Fission Stories #38: Diablo Canyon Wasn’t There Yet

May 3, 2011 | 4:00 am
Dave Lochbaum
Former Contributor

Perhaps due to the genetic code, children may begin asking “Are we there yet” before the car has even exited the driveway for a journey to the beach, the zoo, or grandma’s house. Children are more interested in the destination then the travel needed to get there.

The NRC sanctioned the owner of the Diablo Canyon nuclear plant near San Luis Obispo, California last year for having been more interested in the travel than in the destination. “The end justifies the means” becomes moot when the end is not reached.

In October 2009, workers at Diablo Canyon conducted a test of the emergency core cooling system (ECCS) for the Unit 2 reactor. The test failed when valves that must open to allow cooling water flow to the reactor and the containment building failed to do so.

If a pipe breaks that drains water from the reactor vessel containing the reactor core, the initial ECCS response has pumps transfer makeup water from a large outdoor tank. About 30 minutes later before the tank empties of water, motor-operated valves close to stop the transfer of water from the tank. Other motor-operated valves open to allow the ECCS pumps to transfer water from the containment sump to the reactor vessel. The containment sump is a concrete pit in the basement of the containment building housing the reactor vessel. If a pipe breaks, gravity will carry the water pouring from its broken ends down to the containment sump.

The sequencing and timing of these valve movements is extremely important. When the valves are open at the wrong time, the ECCS pumps can send water to the wrong places. To guard against such outcomes, applicable ECCS valves are electrically interlocked to prevent them from opening or closing unless conditions are right for their movement.

In February 2008, workers changed the gear ratios in the motors for a pair of ECCS valves. Under certain conditions, these motors would not develop sufficient torque to move the valves against the water pressures inside the piping. The new gear ratios enabled the motors to exert adequate force to ensure the valves would move under all design conditions.

With the new gear ratios in place, workers timed how long it took the valves to move from the fully closed position to the fully open position. Safety studies assumed that the valves would travel this distance in 25 seconds or less. But the new gear ratios slowed down the valves and the tests timed them at over 25 seconds. To solve this problem, an engineer simply changed the points at which the valves were considered fully open and fully closed. Instead of having to travel 15.5 inches as the old positions required, the revised positions only required the valves to travel 13.8 inches. The valves were able to travel this shortened distance within 25 seconds.

Eighteen months later, this pair of valves caused the ECCS test to fail. The shortened travel distance for these valves prevented them from reaching the old fully open position that, when reached, triggered the interlock signals that enabled other valves to move.

For 18 months, Diablo Canyon Unit 2 operated with an ECCS that would have worked in event of an accident, but only for a little while. So, the public was protected from an accident at the plant during these 18 months, unless an accident had occurred.

The NRC sanctioned the plant’s owner for improperly evaluating the implications from the shortened travel distance for the pair of valves and for failing to adequately test the system after the modification.

Our Takeaway

The problem that workers sought to fix in February 2008 was that the ECCS might not work under certain infrequently expected but not impossible conditions. Their fix to that problem changed the situation to one  where the ECCS would not work under most conditions.

It is very easy to narrow one’s focus to only the problem at hand and, by doing so, completely miss the fact its solution creates even larger problems. Decades ago, the NRC issued a regulation, specifically 10 CFR 50.59, that requires workers to answer a handful of questions intended to protect against a positive change having unforeseen larger adverse consequences. Part of the NRC’s sanctions in this case was for workers doing an awful job of answering those questions.

“Fission Stories” is a weekly feature by Dave Lochbaum. For more information on nuclear power safety, see the nuclear safety section of UCS’s website and our interactive map, the Nuclear Power Information Tracker.