Oconee is the "straw that broke the camel's back" plant event that made the "NRC seven" step out of the shadows. Personally I think the open short events emerged out of the poor design of the high voltage switchyards. Some switchyard lines and components are so important they can't be taken down for maintenance without disrupting plant safety, grid reliability or plant operation. Often we call this insanity. So the proper design of a switchyard would consist of every line and component in the switchyard having a secondary full capacity pathway of electricity, such that "disrupting plant safety, grid reliability or plant operation" is never a concern. So you could take down any component(deenergized it)on any whim and never be concerned by any time limit.
(I had the wrong link...its fixed now)
What is special and historic about the Oconee plant? If we listened to the leaking head issue (prior to Davis Besse) at this facility, we never would have had the Davis Besse "hole in the head" near miss. I am sure the "NRC seven" are sensitized about this event and its symbolism to the nuclear industry. I am sure they are thinking "never again" will we allow the NRC to slide down this low again.
The open short issue is all a function of the nuclear plants not being specifically designed for the extremely high capacity factors and the super short refueling outages. Chasing dollars on a poorly designed switchyard across a broad swath of power plants.
Personally I don't think core melt is going to come from a open short. This switchyard problem is all part of the higher level problem of organizationally structured and approved Normalization Of Deviance. It is going on all over the nuclear industry.
Man, would this be a cool 2.206 pre-hearing to listen in on. Hope they publish the date and time. It would be way educational.
Why didn't these NRC professional engineers use these internal processes. I bet because these processes are't publicly transparent.
Employees may choose not to concur on any part of a document in which he or she has disagreed. In addition, employees may choose to use the Non-Concurrence Process and not concur on any part of a document undergoing review in which he or she has disagreed. The process allows employees to document their concerns early in the decisionmaking process, have their concerns responded to, and attach them to proposed staff positions or other documents to be forwarded with the position as it moves through the management approval chain.
- Differing Professional Opinions Program
The Differing Professional Opinion Program is a formal process that allows employees and contractors to have their differing views on established, mission-related issues considered by the highest level managers in their organizations, i.e., Office Directors and Regional Administrators. The process also provides managers with an independent, three-person review of the issue (one person chosen by the employee). After a decision is issued to an employee, he or she may appeal the decision to the Executive Director for Operations.
United States Nuclear Regulatory
Commission
Executive Director for Operation
Washington,. DC 20555-0001
I. SPECIFIC ACTIONS REQUESTED
Pursuant to 10 C.F.R. 2.206 we
are Submitting this Petition to the United States Nuclear Regulatory Commission (NRC)
requesting immediate enforcement actions against the. Licensees of current
operating nuclear power-plants. Specifically, we are requesting either (i)
the-NRC issue Orders which require immediate corrective actions including compensatory
measures to address the 'operability
of
Electric Power Systems in accordance with their Plant Technical Specifications, and to implement
Class i E plant modifications in accordance with current NRC regulatory
requirements and .staff guidance provided in .the references below; or (ii)
issue Orders to immediately shutdown the
operating nuclear power plants since the licensees are operating their
facilities without addressing the significant design deficiency identified in
NRC.
Bulletin 2012-01, "Design
Vulnerability in Electric. Power System; and with inoperable, electric power
systems in accordance with Technical Specifications 3.81 (typical).
11. BACKGROUND
Based on the Byron Station operating
event, the staff issued U.S. Nuclear Regulatory Commission (NRC), Information
Notice 2012-03, "Design Vulnerability in Electric Power System.,"
dated March 1, 2012. On July 27, 2012, the staff issued NRC Bulletin 2012-01,"Design Vulnerability in
Electric Power System," to confirm that licensees comply with Title 1.0 of
the Code of Federal Regulations, (10 CFR) Appendix A, "General Design
Criteria for Nuclear Power Plants," to 10 CFR Part 50, "Domestic
Licensing. of Production and Utilization Facilities," General Design
Criterion (GDC) 17, "Electric Power Systems," or principal design
criteria specified in the updated final safety analysis report, 10 CFR 50.55a(h)(2),
and 10 CFR 50.36. Specifically, the NRC requested licensees to provide •information
by October 25, 2012, regarding (1) the protection scheme to detect and
automatically respond to a single phase open circuit condition or high
impedance ground fault condition on offsite power circuits,, and (2) the; operating
configuration of engineered Safety features buses at power. The NRC staff has
reviewed the information that NRC licensees provided and .the details of this review is documented
in a Summary Report dated February 26, 2013. The staff determined that all nuclear
facilities are susceptible to this design vulnerability except one plant and
recommended that
NRC
takes prompt regulatory action.
III
SAFETY SIGNIFICANCE
At Byron, a failure to design the
electric power system's protection scheme to sense the loss of a single phase
between the transmission network and' the onsite power distribution system resulted
in unbalanced voltage, at both engineered safety features. (ESF) buses
(degraded offsite power system), trip of several safety-related pieces of equipment
and the unavailability of the onsite electric power- system. This situation resulted
in neither the onsite (emergency diesel generators) nor the offsite electric
power system being able to perform its intended safety functions (i.e., to
provide electric power to the ESF buses with sufficient capacity and capability
to permit functioning of structures, systems and components (SSC) important to
safety). buses. As a consequence, neither the onsite (emergency diesel
generators) nor the offsite electric power system was able to perform its
intended safety functions (i.e., to provide electric power to the ESF buses
with sufficient capacity and capability to permit functioning of structures,
systems, and components (SSCs) important to safety) to support safe shutdown of
the plant.
The Byron event identified a
vulnerability in the design of US and international, operating plants. The current design requires an
accident signal to
automatically
connect the emergency core cooling systems to the preferred power source to
mitigate the consequences of a design basis event. As such, if the preferred
power source, has an undetected open phase-condition, redundant trains of electrical
equipment (electric motors that drive the pumps and valves).could burn out in
few minutes and therefore will not be available for safe shutdown, even after restoration
of an operable power source. In some
cases, individual protective schemes for specific loads may isolate the load.
In such cases, manual actions, outside of control room, may be required to
reset the protective device(s) and start the specific loads thereby delaying the response
time assumed in accident analysis. Since a common degraded offsite power source
can potentially degrade or disable both trains of the emergency core cooling
system, the protection scheme must automatically initiate isolation of the degraded
offsite power source and transfer the safety buses to the onsite or back up power
source within the time period assumed in the accident analysis in accordance
with codes and standards specified in NRC requirements 10 CFR 50.54 (jj) and 10
CFR 50.55a(h)(2) or
10 CFR
50.55a(h)(3).
To-date, thirteen open phase events
have been identified over the last fourteen years (both US and international).
The most recent events occurred at Oconee Nuclear Station in December 2015 where two separate transformers required
for safe shutdown, of three operating nuclear units were identified with open
phase conditions. Since the transformers
are common to one onsite and one offsite power source, both, power sources were
rendered inoperable indicating that the lessons learned and manual compensatory
actions implemented after the Byron Event were ineffective.
The NRC's Accident Sequence
Precursor analysis for the. Byron event indicated the risk, Conditional Core Damage Probability
(CCDP), as 1x10-4.
Operating experience indicates that
open phase condition is a highly probable event with high consequence that
results in common cause, failures of multiple accident mitigation systems and barrier
integrity systems. It is
a
significant: safety concern since a design basis event concurrent with an open
phase condition would in most cases result in the plant exceeding criteria
Specified in Title 10 of the Code of Federal Regulations (10 CFR) 50.46, “acceptance
Criteria for emergency Core Cooling Systems for Light-Water Nuclear Power
Reactors.”…
…Therefore, both GDC .and pre-GOC
nuclear power plants' current licensing basis require an onsite power system and
offsite power system with adequate-capacity-and capability to mitigate design
basis events, conditions, and, accidents. It also requires that if the offsite
(preferred) power System cannot perform its intended safety function, the plant
design is required to automatically transfer the. ES F buses and loads to the
onsite power, system within the time. specified in the accident analysis (i.e.,
this is protective function and it has to meet the provisions of IEEE 279 or 603 as
stated, before). The onsite
power
system is Class
lE (safety-related),
therefore, the current licensing basis for operating nuclear power, plants requires
meeting single failure, redundancy, separation, and independence criteria. Any
failure that causes failure or degradation of the offsite power system such
open phase, undervoltage, and degraded voltage must be monitored, by the ESF
bus and take automatic protective action to meet the Chapter 15 accident
analysis assumptions. In addition, the onsite power system must also meet the
protection system requirements, specified in NRC GDCs 20-24 or equivalent" principle
design criteria specified in the UFSAR for pre-GDC plants.
As of this filing, the NRC has not
informed licensees that they are not in compliance with applicable: regulatory
requirements and their licensing and design basis for electric power systems.
Therefore, the licensing bases and
design bases for all U.S nuclear power plants require that" both power offsite and onsite power
systems must be operable and capable of supporting all design bases functions.
In short, any failures in an offsite power system or onsite power system must
not disable the safety functions of emergency core cooling and vital safety
systems to protect the health and safety of the public, in addition, the onsite
power system must be in compliance with the single failure criteria,
redundancy, separation., and independence criteria :in accordance with NRC
requirements 10 CFR 50.55a(h)(2) or (h)(3), and the codes and standards,
requirements specified in 10 CFR 50.54 (jj).The actions requested by this petition will
rectify the open phase design vulnerability identified in Bulletin 201.2-01 and
provide reasonable assurance of public health and safety in accordance with the
current NRC requirements.
