Did anyone catch this in the euy2k.com newsroom? What's the deal? Rick?? I thought the NRC has said that there's no Y2k impact to safety systems?

Pa. Nuclear Plant Loses Monitoring System Computers During Y2k Testing , http://www.euy2.com/newsroom.htm

-- Anonymous, February 26, 1999

Answers

Sorry, messed up the link, here's the right one:

http://www.euy2k.com/newsroom.htm

Pa. Nuclear Plant Loses Monitoring System Computers During Y2k Testing

-- Anonymous, February 26, 1999

Dan,

I do not have the specifics on this particular occurrence yet, but am trying to get some more details. I *do* know that these are significant systems (why do you think they call it "safety parameter display system"?). ;-)

And here's something that's even more concerning to me:

William D. Travers, NRC Executive Director for Operations testified before the Senate Subcommittee on Clean Air, Wetlands, Private Property and Nuclear Safety Committee on Environment and Public Works on 2/24/1999 that, "To date, the NRC staff has not identified or been apprised of any Y2K problems in nuclear power plant systems that directly impact actuation of safety functions." (ref: (http://www.nrc.gov/NRC/Y2K/WDTY2K.html)

The date of the Peach Bottom report is 2/12/1999 (the problem actually happened on 2/9/1999). The date of Mr. Travers' testimony is 2/24/1999. While Mr. Travers may be splitting legally accurate semantical hairs with his testimony, it seems analogus to Bill Clinton saying...oh, never mind...you get the picture.

-- Anonymous, February 26, 1999

This "incident" sparks my curiousity about a couple of things. I don't have any inside knowledge of the set up of systems in a nuke plant, but I was under the impression that a loss of safety systems monitoring was a requirement for plant shutdown? Or is it that in this case it wasn't realized that the primary system was also locked up? Or if the safety systems do lock up is a shutdown is not mandated?

The second concern is a question my husband had when I showed him the report. He was quite amazed that all connections to the primary system had not been disconnected prior to the rollover test of the secondary system. This seemed to him to be a breach of normal procedures, but since he also doesn't know how the nuclear plant systems are set up, he couldn't say whether all the backup systems could be completely disconnected or not. (Although if they can't he believes they should have been designed to be able to.)

I'll appreciate any input from Rick or others who have more expertise about either of these issues. Heaven knows, the best of engineers or computer systems people can make mistakes. That's a normal human condition which has to be factored into the whole Y2K situation, both now and post 2000. The idea that all Year 2000 testing and remediation will be error free, which some articles seem to assume, just doesn't hold true. I also don't expect anyone to diagnose what happened without full information, I'm just asking if there is a *possiblity* this was an avoidable situation? Or am I not understanding the situation correctly?

-- Anonymous, February 26, 1999

This report is the topic of a thread on the Yourdon Y2K forum. One of the respondents, Robert Cook, is (I believe) a nuclear engineer actively employed in an operating nuclear plant. His post is informative, if not entirely reassuring. See http://greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=000XqU

-- Anonymous, February 26, 1999

Is this the one?

Peach Bottom Unit 2: Loss of Plant Monitoring System Computers During Y2K Testing

I got this from year2000.com bug bytes area.

-- Anonymous, February 27, 1999

The Peach Bottom Plant Monitoring System/SPDS y2k testing shutdown is a very interesting event, good find Rick. I tried unsuccessfully to reach a contact there to get more details.

The SPDS is a post TMI mandated system (NUREG-0737 supplement 1, NUREG-1342 etc.) and is typically classified as "non-safety" related (non-1E) for design purposes. It appears that Peach Bottom implements the SPDS on the Plant Monitoring System which is in itself very unlikely to be Safety class. We need to get the scoop from a PB contact to be sure of exactly what they have.

Loss of the SPDS does not necessarily require a shutdown, since there are other plant process indicators, recorders, etc. that can provide redundant or alternative process information. Although a shutdown was obviously not required in this case, the mandating document as to whether a shutdown would be required for the loss of any systems would be the plants specific Technical Specifications. Sometimes shutdowns are time based , i.e., shutdown is required if a system is not restored in X hours. It is not uncommon to loose the plant monitoring computer (non-safety), and not all plants even have a backup computer. In the event of a loss of plant monitoring computer there are procedures that direct operators to other indicators, perform manual calculations, and take other compensatory measures.

Unless this is a very unusual SPDS, it has no safety-related system automatic actuations or any other direct controls, and performs only a monitoring function.

Here is a great link to the real (but not updated) system training guides of one nuclear plant (I'm quite proud of having stumbled onto this site while searching for other things...and Rick....if you already have THIS one posted on your site, I'm gonna really pat you on the back!): System Training Guides at Berkeley. These guides should be helpful in giving you a flavor of the equipment and operating requirements of a typical nuclear plant. In reviewing these, please do not make the mistake of assuming similarity to systems with the same name at other plants, often it's apples and oranges. In the case of the SPDS, the Peach Bottom system appears to be very different than Diablo's

I agree with Bonnie that mistakes in testing happen, in fact I expect to see more problems with Y2K this year during testing than I'll ever see in the year 2000, but hey, that's just me.... ;-)

Regards, FactFinder

-- Anonymous, March 01, 1999