IEER | SDA V9N1 / E&S #15


Nuclear Plant Risk Studies: Dismal Quality

By David Lochbaum1

An accident at a US nuclear power plant could kill more people than were killed by the atomic bomb dropped on Nagasaki.2 The financial repercussions could also be catastrophic. The 1986 accident at the Chernobyl nuclear plant cost the former Soviet Union more than three times the economical benefits accrued from the operation of every other Soviet nuclear power plant operated between 1954 and 1990.3

But consequences alone do not define risk. The probability of an accident is equally important. When consequences are very high, as they are from nuclear plant accidents, prudent risk management dictates that probabilities be kept very low. The Nuclear Regulatory Commission (NRC) attempts to limit the risk to the public from nuclear plant operation to less than one percent of the risk the public faces from other accidents.

The Union of Concerned Scientists (UCS) examined how nuclear plant risk assessments are performed and how their results are used. We concluded that the risk assessments are seriously flawed and their results are being used inappropriately to increase -- not reduce-- the threat to the American public.

Nuclear plant risk assessments are really not risk assessments because potential accident consequences are not evaluated. They merely examine accident probabilities -- only half of the risk equation. Moreover, the accident probability calculations are seriously flawed. They rely on assumptions that contradict actual operating experience.

All probability analyses make assumptions. For example, when you calculate that the probability of getting heads upon a single flip of a quarter is 50 percent, you are assuming that the coin will not land on its edge. Nuclear plant probabilistic risk assessments (PRAs) rely on numerous unrealistic assumptions that fly in the face of the actual data from operating nuclear power plants:4

Assumption: The plants are operating within technical specifications and other regulatory requirements.

Fact: There are more than 1,000 violations of technical specifications and regulatory requirements each year. As a result of this unrealistic assumption, the core damage frequencies (CDFs) calculated in the PRAs are too low. By assuming that emergency equipment meets safety requirements when in fact it does not, the PRAs calculate better response capabilities than supported by reality. In other words, the core damage frequencies are really higher than reported by the PRAs.

Assumption: Plant design and construction are completely adequate.

Fact: The risk assessments assume that there are zero design and construction problems when hundreds of problems are discovered every year. The NRC's Office for Analysis and Evaluation of Operational Data documented 3,540 design errors reported between 1985 and 1994.5 That means a design error was discovered at a nuclear power plant in the United States almost every single day for an entire decade.

Assumption: Plant aging does not occur; that is, equipment fails at a constant rate.

Fact: The NRC has issued more than one hundred technical reports about the degradation of valves, pipes, motors, cables, concrete, switches, and tanks at nuclear plants caused by aging.6 These reports demonstrate that parts in nuclear plants follow the "bathtub curve" aging process illustrated in the figure below. A telling demonstration of the effects of age occurred in 1986. Four workers were killed at a nuclear power plant in Virginia because a section of pipe eroded away with time until it broke and scalded them with steam.7 Yet most PRAs assume no aging effects.

Assumption: The reactor pressure vessels never fail.

Fact: Experience has shown that this assumption has as many cracks and flaws as the reactor pressure vessels themselves. In 1995, UCS issued a report on the fragile condition of reactor pressure vessels at nuclear power plants.8 For example, the Yankee Rowe plant in Massachusetts closed in 1992 because its reactor pressure vessel had become brittle over time. Brittle metal can shatter, much like hot glass, when placed in cold water. Despite the closure of the Yankee Rowe plant and documented embrittlement at many other nuclear plants, the risk studies continue to assume a zero chance of reactor pressure vessel failure.

Assumption: Plant workers make few serious mistakes.

Fact: A report issued in February 2000 by the Idaho National Engineering and Environmental Laboratory (INEEL) demonstrates that unjustified assumptions about worker behavior continue to be a problem. Researchers at INEEL examined 20 recent operating events at nuclear power plants and concluded that "Most of the significant contributing human performance factors found in this analysis of operating events are missing from the current generation of probabilistic risk assessments....[which] does not address well the kinds of latent errors, multiple failures, or the type of errors determined by analysis to be important in these operating events."9

Assumption: Risk is limited to reactor core damage.

Fact: The PRAs only determine the probabilities of events leading to reactor core damage. They do not calculate the probabilities of other events that could lead to releases of radiation, such as fuel going critical in the spent fuel pool or rupture of a large tank filled with radioactive gases. Some of these overlooked events can have serious consequences. For example, researchers at the Brookhaven National Laboratory estimated that a spent fuel pool accident could release enough radioactive material to kill tens of thousands of people.10

History shows there is a greater probability of a flipped coin landing on its edge than of these assumptions being realistic. Unrealistic assumptions in the PRAs make their results equally unrealistic. In computer programming parlance, "garbage in, garbage out."

Furthermore, the NRC requires plant owners to perform the calculations, but fails to establish minimum standards for the accident probability calculations. Thus, the reported probabilities vary widely for virtually identical plant designs. Four case studies clearly illustrated the problem:

  • The Wolf Creek plant in Kansas and the Callaway plant in Missouri were built as identical twins, sharing the same standardized Westinghouse design. But some events at Callaway are reported to be 10 to 20 times more likely to lead to reactor core damage than the same events at Wolf Creek.
  • The Indian Point 2 and 3 plants share the same Westinghouse design and sit side by side in New York, but are operated by different owners. On paper, Indian Point 3 is more than 25 percent more likely to experience an accident than her sister plant.
  • The Sequoyah and Watts Bar nuclear plants in Tennessee share the same Westinghouse design. Both are operated by the same owner. The newer plant, Watts Bar, was originally calculated to be about 13 times more likely to have an accident than her sister plant. After some recalculations, Watts Bar is now only twice as likely to have an accident.
  • Nuclear plants designed by General Electric are equipped with a backup system to shut down the reactor in case the normal system of control rods fails. On paper, that backup system is highly reliable. Actual experience, however, shows that it has not been nearly as reliable as the risk assessments claim.

To make matters worse, the NRC is allowing plant owners to further increase risks by cutting back on tests and inspections of safety equipment. The NRC approves these reductions based on the results from incomplete and inaccurate accident probability assessments.

When the NRC learns that a nuclear plant does not meet federal safety regulations, it relies on the calculated accident probabilities to assess the risk. The NRC -- under constant pressure from the nuclear industry -- has recently accepted a concept of "risk-informed regulation," in which many safety regulations are eliminated and the scope of other regulations is significantly reduced based on the results of risk assessments. A critical question, then, is whether risk assessments are accurate enough to rely on for these purposes.

In sum, the risk of a major accident at any nuclear power plant is unknown, because although the probability of an accident has been assessed (albeit with flawed assumptions, and inconsistent definitions and procedures), the consequences have not been assessed. The following will draw on other sources to provide the missing piece of the risk puzzle.

A nuclear plant accident can harm the public by releasing radioactive materials. Radioactive materials emit alpha particles, beta particles, gamma rays, and/or neutrons. These emissions are called "ionizing radiation" because the particles produce ions when they interact with substances.11

Following the Three Mile Island (TMI) accident in 1979, the Sandia National Laboratory estimated the potential consequences from reactor accidents that release large amounts of radiation into the atmosphere. For each nuclear plant then in operation and nearing completion, Sandia determined the amount of radiation that could be released following a major accident, the area's weather conditions, and the population downwind of the plant. Then Sandia estimated how many people would die and be injured within the first year due to their radiation exposure. Sandia also estimated how many people would later die from radiation-induced illnesses like cancer. Early fatality estimates ranges from 700 for a small reactor to 100,000 for one of the larger ones. Cancer death estimates ranged from 3,000 to 40,000. Injury estimates ranged from 4,000 to 610,000. For comparison, the atomic bomb dropped on Hiroshima killed 140,000 people and the one dropped on Nagasaki killed 70,000 people.12

The incomplete and inaccurate state of nuclear plant risk assessments does not provide a solid foundation for the NRC to move towards risk-informed regulation. Before the NRC allows takes another step towards risk-informed regulation, the NRC must complete the following tasks:

  1. Establish a minimum standard for plant risk assessments that includes proper methods for:
    1. handling the fact that nuclear plants may not conform with all technical specification and regulatory requirements;
    2. handling the fact that nuclear plants may have design, fabrication, and construction errors;
    3. handling equipment aging;
    4. treating the probability of reactor pressure vessel failure;
    5. handling human performance;
    6. handling events other than reactor core damage in which plant workers and members of the public may be exposed to radioactive materials (e.g., spent fuel pool accidents and radwaste system tank ruptures);
    7. handling nuclear plant accident consequences to plant workers and members of the public;
    8. justifying the assumptions used in the risk assessments; and
    9. updating the risk assessments when assumptions change.
  2. Require all plant owners to develop risk -- not probability -- assessments that meet or exceed the minimum standard.
  3. Require all plant owners to periodically update the risk assessments to reflect changes to the plant and/or plant procedures.
  4. Require all plant owners to make the risk assessments publicly available.
  5. Conduct inspections at all nuclear plants to validate that the risk assessments meet or exceed the minimum standards.
  6. Disallow any use of risk assessment results to define a line between acceptable and unacceptable performance until all of the steps listed above are completed.

It will take considerable effort on the part of the NRC to implement these recommendations. Unfortunately, the NRC may be unable to take these safety steps because it is under attack from the US Congress to reduce its budget. Why? The NRC is a fee-based agency. Most of the NRC's budget is paid not by taxpayers but by the plants' owners. These plant owners lobbied Congress to slash the NRC's budget. Congress listened and slashed. In 1987, the NRC had 850 regional and 790 headquarters staff members.13 Ten years later, chronic budget cuts had reduced the NRC to 679 regional and 651 headquarters staff members. During a decade that began with 101 licensed nuclear power plants and ended with 109 plants, the NRC lost 20 percent of its safety inspectors.14

The NRC must be made more independent of the nuclear industry in its funding so that it can properly regulate the industry before it is too late.

Science for Democratic Action vol. 9 no. 1 Main Menu
Science for Democratic Action Main Menu
IEER Home Page
Institute for Energy and Environmental Research
Comments to Outreach Coordinator: ieer@ieer.org
Takoma Park, Maryland, USA

December 2000

Endnotes

  1. David Lochbaum is Nuclear Safety Engineer at the Union of Concerned Scientists (UCS). This article is based on the UCS report he authored, Nuclear Plant Risk Studies: Failing the Grade (Cambridge, Mass.: Union of Concerned Scientists, August 2000), which can be ordered from UCS (Tel. 1-617-547-5552) or downloaded from its Web site, http://www.ucsusa.org/energy/nuc_risk.html.
  2. US House of Representatives, Committee on Interior and Insular Affairs Subcommittee on Oversight & Investigations, "Calculation of Reactor Accident Consequences (CRAC2) for US Nuclear Power Plants (Health Effects and Costs) Conditional on an 'SST1' Release," November 1, 1982; and Nuclear Regulatory Commission, "A Safety and Regulatory Assessment of Generic BWR and PWR Permanently Shutdown Nuclear Power Plants," NUREG/CR-6451, Washington, D.C., August 1997.
  3. Richard L. Hudson, "Cost of Chernobyl Nuclear Disaster Soars in New Study," Wall Street Journal, March 29, 1990.
  4. Nuclear Regulatory Commission, "Individual Plant Examination Program: Perspectives on Reactor Safety and Plant Performance," NUREG-1560, Vol. 2, Parts 2-5, p. 14-3, Washington, D.C., November 1996.
  5. Sadanandan V. Pullani, "Design Errors in Nuclear Power Plants, " AEOD/T97-01, Washington, D.C.: NRC Office for Analysis and Evaluation of Operational Data, January 1997.
  6. Nuclear Regulatory Commission, "NRC Research Program on Plant Aging: Listing and Summaries of Reports Issued Through September 1993," NUREG-1377, Rev. 4, Washington, D.C., December 1993.
  7. Brian Jordan, "NRC Finds Surry Accident Has 'High Degree' of Safety Significance," Inside NRC, Washington, D.C.: McGraw-Hill, January 5, 1987.
  8. Robert Pollard, "US Nuclear Power Plants-Showing Their Age-Case Study: Reactor Pressure Vessel Embrittlement," Cambridge, Mass.: Union of Concerned Scientists, December 1995.
  9. Jack E. Rosenthal to John T. Larkins, "Meeting with the Advisory Committee on Reactor Safeguards Human Factors Subcommittee, March 15, 2000, on SECY-00-0053, NRC Program on Human Performance in Nuclear Power Plant Safety," Washington, D.C.: Nuclear Regulatory Commission, March 6, 2000. (Ed. note: This report was prepared by INEEL for the NRC.)
  10. Nuclear Regulatory Commission, "A Safety and Regulatory Assessment of Generic BWR and PWR Permanently Shutdown Nuclear Power Plants," NUREG/CR-6451, Washington, D.C., August 1997. (Ed. note: This report was prepared by Brookhaven National Laboratory for the NRC.)
  11. Code of Federal Regulations, Title 10, Energy, Section 20.1003, Definitions.
  12. Richard Rhodes, The Making of the Atomic Bomb, New York: Simon & Schuster, pp. 734 and 740, 1986.
  13. NRC Office of Nuclear Reactor Regulation, "Regulatory Trends," Washington, D.C., April 1997.
  14. Sadanandan V. Pullani, "Design Errors in Nuclear Power Plants, " AEOD/T97-01, Washington, D.C.: NRC Office for Analysis and Evaluation of Operational Data, January 1997.