1

Performance-Based, Risk-Informed Fire Protection at

Nuclear Power PlantsBrian Metzger

Office of Nuclear Reactor Regulation

Federal Fire Working Group Meeting Bureau of Alcohol, Tobacco, Firearms and Explosives

June 7, 2018

NRC Organization

• Headquarters + 4 Regional Offices

• 5 Commissioners• ~3000 staff• Annual budget ~$1B• Website: www.nrc.gov• Information Digest:

NUREG-1350 V29

2

NRC Overview

NRC Mission

“The U.S. Nuclear Regulatory Commission licenses and regulates the Nation’s civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.”

- NUREG-1614 (NRC Strategic Plan)

3

NRC Overview

NRC Functions

4

NRC Overview

How it started…

• Browns Ferry Nuclear Power Plant (3/22/75)

• Candle initiated cable tray fire; water suppression delayed; complicated shutdown

• Second-most challenging event in U.S. nuclear power plant operating history

• Spurred changes in requirements and analysis

5

Prelude

8.5m 11.5m

3m

Adapted from NUREG-0050

Browns Ferry Timeline

6

Prelude

Deterministic To Performance-Based Fire Protection

• Post-Browns Ferry deterministic protection of redundant safe shutdown equipment (10 CFR Part 50, App R, c. 1981)

– Prescriptive– 3-hour fire barrier, OR– 20 feet separation with detection and auto

suppression, OR– 1-hour fire barrier with detection and auto

suppression• Performance-Based fire protection (10 CFR 50.48(c),

NFPA 805, c. 2004)– Voluntary alternative to Appendix R– Deterministic and performance-based elements– Can be risk-informed– Changes can be made w/o prior approval of AHJ– Ensure risk is “acceptable” to AHJ

• Roughly half of the US fleet has transitioned to NFPA 805

7

Prelude

From Cline, D.D., et al., “Investigation of Twenty-Foot Separation Distance as a Fire Protection Method as Specified in 10 CFR 50, Appendix R,” NUREG/CR-3192, 1983.

PRA at the NRCHow we define and estimate risk, and why

8

Why PRA: 1995 PRA Policy Statement

• “The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRC’s deterministic approach and supports the NRC’s traditional defense-in-depth philosophy…”

• A probabilistic approach extends a traditional, deterministic approach to regulation, by:(1)Allowing consideration of a broader set of potential challenges

to safety, (2)Providing a logical means for prioritizing these challenges

based on risk significance, and (3)Allowing consideration of a broader set of resources to defend

against these challenges.

9

PRA at the NRC

What: All NRC Functions

10

PRA at the NRC

Risk Assessment

How: Risk-Informed Decision Making

11

PRA at the NRC

11

The proposed change meets the current regulations unless

it is explicitly related to a requested exemption or rule

change

The proposed change is consistent with the defense-in-

depth philosophy The proposed change maintains sufficient safety

margins

When proposed changes result in an increase in core damage frequency and/or risk, the

increases should be small and consistent with the intent of the

Commission’s Safety Goal Policy Statement

The impact of the proposed change should be monitored

using performance measurement strategies

Integrated Decision Making

On the Definition of “Risk”

• Triplet (vector) definition (Kaplan and Garrick, 1981): {si , Ci , pi }– What can go wrong?– What are the consequences?– How likely is it?

• Common definition (∑𝑖𝑖 𝑝𝑝𝑖𝑖 × 𝐶𝐶𝑖𝑖) does not capture difference between high-probability/low-consequence events and low-probability/high-consequence events

12

PRA at the NRC

From Farmer, F.R., “Reactor safety and siting: a proposed risk criterion,” Nuclear Safety, 8, 539-548(1967).

Probabilistic Risk Assessment (PRA)

• A systems-oriented engineering analysis process that answers the risk triplet questions

• Unique/challenging analysis features– Sparse data– Explicit treatment of uncertainties– Cross-disciplinary scope

• Distinguishing features (nuclear power plant PRAs)– Plant operational mode– Hazards considered– Scenario endpoints

• Typically involves event tree and fault tree analysis (but doesn’t have to)

13

PRA at the NRC

Metrics

• Structured around Core Damage Frequency (CDF) and Large Early Release Frequency (LERF) and changes thereto.

14

PRA at the NRC

Adapted from U.S. Nuclear Regulatory Commission, “An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant Specific Changes to the Licensing Basis,” Regulatory Guide 1.174, Revision 2, 2011.

Example Event Tree

15

PRA at the NRC

Example Fault Tree

16

PRA at the NRC

Fire PRA MethodologyTailoring the approach to meet analysis needs

17

Before tripAfter trip1 hour1 day1 week

3300 MWt260 MWt50 MWt15 MWt

7 MWt

Nuclear Design 101: How Things Work

• Risk = {si, Ci, pi}• Nuclear fission →

heat → steam → electricity

• Chain reaction controlled/stopped by control rods

• Heat generation continues after chain reaction is stopped (“decay heat”)

18

Fire PRA

Nuclear Power Plant Design Features

• General Design Criteria (10 CFR Part 50, Appendix A)

http://www.ecfr.gov/cgi-bin/text-idx?SID=5aa0f7b9ce8da0f9bd8aa303f964c67a&mc=true&node=ap10.1.50_1150.a&rgn=div9

• Key safety principles– Defense-in-depth– Single failure criterion and

redundancy– Diversity

• Robust structures, separation

19

Fire PRA

Why Pay Attention to Fire?

• Actual events + study results => Potentially important contributor (Completeness)

• Single fire event might affect multiple systems, structures, and components (Dependencies)– P{A and B} ≠ P{A} x P{B} – Common enclosures– Defeat separation– Effects on plant operators

• Nature of scenario affects fixes (Risk Management)

20

Fire PRA Methodology

Fire PRA Methodological Framework

• Performed as part of plant PRA

• Elements mirror NPP fire protection defense-in-depth

• Basic methodology developed and applied in early 1980s

• Refinements added over time (NUREG/CR-6850, c. 2005)

• Analysis is iterative• Ongoing work focused on

improving data and specific modeling methods

21

Fire PRA Methodology

Fire Frequency Analysis

• Objectives– Identify and characterize

potentially significant fire scenarios

– Estimate scenario frequencies

• Data: historical fire events• Estimation

– Generic– Plant-specific

22

Fire PRA Methodology

Equipment Damage Analysis

• Objectives– Identify potentially significant

combinations of equipment that can be damaged by a fire scenario

– Estimate conditional probabilities of equipment failure modes, given a fire scenario

• Underlying model: competition between damage and suppression processes

23

Fire PRA Methodology

Damage occurs if tdamage < tsuppression

Equipment Damage Analysis

24

Fire PRA Methodology

Equipment Damage Analysis (cont.)

• Prediction of fire environment– Correlations– Zone models– CFD models

• Equipment response/component fragility– Temperature and/or heat flux thresholds– Empirical data and probabilistic models for specific failure

modes (e.g., spurious operation, high-energy arc faults)• Fire suppression

– Historical data– Fire brigade drills

25

Fire PRA Methodology

Plant Response Analysis

• Objectives– Identify potentially significant

fire-induced accident scenarios– Estimate fire-induced core

damage frequency (CDF)• General approach: propagate

fire-induced losses through event tree/fault tree model– Start with internal events model– Modify to include effects on

equipment availability and operator actions

26

Fire PRA Methodology

Fire PRAs – Risk Contributors

27

Fire PRA Methodology

From Canavan, K., R. et al., “Roadmap for Attaining Realism in Fire PRAs,” Nuclear Energy Institute, 2010.

Then…

Fire R&D at NRC• Fire is one of many contributors to risk; resources for R&D

and for performing analyses are limited.• NRC R&D activities

– primarily aimed at supporting practical regulatory office needs (review/acceptance of new technologies and methods, understanding of related phenomena)

– support current fire PRA framework (“evolution”)• Examples

– Development and updating of technical and regulatory guidance (cooperative with industry)

– Experiments to provide basic data for complex phenomena, expert panels to interpret data

– International cooperation (sharing lessons from operational experience and experiments)

28

Current Challenges

Fire R&D at NRC (cont.)• Example Topics/Projects

– Cable Response to Live Fire (CAROLFIRE)– Cable Heat Release Ignition, and Spread in Tray Installations

During FIRE (CHRISTIFIRE) – Direct Current Electrical Shorting in Response to Exposure Fire

(DESIREE-FIRE)– Refining and Characterizing Heat Release Rates from Electrical

Enclosures During Fire (RACHELLE-FIRE)– Fire Events Database– High Energy Arc Fault (HEAF)

• Partners– Electric Power Research Institute (EPRI)– National Institute of Standards and Technology (NIST)– Department of Energy (DOE) National Laboratories– International Partners (OECD/NEA)– Universities

29

Current Challenges

Key Messages

• NRC uses PRA to support regulatory decision making (day-to-day and major decisions).

• Fire is a potentially important contributor to nuclear power plant risk.

• The general approach for performing fire PRA is well understood and well accepted.

• Details matter. Concerns with the realism of specific models and methods affect confidence in overall results and the transition to risk-informed fire protection, which are spurring R&D.

• PRA is a tool, not an end. Fire PRA R&D is focused on improvements that will support practical risk management.

30

Closing Thoughts

Any questions?

31

Additional Slides

32

ChernobylTMI

When: A PRA Timeline

33

1940 1950 19701960 1980 1990 20102000 2020

PRA at the NRC

NUREG-1150

AECcreated

WASH-740

Fukushima

IndianPoint

WASH-1400

NRCcreated

IPE/IPEEE

Atomic Energy Act“No undue risk”

SafetyGoalPolicy

PRAPolicy

Price-Anderson(non-zero risk)

RG 1.174

ASME/ANSPRA Standard

RevisedReactor Oversight

Level 3 PRA

For Further Reading*• Electric Power Research Institute and U.S. Nuclear Regulatory Commission Office of Nuclear Regulatory Research,

“EPRI/NRC-RES Fire PRA Methodology for Nuclear Power Facilities,” EPRI 1011989 and NUREG/CR-6850, 2005.• Haskin, F.E., et al., “Perspectives on Reactor Safety,” NUREG/CR-6042, Rev. 2, 2002.• Kaplan, S. and B.J. Garrick, “On the quantitative definition of risk,” Risk Analysis, 1, 11-37(1981).• Nowlen S.P., M. Kazarians, and F. Wyant, “Risk Methods Insights Gained from Fire Incidents,” NUREG/CR-6738, 2001.• Siu, N., N. Melly, S.P. Nowlen, and M. Kazarians, “Fire Risk Analysis for Nuclear Power Plants,” to be published in the

next Society for Fire Protection Engineers’ Handbook of Fire Protection Engineering.• Siu, N., K. Coyne, and N. Melly, “Fire PRA Maturity and Realism: A Technical Evaluation,” white paper in preparation.• Siu, N., et al., “Probabilistic Risk Assessment and Regulatory Decision Making: Some Frequently Asked Questions,”

report in preparation.• U.S. Nuclear Regulatory Commission, “Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy

Statement,” Federal Register, Vol. 60, p. 42622 (60 FR 42622), August 16, 1995.• U.S. Nuclear Regulatory Commission, “An Approach for Using Probabilistic Risk Assessment in Risk-Informed

Decisions on Plant Specific Changes to the Licensing Basis,” Regulatory Guide 1.174, Revision 2, 2011.• U.S. Nuclear Regulatory Commission, “A Proposed Risk Management Regulatory Framework,” NUREG-2150, 2012.• U.S. Nuclear Regulatory Commission, “The Browns Ferry Nuclear Plant Fire of 1975 Knowledge Management Digest,”

NUREG/KM-0002, 2013.• U.S. Nuclear Regulatory Commission, “Fire Protection and Fire Research Knowledge Management Digest, 2013”

NUREG/KM-0003, 2014.• U.S. Nuclear Regulatory Commission, “No Undue Risk: Regulating the Safety of Operating Nuclear Power Plants,”

NUREG/BR-0518, 2014.

34

Closing Thoughts

*Most of these references can be found at www.nrc.gov

Some Acronyms• AB – Auxiliary Building• AC – Alternating Current• AEC – U.S. Atomic Energy Commission• ACRS – Advisory Committee of Reactor Safeguards• AHJ – Authority Having Jurisdiction• ANS – American Nuclear Society• ASME – American Society of Mechanical Engineers• ASP – Accident Sequence Precursor• BWR – Boiling Water Reactor• CCDP – Conditional Core Damage Probability• CDF – Core Damage Frequency• CFD – Computational Fluid Dynamics• CFR – Code of Federal Regulations• CRD – Control Rod Drive• CSR – Cable Spreading Room• DC – Direct Current• DOE – U.S. Department of Energy• ECCS – Emergency Core Cooling System• EPRI – Electric Power Research Institute• GI – Generic Issue• GW - Gigawatt• HEAF – High Energy Arc Fault• HPCI – High Pressure Coolant Injection• HRA – Human Reliability Analysis• IAEA – International Atomic Energy Agency• IPE – Individual Plant Examination• IPEEE – Individual Plant Examination of External Events• LER – Licensee Event Report• LERF – Large Early Release Frequency• LOOP – Loss of Offsite Power• LWGR – Light Water Graphite Reactor• MCR – Main Control Room• MW – Megawatt• NEA – Nuclear Energy Agency

• NEI – Nuclear Energy Institute• NFPA – National Fire Protection Association• NIST – National Institute of Standards and Technology• NMSS – NRC Office of Nuclear Material Safety and Safeguards• NPP – Nuclear Power Plant• NRC – U.S. Nuclear Regulatory Commission• NRO – NRC Office of New Reactors• NRR – NRC Office of Nuclear Reactor Regulation• NSIR – NRC Office of Nuclear Security and Incident Response• NUREG – NRC report designator• OECD – Organization for Economic Cooperation and Development• PHWR – Pressurized Heavy Water Reactor• PRA – Probabilistic Risk Assessment• PSA – Probabilistic Safety Assessment• PWR – Pressurized Water Reactor• RBMK – Reaktor Bolshoy Moshchnosti Kanalnyy• RCIC – Reactor Core Isolation Cooling• RES – NRC Office of Nuclear Regulatory Research• RG – Regulatory Guide• RIDM – Risk-Informed Decision Making• RMIEP – Risk Methods Integration and Evaluation Program• ROP – Reactor Oversight Program• SAMA – Severe Accident Mitigation Alternative• SAMDA – Severe Accident Mitigation Design Alternative• SDP – Significance Determination Process• SBO – Station Blackout• SECY – NRC Office of Secretary (also designator for staff papers)• SPAR – Standardized Plant Analysis Risk• SRP – Standard Review Plan• SRV – Safety Relief Valve• SSC – Systems, Structures, and Components• TMI – Three Mile Island• VVER – Vodo-Vodyanoi Energetichesky Reaktor• WASH – AEC report designator

35

Backup

Regulatory Documents

• Regulations - http://www.nrc.gov/reading-rm/doc-collections/cfr/

• Regulatory Guide (RG) - http://www.nrc.gov/reading-rm/doc-collections/reg-guides/

• Standard Review Plan (SRP) -http://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr0800/

• NUREG Series Reports - http://www.nrc.gov/reading-rm/doc-collections/nuregs/

• Policy Statements - http://www.nrc.gov/reading-rm/doc-collections/commission/policy/

• Inspection Manual - http://www.nrc.gov/reading-rm/doc-collections/insp-manual/

36

Backup

Browns Ferry (March 22, 1975)

37

Backup

Risk Assessment vs. Risk Management

38

Backup

From National Research Council, “Understanding Risk: Informing Decisions in a Democratic Society,” National Academy Press, 1996.

Uncertainties in PRA Results

39

Backup

Core Damage Frequency – CDF (/ry)