PRA and RIDM Mit 2019-11-25 Rev. 1 Small

ML19309F616
Person / Time
Issue date:	11/25/2019
From:	Nathan Siu NRC/RES/DRA
To:
Nathan Siu, 301-415-0744, RES/DRA
References
Download: ML19309F616 (70)
v • d • e

Text

1 PRA and Risk-Informed Decisionmaking at the NRC: Status, Challenges, and Future Directions Nathan Siu Senior Technical Adviser for PRA Office of Nuclear Regulatory Research Massachusetts Institute of Technology November 25, 2019

Prelude Risk, PRA, and risk-informed decisionmaking 2

A Common Definition of Risk Risk x 3

Prelude Decision support concerns:

• Purely quantitative

• Average value, equates

- Low-probability/high-consequence

- High-probability/low-consequence

National Transportation Safety Board, 2016.

(http://www.ntsb.gov/investigations/)

Low-Probability/High Consequence vs.

High-Probability/Low Consequence 4

Prelude From Traffic Safety Facts: Research Note, U.S. Dept. of Transportation, 2016.

Adapted from Farmer, F.R.,

Reactor safety and siting: a proposed risk criterion, Nuclear Safety, 8, 539-548(1967).

linear

The Triplet Definition of Risk (Kaplan and Garrick, 1981)*

5 Prelude Risk {si, Ci, pi }

Features

• Vector, not scalar

• Qualitative and quantitative

• Differences across accident spectrum

• What can go wrong?

• What are the consequences?

• How likely is it?

• Adopted by NRC: see White Paper on Risk-informed and Performance-Based Regulation, SECY-98-144, June 22, 1998.

Probabilistic Risk Assessment (PRA)

• Answers the risk triplet questions

- Addresses entire system

- Includes event tree and fault tree analysis

• Supports decisions

- Defined problem

- Realistic

- Practical

- Treats uncertainties 6

Prelude

Risk-Informed Regulatory Decisionmaking Consider risk insights together with other factors 7

Prelude Risk-Informed Risk-Based

8 Remainder of Talk

• PRA at the NRC

• Example Applications

• PRA Pointers/Reminders

• Current Challenges

• Future Directions

• Closing Thoughts Prelude

Key Messages

• Risk is the answer to three questions

- What can go wrong?

- What are the consequences?

- How likely is it?

• NRC uses PRA to support regulatory decision making

- Risk-informed (not risk-based) decisionmaking

- All regulatory functions

• Technical and implementation challenges are spurring research and other activities 9

Prelude

PRA at the NRC How we use risk information and why 10

A PRA Timeline 11 PRA at the NRC 1940 1950 1970 1960 1980 1990 2010 2000 2020 Indian Point IPE/

IPEEE Atomic Energy Act No undue risk Safety Goal Policy PRA Policy Price-Anderson (non-zero risk)

RG 1.174 ASME/ANS PRA Standard Revised Reactor Oversight Level 3 PRA NUREG-1150 WASH-740 Farmer Curve WASH-1400 German Risk Study UKAEA SGHWR NRC created Fukushima Chernobyl TMI EU Stress Tests AEC created Windscale

1995 PRA Policy Statement

• Increase use of PRA technology in all regulatory matters

- Consistent with PRA state-of-the-art

- Complement deterministic approach, support defense-in-depth philosophy

• Benefits:

(1) Considers broader set of potential challenges (2) Helps prioritize challenges (3) Considers broader set of defenses 12 PRA at the NRC

All regulatory matters 13 PRA at the NRC Risk Assessment

Complementing deterministic approach (1) 14 PRA at the NRC 14 Current regulations Defense-in-depth Safety margins Risk Monitoring Integrated Decision Making Adapted from RG 1.174

Complementing deterministic approach (2) 15 PRA at the NRC 15 Other Considerations Current regulations Safety margins Defense-in-depth Performance monitoring

NUREG-2150

And before the immediate decision Note: prior, foundational knowledge:

influences information processing is persistent 16 Regulatory Decision Support Specific Analyses

Methods, Models, Tools, Databases, Standards,

Guidance, Foundational Knowledge Decision Risk-Related Regulatory R&D (R4&D)

PRA at the NRC

PRA Applications Some examples of PRA uses 17

Risk Management - General

• Decisions

- Industry-wide and license-specific

- Operating reactors: applications are voluntary

- New reactors: PRAs required for design certification and licensing

• NUREG-2150: proposal to increase use of risk information 18 Applications

NRC Applications of Risk Information 19 Applications

TVA File Photo Fire Protection (NFPA 805)

Browns Ferry Nuclear Power Plant fire (3/22/75)

Candle ignited foam penetration seal, initiated cable tray fire; water suppression delayed; complicated shutdown Second-most challenging event in U.S. nuclear power plant operating history Spurred changes in requirements and analysis 20 Applications 8.5m 11.5m 3m Adapted from NUREG-0050

Fire Protection (NFPA 805)

Post-Browns Ferry deterministic fire protection (10 CFR Part 50, App R) hour fire barrier, OR

- 20 feet separation with detectors and auto suppression, OR hour fire barrier with detectors and auto suppression Risk-informed, performance-based fire protection (10 CFR 50.48(c), NFPA 805)

- Voluntary alternative to Appendix R

- Deterministic and performance-based elements

- Changes can be made without prior approval; risk must be acceptable 21 Applications From Cline, D.D., et al., Investigation of Twenty-Foot Separation Distance as a Fire Protection Method as Specified in 10 CFR 50, Appendix R, NUREG/CR-3192, 1983.

Changes in Plant Licensing Basis (RG 1.174)

Voluntary changes:

licensee requests, NRC reviews Small risk increases may be acceptable Change requests may be combined Decisions are risk-informed 22 Applications U.S. Nuclear Regulatory Commission, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant Specific Changes to the Licensing Basis, Regulatory Guide 1.174, Revision 3, 2018.

Reactor Oversight Program

• Inspection planning

• Determining significance of findings

- Characterize performance deficiency

- Use review panel (if required)

- Obtain licensee perspective

- Finalize

• Performance indicators 23 Applications CDF < 1E-6 LERF < 1E-7 1E-6 < CDF < 1E-5 1E-7 < LERF < 1E-6 1E-5 < CDF < 1E-4 1E-6 < LERF < 1E-5 CDF > 1E-4 LERF > 1E-5 CDF = Core damage frequency LERF = Large early release frequency

Accident Sequence Precursor Program Program recommended by WASH-1400 review group (1978)

Provides risk-informed view of nuclear plant operating experience

- Conditional core damage probability (events)

- Increase in core damage probability (conditions)

Supported by plant-specific Standardized Plant Analysis Risk models 24 Applications Licensee Event Reports 1969-2018 (No significant precursors since 2002) significant precursor precursor

Keep in mind General PRA pointers and observations 25

0.00 0.10 0.20 0.30 0.40 0.50 0.60 0.70 0

20 40 60 80 100 Probability(T1 t) t (years)

CDF = 5x10-5/ry (100 plants)

CDF = 1x10-4/ry (100 plants)

Core Damage Frequency (CDF) is a metric

• Governing equation

• Key assumptions

- Independent events

- No aging effects

• Clusters > dependence 26 Pointers P N CD events in (0,T) CDF = CDF T N N!

eCDFT 0

0 50 100 150 200 250 300t

P in PRA reflects state of knowledge

• P = Probability

• X = Proposition of concern (e.g., Plant X will have core melt in next 20 years)

• C = Conditions of assessment (e.g., key assumptions)

• H = State of knowledge:

- Includes basic science/engineering, model predictions, empirical data, expert judgment

- Dependent on assessor(s) 27 P{XlC,H}

Pointers

Multiple hazards can be important 28 Pointers

Accident data are sparse

• A good thing but subjectivity is inherent

- Choice of relevant data

- Modeling (whats in, whats out, level of detail)

- Potential biases (personal knowledge, technical discipline focus)

• Need to make sure uncertainties are

- Characterized (considering the views of the informed community)

- Presented in digestible form 29 Pointers

Uncertainties often order of magnitude 30 Pointers

Uncertainties: important input to RIDM 31 9/10, 13:36 EDT Pointers

HRA example: model and user effects 32 Same method, different teams Same team, different methods All teams, all methods NRI, CREAM NRI, DT+ASEP NRC, SPAR-H INL, SPAR-H Pointers A Bye, et al., International HRA Empirical Study, NUREG/IA-0216, August 2011.

HRA example: second iteration 33 Pointers HFE 2A HFE 1C HFE 1A HFE 3A HFE 1B HEPs by HFE (All Methods)

Decreasing difficulty Human Error Probability (HEP) 1.0E+0 1.0E-1 1.0E-2 1.0E-3 1.0E-4 1.0E-5 ASEP Team 1 ASEP Team 2 SPAR-H Team 1 SPAR-H Team 2 CBDT & HCR/ORE Team 1 CBDT & HCR/ORE Team 2 CBDT & HCR/ORE Team 3 ATHEANA Team 1 ATHEANA Team 2 Empirical 95th Percentile Empirical 5th Percentile Adapted from NUREG-2156

Some Challenges Improving the technology and system 34

Example Challenges 35 Challenges Developers Analysts Users Understanding Uncertainties Heterogeneity and aggregation Confidence Other Factors (e.g.,

DID, safety margins)

Stakeholders Time Resources Biases/heuristics Communication Data Bounding/screening Guidance Holes Integration Imagination New science/engineering Operational experience Intended users/applications Computational limits Rewards

New Experiments and Analyses

• High Energy Arc Faults (HEAF) in cabinets

• Aqueous transport of accident-generated wastewater

• State-of-the-Art Consequence Analysis (SOARCA) 36 Challenges

• 600 V

• 40 kA

• 7 seconds

General R&D Challenges Resources Picking right topics Justification given uncertain long-term payoff

- Allowable near term failures?

- Delayed beneficial spin-offs?

37 Challenges

Bounding/Screening

• Needed to focus analysis on important scenarios

• Technical needs

- Fundamental science/engineering

- PRA methods, models, tools, data

- Guidance

• Potential concerns

- Overestimate total risk

- Distort risk profile 38 Challenges

Stakeholder Views Provides strategic direction to advance use of risk-informed decisionmaking Formed October 2013 Public meetings Coordinated working groups

- Technical adequacy (including new methods approval)

- Uncertainty in decision making (including aggregation)

- Credit for mitigating strategies 39 39 Challenges Adapted from RG 1.174 NRC Risk-Informed Steering Committee

Future Directions Near-and longer-term 40

Influencing Factors

• Trends

• Initiatives and policies

- Transformation

- Single failure

• Potential implications for R4&D 41 Future Directions U.S. Nuclear Regulatory Commission, The Dynamic Futures for NRC Mission Areas, 2019. (ML19022A178)

Some key trends

• Increasing economic pressure => increasing drive for RIDM

• Increasing variety of reactor concepts

• Improving analysis technology and expanding data

• Changing staff

• Decreasing R&D budget 42 S. Prescott, et al., 3D Simulation of External Flooding Events for the RISMC Pathway, INL/EXT-15-36773, Idaho National Laboratory, 2015.

Future Directions

43 Initiatives and Policies Future Directions

44 Transformation

• SECY-18-0060: Achieving Modern Risk-Informed Regulation, May 23, 2018 (ML18110A187, withdrawn)

• Applying the Principles of Good Regulation as a Risk-Informed Regulator, October 15, 2019 (ML19260E683)

- Evolving situation (market forces, new technologies, new professionals)

- Vision: make safe use of nuclear technology possible

- Continuing standard: reasonable assurance of adequate protection

- Potentially different ways of achievement - embrace change Future Directions

45 Single Failure SECY-19-0036, April 11, 2019 (ML19060A081): the staff is seeking Commission affirmation that the most damaging single active failure of safety-related equipment is required to be considered in performing design, and transient and accident analyses, unless such a failure can be shown with high confidence to not be credible.

SRM-SECY-19-0036, July 19, 2019 (ML19183A408): In any licensing review or other regulatory decision, the staff should apply risk-informed principles when strict, prescriptive application of deterministic criteria such as the single failure criterion is unnecessary to provide for reasonable assurance of adequate protection of public health and safety.

Future Directions

Potential Future R4&D Near term - support operating reactors Longer-term

- Leveraging results

- Advanced Reactor PRA

- Completeness uncertainties, e.g.,

Errors of commission Passive systems Digital I&C External hazards Security Forward looking

- Advanced PRA methods: dynamic PRA

- AI/Big Data: R4&D applications Operational experience mining Model review tools 46 Future Directions Im worried about the mission, Dave.

Cmon HAL, open the pod bay door

Closing Thoughts Post-Fukushima critiques, key messages, references 47

Post-Fukushima PRA Discussions PRA Critiques PRAs did not predict observed scenario -

failure of imagination Global statistics prove PRAs underestimate risk NRC Perspectives PRAs

- identify and quantify possibilities; do not predict

- look beyond the design basis and past operational experience

- Provide framework to search for failure scenarios Global statistical estimates

- assume exchangeability

- neglect key information needed for regulatory decisionmaking

- can spur examination of models 48 Closing Thoughts

Key Messages

• Risk is the answer to three questions

- What can go wrong?

- What are the consequences?

- How likely is it?

• NRC uses PRA to support regulatory decision making

- Risk-informed (not risk-based) decisionmaking

- All regulatory functions

• Technical and implementation challenges are spurring research and other activities 49 Closing Thoughts

For Further Reading*

USNRC, A Proposed Risk Management Regulatory Framework, NUREG-2150, 2012.

USNRC, Use of Probabilistic Risk Assessment Methods in Nuclear Activities:

Final Policy Statement, Federal Register, Vol. 60, p. 42622 (60 FR 42622),

August 16, 1995.

USNRC, An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant Specific Changes to the Licensing Basis, Regulatory Guide 1.174, Revision 3, 2018.

USNRC, No Undue Risk: Regulating the Safety of Operating Nuclear Power Plants, NUREG/BR-0518, 2014.

USNRC, Probabilistic Risk Assessment and Regulatory Decision Making:

Some Frequently Asked Questions, NUREG-2201, 2016.

Kaplan, S. and B.J. Garrick, On the quantitative definition of risk, Risk Analysis, 1, 11-37(1981).

50 Closing Thoughts

• Most of these references can be found at www.nrc.gov

NRC Information

• Website: www.nrc.gov

• Agencywide Document Access and Management System (ADAMS): https://adams.nrc.gov/wba/

• Jobs (USAJOBS): http://www.nrc.gov/about-nrc/employment/apply.html

• Status of risk-informed activities:

https://www.nrc.gov/about-nrc/regulatory/risk-informed/rpp.html 51

Additional Slides 52

NRC Organization

• Headquarters + 4 Regional Offices

• 5 Commissioners

• ~3100 staff (FY 2019)

• Annual budget ~$910M

• Website: www.nrc.gov

• Information Digest:

NUREG-1350 V31 53

NRC PRA Work and Interactions NRC (HQ and Regions)

- Analysts

- Reviewers

- Policy and decision makers National Laboratories Private Firms Universities Cooperating Organizations

- Other government agencies

- Industry (licensees, owners groups, R&D)

- International (IAEA, OECD/NEA)

Standards Organizations Public

- Industry

- PRA community

- General public 54

NRC Mission The U.S. Nuclear Regulatory Commission licenses and regulates the Nations civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.

- NUREG-1614 (NRC Strategic Plan) 55 The U.S. Nuclear Regulatory Commission licenses and regulates the Nations civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.

- NUREG-1614 (NRC Strategic Plan)

The U.S. Nuclear Regulatory Commission licenses and regulates the Nations civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.

- NUREG-1614 (NRC Strategic Plan)

Regulatory Approach Standard*

Reasonable assurance of adequate protection Principles**

• Independence

• Openness

• Efficiency

• Clarity

• Reliability 56

• When granting, suspending, revoking, or amending licenses or construction permits.

(Atomic Energy Act of 1954, as amended - see NUREG-0980, v1, n7, 2005)

• • NRC Strategic Plan (NUREG-1614, v6, 2014)

57 U.S. Nuclear Power Plants (2019) 97 plants (58 sites) - 65 PWR, 32 BWR, ~19% U.S. total electricity (2017) 12 expected to shut down/not seek license renewal by 2025 Subsequent License Renewal: 6 applications under review Early Site Permits (ESP): 5 issued, 1 (TVA, Clinch River) under review Combined Construction and Operating License (COL): 14 issued, 6 terminated Design Certification (DC): 6 issued, 2 (US-APWR, NuScale) under review

Risk Assessment vs. Risk Management 58 From National Research Council, Understanding Risk: Informing Decisions in a Democratic Society, National Academy Press, 1996.

Why PRA: 1995 PRA Policy Statement

• The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRCs deterministic approach and supports the NRCs traditional defense-in-depth philosophy

• A probabilistic approach extends a traditional, deterministic approach to regulation, by:

(1)Allowing consideration of a broader set of potential challenges to safety, (2)providing a logical means for prioritizing these challenges based on risk significance, and (3)Allowing consideration of a broader set of resources to defend against these challenges.

59 PRA at the NRC

Example Event Tree 60

Example Fault Tree 61

NRC PRA Models and Tools SPAR* Models

79 operating plant models (event tree/fault tree)

4 new reactor plant models SAPHIRE** code

Idaho National Laboratory (NRC-sponsored)

Features to support event and condition analysis 62

• Standardized Plant Analysis Risk

• • Systems Analysis Programs for Hands-on Integrated Reliability Evaluation

Risk-Informed Regulations Backfitting (10 CFR 50.109)

Station blackout protection (10 CFR 50.63)

Maintenance management (10 CFR 50.65)

Combustible gas control (10 CFR 50.44)

Fire protection (10 CFR 50.48)

Reactor pressure vessel protection (10 CFR 50.61a)

Special treatment of structures, systems, and components (10 CFR 50.69)

New reactor certification and licensing (10 CFR 52.47) 63

Risk-Informed Licensing

• Changes in plant licensing basis

• Environmental reviews

• Application of risk-informed regulations 64

Risk-Informed Oversight

• Reactor oversight process

• Incident investigation

• Enforcement discretion 65

Risk-Informed Operational Experience

• Accident precursors

• Emergent issues

• Generic issues 66

67 Data Sources SPAR Models RADS Database CCF Database EPIX MSPI UAs LERs Monthly Operating Reports Fire Events Integrated Data Collection and Coding System Risk-Based Operating Experience Analyses LERSearch ASPDB Mitigating Systems Performance Index Significance Determination Process ASP Program Operating Experience Clearinghouse Inspection Program Industry Trends Program Public (External)

NRC Staff (Internal)

Fire Events Initiating Events Comp. Studies (Parm. Est. + Eng.)

System Studies (SPAR and EPIX)

CCF Parameters Special Studies Tools and Databases Data Collection Industry Trends Support NRC Programs Operating Experience Data

Some Fire-Induced Near Misses 68 Event Summary Description*

Browns Ferry (BWR, 1975)

Multi-unit cable fire; multiple systems lost, spurious component and system operations; makeup from CRD pump Greifswald (VVER, 1975)

Electrical cable fire; station blackout (SBO), loss of all normal core cooling for 5 hours5.787037e-5 days <br />0.00139 hours <br />8.267196e-6 weeks <br />1.9025e-6 months <br />, loss of coolant through valve; recovered through low pressure pumps and cross-tie with Unit 2 Beloyarsk (LWGR, 1978)

Turbine lube oil fire, collapsed turbine building roof, propagated into control building, main control room (MCR) damage, secondary fires; extinguished in 22 hours2.546296e-4 days <br />0.00611 hours <br />3.637566e-5 weeks <br />8.371e-6 months <br />; damage to multiple safety systems and instrumentation.

Armenia (VVER, 1982)

Electrical cable fire (multiple locations), smoke spread to Unit 1 MCR, secondary explosions and fire; SBO (hose streams), loss of instrumentation and reactor control; temporary cable from emergency diesel generator to high pressure pump Chernobyl (RBMK, 1991)

Turbine failure and fire, turbine building roof collapsed; loss of generators, loss of feedwater (direct and indirect causes); makeup from seal water supply Narora (PHWR, 1993)

Turbine failure, explosion and fire, smoke forced abandonment of shared MCR; SBO, loss of instrumentation; shutdown cooling pump energized 17 hours1.967593e-4 days <br />0.00472 hours <br />2.810847e-5 weeks <br />6.4685e-6 months <br /> later

• See NUREG/CR-6738 (2001), IAEA-TECDOC-1421 (2004)

Operational Experience - Blayais 12/27/1999 - Storm during high tide in Gironde River estuary Overtopping of protective dyke Loss of Offsite power (Units 2 and 4) - wind Essential service water (Unit 1, Train A), low head safety injection and containment spray pumps (Units 1 and 2), site access - flooding Site accessibility Papers in 2005 IAEA workshop following Indian Ocean tsunami Presentation at 2010 USNRC Regulatory Information Conference Little notice in PSA community 69 E. De Fraguier, Lessons learned from 1999 Blayais flood:

overview of EDF flood risk management plan, U.S. NRC Regulatory Information Conference, March 11, 2010.

Potential PRA Technology Challenges Revealed by Fukushima*

Extending PRA scope Multiple sources Additional systems Additional organizations Post-accident risk Treating feedback loops Reconsidering intentional conservatism Treating long-duration scenarios Severe accident management Offsite resources Aftershocks Success criteria Improving human reliability analysis Errors of commission Severe accident management Psychological effects Recovery feasibility and time delays Uncertainty in actual status Cumulative effects over long-duration scenarios Crew-to-crew variability Uncertainty in phenomenological codes Increasing emphasis on searching 70

• From Siu, N., et al., PSA Technology Challenges Revealed by the Great East Japan Earthquake, PSAM Topical Conference in Light of the Fukushima Dai-Ichi Accident, Tokyo, Japan, April 15-17, 2013. (ADAMS ML13099A347 and ML13038A203)