U.S. NRC Blog

Transparent, Participate, and Collaborate

Monthly Archives: July 2011

SATAN’s Code: The Early Years of Accident Models

The IBM 650 circa 1950s

When the first mass-produced computers hit the stage in the 1950s, nuclear engineers saw the opportunity to use them to help run accident scenarios. It was a good idea that took decades to become reality and the computer limitations created early uncertainty about reactor safety.

In 1954, Westinghouse experts put together a homemade digital computer that read punch tape. With a practiced ear, you could tell from the computer sounds which program was being run.

In 1959, Battelle Memorial Institute developed an early Loss-of-Coolant-Accident model for a heavy-water plutonium reactor. The program was run on an IBM-650/653, the first mass production computer ever developed. The 650 weighed more than a 1955 Cadillac Deville, had vacuum tubes, and used a punch-card reader. Even if it had the memory and someone willing to load the 50 million cards, it would take six months to boot up Microsoft Windows 7.

Fortunately, Battelle’s code was a mere 166 cards. It calculated the behavior of just one fuel rod (modern reactors have thousands of rods) and took minutes to produce one data point.

For the sake of speedier results, gross simplifications were made. For example, an ideal accident code would have broken a reactor cooling system into many small volumes and done extensive calculations on each one to accurately simulate the complex conditions that existed throughout the reactor core and piping. But to run it on mid-1960s computers could take days. As a result, Westinghouse’s FLASH code used just three volumes to represent the whole reactor system.

At least they had computers. Neither the Idaho National Labs, a center for accident-code development, nor the Atomic Energy Commission had them. INL relied on weekend visits to the University of Utah. At the AEC, engineer Norm Lauben begged time from the National Bureau of Standards. Norm drove to the Bureau’s headquarters in Gaithersburg, Md., in the morning to submit his job on the 12,000-line RELAP-3 code, and returned after lunch to pick up the results.

Engineers were confident that the codes would prove reactor designs were overly conservative. Their optimism proved unfounded.

When Westinghouse proudly unveiled its 70-volume SATAN code in 1970, AEC staffers discovered errors in the code indicating that the company’s Emergency Core Cooling System might fail in an accident. The problems of the SATAN code helped lead to a major rulemaking hearing in 1972 on the adequacy of both emergency cooling system designs and accident codes. Those hearings revealed just how embarrassingly uncertain and rudimentary the early codes were about what happened during an accident.

The AEC and later the NRC had to make a huge investment in creating more robust – and accurate – codes. Additional research that produced the RELAP-5 Code is still used today as an industry standard worldwide.

Tom Wellock
NRC Historian

Access Authorization Regulations Lead to Arrest

generic power plant site mapAn illegal immigrant from Mexico was recently arrested after using an invalid Arizona identification card to enter the Palo Verde Nuclear Generating Station. Power plant security officers reported the suspicious ID to the Maricopa County Sheriff’s Office, which promptly made an arrest.

The man, a contract worker, did not have access to the most secure areas of the plant. He was arrested on felony charges — criminal trespass on a commercial nuclear generating station.

The incident underscores the NRC’s access authorization regulations, which are designed to make sure only the most trustworthy and reliable individuals gain access to vital safety areas of a nuclear power plant.

As with many industries and facilities, contract companies are used for projects and basic maintenance such as concrete work. In the case of the Palo Verde plant, the individual was doing work just inside an area known as the owner-controlled area (OCA), which houses no vital safety areas, information or systems. The area requires a valid ID issued by a state or government, and a legitimate reason for entering the OCA, such as previously approved work.

The worker had no access to the most secure areas of the plant with what is called the “protected area.” This area is only accessible by badged personnel, who have undergone stringent screening and background checks, or by individuals being escorted by approved plant personnel.

The site can be thought of as a series of rings representing areas with varying degrees of security checks and measures. The reactor, turbine building, and other safety related equipment, for example, are housed in the highly secured and heavily guarded inner-most ring with access controls, intrusion detection and strategically placed observation towers.

It is the responsibility of the nuclear power plants licensed by the NRC to vet individuals and approve their access to the plant — including those working under contract through other companies. The NRC will be taking a look at the Arizona Public Service Company’s actions related to the arrest of the contract worker to make sure our regulations were followed. The good news is that the system worked to identify someone who didn’t belong and the appropriate law enforcement action was taken.

Lara Uselding
Region IV Public Affairs Officer

Protecting Our Nation

The NRC has just posted on its website an updated report about the NRC’s security activities in the 10 years after the September 11th terrorist attacks. The report, titled “Protecting Our Nation,” (NUREG/Br-0314 Rev. 2) outlines important upgrades in security, emergency preparedness, and incident response related to nuclear facilities and radioactive materials.

Some highlights in the report include information on:

• Force-on-Force security inspections, which incorporate both tabletop drills and simulated combat between a mock commando-type adversary force and nuclear plant security force.

• Cyber security as an emerging tool that both domestic and international adversaries can use to exploit potentially vulnerable systems. The NRC is working with its federal partners to address this complicated issue.

• Incident response exercises as a way to prepare for potential terrorist attacks or other incidents, such as major storms, that could disrupt operations.

• Intelligence assessments used to evaluate and warn of possible threats of attacks or other malevolent activities directed at nuclear facilities or radioactive material licensees.

The report can be found at:

Rebecca Clinton
Security Specialist

The Importance of Inspectors and Inspections

When the NRC Senior Resident Inspector at the Perry Nuclear Plant  in Ohio arrived at the plant on April 22, he stopped first at the outage control office, which oversees work being done during the plant’s refueling and maintenance outage.

One job of interest – removing a neutron detector that was lodged in the reactor core – had not been completed during the night as scheduled. The inspector inquired further and learned that the job had been halted when higher-than-expected radiation levels were encountered during the work.

After gathering more details, he conferred with the NRC’s Region III Office in Lisle, Ill., and began the process that led to a special inspection into the circumstances surrounding the incident.

The NRC has two or more resident inspectors assigned to each nuclear plant on a fulltime basis to assure the plant is operating safely. Their efforts are supplemented by inspections performed by specialists from the regional office or NRC Headquarters in Rockville, Md.

When something unexpected happens at the nuclear plant, particularly an event with safety implications, the NRC may dispatch inspectors to begin a special inspection to review the circumstances surrounding the incident and determine what additional agency action, if any, is called for.

The inspection is called a “special inspection” when it is managed by the regional office, and an “augmented inspection team” when the significance of the event warrants additional staff from the headquarters or other regional office. An inspection can also be headed by an “incident investigation team” for major issues that bring in NRC experts not previously involved with the plant and headed by a senior NRC manager.

The Perry incident led to a special team inspection with two Region III radiation specialists at the Perry site backed up by three inspectors working in the regional office.

Special team inspections occur several times a year at reactor sites across the country. In the past five years there have been 42 special inspections at 31 reactor sites. Thus far there have been nine special inspections in 2011.

Once the regional staff determines that an event warrants a special inspection a “charter” is prepared that lays out the plans for the inspection.

The inspections typically involve interviews of plant personnel involved with the event, review of documents associated with it, and assessment of the causes and consequences of the event. The inspectors also look at the plant staff’s response to the event and make sure the plant promptly addresses any immediate safety concerns

Once the inspection is completed – and the preliminary results presented to plant management – the inspectors prepare a written report to be issued within 45 days. Like all NRC inspection reports, the special inspection report is promptly made available on the NRC website.

The results of the inspection determine the NRC’s next steps. If violations are found, there may be further inspections and increased oversight to assure that the problems are corrected.

The Perry special inspection report was issued July 6 and it documents the preliminary finding that the event was of “low-to-moderate safety significance,” a “white finding” in the NRC’s assessment of findings ranging from “green” for minor safety significance and continuing through “white,” “yellow,” and “red” for increasing safety significance. (It is available via ADAMS using MLML11187A121.)

The inspectors identified three apparent violations associated with the event – failing to appropriately evaluate the radiological hazards associated with the work, failing to have adequate procedures in place, and failing to properly control work in a high radiation area.

The radiation exposures received by the workers involved were a small fraction of the NRC’s limit for nuclear plant workers, but the NRC inspectors determined that it was “fortuitous” that more significant radiation exposures did not occur.

After reviewing the NRC inspection report, the Perry plant may accept the NRC’s findings or provide additional information in writing or in a “regulatory conference,” which would be open to the public. The NRC would then review the response before making its final determination on the issue. A final “white” determination would lead to a detailed inspection to evaluate the causes and corrective actions for the event and the plant’s efforts to prevent of recurrence of the violations.

Mark Satorius
Regional Administrator
Region III

NRC Commissioners Briefed on Near-Term Report

NRC CommissionersThe NRC Commissioners today were briefed by the near-term task force that had been appointed to look at immediate lessons learned from the Japan nuclear emergency in March. Upfront, the task force told the Commissioners:

• A similar sequence of events in the U.S. is unlikely;

• Existing emergency measures could reduce the likelihood of core damage and release of radioactive materials; and

• There is no imminent risk from continued operation and licensing activities.

But the task force is recommending a variety of changes to NRC procedures, regulations and policies, including a review of the agency’s “defense-in-depth” philosophy, which refers to multiple layers of protection within and around a nuclear power facility. The task force specifically cited the need for a focus on preparing for natural disasters and long-term loss of all A/C electricity at a plant.

The task force also recommended strengthening emergency response capabilities.

The recommendations need Commission approval to move forward. Chairman Jaczko urged his fellow commissioners to review and act up on the report’s recommendations within the same 90-day time frame given the task force to generate the report.

The task force has scheduled a follow-up meeting on July 28th to discuss the report’s findings and recommendations with the public, the industry and other interested groups. More information will be available on that meeting here: http://www.nrc.gov/public-involve/public-meetings/index.cfm.

A video archive of today’s meeting is available here: http://video.nrc.gov// .

The slides from today’s meeting are here: http://www.nrc.gov/reading-rm/doc-collections/commission/tr/2011/ .

The entire task force report is available here: http://pbadupws.nrc.gov/docs/ML1118/ML111861807.pdf.

Eliot Brenner
Public Affairs Director
%d bloggers like this: