Fire Safety–or Not?

, director, Nuclear Safety Project | January 7, 2014, 6:00 am EST
Bookmark and Share

Nuclear Energy Activist Toolkit  #21

By NRC’s regulations, safety systems for the nation’s nuclear plants are designed to perform their intended functions despite the worst-case postulated single failure. “Single failure” is defined in the regulations:

A single failure means an occurrence which results in the loss of capability of a component to perform its intended safety functions. Multiple failures resulting from a single occurrence are considered to be a single failure. Fluid and electric systems are considered to be designed against an assumed single failure if neither (1) a single failure of any active component (assuming passive components function properly) nor (2) a single failure of a passive component (assuming active components function properly), results in a loss of the capability of the system to perform its safety functions.

“Multiple failures resulting from a single occurrence” include things like all components supplied from an emergency diesel generator stopping when that emergency diesel generator fails.

This single failure criterion leads to redundancy—when safety studies rely on one pump to perform some essential role, two or more are installed. Redundancy assures that the role gets performed even if a pump fails.

In boiling water reactors, the High Pressure Coolant Injection (HPCI) system is installed to provide makeup cooling water to the reactor if a small pipe ruptures and drains away cooling water. The HPCI system has only one pump that is very reliable, but not immune to failure. So, the Automatic Depressurization System (ADS) was added to boiling water reactor designs to satisfy the single failure criterion. If the HPCI system fails, the ADS will automatically reduce the pressure inside the reactor vessel to allow an array of low pressure makeup systems to supply cooling water to the reactor vessel.

But fires at nuclear power plants are treated differently within NRC’s regulations:

Shutdown systems installed to ensure post-fire shutdown capability need not be designed to meet seismic Category I criteria, single failure criteria, or other design basis accident criteria, except where required for other reasons, e.g., because of interface with or impact on existing safety systems, or because of adverse valve actions due to fire damage.

In other words, when developing protective measures against nuclear plant fires, designers did not have to postulate equipment failures except for damage directly caused by the fire itself. When fire studies rely on one pump to handle the fire, only one pump need be installed.

Bottom Line

NEAT 21 Figure 1The first step in procedures used by operators responding to an accident at a nuclear power plant should be to start a fire (or to start a barbeque at the plants in the southeast). Doing so would prevent any and all worker errors or equipment malfunctions from making the consequences worse. At least on paper it would.

For some reason, equipment that must be assumed to fail during an accident is assumed to function flawlessly during a fire.

And if owners installed an eternal flame at their nuclear power plants, they’d have immunity from equipment failures. They wouldn’t need a second emergency diesel generator or Automatic Depressurization System—they’d have a fire which is even better than the multitude of backup safety components.

At least on paper. Burn the paper, protect a reactor.


The UCS Nuclear Energy Activist Toolkit (NEAT) is a series of post intended to help citizens understand nuclear technology and the Nuclear Regulatory Commission’s processes for overseeing nuclear plant safety.

Posted in: Activist Toolkit Tags: , ,

Support from UCS members make work like this possible. Will you join us? Help UCS advance independent science for a healthy environment and a safer world.

Show Comments

Comment Policy

UCS welcomes comments that foster civil conversation and debate. To help maintain a healthy, respectful discussion, please focus comments on the issues, topics, and facts at hand, and refrain from personal attacks. Posts that are commercial, obscene, rude or disruptive will be removed.

Please note that comments are open for two weeks following each blog post. When commenting, you must use your real name. Valid email addresses are required. (UCS respects your privacy; we will not display, lend, or sell your email address for any reason.)

  • Joyce Agresta

    Here again you expect to much of the NRC and Nuclear Power Plant owners. We all know they are still pretending. Here’s how it works in the real world..Fire responsibility is pretty much deferred to local fire departments ”outside agency’s.” In many cases this is a little rural volunteer Fire department. Often these first responders have little training and old out-dated equipment. Our hero’s are never mentioned in the NRC incident reports. A recent example Event Number: 49618 # Arkansas One Fire on 12/09/2013. It was indeed the local Volunteer Fire Department that came to the rescue to put that fire out. New London Volunteer Fire Department. Its no secret,there is no veil of high tech classified protection as implied. We have unpaid untrained under valued good citizens serving the publics best interest driving one horse fire engines to prevent Nuclear Disasters. That as good as the Fire Safety plan gets. Saftey or not ? There surely could be some improvment. Perhaps the owners should atleast purchase the unpaind fire fighters some better equipment some traing might even be a good idea an extra water bucket they really should do a little something. Good Grief! “Big Brother” Send in the clowns.

  • Elizabeth B. Gerlach

    Training of, and adequate equipment for, a functioning firefighting group should be required for any nuclear power production facility.