Junk NRC Safety Culture: Whole NRC Electrical Dept Don't Trust Their Own Agency

Oconee is the "straw that broke the camel's back" plant event that made the "NRC seven" step out of the shadows. Personally I think the open short events emerged out of the poor design of the high voltage switchyards. Some switchyard lines and components are so important they can't be taken down for maintenance without disrupting plant safety, grid reliability or plant operation. Often we call this insanity. So the proper design of a switchyard would consist of every line and component in the switchyard having a secondary full capacity pathway of electricity, such that "disrupting plant safety, grid reliability or plant operation" is never a concern. So you could take down any component(deenergized it)on any whim and never be concerned by any time limit.

(I had the wrong link...its fixed now)

Brand New: OCONEE NUCLEAR STATION - NRC SPECIAL INSPECTION REPORT 05000269/2016008AND 05000287/2016008

What is special and historic about the Oconee plant? If we listened to the leaking head issue (prior to Davis Besse) at this facility, we never would have had the Davis Besse "hole in the head" near miss. I am sure the "NRC seven" are sensitized about this event and its symbolism to the nuclear industry. I am sure they are thinking "never again" will we allow the NRC to slide down this low again.

The open short issue is all a function of the nuclear plants not being specifically designed for the extremely high capacity factors and the super short refueling outages. Chasing dollars on a poorly designed switchyard across a broad swath of power plants.

Personally I don't think core melt is going to come from a open short. This switchyard problem is all part of the higher level problem of organizationally structured and approved Normalization Of Deviance. It is going on all over the nuclear industry.     

Man, would this be a cool 2.206 pre-hearing to listen in on. Hope they publish the date and time. It would be way educational.

Why didn't these NRC professional engineers use these internal processes. I bet because these processes are't publicly transparent.

• Non-Concurrence Process

Employees may choose not to concur on any part of a document in which he or she has disagreed. In addition, employees may choose to use the Non-Concurrence Process and not concur on any part of a document undergoing review in which he or she has disagreed. The process allows employees to document their concerns early in the decisionmaking process, have their concerns responded to, and attach them to proposed staff positions or other documents to be forwarded with the position as it moves through the management approval chain.

• Differing Professional Opinions Program


The Differing Professional Opinion Program is a formal process that allows employees and contractors to have their differing views on established, mission-related issues considered by the highest level managers in their organizations, i.e., Office Directors and Regional Administrators. The process also provides managers with an independent, three-person review of the issue (one person chosen by the employee). After a decision is issued to an employee, he or she may appeal the decision to the Executive Director for Operations.

..................................................

United States Nuclear Regulatory Commission

Executive Director for Operation

Washington,. DC 20555-0001

SUBJECT: 2.206 Petition on Current Operating Nuclear Power Plants - Open Phase Conditions in Electric Power System Which Lead to Loss of, Safety. Functions Of .Both

Off sites and Onsite. Power Systems. (NRC Bulletin 2012-01)

I. SPECIFIC ACTIONS REQUESTED

Pursuant to 10 C.F.R. 2.206 we are Submitting this Petition to the United States Nuclear Regulatory Commission (NRC) requesting immediate enforcement actions against the. Licensees of current operating nuclear power-plants. Specifically, we are requesting either (i) the-NRC issue Orders which require immediate corrective actions including compensatory measures to address the 'operability of Electric Power Systems in accordance with their Plant Technical Specifications, and to implement Class i E plant modifications in accordance with current NRC regulatory requirements and .staff guidance provided in .the references below; or (ii) issue Orders to immediately shutdown the operating nuclear power plants since the licensees are operating their facilities without addressing the significant design deficiency identified in NRC.

Bulletin 2012-01, "Design Vulnerability in Electric. Power System; and with inoperable, electric power systems in accordance with Technical Specifications 3.81 (typical).

11. BACKGROUND

Based on the Byron Station operating event, the staff issued U.S. Nuclear Regulatory Commission (NRC), Information Notice 2012-03, "Design Vulnerability in Electric Power System.," dated March 1, 2012. On July 27, 2012, the staff issued NRC Bulletin 2012-01,"Design Vulnerability in Electric Power System," to confirm that licensees comply with Title 1.0 of the Code of Federal Regulations, (10 CFR) Appendix A, "General Design Criteria for Nuclear Power Plants," to 10 CFR Part 50, "Domestic Licensing. of Production and Utilization Facilities," General Design Criterion (GDC) 17, "Electric Power Systems," or principal design criteria specified in the updated final safety analysis report, 10 CFR 50.55a(h)(2), and 10 CFR 50.36. Specifically, the NRC requested licensees to provide •information by October 25, 2012, regarding (1) the protection scheme to detect and automatically respond to a single phase open circuit condition or high impedance ground fault condition on offsite power circuits,, and (2) the; operating configuration of engineered Safety features buses at power. The NRC staff has reviewed the information that NRC licensees provided and .the details of this review is documented in a Summary Report dated February 26, 2013. The staff determined that all nuclear facilities are susceptible to this design vulnerability except one plant and recommended that NRC takes prompt regulatory action.

III SAFETY SIGNIFICANCE

At Byron, a failure to design the electric power system's protection scheme to sense the loss of a single phase between the transmission network and' the onsite power distribution system resulted in unbalanced voltage, at both engineered safety features. (ESF) buses (degraded offsite power system), trip of several safety-related pieces of equipment and the unavailability of the onsite electric power- system. This situation resulted in neither the onsite (emergency diesel generators) nor the offsite electric power system being able to perform its intended safety functions (i.e., to provide electric power to the ESF buses with sufficient capacity and capability to permit functioning of structures, systems and components (SSC) important to safety). buses. As a consequence, neither the onsite (emergency diesel generators) nor the offsite electric power system was able to perform its intended safety functions (i.e., to provide electric power to the ESF buses with sufficient capacity and capability to permit functioning of structures, systems, and components (SSCs) important to safety) to support safe shutdown of the plant.

The Byron event identified a vulnerability in the design of US and international, operating plants. The current design requires an accident signal to automatically connect the emergency core cooling systems to the preferred power source to mitigate the consequences of a design basis event. As such, if the preferred power source, has an undetected open phase-condition, redundant trains of electrical equipment (electric motors that drive the pumps and valves).could burn out in few minutes and therefore will not be available for safe shutdown, even after restoration of an operable power source. In some cases, individual protective schemes for specific loads may isolate the load. In such cases, manual actions, outside of control room, may be required to reset the protective device(s) and start the specific loads thereby delaying the response time assumed in accident analysis. Since a common degraded offsite power source can potentially degrade or disable both trains of the emergency core cooling system, the protection scheme must automatically initiate isolation of the degraded offsite power source and transfer the safety buses to the onsite or back up power source within the time period assumed in the accident analysis in accordance with codes and standards specified in NRC requirements 10 CFR 50.54 (jj) and 10 CFR 50.55a(h)(2) or 10 CFR 50.55a(h)(3).

To-date, thirteen open phase events have been identified over the last fourteen years (both US and international). The most recent events occurred at Oconee Nuclear Station in December 2015 where two separate transformers required for safe shutdown, of three operating nuclear units were identified with open phase conditions. Since the transformers are common to one onsite and one offsite power source, both, power sources were rendered inoperable indicating that the lessons learned and manual compensatory actions implemented after the Byron Event were ineffective.

The NRC's Accident Sequence Precursor analysis for the. Byron event indicated the risk, Conditional Core Damage Probability (CCDP), as 1x10-4.

Operating experience indicates that open phase condition is a highly probable event with high consequence that results in common cause, failures of multiple accident mitigation systems and barrier integrity systems. It is a significant: safety concern since a design basis event concurrent with an open phase condition would in most cases result in the plant exceeding criteria Specified in Title 10 of the Code of Federal Regulations (10 CFR) 50.46, “acceptance Criteria for emergency Core Cooling Systems for Light-Water Nuclear Power Reactors.”… 

…Therefore, both GDC .and pre-GOC nuclear power plants' current licensing basis require an onsite power system and offsite power system with adequate-capacity-and capability to mitigate design basis events, conditions, and, accidents. It also requires that if the offsite (preferred) power System cannot perform its intended safety function, the plant design is required to automatically transfer the. ES F buses and loads to the onsite power, system within the time. specified in the accident analysis (i.e., this is protective function and it has to meet the provisions of IEEE 279 or 603 as stated, before). The onsite power system is Class lE (safety-related), therefore, the current licensing basis for operating nuclear power, plants requires meeting single failure, redundancy, separation, and independence criteria. Any failure that causes failure or degradation of the offsite power system such open phase, undervoltage, and degraded voltage must be monitored, by the ESF bus and take automatic protective action to meet the Chapter 15 accident analysis assumptions. In addition, the onsite power system must also meet the protection system requirements, specified in NRC GDCs 20-24 or equivalent" principle design criteria specified in the UFSAR for pre-GDC plants.

As of this filing, the NRC has not informed licensees that they are not in compliance with applicable: regulatory requirements and their licensing and design basis for electric power systems.

Therefore, the licensing bases and design bases for all U.S nuclear power plants require that" both power offsite and onsite power systems must be operable and capable of supporting all design bases functions. In short, any failures in an offsite power system or onsite power system must not disable the safety functions of emergency core cooling and vital safety systems to protect the health and safety of the public, in addition, the onsite power system must be in compliance with the single failure criteria, redundancy, separation., and independence criteria :in accordance with NRC requirements 10 CFR 50.55a(h)(2) or (h)(3), and the codes and standards, requirements specified in 10 CFR 50.54 (jj).The actions requested by this petition will rectify the open phase design vulnerability identified in Bulletin 201.2-01 and provide reasonable assurance of public health and safety in accordance with the current NRC requirements.