the fukushima accident: implications for nuclear...

24
THE FUKUSHIMA ACCIDENT: IMPLICATIONS FOR NUCLEAR SAFETY Edwin Lyman Union of Concerned Scientists May 26, 2011

Upload: truonganh

Post on 19-Nov-2018

215 views

Category:

Documents


0 download

TRANSCRIPT

THE FUKUSHIMA ACCIDENT:IMPLICATIONS FOR NUCLEAR

SAFETY

Edwin LymanUnion of Concerned ScientistsMay 26, 2011

The accident: many unknowns

• Many of the details of the Fukushima Daiichi accident are still unclear; it is difficult to fully understand the implications for nuclear safety at this point

• Questions:– Impact of earthquake– Impact of tsunami– Impact of availability of DC power– Impact of emergency response procedures– Impact of operator actions

Peach Bottom Atomic Power Station Long-term Station Blackout Without Mitigation

General conclusions

• Regulations and procedures must be developed to ensure that a Fukushima-type event does not happen again

• The boundary of “design-basis accidents” must be expanded to include events with multiple, prolonged system failures– Prevention and mitigation of severe accidents and

terrorist attacks must become fundamental regulatory requirements for operating and new reactors

– Safety margins must increase across the board– More rapid response to new information needed

Areas for improvement

• Mitigation procedures (Severe Accident Mitigation Guidelines and “B.5.b”)

• Security• Hydrogen control• Loss-of- coolant accident requirements• Safety requirements for new reactors• Emergency planning

Mitigation procedures (SAMGs and “B.5.b” )

• NRC and industry have asserted that U.S. plants are prepared for a Fukushima-type event:– Severe accident mitigation guidelines (SAMGs)– Post-9/11 procedures to cope with loss of large areas

of a plant due to explosions and fire (B.5.b)• However:

– SAMGs are voluntary industry initiatives and are not subject to inspection or enforcement

– Effectiveness of B.5.b measures to cope with any severe condition is highly questionable

B.5.b guidance

• B.5.b guidance was non-public until recently because of its initial security purpose (mitigating aircraft attack)

• Now-public guidance clearly indicates the limitations of the B.5.b measures:– “… plant conditions evaluated in this guideline are beyond

design basis and outside of the regulatory scope.” – “Equipment associated with the external strategy [e.g. spent fuel

pool makeup] is not to be treated as safety-related equipment. As such, it is not subject to any new special treatment requirements under 10 CFR (e.g. QA, seismic, EQ, etc).”

B.5.b. assumptions

• “…no need to consider additional concurrent events at the site … all plant systems can be considered available … including fire protection systems.”

• “…no need to consider the potential for equipment to be out of service for routine maintenance …

• “Implementation of this strategy is not expected to require extraordinary or heroic actions … dose rates and other accessibility considerations will be addressed at the time of the event …”

• Only a 12-hour fuel and water supply required for emergency coolant pumps

B.5.b implementation

• Post-Fukushima inspections have uncovered many B.5.b implementation issues but most of these are not “violations” of the B.5.b rule because they were consistent with the aforementioned guidance

• Diablo Canyon: – “…several procedures required manual actions in plant locations

that may become inaccessible during some beyond design basis events due to high radiation fields …”

– “…some procedures to cope with beyond design events … relied on the availability of nonseismically qualified sections of the firewater system …”

• Regulatory control of measures to cope with Fukushima-scale events needs to be significantly enhanced

Security• Fukushima demonstrates the vulnerability of light-water

reactors to multiple system failures• Extreme events can be quickly induced by a small team

of saboteurs • Goal of NRC security rules: protect from attack at least

one system needed to prevent core damage• Force-on-force security assessments are graded

depending on whether mock adversary force could cause core damage and significant radiological release– 3 out of 23 sites (13 percent) failed in CY 2009

• NRC staff proposed revising grading system to also consider margin to failure in 2009; it has not done so

Hydrogen control

• In addition to the demonstrated hydrogen control problems at Mark I boiling-water reactors, there is also an issue with Mark IIIs and PWRs with ice-condenser containments

• AC-powered hydrogen igniters required to control hydrogen; high probability of containment failure in station blackout conditions

• NRC decided in 2000 that these plants should be required to have additional backup AC power for igniters

• Rule was never adopted because licensees offered to comply voluntarily; but such compliance is outside of regulatory control

Loss-of-coolant accidents

• NRC and the industry have known for years that its regulations will not protect cladding of high-burnup fuel from embrittlement during a LOCA

• New rule has been proposed but will take many years to finalize and implement

• NRC continues to delay requiring licensees to address the issue pending completion of a voluntary industry initiative intended to show no urgent action is needed

• Yet NRC is pursuing another rule that would further reduce LOCA safety margin

Safety margin: new reactors

• NRC policy does not require (it only “expects”) new reactors to be safer than operating reactors

• As a result, most new designs are not clearly safer than operating reactors, especially if external events (e.g. seismic) are considered – “… calculated risk metrics are likely to increase and

therefore be closer to current plants than being portrayed today.” -- Nuclear Energy Institute, “Risk Metrics for Operating New Reactors, “March 2009.

• NRC does not even require seismic risk to be quantified for either operating or new reactors

Example: AP1000

• The passive AP1000 does not have features to protect against severe accidents such as– safety-related active backup systems – High-pressure resisting containment– Filtered containment vents– Core catcher (like the AREVA EPR has)

• As part of the design certification process, Westinghouse determined that these and other “severe accident mitigation design alternatives” were not cost-effective, based on highly uncertain probabilistic risk assessment results

Emergency planning

• The Fukushima accident has shown that significant contamination and public exposure can occur well beyond the currently mandated 10-mile emergency planning zone

• NRC’s view is that if needed, evacuation and other protective actions (e.g. KI distribution) can be ordered for wider areas

• But without any advance notification and planning, the potential effectiveness of such spontaneous measures is highly uncertain

16

Conclusions

• These examples represent only a sample of the areas where safety margins need to be increased in order to avoid another Fukushima

• Given that mitigation of severe accidents appears to be more challenging than previously thought, more emphasis must be placed on preventing core damage and maintaining containment integrity

Backup slides

GE Mark I Boiling-Water Reactor

Mark I Spent Fuel Pool

Fuel Damage• Without cooling water the fuel rod cladding will

overheat and react with water vapor• Hydrogen gas is released • Zirconium forms brittle oxide

• Within an hour, fuel rod cladding will balloon and rupture

• Rupture releases radioactive gases

Fuel Damage/Core Relocation

• Molten fuel can: – “relocate” or flow to the bottom of

the reactor vessel

– Then melt through the steel reactor vessel

– Then react with concrete floor of containment structure and produce more radioactive gases

• At higher temperature, the fuel pellets will melt• Much greater release of radioactive gases from fuel

Containment Breach

• In severe accidents, containment can be challenged by – Excessive steam pressure– Hydrogen explosion– Failure of penetrations– Liner “melt-through”

• Mark I containment is designed to withstand accidents in which cooling is restored before the core is completely molten

Spent Fuel Pools• Also require AC power for cooling

• Generate much less heat than reactor cores, so may have weeks after loss of cooling before fuel damage occurs

• But rapid loss of cooling water could cause spent fuel to burn and melt