January 19, 2016
Dave Lochbaum
Former contributor

Disaster by Design/Safety by Intent #15

Disaster by Design

You probably have noticed by now there’s no shortage of acronyms and abbreviations in the nuclear industry. There are so many that the Nuclear Regulatory Commission (sometimes called the NRC) published a report chock-a-block with many of them. Because one can never have too many acronyms, I’ll unveil another one: ROSS, for Race of Safety Snails.

Fig. 1 (

Fig. 1 (Source:

ROSS refers to the pace at which the NRC “resolves” safety and security problems affecting millions of Americans living downwind and downstream of the nation’s nuclear power plants. I have nothing against snails and truly wish them, individually or as a species, no harm in using them to describe the NRC’s speed “resolving” safety and security problems. But snails can likely defend themselves slightly better than glaciers, so they got drafted. Plus, it was harder to think up a snappy acronym with glaciers in it.

The Three Mile Island (TMI) Snail

The worst U.S. nuclear power reactor accident, so far, occurred March 28, 1979, on the Unit 2 reactor at the Three Mile Island (TMI) nuclear plant outside Harrisburg, Pennsylvania. After the TMI accident, the NRC imposed an array of regulatory requirements intended to lessen the likelihood of another accident as well as to enhance mitigation and response capabilities should an accident happen.

Solid safety upgrades cannot be developed and imposed overnight; or within four score and seven overnights. Over the next year or so, the NRC crafted its TMI Action Plan, released in May 1980. Actually, it was a really big plan, requiring a second volume to hold all the items. Even the shortening from abbreviations and acronyms did not allow the items to fit in a single volume.

Abe Lincoln died over a century earlier; otherwise he may have observed that the NRC can confuse some of the plant owners all the time, all the plant owners some of the time, but not all the plant owners all the time. The NRC confused all the plant owners with the big words and tricky phrases in its TMI Action Plan. So, to demystify the fixes it mandated, the NRC released a single-volume report in November 1980 clarifying the mandated safety upgrades. The NRC also defined deadlines for completing the safety upgrades (if TBD specified for many items really counts as a deadline).

Thus, the NRC issued clarified TMI safety upgrades nearly 20 months after the accident. The TMI snail traveled 23.2 miles to this point.

Begin sidebar: Land snails have been clocked (or calendared?) at 0.0758 miles per hour. Assuming travel occupies one-third of a snail’s average work day,  a five-day work week, and subtracting nine holidays and two and a half weeks’ vacation per year (snails have a strong union which has negotiated fairly liberal benefits), snail travels 14.5 miles per year. End sidebar

Assuming that it would take three times as long to implement the safety upgrades as it took to develop, and then clarify them, the safety upgrades ought to be installed within 60 months, or by November 1985.

Did I mention the TMI snail?

More than a decade after the TMI accident, plant owners were still plodding along (a.k.a., snail racing). For example, the owner of the Prairie Island and Monticello nuclear plant in Minnesota informed the NRC on April 17, 1989, that many of the safety upgrades had been installed but that the modifications to make the control room more user-friendly would require “… several more refueling outages” to complete.

The Monticello and Prairie Island snails were speed demons compared to some of the others. For example, the owner of the Point Beach nuclear plant in Wisconsin applied to the NRC on December 12, 1991, to clarify the regulatory requirements for reactor vessel water level instrumentation. According to the application, “This instrumentation is part of the Inadequate Core Cooling Monitoring System which was installed in 1987 to fulfill the requirements of TMI Action Plan, NUREG-0737 item II.F.2, ‘Instrumentation for Detection of Inadequate Core Cooling.’ The PA [proposed amendment] to add TS [technical specification] requirements for this instrumentation is in accordance with the guidelines of NRC Generic Letter 83-37 [issued November 1, 1983, or more than three years BEFORE the instrumentation was installed]. Submitting this proposed change completes WPSCs implementation of the TMI Action Plan, NUREG-0737, Item II.F.2.” Remember that the application sought to clarify the requirements and the quoted text represents the crispy clean text.

TMI safety upgrades were completed at Point Beach over 11 years later. The snail could have traveled 161.1 miles in that time (assuming it lived that long—snails have a life expectancy of 11 to 15 years.)

I don’t know what the proper distance is, but it would seem that a nuclear industry and its regulator could implement safety upgrades following the worst nuclear plant accident in U.S. history before a snail would wander 161.1 miles.

The 9/11 Snail

The tragic attacks of 9/11 suggested that additional measures needed to be taken to reduce the vulnerabilities of the nation’s nuclear power plants. The NRC imposed security upgrades by a series of orders issued on February 25, 2002, January 7, 2003, April 29, 2003, October 23, 2003, March 20, 2006, and June 20, 2006.

DBD 15 Figure 2 Pilgrim RAI ML113220234

Fig. 2 (Source: NRC)

A decade later, the NRC was still checking to see whether plant owners had completed the mandated security upgrades. For example, the NRC asked the owner of the Pilgrim nuclear plant in Massachusetts on November 21, 2011, four questions about its security upgrades. The NRC’s first question pointed out:

The bulletin requested that each licensee describe in detail the testing and control of equipment supporting the mitigating strategies to ensure that it will be available and functional when needed. Communications equipment needed to support the mitigating strategies was described in the NRC Safety Evaluation (SE) documenting the NRC review of your response to Section B.5.b of the Interim Compensatory Measures Order (EA-02-026), and typically includes radios, satellite phones, spare batteries, and chargers. The NRC staff could not determine if you performed activities to ensure that communications equipment will be available and functional when needed.

Was Pilgrim compliant on November 21, 2011, with the security upgrades mandated by the NRC?


Maybe not.

The NRC didn’t know. The Pilgrim snail could have traveled 147.8 miles in the 10.2 years since 9/11—and still have run circles around the NRC’s safety racers.

Begin sidebar: The NRC is often accused of being too cozy with the industry it regulates. The NRC’s letter to Pilgrim’s owner refutes that notion. The NRC does not know whether the Site Vice President at Pilgrim is a man or woman (No Peeking!).  End sidebar

Safety by Intent

Robert Frost ended his famous poem “Stopping by Woods on a Snowy Evening” by repeating this line: “And miles to go before I sleep.”

Racking up over 100 snail-miles before safety and security issues are resolved strongly suggests that many in the nuclear industry and its regulator may be doing more sleeping than going.

Should it really take over a decade to implement the safety upgrades required following the nation’s worst (so far) nuclear plant accident?

Should security upgrades following the nation’s worst (so far) terrorist attacks really compete with terrorist retirement plans to see which happens first?

Sorry for the trick questions. I’ll get back to you within 125 snail-miles.


UCS’s Disaster by Design/ Safety by Intent series of blog posts is intended to help readers understand how a seemingly unrelated assortment of minor problems can coalesce to cause disaster and how effective defense-in-depth can lessen both the number of pre-existing problems and the chances they team up.