Mark Caruso
Senior Risk Analyst
Office of New Reactors
When it comes to the safety of using nuclear power to generate electricity, the NRC mission is protecting people from health risks by licensing and regulating nuclear power plant design and operation. In a perfect world there would be no risk at all. In the real world, we focus on managing and reducing risk below its already very low levels.
For instance, you can reduce the risk of a bicycle accident by ensuring you have working brakes and reflectors/lights. Wearing a helmet and leaving your headphones in a pocket while riding also reduce risk, but wrapping yourself in bubble wrap is probably going too far!
We all understand things in our lives that we consider “risks,” like riding a bicycle, by looking at how severe a bad outcome is and how likely that outcome is. The NRC asks three questions when considering risk:
- What can go wrong?
- How likely is it to go wrong?
- What are the consequences?
These three questions are called the risk triplet. Let’s apply the risk triplet to lifting a piano. What can go wrong? A crane could drop the piano while lifting it to a building’s upper floors. How likely is a piano drop? Since crane workers take lots of precautions that’s very unlikely. What could a falling piano do? If the piano did fall and you were unlucky enough to be underneath it…you can imagine the consequences! This event has a low likelihood and a high consequence. There are also high likelihood/low consequence events and high likelihood/high consequence events.
The NRC’s risk-management effort starts by identifying and eliminating high likelihood/high consequence events at U.S. nuclear power plants before moving to less-likely events.
Engineers use a method called probabilistic risk assessment (PRA) when analyzing risk at nuclear power plants. These assessments use engineering and math to find the answers to the risk triplet questions and create tools called the event tree and the fault tree. These trees map out possible ways and likelihoods of reaching a desirable or undesirable outcome in an organized way. Engineers use these maps to understand and manage nuclear power plant risk. An event tree starts with a trigger (initiating) event and then tracks the different possible resulting events that either reach or prevent an undesirable outcome.
In the sample PRA below, a skydiver jumping from a plane is the initiating event. The event tree follows what could normally occur next and then considers what happens if those events succeed or fail. For example, these events include attempting to deploy the main and reserve parachutes
The desirable outcome occurs if either parachute opens successfully. The undesirable outcome occurs if both chutes fail to open. Since a skydiver would not normally start with the reserve parachute, this event tree contains three event sequences:
- Main parachute opens — desirable outcome
- Main parachute fails, reserve parachute opens — desirable outcome
- Both parachutes fail to open — undesirable outcome
Fault trees help determine a percentage between zero (outcome never occurs) and one hundred (outcome always occurs) for the outcome of each event sequence in the tree.
A fault tree shows all the combinations of things that must go wrong to “fail” an event in an event tree. The diagram shows the ways a reserve parachute can fail to open. Think of a fault tree as a sort of family tree. Rectangles represent either “parent” or “child” events and circles represent pure “child” events. The “and” symbol between parent and child events indicates all child events must occur for their parent event to occur. The “or” symbol indicates any child event can cause their parent event. Engineers use the tree to identify the different combinations of child events leading to the event at the top of the tree. Historical parachute performance data helps provide a numerical value for the likelihood of each pure child event (e.g., dead battery). A mathematical formula combines individual event likelihoods to provide the numerical value of the likelihood of each combination of child events.
Event trees and fault trees are two basic parts of risk assessment, just like the brakes and gas pedal are basic parts of a car. In the same way all the other parts under the hood make the car work, risk assessments have lots of other moving parts that we could discuss in the future. The bottom line, however, is that risk assessments help the NRC and nuclear power plant engineers properly reduce already very small health risks, resulting in safely produced electricity at nuclear power plants.
U.S. NRC Blog 