npp pra models and results · • national fire protection association, “guide for the evaluation...
TRANSCRIPT
NPP PRA Models
and ResultsLecture 2-2
1
Key Topics
• General structure and elements of current NPP
PRA models*
• Types and general characteristics of NPP PRA
model outputs
2
Overview
*Lecture focuses on the “whats” of PRA models; the “hows” of PRA modeling
are addressed in later lectures.
Resources
• American Nuclear Society and the Institute of Electrical and
Electronics Engineers, “PRA Procedures Guide,” NUREG/CR-
2300, January 1983.
• F.E. Haskin, A.L. Camp, S.A. Hodge, and D.A. Powers,
“Perspectives on Reactor Safety,” NUREG/CR-6042, Revision 2,
March 2002.
• U.S. Nuclear Regulatory Commission, “Glossary of Risk-Related
Terms in Support of Risk-Informed Decisionmaking,” NUREG-
2122, November 2013. (ADAMS Accession No. ML13311A353)
3
Overview
Other References
• International Atomic Energy Agency, “Development and Application of Level 1
Probabilistic Safety Assessment for Nuclear Power Plants,” IAEA SSG-3, 2010.
• International Atomic Energy Agency, “Development and Application of Level 2
Probabilistic Safety Assessment for Nuclear Power Plants,” IAEA SSG-4, 2010.
• W.E. Vesely, et al., "Measures of Risk Importance and Their Applications," NUREG/CR-
3385,1983.
• N. Siu and D.L. Kelly, “On the Use of Importance Measures for Prioritizing Systems,
Structures, and Components,” Proceedings 5th International Topical Meeting on Nuclear
Thermal Hydraulics, Operations, and Safety (NUTHOS-5), Beijing, China, April 14-18,
1997, pp. L.4-1 through L.4-6.
• M. Kazarians and K. Busby, “Use of simplified risk assessment methodology in the
process industry,” Proceedings International Conference Probabilistic Safety Assessment
and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
• National Fire Protection Association, “Guide for the Evaluation of Fire Risk Assessments,
2013 Edition,” NFPA 551, 2013.
• National Aeronautics and Space Administration, “Organizational Risk and Opportunity
Management: Concepts and Processes for NASA’s Consideration,” NASA/SP-2014-615,
November 2016.4
Overview
Other References (cont.)
• U.S. Nuclear Regulatory Commission, “Reactor Safety Study: An Assessment
of Accident Risks in U.S. Commercial Nuclear Power Plants,” WASH-1400,
(NUREG-75/014), October 1975.
• B.J. Garrick, “Lessons learned from 21 nuclear plant probabilistic risk
assessments,” Nuclear Technology, 84, No. 3, 319–339(1989).
• U.S. Nuclear Regulatory Commission, “Severe Accident Risks: An Assessment
for Five U.S. Nuclear Power Plants,” NUREG-1150, December 1990.
• U.S. Nuclear Regulatory Commission, “Individual Plant Examination Program:
Perspectives on Reactor Safety and Plant Performance,” NUREG-1560,
December 1997.
• M. R. Hayns, “The evolution of probabilistic risk assessment in the nuclear
industry,” Transactions Institute of Chemical Engineers, 77, Part B, 117-142,
May 1999.
• U.S. Nuclear Regulatory Commission, “Perspectives Gained from the
Individual Plant Examination of External Events (IPEEE) Program,” NUREG-
1742, April 2002.5
Overview
NPP PRA Distinguishing Characteristics
• Levels– Level 1 (core/fuel damage)
– Level 2 (radioactive release)
– Level 3 (offsite consequences)
• Hazards– Internal events (hardware, human, LOOP)
– Internal hazards (flood, fire, heavy load drops, …)
– External hazards (seismic, flood, wind, …)
• Operating Mode– At power
– Low power/shutdown
• Sources– Core
– Spent fuel pool
– Other (e.g., dry cask storage)
6
Hazards
Initiating
Events
Plant Damage
States
Source
Term Groups
Release
Categories
Offsite
Consequences
Level 1
Level 2
Level 3
PRA Model Elements
Current Level 1 PRA Model Elements
• Event Trees
• Fault Trees
• Basic Events
• Success Criteria
• Supporting Models
• Data (“Evidence”)
• Outputs
7
PRA Model Elements
Notes
• Emphasis of U.S. is on Level 1 PRA; Level 2 and 3 PRA will be touched on in Lecture 6-4.
• Don’t confuse definition with approach: different modeling approaches can still be PRA– Object-centric (e.g., event tree/fault tree PRA)
– Process-centric (e.g., dynamic PRA)
• PRA models are models, i.e., representations of reality created for a purpose.
8
All models are wrong; some are useful.- G.E.P. Box
PRA Model Elements
Event Trees
• Inductive logic diagrams (“What might happen
after event X?”)
• Typically defined in terms of safety systems and
key operator actions but can also be
functionally-oriented
• Typically binary logic; can be multi-valued
• Introduced for computational reasons; still used
to conceptualize, organize, and communicate
9
PRA Model Elements
Highway Example
• Car A is driving down the highway at a very slow speed.
Car B is a ways back, but closing the gap.
• Car A comes to a sudden stop. What is the risk of
collision?
10
PRA Model Elements
AB
Highway Example – Functional Event Tree
11
Car A
Stops
Suddenly
Recognition
and
Decision Stopping
Safe
Collision
Collision
success
failure
PRA Model Elements
Modeling Notes:
1) Example considers only one negative consequence (collision).
2) Example doesn’t treat other mitigative strategies (e.g., avoidance maneuvers).
3) This event tree includes Driver B’s action (applying the brakes) in the
“Stopping” top event. The next event tree parses the sequence differently.
Highway Example – System Event Tree
12
Car A
Stops
Suddenly
Driver B
Action
Car B
Brakes
Car B
Tires
Safe
Collision
Collision
Collision
success
failure
PRA Model Elements
Modeling Notes:
1) Example considers only one negative consequence (collision).
2) Example doesn’t treat other mitigative strategies (e.g., steering).
3) Alternative modeling: Driver B action (including detection, situation
assessment, and decision making, as well as application of brakes)
can be included in the model for top event “Car B Brakes.”
NPP Example (simplified)
13
LOOP-
WR
EPS ISO EXT DCL OPR DGR LTC
LOOP
(Weather-
Related)
Emergency
Power
(EDGs)
Isolation
Condenser
(IC)
Actions to
Extend
IC Ops
Actions to
Shed
DC Loads
Offsite
Power
Recovery
EDG
Recovery
Long-Term
Cooling
1 hr
1 hr
4 hr
4 hr
8 hr
8 hr
12 hr
12 hr
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
PRA Model Elements
Fault Trees
• Deductive logic diagrams (“What
can cause event X?” “How can X
happen?”) connecting “Top Event”
with “basic events”
• Binary logic; gates for Boolean
operations (OR, AND)
• Voting logic (e.g., 2-out-of-3) gates
can be used as shortcuts
(implemented with binary logic)
• Binary logic enables algorithms for
efficient solution
14
AND OR
Basic
Event
PRA Model Elements
Highway Example – Braking System
1) Braking system is a
dual circuit system:
each circuit actuates
both front brakes and
one rear brake.
2) One-out-of-two (1/2)
circuits need to
succeed for overall
system success.
15
Adapted from: http://www.mye28.com/viewtopic.php?p=1134640
Brake
rotor
Front caliper
Master cylinder
ABS hydraulic unit
Hydraulic line
Brake fluid
reservoir
Vacuum booster
Brake pedal
Parking
Brake cables
Parking brake
Rear caliper
PRA Model Elements
Highway Example –
Braking System
Fault Tree
16
Modeling Notes
1) Success = At least one-out-of-
two (1/2) circuits
2) Vacuum booster neglected –
driver-dependent?
3) Hand brake not credited; can be
treated as a recovery action
(top event) in event tree.
4) Failure of Driver B to take timely
action, and failure of Car B tires
to function as needed, are
treated in separate top events.
PRA Model Elements
Car B Brakes
Fail
Brake
Pedal
Master
Cylinder
R & L Circuit
FailuresABS
System
Right Rear
Failure
RR
Caliper
RR
Disk
RR Brake
Line
Right Front
Failure
Left Front
Failure
Right Circuit
Failure
Left Circuit
Failure
T1
T2 T3
Brake
Fluid
NPP Emergency
Power System
Example (simplified)
17
PRA Model Elements
Testing/Maintenance
Basic Events
• Level of detail is a modeling decision driven by
– Resolution of available data
– Degree of independence from other basic events
– Needs of decision problem
– Conventions of application domain
• Need to be clear in defining element boundaries
• General classes for NPP basic events include:
– Initiating events
– Failures on demand (e.g., to start, to change
position)
– Failures during operation (e.g., to continue running,
to maintain position, to maintain integrity)
– Testing & Maintenance unavailabilities (e.g., due to
ongoing service or failure to properly restore after
service)
– Human failure events
– Common cause failure events 18
PRA Model Elements
Brake
Pedal
vs.Brake Pedal
Failure
Improperly
Adjusted
Foreign
Object
Mechanical
Failure
…Sticking
Success Criteria
• Define “failure” (and “success”) for binary events in logic model
• Provide connection with real-world phenomena; often computed using
mechanistic models
• NPP examples
– Mission times
– Number of redundant pumps needed
• Highway example:
– Stopping distance depends on speed, conditions, force applied => continuous range of
possibilities => range of time windows for successful action
– Need to choose representative scenario to define “Driver B action failure”
19
PRA Model Elements
stopping
distance
distance
before
action
AB
Supporting Models
• Uses include:
– Determine success criteria
– Compute basic event probabilities
– Estimate hazard levels
• Examples:
– Time-reliability curves
– Task simulations
– Thermal-hydraulic system models (e.g.,
RELAP, MAAP, MELCOR)
– Fire models (e.g., CFAST, FDS)
20
PRA Model Elements
NRC PRA Models and Tools
• SPAR* Models
− 79 operating plant models
(event tree/fault tree)
− 4 new reactor plant models
• SAPHIRE** code
− Idaho National Laboratory (NRC-
sponsored)
− Features to support event and
condition analysis
21
*Standardized Plant Analysis Risk **Systems Analysis Programs for Hands-on
Integrated Reliability Evaluation
PRA Model Elements
Other PRA Codes
• CAFTA
• RISKMAN
• Risk Spectrum
• …
22
PRA Model Elements
Data (Evidence)
• Decision support application => need to use all
available, relevant evidence
• Performance data, e.g.,
– Operational experience
– Tests
– Training simulations
• Model predictions
• Expert judgment
• See Lecture 5-123
PRA Model Elements
OECD-NEA Halden Reactor Project
Outputs
• Sequences
• Cut sets
• Risk metrics
– Point estimates
– Uncertainty distributions
• Importance measures
24
Qualitative
Quantitative
PRA Outputs
Risk ≡ {si , Ci , pi }
Sequences
25
LOOP-
WR
EPS ISO EXT DCL OPR DGR LTC
LOOP
(Weather-
Related)
Emergency
Power
(EDGs)
Isolation
Condenser
(IC)
Actions to
Extend
IC Ops
Actions to
Shed
DC Loads
Offsite
Power
Recovery
EDG
Recovery
Long-Term
Cooling
1 hr
1 hr
4 hr
4 hr
8 hr
8 hr
12 hr
12 hr
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
CD
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
PRA Outputs
Example Sequences (LOOP/SBO)
Core Damage Frequency (/yr)
Simplified Description Rank 5th 50th Mean 95th
SBO, battery depletion 1 3.1E-8 3.4E-7 1.6E-6 4.1E-6
SBO, injection fails 5 3.3E-9 4.6E-8 1.9E-7 6.5E-7
SBO, 1 open SRV, battery depletion 6 1.1E-9 2.1E-8 1.3E-7 3.5E-7
SBO, battery depletion 7 1.2E-9 1.7E-8 1.3E-7 3.0E-7
LOOP, 2 open SRVs, LPI fails 9 5.6E-10 1.4E-8 8.7E-8 3.5E-7
LOOP, ATWS, SLC fails 13 4.2E-10 6.7E-9 3.3E-8 1.4E-7
SBO, open SRV, HPI fails 18 1.3E-10 3.3E-9 1.7E-8 6.8E-8
26
PRA Outputs
ATWS = anticipated transient without scram
EDG = emergency diesel generator
HPCI = high pressure coolant injection
HPI = high pressure injection
LOOP = loss of offsite power
LPI = low pressure injection
SBO = station blackout
SLC = standby liquid control
SRV = safety relief valve
LOOP, failure of all EDGs, HPCI
fails late (harsh environment or
battery depletion)
Cut Sets and Minimal Cut Sets
• Cut Set: set of failures ensuring system failure
• Minimal Cut Set: minimal set of failures ensuring system failure
(“minimal” => if one element is removed, failure of remaining
elements no longer ensures system failure)
27
PRA Outputs
• Cut sets: {P}, {V}, {P, V}
• Minimal cut sets: {P}, {V}
P
V
Valve (Motor-Operated)
Pump
Cut Sets: Another Simple Example
28
P1
P2
V
PRA Outputs
If each pump can supply 100% needed flow:
• Cut sets: {P1, P2}, {V}, {P1, P2, V}
• Minimal cut sets: {P1, P2}, {V}
Example Minimal Cut Sets (SBO Sequence 1)
No. Freq. Minimal Cut Set
1 7.3079E-08IE-T1 * ESW-XHE-FO-EHS * ACP-DGN-FR-EDGC * L0SPNR1GHR * ACP-DGN-FR-
EDGB * DGHWNR12HR
2 5.6465E-08 IE-T1 * ESW-AOV-CC-CCF * BETA-3AOVS * L0SPNR13HR
3 3.6972E-08 IE-T1 * L0SPNR13HR * EHV-AOV-CC-CCF * BETA-6AOVS
4 1.9931E-08IE-T1 • ESW-XHE-FO-EHS • ACP-DGN-FR-EDGC * L0SPNR18HR * DGMANR12HR *
ACP-DGN-MA-EDGB
51.9931E-08 IE-T1 • ESW-XHE-FO-EHS * L0SPNR18HR * ACP-DGN-FR-EDGB * DGMANR12HR *
ICP-DGN-MA-EDGC
6 1.6021E-08 IE-T1 * L0SPNR13HR * ACP-DGN-LP-CCF * BETA-4DGNS * DGCCFNR12HR
7 1.5225E-08 IE-T1 • ACP-DGN-FR-EDGC * L0SPNR18HR * DGHWNR12HR * ESW-CKV-CB-C515B
8 1.5225E-08 IE-T1 * ESW-CKV-CB-C515A • L0SPNR18HR * ACP-DGN-FR-EDG8 * DGHWNR12HR
9 1.4159E-08IE-T1 * ESW-XHE-FO-EHS * ACP-DGN-FR-EDGC * L0SPNR18HR * DGHWNR12HR *
ESW-PTF-RE-DGB
10 1.4159E-08IE-T1 * ESW-XHE-FO-EHS * LOSPNR1GHR * ACP-DGN-FR-EDGB * DGHWNR12HR *
EGW-PTF-RE-DGC
29
PRA Outputs
Available from: https://prod.sandia.gov/techlib-noauth/access-control.cgi/1986/862084-4-1-2.pdf
Risk Contributors
30
PRA Outputs
SAMA License
Extension
NFPA 805
Risk-Informed
License Amendment
CDF Uncertainties – Historical Studies
31
PRA Outputs
Recent Results: CDF and LERF
32
PRA Outputs
0.00
0.05
0.10
0.15
0.20
0.25
0.30
0.35
10-8 10-7 10-6 10-5 10-4 10-3
Fra
ction
Frequency (/ry)
CDF
LERF
Recent and Past CDFs
33
PRA Outputs
0.00
0.05
0.10
0.15
0.20
0.25
0.30
0.35
0.40
10-8 10-7 10-6 10-5 10-4 10-3
Fra
ction
Frequency (/ry)
Recent
IPE/IPEEE
CDFs: BWR vs PWR
34
0.00
0.05
0.10
0.15
0.20
0.25
0.30
0.35
Fra
ction
10-6 10-5 10-4 10-3
Frequency (/ry)
All Initiators
BWR
PWR
0.00
0.05
0.10
0.15
0.20
0.25
0.30
0.35
10-6 10-5 10-4 10-3
Frequency (/ry)
Internal Events
BWR
PWR
PRA Outputs
CDF Contributors – LOOP
35
PRA Outputs
10-7 10-5 10-4 10-310-6
10-7
10-5
10-4
10-3
10-6
Internal Events CDF (/ry)
LO
OP
CD
F (
/ry)
Some Importance Measures*
• Commonly used
– Risk Achievement Worth (RAW) and Risk Increase Ratio (RIR): measures
of how large a risk metric can be if a specified element is failed
– Fussell-Vesely (FV) importance: degree of contribution of a specified
element to the risk metric of interest
• Others
– Risk Reduction Worth (RRW) and Risk Reduction Ratio (RRR): measures
of how small a risk metric can be if a specified element is successful
– Birnbaum: maximum effect of changes in a specified element’s
performance
– Uncertainty Importance: effect of uncertainty in a specified element on the
overall uncertainty
36*Formal definitions are provided in Lecture 3-2.
PRA Outputs
Relationship Between Birnbaum and F-V
• RAW, RIR, and Birnbaum
provide essentially the same
rankings
• F-V, RRW, and RIR provide
the same rankings
• F-V and RAW (or equivalently,
Birnbaum) provide different
views on importance
37
PRA Outputs
N. Siu and D.L. Kelly, “On the use of importance measures for prioritizing
systems, structures, and components,” Proc 5th Intl Topical Meeting Nuclear
Thermal Hydraulics, Operations, and Safety (NUTHOS-5), Beijing, China, April
14-18, 1997, pp. L.4-1 through L.4-6.
Example Importance Measure Results
No. Event Description Prob. RAW
1 RPSM Reactor Protection System (mechanical) 1.00E-05 1.90E-01
2 ESF-XHE-MC-PRES Pressure sensor miscalibration 5.32E-04 8.28E-04
3 DCP-BAT-LF-CCF CCF of batteries 9.00E-04 2.16E-04
4 P2 Two SRVs fail to close 2.00E-03 1.17E-04
5 ESW-AOV-CC-CCF CCF of AOVs for EDG jacket cooling 1.00E-03 9.74E-05
6 BETA-5BAT Beta factor, CCF of at least 5 batteries 2.50E-03 7.77E-05
7 EHV-AOV-CC-CCF CCF of AOVs for EDG room cooling 1.00E-03 6.34E-04
8 ESW-CKV-HW-CV513 ESW check valve fails to open 1.00E-04 4.25E-05
9 ESW-CKV-CB-C515B ESW check valve fails 3.00E-03 4.14E-05
10 ESW-CKV-CB-C515A ESW check valve fails 3.00E-03 4.14E-05
38
PRA Outputs
Some Level 2 Outputs
39
PRA Outputs
NUREG-2201
Large Early Release
Frequency (LERF)
NUREG-1150
Conditional Containment
Failure Probability (CCFP):
Early Failure
Some Level 3 Outputs (WASH-1400)*
*Notes
• Complementary cumulative distribution function (CCDF):
• Results are provided only to illustrate types of outputs. Actual outputs are
accompanied by important qualifiers (e.g., level of uncertainty) omitted from this slide.40
PRA Outputs
Early Fatality Risk Latent Cancer Fatality Risk Land Contamination Risk
𝑃 𝐶 > 𝑐 = න
𝑐
∞
𝑓𝐶 𝑐′ 𝑑𝑐′
Example Comparison of Level 3 Outputs
41
PRA Outputs
Positive Characteristics of PRA*
• Useful properties for decision support
– Top-down
– Engineering oriented
– Integrated
– Systematic
– Sufficiently realistic
– Supportive of what-if
– Openness
• Has led to actual improvements (see Lecture 8-1)
42
*See Lecture 2-3 for a discussion of criticisms
Comment – Alternate Approaches
• Alternate risk assessment approaches are widespread
in other industries (e.g., chemical process industry).
• Example: Layers of Protection Analysis (LOPA)*– Intended to reduce inconsistency in qualitative assessments without
requiring resources of Quantitative Risk Assessment (QRA)
– Aimed at estimating risk (order-of-magnitude frequencies, qualitative
consequences) and assessing adequacy of protection layers
– Adequacy assessed using a qualitative risk matrix
• Risk matrices also used in many other industries (see, for
example, NFPA 551 and NASA/SP-2014-615.
43
*See M. Kazarians and K. Busby, “Use of simplified risk assessment methodology in the
process industry,” Proceedings International Conference Probabilistic Safety Assessment
and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
PRA Model Elements
Example Risk Matrix (LOPA)
44
Likelihood Class
5 (10-5/yr) 4 (10-4/yr) 3 (10-3/yr) 2 (10-2/yr) 1 (10-1/yr)
Severi
ty C
lass A Marginal Undesirable Undesirable Critical Critical
B Marginal Marginal Undesirable Undesirable Critical
C No Action Marginal Marginal Undesirable Undesirable
D No Action No Action Marginal Marginal Undesirable
E No Action No Action No Action Marginal Marginal
Adapted from M. Kazarians and K. Busby, “Use of simplified risk assessment methodology in the process industry,” Proceedings International Conference
Probabilistic Safety Assessment and Management (PSAM 14), Los Angeles, CA, September 16-21, 2018.
PRA Model Elements