1
Performance-Based, Risk-Informed Fire Protection at
Nuclear Power PlantsBrian Metzger
Office of Nuclear Reactor Regulation
Federal Fire Working Group Meeting Bureau of Alcohol, Tobacco, Firearms and Explosives
June 7, 2018
NRC Organization
• Headquarters + 4 Regional Offices
• 5 Commissioners• ~3000 staff• Annual budget ~$1B• Website: www.nrc.gov• Information Digest:
NUREG-1350 V29
2
NRC Overview
NRC Mission
“The U.S. Nuclear Regulatory Commission licenses and regulates the Nation’s civilian use of radioactive materials to protect public health and safety, promote the common defense and security, and protect the environment.”
- NUREG-1614 (NRC Strategic Plan)
3
NRC Overview
NRC Functions
4
NRC Overview
How it started…
• Browns Ferry Nuclear Power Plant (3/22/75)
• Candle initiated cable tray fire; water suppression delayed; complicated shutdown
• Second-most challenging event in U.S. nuclear power plant operating history
• Spurred changes in requirements and analysis
5
Prelude
8.5m 11.5m
3m
Adapted from NUREG-0050
Browns Ferry Timeline
6
Prelude
Deterministic To Performance-Based Fire Protection
• Post-Browns Ferry deterministic protection of redundant safe shutdown equipment (10 CFR Part 50, App R, c. 1981)
– Prescriptive– 3-hour fire barrier, OR– 20 feet separation with detection and auto
suppression, OR– 1-hour fire barrier with detection and auto
suppression• Performance-Based fire protection (10 CFR 50.48(c),
NFPA 805, c. 2004)– Voluntary alternative to Appendix R– Deterministic and performance-based elements– Can be risk-informed– Changes can be made w/o prior approval of AHJ– Ensure risk is “acceptable” to AHJ
• Roughly half of the US fleet has transitioned to NFPA 805
7
Prelude
From Cline, D.D., et al., “Investigation of Twenty-Foot Separation Distance as a Fire Protection Method as Specified in 10 CFR 50, Appendix R,” NUREG/CR-3192, 1983.
PRA at the NRCHow we define and estimate risk, and why
8
Why PRA: 1995 PRA Policy Statement
• “The use of PRA technology should be increased in all regulatory matters to the extent supported by the state-of-the-art in PRA methods and data and in a manner that complements the NRC’s deterministic approach and supports the NRC’s traditional defense-in-depth philosophy…”
• A probabilistic approach extends a traditional, deterministic approach to regulation, by:(1)Allowing consideration of a broader set of potential challenges
to safety, (2)Providing a logical means for prioritizing these challenges
based on risk significance, and (3)Allowing consideration of a broader set of resources to defend
against these challenges.
9
PRA at the NRC
What: All NRC Functions
10
PRA at the NRC
Risk Assessment
How: Risk-Informed Decision Making
11
PRA at the NRC
11
The proposed change meets the current regulations unless
it is explicitly related to a requested exemption or rule
change
The proposed change is consistent with the defense-in-
depth philosophy The proposed change maintains sufficient safety
margins
When proposed changes result in an increase in core damage frequency and/or risk, the
increases should be small and consistent with the intent of the
Commission’s Safety Goal Policy Statement
The impact of the proposed change should be monitored
using performance measurement strategies
Integrated Decision Making
On the Definition of “Risk”
• Triplet (vector) definition (Kaplan and Garrick, 1981): {si , Ci , pi }– What can go wrong?– What are the consequences?– How likely is it?
• Common definition (∑𝑖𝑖 𝑝𝑝𝑖𝑖 × 𝐶𝐶𝑖𝑖) does not capture difference between high-probability/low-consequence events and low-probability/high-consequence events
12
PRA at the NRC
From Farmer, F.R., “Reactor safety and siting: a proposed risk criterion,” Nuclear Safety, 8, 539-548(1967).
Probabilistic Risk Assessment (PRA)
• A systems-oriented engineering analysis process that answers the risk triplet questions
• Unique/challenging analysis features– Sparse data– Explicit treatment of uncertainties– Cross-disciplinary scope
• Distinguishing features (nuclear power plant PRAs)– Plant operational mode– Hazards considered– Scenario endpoints
• Typically involves event tree and fault tree analysis (but doesn’t have to)
13
PRA at the NRC
Metrics
• Structured around Core Damage Frequency (CDF) and Large Early Release Frequency (LERF) and changes thereto.
14
PRA at the NRC
Adapted from U.S. Nuclear Regulatory Commission, “An Approach for Using Probabilistic Risk Assessment in Risk-Informed Decisions on Plant Specific Changes to the Licensing Basis,” Regulatory Guide 1.174, Revision 2, 2011.
Example Event Tree
15
PRA at the NRC
Example Fault Tree
16
PRA at the NRC
Fire PRA MethodologyTailoring the approach to meet analysis needs
17
Before tripAfter trip1 hour1 day1 week
3300 MWt260 MWt50 MWt15 MWt
7 MWt
Nuclear Design 101: How Things Work
• Risk = {si, Ci, pi}• Nuclear fission →
heat → steam → electricity
• Chain reaction controlled/stopped by control rods
• Heat generation continues after chain reaction is stopped (“decay heat”)
18
Fire PRA
Nuclear Power Plant Design Features
• General Design Criteria (10 CFR Part 50, Appendix A)
http://www.ecfr.gov/cgi-bin/text-idx?SID=5aa0f7b9ce8da0f9bd8aa303f964c67a&mc=true&node=ap10.1.50_1150.a&rgn=div9
• Key safety principles– Defense-in-depth– Single failure criterion and
redundancy– Diversity
• Robust structures, separation
19
Fire PRA
Why Pay Attention to Fire?
• Actual events + study results => Potentially important contributor (Completeness)
• Single fire event might affect multiple systems, structures, and components (Dependencies)– P{A and B} ≠ P{A} x P{B} – Common enclosures– Defeat separation– Effects on plant operators
• Nature of scenario affects fixes (Risk Management)
20
Fire PRA Methodology
Fire PRA Methodological Framework
• Performed as part of plant PRA
• Elements mirror NPP fire protection defense-in-depth
• Basic methodology developed and applied in early 1980s
• Refinements added over time (NUREG/CR-6850, c. 2005)
• Analysis is iterative• Ongoing work focused on
improving data and specific modeling methods
21
Fire PRA Methodology
Fire Frequency Analysis
• Objectives– Identify and characterize
potentially significant fire scenarios
– Estimate scenario frequencies
• Data: historical fire events• Estimation
– Generic– Plant-specific
22
Fire PRA Methodology
Equipment Damage Analysis
• Objectives– Identify potentially significant
combinations of equipment that can be damaged by a fire scenario
– Estimate conditional probabilities of equipment failure modes, given a fire scenario
• Underlying model: competition between damage and suppression processes
23
Fire PRA Methodology
Damage occurs if tdamage < tsuppression
Equipment Damage Analysis
24
Fire PRA Methodology
Equipment Damage Analysis (cont.)
• Prediction of fire environment– Correlations– Zone models– CFD models
• Equipment response/component fragility– Temperature and/or heat flux thresholds– Empirical data and probabilistic models for specific failure
modes (e.g., spurious operation, high-energy arc faults)• Fire suppression
– Historical data– Fire brigade drills
25
Fire PRA Methodology
Plant Response Analysis
• Objectives– Identify potentially significant
fire-induced accident scenarios– Estimate fire-induced core
damage frequency (CDF)• General approach: propagate
fire-induced losses through event tree/fault tree model– Start with internal events model– Modify to include effects on
equipment availability and operator actions
26
Fire PRA Methodology
Fire PRAs – Risk Contributors
27
Fire PRA Methodology
From Canavan, K., R. et al., “Roadmap for Attaining Realism in Fire PRAs,” Nuclear Energy Institute, 2010.
Then…
Fire R&D at NRC• Fire is one of many contributors to risk; resources for R&D
and for performing analyses are limited.• NRC R&D activities
– primarily aimed at supporting practical regulatory office needs (review/acceptance of new technologies and methods, understanding of related phenomena)
– support current fire PRA framework (“evolution”)• Examples
– Development and updating of technical and regulatory guidance (cooperative with industry)
– Experiments to provide basic data for complex phenomena, expert panels to interpret data
– International cooperation (sharing lessons from operational experience and experiments)
28
Current Challenges
Fire R&D at NRC (cont.)• Example Topics/Projects
– Cable Response to Live Fire (CAROLFIRE)– Cable Heat Release Ignition, and Spread in Tray Installations
During FIRE (CHRISTIFIRE) – Direct Current Electrical Shorting in Response to Exposure Fire
(DESIREE-FIRE)– Refining and Characterizing Heat Release Rates from Electrical
Enclosures During Fire (RACHELLE-FIRE)– Fire Events Database– High Energy Arc Fault (HEAF)
• Partners– Electric Power Research Institute (EPRI)– National Institute of Standards and Technology (NIST)– Department of Energy (DOE) National Laboratories– International Partners (OECD/NEA)– Universities
29
Current Challenges
Key Messages
• NRC uses PRA to support regulatory decision making (day-to-day and major decisions).
• Fire is a potentially important contributor to nuclear power plant risk.
• The general approach for performing fire PRA is well understood and well accepted.
• Details matter. Concerns with the realism of specific models and methods affect confidence in overall results and the transition to risk-informed fire protection, which are spurring R&D.
• PRA is a tool, not an end. Fire PRA R&D is focused on improvements that will support practical risk management.
30
Closing Thoughts
Any questions?
31
Additional Slides
32
ChernobylTMI
When: A PRA Timeline
33
1940 1950 19701960 1980 1990 20102000 2020
PRA at the NRC
NUREG-1150
AECcreated
WASH-740
Fukushima
IndianPoint
WASH-1400
NRCcreated
IPE/IPEEE
Atomic Energy Act“No undue risk”
SafetyGoalPolicy
PRAPolicy
Price-Anderson(non-zero risk)
RG 1.174
ASME/ANSPRA Standard
RevisedReactor Oversight
Level 3 PRA
For Further Reading*• Electric Power Research Institute and U.S. Nuclear Regulatory Commission Office of Nuclear Regulatory Research,
“EPRI/NRC-RES Fire PRA Methodology for Nuclear Power Facilities,” EPRI 1011989 and NUREG/CR-6850, 2005.• Haskin, F.E., et al., “Perspectives on Reactor Safety,” NUREG/CR-6042, Rev. 2, 2002.• Kaplan, S. and B.J. Garrick, “On the quantitative definition of risk,” Risk Analysis, 1, 11-37(1981).• Nowlen S.P., M. Kazarians, and F. Wyant, “Risk Methods Insights Gained from Fire Incidents,” NUREG/CR-6738, 2001.• Siu, N., N. Melly, S.P. Nowlen, and M. Kazarians, “Fire Risk Analysis for Nuclear Power Plants,” to be published in the
next Society for Fire Protection Engineers’ Handbook of Fire Protection Engineering.• Siu, N., K. Coyne, and N. Melly, “Fire PRA Maturity and Realism: A Technical Evaluation,” white paper in preparation.• Siu, N., et al., “Probabilistic Risk Assessment and Regulatory Decision Making: Some Frequently Asked Questions,”
report in preparation.• U.S. Nuclear Regulatory Commission, “Use of Probabilistic Risk Assessment Methods in Nuclear Activities: Final Policy
Statement,” Federal Register, Vol. 60, p. 42622 (60 FR 42622), August 16, 1995.• U.S. Nuclear Regulatory Commission, “An Approach for Using Probabilistic Risk Assessment in Risk-Informed
Decisions on Plant Specific Changes to the Licensing Basis,” Regulatory Guide 1.174, Revision 2, 2011.• U.S. Nuclear Regulatory Commission, “A Proposed Risk Management Regulatory Framework,” NUREG-2150, 2012.• U.S. Nuclear Regulatory Commission, “The Browns Ferry Nuclear Plant Fire of 1975 Knowledge Management Digest,”
NUREG/KM-0002, 2013.• U.S. Nuclear Regulatory Commission, “Fire Protection and Fire Research Knowledge Management Digest, 2013”
NUREG/KM-0003, 2014.• U.S. Nuclear Regulatory Commission, “No Undue Risk: Regulating the Safety of Operating Nuclear Power Plants,”
NUREG/BR-0518, 2014.
34
Closing Thoughts
*Most of these references can be found at www.nrc.gov
Some Acronyms• AB – Auxiliary Building• AC – Alternating Current• AEC – U.S. Atomic Energy Commission• ACRS – Advisory Committee of Reactor Safeguards• AHJ – Authority Having Jurisdiction• ANS – American Nuclear Society• ASME – American Society of Mechanical Engineers• ASP – Accident Sequence Precursor• BWR – Boiling Water Reactor• CCDP – Conditional Core Damage Probability• CDF – Core Damage Frequency• CFD – Computational Fluid Dynamics• CFR – Code of Federal Regulations• CRD – Control Rod Drive• CSR – Cable Spreading Room• DC – Direct Current• DOE – U.S. Department of Energy• ECCS – Emergency Core Cooling System• EPRI – Electric Power Research Institute• GI – Generic Issue• GW - Gigawatt• HEAF – High Energy Arc Fault• HPCI – High Pressure Coolant Injection• HRA – Human Reliability Analysis• IAEA – International Atomic Energy Agency• IPE – Individual Plant Examination• IPEEE – Individual Plant Examination of External Events• LER – Licensee Event Report• LERF – Large Early Release Frequency• LOOP – Loss of Offsite Power• LWGR – Light Water Graphite Reactor• MCR – Main Control Room• MW – Megawatt• NEA – Nuclear Energy Agency
• NEI – Nuclear Energy Institute• NFPA – National Fire Protection Association• NIST – National Institute of Standards and Technology• NMSS – NRC Office of Nuclear Material Safety and Safeguards• NPP – Nuclear Power Plant• NRC – U.S. Nuclear Regulatory Commission• NRO – NRC Office of New Reactors• NRR – NRC Office of Nuclear Reactor Regulation• NSIR – NRC Office of Nuclear Security and Incident Response• NUREG – NRC report designator• OECD – Organization for Economic Cooperation and Development• PHWR – Pressurized Heavy Water Reactor• PRA – Probabilistic Risk Assessment• PSA – Probabilistic Safety Assessment• PWR – Pressurized Water Reactor• RBMK – Reaktor Bolshoy Moshchnosti Kanalnyy• RCIC – Reactor Core Isolation Cooling• RES – NRC Office of Nuclear Regulatory Research• RG – Regulatory Guide• RIDM – Risk-Informed Decision Making• RMIEP – Risk Methods Integration and Evaluation Program• ROP – Reactor Oversight Program• SAMA – Severe Accident Mitigation Alternative• SAMDA – Severe Accident Mitigation Design Alternative• SDP – Significance Determination Process• SBO – Station Blackout• SECY – NRC Office of Secretary (also designator for staff papers)• SPAR – Standardized Plant Analysis Risk• SRP – Standard Review Plan• SRV – Safety Relief Valve• SSC – Systems, Structures, and Components• TMI – Three Mile Island• VVER – Vodo-Vodyanoi Energetichesky Reaktor• WASH – AEC report designator
35
Backup
Regulatory Documents
• Regulations - http://www.nrc.gov/reading-rm/doc-collections/cfr/
• Regulatory Guide (RG) - http://www.nrc.gov/reading-rm/doc-collections/reg-guides/
• Standard Review Plan (SRP) -http://www.nrc.gov/reading-rm/doc-collections/nuregs/staff/sr0800/
• NUREG Series Reports - http://www.nrc.gov/reading-rm/doc-collections/nuregs/
• Policy Statements - http://www.nrc.gov/reading-rm/doc-collections/commission/policy/
• Inspection Manual - http://www.nrc.gov/reading-rm/doc-collections/insp-manual/
36
Backup
Browns Ferry (March 22, 1975)
37
Backup
Risk Assessment vs. Risk Management
38
Backup
From National Research Council, “Understanding Risk: Informing Decisions in a Democratic Society,” National Academy Press, 1996.
Uncertainties in PRA Results
39
Backup
Core Damage Frequency – CDF (/ry)