ML20072M324
Text
.
'~
i gg 4g i
NUCLEAR SAFETY: AN OVERVIEW OF ITS EFFECTIVENESS AND EFFICIENCY Herschel Specter New York Power Authority 123 Main Street White Plains, New York 10601 914-681 6994 l
I i
l l
2 l
4 1
Gi i
9409010273 940629 l
PDR COMPfS NRCC j
CORRESPONDENCE PDR l
t
ABSTRACT This paper identifies why the nuclear community has been very effective in achieving low
~~
risks.
It argues that it is now important to become more efficient in achieving these low risks. A three phased pilot program is described, using the James A. FitzPatrick PRA as the reference document, to bring about greater efficiency through risk-based regulation. Should this occur the public would be doubly served:
safety would be enhanced and the costs of producing nuclear generated electricity would be lowered.
INTRODUCTION I would like to talk today about effectiveness and the efficiensy in achieving nuclear safety. After severol decades. of operating commercial nuclear power plants in the U. S.,'the designers, operators, and regulators of nuclear power plants can say, with justification, that they have been very effective in achieving very low public risks.
EFFECTIVENESS The virtual absence of public health consequences or offsite property damage from these plants is the strongest testimony. Even
]
~
when the severe TMI accident occurred, offsite consequences were quite limited.
In addition to this outstanding track record, safety research has provided us with improved analytical tools and greater insights. We have witnessed a remarkable development in probabilistic risk assessment (FRA) technology over the last 15 to 20 years.
l This powerful methodology for quantifying i
nuclear risks has alter.dy been applied to many j
plants. Although plant designs and site i
characteristics differed, the overall PRA
)
results were similar, i.e., all studies to date
)
i i
I l
1 1
i k
4 l
I j
4 showed very low public health risks. Today we have embarked on a major effort.to develop a PRA for every plant in the country. Our goal is to reduce risks by identifying and correcting " risk outliers".
These same studies will also advance severe accident management, thereby further lowering risks.
We now know that our containments are much stronger than thought before. We've also learned much about source term technology.
Here nature is generally quite helpful.
Natural chemical and physical processes mitigate the amount of radioactive material that might enter the environment during a severe accident.
Source terms today are e
generally smaller than the values assumed years ago. Thus the forces of nature supplement engineered safety features and operator actions to keep nuclear risks low.
In addition to all these sophisticated PRA, containment, and source term analyses, we can demonstrate that nuclear risks are low just by applying some elementary observations. All nuclear power plants would meet the NRC's early fatality safety goal, provided that they use 1
the simple, yet highly effective graded emergency response, as described in the NUMARC report, NESP-005.
Putting aside the low l
probability of a severe release, this NUMARC
)
report points out that even at highly populated sites and even assuming releases more severe j
than Chernobyl's, Itaited consequences, approaching zero early fatalities, are i
achievable. Both NRC and industry studies show that prompt evacuation of the inner 2 to 3 miles near a nuclear plant and later relocation i
of downwind sheltered people out a few more miles prevents virtually all early fatalities, j
in spite of dire releases.
Many U.S. sites only have about 14 of their Emergency Planning l
Zone (EPZ) populations within 2 miles of their plants so they are already essentially
" pre-evacuated".
For these sites the first 2
i l
i i
2_
1
f i
phase of ths graded responsa has largely been accomplishad. Applying the "gradad response" to severe accidents assures that the NRC's early fatality safety goal would be met.
We can also be confident that all nuclear power plants meet the NRC's latent fatality safety goal. To exceed this goal would require asgverereleasefrequencygreaterthanabout 10' /RY. After about 1500 reactor-years of operation in the United States without a severe j
l release, one can estimate that the national l
age severe release frequency is well below aveg/RY.
It is unlikely that a specific 10~
plant would have a severe release frequency much Ir.rger than the national average. This conclusion is also borne out by all PRA results to date.
Therefore application of simple, highly effective emergency responses coupled with an appreciation of many reactor-years of consequence-free operation is enou5 _ to h
conclude that the-NRC's early and latent health risk safety goals'are or can be comfortably met.
Operating experience, FRA studies, containment analyses, source term technology and the elementary observations-described above all point to the same thing - the larger nuclear community has been very effective in minimizing nuclear risks. We must continue to be vigilant, nuclear risks are not zero - but they are very low.
EFFICIENCY While we can claim that we have been very affective in minimizing nuclear risks, what can we say about how efficient we have been in achieving this desireable condition? Very little, indeed!
If Quality Assurance (QA) i requirements. were being introduced today, would they pass the backfit rule? Where is the definitive logic that identifies one plant feature as being safety-related and another as not? Wouldn't it be m major revelation if we found that operator training was 100 times more cost effective in reducing risks than many other regulatory processes?
We all have a stake in learning how to become more efficient while maintaining low nuclear risks. For the plant operator more efficient ways to keep risks low can sharply reduce burgeoning 0&M costs while protecting the company's investment in the plant. For both the regulator and the operator, more i
efficiency can lead to greater safety. Safety 1
~
l 4
is enhanced whsn risk'significant activities are clearly idsntified, rather than :::sintaining j
an undifferentiated mix of risk-significant and l
risk-insignificant processes which can divert attention and resources from truly important 4
l issues.
i How, then, do we achieve this grea -t efficiency? Three major things must be done:
1.
We need.to identify which systems, components, and structures are important to safety, l
2.
We must determine'which regulatory processes are truly effective in reducing risks, and 3.
We need an overall regulatory framework that establishes performance goals that must be complied with, l
To realize the above three objectives would require evolving out of many of the deterministic based regulations established 20 or so years ago to risk-based regulation utilizing modern technology. This can be done.
We can identify which systems, components, cnd structures are important to safety by ranking them with a PRA-based technology called importance weighting.
Importance weighting techniques have been known for years and with modest improvements would soon be suitable for separating the risk important plant features from the unimportant ones.
Determining which regulatory processes are truly effective is a more challenging, but doabletask. Again PRA-based techniques are useful.
First, though, we would exsmine our cxtensive data base on equipment unavailability.
If the unavailabiliti,es,o.f_.
j commercial items, such as valves and pumps, Trs' s,tatistically similar to essentially the came equipment that have had one or more regulatory practices (e.g., quality assurance, testing, inspection) applied to them, then little has been gained by such regulatory offorts. We also want to examine if the regulatory processes applied to risk important plant features are effective in reducing the frequency of their dominant failure modes.
PRA's help in identifying these dominant failure modes. Regulatory efforts applied to non-dominant failur3 modes would not be risk
~~significant unless the absence of such regulatory efforts causes a non-dominant failure mode to become a dominant one.
If the present extensive data base cannot meet our k
i 4
needs, it ecy bs necessary to construct careful experisents to eassure tha effectivensss of specific regulatory processes.
In addition to using our data base to sort i~
out which regulatory processes are useful, analytical techniques can be valuable. For example, suppose one takes a PRA and perturbs it,by assigning a much higher unavailability rate to all the active components than the data would suggest. If the new PRA results do not
{
vary too much from the base PRA analysis, we 1
would have learned a valuable lesson. This sensitivity study would indicate that many of
}
the regulatory processes aimed at reducing the j
active component unavailabilities have limited risk significance. This may well be the case since some FRA analysts believe that riska are largely datermined by common cause events, human errors, and the impacts of the initiatin5 events. A number is PRA based sensitivity studies, like the one above, have been identified which can shed light on the value of various regulatory processes.
Once the most risk important systems, components and structures have been identified, then only those regulatory processes that are effective in reducing their unavailabilities would be applied to them. Thus the most effective regulatory processes would be applied to the most risk significant plant features.
]
If we do no more than separate the risk i
important plant features from the unimportant ones and then only apply effective regulatory processes to them, we would make great strides in becoming more efficient. However, to achieve our full potential we need to create an overall regulatory framework.
The lack of sp.ec.ific saf[ety_ performance,
h l
.5~oals is somew at akin to tryin5 to so ve a complex mathematica b quation missing a boundary condition.
In such cases solutions oscillate. 'The regulatory process.can oscillate too.
People have argued back and forth over the years about whether or not some plant features are safety-related. This may not be resolvable until definitive safety performance goals are established. Once specific safety performance goals.re established we not only decide how safe is
" safe enough", we resolve the long term irritation of which plant features are safety-related. Those plant features and procedures that are needed to meet the safety performance goals are safety-related. All other plant features and procedures would then be classified as not being safety-related and 5
_- - ~ - - -
I high scandard commarcial practices would apply 1
to chas. A number of ovsrall safety j
performance 8oals have been suggested over the as limiting severe releases to less years,sueg/RY.
M 1.
than lx10" Establishing these overall j
safety performance goals may be every bit as important as the specific goals themselves.
I
~
i personallyfavorusingaag/RYandtheNRC's an core melt frequency criterion of 10" i
early and latent fatality health safety goals, with some margins for uncertainties, as the overall safety performance goals for present operating plants.. These safety performance j
goals would address offsite severe accident l
concerns. Other regulations dealing with onsite normal operations, such as implementing j
the AIAIA principle, plant security, the j
handling and storage of nuclear fuel and j
radioactive wastes, and routine releases to the environment, would supplement severe accident j
based regulations.
j A PIIDT PROGRAM
)
The time to embark on this transformation i
is now.
The NRC Commissioners and the ACRS l
have called for risk-based decision-making, j
such as in the areas of technical l
specifications and maintenance.
For the first time ever, each nuclear power plant in the United States will soon have its own PRA. A l
cooperative spirit exists between uhe NRC staff j
and the nuclear industry to attempt this worthwhile task.
i L
1 j
.Towards this goal the New Yorc Power i
Authority (NYPA) has developed a draft document-l titled, " RISK-BASED REGULATION" which proposes a pilot program to help guide this transition.
l A copy of this draft document was informally submitted to the NRC in early April, 1991.
l Assuming that NYPA's participation in this j-effort is within reasonable company resources.
we are committed to do our part. This proposed 1
i pilot program is divided into three phases.
During phase one it is proposed to use NYPA's i
j level 2 PRA on the James A. FitzPatrick plant as the reference document upon which risk based i
regulation would be. developed. Tasks on i
methodology development and data base analysis j
would be launched in phase one.
Phase two would include efforts on risk-based technical j
specifications and maintenance. During phase two a new task, establishment of an overall regulatory framework, would be initiated, L.
Phase three would include the completion of the overall regulatory framework task and the reclassification of JAF systems, components, and structures into safety-related and j
not-safety related categories.
b
Thrcughout this pilot program a number of PRA based activities wsuld bs idsntified wherein regulatory requirements on some plant features would be modified.
In each case these modifications would lead to a " win win" situation; nuclear risks would decrease as well as operating burdens. The NYPA draft document provides specific examples of " win-win" situations. With the help of the NRC and industry members this NYPA working document could be further developed to become the " road map" that many of us are looking for.
SUMMARY
In summary, we have the potential to bring about significant changes in the regulation of nuclear power, to evolve from the deterministic criteria established 20 or so years ago by applying modern technology. To do this would require both technological and institutional advances. Achieving the technological advances is anticipated to be, by 8
far, the easier task.
Yet, if all this could be accomplished-there would be a healthier nuclear industry, licensees would be "rewardad" for being proactive on safety, NRC activities would be optimized, and the public would be well served with safer and less expensive nuclear power.
~1