U.S. NRC Blog

Transparent, Participate, and Collaborate

Throwback Thursday – A July Trip to Tennessee

tbtzechOn July 16, 1987, this Chairman visited the NRC’s Technical Training Center in Chattanooga, Tenn. The TTC was transferred to the agency’s Office of Analysis and Evaluation of Operational Data as part of a reorganization that year. During his visit to the TTC, the then-Chairman was briefed on a reactor simulator that had been leased from the Westinghouse Electric. Co., for training in PWR technology.

Can you name the Chairman?

Pokémon Go — Not a Go at Nuclear Plants

Prema Chandrathil
Public Affairs Officer
NRC Region III

The highly popular cellphone game has found its way to a U.S. commercial nuclear power plant.

pokemanThe Pokémon Go game lets users chase and catch virtual creatures with their cellphone cameras. However, Pokémon Go and other games that use the GPS signals in our phones are creating safety and security issues. Local law enforcement officials across the country have cautioned folks to pay attention while playing and be careful not to wander into traffic (warnings that have not always been heeded). The phrase “heads up” takes on new meaning here.

The games have even enticed players to trespass on private property — including the Perry nuclear power plant in northeastern Ohio.

Recently, three teenagers pursued one of the strange looking cartoon creatures into the employee parking lot of the Perry plant, at 3 in the morning! Instead of catching the Pokémon, they were caught by security officers and escorted off the property.

But it could have ended very differently – and much more seriously — for these Pokémon pursuers.

Commercial nuclear plants are among the best-protected facilities in the country. Their security officers are highly trained professionals who carry guns and are authorized to use them in protecting the plant. Though you might not always see the protective measures and many details are not publically available, security is in place. (Click here for more info on the NRC’s security requirements for nuclear power plants.)

So have fun exploring and climbing over rocks searching for those virtual creatures, but the bottom line is be safe while playing these games. A nuclear power plant is not the place to be searching for Pikachu.

 

GAO and the Fake Licensees

Duncan White
Senior Health Physicist

The Government Accountability Office (GAO) published a report today on a “covert operation” they conducted to test the NRC and some states on the process of issuing licenses for possession and use of radioactive materials.

First some facts: GAO established a fake company and made three attempts to obtain a license. GAO was successful in only one case. As part of their operation, GAO then altered the license and placed orders for radioactive material with two companies that could have resulted in GAO receiving double the quantity of material authorized in the license. That quantity of material would have posed a higher potential risk than what was actually authorized in the unaltered license, and would have required additional security measures.

In the language of radioactive materials categories (see box), the fake GAO company had a valid license for a Category 3 quantity, but used a modified copy of that license to order a Category 2 quantity.

It is important to note that the public’s safety was never at risk because GAO never actually obtained radioactive material.

The license GAO obtained was granted by one of our Agreement States (the 37 states that regulate radioactive materials under agreements with us). After we learned of the GAO actions, we immediately made sure that the Agreement State knew the license was obtained under false pretenses and revoked it, and notified manufacturers and distributors of the revocation. We also made sure that the 36 other Agreement States knew about the issue.

Our next step was to figure out what went wrong. Working with the Agreement State that issued the license, we found that the licensing staff did not complete all the required steps of the pre-licensing procedures. In GAO’s other two attempts, the licensing officials who correctly denied GAO’s fake company a license – in another Agreement State and in an NRC regional office – did follow all the steps of those procedures.

Knowing the root cause helped us to focus our corrective actions. The NRC and all the Agreement States responded with steps to improve training and underscore the importance of following procedures. All licensing and inspection staff at the NRC and in the Agreement States completed this re-training in December 2015.

NRC and Agreement State officials also formed joint working groups to see what additional lessons can be gathered from the GAO operation. These groups have been meeting since January 2016. Among their tasks, the groups are reviewing the pre-licensing guidance and evaluating new strategies to improve license verification and transfer procedures for the quantity and type of material involved in the GAO sting.

The groups will also consider GAO’s specific recommendations. Once this work is completed, the NRC staff will present to our management and Commissioners any policy questions that emerge from the reviews, including whether we think changes are needed to the current security and tracking requirements for radioactive materials.

The NRC takes radioactive materials security very seriously. We participate with 13 other federal agencies on a U.S. Government task force that has evaluated the security of radiation sources in the U.S. over the past 10 years. This group has identified no significant gaps in source security and recommended no legislative changes.

GAO reccomend__HorizontalBased on this comprehensive, ongoing review, we believe current NRC regulations for licensing radioactive sources remain adequate for protection of safety and security, consistent with the risks they pose. Nonetheless, the NRC is doing what it can to see what lessons from the GAO operation can be applied to strengthen radioactive materials security.

Part II: How the NRC Uses a Defense-in-Depth Approach Today to Protect the Public

Mary Drouin
Senior Program Manager
Division of Risk Assessment, Performance and Reliability Branch

Defense-in-depth is a central theme in the NRC’s regulatory oversight of the nuclear power industry. As our agency historian, Tom Wellock, discussed in Monday’s post, the concept of defense-in-depth emerged during the trench warfare of World War I. The idea of multiple lines of defense was applied to nuclear safety in the 1950s as the leading concept for protecting the public from the consequences of a nuclear reactor accident.

The NRC’s predecessor agency, the U.S. Atomic Energy Commission, spelled out defense-in-depth in a 1957 report called WASH-740, Possibilities and Consequences of Major Accidents in Large Nuclear Power Plants. “Should some unfortunate sequence of failures lead to destruction of the reactor core … no hazard to the safety of the public would occur unless two additional lines of defense were also breached,” the report said.

These words are at the heart of defense-in-depth as it has been practiced for six decades: multiple layers of defense to protect against accidents and their effects to ensure the risk to the public is acceptably low.

In a recent report issued this spring, Historical Review and Observations of Defense-in-Depth (NUREG/KM-0009), the NRC looks at how the concept has evolved in practice over the years. It also includes views from other government agencies and the international community.

As the report explains, defense-in-depth recognizes that our knowledge is imperfect. Although we plan for all conceivable accidents, the unexpected may still occur. Even if we have anticipated an event, its characteristics and impacts may be unpredictable. Our design and operation of nuclear plants need to be robust enough to compensate for this lack of knowledge. Defense-in-depth offers multiple layers of protection in case one or more layers fail.

So we don’t just rely on preventing an accident; we also need strong defenses to mitigate the effects of any accident that does occur. This applies to nuclear power plants, waste management and security as well.

In practice, defense-in-depth addresses three principles that should be factored into the design and operation of systems and components to provide additional confidence that an accident would not compromise the defensive layers:

  • Redundancy means more than one component performs the same function – for example, having multiple pumps instead of a single one;
  • Independence means these multiple components rely on separate and distinct attributes to function – the multiple pumps have separate piping from the water tank to where they discharge, and are housed in separate compartments; and
  • Diversity means the multiple components performing the same function rely on different design features to operate – motor-driven pumps versus steam-powered pumps.

dindgraphicIn reactor safety, the layers of defense might be:

  • Maintain reactor stability by limiting the ability of events to disrupt operation (with protective measures such as fire-safe or flood-tight doors, seismically designed buildings)
  • Protect the reactor should operation be disrupted (emergency reactor core cooling with redundant pumps)
  • Barrier integrity to guard against a release of radioactivity to the environment (leak-tight containment structures, filtered vents, containment sprays) and
  • Protect the public if a release does occur (emergency preparedness plans)

This versatile framework can apply whether the risk to the public comes from the reactor, spent fuel pool, nuclear waste or security threats.

Defense in Depth Part I: A War for Safety

Thomas Wellock
Historian

One hundred years ago the French and German armies of World War I devised a new defensive strategy called “defense in depth.” Its aim was to prevent an enemy breakthrough of an army’s frontline with a deep system of interconnected trench lines and strong points.

Defense in depth circa WWI. Photo courtesy of the Library of Congress

Defense in depth circa WWI. Photo courtesy of the Library of Congress

Popularized in all its desperation and grisly effectiveness in films such as All Quiet on the Western Front, defense in depth has become the NRC’s official metaphor in the battle to protect the public from radiation hazards. It is the key concept governing nuclear safety in using multiple strategies in safety-system design, operations, and emergency procedures and planning.

The NRC’s use of the term has roots in the Manhattan Project of World War II. Military metaphors seemed particularly apt for those charged with ensuring the safety of the early plutonium production reactors at Hanford, Washington. They worried about the potential for a reactor “catastrophe” from a radiation release of “explosive violence.” Their solution was to erect multiple “lines of defense” of trained operators and emergency personnel, carefully sealed fuel rods, shielding walls, backup cooling and power systems, and even a backup to the backup shutdown system—a final solution so drastic that it would destroy the reactor to save the operators lives. Fittingly, its moniker derived from another military term — the “last ditch” safety device.

After the war, the “lines of defense” in reactor safety were categorized into functions by Atomic Energy Commission safety committees:

  1. Features that made a reactor inherently safe;
  2. “Static,” or physical, barriers, such as containment buildings, were to halt the escape of radiation; and
  3. Active systems were to shut down and cool the reactor in the case of unusual conditions.

While the AEC’s safety approach became more coherent, there was no consensus among experts over the relative importance of each category. Some experts focused mostly on a design’s physical barriers, while others gave weight to all three categories and included reactor operation too.

Over time, “defense in depth” replaced the scattered concept of “lines of defense.” Its first use appears to have been in 1958 to describe safety design in the plutonium extraction processes at Hanford. In a 1965 letter to Congress, AEC Chairman Glenn Seaborg applied the term to civilian reactor safety as an accident prevention and mitigating strategy.

It provided, he wrote, “multiple safeguards against the occurrence of a serious accident, and for containment of fission product release.” The term stuck.

But the story continues. The Office of Nuclear Regulatory Research has published a report on the history of defense in depth up to the present, which covers the term’s application to the whole nuclear fuel cycle. It’s a fascinating look at how this bedrock safety concept has evolved under the influence of events and new knowledge. We’ll have more on this report on Wednesday.

 

 

Follow

Get every new post delivered to your Inbox.

Join 1,950 other followers

%d bloggers like this: