Evaluation of Natural Hazards Other Than Seismic and Flooding,” SECY-16-0074, June 2, 2016.
28
External Hazards
Related Activities
• PFHA– Workshop (2013, summary: ML13057A642)– Ongoing: PRA analysis of total plant response to
flooding• CSNI Working Group on External Events
(WGEV)• Expert elicitation guidance development (SRM-
COMGEA-11-0001, SRM-SECY-11-0172)
29
External Hazards
Potential Challenges for the Future
• PSA– Multiple, correlated hazards– Multiple mechanisms– Scale of analysis– Regional sources– Multiple units and sites– Human effects– Data (hazard and site)
• Risk-informed decisionmaking– Aggregation– Credit for portable equipment– New methods
30
External Hazards
http://www.mvn.usace.army.mil/Missions/Mississippi-River-Flood-Control/Mississippi-River-Tributaries/Mississippi-Drainage-Basin/
St Lucie – Local Intense Precipitation
• Heavy rainfall January 9, 2014• Reactor Auxiliary Building flooding (some
conduits missing flood seals)– 16:10: Flooding detected– 18:03: Unusual Event (UE) declared– 00:01 January 10: UE terminated
• Potential challenge to ECCS pumps, no actual loss of safety-related accident mitigation or safe shutdown equipment
• Concern: missing flood barriers below design flood height, not identified during flooding walkdowns (NTTF Recommendation 2.3)
• “White” finding(3E-6/yr < ∆CDF < 1E-5/yr)
• LER 335-2014-001
31
External Hazards
St. Lucie Plant
Human Reliability Analysis
32
Current activities, emerging issues
HRA Topics
• NRC-KAERI recent interactions on HRA methods and data
• The IDHEAS HRA method developmental plan• The SACADA simulator data collection• Emerging items
– Minimum Joint HEP– Crediting FLEX equipment in risk-informed applications– HRA guidelines for control room abandonment in fire
events
33
IDHEAS: Integrated Human Event Analysis SystemSACADA: Scenario Authoring, Characterization and Debriefing Application
HRA
Recent NRC-KAERI Interactions
• NRC commented on the KAERI/TR-6401/20161 draft report and received the final report from KAERI.
• KAERI commented on NRC’s IDHEAS-G draft report.• KAERI and NRC co-authored an RESS paper2 on KAERI’s
analysis of Korean NPP simulator records using the SACADA taxonomy.
• NRC (Dr. Chang) visited KAERI in 7/2016 for SACADA outreach.• KAERI invited Dr. Chang to attend the PSAM 13 and the first HRA
Society East Asia chapter meeting. • This technical information exchange meeting.• NRC plans to host an HRA data workshop in the summer of 2017.
Invitations, when available, will include KAERI and KINS.
34
HRA
1KAERI/TR-6401/2016 “A framework to estimate HEPs from the full-scope simulators of NPPs: unsafe act definition, identification and quantification”
2Title:“The use of the SACADA taxonomy to analyze simulator records: insight and suggestions”
IDHEAS Strategic Development Plan
35
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
IDHEAS Strategic Development Plan
36
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
NUREG-2114 “Cognitive Basis for HRA”: • A large psychological literature review to establish the technical
basis and the cognitive framework for the IDHEAS development• A hierarchical cognitive framework
– Macrocognitive functions: Detection, Understanding, Decision-making and planning, Action execution, and Teamwork
– Proximate causes: e.g., cues or information not perceived, and cues or information not attended to
– Mechanisms: e.g., Cue saliency, vigilance, attention, expectation, and working memory
– Performance Influencing Factors (PIFs): e.g., human system interface
IDHEAS Strategic Development Plan
37
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
IDHEAS-G General Methodology:Provides framework and guidance for developing application-specific HRA methods.• Qualitative analysis: expected to be the same for all HRA methods to be
developed, e.g.,– Scenario narrative, event timeline, relevant operating experience,
context analysis, HFE and critical task identification, etc.• Quantitative analysis: provide guidance on HEP quantification and a
Basic Quantification Structure with a basic set of cognitive failure modes and a comprehensive list of PIFs; Application-specific quantification methods can be derived from the Basic Quantification Structure.
IDHEAS Strategic Development Plan
38
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
Empirical Data for IDHEAS-G:Experimental and operational data, nuclear and non-nuclear, about the effects of PIFs on HEPs in psychological literature and other sources.
IDHEAS Strategic Development Plan
39
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
SACADA Data:• Collect licensed operator
simulator training performance data
• Designed to be used by nuclear power plants’ simulator training program for a long term data collection
IDHEAS Strategic Development Plan
40
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
IDHEAS Internal, At-Power Method(NUREG-2199, Vol.1 ):• Jointly developed by NRC and EPRI for
NPP internal events at-power HRA applications
• HEP calculation is based on crew failure modes (CFMs) and PIFs
• The CFMs and PIFs coverage is a sub-set of IDHEAS-G’s CFMs and PIFs.
IDHEAS Strategic Development Plan
41
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
Use of Expert Judgment to Estimate HEPs (NUREG-2199, Vol. 2):• Expert elicitation was used to estimate
the HEPs of the CFMs in the IDHEAS Internal, At-Power method.
• This report documents the expert elicitation process and results
IDHEAS Strategic Development Plan
42
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
Formal Testing of IDHEAS method for internal at-power applications (NUREG-2199, Vol. 3):• Five HRA analyst teams of NRC and
U.S. industry tested the IDHEAS Internal, At-Power method
• This report documents the test process and results.
IDHEAS Strategic Development Plan
43
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
Other Application-Specific HRA Methods:• Priority application is the NRC’s
event and condition analysis application, i.e., the significance determination process and the accident sequence precursor analyses. May include crediting FLEX equipment.
• Other potential applications include spent fuel handling and radiation medical treatments
IDHEAS Strategic Development Plan
44
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
HRA
IDHEAS Software:• To facilitate HRA implementation
and documentation• Based on the IDHEAS-G to provide
“tool sets” and templates, for the HRA method developers to develop the application-specific HRA software for HRA analysts to use.
Schedule
45
HRA
IDHEAS-G(NUREG-2198, Vol.1)
IDHEAS-Internal, At-Power(NUREG-2199, Vol.1)
Use of Expert Judgment to Estimate HEPs
(NUREG-2199, Vol.2)
Formal Method Testing(NUREG-2199, Vol.3)
Users’ Guide(NUREG-2199, Vol.4)
Empirical Data for HEP Estimation(NUREG-2198, Vol.2)
Other Application-Specific HRA Methods
Technical Basis
General Guidance
Application Specific HRA
Methods
SupportingDocuments
SACADA Data for HEP Estimation
IDHEASSoftware
MODEL/METHOD IMPLEMENTATION
Literature Review (NUREG-2114 and others)
Operations experience,Human factors practices,Selected HRA methods
1/2016
9/2016
2017/2018
2017
2017*
2018
2018
2017/2018
Green: Technical work completed; Red: Anticipated technical work completion date;*First focus is on NRC’s Event and Condition Analyses
More About SACADA
• Agreements:– Raw Data: South Texas Project, Halden Reactor Project,
Taiwan Power Company (TPC), and DOE Advanced Test Reactor
– General: KAERI and the ÚJV Řež, a. s.• Recent and planned activities:
– Assist TPC to pilot SACADA (training, Chinese version, and tech support)
– Complete time data collection function– External data analysis: expected to be completed in summer
2017; a workshop in 2017 is planned.– Domestic outreach: Issuing a Regulatory Information Summary
and a poster in the Regulatory Information Conference, 201746
HRA
Minimum Joint HEP (MJHEP)
• Issue: – Some industry PRAs calculate cutsets with multiple
HFEs by directly multiplying their HEPs. This generates extremely low joint HEPs. This could underestimate the actual risk.
– NRC is considering to establish a Minimum JHEP requirement in PRA standards. Inappropriate MJHEP establishment could significantly affect risk assessment results.
• The NRC plans to gain more understanding about MJHEP.
47
HRA
Crediting FLEX Equipment in Risk-Informed Applications
• FLEX equipment provided in response to Mitigating Strategies order (EA-12-049)
• U.S. industry wishes to take credit for FLEX equipment in risk-informed applications
• HRA method to analyze FLEX implementation could be useful
48
HRA
Main Control Room Abandonment in Fire Events• An NRC-EPRI joint project to provide HRA guidelines
supplementing NUREG-1921.• Two-phase development
– Phase I:• MCRA scenario development, including consideration of the decision to
abandon• Human failure event (HFE) definition and identification• Qualitative HRA specific to MCRA scenarios, including consideration of
performance shaping factors (PSFs) and other influences on operator performance
– Phase II: Quantification• Phase I draft report is out for review.
49
HRA
Digital I&C Reliability Analysis
50
Program overview, current activities
Digital I&C R&D for PRA
51
Digital I&C Reliability Analysis
Research Goal:Determine if it is practical and useful to incorporate digital systems into PRAs
Ongoing R&D
• Statistical Testing Method– Use of PRA context to determine operational profile for digital
system (to test system as it is used)– Directly estimate software failure probability using testing
failure data– Completed “black box” testing of nuclear plant control system– See M. Li and K. Coyne, “Risk-Informed Statistical Testing for
Digital I&C Systems,” WGRISK Annual Meeting, March 2016. (ML16069A188)
• Bayesian Belief Network– Use software development environment characteristics (e.g.,
quality attributes) and expert judgment to estimate fault density– Convert fault density to reliability– NUREG/CR in preparation
52
Digital I&C Reliability Analysis
Emerging Issues in PSA
53
Challenges to the technology
Example Challenges
54
Developers
Analysts Users
• Time• Resources• Biases/heuristics• Communication
• Data• Bounding/screening• Guidance• “Holes”• Integration• Imagination
• New science/engineering• Operational experience• Intended users/applications• Computational limits• Rewards
• Understanding• Uncertainties• Heterogeneity and
aggregation• Confidence• Other Factors (e.g.,
DID, safety margins)• Stakeholders
Emerging Issues
New Experiments and Analyses
• High Energy Arc Faults (HEAF) in cabinets• Aqueous transport of accident-generated wastewater• State-of-the-Art Consequence Analysis (SOARCA)
55
Emerging Issues
Operational Experience• 3/11/2011 – Great East Japan Earthquake• Meltdowns at Fukushima Dai-ichi, varying
challenges at Fukushima Dai-ni, Onagawa, Tokai Dai-ni, Higashidori
• PRA technology challenges– Severe external hazards– Human performance– Command and control– Organizational response– Accident-induced environment– Offsite consequences– Searching for failures
• A knowledge management challenge: lessons from past events (e.g., Blayais, 1999)
56
TEPCO photos from “The Yoshida Testimony,” Asahi Shinbun, 2014.
Emerging Issues
Integration of Multiple Disciplines
• Technical domains• Culture
– Language– Accepted methods– Unstated assumptions– Views on uncertainty
• Limited total resources
57
Here be dragonsLoose nuts
Really big mountains
Emerging Issues
Stakeholder Views
• Provides strategic direction to advance use of risk-informed decisionmaking
• Formed October 2013• Public meetings• Coordinated working groups
– Technical adequacy (including new methods approval)
– Uncertainty in decision making (including aggregation)
– Credit for mitigating strategies
5858
Adapted from RG 1.174
NRC Risk-Informed Steering Committee
Emerging Issues
Advanced PRA
59
Methods and tools to help the analyst
Looking Beyond Current Approaches
• Simulation-oriented methods– Discrete dynamic event trees (DDETs)– Direct stochastic simulation
• Information management and utilization– Content analytics– Formal models (e.g., “Open PSA”)
60
Advanced PRA
Discrete Dynamic Event Trees
• Rationale– Retains benefits of dynamic approach
• Context for operator actions• “Natural language” framework for integrated
multidiscliplinary analysis• Reduced need for intermediate modeling
approximations– Discrete scenario format supports understanding
• Diagnostics => confidence, contributors• “Story telling” => actionable lessons
– Leverages principal external activities• NRC-supported activities
– Feasibility study (Sandia)– Event analysis (UCLA)
61
Advanced PRA
ImprovedRealism
Direct Stochastic Simulation
• Rationale– Retains benefits of dynamic approach (as with
DDET)– Literal system representation facilitates user
understanding of conceptual model– Natural approach for many engineering disciplines,
leverages• Current education and training• General purpose software packages• Specialized software for analogous applications
• A current application: vulnerability assessments62
Advanced PRA
Information Management and Utilization
• January 14, 2011: Prime-time “Jeopardy!” demonstration of IBM Watson
• Post-show shifting aims to get at “Big Data”– From oracle to aide– Near-term technology (Content Analytics)
• Alternate vision: intelligent personal assistants– Siri (2011)– Google Now (2012)– Cortana (2014)
63
Advanced PRA
IBM, 2011
Risk Information Characteristics
• Risk triplet (qualitative + quantitative)• Systems viewpoint
– Multiple technical disciplines– Problem scale and complexity (multitude of
scenarios, interacting pieces)– Diverse and implicit sources of information (licensing
basis, operating experience, past analyses, …)• Rare events• Broad user base
64
Advanced PRA
Long-Term Research Program Project:“Advanced Knowledge Engineering Tools to Support Risk-Informed Decision Making”
• ObjectiveAssess feasibility/need for additional NRC effort
• Scope– IBM Content Analytics 2.2 (ICA 2.2)– Selected case studies (“use cases”)– Reduced database (330,000 documents)
• Participants– Subject matter experts– Software engineers
65
Advanced PRA
Technical Approach
• Use Cases (UC)– 1: Multi-unit events (identify and characterize)– 2: Current plant CDFs (find estimates)– E: Database exploration (open-ended “discovery”)
• Process– Specify search problem– Develop customized search tool (facets/keywords)– Test and refine tool– Demonstrate final tool, compare against alternatives
• Informed search• Basic search
66
Advanced PRA
Conclusions
• ICA 2.2 is a human-in-the-loop tool (not a push-button solution)• Subject matter experts must be involved during tool development• For most tests, ICA 2.2 was effective and efficient, and showed some
advantages over alternative methods (ADAMS P8/Public/Enterprise Search, Acrobat, Google, LERSearch)
– Reasonable speed– Helpful interface (contextual text, query construction and saves)– Supports more open-ended explorations
• Useful side-benefits– Early familiarization and use of next generation ADAMS tools– A more powerful and useful LER search tool– Improved knowledge of use case subject matter
67
Advanced PRA
Fire PSA
68
Fire PRA realism, recent experiments
Fire PRA Realism Project*
• Purpose: assess concerns over conservatism and realism of fire PRA potentially affecting– Transitions to NFPA 805– Future risk-informed applications
• Topics explored– Technical maturity– Precursor-based estimation of CDF– Relative contributions to CDF– Qualitative comparisons with operational experience– Technology developments– Applications environment and infrastructure
69
Fire PSA
*See N. Siu, K. Coyne, and N. Melly, “Fire PRA Maturity and Realism: A Technical Evaluation,” technical opinion paper, January 2016. (ML16022A266)
Comparing Fire PRA with Precursors
70
(w/Browns Ferry)
(w/o Browns Ferry)
Fire PSA
Changing CDF Contributions
71
Fire PSA
Fire PRA Maturity and Realism
• Conclusions– Fire PRA is in an intermediate-to-late stage of maturity– Results may be conservative; degree is uncertain– Qualitative results compare well with operational
experience; some specific concerns– Improvements are underway; operational experience
reviews should be used to identify/prioritize– Realism is affected by the pool of trained staff and
analyst attitudes/beliefs (e.g., regarding the use of conservative assumptions to compensate for uncertainties)
72
Fire PSA
Fire R&D: Recent/Upcoming Products
• “Heat Release Rates of Electrical Enclosure Fires (HELEN-FIRE),” NUREG/CR-7197, 2016.
• “Refining And Characterizing Heat Release Rates from Electrical Enclosures During Fire (RACHELLE-FIRE),” NUREG-2178, 2016.
• “Technical Resolution to Outstanding Issues on Nuclear Power Plant Fire-Induced Circuit Failure,” NUREG/CR-7150, Vol. 3, in preparation.
• “Determining the Effectiveness, Limitations, and Operator Response for Very Early Warning Fire Detection Systems in Nuclear Facilities (DELORES-VEWFIRE),” NUREG-2180, draft for comment, 2015.
• “Verification and Validation of Selected Fire Models for Nuclear Power Plant Applications,” NUREG-1824, Supplement 1, draft for comment, 2014.
73
See M. H. Salley, “NRC Fire Research Current Research Activities,” NEI Fire Protection Information, September 12-14, Atlanta, GA. (ML16256A822)
Fire PSA
Response Bias of Electrical Cable Coatings at Fire Conditions (REBECCA-Fire)• Objectives
– Regulatory: provide confirmatory data to support enhancements to NUREG/CR-6850 guidance
– Technical: Determine ignition characteristics, flame spread and electrical performance of electrical cables with fire retardant coating materials
• Small- and intermediate-scale experiments at Sandia and NIST
• Preliminary results (vertical trays)– Flame spread on some uncoated samples, not
on coated samples– Delayed damage time for coated, non-qualified
cables– Some coated, qualified cables may fail earlier
74
Fire PSA
NIST vertical flame spread test configuration
High Energy Arc Faults (HEAF)
• Fire PRA guidance (NUREG/CR-6850, Appendix M) – Based on San Onofre (2001)– Single methodology for 480V and above– Assumes next upstream over-current protection
device will trip open (failed at Robinson, 2010)• OECD-FIRE: 48 out of 415 events (through
mid-2012)• Visible contributor to fire CDF for some plants
75
Fire PSA
Example HEAF Test
76
480V switchgear, 42 kA, 8 secProject information: http://www.oecd-nea.org/jointproj/heaf.html
Test 23 Switchgear IP20 EnclosureOctober 16, 2015• Aluminum bus, low-voltage
pre-test• Immediate ignition of
internal combustible load• Melted inconel plate
thermocouples 3 ft away Aluminum byproducts coated test cell, shorted other electrical components
• No immediate safety concern (ML16064A250)
• Entered into Generic Issue Program (ML16126A091)
77
Before After
Additional Slides
78
NRC Organization
• Headquarters + 4 Regional Offices
• 5 Commissioners• ~3350 staff (FY 2016)• Annual budget ~$1B• Website: www.nrc.gov• Information Digest:
NUREG-1350 V27
79
NRC Mission
“The U.S. Nuclear Regulatory Commission licenses and regulates the Nation’s civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.”
- NUREG-1614 (NRC Strategic Plan)
80
Risk-Informed Regulations• Backfitting (10 CFR 50.109)• Station blackout protection (10 CFR 50.63)• Maintenance management (10 CFR 50.65)• Combustible gas control (10 CFR 50.44)• Fire protection (10 CFR 50.48)• Reactor pressure vessel protection (10 CFR 50.61a)• Special treatment of structures, systems, and components
(10 CFR 50.69)• New reactor certification and licensing (10 CFR 52.47)
81
Risk-Informed Licensing
• Changes in plant licensing basis• Environmental reviews• Application of risk-informed regulations
82
Risk-Informed Oversight
• Reactor oversight process• Incident investigation• Enforcement discretion
83
Risk-Informed Operational Experience
• Accident precursors• Emergent issues• Generic issues
84
85
Data Sources
SPARModels
RADSDatabase
CCFDatabase
EPIX MSPIUAs LERs
Monthly OperatingReports
Fire Events
Integrated Data Collection and Coding System
Risk-Based Operating Experience Analyses
LERSearch
ASPDB
MitigatingSystems
PerformanceIndex
Signif icanceDetermination
Process
ASPProgram
OperatingExperience
Clearinghouse
InspectionProgram
IndustryTrends
Program
Public(External)
NRC Staf f(Internal)
Fire EventsInitiatingEvents
Comp. Studies(Parm. Est. + Eng.)
System Studies(SPAR and EPIX)
CCFParameters
SpecialStudies
Tool
s an
d D
atab
ases
Dat
a C
olle
ctio
nIn
dust
ry T
rend
s Su
ppor
tN
RC
Pro
gram
s
Operating Experience Data
Blayais (12/27/1999)• Storm during high tide in Gironde River
estuary• Overtopping of protective dyke• Loss of
– Offsite power (Units 2 and 4) – wind– Essential service water (Unit 1, Train A), low head
safety injection and containment spray pumps (Units 1 and 2), site access – flooding
– Site accessibility
• Papers in 2005 IAEA workshop following Indian Ocean tsunami
• Presentation at 2010 USNRC Regulatory Information Conference
• Little notice in PSA community
86
E. De Fraguier, “Lessons learned from 1999 Blayais flood: overview of EDF flood risk management plan,” U.S. NRC Regulatory Information Conference, March 11, 2010.
TVA File Photo
Browns Ferry (3/22/1975)• Candle ignited foam
penetration seal, initiated cable tray fire; water suppression delayed; complicated shutdown
• Second-most challenging event in U.S. nuclear power plant operating history
• Spurred changes in requirements and analysis
87
8.5m 11.5m
3m
Adapted from NUREG-0050
Some Fire-Induced “Near Misses”
88
Event Summary Description*Browns Ferry(BWR, 1975)
Multi-unit cable fire; multiple systems lost, spurious component and system operations; makeup from CRD pump
Greifswald(VVER, 1975)
Electrical cable fire; station blackout (SBO), loss of all normal core cooling for 5 hours, loss of coolant through valve; recovered through low pressure pumps and cross-tie with Unit 2
Beloyarsk (LWGR, 1978)
Turbine lube oil fire , collapsed turbine building roof, propagated into control building, main control room (MCR) damage, secondary fires; extinguished in 22 hours; damage to multiple safety systems and instrumentation.
Armenia(VVER, 1982)
Electrical cable fire (multiple locations), smoke spread to Unit 1 MCR, secondary explosions and fire; SBO (hose streams), loss of instrumentation and reactor control; temporary cable from emergency diesel generator to high pressure pump
Chernobyl (RBMK, 1991)
Turbine failure and fire, turbine building roof collapsed; loss of generators, loss of feedwater (direct and indirect causes); makeup from seal water supply
Narora(PHWR, 1993)
Turbine failure, explosion and fire, smoke forced abandonment of shared MCR; SBO, loss of instrumentation; shutdown cooling pump energized 17 hours later
*See NUREG/CR-6738 (2001), IAEA-TECDOC-1421 (2004)
Potential PRA Technology Challenges Revealed by Fukushima*• Extending PRA scope
– Multiple sources– Additional systems– Additional organizations– Post-accident risk
• Treating feedback loops• Reconsidering intentional
conservatism• Treating long-duration scenarios
– Severe accident management– Offsite resources– Aftershocks– Success criteria
• Improving human reliability analysis– Errors of commission– Severe accident management– Psychological effects– Recovery feasibility and time delays– Uncertainty in actual status– Cumulative effects over long-duration
scenarios– Crew-to-crew variability
• Uncertainty in phenomenological codes
• Increasing emphasis on “searching”
89
*From Siu, N., et al., “PSA Technology Challenges Revealed by the Great East Japan Earthquake,” PSAM Topical Conference in Light of the Fukushima Dai-Ichi Accident, Tokyo, Japan, April 15-17, 2013. (ADAMS ML 13099A347 and ML13038A203)
Advanced Topic Projects
• Current– Methodological and Software Enhancements of Dynamic PRA
Platforms for Event Assessment Applications, UCLA– Study of the Implication of Multi-Unit Accidents in the Context of
NRC’s Quantitative Health Objectives, UMD– Severe Accident Management Guideline (SAMG) Validation
within the Context of Severe Accident Uncertainties, OSU• Recent
– Dynamic PRA Scoping Study, 2009 (ML092820446, ML092650237)
– ADS-IDAC/MELCOR coupling, demonstration problem, Sandia/UMD/OSU, 2012 (ML12305A351, ML100810206, ML120300281)
90