This is in the euy2k.com newsroom this morning:
PECO Energy's Peach Bottom Unit 2 nuclear facility near York, Pa. recently experienced a 7 hour lockup of the plant's primary and backup plant monitoring system computers during Y2k testing. The NRC weekly summary of 2/12/1999 reports that operators lost the plant's Safety Parameter Display System (SPDS), Emergency Response Data System (ERDS), and 3d Monicore thermal limit monitoring system during the event.
Engineers had taken the backup PMS computer off-line and had advanced the PMS clock to a year 2000 Date. This led to a lockup of the backup PMS, and the system transferred to the primary, on-line PMS computer. The engineers did not recognize that the system had transferred and, believing that the original command was not accepted, again advanced the system clock, causing the primary PMS to lock up also. Several initial attempts to restore the PMS computers were unsuccessful, and operators determined that this constituted a major loss of emergency assessment capability. The PMS computers are not Y2K compliant, but the engineers believed that this would not impact the testing. Operators did not expect the testing would affect the on-line PMS computer. PECO Energy plans to perform a full root cause analysis of this event.
Once and for all, someone needs to answer the question - the nuclear industry appears to be in total denial on this issue - is there safety issues with nuclear plants and Y2K??
-- Dan Webster (cant.sp@m.me), February 26, 1999
Answers
Uh . . . I live//b> in York, PA which is only a short drive
to Three Mile Island.
Robert, need some analysis here please. At least tell me once again
not to worry about the nukes. I'd feel so much better if you could.
. . . scurrying family to basement now . . . did I just hear a
siren???
-- David (David@BankPacman.com), February 26, 1999.
. . . turning off the bold . . .
-- David (David@BankPacman.com), February 26, 1999.
Let me get some baaackground info .. not going to conclude anything yet.
remember though, what I've been saying about testing and backups? Computers fail in wierd and wonderful ways - and the real embedded chips problems taht will tend to shut down things are the ones that "nobody thought of....." like this.
Notice the startup of the backup, the early time frame invloved, and the extent of the apparent failure - losing a monitoring system (one level of three systems in this case, then the backup as the reaction to the first) is not a critical event, unless you are already in a casualty. Make sense? If there is nothing "out of ordinary to monitor" - there is no significant impact if the monitoring system drops during testing.
However - they are investigating, lets see what the NRC does, what the penalty (fines) are, what "lessons learned" are passed to other utilities, etc. This shows the feedback and training part of the nuke plants that makes them more likely to manage to generate power after Y2K than other plants. No backup systems, or not as many backup systems elsewhere. Not as much (if any) pre-testing for failures like this. No penalties or fines for "test failure", and no "lesson learned" data going to other utilities.
As an example of the "level" of this failure - its like testing the water temperature gage on your car. The test caused the gae to fail, and caused the backup temperature gage to fail. Now, losing the primary (and secondary) temperature gage doesn't harm anything unless your car is out of coolant or has bust a hose. In normal operation, it would keep operating. But they do now to fix their gages. The manual and alternate temperature readings (showing core temperatures) would still be able to show trends and detect problems, but you should run with everything correct. That's why I suspect they will get fined for the test failure - which will warn everybody else.
A conventional power plant would have no temperature gage or oil pressure gage or tachometer, much less a backup gage, backup oil pressure gage, oil pressure warning siren, and hourly water temperature and oil level surveys and manual dipstick readings. It would just have a single "red" "high temperature" warning light on the dashboard - and most conventional plants would not have tested the thing at all. So when it failed next year - the conventional plant whould not know they even had a failed light bulb in the warning socket - and so would blow up their engine.
Does this analogy make more sense of a confusing, admittedly potentially frightening, situation? Be glad instead that the system worked - they now have a chance to fix it in a timely manner, to teach other plants what happened, and to test other things for the unexpected.
-- Robert A. Cook, P.E. (Kennesaw, GA) (cook.R@csaatl.com), February 26, 1999.
. . . scurrying family to basement now . . . did I just hear a
siren???
Wish you hadn't said that:
*** One day I was eating a pancake filled with applesauce, sweet
applesauce. Suddenly the air raid sirens began to scream, advertising
another ripple on our river of life. Applesauce. There was terror in
applesauce. I didn't know what it was about that stuff, the flavor or
the texture. It was definitely not apples per se. I like apples,
apple juice and apple pie. My liking of apple pie even made me a good
American.
I would not gag down applesauce again until I forced myself just
recently. Whenever I tasted it, I�d shiver. I could not eat it, even
though this would insult hostesses who served it to me over the
years. I would eat everything else, including guts retrieved from
cowshit, and cattle feed with rodentshit. This fact would help keep
us alive for many years. But not applesauce.
My mayhem ghost caused me to develop abnormally in that I
avoid watching war movies. I find exploding humans and screaming
sirens deeply saddening, instead of uplifting and fulfilling like it
seems to be for most people. They splatter guts inside their boob
tubes and stare at them by the millions; they participate in such
games on video.
Do they want ghosts in their souls?
Hard as I�ve tried, I have not always been able to avoid
these ghosts. They would surface at unexpected times throughout my
life.
For example, my wife and I would one day visit a theater to see Not
Without My Daughter. I had not yet met my mayhem ghost and did not
know that it existed. This movie was based on the true story about an
American girl who married an Iranian boy. Nowadays the sexes of the
partners have to be specified. In the good old days it always was
easy to know this, one boy and one girl. But since we are now on a
higher level of civilization, brought about by a higher level of
technology, a marriage can be of any combination. And we can even be
proud of any combination.
A recent creation of such a combination is the virtual marriage. One
partner of this combination thinks the sex of his or her mate is such
and such, but turns out later to be different from what he or she
thought he or she had married. When we become still more civilized in
a few years, a marriage might even include other species, such as a
Holstein bull hitched to a normal boy or an abnormal normal girl or
any combination not yet recognized. I only refer to a Holstein bull
because later in life one such tried to hitch me.
Anyway, in the movie this couple moved to Iran a few years
after their daughter was born. The daughter indicates that this was a
marriage in the old sense of the word, as created by God, and was
totally square.
Subsequently, A. K., who claimed to be in close contact with God, and
always wore a grim face, and always wore a black rag twisted around
his head, and always sported a full beard he could hide in, led a
holy war which included Iran's children who died to go to heaven, so
they�d visit him when he arrived there himself. This earned him the
Man of the Year award of a national magazine and his picture
brightened its cover.
In this movie I did not expect to be instilled through my
remaining ear with the terror of air raid sirens. This invited the
mayhem ghost. Nor did it occur to me up to this time that after so
many years its screaming would still bother me. I had not benefited
from it since my first war. The devil's howl caused an intense agony
in my heart and soul. I wanted to cower under the seats but I was
stuck in the middle of the crowded theater.
I also wanted to find out how enjoyable this sensation could get and
try to slay this ghost. I had to convince myself that it was only a
ghost and that I had nothing to fear. I had to be certain that it was
not the devil, but only a distant memory of him.
Upon leaving the theater I burst out sobbing uncontrollably. A fist
gripped my heart. I wanted to rip it out myself so it would not hurt
anymore. Squirting tears, gasping for air, I tried to explain to my
worried wife that I was all right.
"I�m OK, sob, FlowerBear, sob, I�m just entertaining these
people. Baahhhh. In case they found the movie boring. Baaahhhhhh."
That is what I would have told her, my FlowerBear, had my
jokingbraincells not been shunted by this episode.
Someday my government will protect me with: "Caution, the devil's
wail may rip your soul. It will destroy your heart".
It will protect me, since I am not normal and victims give
bureaucrats a purpose for their existence. To protect victims from
other victims, and then again from bureaucrats ***
-- Not Again! (seenit@ww2.com), February 26, 1999.
Right Robert!
"Operators did not expect the
testing would affect the on-line PMS computer." And this is an
example why
i'm a gloomer about Y2K. Billions and billions of systems and code
supporting our web...impossible to predict how they will all react. I
believe Carl Sagan would agree with me. It's very reassuring that PECO
is testing and failing -now-, but will all the other nume plants do
the same? Will all the other utilities and businesses? billions and
billions...
Breath deep David. PA is one of the states most on top of Y2K ;-)
Not Again, don't feel bad to post your memoir snippets, this is
wonderful therapy and it might just be what you
need to banish the remaining ghosts. What you lived wasn't in vain,
it's history repeating itself, but you're teaching many of us to
recognize it.
-- Chris (catsy@pond.com), February 26, 1999.
At the risk of sounding incredibly stupid and simplistic. Does this
mean that by undergoing this Y2K testing and encountering the problem
which hopefully they find the full root cause for and remedy; they in
turn shall be free and clear with the changeover at the end of the
year from 99 to 2000?
-- Suburb (an@dcmetroarea.com), February 26, 1999.
Robert, I think it is unlikely NRC will impose a fine. I base this on
an understanding of EPA's enforcement policy, and an indication from
the following minutes that EPA and NRC are being encouraged to take
similar approaches:
From http://www.y2k.gov/
PRESIDENT'S COUNCIL ON YEAR 2000 CONVERSION
Meeting Minutes January 14, 1999 (excerpt)
"�REGULATORY CHALLENGES
Al Pesachowitz, Environmental Protection Agency (EPA), discussed EPA's
Y2K enforcement policy, which is available on the Web at
http://www.epa.gov/year2000/finapol.htm. The policy states that EPA
will waive 100 percent of the civil penalties that might otherwise
apply, and recommend against criminal prosecution, for environmental
violations caused by specific tests to identify and eliminate
Y2K-related malfunctions. The policy is limited to testing-related
violations disclosed to EPA by February 1, 2000, and it is subject to
certain conditions�[snip]
Frank Miraglia noted that the NRC has mechanisms for granting
enforcement discretion, which may be used to handle Y2K issues.
Specifically, he cited a regulation that allows operators to deviate
from their license if acting to protect public health and safety. The
NRC recently released its Y2K contingency plan for review and comment.
A copy of the plan was included in the meeting package.
The Chair observed that in the normal enforcement process, certain
standards must be met to avoid fines and/or closure. In the event of
Y2K disruptions, however, it may be important for functions to
continue. Al Pesachowitz noted that EPA laws include enforcement
discretion. The key is demonstrating due diligence with action to
protect public health and safety. The Chair suggested that the EPA and
NRC share the results of their public comment periods on the new
regulations. He noted the importance of establishing a common approach
to enforcement. Robert Colby, Securities Exchange Commission (SEC),
emphasized developing a consistent schedule for enforcement. �"
-- Brooks (brooksbie@hotmail.com), February 26, 1999.
. . . is it OK to come out now???
Oh, alright, I get it. Bug wasn't dangerous. Just testing. Better
now than later. Oil pressure gauge . . . good analogy, I understand
that one . . . thanks Robert.
Didn't mean to stir up old memories Not Again, sorry. Folks around
here still spooked over TMI. Can't imagine WWII. Nothing like
tragic experiences to burn lasting images into our conscience.
Breathing easier . . . it's OK guys you can come up now
Later folks.
-- David (David@BankPacman.com), February 26, 1999.
On the other hand David, if you only have one warning light, you're in the middle of the Indy 500 doing 200 mph in a million dollar race car trying for a 2 million dollar prize (or nothing for the losers), do you want to stop and test the warning light if it stays dark?
That's the situation the regular plants and chemical refineries (the ones not doing adequate pre-2000 testing) will be placing themselves. They are just keeping on keeping on, believing that if they see nothing (the warning light is off) then nothing is wrong (they have good oil pressure, and don't need a warning light.) This is true - at the current time, they don't need a warning light because they have oil pressure - "just like always".
Until their engine blows up under the stress of changing conditions (....they had no oil pressure for 30 seconds, didn't stop the car, didn't save the engine, and so they have no engine and no car for two months. And lose the race anyway.)
-- Robert A. Cook, P.E. (Kennesaw, GA) (cook.R@csaatl.com), February 26, 1999.
Thanks Robert. I feel sooooo much better now. OK, so I'll be in the
dark for 2 months, but at least I won't be glowing eh?
-- David (David@BankPacman.com), February 26, 1999.
"Does this mean that by undergoing this Y2K testing and encountering the problem which hopefully they find the full root cause for and remedy; they in turn shall be free and clear with the changeover at the end of the year from 99 to 2000?"
What this means is simply that this particular mode of failure will (probably) be eliminated. Continued testing may well elicit other unexpected modes of failure, which also will be fixed.
But certainty that no more surprises will be encounterd is impossible to achieve.
-- Tom Carey (tomcarey@mindspring.com), February 26, 1999.
Speaking of Three Mile Island, I'm reminded of the panic fleeing that
occurred when that event was going on and how it might be reflected
in Y2K. I was a young GI stationed in southern Georgia with a
neighbor who's family lived fairly close to TMI. The poor girl had
eight relatives show up on her two-bedroom apratment's doorstep
fourteen hours after the first public announcements. If we start
having pre-Y2K jitters and panics, a lot of folks might have such
unexpected guests.
Harrisburg, PA to Valdosta, GA in fourteen hours, it may still stand
as a record.
WW
-- Wildweasel (vtmldm@epix.net), February 26, 1999.
Wildweasel,
You weren't flying (a plane), were you? ;-) But that wasn't a record. How about Cleveland, GA to Philly in twelve hours? Don't know to this day how we did it, must've had a tail wind. :-)
Maybe this sounds like Pollyana, but every test that occurs, pass or fail, sounds like good news to me. It's one more problem detected, one more "uh-oh, never thought of that one" exposed *before* the singularity.
-- Elbow Grease (Elbow_Grease@AutoShop.com), February 26, 1999.
Moderation questions? read the FAQ