Plato’s Perspective on Nuclear Power Plant Problems

, former director, Nuclear Safety Project | December 15, 2015, 6:00 am EST
Bookmark and Share

Disaster by Design: Safety by Intent #11

Disaster by Design

PWR Containment Sump Problem

In September 1996, the Nuclear Regulatory Commission (NRC) initiated Generic Safety Issue 191 (GSI-191). The safety concern to be addressed by GSI-191 involved the postulated rupture of a pipe inside the containment of a pressurized water reactor (PWRs) that was connected to the reactor vessel. If such a pipe broke, reactor cooling water would pour out from both broken ends. Because the pressure inside the reactor vessel is over 2,000 pounds per square inch, the water would jet out at high velocity, rapidly emptying the reactor vessel of the water needed to protect the reactor core from overheating damage.

PWRs are designed to cope with such a postulated accident. They employ an array of standby emergency systems that automatically start up and begin refilling the reactor vessel with water to protect the reactor core. Before the storage tanks holding the makeup water used by these emergency systems empty, the emergency systems switch over into what is called recirculation mode—the pumps draw water from concrete collection pits, called sumps, in the containment’s basement and supply it to the reactor vessel. The water cools the reactor core and then leaks from the broken pipe into containment where it drains down into the sump for re-use.

The NRC initiated GSI-191 to resolve a glitch in this game plan. The high velocity water jetting from the broken pipe ends scours insulation off piping, coatings off equipment, and even paint off walls. The water then carries some of the debris it created with it down into the containment sumps. Depending on the size and amount of debris entering the sump, the supply to the pumps or the pumps themselves could become clogged, preventing adequate flow of makeup cooling water to the reactor.

GSI-191 sought to resolve this matter by lessening the amount of debris arriving in the containment sump and providing better protection for the pumps from the debris. The former could be achieved by using insulation, coatings, and paint that could better withstanding the high pressure washing it might experience and would come apart in larger pieces that water would have trouble carrying into the sump. The latter could be achieved by replacing the existing mesh screens protecting the emergency pumps with larger ones that took far more debris to block.

The NRC justified the multiple years it expected necessary to resolve this safety problems afflicting 69 of the 104 reactors then operating in the U.S. on grounds that other regulatory requirements made it very unlikely that a pipe would break and exploit the pre-existing safety system impairment.

 PWR Control Rod Drive Mechanism Nozzle Problem

In August 2001, the NRC issued Bulletin 2001-01 to PWR owners mandating that they take steps to resolve an emerging safety issue. That spring, workers at the Oconee nuclear plant in South Carolina found through-wall cracks in the vertical metal tubes (called control rod drive mechanism nozzles) passing through the Unit 3 reactor vessel head that allow the control rods inside the reactor core to be connected to, and manipulated by, the drive mechanisms. The cracks allowed cooling water to leak from the reactor vessel. The small size of the cracks only enabled a small amount (less than one gallon per minute) of cooling water to leak out, but the NRC mandated that PWR owners take steps to ensure that any cracks in their CRDM nozzles were found and fixed before causing larger reactor cooling water leaks.

The NRC allowed PWRs to operate for months to longer than a year until their CRDM nozzles were inspected for cracking. The NRC justified the many months that reactors would operate with this potential safety impairment on grounds that other regulatory requirements required highly reliable emergency makeup systems that could more than compensate for cooling water lost through even a large leak.

Davis-Besse Doubling Down

(Source: NRC)

Fig. 1 (Source: NRC)

Davis-Besse is a PWR that operated with both the containment sump and CRDM nozzle impairments until 2002. Fig. 1 looks down at a portion cut out and removed from the reactor vessel head at Davis-Besse. It shows the circular hole where the 4-inch diameter CRDM nozzle penetrated through the head. It also shows the tear-shaped erosion of the 6-inch thick reactor vessel head by high pressure water leaking from the cracked CRDM nozzle over an estimated 6-year period. The silver material at the bottom of the cavity is the quarter-inch thick layer of stainless steel coating the inside surface of the reactor vessel head. Researchers at the Oak Ridge National Laboratory estimated that the slowly widening cavity would have gotten big enough in as little as two more months of reactor operation to cause that stainless steel coating to break, rapidly releasing the reactor water into containment. The NRC fined the owner a record (so far) $5.45 million for this safety faux pas.

At the same time, the owner had applied improper paint and coatings to equipment and structures inside containment. The improper materials were susceptible to being dislodged by high velocity water (like that jetting from a gaping hole in the reactor vessel head) and transported down into the containment sump to block the flow of water to the emergency makeup pumps. The NRC issued a yellow finding, the second most serious of its four color-coded sanction levels) to the owner for this safety infraction.

Safety by Intent

Centuries ago, Plato commented that necessity was the mother of invention.

So, what does a dead Greek philosopher’s musings have to do with nuclear power plant problems?

Plato essentially foresaw that nuclear power plant problems would be identified before their solutions.

Identification of a problem creates the need to invent its solution. Most often, that invention entails selecting the most appropriate among several available, off-the-shelf solutions. On rare occasions, it involves developing a new solution or modifying an existing solution to a new application.

In any case, there’s a lag between the identification of a nuclear plant problem and the selection and implementation of its solution.

How is safety ensured during that lag time before the solution to an identified problem is implemented?

In the cases outlined above, the NRC justified allowing Davis-Besse to continue operating with a known safety problem based on the low likelihood of an accident exploiting the impairment or on the high likelihood of a backup system mitigating the severity of an accident.

Had either safety problem existed only by itself, the NRC’s rationale would have been sound. The defense-in-depth approach to nuclear safety provides multiple barriers between challenge and catastrophe. When a problem is found in one barrier, the remaining barriers provide protection. This protection enables the reactor to operate safely while the faulty barrier is fixed.

But the NRC made its decisions in isolation, failing to consider whether other unresolved problems degraded other barriers. By analogy, I know from experience that I can survive a bee sting, and can survive three stings around the same time. But I do not know, and do not wish to find out, whether I can wrestle a hive from a tree and risk lots of stings.

The NRC must stop making safety decisions in isolation. Its decision-making process must consider all risk factors, including other unresolved safety problems.

For example, suppose a safety problem is identified that applies to Reactor A and Reactor B. That problem has the same risk for both reactors.

Suppose that Reactor A has no other unresolved safety problems while Reactor B has more than a dozen other unresolved safety problems.

Judged solely on the basis of the specific problem, the NRC’s decision about safety until a solution is implemented would be the same for both reactors. After all, the risk of that problem is the same for both reactors.

Judged on the basis of the bigger picture of the entire inventory of known problems, the NRC’s decision about safety until a solution is implemented could easily be different for Reactor A than for Reactor B. The NRC might very well require a faster resolution time for the problem at Reactor B or might require additional compensatory measures for Reactor B until the problem gets resolved.

The NRC must consider all known safety factors in making its decisions. It’s wicked hard to connect-the-dots to see the full picture when one only examines a single dot.

By the way, it’s too bad Plato is dead. I’ve always wondered about who was the father of invention.


UCS’s Disaster by Design/ Safety by Intent series of blog posts is intended to help readers understand how a seemingly unrelated assortment of minor problems can coalesce to cause disaster and how effective defense-in-depth can lessen both the number of pre-existing problems and the chances they team up.

Posted in: Disaster by Design, Nuclear Power Safety Tags: , , , ,

Support from UCS members make work like this possible. Will you join us? Help UCS advance independent science for a healthy environment and a safer world.

Show Comments

Comment Policy

UCS welcomes comments that foster civil conversation and debate. To help maintain a healthy, respectful discussion, please focus comments on the issues, topics, and facts at hand, and refrain from personal attacks. Posts that are commercial, self-promotional, obscene, rude, or disruptive will be removed.

Please note that comments are open for two weeks following each blog post. UCS respects your privacy and will not display, lend, or sell your email address for any reason.

  • Atoms4Peace1

    We have to be very careful not to go back to a post-TMI racheting culture that would see needless “solutions” to low risk safety issues required to be implemented to assure adequate protection to the public. The state of the art in “predictive failure” is grounded in the science and analysis of “probabilistic risk assessment”. This requires the construction and evaluation of “fault trees” or event trees where the single failure propagates up the tree branches to arrive at the worst case scenario. Once the event sequence for the worst case is identified, then the evaluation for common mode failure can be determined. It might be that the cut set (the maximum likelihood event path) would be identified as 1e-9/yr and acceptable. However when the 1e-12/yr tsunami+earthquake+other events occurs, then people cry “nuclear is unsafe”. All engineering carries a bar. Its called “constraints”. Without constraints, infinite safety would require infinite costs. Regulators are operating in a “risk informed” culture. This culture requires evaluation of many contributing features to arrive at a “graded approach”. That is in laymans terms, to take care of those events one deems more likely to cause catastropic failure and dire consequences. If the likelihood of such an event is in the noise, then the risk (likelihood*consequences) might appear acceptable, however the consequences are always in the public mind regardless of likelihood. Nasim Taleb called these events “Black Swans”. THey might have likelihoods in the 1e-80 range (1/number of stars in the universe), but are nevertheless non-zero. How close to zero does nuclear have to be in order to be an “acceptable” risk?

    • Doug

      If a coal-powered boiler fails and explodes, it takes out a building. Then you rebuild it. A dam fails, it takes out a few towns, maybe a city. Then you rebuild them. Not to mention the 10’s to thousands of lives lost in each case.
      We’ve already seen what happens when a nuclear reactor fails. You don’t get to clean it up and rebuild it. Nobody gets to live within a hundred miles for a thousand years. Back when we thought it was a “small likelihood” just one failure was too much. Now we’ve seen several actually fail.

      • Atoms4Peace1

        We have seen what happens when a nuclear reactor exolodes. It adds 0.0001% more radiation than whats already in the world. No one has died. You cant project deaths either.

        • Doug

          Another straw man argument. That is like the Global Warming deniers saying “we’ve only raised the temperature 1 degree, nobody has died”. Yet it has, and not much more of an increase will kill many more.
          The radiation around Fukishma and Chernobyl is very high and yes it has killed thousands.

        • Doug

          Remind me how much Russia and Japan have spent *so far* containing and decontaminating just those two level 7 events?

          • Atoms4Peace1

            A drop in the bucket compared to carbon savings to the planet. Antinukes losing traction. Cop21 exposed their dipshitery. More coal.

          • DougDoug

            Ah, I see you’ve bought into the “low CO2” claim. Yet those claims don’t take into account the massive amounts of concrete used (lots of embedded energy to make it), and all the fuel used for years to build the plants, the fuel used for years to mine the fuel, then later to store it when it is depleted, and the fuel needed for decades to decontaminate and then demolish the plant. Plus the month or so each year each plant is offline for maintenance instead of actively producing energy.

          • Atoms4Peace1

            Im talking about the byproducts of the Ranking cycle. There is a carbon footprint to all construction. Having been on a nuclear construction site and other construction sites, all efforts to build with raw materials takes energy. Nuclear construction projects on sites with multiple operating reactors are more likely to be powered by nuclear.

          • DougDoug

            Wow, you really missed what I said in my post. The embodied energy of concrete is far higher than other building products. Nuclear reactors aren’t like regular power plants or skyscrapers, they require far more concrete. As for the construction, mining and decommissioning, that is all borne by diesel fuel and gasoline. You can’t run the concrete trucks, dump trucks and excavators on nuclear power.

          • Atoms4Peace1

            I helped build major pwr reactors with 6 ft thick containment. I understand containment concrete construction. After the iron work, its just a very large . I was there. Where were you? Dont bs me. BTW containment is the reason TMI had no radiation deaths and allowed people to work safely at unit 1 the past 40 years. So that lady at Nuclear Hot Seat that says she survived TMI (of course she did!) can stuff it up her ****.

          • DougDoug

            By the way, it is “Rankine cycle”. A nuclear engineer would know that.

          • Atoms4Peace1

            A swift phone keyboard doesn’t know. At least you now know no carbon comes out of the discharge from the cycle. See even you agree nuclear produces less CO2/GWe and less radioactivity than coal effluent which puts freed trace uranium and thorium up the stack. Surprise. Antinukes caused the rise of fossil not renewables. What do you think displaced nuclear after TMI. Now 40 yrs later we learned the public health effects of TMI were wildly overblown by morons on your side.

          • DougDoug

            Sure, there is no CO2 from the steam turbine. Still doesn’t discount the massive amounts of CO2 already discussed. I’m glad you agree that renewables are the answer. Solar requires almost zero concrete, require a fraction of the build time and permitting time, doesn’t require any decontamination and can be demolished quickly. No fuel rods hanging around for decades.
            Nice name-calling. Again. Very mature way to win people to “your side”.

          • Atoms4Peace1

            Renewables will never be good for baseboard and fossil is going out This was discussed 40 years ago in engineering class. First fission then fission with actinide recycle then fusion-fission hybrids then fusion then antimatter. This is the order of things. The fusion-f8ssion hybrid is a waste incinerator. So technology will evolve such that actinides are completely recycled. It might be 100 years but the work we are doing is laying the groundwork. Renewables cant keep pace with the exponential increase in population, 10 billion by 2030, 15 billion by 2065. There just isn’t enough power density 1 kw/m^2 vs 200 MeV/fission atom. Your argument falls flat for the future.

          • DougDoug

            Sorry, it has been proven many times in scientific circles that renewables can more than power our future needs, with barely any of the problems of nuclear.
            I have refuted you on the danger, on the cost, and of the CO2 that nuclear plants are responsible for. You can keep on throwing insults and claiming you know best, but you have lost this argument.

          • Atoms4Peace1

            “Proven in scientific circles” are theory exercises. Real implementation requires complex engineering. This is why your “scientists” are not very good engineers. They like you are idealists with little practical experience designing abd implementing within the required constraints. Eve. Germany is having their issues. “Scientific circles”. What is that? A bunch of sweater vested academics in bow ties that get together and pontificate for a Utopian society. I live in the real world. Ive provided electricity for millions of people simultaneously at the flip of a switch. Contact me when renewables can do that at the flip of a single switch for millions all at once. Thats why they they call it baseload. And that’s why countries with rapidly growing populations and industrial economies are chosing nuclear. Dont ask me. Ask them. And learn something while you are at it.

          • Atoms4Peace1

            Have you ever held a blue collar job at a large nuclear power plant? The steam side is much more hazardous than the nuclear side.

        • Doug

          I see you removed your post about your fake degree.

          • Atoms4Peace1

            Fake degree? I didnt remove any posts. The degrees are real.

        • DougDoug

          So, no response on how much Russian and Japan have spent on their accidents so far?

          • Atoms4Peace1

            Holiday. Doesnt matter. Russia and Japan are exporting nuclear tech and neither you or anyone can stop it. You think they care about some silly antinuke?

          • DougDoug

            Ah, name calling when you can’t produce actual facts (dollars spent). Typical tactic.

          • Atoms4Peace1

            Dollars spent is a drop in the bucket to dollars made in the grand scheme of things. Tell me how much money they stand to make when the reactors come on more robustly and they export nuclear tech worth billions. Don’t give me this profits over people shtick. Its people that make this all possible. You ever been a part of something greater than yourself? It’s awesome to realize your efforts are helping human it and the environment. That’s why I became a nuclear engineer. I obtained the PhD through hard work a dedication to the field. Business models and technology innovations are not related.

          • DougDoug

            From Wikipedia regarding Chernobyl: $15 billion estimated cost of direct loss. It is estimated that the damages could accumulate to €235 billion for Ukraine and €201 billion ($235 USd) for Belarus in the thirty years following the accident
            Various sources say that Fukushima will cost between $100 and $250 billion.
            How lucky that my degree is in business (summa cum laude), with a minor in IT. That much in losses for just two level 7 disasters makes the nuclear reactor biz completely untenable. And yes, business models and technology innovations are tightly coupled – LOL!

          • Atoms4Peace1

            Chernobyl is a false comparison. Western reactors, Gen 3 and 4 are no where even resembling these exSoviet relics. You drive a nice safe car. Is it fair to say its the same as a Ford Pinto? Or Yugo? If all automobiles even the best designd were characterized by lemons then no one would drive. Weakest link doesnt apply.

          • Atoms4Peace1

            Yet the millions projected by the discredited Yablokov report was more fiction and embellishment. All the while more fossil plants were constructed. Antinukes found themselves in a dilemma in the 830a and 90s. Every cancelled nuclear plant back then lead to more coal. Nice going. Your side just trashed the planet and the world came together to castigate the whole lot of you. I say its about time we hold you activists feet to the fire for taking us down this road. How’s it feel to be linked with the densest most irrational group on the planet that has caused much more harm than nucleat?

      • Atoms4Peace1

        We only avoud those areas because of fear of radiation. People have moved back into exclusion areas, defying fears.

        Even if they fail they are not planet killers or mass murder machines.

        Lets face it. The consequences of real accidents have been way overblown.

        You perpetuate fear because you perpetuate ignorance. Im the PhD nuclear engineer here not you.

    • neroden

      On the contrary: we must be very careful to go back to a post-Chernobyl, post-TMI culture of shutting down dangerous-by-design nuclear bomb power plants completely and permanently.

      The fallout problem means that nuclear bomb powered plants are inherently unsafe. It’s also the reason nuclear bombs aren’t used even in warfare any more.

      We’re phasing out toxic materials in all areas, for very good reason. We’re phasing out lead. We’re phasing out mercury. We should certainly stop generating plutonium, strontinum-90, radon, and so forth.

      I notice that nuclear shills never want to talk about all the people poisoned, given cancer, and otherwise made sick by the toxics generated by nukes. They always want to talk about “deaths”, in order to completely ignore the amount of *illness* caused. The massive amounts of illness are well documented.

      • Atoms4Peace1

        There have been some docmented cases but not the widespread cancers above the 1/3 CDC norm. Many people who were diagnosed were not exposed. The time it takes to sort it out and bring real proof is usually a detriment.