Understanding Nuclear Power Plant Risk

Mark Caruso
Senior Risk Analyst
Office of New Reactors

When it comes to the safety of using nuclear power to generate electricity, the NRC mission is protecting people from health risks by licensing and regulating nuclear power plant design and operation. In a perfect world there would be no risk at all. In the real world, we focus on managing and reducing risk below its already very low levels.

bikeridingFor instance, you can reduce the risk of a bicycle accident by ensuring you have working brakes and reflectors/lights. Wearing a helmet and leaving your headphones in a pocket while riding also reduce risk, but wrapping yourself in bubble wrap is probably going too far!

We all understand things in our lives that we consider “risks,” like riding a bicycle, by looking at how severe a bad outcome is and how likely that outcome is. The NRC asks three questions when considering risk:

  1. What can go wrong?
  2. How likely is it to go wrong?
  3. What are the consequences?

These three questions are called the risk triplet. Let’s apply the risk triplet to lifting a piano. What can go wrong? A crane could drop the piano while lifting it to a building’s upper floors. How likely is a piano drop? Since crane workers take lots of precautions that’s very unlikely. What could a falling piano do? If the piano did fall and you were unlucky enough to be underneath it…you can imagine the consequences! This event has a low likelihood and a high consequence. There are also high likelihood/low consequence events and high likelihood/high consequence events.

The NRC’s risk-management effort starts by identifying and eliminating high likelihood/high consequence events at U.S. nuclear power plants before moving to less-likely events.

Engineers use a method called probabilistic risk assessment (PRA) when analyzing risk at nuclear power plants. These assessments use engineering and math to find the answers to the risk triplet questions and create tools called the event tree and the fault tree. These trees map out possible ways and likelihoods of reaching a desirable or undesirable outcome in an organized way. Engineers use these maps to understand and manage nuclear power plant risk. An event tree starts with a trigger (initiating) event and then tracks the different possible resulting events that either reach or prevent an undesirable outcome.

In the sample PRA below, a skydiver jumping from a plane is the initiating event. The event tree follows what could normally occur next and then considers what happens if those events succeed or fail. For example, these events include attempting to deploy the main and reserve parachutes  

The desirable outcome occurs if either parachute opens successfully. The undesirable outcome occurs if both chutes fail to open. Since a skydiver would not normally start with the reserve parachute, this event tree contains three event sequences:

  1. Main parachute opens — desirable outcome
  2. Main parachute fails, reserve parachute opens — desirable outcome
  3. Both parachutes fail to open — undesirable outcome

Fault trees help determine a percentage between zero (outcome never occurs) and one hundred (outcome always occurs) for the outcome of each event sequence in the tree.

faulttreeA fault tree shows all the combinations of things that must go wrong to “fail” an event in an event tree. The diagram shows the ways a reserve parachute can fail to open. Think of a fault tree as a sort of family tree. Rectangles represent either “parent” or “child” events and circles represent pure “child” events. The “and” symbol between parent and child events indicates all child events must occur for their parent event to occur. The “or” symbol indicates any child event can cause their parent event. Engineers use the tree to identify the different combinations of child events leading to the event at the top of the tree. Historical parachute performance data helps provide a numerical value for the likelihood of each pure child event (e.g., dead battery). A mathematical formula combines individual event likelihoods to provide the numerical value of the likelihood of each combination of child events.

Event trees and fault trees are two basic parts of risk assessment, just like the brakes and gas pedal are basic parts of a car. In the same way all the other parts under the hood make the car work, risk assessments have lots of other moving parts that we could discuss in the future. The bottom line, however, is that risk assessments help the NRC and nuclear power plant engineers properly reduce already very small health risks, resulting in safely produced electricity at nuclear power plants.

NRC Science 101 – About Spent Nuclear Fuel Part II

Greg Casto
Branch Chief
Division of Reactor Safety Systems
science_101_squeakychalkOur last post talked about the fuel that powers nuclear reactors. Today, we’ll talk about what happens to that fuel when it’s removed from a reactor.

You’ll recall that fuel becomes very hot and very radioactive as it is used in the reactor core to heat water. After about five years, the fuel is no longer useful and is removed. Reactor operators have to manage the heat and radioactivity that remains in the “spent fuel” after it’s taken out of the reactor. In the U.S., every reactor has at least one pool on the plant site where spent fuel is placed for storage. Plant personnel move the spent fuel underwater from the reactor to the pool. Over time, as the spent fuel is stored in the pool, it becomes cooler as the radioactivity decays away.

These pools contain an enormous quantity of water—enough to cover the fuel by about 20 feet. The water serves two purposes: it cools the fuel and shields workers at the plant from radioactivity. Having 20 feet of water above the fuel means there is a lot more water than is needed for cooling and shielding the workers. Also, because of the extra water and the simple design of the pool, there is a lot of time for plant personnel to add water to the pool if needed for any reason.

fuelpoolThe pools are built to meet strict NRC safety requirements. They have very thick, steel-reinforced concrete walls and stainless-steel liners, and are protected by security personnel. There are no drains that would allow the water level to drop or the pool to become empty. The plants have a variety of extra water sources and equipment to replenish water that evaporates over time, or in case there is a leak. Plant personnel are also trained and prepared to quickly respond to a problem. They keep their skills sharp by routinely practicing their emergency plans and procedures.

When the plants were designed, the pools were intended to provide temporary onsite storage. The idea was for the spent fuel to sit in the pool for a few years to cool before it would be shipped offsite to be “reprocessed,” or separated so usable portions could be recycled into new fuel. But reprocessing didn’t end up being an option for nuclear power plants and the pools began to fill up.

In the early 1980s, nuclear plants began to look for ways to increase the amount of spent fuel they could store at the plant site. One way was to replace spent fuel storage racks in the pools with racks containing a special material that allowed spent fuel to be packed closer together. Another way was to place older, cooler and less radioactive fuel in dry storage casks that could be stored in specially built facilities at the plant site. We’ll talk more about dry spent fuel storage in future blog posts.

Most plants today use both re-designed storage racks and dry storage facilities to store spent fuel. All storage methods must be reviewed in detail and approved by the NRC before a plant is allowed to change storage methods.