For an interesting commentary on nuclear generating plants and the possibilities for shutdowns, go to:

http://y2kcertified.com/y2kharden.html

-- Anonymous, February 05, 1999

Answers

Excellent analysis! Here's my response to Dr. Harden:

Michael,

My compliments to you on the excellent article regarding the challenges facing the nuclear power industry re: Y2k. I concur completely with your analysis (and, in fact, the NRC's) that Y2k should not pose a direct problem with nuclear plant safety systems, results of the Seabrook audit aside. As you may or may not be aware, I've spent more than 20 years in the industry, between my time in the nuclear navy and commercial nuclear industry (3 years w/an architect-engineering firm, and 14 at a three-site commercial nuclear facility), and have been closely following this issue for quite some time.

My concern with Y2k and nuclear plants has been, and continues to be, twofold:

1) Erroneous indication leading to incorrect operator response

2) Unnecessary challenges to plant safety systems because of a malfunction in a non-safety related system.

One of the cornerstones of nuclear safety that's trotted out by the industry every time someone questions nuclear plant preparedness for Y2k is "defense in depth". Another cornerstone that's rarely spoken of in the context of Y2k is "thou shalt not not unnecessarily challenge safety systems". The NRC has conveniently avoided any public discussion of the second cornerstone.

I sincerely hope that your analysis, combined with the public input to the NRC on two recent "requests for comment" in the Federal Register (one regarding NRC contingency plans, the other regarding NIRS petitions) serve to enhance public discourse on the issue.

Best regards,

-- Anonymous, February 06, 1999

The whole nuclear power situation is very interesting. Current NRC postings for public discussion note that they are now talking about a Dec 1, 1999 date for shutdown, not July 1, 1999 anymore. While there would be little doubt that in a *normal* scenario the NRC would not let plants operate with safety concerns in question, this year and into 2000 will be anything but normal. I think that the military need for continuous power just might cause the safety bar question to be lowered. Certainly, if we have any serious Federal intervention on this matter, all bets are off for massive safety shutdowns, regardless of the concerns of those who are opposed to exposing the public to risk. One need only recognize that the potential interruption of coal and oil supplies to other power plants, and the huge loss of power due to shutdown of the nukes, points to keeping them running at any cost. This matter will default to political and national security planning.

-- Anonymous, February 08, 1999

Gordon,

There seems to be a notion floating around that the NRC said they were going to shut down any non-compliant nuclear plant in July. This was never the case. In Generic Letter 98-01,the NRC required a certification of Y2k readiness, by a responsible corporate officer, under oath and affirmation. GL98-01 did not spell out the what the downside would be for any plant that was not "Y2k ready" by July. In public comments/meetings on the issue, the NRC has only said that one of the options available to them was to shut down any plant that was not ready; in fact, they've been pretty clear that they *would* shut down any plant they felt was not ready. What they haven't been clear on is a timeframe for such a decision and resultant action.

-- Anonymous, February 08, 1999

There's been a deal of uncertainty about how long it takes to cool a reactor core to safe levels after a shutdown. Looking around, I found this discussion on the ECCS system in the new Westinghouse PWR design, the AP600. From http://antenna.nl/~wise/492/4881.html

History: In 1985 Westinghouse started the development of the new-type pressurized water reactor, the AP600. This new generation reactor would be more safe than earlier reactors. Several new emergency core cooling systems were planned in the model as well as a new containment cooling system, that is even revolutionary as criticized. In 1989 a first concept design was finished. It is expected that the US certification will be given in late 1999, after which the whole development will have cost US$237 million.

Safety: The basic design of the AP600 does not differ that much from a conventional PWR. The main system consists of a reactor with two cooling circuits, leading hot water under pressure to the steam generators. New in the design are the emergency core cooling systems designs, to prevent the overheating and melting of the reactor core in case of a Loss Of Coolant Accident (LOCA). These systems that contain thousands of cubic meters of water should supply emergency cooling when the normal cooling fails. However, the working of these systems is still dependent on activation by computers and man, Westinghouse speaks about "passive safety systems". Once they even described it as "walk-away safe", suggesting that nothing would happen when personnel would leave the plant after an accident. Later on they decided not to use this term as it might be misunderstood by the public.

Four tanks are located above the reactor with borated water. In case of a LOCA this water (about 50 cubic meters) would enter the reactor. The borated water would stop the fission reaction. However, some critics also say the entrance of cool water in a hot reactor might lead to an opposite effect, a power increase. Besides, a water tank with about 1,900 cubic meters is situated in the containment. This amount would be enough to flood the whole containment building above the level of the reactor core. In that way the reactor building would be changed into a kind of swimming pool in which the hot reactor could cool down. Most evolutionary and also most controversial is the "passive containment cooling system". After an accident it is important to keep the containment intact. With too much pressure on the steam, it would burst and release radioactivity. To keep the pressure low enough, the AP600 containment is constructed to lead away the heat by a water-and-air-cooled system. The AP600 is designed with a single containment. Conventional reactors are constructed with double containments, a steel and a concrete one. The AP600 has only one containment to provide maximum heat transport to outside air. Besides, above the building a watertank with 1,300 cubic meters is located to spray the iron containment to cool it down. This water would be enough to cool the containment for three days. A 1991 study on new generations for the Dutch government concluded that the AP600 would not meet Dutch safety regulations. The construction with a single containment would not provide protection to possible accidents from outside like an airplane crash, an explosion, etc. A double containment would affect the possibility to cool the containment by outside air.

In 1990 the US Union of Concerned Scientists published a study on three new generation models (AP600, HTR and breeder PRISM). Besides the conclusion that none of the three design could be called "inherently safe" it concluded that the AP600 does not provide truly passive emergency core cooling (see also WISE NC 342.3421: Study finds no reactor designs 'inherently safe').

I'm not a nuclear engineer, just a guy wondering what the actual situation is. On the facts alleged in the quote above, Westinghouse's new design, presumably improved from previous designs, may not have sufficient cooling water available to handle a shutdown in case of an extended power outage.

Comments appreciated.

-- Anonymous, March 08, 1999

Tom,

It's been a while since working in the nuclear industry, but if memory serves, the AP600 has never been fielded.

-- Anonymous, March 08, 1999

Bill-- "...if memory serves, the AP600 has never been fielded."

It seemed clear from the referenced page that the AP600 has yet to be built. My point was that its design presumably improves on previous PWR designs. If this presumption is correct, what does it imply for previous ECCS arrangements for PWR's now in service?

I understand there may be other reasons for undertaking a new reactor design, certainly a costly project. Overall cost, perhaps. (Anyone?) I repeat, I have no specific technical background. An interested bystander only.

-- Anonymous, March 09, 1999

Tom.. When I was questioning some issues very similar to what you are working around here... (I can't find the thread now) a hands-on worker at a facility contacted me privately with a detailed description of alternative back-up cooling tanks set up @ most nukes .)

My basic question - was, WHERE were they going to put all the extra hot fuel rods, (during a shutdown) - when it is a fact that most nuclear power plants are ALREADY OVERCROWDED (above official NRC safe-capacity guidelines) for on-site storage of the hot fuel-rods.

I can't find his reply - but it was somewhat re-assuring-- that the NRC has invested manymillions in alternative back-up on-site storage techniques/tanks/etc. He made it sound like overkill, almost.

I'm guessing.....that some technical aspects to your questions (& similar) are probably dependant upon alot of other variables us laypersons don't know? Like temperature? local weather? whether salt of fresh water is used??? and it's temperature.. Not to mention a whole host of technical-equipment differences UNIQUE to each facility...???

Which is why I find it unbelievable that only 12 plants are being audited so far, at this late date!!

diane/beatty

-- Anonymous, March 11, 1999

Let's hope NRC expands their audit horizon by summer to cover every reactor online.

-- Anonymous, March 16, 1999

Hi Tom, Bonnie & Rick (experts we have come to know & respect & rely on at Yourdon's Forum:)

Could some of you come help us out on this thread:

Raleigh Nuke Shuts Down Yet AGAIN. Third shutdown in two months. Mood at plant "somber."

To top off the problems there, they have found a dead body on the Entrance Road, in a car.

Naturally this brings forth questions about radiation, etc. Could you help us out with your expertise? Thanks

xxxxxxx xxxxxxx xxxxxxx xxxxxxx xxxxx

-- Anonymous, March 16, 1999

---

margin back

-- Anonymous, March 16, 1999

Leska, you have a marvelously active and inquiring mind, but this time I think you have to rein it in somewhat. I can't see any reason for questions of radiation to come into the picture. Bodies are found in lots of strange places and regular outside authorities are dealing with it, which means that if the local coroner discovered the death had *anything* at all to do with radiation, reports would have to be made and it would hit the local news. Personally, I doubt if the body has any real connection to the nuclear plant.

As far as the series of events at the Shearon Harris plant, I'm reminded of baseball. I'm not a big fan of the sport, but I've watched enough over the years to know that team morale is just as important to winning a game as the skill sets involved. When somebody makes a dumb mistake in baseball, or even if a freak event happens without any mistakes being made, there's an uncomfortable type of stress which takes hold of the team. If a second event happens, a type of "jinx" mentality takes hold and actually tends to increase the odds of other problems occurring! Even a small level of doubt and insecurity can flash through a team and the decrease in morale can lead to exactly what the team is trying to avoid!

I can't say with any certainty that this phenomenon is happening at the Raleigh plant, but I wouldn't be surprised at all if it was. Consider the extra stress levels which have to be present at all facilities which are trying to deal with an everyday work load PLUS dealing with Y2K remediation and testing on top of that. I doubt there's an employee at any nuclear facility (or other business which has a serious push on to get Y2K "ready"), who isn't feeling the pressure both from regulatory agencies and an upper management which is gravely concerned about project timelines, audits, public relations, etc.

In the thread you posted, I think Robert A. Cook's comment touched on what I am trying to get across. When a failure happens, for whatever reason, the uncertainty which results becomes something which must be reckoned with, too. I may be wrong, but I interpreted Mr. Cook's statement, "This is the kind of failure that I expect everywhere - nukes and thermal, the grid, chemical and refinery, shipping, handling, and loading - everywhere a controller senses something and is supposed to stop, start, or move something else," to be addressing the effects of morale, uncertainty, and the mistakes which can thus arise.

My husband learned long ago that one of the most important attributes of a consultant coming into a situation where the in-house people are panicked (and this often happens) is his ability to project a calm and in-control attitude. It's amazing how fast people can get back on track and even find solutions they missed before IF their confidence is restored.

As Rick and others have intimated previously, a large part of the Year 2000 problems will be exacerbated by how technicians deal with any failures (even small ones) and whether the pressure of reacting to unaccustomed events will in turn engender mistakes which escalate the initial problems. Those places fortunate enough to have someone who can remain calm and focused under stress, and who will be able to influence others to do so, will have the best chance of successfully dealing with problems. Unfortunately, my experience with human nature is that this will not happen everywhere and whatever failures do occur may well be made worse by fear and uncertainty. Team leaders and managers should take note, be aware of the morale phenomenon, and learn to deal with it effectively. It could make alll the difference.

The morale/stress phenomenon is also a major reason why I personally think it would be wiser for nuclear facilities to be shut down over the rollover and brought online one at a time afterwards in a deliberate, less pressured, manner. If I owned a plant, I'd give my employees as much time off just before 2000 as possible, have them rested and better able to deal with a controlled start up after the rollover. Y2K failures will likely vary in both number and severity, but it's how PEOPLE deal with them that may make or break a situation.

-- Anonymous, March 16, 1999

Bonnie and all:

I firmly agree with the idea that morale is directly related to how things get handled with the Y2K problem. I would like to take this opportunity to explore this idea in greater detail and share some of my thoughts.

I have been struggling with Peter de Jagger's views concerning the biggest Y2K problem we have now. He believes that our biggest problem is people like Gary North, who stir up a frenzy over something that doesn't have to be that bad. While I agree that asking bunches of questions and giving no answer hurts people, I disagree that this is the biggest problem that remains. I think the biggest problem is that I don't feel secure in the reassurances of groups like NERC and people like Mr. Koskinen. What they say does not have a positive affect on me for some reason. I always feel like they are blaming me for not just closing my eyes, plugging my ears, and walking right strait behind them without thinking. I feel the exact same way when I try to reason with CL on this forum. Whenever I try have a rational discussion as to why he things the way he does, he doesn't explain his reasoning in a way that makes sense to me. This could be my fault because I am not listening correctly, but I am more apt to think that it is his responsibility to help me to understand his confidence if he really expects me to believe him.

I think that one of the reasons that I feel this way is that I don't think that the right people are talking and leading. NERC doesn't seem to be good at managing software and hardware projects. It does not make sense to my mind to trust their assessment.

One way that I describe this feeling is to use an analogy. If the US were being invaded by another country, I would feel good that the Joint Chiefs of Staff were on the job. I would feel a certain level of trust because they have been well trained in the ways of war. But when I look at the Y2K situation, we have something quite different. We have a software/hardware/management problem... and a lawyer is in charge? Lawyers in many cases, opposes the protection of consumers. Even that wouldn't be a problem to me, if a well known, reputable, software project managers were involved, but I have not been made aware of this. There's another analogy.

If the country were experiencing a massive health problem, I would expect a doctor to be in charge of the effort to fix it. I wouldn't expect a lawyer to do as good a job direct the traffic on the project. This is nothing against the lawyer. It's just does not make sense to my mind when trying to feel safe and confident.

I have been trained in software project management. On top of this, it is a sort-of hobby to me. I can see that things are not working well. They actually appear to be deteriorating from my perspective, which brings me to the Peter de Jagger issue.

I am feeling even less confident when I hear the words of Peter de Jagger. This is very frustrating to me. I really enjoyed his focus on the technological problem. I am getting more and more convinced that he doesn't have a good handle on the sociological problem; however. I actually think that you, Bonnie, have a better handle on this. Yes, I do believe that there is still a way that we can get through this thing without panic.

I noticed that you have some knowledge of history. You are probably well aware that leaders in the past were able to avert panic by intimately sharing with the people in ways that brought them common sense assurance. This is what I think we need right now. I would like to help be a part of this effort by offering some words that express why I am not panicking.

I firmly believe certain things. I believe that the sun will rise on January 1st. I am not being facetious, the sun really will most likely rise on January 1st. It is important to remember that there are things that the date rollover cannot touch! It will probably continue to rain, things will grow, people will get married, the seasons will come and go, people will laugh, and people will cry. I believe that some heroic behavior will be witnessed as well as some drastic failure. What I am trying to say is that we have some things that we CAN depend on. Why not do it? As soon as I started depending on the things that I was given by God, I started feeling less like panicking. I don't see any chance at this point that we will make it through without any danger. That is why we should prepare, relying only on the things that we know will be there, like the sun, rain, and each other. This is not frenzy, this is just good sense.

I could be wrong about fear-mongers. They may be the biggest problem we face, but I want to oppose them by realistically assessing the progress, communicating it to the best of my ability, and in as much detail as is possible. I want to remind everyone that we should begin to rely on things that we know are not susceptible to the problem as much as we are able.

-- Anonymous, March 19, 1999