Fukushima Have they located the melted fuel at Fukushima?

[Kutt]

I wouldn't trust a youtube documentary.

Looking at the official report

http://www.cas.go.jp/jp/seisaku/icanps/eng/02Attachment1.pdf

it looks like loss of power caused an isolation of the instrument air system, which was not recoverable due to AC power being lost, and that the accumulators were depleted.
In other words, the earthquake did NOT cause the recharging system to fail. Instead, the inability to open the isolation valves caused the issue. Even if the system did fail, it is not safety-grade and is not expected or required to operate post accident (although it probably should be).

Actually, this was a BBC documentary that was almost two hours long.

 

[nikkkom]

Fukushima operators might have been able to depressurize had they done it very early. It is suggested in the ORNL station blackout study to do that.
Hindsight is always 20/20...

Fukushima operators can be hardly blamed for it. Someone else should be held responsible.

Someone wrote accident manual which said that loss of all power is impossible (!). Someone decided that battery-backed lights are an unnecessary luxury in a nuclear power plant (what can possibly go wrong?). Someone didn't think about installing filters on emergency vent lines. Someone didn't think about training operators how to open said vents.

Operators were left in the dark, figuratively as well as literally. And wet.

The scary thought is that F1 would have melted down on any given day during last 40 years, if tsunami would happen on that day.

 

[zapperzero]

Water.

Reactivity control?

 

[nikkkom]

With regards to depressurizing, you actually DONT want to depressurize the RPV in a Fukushima type situation.

It depends. If in an emergency you have only low-pressure pumps available for injection (like fire trucks), then depressurizing RPV makes sense.

BWRs can utilize high pressure reactor steam to operate their RCIC, IC, or HPCI systems for extended core injection.

ICs do not require high pressure steam.

RCIC only circulates water from torus to RPV and back. This does not remove heat, it all remains inside PCV. This can't go on indefinitely.

While these systems do not provide for decay heat removal, you can achieve that function through early containment venting and portable pump injection.

Or you can depressurize and use the same portable pump to inject to *RPV* instead of the more complex setup you describe.

If you have no low pressure coolant injection pumps available, once you depressurize, you lower the water level remaining in the core (generally uncovering the fuel), and you lose ALL injection.

Surely, if you have no way to cool your reactor, then it will melt. That's obvious. RCIC is useful for delaying the meltdown. Useful, but not enough.

I want to have a system which pretty much *guarantees* to prevent meltdowns. Which means passive, power-independent system. Which means it should be gravity-fed. Which means very low pressure. Which means it can't inject water into pressurized PCV or RPV. Which means they need to be depressurized in order to allow this water to go in.

I've been involved with Fukushima responses for BWRs if anyone is interested on how the plants actually respond, and what we are doing and changing to respond to Fukushima-like situations.

Please do.
Are filters being installed on vent lines?
Do you have battery-backed lighting? Individual batteries in each light, or what?
Do your operators now know how to open the vent? Did they practice it? Without electricity?
Do you have gravity-feed water sources?
Etc...

 

[nikkkom]

The more I learn here, the scarier it looks. Safety relief valves need something (compressed air) to work? *Safety* valves? Really? Why? It's not possible to have valves which are actuated solely by the pressure they are intended to relieve??

 

[Hiddencamper]

Or you can depressurize and use the same portable pump to inject to *RPV* instead of the more complex setup you describe.

The issue here, is that you have to assume the plant has already gone 8+ hours without electricity. In this case, a blowdown of the reactor has the potential to result in damage to the containment as the HCTL (heat capacity temperature limit) of the suppression pool will be exceeded. You CANNOT blow down a BWR type reactor when you are above the HCTL, as the potential to damage the containment is not acceptable. In these cases, the best thing to do is to keep running RCIC, and work on cooling your suppression pool through venting and feed and bleed, and ultimately portable heat exchangers. Once you are below the HCTL and can blow down again, or you have manually and slowly blown down the reactor to a level where low pressure pumps can handle injection at a sufficient rate, then you can transition to using your portable pumps for core cooling. Damaging containment is NOT an acceptable response.

RCIC is useful for delaying the meltdown. Useful, but not enough.

RCIC will run as long as you can maintain the suppression pool relatively cold. If you vent containment and feed/bleed replacement suppression pool water, you can run RCIC indefinitely. There are several BWRs who would use their RCIC system for days in the 80s in order to shorten the time between restarts if there was an equipment failure, something which is not acceptable anymore.

I want to have a system which pretty much *guarantees* to prevent meltdowns. Which means passive, power-independent system. Which means it should be gravity-fed. Which means very low pressure. Which means it can't inject water into pressurized PCV or RPV. Which means they need to be depressurized in order to allow this water to go in.

Pretty much the ESBWR design. Take a look at it. The problem is you are limited based on the size of your initial pools (which is limited based on the design and cost of the structural loading on your containment, as the pools are all seismic class 1).

Are filters being installed on vent lines?

Mark I containment plants are upgrading their existing hardened vents, and Mark II containment plants are installing them. Mark III plants already have MANY containment venting systems. With regards to filters, this is a regulatory issue in the US right now. The industry wants to be required to have decontamination factor goals, which is consistent with NRC policy and direction right now, and allows for the greatest flexibility using equipment already available while avoiding unintended consequences. This is the same position that ACRS (Advisory committee for reactor safeguards) has, and is a position the NRC staff also agrees is a feasible approach. The staff however suggests installing mandatory filters as filters meet the commission's intent of a prompt action which could have a net benefit. There's a lot going on in this area and I think there's more information out there than I can give justice to right now. The short answer though is that the industry has a lot of concerns, many of which are NOT cost related, that have to do with the fact that filters are only applicable in roughly 3-4 out of 8 scenarios where containment venting or release is required, and that the installation of filters for beyond design basis events can REDUCE the reliability of the containment system during required design basis events. There are very large cost increases associated as well which were not accounted for in the backfit analysis, and there is no generic/common approach for plants to do this. Anyways.....the industry is putting together plants which will achieve decontamination factors on the order of 1000 to 10000 using FLEX equipment. This is a political issue at the moment and I really don't want to get into more than that.

Do you have battery-backed lighting? Individual batteries in each light, or what?

Emergency lighting is a fire-code thing. I can't speak for all plants, but at the plant I'm at now, and the few I've been at, emergency lights have individual lighting packs. The lights are separated into "normal" emergency lighting, and b.5.b emergency lighting, which is accredited for beyond design basis events where there are explosions and other significant site damage. Only b.5.b lighting would be assumed to function during a Fukushima-like event. There are b.5.b storage lockers with credited lights and equipment for operators to use in the event that all normal and emergency lighting and systems are lost. The emergency lights have their own backup batteries, and there are reserve batteries on site.

Do your operators now know how to open the vent? Did they practice it? Without electricity

YES! I even know the procedure number off the top of my head (and will not state it here because it may point back to my plant). Our extensive damage mitigating procedures, part of our b.5.b plan and 9/11 terrorist attack response plan includes things such as black starting the diesel generators with no control power, cooling the plant using a variety of crazy methods, running RCIC without electricity, AND, using credited b.5.b portable battery packs which are above ground in seismically qualified lockers and going to the SRV penetrations and hooking the batteries up to the appropriate connections to cause the SRV to actuate. These tasks have been "simulated", and are very clearly laid out in the procedure. The procedure includes a list of all SRVs, which contacts you have to wire to in order to read suppression pool temperature. Which contacts you have to wire up in order to energize each individual SRV, preferred energization order based on plant conditions, how to identify if the lift was successful, and how long the battery is expected to maintain the valve open. In a Fukushima like event, we would disable the relief mode of the SRVs (the air/power operated mode), and activate the ADS backup air supply, which will give us more lifts without having to install portable air bottles, but the options for installing portable air bottles or compressors do exist and are detailed in the extensive damage mitigation guidelines. We also have a remote shutdown panel with a select number of SRVs, and wiring up any power source to the RSP can allow lifting those valves without having to open up a penetration.

With regards to emergency procedures, the EOPs (emergency operating procedures), are high level guidelines/procedures for how to achieve critical safety objectives. The SAGs (severe accident guidelines) are even higher level goals to achieve critical safety objectives if core damage is a possibility. The EDMGs (extensive damage mitigation guidelines), are unique ways to meet those goals without using normal equipment or operating procedures, and assuming significant site damage. The new Fukushima/FLEX procedures further expand upon that and include very extended duration events. In other words EOPs/SAGs = goals, EDMGs and FLEX = extra means to fulfill those goals, should normal means become unavailable. All procedures are trained on by operators in the simulator and are part of their initial licensing and requalifications.

Do you have gravity-feed water sources?

BWR series plants do not have this. The AP1000 and ESBWR are the only two plants I know of that utilize some form of gravity fed source.

The more I learn here, the scarier it looks. Safety relief valves need something (compressed air) to work? *Safety* valves? Really? Why? It's not possible to have valves which are actuated solely by the pressure they are intended to relieve??

The valves are SAFETY-RELIEF valves. The SAFETY mode is spring operated, and requires no electricity or pressure to function. These valves are sequenced to lift against spring pressure as reactor pressure exceeds the relief mode setpoints. This is what prevents the reactor from exceeding its 1375 PSI ASME code limit post event with no power or ADS air.

The RELIEF mode is power actuated utilizing a pneumatic air supply. The RELIEF mode is the mode in which the plant's safety systems will automatically lift to limit pressure. The relief mode setpoints are below the safety mode setpoints. The operators can manually lift the valve in relief mode, and can also disable the relief mode, for each valves. Typically, if the instrument air supply to the containment is isolated or disabled for any reason, the operators will turn off the relief mode on all SRVs and allow the safety mode to actuate in order to preserve accumulator air for a blowdown, if required. Once the operators get a handle on the situation and are ready to blow down, they will either actuate ADS (which automatically lifts several valves in relief mode) or they will manually lift valves. The SRVs have enough air for a specific number of rated lifts against containment design pressure. Once lifted, if DC power is continuously applied, the valves will stay open for quite a while, as the leakage from the accumulators is rather low. For extended events, a means to assure recharging the accumulators may be vital to success. There are other ways to blowdown the reactor should the SRVs be all failed, but those means require AC power to be restored to some plant systems, while the SRVs only require DC power and pre-charged instrument air.

 

[jim hardy]

Fukushima operators can be hardly blamed for it. Someone else should be held responsible.

That wasn't my intent at all... sometimes what i don't say gets me in more trouble than what i do say...
I've consistently lauded the operators' heroism throughout the 2011-2012 thread.
Responsibility lies with some individual(or committee) who decided to ignore the warnings in 1990's from earth-scientists that tidal waves in excess of plant design for them were more probable than had been known at time of construction.
They should have put a submarine hull around the electrics.

Someone wrote accident manual which said that loss of all power is impossible (!).

That the plants had not considered and addressed station blackout in their procedures and training falls on some level of management. Those ORNL blackout analyses were around for nearly two decades. One doesn't wait for regulators to make you do something that important. We drilled on station blackout in our simulator.

Someone decided that battery-backed lights are an unnecessary luxury in a nuclear power plant (what can possibly go wrong?).

They are standard emergebcy equipment. Our batteries were 125 volt so they were plain rough service incandescent lightbulbs. (Now there's an interesting thought - EPA wants to outlaw incandescents.)
Fukushima's battery powered lights and instruments worked fine until the batteries ran down.
A small engine driven DC generator would have been a prudent accessory.
Probably all their welding machines got flooded, or had electric motors. We kept some gasoline driven ones around...

Someone didn't think about installing filters on emergency vent lines. Someone didn't think about training operators how to open said vents.

Had your first two issues been addressed, things wouldn't have got so far as to need such filters.

Operators were left in the dark, figuratively as well as literally. And wet.

The scary thought is that F1 would have melted down on any given day during last 40 years, if tsunami would happen on that day.

Yep. Placing diesels in basement made them safer from earthquakes but left them vulnerable to flooding.
Every old cowboy knows to pitch his tent above high water.

old jim

 

[nikkkom]

Thanks for such a detailed response! :)

>> Or you can depressurize and use the same portable pump to inject to *RPV* instead of the more complex setup you describe.

The issue here, is that you have to assume the plant has already gone 8+ hours without electricity.

Fukushima demonstrated a different scenario. When tsunami receded, even though operators were without power for only a few minutes so far, they *knew* that power is likely to be unavailable for days.

If at that moment they would have a way and training how to depressurize RPV and if they would have low-pressure injection source (like fire truck), they could just do that: keep RPV filled, at ~100 C and at ~1 atm. KISS. No RCIC. No need to think about temperature/pressure in the torus. (They wouldn't even absolutely need vent to be filtered, because the steam at that point was relatively uncontaminated).

Pretty much the ESBWR design. Take a look at it. The problem is you are limited based on the size of your initial pools (which is limited based on the design and cost of the structural loading on your containment, as the pools are all seismic class 1).

Yes, I looked at it and at AP1000. Looks better.
The pools may (should) have means to be refilled by a "fire truck".

The RELIEF mode is power actuated utilizing a pneumatic air supply.

Stupid question: is it impossible to have relief valves which can be operated manually?

 

[Hiddencamper]

I'm going to start with the easy ones first.

Stupid question: is it impossible to have relief valves which can be operated manually?

The SRVs are in the containment and are connected to the main steam system. Because they are part of the ASME class 1 piping, they must be within containment. This pretty much eliminates any possibility of a person going in and manually lifting the valve, even if such a design existed.

Fukushima demonstrated a different scenario. When tsunami receded, even though operators were without power for only a few minutes so far, they *knew* that power is likely to be unavailable for days.

The various units were already being cooled by IC/RCIC prior to the tsunami. When the tsunami hit, the operators did not *know* they would be out for days, and they were not trained on this type of scenario. It probably took over an hour to truly realize what the extent of the damage was to the AC and DC auxiliary power distribution systems in the plant. At the time the tsunami hit, they were likely trying to understand what indications they lost and trying to restore them, as indications are the most vital component of reactor operations. They likely radioed equipment operators to go out to the field to figure out what was going on.

If at that moment they would have a way and training how to depressurize RPV and if they would have low-pressure injection source (like fire truck), they could just do that: keep RPV filled, at ~100 C and at ~1 atm. KISS. No RCIC. No need to think about temperature/pressure in the torus. (They wouldn't even absolutely need vent to be filtered, because the steam at that point was relatively uncontaminated).

This really isn't KISS though. In a Fukushima like situation, the reactor is going to be boiling 600 gpm after shutdown, which only gives you about 10-15 minutes before your HPCI/RCIC systems start. RCIC and HPCI will add heat to the suppression pool before you could ever hook up your portable equipment. Additionally, a portable pump only provides injection, it does not support decay heat removal. You also cannot just "sit at 100 lbs" or 1atm of pressure. The SRVs are not control systems. They are either "OPEN" or "CLOSED". If you leave 1 SRV open, with a shut down core, your pressure will continue dropping to 0. This means, to maintain 100 lbs of pressure, the operators have to manually open and close them, which not only distracts them, but also introduces a human performance issue where if they leave it open, they can trip the RCIC system (requires an operator to manually reset it AT the turbine), or they leave it closed too long and the vessel heats up above the allowable HCTL. Cycling SRVs also rapidly depletes each SRV's reserve air supply and further complicates the event if your portable equipment does not come available. On top of it, you might not have available power to actuate your SRVs (like at Fukushima).

The KISS you are talking about also assumes the operators immediately recognize the situation, immediately perform an emergency blowdown, and can, within 15 minutes, connect and start injecting with portable pumps. This is not feasible given the number of actions which need to occur on top of correctly identifying the beyond-design-basis event. Operators are trained to not do anything for the first several minutes of an event but watch, and we are not allowed to credit ANY operator actions for safety for a minimum of 10 minutes post event, and most operator actions do not start until 30 minutes post event. (Our 10 minute post event action is to start suppression pool cooling. That's the only proceduralized action we have during accidents within 30 minutes). Another note is a reactor can only have 1 blowdown at a time. Blowdowns put a LOT of stress on the vessel, and it may not be possible to restart the plant after a blowdown. For this reason, rapid blowdowns are last resort options. It is much preferred to do a slow blowdown.

The bottom line, is your "KISS" approach is not KISS, requires constant operator attention taking them away from other potential issues, requires a lot of knowledge the operators will not have at that point in time regarding the extent of damage and feasibility of repair, requires many actions to be taken in a very short amount of time (faster than we ever credit for nuclear safety), and does not address all conditions.

If it was that easy, Fukushima would not have happened.

 

[nikkkom]

Thanks again!

The SRVs are in the containment and are connected to the main steam system. Because they are part of the ASME class 1 piping, they must be within containment. This pretty much eliminates any possibility of a person going in and manually lifting the valve, even if such a design existed.

But... existence of ICs in Unit 1!
ICs sit outside of PCV. They are easily accessible. And they have reactor steam piping which comes to them all the way from RPV, right?

So it's not merely possible to have such a line, it _exists_ in some BWRs. Why can't it have a manually operated valve and vent line?

Additionally, a portable pump only provides injection, it does not support decay heat removal.

Correct. They only provide water. The boiling of water and venting of the vapor removes heat.

You also cannot just "sit at 100 lbs" or 1atm of pressure. The SRVs are not control systems. They are either "OPEN" or "CLOSED". If you leave 1 SRV open, with a shut down core, your pressure will continue dropping to 0.

...and the problem with RPV pressure dropping to ~1 atm is?...

I see benefits: easy injection; low temperature.

the operators have to manually open and close them

I meant that in this hypothetical scenario steam vent from RPV should be opened and *remain open*.

 

[Hiddencamper]

The IC has code class 1 isolation valves that are inside AND outside of the containment. The inside containment ones cannot be accessed for manual operation just like the SRVs which are inside containment cannot be accessed. So yes, there is ASME code class 2 piping for the IC which lies OUTSIDE of containment, but there are code class 1 isolation valves still that are directly inside and outside of the containment boundary.

ASME code class 1 piping and valves go out to the 2nd isolation valve. In the case of SRVs, there is only 1 valve because they are only inside containment. If I wanted some kind of SRV which could vent outside of containment, I would need at least 2 valves, to allow for single failure (fail open) and to ensure that radioactive releases don't occur. This doesn't fix the problem, in fact, it makes it harder to relief reactor pressure.

With regards of sitting at ~1atm, the issue is that you have to manually open and close your SRVs to do this, and you will deplete your SRV accumulator air supply. IF the Instrument Air isolation valves can be reopened and portable air supplies are available and you have available DC power to actuate the solenoids, THEN holding at 1 atm is ok, but as I've said, its not optimal for all situations.

Holding at 1ATM for the 4-8 hour station blackout scenario is ok, but when you don't have enough knowledge to know what situation you are in, the best thing is to keep the reactor hot, as you don't waste DC power OR SRV accumulator air.

I meant that in this hypothetical scenario steam vent from RPV should be opened and *remain open*.

Then your pressure in the reactor will drop to roughly 0, and your RCIC will fail, causing a loss of all injection. Just to be clear, we are talking about the scenario where your AC power is completely failed and you need to rely on your onsite DC or steam driven systems for some period of time. You can't assume that you are going to have a portable pump lined up for hours as part of the accident scenario. (This is the fukushima response requirement. It doesn't matter what a common sense approach says, you have to follow the rules of the scenario).

 

[nikkkom]

The IC has code class 1 isolation valves that are inside AND outside of the containment. The inside containment ones cannot be accessed for manual operation just like the SRVs which are inside containment cannot be accessed.

Correct me if I'm wrong, but adding valves inside PCV was Japanese "improvement", in original design IC steam lines did not have those valves. Japanese paid dearly for this when power failed, PCV was inaccessible, and they failed to open them. Unit 1 went BOOM first.

With regards of sitting at ~1atm, the issue is that you have to manually open and close your SRVs to do this, and you will deplete your SRV accumulator air supply.

Because relief valve design is bad. They should not need anything to remain open.

Then your pressure in the reactor will drop to roughly 0, and your RCIC will fail, causing a loss of all injection. Just to be clear, we are talking about the scenario where your AC power is completely failed and you need to rely on your onsite DC or steam driven systems for some period of time.

I am saying that relying on such things isn't good enough. Fukushima proved it. They were running their RCIC and kept RPVs pressurised. Did it save them? No. What it did achieve is it made fire trucks incapable of injecting fresh water against high pressure in RPV and PCV. Excellent...

You can't assume that you are going to have a portable pump lined up for hours as part of the accident scenario.

..."therefore let's make sure that portable pump, even if available, will be of no use"? That's a strange position, no?

 

[Hiddencamper]

Correct me if I'm wrong, but adding valves inside PCV was Japanese "improvement", in original design IC steam lines did not have those valves. Japanese paid dearly for this when power failed, PCV was inaccessible, and they failed to open them. Unit 1 went BOOM first.

Containment isolation valves are NOT a Japanese "improvement". They are a required design feature to meet ASME codes for nuclear power plants and associated standards, along with meeting general design criteria requirements. Containment isolation valves are designed to prevent radioactive release, as you have to assume all valves and piping beyond the second containment isolation valve fail in the worst possible manner, and that at least one containment isolation valve fails to shut properly.

The IC was offline at the time of the event because the IC cools the reactor down too rapidly (cooldown rate is > 100 deg F /hr). So the operators manually cycled the system on and off. The tsunami hit while the system was still cycled off or nearly off.

Unit 1 went "boom" first because it had no makeup or decay heat removal. The HPCI isolation valves were also closed (because HPCI was not inservice) (and the HPCI injection valve was probably closed too), otherwise the HPCI system could have been used for injection as well. With no AC or DC power none of these isolation valves could operate.

Because relief valve design is bad. They should not need anything to remain open.

Again we are getting into nuclear plant design requirements. The RPV should be essentially leak teak for all conditions except emergency situations where pressure relief is required. For this reason, the relief valves should FAIL SHUT. The relief valve design is consistent with requirements to minimize radiological consequences and mitigate core damage. Relief valves sticking open are considered a design basis accident condition as it rapidly cools down the core, allows reactor coolant to escape, heats up your suppression pool, and allows radioactive material to escape. If I open a relief valve and force it to stay open, that increases the potential for accident scenarios and increases the probability of radiological release. It also challenges my ECCS, as ECCS is now required to function to maintain reactor water level. Open relief valves increase suppression pool temperature, containment activity, and put cyclic wear and thermal fatigue on the SRV tailpipes. Leaving SRVs open for too long heats the tailpipes up and can lead to earlier failure of the sparger mechanism or downcomers. There are a number of other SRV related issues which are rather complex and ultimately being able to open and close SRVs at will and having SRVs which "fail closed" is the solution.

I am saying that relying on such things isn't good enough. Fukushima proved it. They were running their RCIC and kept RPVs pressurised. Did it save them? No. What it did achieve is it made fire trucks incapable of injecting fresh water against high pressure in RPV and PCV. Excellent...

Please read the various reports from both Japan, http://www.cas.go.jp/jp/seisaku/icanps/eng/final-report.html, and the US industry (INPO Level 1 IER 11-05 http://www.nei.org/resourcesandstat...t-the-fukushima-daiichi-nuclear-power-station).

I know very specifically that at units 2 and 3 they depleted their SRV air accumulator supply while they were holding pressure low for portable injection pumps to try and inject. Unit 3 also manually shut down their HPCI thinking they were about to transition to a portable pump. As a result, pressure went back up, and they lost the ability to inject with portable pumps again. Your idea of trying to immediately blowdown to 1 atm and stay there would have caused them to deplete their SRV air accumulators EARLIER in the event. Depressurizing rapidly is ONLY useful in situations where you can do an EARLY portable injection, but you can't assume that you will have the ability to do that early, and when you aren't able to get that portable injection going and you deplete your SRV accumulators and can no longer control pressure, that greatly increases the probability of core damage which is not acceptable.

There's a lot of complexities with any nuclear power plant and how it functions, combined with the regulations, required codes and standards, operational requirements, etc. You seem to be applying what you think is a "common sense approach", but unfortunately those things do not work in nuclear power.

..."therefore let's make sure that portable pump, even if available, will be of no use"? That's a strange position, no?

By definition during a Fukushima event, you have a loss of that pump if it is pre-installed, and if it is not pre-installed, you still have to "cope" for a certain period of time prior to having any portable equipment available.

Tell me, for an event that destroyed things which were not designed to be destroyed, how are you going to prevent damage to this pre-staged or pre-installed portable pump? You can't have it in the plant, you need it in an elevated, seismic category 1, controlled weather proof enclosure, and it needs to be seismically secured. If its not, you have to assume it failed. And if it is, you need time to identify the extent of the event, then time to get teams to move the equipment to the plant (while operators are working on not losing the plant), time to hook it up, then time to establish the conditions necessary for it to function. You cannot assume something will just work and be available and you could simply hook it up willy nilly, as that violates the initial conditions of the Fukushima scenario.

The Fukushima scenario has a set of complex initial conditions that we have to assume. There are requirements for how long we have to wait before we are "allowed" to assume that the operators can identify the condition and begin hooking up FLEX equipment (from a design space). If we do not follow those initial conditions or requirements then we are not in compliance with the new orders from INPO/NRC.



One last thing, if you want to talk about what you think new plants should be, we can do that. But if we are talking about existing plants, there's really not much room to argue. Existing plants are designed the way they are and have specific design requirements and challenges. They are not going to change into these new passive gravity cooled plants with all of these whizbang features which are designed to automatically blowdown and stay cooled for 72+ hours. And existing gen 2 plants are not KISS in any part of the facility. Even our light switches are complicated (I have a story behind this that involved 2 guys getting suspended for flipping a light switch). Anyways I hope I helped answer some of your questions.

 

[a.ua.]

Good day Hiddencamper

What do you think, could the gas bubble will appear at the input of IC for 2 hours, until it was turned off?
This was the first version of IC failures.

At the cut-off valve inside the standing PCV AC motors.
Small chance that he will remain an alternating current, but not DC.
Or there are inverters?

 

[nikkkom]

The RPV should be essentially leak teak for all conditions except emergency situations where pressure relief is required. For this reason, the relief valves should FAIL SHUT.

That is okay. What I don't get is where the requirements to make valves fail shut *and be inaccessible* inside PCV come from; and why, after opening the valves, *merely keeping them open* requires power and/or air.

The relief valve design is consistent with requirements to minimize radiological consequences and mitigate core damage.

Many people in Japan noticed recently that it didn't work so well. Looks like it's a good time to rethink how these things are done.

The Fukushima scenario has a set of complex initial conditions that we have to assume.

Why? They are not complex at all: "all offsite power is lost. All on-site power, including DGs and batteries are lost". Operators should have this situation described in their emergency manuals. They should perform realistic drills which simulate this condition, and their response. There should be necessary preparations for it (such as filters on vent lines).

None of this was done, and judging by your responses, it is not fully addressed *even now*.

I'll tell you more. I want operators to go *further*. They need to know what to do if not only the above happened, but what to do if they discover that they have no portable water sources and can't cool down the reactor and prevent its meltdown. I don't want to hear them going "oh my gosh, run for your lives!"; I want them to turn the page of their manuals and go to a chapter which tells them what they should do. Should they vent? Through which vent, which valves to open? How to avoid hydrogen explosion? Is there national fast response team which can bring help from unaffected region? etc...

One last thing, if you want to talk about what you think new plants should be, we can do that. But if we are talking about existing plants, there's really not much room to argue. Existing plants are designed the way they are and have specific design requirements and challenges.

Are you saying that next tsunami inundating a BWR/4 plant should be *expected* to make it melt down? That we should _not_ think how to avoid that?

 

[Hiddencamper]

Good day Hiddencamper

What do you think, could the gas bubble will appear at the input of IC for 2 hours, until it was turned off?
This was the first version of IC failures.

At the cut-off valve inside the standing PCV AC motors.
Small chance that he will remain an alternating current, but not DC.
Or there are inverters?

I'm not familiar enough with the IC to give a good answer about a gas bubble. I do know after a scram, a lot of gasses can come out of solution.

With regards to the cut off valve/AC motors. Again I'm not positive with the IC, but the majority of isolation valves use low voltage AC or DC for control power, and AC for the actual valve motor. Some systems, like RCIC, use an inverter for AC power off the battery system to activate when all AC power is lost. The IC may be similar. I'll try to get schematics from an IC plant tomorrow to check.

 

[Hiddencamper]

That is okay. What I don't get is where the requirements to make valves fail shut *and be inaccessible* inside PCV come from; and why, after opening the valves, *merely keeping them open* requires power and/or air.



Many people in Japan noticed recently that it didn't work so well. Looks like it's a good time to rethink how these things are done.



Why? They are not complex at all: "all offsite power is lost. All on-site power, including DGs and batteries are lost". Operators should have this situation described in their emergency manuals. They should perform realistic drills which simulate this condition, and their response. There should be necessary preparations for it (such as filters on vent lines).

None of this was done, and judging by your responses, it is not fully addressed *even now*.

I'll tell you more. I want operators to go *further*. They need to know what to do if not only the above happened, but what to do if they discover that they have no portable water sources and can't cool down the reactor and prevent its meltdown. I don't want to hear them going "oh my gosh, run for your lives!"; I want them to turn the page of their manuals and go to a chapter which tells them what they should do. Should they vent? Through which vent, which valves to open? How to avoid hydrogen explosion? Is there national fast response team which can bring help from unaffected region? etc...



Are you saying that next tsunami inundating a BWR/4 plant should be *expected* to make it melt down? That we should _not_ think how to avoid that?

Fail shut is to prevent reactor coolant discharge and radiological release. It's a safety function and is required. As I've said, a stuck open SRV is considered an accident. You want them to go back closed, as if one sticks open it will rapidly decrease coolant inventory in the core.

Operators in the US have been training on total loss of major systems including AC power since 9/11, and if you read the reports from the national diet of Japan, they state that if they had incorporated b.5.b rules from the US (our 9/11 response) they would have been in much better shape.

 

[jim hardy]

.............

None of this was done, and judging by your responses, it is not fully addressed *even now*.

I'll tell you more. I want operators to go *further*. They need to know what to do if not only the above happened, but what to do if they discover that they have no portable water sources and can't cool down the reactor and prevent its meltdown. I don't want to hear them going "oh my gosh, run for your lives!"; I want them to turn the page of their manuals and go to a chapter which tells them what they should do. Should they vent? Through which vent, which valves to open? How to avoid hydrogen explosion? Is there national fast response team which can bring help from unaffected region? etc...



Are you saying that next tsunami inundating a BWR/4 plant should be *expected* to make it melt down? That we should _not_ think how to avoid that?

It is probably mostly still in the 'thinking' stage.
It took a couple years for TMI related changes to be formulated.


I'm retired now so largely out of touch with the plant guys. I rely on internet for what's going on.
Here's an interesting country-by-country snapshot of what's being done, dated this month.

The purpose of this paper is to investigate the
activities relating to the safety reviews by
international organizations and by individual
countries within the limit of available information
such as their published national reports and data on
their websites, and to clarify safety related issues that
are common across the world and should be solved in
the future.
OHSUGA Yasuhiko
Nuclear Safety and Simulation, Vol. 3, Number 1, March 2012

http://www.ijnsweb.com/?type=subscriber&action=download&file=final&ext=pdf&id=106

 

[Astronuc]

That is okay. What I don't get is where the requirements to make valves fail shut *and be inaccessible* inside PCV come from; and why, after opening the valves, *merely keeping them open* requires power and/or air.

Many people in Japan noticed recently that it didn't work so well. Looks like it's a good time to rethink how these things are done.

Why? They are not complex at all: "all offsite power is lost. All on-site power, including DGs and batteries are lost". Operators should have this situation described in their emergency manuals. They should perform realistic drills which simulate this condition, and their response. There should be necessary preparations for it (such as filters on vent lines).

None of this was done, and judging by your responses, it is not fully addressed *even now*.

I'll tell you more. I want operators to go *further*. They need to know what to do if not only the above happened, but what to do if they discover that they have no portable water sources and can't cool down the reactor and prevent its meltdown. I don't want to hear them going "oh my gosh, run for your lives!"; I want them to turn the page of their manuals and go to a chapter which tells them what they should do. Should they vent? Through which vent, which valves to open? How to avoid hydrogen explosion? Is there national fast response team which can bring help from unaffected region? etc...

Are you saying that next tsunami inundating a BWR/4 plant should be *expected* to make it melt down? That we should _not_ think how to avoid that?

A lot of this is based on the benefit of hindsight. The situation in Japan was different than the US, e.g., " if they had incorporated b.5.b rules from the US (our 9/11 response) they would have been in much better shape."

In Japan, while they did forsee a tsunami, they underestimated the magnitude. Most of the coast was unprotected. It was not only the nuclear plants, but also the chemical plants and other industries.

Following Fukushima, regulatory authorities and utilities world-wide re-assessed their safety and emergency programs. I'd expect deficiencies were found and addressed. Most BWR/4s are not subject to tsunami.

Should the plants have been better protected? Probably. Should they have expected such a tsunami, based on historical record? Probably, especially since there were earlier reports about such a hazard, and there was a substantial earthquake in Alaska in 1964.

"Nearby, a 27-foot (8.2 m) tsunami destroyed the village of Chenega, . . . "
http://en.wikipedia.org/wiki/1964_Alaska_earthquake

Had the sites in Japan been designed for a 10+ m tsunami, then we'd have had a different story perhaps. I would imagine that the EDG oil tanks would have been better protected, or at least not located at shore line. Also, the EDGs should have been located in an area not subject to flooding. And so on.

In three days with be the second anniversary of the event.

 

[nikkkom]

A lot of this is based on the benefit of hindsight.

And?

If nuclear industry failed to foresee and prepare for the probabilistically likely events, it should AT LEAST fix those deficiencies which now DEFINITELY known to exist (the "hindsight").

In Japan, while they did forsee a tsunami, they underestimated the magnitude.

Which says to me that NPPs *elsewhere* can be in the same situation: underestimating flooding hazards. (Calhoun? Blayais? Rings any bells?)

Following Fukushima, regulatory authorities and utilities world-wide re-assessed their safety and emergency programs. I'd expect deficiencies were found and addressed.

I was thinking exactly the same thing wrt Chernobyl.
I'm not so sure about that now. Because...

Most BWR/4s are not subject to tsunami.

...people tend to think like this.

"We physically can't have Fukushima scenario, let's write a report that 'we studied out accident preparedness and we are fine'".

Somehow, I'm not buying it. I would rather read "we bought two more fire trucks and two mobile diesel generators and situated them in two different locations close to plant, and we drill our operators in using them every time we have a refueling outage. Because, although we aren't susceptible to tsunamis, we aren't arrogant a-holes and we think we might be failing to anticipate a possible disaster scenario, Oh, and BTW, we installed four more 100-ton tanks with fresh water on the NPP premises, and stockpiled flexible hoses. Just in case."

 

[Astronuc]

And?

If nuclear industry failed to foresee and prepare for the probabilistically likely events, it should AT LEAST fix those deficiencies which now DEFINITELY known to exist (the "hindsight").

And at the time of the Fukushima event, US utilities had emergency meetings to assess their own sites and their emergency preparedness programs - even before the NRC made any statement. US BWRs had already installed safety features not present in the Japanese reactors. Combined natural events were reviewed and reassessed. SAMGs were reviewed.

Which says to me that NPPs *elsewhere* can be in the same situation: underestimating flooding hazards. (Calhoun? Blayais? Rings any bells?)

Calhoun came through that flooding fairly well. It was in a refueling outage, and is still down.
http://www.nrc.gov/info-finder/reactor/fcs/special-oversight.html

I was thinking exactly the same thing wrt Chernobyl.
I'm not so sure about that now. Because...

...people tend to think like this.

LWR operators simply assume Chernobyl will not happen to them, because they don't operate like that, and LWRs don't have graphite moderation. LWRs in flood prone areas are required to assess the flooding potential and have prevention and mitigation plans.

"We physically can't have Fukushima scenario, let's write a report that 'we studied out accident preparedness and we are fine'".

Somehow, I'm not buying it. I would rather read "we bought two more fire trucks and two mobile diesel generators and situated them in two different locations close to plant, and we drill our operators in using them every time we have a refueling outage. Because, although we aren't susceptible to tsunamis, we aren't arrogant a-holes and we think we might be failing to anticipate a possible disaster scenario, Oh, and BTW, we installed four more 100-ton tanks with fresh water on the NPP premises, and stockpiled flexible hoses. Just in case."

Folks have planned to prevent that.

 

[Hiddencamper]

And?

If nuclear industry failed to foresee and prepare for the probabilistically likely events, it should AT LEAST fix those deficiencies which now DEFINITELY known to exist (the "hindsight").
Which says to me that NPPs *elsewhere* can be in the same situation: underestimating flooding hazards. (Calhoun? Blayais? Rings any bells?)
I was thinking exactly the same thing wrt Chernobyl.
I'm not so sure about that now. Because...
...people tend to think like this.

"We physically can't have Fukushima scenario, let's write a report that 'we studied out accident preparedness and we are fine'".

Somehow, I'm not buying it. I would rather read "we bought two more fire trucks and two mobile diesel generators and situated them in two different locations close to plant, and we drill our operators in using them every time we have a refueling outage. Because, although we aren't susceptible to tsunamis, we aren't arrogant a-holes and we think we might be failing to anticipate a possible disaster scenario, Oh, and BTW, we installed four more 100-ton tanks with fresh water on the NPP premises, and stockpiled flexible hoses. Just in case."

The industry is reassessing their seismic and flooding hazards and seeing if they are deficient as part of post fukushima response. So we ARE actively doing something about it.With Fort Calhoun, the flood was actually below the maximum expected flood for the site still. The problems at Fort Calhoun stemmed from the fact that 2 years before the flood, their flood preparations were deficient. The NRC made them fix it. And as far as I can see, the US regulatory system did a good job of identifying a deficiency and ensuring it was corrected such that the flood was non-eventful. Fort Calhoun's problem now really stems from years of deficiencies, and to understand how they got there, you need to have spoken to people who have gone there to help "Clean up". I think Fort Calhoun basically being told that the NRC does not want OPPD to operate the plant anymore was the right thing.

The whole "we did a report and we are fine" thing is NOT what the US has done. In the US, we purchased millions of dollars of new equipment, built 2 regional response centers that can deploy a full set of portable equipment to any site in the country in less than 24 hours (and all the equipment is regularly tested and kept in like new condition), have reviewed and upgraded our emergency procedures to utilize this equipment, and are developing portable equipment hookups and plans. This is all part of the FLEX initiative, and is also an NRC order, to be able to maintain core cooling and critical safety functions indefinitely, in three phases. The first phase is using only on-site permanent equipment that is available after a Fukushima-like event, the second phase starts 24 hours later, and involves portable equipment on site and off site. The third phase is after 72 hours when "offsite help" is allowed to come in. It's assumed that it takes 72 hours for resupplies of fuel, water, personnel, and other non-portable equipment for critical safety functions to arrive. This is what the US nuclear industry has done. NOBODY has simply said "We looked at it and its ok".

With regards to fire trucks, extra fuel, portable pumps, water, the US already did that after 9/11. But 9/11 only required enough equipment for 1 plant, not both. Many plants are installing more generators and equipment. We are going to be pouring concrete at my plant and building a new section where we can put a new generator, and us engineers are figuring out the power requirements to make sure we are capable of restoring critical safety functions in the event all of our normal generators and equipment fail. Post Fukushima, we've added more portable equipment to that because now we are assuming ALL units on site fail simultaneously. Operators, maintenance personnel, and emergency responders (myself included) are regularly trained on our extensive damage procedures and severe accident guidelines.

This is what the US has been doing, and will continue to be doing over the next several years.

 

[nikkkom]

The whole "we did a report and we are fine" thing is NOT what the US has done. In the US, we purchased millions of dollars of new equipment, built 2 regional response centers that can deploy a full set of portable equipment to any site in the country in less than 24 hours (and all the equipment is regularly tested and kept in like new condition), have reviewed and upgraded our emergency procedures to utilize this equipment, and are developing portable equipment hookups and plans. This is all part of the FLEX initiative, and is also an NRC order, to be able to maintain core cooling and critical safety functions indefinitely, in three phases. The first phase is using only on-site permanent equipment that is available after a Fukushima-like event, the second phase starts 24 hours later, and involves portable equipment on site and off site. The third phase is after 72 hours when "offsite help" is allowed to come in. It's assumed that it takes 72 hours for resupplies of fuel, water, personnel, and other non-portable equipment for critical safety functions to arrive. This is what the US nuclear industry has done. NOBODY has simply said "We looked at it and its ok".

With regards to fire trucks, extra fuel, portable pumps, water, the US already did that after 9/11. But 9/11 only required enough equipment for 1 plant, not both. Many plants are installing more generators and equipment. We are going to be pouring concrete at my plant and building a new section where we can put a new generator, and us engineers are figuring out the power requirements to make sure we are capable of restoring critical safety functions in the event all of our normal generators and equipment fail. Post Fukushima, we've added more portable equipment to that because now we are assuming ALL units on site fail simultaneously. Operators, maintenance personnel, and emergency responders (myself included) are regularly trained on our extensive damage procedures and severe accident guidelines.

Sounds good.