This link lists off the problems that Nuke sites have had with the emergency Diesel Generators since Jan.1 1999. A little disconcerting.

http://www.tmia.com/EDGs.html

-- Anonymous, July 27, 1999

Answers

It has come to my attention that this post might be removed because it can be anti-nuclear in interpretation. I'd just like to quickly defend it, in saying that I am not trying to push for nuclear shutdowns, nor am I against it. There are potentially huge problems that can occur through either decision, and I'm glad that I don't have to make that decision. I just posted the above because I think that it is important to keep the information flowing, and hopefully the problems that are being found will be fixed, rather than ignored. I believe that is why this forum was originally created, and I'm grateful that it continues to do so.

-- Anonymous, July 27, 1999

I'll reiterate once again - this is not a pro or anti nuke forum. This is a Y2k forum. I will never remove a post, anti-nuke or otherwise, that has a definite Y2k angle for the electric industry. It does not matter whether I agree with the post or not. "On topic" is the only consideration.

This particular link has a Y2k angle, and my apologies to marianne for removing the earlier post without following the link. I would ask, however, that the Y2k connection be clearly identified in the post. For instance, this particular link could have been originally described as relating to the Y2k petitions that NIRS currently has before the NRC regarding emergency diesel generators.

Again, if a connection to Y2k and the electric industry is defined in any post, the post stays. If there's no connection identified, the post goes. That seems pretty simple. ;-)

-- Anonymous, July 27, 1999

What about the compliancy of the EDG systems themselves? My understanding is these are large generators in the megawatt range and, as frequently noted in the incident reports, important safety systems as relates to the electrical grid. They are more complex then elevators, prison doors or for that matter radar ranges. Would suspect its being addressed but I haven't heard much discussion on it. And I know, I know, no one would ever use other then absolute time interval comparisons in an algorhithm to decide if an EDG system should kick in.

-- Anonymous, July 27, 1999

I have worked with EDG control systems for many years, including design upgrades. Generally, EDG controls are not complex and use older technology, where things get a bit more complicated are in the load sequencers logic, but even here the logic is electrical timing relays (sometimes digital) that are not affected by y2k problems. Some plants have digital monitoring that is not required for operation of the EDGs. There may be a few plants that have digital control systems, but I have not been able to confirm this. In reviewing the industry information, I have seen no information indicating y2k problems in EDGs EXCEPT not long ago I saw a reference to EDGs at Pilgrim in regards to y2k - I can't remember where I saw this, and have not confirmed it, but I do remember seeing it - if anyone has any solid information on this I would appreciate it.

Typical EDG control devices/components are pressure switches, eletrical relays,mechanical overspeed trip devices, speed switches (electronic), solenoid valves, air start motors, air compressors/tanks, and various other analog process components with no potential for y2k problems.

To summarize, EDG controls are typically older technology provided by the engine vendors. Some plants may have upgraded to digital control systems, and Pilgrim MAY have reported a y2k problem related to EDGs (severity of problem unknown).

I do know that the FP&L Turkey Point plant installed a digital PLC based load sequencer some years ago, but have heard of no Y2K problems regarding this system - I don't know if this PLC is date aware (most are not). If it does have a RTC, it is almost certainly used only for logging functions, as the sequencing is based on the timing functions unrelated to calender dates (this much I DO remember about their system from past studies).

Having expertise in EDGs and also Y2K, I am confident that there are no signficant industry wide issues regarding y2k problems IN EDGs. As I have stated in this forum previously, I am NOT satisfied with EDG design reliability in general, and this has nothing to do with y2k.

I reviewed the http://www.tmia.com/EDGs.html reports, someone did a good job of putting this list together, I find it handy myself. I also reviewed other information at www.tmia.com website, and found a suprisingly good write up by the Union of Concerned Scientist regarding EDG issues - many facts, with a few major errors however. There is an agenda here though, and this should be taken into account. But when the agenda is safety, and the facts are present and valid (as a number are), I will not take issue with the fact that reliability of emergency power sources needs stronger industry and regulatory attention.

What I DO object to, is the false and unsupported claims that Y2K is a signficant challenge to nuclear safety (our findings show quite the opposite). I also object to the claims that Y2K problems in EDGs are a signficant threat - show me your evidence if you make such a claim. Finally I object to the use of the real and valid Y2K issue as a "means" of furthering anti-nuclear power agenda's by falsely claiming y2k problems are a serious threat to safety systems, including EDGs.

The link above is interesting and pertinent - to EDG reliability, butI cannot see the tie in to Y2K (there is no case for the grid to be unstable due to y2k based on my direct observations of the embedded systems y2k problems we found, and by review of industry findings). The site also has a Y2K section regarding nuclear power, and this link is fully of dated, one sided quotes and several errors of fact.

In short, I have yet to see one single example of a y2k problem that would have a direct effect on the ability of a nuclear safety related system (class 1E system) to function, including EDGs - I have asked for factual evidence before, and have yet to see it.

I have seen so very little evidence of DOCUMENTED y2k problems with power systems - the best documented problem systems are in the link I posted to the www.nei.org nuclear PDF report. I may post some factual y2k bugs problems here, complete with linked evidence to manufacturers/models, just so SOMEONE can proove there are real y2k problems...;)

Regards,

-- Anonymous, July 27, 1999

Good Factfinder. Why did the Electric Utilities not announce compliance last year?

-- Anonymous, July 27, 1999

Factfinder,

Whether Y2K shuts down powerplants (through whatever means) or something else comes along that necessitates a shutdown, we are still depending on these EDGs to be capable of running in order to shutdown the plants. I've read numerous reports saying that all of the Emergency shutdown systems are Y2K Ready, but surely it is of prime concern to make sure that the shutdown equipment can still work on its own right, even if it does not use a date function.

-- Anonymous, July 28, 1999

When I asked our EDG system engineer how the diesels would handle the Y2K rollover, he told me about as well as they handled the year 1900 rollover, which gives an idea of the level of technology involved. When our Y2K team evaluated the EDG systems, we found just one digital component, and that had no date capability. While EDG reliability is certainly an important issue, there appear to be few, if any, Y2K related issues.

-- Anonymous, July 28, 1999

Tom:

I would caution everyone not to make assumptions of the Y2k status of all EDG's based on the experience at WNP2. I concur that many are "low tech", but there are some installations that are more along the line of what FF described. (some PLC's or other digital control such as Woodward governors). Again, dependencies rule the day.

Certainly, solid state relay logic which starts EDG's (bus undervoltage, etc.) is not impacted by Y2k, however, there are digital sequencers, PLC's and other digital control such as Woodward governors. I don't know that each and every (or any) of these items carries any Y2k baggage, but hopefully that's been addressed as each plant has conducted their evaluations.

But here again is something important - logging and annunciation, either remote or local, the ability of the operators to get accurate information to make operational decisions, and certainly EDG's have annunciation and logging points in most SOE and/or CRIDS systems, as well as SPDS. The integration of this information with other plant operating parameters (particularly in an emergency situation) is obviously important to the decision making process.

Does it all work in harmony? Has there been end-to-end integrated testing of EDG operations integrated with other operational conditions through actual event scenarios and simulations? That's the question each nuke plant Y2k person has to answer. I realize that this becomes more of an exercise in operator training and/or emergency response, but a holistic view of the operation of EDG's (and in fact all plant equipment in a variety of postulated worst case conditions) needs to be conducted, at least within the bounds of whatever PRA's have been previously accomplished.

-- Anonymous, July 28, 1999

I reviewed all Woodward technical documentation for our gas turbine and all Trisen documentation for our steam turbine. Nether of these governors are date aware.

Jim

-- Anonymous, July 29, 1999

Jim - I should have said, "some Woodwards..." - I certainly didn't mean to imply that a few, many, or all, Woodward governor controls are microprocessor based and have Y2k issues. I've worked with enough of them to know better.

Woodward has been continually updating compliance status of their products; they are currently up to Revision O (not "zero") of their disclosure document. (http://www.woodward.com/corporate/year_2000/Y2K%20Archives/ic g_g_o.htm)

Caveats abound - particularly with respect to much of their software that has time / date keeping functions. While the Woodward software may indeed be compliant, the software is only as compliant as the clock on the operating platform. This is where specific platform testing comes in.

All I was getting at is that we have to avoid falling into the trap of believing that if the equipment at one plant is fine, similar equipment at another plant is also fine. Each plant configuration and EDG installation is unique.

-- Anonymous, July 29, 1999

I'm traveling this week and handicapped by not having all my bookmarks and links available on this laptop, but I do happen to have a printout with me of part of the "Overview of Year 2000 Issue" given at the Workshop of 25-29 January, 1999 in Vienna and held by the International Atomic Energy Agency. After "Examples in Corporate Facilities" and "Examples in Medical Facilities" there is "Examples in Nuclear Facilities".

These are listed as:

-Station blackout diesel digital controllers [It would appear someone, somewhere, had a Y2K problem in this area]

-AMSAC reactor trip system [A primary safety system, if I'm not mistaken.]

-Radiation monitoring system

-Turbine control cooling systems

-Station security system

-Plant process computer systems, including Health Physics, Chemistry, Instrument Calibration

Of course, this Workshop was not U.S. centric, but attended by utility representatives from all parts of the world.

You need an Adobe Acrobat Reader for access of the link at:

ftp://ftp.iaea.org/dist/nsni/mod02fin.pdf

I would also like to point out that there are collateral Y2K situations with the potential to impact the EDG portion of safety systems. While it may well be true that there have been no Y2K problems found in the U.S. with the EDG systems, it's also documented that there have been non-Y2K problems found in EDG relays. (Seabrook) I don't find it inappropriate that in the recently posted audits of nuclear facilities' contingency plans on the NRC Y2K site, the companies were all asked by auditors about their EDG relays and if the company was aware of the problems found at Seabrook. The essence of this is that an appropriate loss-of-offsite-power contingency plan will be thrown off if there are any EDG problems - WHETHER OR NOT they are caused by a date function problem or something else. The reliable functioning of EDG's as part of emergency safety systems is a valid concern at any time, and I find it rather disingenuous to assume that only a date-problem could be an issue in the Y2K context. Since both NERC and the NRC have stated that there is an increased risk of loss of offsite power in 2000, then does it really matter whether a potential EDG problem is caused by an "actual" Y2K failure or something else non-date related?

Affirming that there are no date related problems in EDG's, hence no safety system problems in nuclear facilities, seems to me to be an illogical splitting of the Y2K hair, so to speak. IF the Year 2000 (or a winter storm or anything else) engenders a loss of offsite power situation for a nuclear facility, a non-date malfunction of any EDG's will be just as serious as if it were a date malfunction. And at that point, will saying an EDG failure "wasn't a 'real' Y2K problem" provide any consolation?

What would provide me with a good deal of relaxation over the issue, is if I knew that all nuclear facilities (or anyone else dependent on EDG's) were running an all-out test on the diesel generators for the FULL length of time specified in the plant's potential outage contingency plans, not just firing them up to see if they start. If I worked at a nuke plant, I personally would want assurance that not only would the EDG's start, but that they would continue to run within specifications for the maximum number of hours needed for any contingency.

-- Anonymous, July 29, 1999

Bonnie,

Yes, that's exactly the point! Will they deliver the backup for as long as is needed? What's the problem here? Don't want to spend the time and money to make sure? Well, the longer they wait, the less likely they will be able to replace the required parts in a timely manner. You know Bonnie, I get a very bad feeling that this whole matter is not being taken seriously enough. We're talking about a critical leg of the iron triangle here. From what FactFinder says, I will concede that his own company is "on the ball" but that is obviously not the case across the board.

-- Anonymous, July 30, 1999

Whoops!

Remember this one? There's a thread from May where a Y2k testing failure of an EDG at Arkansas Nuclear 1 was discussed. Since this particular failure showed up today on Gary North's forum, I think I'll start a new post so it hangs around the top level index for awhile. FF requested an example of an identified EDG Y2k related problem. Here it be. But read the following thread (or the new one that I'll create), because there's more to the story than meets the eye...

http://www.greenspun.com/bboard/q-and-a-fetch-msg.tcl?msg_id=000q vU

-- Anonymous, July 30, 1999

Rick:

Fair comment....my research covers only the model that we have installed on our GE LM5000. Our plant is about 10 years old and I'm sure many other models have been produced since our installation.

Hope to see you in Chicago next week.

Jim

-- Anonymous, July 30, 1999

FF - a well researched response, but still misses the point of one of my above postings:

But here again is something important - logging and annunciation, either remote or local, the ability of the operators to get accurate information to make operational decisions, and certainly EDG's have annunciation and logging points in most SOE and/or CRIDS systems, as well as SPDS. The integration of this information with other plant operating parameters (particularly in an emergency situation) is obviously important to the decision making process.

Does it all work in harmony? Has there been end-to-end integrated testing of EDG operations integrated with other operational conditions through actual event scenarios and simulations? That's the question each nuke plant Y2k person has to answer. I realize that this becomes more of an exercise in operator training and/or emergency response, but a holistic view of the operation of EDG's (and in fact all plant equipment in a variety of postulated worst case conditions) needs to be conducted, at least within the bounds of whatever PRA's have been previously accomplished.

I'll try to comment a bit further later today. The grill is warming up, the beer is cold, burgers are ready to go, and I just ran inside to catch up on email and stuff during a quick break in the action.

-- Anonymous, July 31, 1999

Fact Finder,

Personally, I don't care if a nuclear plant melts down because a y2k problem or a relay problem, the result is the same.

The following is a snippet from what I posted on 24 June on this forum, without much appropriate comment at the time. In fact Rick pulled it the first time I posted it, because I didn't make much if any comment, just offered it for review:

----------------------------------------------------- Las Vegas SUN ----------------------------------------------------- Today: July 18, 1998 at 10:52:24 PDT

Nuclear Plant Survives Tornado Hit ASSOCIATED PRESS

OAK HARBOR, Ohio (AP) --

[note: the offsite power was down for 41 hours total]

Hours later, as the plant was switching back to offsite power, the second generator shut down a few seconds early because of a faulty relay.

Plant managers also worried about rising temperatures in a 23-foot-deep pool that cools spent reactor fuel. The temperature reached 140 degrees -- roughly the point where evaporation would increase -- but enough offsite electricity returned to power the cooling pumps.

xBob

-- Anonymous, August 04, 1999