The Pilgrim nuclear power plant near Plymouth, Massachusetts has a boiling water reactor similar to the Unit 2 reactor at Fukushima Daiichi. Among the safety systems installed at Pilgrim to cool the reactor core in event of an accident is the high pressure coolant injection (HPCI) system. HPCI uses steam produced by heat from the reactor core to spin a turbine connected to a pump. This pump normally transfers makeup water to the reactor vessel from the condensate storage tank, a large metal tank filled with water (on the right in Figure 1).
Figure 1.
At Pilgrim, a sequence of events automatically starts when sensors detect that the condensate storage tank is nearly empty to make sure that cooling water remains available for the core. First, two closed valves (not shown in the figure) on the pipe to the water-filled containment suppression chamber – also called the torus – open (bottom left in Figure 1). When both valves are fully open, a valve in the pipe from the condensate storage tank closes. This is a “make before break” logic scheme – the new pathway for supplying water to the HPCI pump (i.e., the dotted blue line from the suppression chamber) is made before the old pathway (i.e., the solid blue line from the condensate storage tank) is broken. This automatic sequence allows the HPCI system to maintain cooling water makeup flow to the reactor vessel even as its water source switches.
Low water level in the condensate storage tank triggers this switchover sequence. For years, this trigger was set as being 18 inches or more above the bottom of the tank, as shown in Table 3.2.B from the Pilgrim Nuclear Power Station (PNPS) technical specifications (Figure 2). If the water level dropped lower than that point, the swirling or vortexing of water, like that often seen when water drains from a sink or bathtub, could allow air to be pulled into the piping and carried to the HPCI pump. An air bubble entering the pump could cause the attached turbine to spin faster, perhaps fast enough to literally fly apart.
Figure 2.
In 2006, NRC inspectors recognized that having the setpoint at 18 inches might not adequately protect the HPCI pump from this vortexing situation. In August 2012, the NRC approved a request by Pilgrim’s owner to formally revise Table 3.2.B to specify a new setpoint of 46 inches or higher above the bottom of the tank (Figure 3). This higher setpoint would initiate the switchover sooner and complete it before water level inside the condensate storage tank dropped low enough to endanger HPCI system operation.
Figure 3.
The revised setpoint better protects the HPCI system from damage, which in turn better protects the reactor core from damage.
Our Takeaway
The only bad thing about this safety upgrade was its timing. NRC inspectors identified a problem in 2006 that might cause the HPCI system to fail when it was needed to cool the reactor core during an accident. That safety problem was not fixed until six years later.
What is the appropriate time for correcting this safety problem? Consider the amount of time allowed to fix a problem with the condensate storage tank water level instruments.
Figure 4.
Note 1 to Table 3.2.B (Figure 4) states that “If the first column cannot be met … the system shall be repaired or the reactor shall be placed in the Cold Shutdown Condition within 24 hours…” Column 1 of Table 3.2.B (Figure 3) requires at least two operable condensate storage tank low water level instruments to be operable for each of the two trip systems. The third column of Table 3.2.B requires these instruments be set to trip (i.e., initiate the HPCI source switchover) at 46 inches or higher above the bottom of the tank.
If a worker checked a trip setting and found it to be less than 46 inches, it would have to be fixed promptly or the reactor shut down within 24 hours.
So, the Pilgrim reactor operated for nearly six years with a problem that can only be safety tolerated for up to 24 hours. Six years is more than 2,000 times longer than 24 hours.
Good thing that Pilgrim’s owner and the NRC have safety as their top priority. No telling how long it might have taken to fix this known safety deficiency if safety were their second or third priority.
“Fission Stories” is a weekly feature by Dave Lochbaum. For more information on nuclear power safety, see the nuclear safety section of UCS’s website and our interactive map, the Nuclear Power Information Tracker.