The NRC and Nuclear Power Plant Safety (2011)

2011 Report: Living on Borrowed Time
February 2012
Fifteen "near-misses" suggest the NRC can and should do better with nuclear power safety.

The Nuclear Regulatory Commission, the federal agency responsible for ensuring that U.S. nuclear plants are operated as safely as possible, gets mixed reviews again in our second annual assessment of NRC response to safety problems, The NRC and Nuclear Power Plant Safety in 2011: Living on Borrowed Time

The report examines 15 “near-misses” at U.S. nuclear plants during 2011 (see table below) and evaluates the NRC response in each case. Since NRC inspections cannot reveal more than a fraction of the problems that exist, it is crucial for the agency to respond effectively to the problems it does find.

In addition to these 15 near-misses, the report offers examples of both positive and negative outcomes from NRC inspections:

Positive

Fort Calhoun. NRC inspectors' insistence that the plant comply with flood protection requirements came in handy when a Missouri River flood inundated the plant site in June.

Hatch. A 1995 decision had allowed plant operators to substitute warning indicators for an automated shutoff system designed to protect pump motors from voltage dips. In 2011, the NRC recognized this as a mistake and rectified it.

LaSalle. Inspectors noticed that a tank was left partly filled with water between system tests—a condition that put the tank at risk of collapse during an earthquake, possibly damaging pumps and other equipment. The problem was fixed not only at LaSalle but at another plant whose owner read about the issue and realized his plant shared it.

Negative

CDBIs. Each plant periodically undergoes component design basis inspections (CDBIs) to ensure that plant systems and procedures conform to design requirements. A lack of improvement in CDBI results over time indicates a failure to address root causes; the NRC is treating the symptoms, but not the disease.

Fire Protection. The NRC's insistence that 47 reactors are safe enough to continue operating despite their continued failure to comply with fire protection regulations does not stand up to legal or ethical scrutiny.

Earthquake Risk. Similarly, the NRC continues to allow 27 plants to operate with seismic protection levels inadequate to meet seismic threat levels, even though it has been aware of the problem for over a decade. Making matters worse, eight plants have inadequate protection from both fire and earthquake.

Lessons learned

The risk of a disaster at a nuclear power plant is low—and last year brought a series of reminders, both in Japan and the United States, of how important it is to keep that risk as low as possible. The NRC can be a highly effective regulator, but much remains to be done before the agency can fulfill that role as consistently as the public has a right to expect.

NUCLEAR NEAR-MISSES IN 2011
Reactor & Location Owner Highlights
Braidwood
Joliet, IL
Exelon After NRC inspectors questioned the practice of draining water from portions of the essential service water piping to the auxiliary feedwater pumps (to avoid corrosion damage from untreated water leaking past isolation valves), analysis revealed that this key emergency system might not function during an accident. The NRC team also discovered that workers failed to declare an emergency in response to the recurring failure of all control room alarms.
Byron
Rockford, IL
Exelon After NRC inspectors questioned the practice of draining water from portions of the essential service water piping to the auxiliary feedwater pumps (to avoid corrosion damage from untreated water leaking past isolation valves), analysis revealed this key emergency system might not function during an accident.
Callaway
Jefferson City, MO
Union Electric Co. Routine testing of an emergency pump intended to prove that it was capable of performing its safety functions during an accident actually degraded the pump. The pump’s manufacturer recommended against running the pump at low speeds, but this recommendation was ignored during the tests.
Cooper
Nebraska City, NE
Nebraska Public Power District Workers replacing detectors used to monitor the reactor core during low-power conditions were
Millstone Unit 2
Waterford, CT
Dominion Despite a dry run of an infrequently performed test on the control room simulator and other precautionary measures, errors during the actual test produced an unexpected and uncontrolled increase in the reactor’s power level.
Monticello
Minneapolis, MN
Nuclear Management Co. Routine testing of an emergency pump intended to prove that it was capable of performing its safety functions during an accident actually degraded the pump. The pump’s manufacturer recommended against running the pump at low speeds, but this recommendation was ignored during the tests.
North Anna
Richmond, VA
Dominion An earthquake of greater magnitude than the plant was designed to withstand caused both reactors to automatically shut down from full power.
Oconee
Greenville, SC
Duke Energy Workers discovered that an emergency system installed in 1983 to protect the reactor core from overheating in the event of a station blackout, pipe break, fire, or flood would be disabled by the high temperature inside the containment during such an accident. The high temperature would cause electrical components within the emergency system to fail.
Palisades
South Haven, MI
Entergy When a pump used to provide cooling water to emergency equipment failed in September 2009 because of stress corrosion cracking of recently installed parts, workers replaced the parts with identical parts. The replacement parts failed again in 2011, disabling one of three pumps.
Palisades
South Haven, MI
Entergy Workers troubleshooting faulty indicator lights showing the position of the emergency airlock door inadvertently shut off power to roughly half the instruments and controls in the main control room. The loss of control power triggered the automatic shutdown of the reactor and complicated operators’ response.
Perry
Cleveland, OH
FirstEnergy Problems during the replacement of a detector used to monitor the reactor core during low-power conditions exposed workers to potentially high levels of radiation.
Pilgrim
Plymouth, MA
Entergy Security problems prompted the NRC to conduct a special inspection. Details of the problems, their causes, and their fixes are not publicly available.
Pilgrim
Plymouth, MA
Entergy When restarting the reactor after a refueling outage, workers overreacted to indications that the water inside the reactor was heating up too rapidly, and lost control of the reactor. The plant’s safety systems automatically kicked in to shut down the reactor.
Turkey Point Unit 3
Miami, FL
Florida Power and Light Co. A valve failure stopped the flow of cooling water to equipment, including the reactor coolant pump motors and the cooling system for the spent fuel pool.
Wolf Creek
Burlington, KS
Wolf Creak Nuclear Operating Co. Workers overlooked numerous signs that gas had leaked into the piping of safety systems, impairing the performance of pumps and flow-control valves.