THE FUKUSHIMA ACCIDENT: IMPLICATIONS FOR NUCLEAR SAFETY Edwin Lyman Union of Concerned Scientists May 26, 2011
The accident: many unknowns Many of the details of the Fukushima Daiichi accident are still unclear; it is difficult to fully understand the implications for nuclear safety at this point Questions: Impact of earthquake Impact of tsunami Impact of availability of DC power Impact of emergency response procedures Impact of operator actions
Peach Bottom Atomic Power Station Long-term Station Blackout Without Mitigation
General conclusions Regulations and procedures must be developed to ensure that a Fukushima-type event does not happen again The boundary of design-basis accidents must be expanded to include events with multiple, prolonged system failures Prevention and mitigation of severe accidents and terrorist attacks must become fundamental regulatory requirements for operating and new reactors Safety margins must increase across the board More rapid response to new information needed
Areas for improvement Mitigation procedures (Severe Accident Mitigation Guidelines and B.5.b ) Security Hydrogen control Loss-of- coolant accident requirements Safety requirements for new reactors Emergency planning
Mitigation procedures (SAMGs and B.5.b ) NRC and industry have asserted that U.S. plants are prepared for a Fukushima-type event: Severe accident mitigation guidelines (SAMGs) Post-9/11 procedures to cope with loss of large areas of a plant due to explosions and fire (B.5.b) However: SAMGs are voluntary industry initiatives and are not subject to inspection or enforcement Effectiveness of B.5.b measures to cope with any severe condition is highly questionable
B.5.b guidance B.5.b guidance was non-public until recently because of its initial security purpose (mitigating aircraft attack) Now-public guidance clearly indicates the limitations of the B.5.b measures: plant conditions evaluated in this guideline are beyond design basis and outside of the regulatory scope. Equipment associated with the external strategy [e.g. spent fuel pool makeup] is not to be treated as safety-related equipment. As such, it is not subject to any new special treatment requirements under 10 CFR (e.g. QA, seismic, EQ, etc).
B.5.b. assumptions no need to consider additional concurrent events at the site all plant systems can be considered available including fire protection systems. no need to consider the potential for equipment to be out of service for routine maintenance Implementation of this strategy is not expected to require extraordinary or heroic actions dose rates and other accessibility considerations will be addressed at the time of the event Only a 12-hour fuel and water supply required for emergency coolant pumps
B.5.b implementation Post-Fukushima inspections have uncovered many B.5.b implementation issues but most of these are not violations of the B.5.b rule because they were consistent with the aforementioned guidance Diablo Canyon: several procedures required manual actions in plant locations that may become inaccessible during some beyond design basis events due to high radiation fields some procedures to cope with beyond design events relied on the availability of nonseismically qualified sections of the firewater system Regulatory control of measures to cope with Fukushimascale events needs to be significantly enhanced
Security Fukushima demonstrates the vulnerability of light-water reactors to multiple system failures Extreme events can be quickly induced by a small team of saboteurs Goal of NRC security rules: protect from attack at least one system needed to prevent core damage Force-on-force security assessments are graded depending on whether mock adversary force could cause core damage and significant radiological release 3 out of 23 sites (13 percent) failed in CY 2009 NRC staff proposed revising grading system to also consider margin to failure in 2009; it has not done so
Hydrogen control In addition to the demonstrated hydrogen control problems at Mark I boiling-water reactors, there is also an issue with Mark IIIs and PWRs with ice-condenser containments AC-powered hydrogen igniters required to control hydrogen; high probability of containment failure in station blackout conditions NRC decided in 2000 that these plants should be required to have additional backup AC power for igniters Rule was never adopted because licensees offered to comply voluntarily; but such compliance is outside of regulatory control
Loss-of-coolant accidents NRC and the industry have known for years that its regulations will not protect cladding of highburnup fuel from embrittlement during a LOCA New rule has been proposed but will take many years to finalize and implement NRC continues to delay requiring licensees to address the issue pending completion of a voluntary industry initiative intended to show no urgent action is needed Yet NRC is pursuing another rule that would further reduce LOCA safety margin
Safety margin: new reactors NRC policy does not require (it only expects ) new reactors to be safer than operating reactors As a result, most new designs are not clearly safer than operating reactors, especially if external events (e.g. seismic) are considered calculated risk metrics are likely to increase and therefore be closer to current plants than being portrayed today. -- Nuclear Energy Institute, Risk Metrics for Operating New Reactors, March 2009. NRC does not even require seismic risk to be quantified for either operating or new reactors
Example: AP1000 The passive AP1000 does not have features to protect against severe accidents such as safety-related active backup systems High-pressure resisting containment Filtered containment vents Core catcher (like the AREVA EPR has) As part of the design certification process, Westinghouse determined that these and other severe accident mitigation design alternatives were not cost-effective, based on highly uncertain probabilistic risk assessment results
Emergency planning The Fukushima accident has shown that significant contamination and public exposure can occur well beyond the currently mandated 10-mile emergency planning zone NRC s view is that if needed, evacuation and other protective actions (e.g. KI distribution) can be ordered for wider areas But without any advance notification and planning, the potential effectiveness of such spontaneous measures is highly uncertain
16
Conclusions These examples represent only a sample of the areas where safety margins need to be increased in order to avoid another Fukushima Given that mitigation of severe accidents appears to be more challenging than previously thought, more emphasis must be placed on preventing core damage and maintaining containment integrity
Backup slides
GE Mark I Boiling-Water Reactor
Mark I Spent Fuel Pool
Fuel Damage Without cooling water the fuel rod cladding will overheat and react with water vapor Hydrogen gas is released Zirconium forms brittle oxide Within an hour, fuel rod cladding will balloon and rupture Rupture releases radioactive gases
Fuel Damage/Core Relocation At higher temperature, the fuel pellets will melt Much greater release of radioactive gases from fuel Molten fuel can: relocate or flow to the bottom of the reactor vessel Then melt through the steel reactor vessel Then react with concrete floor of containment structure and produce more radioactive gases
Containment Breach Mark I containment is designed to withstand accidents in which cooling is restored before the core is completely molten In severe accidents, containment can be challenged by Excessive steam pressure Hydrogen explosion Failure of penetrations Liner melt-through
Spent Fuel Pools Also require AC power for cooling Generate much less heat than reactor cores, so may have weeks after loss of cooling before fuel damage occurs But rapid loss of cooling water could cause spent fuel to burn and melt