Fission Stories #142: Fort Calhoun and the Flawed Safety Net

July 23, 2013
Dave Lochbaum
Former contributor

The Fort Calhoun nuclear plant in Nebraska has been shut down for over two years while an army of workers corrects decades of nuclear neglect. The owner recently informed the NRC about its latest “discovery.”

Fort Calhoun features a pressurized water reactor (PWR) manufactured by Combustion Engineering. Its safety injection system was installed to prevent reactor core damage if postulated accidents were to occur. The safety injection system has three high-pressure safety injection (HPSI) pumps, two low-pressure safety injection (LPSI) pumps, and four safety injection tanks called accumulators.

If a leak drains cooling water from the reactor vessel, the safety injection system supplies water to make up for the inventory loss. Initially, water from the accumulators flows into the reactor vessel. The HPSI and LPSI pumps are normally off while in standby mode. If they start up, the safety injection system begins transferring water from external storage tanks into the reactor vessel.

If the leak is small, like through a broken one-inch diameter pipe connecting an instrument to the reactor vessel to monitor the pressure inside, cooling water is lost but the reactor vessel pressure remains fairly high. The HPSI pumps are designed to handle this situation.

If the leak is larger, like through a broken 8-inch diameter pipe, the rapid loss of water inventory also reduces the pressure inside the reactor vessel. The LPSI pumps are designed for this scenario.

The safety injection system is also designed to supply borated water to the reactor vessel in case the reactor cooling water experienced rapid cooling with one control element assembly stuck fully withdrawn from the reactor core. The boron in this makeup water would absorb neutrons to help prevent a nuclear chain reaction and reactor core damage.

The HPSI pumps are centrifugal pumps. Electric motors turn the pump shafts and spin their impellers. The spinning impeller blades push water through the piping attached to the pumps similar to how spinning fan blade move air.

In March 1991, the HPSI pump vendor sent a letter to the plant’s owner stating that the pumps should not be operated with flow rates above 425 gallons per minute for longer than one hour. The vendor indicated that higher flow rates caused accelerated wear and tear of the internal parts of the pump leading to failure of the pumps.

Workers had revised emergency procedures in December 1990 that directed operators to run the HPSI pumps at full capacity until specific criteria were satisfied. Had an accident occurred, those procedures could have caused the HPSI pumps to operate at greater than 425 gallons per minute for longer than an hour.

Making this bad situation worse, workers modified the control logic for the containment spray pumps to prevent them from automatically starting in event of an accident. This change meant that the HPSI pumps would be required to operate for a longer period of time during an accident, prolonging the length of time they operated above 425 gallons per minute and further increasing the likelihood they would become damaged when used.

Workers did not catch the fact that emergency procedures would have directed operators to essentially break vital emergency equipment until early 2013 when engineers reviewed the HPSI pump calculations while preparing a related modification to the plant. Once noticed, steps were taken to operate safety equipment in conformance with rather than contrary to vendor manual specifications.

Our Takeaway

Life is all about trial and error. You jump off a roof with a blanket tied around your neck trying to emulate Superman only to break a leg to learn proper respect for heights.

You operate a pump at too high a flow rate only to watch it shake itself apart to learn proper respect for maximum operating performance.

Having learned lessons the hard way, it behooves you to stop jumping off roofs and operating pumps above known performance limits.

But for over two decades the procedures at Fort Calhoun would have abused rather than used the HPSI pumps.

How can that mistake have been missed by so many people for so many years?

In October 1996 after it was discovered that the Millstone nuclear plant had been operating for many years outside its design boundaries, the NRC wrote to all other plant owners – including that for Fort Calhoun – requiring them to make sure their plants were not like Millstone.

Guess what?

The key difference between Fort Calhoun today and Millstone then is that one is in Nebraska and the other in Connecticut. Both had many, many serious design flaws that were neglected for many, many years. Neither was acceptable, but the one happening nearly 20 years after the first is even less acceptable.

What was the NRC doing, or not doing, at Fort Calhoun the past two decades? More than a dozen safety problems have been recently identified at the plant (see Fission Stories #120 for more detail). Most existed at the plant for many years before being discovered. How could the NRC inspectors have failed to miss all these problems for all these years?

When one has a defective assembly line, it’s irresponsible to only fix a limited handful of deficient products. One must fix the assembly line, too. Apparent the NRC is not asking the owner why it failed to identify these safety problems sooner and is not asking itself why its oversight process also failed to catch even one of these many safety problems.

Perhaps it’s time for the NRC to send more letters to plant owners requiring them to now explain why their plants are not like Fort Calhoun.