Disaster by Design/Safety by Intent #14
Disaster by Design
Disaster by Design/Safety by Intent #13 described the cost-beneficial safety upgrades identified, but not implemented, by the owner of the Indian Point nuclear plant upwind and upriver of New York City and its millions of inhabitants.
The commentary mentioned that the Nuclear Regulatory Commission’s regulations required the owner to perform the analysis, called the Severe Accident Mitigation Alternatives (SAMA) analysis, but not to implement cost-beneficial safety upgrades. As stupid and irresponsible as that sounds, it is the case as shown—in black & white—of the NRC’s evaluation of cost-beneficial safety upgrades for the two boiling water reactors at the Dresden nuclear plant upwind of Chicago and its millions of inhabitants (Fig. 1).
Dresden’s owner started with 265 SAMA candidates and determined 255 were not applicable to Dresden’s reactors, had already been implemented, or had costs that clearly outweighed any potential benefits. The owner examined the remaining 10 candidates and concluded that none was cost-beneficial.
The NRC reviewed the owner’s SAMA evaluation. The NRC questioned the owner’s cost-benefit analyses and concluded that two of the ten SAMA candidates had benefits greater than their costs. But, as shown above, the NRC did not require either cost-beneficial safety upgrade to be implemented because neither prevented or mitigated aging-related degradation. They only protected people in event of an accident, that’s all.
Cost-Beneficial Safety Upgrade #1
One of the cost-beneficial safety upgrades involved developing procedures (and associated training) to allow workers to use a safety system on Unit 2 to spray cooling water inside the Unit 1 containment building during an accident, or vice-versa. In boiling water reactors like Dresden, the containment has three cooling systems. The system that cools containment during normal reactor operation may not be available during an accident. Its equipment is not designed to withstand the temperature, pressure, and radiation conditions that are likely to exist during an accident. And the motors for its equipment cannot be powered if the offsite electrical grid is not available.
The backup system uses safety equipment designed to operate in the harsh environment during an accident and powered from the onsite emergency diesel generators. This backup system is highly reliable, but not infallible.
The backup to this backup features a safety pump powered from the emergency diesel generator that sprays water from carwash-styled nozzles mounted on the containment’s ceiling and upper walls. The artificial rain cools the containment’s atmosphere if the primary and backup cooling systems have failed.
The backup to the backup’s backup would have enabled workers to use safety equipment from the reactor not experiencing an accident to provide the containment spray flow. No additional pipes, valves, pumps, and controls would have to be installed. This safety upgrade only required procedures to be revised to guide workers through this task. The cost of developing this procedures was estimated to be $50,000. The estimated benefit from the revised procedures was $345,000.
Cost-Beneficial Safety Upgrade #2
The second cost-beneficial safety upgrade also involved developing procedures to provide workers with additional options for responding to an accident. The boiling water reactors at Dresden have Mark I containments like those on Fukushima Units 1 to 3 (the reactors that melted down). Mark I containment feature two primary parts: a drywell and wetwell. The wetwell contains over 2 million gallons of water that serves as an “energy sponge” during an accident, absorbing decay heat from the reactor core. The wetwell also serves as a source of water for emergency pumps providing makeup water to the reactor vessel. When this “energy sponge” becomes saturated (i.e., when the temperature of the water nears the boiling point), the emergency pumps may not work well. They are designed to move water around, not push boiling water or steam around.
The proposed procedure changes would have guided workers to opening and closing valves in existing pipes to connect the emergency pumps to a large storage tank of water onsite. Instead of risking damage to the pumps from the wetwell’s hot water, this safety upgrade would substitute the cooler water inside the storage tank. This safety upgrade was estimated to cost $25,000.
Two Safety Downgrades
The two safety upgrades were collectively estimated to cost $75,000.
The two safety downgrades were considerably cheaper.
Guess the outcome—safety, or savings?
Safety by Intent
The NRC contends that its license renewal regulations require owners to evaluate whether the benefits from candidate safety upgrades would out-weigh their costs, but do not require owners to implement cost-beneficial safety upgrades unless they prevent or mitigate aging-related degradation.
The NRC is clearly establishing an unassailable insanity plea should their contention ever wind up in court.
The nuclear industry and its purport regulator claim they place safety first.
But when both pass on cost-beneficial safety upgrades for the flimsiest of reasons, they could not more clearly show that they place financial safety first. Public health and safety is, at best, in second place.
UCS’s Disaster by Design/ Safety by Intent series of blog posts is intended to help readers understand how a seemingly unrelated assortment of minor problems can coalesce to cause disaster and how effective defense-in-depth can lessen both the number of pre-existing problems and the chances they team up.