Disaster by Design/ Safety by Intent #53
Safety by Intent
Disaster by Design/Safety by Intent #52, last week’s commentary, described the timely and effective response by the Nuclear Regulatory Commission (NRC) to the unexpected discovery of cracked control rod drive mechanism (CRDM) nozzles at the Oconee nuclear plant in South Carolina. Soon after being surprised, the NRC determined who needed to do what when in order to properly resolve the safety problem. When the phased actions were taken, the results confirmed that the NRC’s triage was appropriate.
This commentary expands upon a theme implied in last week’s commentary—namely, that the NRC does a good job setting the nuclear safety bar at the Goldilocks height: not too low to expose workers and the public to undue risk, not too high to impose undue costs on plant owners, but just right.
Nuclear power safety was one of the first areas that UCS took on following our formation in May 1969. Over the ensuing four decades, UCS often advocated for nuclear safety fixes. The campaigns undertaken by Bob Pollard, my predecessor at UCS, during his tenure between 1976 and 1996 and those we undertook since my joining the organization in fall 1996 share a recurring theme—the overwhelming majority did not contend that the nuclear safety bar was set too low and needed to be raised. Instead, the overwhelming majority of our campaigns sought to bring one or more reactors back to the safe, and legal, side of the bar.
Once the safety bar is set, the limbo beneath it must not be an option.
NRC Lessons Learned Task Force
The NRC’s successful response to the CRDM nozzle cracking problem was tainted by how it mismanaged the problem at Davis-Besse. Among many remedies undertaken in the wake of that debacle, the NRC formed a Lessons Learned Task Force (LLTF) chartered with recommending ways to avoid the next Davis-Besse.
The LLTF made 51 recommendations in its report dated September 30, 2002 (Figs. 1, 2, 3). The majority of the recommendations outlined things the NRC should do to better enforce existing regulatory requirements.
For example, Recommendation 3.1.2(1) sought to have the NRC verify that plant owners had implemented effective measures to address safety issues identified through the NRC’s generic communications program. And Recommendation 3.2.1(3) sought to have the NRC inspect plant procedures used by workers in response to indications of reactor coolant leakage.
Only four of the fifty-one (less than 8%) recommendations suggested evaluating whether the safety bar needs to be raised. Those four recommendations were:
Recommendation 3.1.5(1): The LLTF recommended that the NRC evaluate whether to require that leakage detection capabilities were upgraded to better handle low leak rates. The degradation at Davis-Besse was caused by a small leak over several years.
Recommendation 3.2.1(1): The LLTF recommended that the NRC should upgrade regulatory requirements for reactor coolant leakage. Existing requirements did not allow any reactor coolant pressure boundary leakage, a small amount of unidentified leakage, and a slightly larger amount of identified leakage. Workers at Davis-Besse, and other pressurized water reactors, tend to assign leaks to the latter two bins when the reactor is operating. Reactor coolant pressure boundary leaks are typically only determined when the reactor is shut down. When any one of the three limits is exceeded, the reactor must be shut down within hours. The LLRT sought to address the disconnect between the reactor coolant pressure boundary leak limit being the most stringent, but least followed, safety requirement.
Recommendation 3.2.4(1): The LLTF recommended that the NRC should evaluate its requirements that plant owners review operating experience. The leaks at Davis-Besse had been preceded by similar leaks at Oconee (SC), Turkey Point (FL), Salem (NJ), and Bugey (France) Davis-Besse’s owner was aware of these prior events, but was under no obligation to take steps to prevent them from happening at their plant in response to that awareness.
Recommendation 3.3.4(9): The LLTF recommended that the NRC require that owners of reactors with non-standard limits on reactor coolant leakage revise the limits to conform with the standard requirements.
The LLTF’s recommendations implicitly reveal the agency’s determination that the near-miss at Davis-Besse was not caused by ineffective and inadequate regulatory requirements, but rather by ineffective and inadequate enforcement of existing requirements. The LLTF’s recommendations did not seek to raise the safety bar, but to better ensure that reactors operated on the proper side of that bar.
To cite another determination by another entity, the Government Accountability Office (GAO) examined the NRC’s oversight efforts at the request of the U.S. Congress after TIME magazine featured a cover story in March 1996 on the agency’s shortcomings at Millstone (CT). The GAO concluded that “NRC has not taken aggressive enforcement action to force the licensees to fix their long-standing safety problems on a timely basis. As a result, the plants’ conditions have worsened, making safety margins smaller.”
Time and again, TIME and others have found that safety problems at U.S. nuclear power plants have been caused by non-compliance with regulatory requirements. This recurring findings are tacit endorsements that the regulatory requirements are appropriate; what is inappropriate is non-compliance with them.
Disaster by Design
The NRC’s mission is to establish and enforce regulatory requirements that protect workers and the public. The record is clear that the NRC does a fine job with the first part of its important mission but struggles to do as well with the second part.
Both parts must be successfully performed before the NRC can proclaim “Mission Accomplished.”
UCS’s Disaster by Design/ Safety by Intent series of blog posts is intended to help readers understand how a seemingly unrelated assortment of minor problems can coalesce to cause disaster and how effective defense-in-depth can lessen both the number of pre-existing problems and the chances they team up.