UCS Blog - All Things Nuclear (text only)

Empty Pipe Dreams at Palo Verde

Regulation and Nuclear Plant Safety #3

In July 2004, Nuclear Regulatory Commission (NRC) inspectors at the Waterford nuclear plant in Louisiana discovered that a portion of piping in a standby emergency system that would provide makeup water to cool the reactor in event of an emergency had been kept emptied of water, jeopardizing the ability to prevent core damage. This finding was shared with owners of similar reactors across the country. Days later, workers at the Palo Verde nuclear plant in Arizona discovered that sections of the emergency system piping for all three reactors was being deliberately emptied of water. The company tried arguing that there was no written requirement that water be maintained inside the emergency water makeup piping. The NRC disagreed and issued the company a yellow finding for the violations, the second most serious infraction in the agency’s color-coded system. The NRC also issued a $50,000 fine for an improper procedure change in 1992 that caused workers to deliberately drain water from this piping.

Water-less in Waterford

NRC inspectors at the Waterford nuclear plant outside New Orleans, Louisiana during the week of July 12, 2004, reviewed a report on a problem identified by workers on April 18, 1999. The problem was that air collected within piping of the containment spray system during normal operation. During an accident in which a pipe ruptures and drains cooling water onto the containment floor, the design initially calls for emergency pumps to automatically start and transfer makeup water from a large storage tank into the reactor vessel. Before this tank empties, workers re-position valves to have the pumps instead draw water from the containment sump, which collects the water spilled from the broken pipe. Following the swap-over, the emergency pumps would pull water from pipes partially filled with air.

The problem report had been dispositioned in 1999 as being acceptable as-is based on engineering judgement that the slope of the pipes and the low velocity of water flow through the pipes would enable air bubbles to travel against the flow and be released inside containment. When the NRC inspectors challenged the robustness of this assessment, the owner hired a consultant who conducted analytical modeling of the system during a postulated accident that showed the air within the piping would not prevent the safety function from being fulfilled.

The NRC inspectors noted that the reactor’s safety studies assumed that the piping was filled with water when the accident began and that another system had been installed at the plant for the purpose of keeping this piping full of water. The NRC issued a green finding, the least serious of the agency’s four color-coded sanction levels, for operating the reactor outside the bounds of its safety studies.

Equally Dry in Arizona

Workers at Waterford notified their counterparts at the Palo Verde nuclear plant west of Phoenix, Arizona on July 22, 2004, about the NRC’s discovery. On July 28, workers at Palo Verde determined that a significant portion of the suction piping for the containment spray, low-pressure safety injection, and high-pressure safety injection pumps for all three reactors was empty of water. These emergency pumps have two sources of water for use mitigating an accident. Initially, the pumps pull water from the Refueling Water Tank. The piping this tank and the pumps was filled with water, as was the section of piping to a check valve in the second water source—the containment sump.

The piping between the inside and outside containment isolation valves and between the outside containment isolation valve and the check valve held no water. A change made to a testing procedure on November 16, 1992, had workers close the two containment isolation valves and drain the water from these piping sections. When the volume of water in the Refueling Water Tank dropped to about the 10 percent level, the low-pressure safety injection pump would be turned off automatically and valve repositioned to supply water to the containment spray and high-pressure safety injection pumps from the containment sump.

The theory behind this design is that if the contents of the Refueling Water Tank do not restore the reactor vessel water level to the desired point, there must be a pathway for water to drain from the vessel. If so, that water will flow by gravity to the containment sump where it can be recycled through the reactor vessel to sustain adequate cooling of the reactor core. The high-pressure and low-pressure injection pumps supply makeup water to the reactor vessel; the containment spray pump causes water to be spray within the containment structure to reduce its pressure and temperature.

Fig. 1 (Source: Nuclear Regulatory Commission)

Coming Up Empty at Palo Verde, Again

By the afternoon of July 29, the engineering staff at Palo Verde concluded that the emptied piping sections could prevent the containment spray and high-pressure safety injection systems from performing their safety functions during an accident. (The low-pressure safety injection system was not affected because its pump gets turned off before suction from the containment sump through the empty pipes is established.) They entered the problem into the plant’s corrective action program.

On the morning of July 30, the operations department at Palo Verde learned about the problem from the corrective action report. That evening, the operations department determined that the containment spray and high-pressure safety injection systems could perform their safety functions provided that operators manually open the inside containment isolation valve during an accident. Opening this valve would re-fill the largest volume of the intentionally drained piping sections.

The owner notified the NRC about the problem on July 31. Between August 1 and 4, workers took steps to refill the emptied piping sections on all three reactors.

The NRC dispatched a special inspection team to Palo Verde to investigate the causes and corrective actions of this problem. The special inspection team was onsite August 23-27 and issued its report on January 5, 2005. The team made four findings: (1) operating the reactors with the piping sections drained of water contrary to assumptions in safety studies, (2) untimely notification of operations by engineering of a problem potentially affecting safety system operability, (3) inadequate evaluation of replacing automatic accident responses with manual actions, and (4) inadequate evaluation of a 1992 revision to a testing procedure that had workers drain the piping sections when the test was completed.

Palo Verde Pleads Its Case

The company contested the NRC’s findings and requested a meeting with the agency to present its case. That meeting was conducted in the NRC’s Region IV offices in Arlington, Texas on February 17, 2005. The NRC provided a phone bridge for this meeting and I called into it. The company reported that there had never been a procedural requirement to fill the piping sections with water, implying therefore was it was not improper then to revise a procedure in 1992 to drain water from the sections. The company further reported that the technical specifications issued by the NRC with the reactor operating licenses only required verifying that the piping on the discharge side of the pumps be filled with water but said nothing about the contents of the piping on the suction side (perhaps implying that this silence permitted piping sections to be filled with air, helium, jawbreakers, cement, or anything they desired.)

The owner also described full-scale testing using transparent plexiglass piping to show what was happening inside that it had performed as part of that it called the most expensive engineering analysis in the plant’s history. The company even showed a video from this testing (although the video was a wee bit hard to see via the phone bridge). When the owner completed its presentation, an NRC senior manager (whom I believe was Bruce Mallett, then Regional Administrator of NRC Region IV) remarked that the video and testing only convinced him that the pumps in the scale model would not cavitate; they told him little about performance in the real plant.

The NRC Puts Palo Verde in Its Place

That statement pretty much telegraphed the NRCs final answer on the matter. On April 8, 2005, the NRC issued a yellow finding, the second most serious in the agency’s four color-coded classifications, for operating the three reactors with safety system piping sections emptied of water and a $50,000 fine for the inadequate safety evaluation for the 1992 procedure change that had workers drain water from the piping after testing.

The company paid a far larger price. The NRC’s special inspection team investigation into this event and an NRC augmented inspection team investigation into all three reactors tripping on June 14, 2004, focused more NRC attention to the plant. More and more NRC inspectors identified more and more safety problems. In little time, Palo Verde went from all three reactors solidly in Column 1 of the Action Matrix within the NRC’s Reactor Oversight Process to Units 1 and 3 being in Column 3 and Unit 3 being in Column 4—the lowest safety performance rating in the country. It took over four years for the safety shortcomings to be remedied and all three reactors returned to Column 1. The cost of “volunteering” for more NRC scrutiny cost considerably more than the $50,000 fine.

Fig. 2 (Source: Union of Concerned Scientists)

The NRC Goes Big

NRC inspectors discovered a safety problem at Waterford. That discovery revealed a similar problem at Palo Verde. NRC inspectors determined the problem at Palo Verde to reflect systemic problems. The NRC’s responses remedied the specific problem at Waterford and the wider problems at Palo Verde.

But the NRC did not stop after these worthy regulatory achievements. They went big. Packaging the Palo Verde problem with other recent miscues, the NRC issued Bulletin 2008-01, “Managing Gas Accumulation in Emergency Core Cooling, Decay Heat Removal, and Containment Spray Systems,” to the owners of all U.S. operating reactors. It required owners to takes steps to ensure that safety systems at their plants did not have and were not likely to develop safety system impairments like that found at Palo Verde.

UCS Perspective

From the discovery at Waterford to the issuance of Bulletin 2008-01, the NRC exhibited just right regulation.

NRC inspectors found that workers knew about air collecting in piping but had not properly analyzed it. The ensuing analysis concluded that the air would not have prevented fulfilment of the necessary safety function. Despite that conclusion, the NRC issued a Green finding because public health was being protected more by luck than skill until the degraded condition was properly evaluated.

Whereas air was unintentionally collecting in piping at Waterford, workers followed procedures to drain water from safety system piping at Palo Verde and didn’t respond to the problem in a timely and effective manner. The NRC swung a bigger regulatory hammer.

The NRC then sought to avoid the problem across the U.S. fleet by issuing Bulletin 2008-01.

Some might contend that these events really reflect under-regulation by the NRC. After all, the air accumulation problem was first identified at Waterford in 1999 and not challenged by the NRC until 2004. The procedure was revised in 1999 to drain water from pipes at Palo Verde, but the NRC didn’t realize it until 2004. The Waterford and Palo Verde discoveries in 2004 joined by similar discoveries before then and afterwards didn’t prompt the NRC to cast a wider safety net until 2008. How can just right regulation entail such lengthy periods between creation of safety problems and their resolutions?

Blame the game and not its players. The NRC does not have the resources to inspect every corrective action report or review every procedure revision. Instead, the NRC audits samples. There’s no evidence that NRC inspectors looked at records at Waterford and Palo Verde prior to 2004 but missed seeing the problems or that NRC inspectors should have looked at these records but failed to do so.

As for the “delay” in getting Bulletin 2008-01 out, consider the adverse implications of a prompter response. Had the NRC issued the bulletin the day after the discovery at Waterford, owners would have been directed to look at the potential for air unintentionally collecting in piping. Since workers were intentionally draining water from piping at Palo Verde per an approved (albeit flawed) procedure, they would not have detected and corrected unintentional accumulation. By cultivating a number of similar events, the NRC required owners evaluate and manage a broader suite of potential problems—well worth the wait.

UCS’s Role of Regulation in Nuclear Plant Safety series of blog posts is intended to help readers understand when regulation played too little a role, too much of an undue role, and just the right role in nuclear plant safety.

Three Mile Island Intruder

Regulation and Nuclear Plant Safety #2

A man recently released from a hospital where he had been treated for mental health issues drove his mother’s station wagon into—literally—the Three Mile Island nuclear plant near Harrisburg, Pennsylvania at 6:53 am on February 7, 1993. Workers responded to the unauthorized entry by locking the doors to the control room and declaring a Site Area Emergency—the second most serious emergency of the Nuclear Regulatory Commission’s (NRC’s) four classifications. The intruder was found more than four hours later hiding in the turbine building.

Less than three weeks later while the NRC was still evaluating the unauthorized entry of a vehicle into Three Mile Island, a rental truck loaded with explosives was detonated in the parking area beneath the North Tower of the World Trade Center in New York City. The NRC revised its security regulations to better protect nuclear plants against unauthorized vehicle entries and vehicle bombs.

Fig. 1 (Source: President’s Commission on the Accident at Three Mile Island)

The Scene

As suggested by its name, the Three Mile Island (TMI) nuclear plant is located on an island. This specific island is in the Susquehanna River as it flows southeasterly from Harrisburg, Pennsylvania. TMI is best known for the worst nuclear power plant accident, so far, in U.S. history. On March 28, 1979, the Unit 2 reactor at TMI experienced a partial meltdown of its nuclear core. The damaged Unit 2 reactor never restarted, but the Unit 1 reactor restarted a few years later and operated at 100 percent power on the morning of February 7, 1993.

At 5:30 am that Sunday morning, security officers opened the gates for the access bridge on the north end of the island (the upper left side of Figure 1). The night shift security personnel turned over duties to the oncoming dayshift crew at 6:00 am. Other dayshift workers and non-shift workers reporting for duty used the north bridge to drive onto the island.

The Party Crasher

At 6:53 am, a vehicle turned off Pennsylvania Route 441 onto the two-lane road to the north bridge. The vehicle continued past the North Gate guard house without stopping to show a badge authorizing access to the island and proceeded at an estimated 35 to 40 miles per hour in the outbound lane across the north bridge. The gates were still opened, so nothing impeded the vehicle’s unauthorized entry.

The vehicle slowed to 15 to 20 miles per hour as it exited the bridge and approached the plant. The night shift operations shift foreman who was in the parking out on his way home after being relieved from duty heard a crashing sound as the vehicle drove through Gate 1 into the protected area around the plant. The protected area detection system alerted security personnel to the gate-crasher.

The vehicle continued for another 189 feet until it smashed into the corrugated aluminum roll-up door at the northeast corner of the turbine building. The vehicle, with a portion of the roll-up door adorning its roof, travelled another 63 feet inside the turbine building until it struck a large container for radioactive waste. The impact slid the container about six feet across the floor.

Fig. 2 (Source: Department of Energy)

The off-duty operations shift foreman went to the Processing Center (where individuals enter and exit the plant’s protected area) and called the control room to report “A guy just went through the fence and roll-up door. This is not a drill. Lock the doors to the control room.” The shift supervisor who answered the call in the control room did not recognize the excited voice and did not hear much of the warning message. Moments later, a security officer entered the control room and announced, “This is not a drill, someone crashed through Gate 1 and then drove into the auxiliary boiler door.” (Basically the same message, but when it’s delivered in person by someone toting a gun, it tends to be better heard and heeded.) The control room is located within the control building adjacent to the turbine building.

Fig. 3 (Source: Nuclear Regulatory Commission NUREG-1485)

The Game of Hide & Seek

At 7:02 am, security officers approached the vehicle in the turbine building. The headlights were on, the engine was off, the driver’s side door was open, but no one was found in or around the vehicle. The security officers retreated because the vehicle could contain explosives.

At 7:07 am, the operations shift supervisor declared a Site Area Emergency. The NRC has four emergency classifications–Unusual Event, Alert, Site Area Emergency, and General Emergency.

At 7:11 am, the Central Alarm Station operator at TMI notified the NRC’s Operations Center about the situation and emergency declaration.

At 7:16 am, the operations shift foreman at TMI began notifying local and state officials about the emergency declaration. He used telephones in the control room instead of the automated notification system because it was in an office outside the locked control room doors.

At 7:23 am, the emergency director at TMI (who was also the operations shift supervisor) called the NRC via the Emergency Notification System telephone. The NRC asked that a direct telephone line to the plant be kept open.

At 7:33 am, the Pennsylvania State Police notified the Middletown Police Department about the security event at TMI. Middletown police officers arrived at the plant at 7:37 am.

At 8:30 am, workers removed restrictions on telephones at the plant. During weekends, the telephone system at the plant prevented many telephones, including some used for emergency response, from dialing offsite.

At 9:00 am, an explosive ordinance disposal unit from the U.S. Army surveyed the vehicle and observed no suspicious packages, containers, or wires.

At 9:28 am, the control room doors were unlocked to allow two workers to enter the shift supervisor’s office and activate the pagers to summon the emergency responders.

At 9:37 am, the NRC resident inspector, a representative of the state’s Bureau of Radiation Protection, and a company public affairs person with an armed escort walked through the turbine building and entered the control building.

At 10:20 am, the explosive ordinance disposal unit completed a more thorough search of the vehicle and found no bomb or “explosive paraphernalia.”

At 10:22 am, site security officers and Pennsylvania State Police officers begin searching for the intruder.

Fig. 4 (Source: Nuclear Regulatory Commission NUREG-1485)

At 10:34 am, security personnel regrouped after completing the first search of the turbine building. Their search efforts had been hampered by dimly-lit areas inside the turbine building. To aid in future searches of darkened places, the team was given a flashlight.

At 10:36 am, the Emergency Director at TMI briefed the security team on the potential effects of using firearms in the turbine building (i.e., what could happen if bullets strike things other than intruder.)

At 10:40 am, the flashlight-equipped security team began a second search of the condenser pit area within the turbine building.

At 10:57 am, the security team found the intruder hiding in a dark area adjacent to a main condenser waterbox. The Pennsylvania State Police took custody of the intruder.

Fig. 5 (Source: Nuclear Regulatory Commission NUREG-1485)

At 11:10 am, the explosive ordinance disposal unit completed a more detailed search of the vehicle and still found no bomb.

At 11:30 am, the explosive ordinance disposal units completed a search of the vehicle using an explosive detection dog. The dog didn’t find a bomb either.

At 11:45 am, the Pennsylvania State Police left the plant site with the intruder.

At 2:39 pm, cadets from the Pennsylvania State Police Academy arrive at the site by bus to search the entire island.

At 4:25 pm, the Site Area Emergency declaration was terminated.

The Intruder

The intruder was identified as a 31-year-old Caucasian male approximately 6 feet 1 inches tall and weighing 140 pounds with thick, black, shoulder-length hair and a heavy beard. At the time, he lived with his mother in a rural community northwest of Harrisburg about 56 miles from TMI.

The man had been admitted to hospitals at least three times for treatment of depression. The most recent hospitalization before this event had been an involuntary admission on January 18, 1993. He had been released on January 22.
The Earlier Intruder

This was not the first time that an unauthorized person had driven onto the island. At around 4:25 pm on April 23, 1980, a watchman at the North Gate observed a vehicle whiz by without stopping and reported the trespassing to the roving security patrol. A security alert was declared, the Pennsylvania State Police were contacted, and an extensive search begun. About four hours later, the trespasser was identified as a plant worker. The worker had been on the island, departed in his vehicle via the North Gate, and returned shortly afterwards. The worker said he’d not stopped on re-entering the site because he believed the watchman would know he was returning.

The Earliest Intruder

That was not the first time that an unauthorized person had driven onto the island, either. At 6:50 pm on January 27, 1976, a vehicle drove past the North Gate without stopping. Fifteen minutes later, a construction worker reported seeing someone climbing the security fence around the protected area. Twenty minutes later, workers called security to report hearing someone singing near the top of the reactor building. At 8:00 pm, the security officer at the North Gate who saw the vehicle whiz by him entering the island saw that same vehicle whiz by him leaving the island. The Pennsylvania State Police tracked down the individual from the vehicle’s license tag. The individual was voluntarily admitted into a local mental hospital. (Might as well admit him—he’d sneak in anyway.)

The NRC “Intruders”

The NRC dispatched an Incident Investigation Team (IIT) to TMI following the unauthorized entry. The IIT consisted of ten members supported by six technical staffers. The IIT identified several factors which impaired the response to the intrusion, including:

  • There was no vehicle at the North Gate for security officers to use to pursue and intercept the unauthorized vehicle.
  • The response was delayed by the time it took security personnel to obtain weapons from isolated storage locations.
  • The search-and-clear efforts were poorly coordinated, delaying searches in some areas. In addition, security officers were not posted after some areas were cleared to ensure those areas remained clear.
  • The reluctance of some security officers to use response weapons could have placed them at a disadvantage had they confronted an intruder equipped with design basis threat weaponry.
  • The plant’s security personnel searched for explosive materials before the explosives ordinance disposal unit arrived, but they had received no training on recognizing explosives. (Note: When I toured TMI after 9/11, the security manager conducting the tour told us that security officers are required to search incoming vehicles for bombs, but they have received no training on what a bomb looks like.)
  • While flashlights were stored in the security “ready room,” they were not retrieved and used during the initial search of the turbine building.
  • The company conducted quarterly security response drills in the three levels of the Unit 2 turbine building, which is significantly different from the six levels within the Unit 1 turbine building where the real event transpired.

The Drive to More Secure Nuclear Plants

Five hundred and forty (540). That’s how many days elapsed between someone driving into the TMI turbine building and the NRC putting upgraded security regulations on the street.

The NRC had considered security threats posed by vehicles prior to February 7, 1993. For example, in a paper (SECY-86-101) to the Commissioners dated March 31, 1986, the NRC staff noted that the chain link fences surrounding protected areas of nuclear plants would not prevent a vehicle from crashing through. But the staff concluded that prompt response by armed security officers would mitigate any fence-crashers.

The Nuclear Control Institute (NCI) and the Committee to Bridge the Gap (CBG) jointly submitted a petition for rulemaking dated January 11, 1991, to the NRC seeking to upgrade the regulations on nuclear plant security to include protection against explosive-laded vehicles and boats. On June 11, 1991, the NRC denied the rulemaking petition on the grounds “that there has been no change in the domestic threat since the design basis threat was adopted [in 1979] that would justify a change in the design basis threat.”

The events of February 1993 prompted the NRC to reconsider earlier decisions. The NRC noted “The bombing at the World Trade Center demonstrated that a large explosive device could be assembled, delivered to a public area, and detonated in the United States without advance intelligence” and that “The unauthorized intrusion at the Three Mile Island nuclear power station demonstrated that a vehicle could be used to gain quick access to the protected area at a nuclear power plant” (Federal Register, page 58805, November 4, 1993.)

The NRC conducted a Commission briefing on the re-evaluation of the design basis threat of nuclear plant sabotage on April 22, 1993. The NRC held a public meeting on better protection against vehicle intrusion and vehicle bombs on May 10, 1993. The NRC issued a draft rule titled “Protection Against Malevolent Use of Vehicles at Nuclear Power Plants” for public comment on November 4, 1993. And the NRC issued the final rule on August 1, 1994.

The upgraded rule required owners to evaluate their plants for potential damage from detonation of a vehicle laden with explosives and then either install barriers preventing vehicles from getting close enough to cause harm or provide structures protecting vital equipment from blast effects.

Fig. 6 (Source: Nuclear Regulatory Commission)

UCS Perspective

In reviewing momentous events for possible candidates in this series, this event appeared unquestionably to fall into the “just right regulation” bin. It ultimately found its way into that bin, but it became a bank shot rather than the swish or slam-dunk it initially appeared to be.

Slightly more than two years before the TMI intrusion, two non-governmental organizations petitioned the NRC to update its regulations to require protection against vehicle bombs. The NRC took only five months to deny that petition on grounds the perceived threat was really no threat.

Slightly less than 18 months after the TMI intrusion, the NRC revised its regulations to require protection against vehicle bombs.

A strong argument could be made that the NRC had sufficient cause in 1991 to update its regulations. After all, the TMI intrusion and the World Trade Center truck bombing were the very kinds of threats cited by NCI and CBG in their petition and became the leading reasons cited by NRC in 1994 for the revised regulations. This compelling argument could readily persuade an impartial jury to place this event in the “under-regulation” bin.

The counter argument would point out that the NRC addressed the petitioners’ concerns one-by-one. For example, the petitioners identified rise of State-sponsored terrorism as evidence of the need for upgraded security requirements. The NRC responded to this concern contending that unrest has been experienced in other parts of the world, it hasn’t happened here. The NRC also observed that it relies on U.S. intelligence efforts to identify, and thwart, larger coordinated attacks.

In issuing upgraded security regulations on August 1, 1994, the NRC explicitly conceded that it had denied the NCI/CBG petition seeking that outcome just three years earlier. The NRC noted that “The vehicle bomb attack on the World Trade Center represented a significant change to the domestic threat environment that changed many of the points used in denying the petition and eroded the basis for concluding that vehicle bombs could be excluded from any consideration of the domestic threat environment.”

Because the NRC did not stick by its 1991 denial and took steps after the events of February 1993 to better protect nuclear power plants—and more importantly, the people who work in them and live around them—from sabotage using vehicles, this event goes into the “just right regulation” bin. It would never make it into the “just perfect regulation” bin, but also does not deserve to fall into the “under-regulation” bin.

There’s more than a hint of the Nielsen Ratings Commission (NRC) and media spotlight effect described in the Role of Regulation #1 commentary. The NCI and CBG petition garnered trade press coverage. The TMI intruder event garnered local coverage. The World Trade Center bombing days later received international media coverage for weeks. That’s a powerful spotlight helping the NRC see the need for better protection against vehicle bombs.

* * *

UCS’s Role of Regulation in Nuclear Plant Safety series of blog posts is intended to help readers understand when regulation played too little a role, too much of an undue role, and just the right role in nuclear plant safety.

NRC’s Reprisal Study Reveals Safety Agency Has a Chilled Work Environment

In January 2018, the NRC circulated within the agency a 100-page report  titled “Study of Reprisal and Chilling Effect for Raising Mission-Related Concerns and Differing Views at the NRC.” The report was authored by Renee Pedersen, who had managed the NRC’s Differing Professional Opinion (DPO) and non-concurrence programs for many years before retiring from the agency at the end of that month. These programs enable NRC staffers to register differing views with agency positions or plans and to have those views formally evaluated.

This is an issue I follow closely. I issued a report and blog post last year titled “The Nuclear Regulatory Commission and Safety Culture: Do As I Say, Not As I Do” examining evidence that prompted the NRC to intervene about safety culture problems at U.S. nuclear power plants and comparable evidence strongly suggesting that the agency had the same, if not worse, signs of trouble. These products updated a theme discussed in a November 2014 blog post.

After hearing about the reprisal study and its contents from several NRC staffers, I submitted a request under the Freedom of Information Act (FOIA) for it on February 1, 2018.

On June 27, the NRC emailed me the reprisals study. Well, they emailed me a redacted version of the reprisals study. Certain information was blocked out in the released report on alleged grounds that its disclosure would compromise the anonymity of NRC staffers. The study compiled results from several surveys of the NRC’s work force—those conducted every three years by the NRC’s Office of the Inspector General, those conducted annually by the Federal Employee Viewpoint Surveys, and those conducted by the NRC’s Office of Enforcement. The first two types of surveys involved the entire NRC work force and typically had nearly 80 percent response rates; the third type of surveys went out to a much smaller subset of the NRC’s work force—those individuals who had filed DPOs and non-concurrences.

Figure 1 is the heavily-redacted Page 58 from the Reprisals Study. It showed (or would have shown but for the redactions) the responses to the 2013 and 2016 surveys of NRC staff who had initiated DPOs.

Fig. 1 (Source: NRC record obtained by UCS via FOIA)

Typically, it’s hard to contest the redaction of information for any purported reason without seeing the information to see whether it indeed justifies withholding.

But it’s easy to contest the redaction when you’re able to see the information being withheld. Figure 2 is the entirely unredacted Page 58 from the Reprisals Study.

Fig. 2 (Source: Confidential, anonymous UCS source(s))

So, no NRC staffer is identified by the unredacted information. The unredacted information does strongly suggest that nine individuals responded to the 2013 survey questions (i.e., 1 out of 9 equals 11%, 2 out of 9 equals 22%). The unredacted information does not suggest how many individuals responded to the 2016 survey (unless it was only one) since there were 100% or 0% response rates for every question. Okay, another solid clue resides in NRC’s online electronic library, ADAMS. NRC staff initiating DPOs can elect to make the final DPO package publicly available in ADAMS. The NRC numbers DPOs sequentially: the first one is DPO-yyyy-001, the fifth one is DPO-yyyy-005 and so on. It doesn’t take a concerned scientist long to figure out from ADAMS about how many DPOs are filed each year and thus how many DPO initiators are being surveyed (clue—fewer than a dozen each year.)

Page 58 is part of Appendix D to the Reprisals Study. The first sentence of Appendix D stated: “OE [Office of Enforcement] conducted two anonymous voluntary surveys to employees who submitted non-concurrences and DPOs.” So, the survey results were submitted voluntarily and provided anonymously (i.e., Response A could not be linked to any specific member of the DPO and non-concurrence author universe.)

So, case closed on whether or not disclosure of anonymous responses submitted voluntarily could reveal personal privacy information or compromise any one’s anonymity. UCS has formally appealed this bogus rationale by the NRC and requested that the illegally redacted information be released publicly.

What Does the Reprisal Study Reveal?

The unredacted and “outed” redacted portions of the Reprisals Study make it crystal clear that the NRC has a chilled work environment. Several safety culture terms are defined beginning on page 7 of the Reprisals Study. Two of those definitions are quoted verbatim, including the boldfacing in the original text, from the study:

Chilling Effect is a condition that occurs when an event, interaction, inaction, decision, or policy change results in a perception that the raising of a mission-related concern or differing view to management is being suppressed, is discouraged, or will result in reprisal

Chilled Work Environment is a condition where the chilling effect is not isolated (e.g., multiple individuals, functional groups, shift crews, or levels of workers within the organization are affected

Note that a “chilling effect” is defined not as the actual, irrefutable, uncontestable, unmistakable reality that raising a differing review will result in reprisal, but merely the perception of such an adverse outcome. But page 6 of the Reprisals Study stated that “reprisal is a case in which perception is as important as reality” [boldface in original text.]

And note that a “chilled work environment” exists with the perception that voicing differing views will result in reprisal is not isolated to a single worker.

Look at Figure 2 again. The chart at its top reveals that 100 percent of the responses in 2016 felt experiencing a negative consequence for having filed a DPO. The chart at its bottom shows that respondents felt they experienced reprisals of various forms.

Figure 2 constitutes prima facie evidence of a chilling effect within the NRC—at least one worker felt that filing a DPO had negative consequences. I have ample reason to believe that Figure 2 also constitutes prima facie evidence of a chilled work environment within the NRC because more than one worker reported this feeling. I have had private communications with more than one DPO filer who told me they responded to the survey indicating they experienced negative consequences. But Figure 2 alone does not prove a chilled work environment, since the 2016 data could reflect 100% responses from a sole individual.

Other portions of the study provide compelling evidence that a chilled work environment exists at the NRC. The study shows that in the 2015 survey:

  • Only 64% of employees said they believed the NRC “has established a climate where truth can be taken up the chain of command without fear of reprisal”
  • Only 68% of employees said they “can raise any concern without fear of retaliation”
  • Only 77% said “it is safe to speak up in the NRC”
  • 20% of the employees indicated “they had heard of someone with the last year who experienced a negative reaction for having raised a mission-related differing view”

While it is commendable that the surveys suggest that the NRC’s workplace is thawing over time, global warming seems to be significantly outpacing the agency’s workplace warming. The 2015 numbers are totally unacceptable. The NRC has come down hard and heavy when nuclear plant sites have smaller segments of their work forces fearful of voicing safety concerns. (See our 2017 report for example after example of the NRC intervening for much smaller pockets of fear and reluctance.)

Ms. Pedersen also consulted with the NRC’s Office of the Inspector General, Office of the Chief Human Capital Officer, Office of General Counsel and Office of Small Business and Civil Rights as well as the National Treasury Employees Union that represents many NRC workers and found “it appears that five reports of reprisal may have occurred in the last three years.” The study quoted from the April 24, 2017, NTEU newsletter: “We continue to hear about employees being afraid to raise issues for fear of retaliation as well as from employees who feel they have been retaliated against for raising concerns, including safety concerns.”

UCS Perspective

By its own definition, the NRC considers a chilling effect to exist when there’s the perception that raising a differing view can result in reprisal. By its own data, that perception exists within the NRC’s work force.

By its own definition, the NRC considers a chilled work environment to exist when a chilling effect involves multiple workers. By its own data, a chilled work environment exists within the NRC.

By its own words and actions, the NRC has an intolerance for chilled work environments at nuclear power plants.

By its own inactions, the NRC has a tolerance for their own workers being chilled.

Americans deserve better from this federal agency. Their safety is in the hands of NRC’s inspectors, reviewers, managers, and staffers and those workers must feel free to raise those hands if they have safety concerns.

Equally important, NRC workers deserve better from their agency. These are talented and dedicated professionals who voice concerns because it is the right thing to do. When they do the right thing, the NRC simply must stop doing the wrong thing in response.

The good news is that the NRC knows how to remedy chilled work environments. They have been requiring those remedies be taken at nuclear plant site after nuclear plant site.

The bad news is that the NRC seems unwilling or unable to thaw out its own chilled work environment.

Final point (for now): I joined UCS in the fall of 1996. I suspected that I would hear from nuclear plant workers about safety concerns they had raised but which had not been satisfactorily resolved or which they feared raising. And my suspicions have been proven valid. But what I neither suspected nor imagined was that I would hear from NRC workers for the same reasons. But each and every year that I’ve worked for UCS, except for one, I have received more contacts from NRC workers than from all nuclear plant work forces combined. Evidently, the NRC has the largest nuclear refrigerator in the country.

Rather than “chill out,” the NRC needs to “thaw out.” Too much chillin’ going on.

Flooding at Nine Mile Point

Regulation and Nuclear Power Safety #1

In July 1981, water flooded the Radwaste Processing Building containing highly radioactive waste for Unit 1 at the Nine Mile Point nuclear plant in upstate New York. The flood tipped over 55-gallon metal drums filled with highly radioactive material. The spilled contents contaminated the building’s basement such that workers would receive a lethal radiation dose in about an hour. The Unit 1 reactor had been shut down for over two years and was receiving heightened oversight attention when the Nuclear Regulatory Commission (NRC) investigated the matter. But the NRC was reacting to a television news report about the hazardous condition rather than acting upon its own oversight efforts. The media spotlight resulted in this long over-looked hazard finally being remedied.

The Headline

The headline looked good—the NRC was probing a secret spill on Nine Mile Point Unit 1. The article accompanying the headline explained that the NRC had dispatched inspectors to the site a day after learning about the spill. On its surface, it had the appearance of timely response by the regulator.

Fig. 1 (Source: The Ithaca Journal, August 23, 1989)

The Rest of the Story

Famed newscaster Paul Harvey had a long-running radio program called The Rest of the Story in which he revealed the information behind the headlines. Here’s the rest of this story.

WIXT News Channel 9 reported on August 22, 1989, that the Radwaste Processing Building at Nine Mile Point had been inaccessible for nearly a decade due to high radiation levels. The TV station based its account on a March 1989 report by the Institute of Nuclear Power Operations (INPO). INPO reported that many of the 150 metal drums containing highly radioactive waste had been tipped over by the rising flood waters in the building.

The drums contained materials from filter/demineralizer units used at the plant to remove radioactivity from water systems. The filter/demineralizer units are very effective in removing radioactivity from the water. In doing so, the filter elements and the demineralizer resin beads collected radioactive particles, concentrating the radioactivity to very high levels. Some contents from the tipped-over drums mixed with the flood water. The area was contaminated at radiation levels ranging up to 400 rem per hour. At that rate, an individual would receive a lethal dose in about an hour.

The plant’s owner notified the NRC by letter dated October 30, 1981, that it had discharged 21,100 gallons of radioactively contaminated water into Lake Ontario because the tanks for storing such water were full and they did not want to add more volume to the flooded waste storage building.

While there is some talk now about “draining the swamp,” the owner took steps during the 1980s to “preserve the swamp” inside this inaccessible building. Concerned that allowing the flood water to evaporate away, turning radioactive slime into radioactive dust that might contaminate the entire building instead of just its basement, the owner kept the basement floor covered with several inches of water.

By letter dated September 10, 1987, the plant’s owner paid a $2,500 fine imposed by the NRC on August 13, 1987, for its improper handling of radioactive materials. Federal regulations do not allow packages containment radioactive material to be shipped if the radiation level on the outer surface of the packages exceeds 0.2 rem per hour. But the owner sent two packages containing radioactively contaminated equipment to the Brunswick nuclear plant in North Carolina with radiation levels on their outer surfaces of 1.5 and 1.8 rem per hour.

On July 18, 1988, McGraw-Hill’s Inside N.R.C. reported that the NRC had moved Nine Mile Point Unit 1 to the top of the agency’s list of problem plants and would be issuing a Confirmatory Action Letter to the owner forbidding Unit 1 from restarting without the NRC’s permission. Unit 1 had shut down in January 1988 for a scheduled refueling outage with plans to restart in mid-August until the NRC changed those plans.  Inside N.R.C. reported that an NRC senior manager told the Commissioners during a July 13, 1988, briefing about the agency’s concerns about “the inability of the utility to diagnose and correct problems” and that the NRC’s response would be to “generally increase oversight of the unit.”

The Post-Standard in Syracuse reported on May 25, 1989, that the NRC issued Nine Mile Point low ratings. It reported that a company spokesperson “believes the new [NRC] report contained the lowest cumulative rating … received since the NRC begin issuing these types of reports in the 1970s.”

So, the NRC was giving Nine Mile Point extra scrutiny in 1988 and 1989 for known safety problems, including improper handling of radioactive materials.

Inside N.R.C. reported on August 28, 1989, that the NRC dispatched an Augmented Inspection Team (AIT) to Nine Mile Point on August 23 after media accounts based on the March 1989 INPO report. An NRC spokesperson told Inside N.R.C. that at least one of the NRC’s resident inspectors at Nine Mile Point reviewed a draft of the INPO report long before August 1989. Why hadn’t the NRC responded to the problem before seeing it on the TV? The NRC spokesperson was quoted as saying “That’s part of what they’re [the AIT] trying to determine now—what if anything was passed on.”

Inside N.R.C. reported on September 11, 1989, that the NRC AIT concluded that the company may have violated federal safety regulations in the late 1970s when “it converted a solid waste storage building into a low-level waste tank without informing the agency.” Inside N.R.C. stated that no NRC personnel went into the waste building during the AIT examination of the flooded waste building, quoting an NRC spokesperson as saying, “We didn’t think it was necessary for anybody to take the risk.” Speaking about risk, an NRC senior manager during a press conference at the plant on August 28, 1989, stated, “We have found no improper endangerment of the public or workers at the reactor.” So, either the NRC could not find improper endangerment because it was on the other side of the door, or the NRC found it was proper endangerment.

The Palladium Times reported on October 3, 1989, that the leader of the NRC AIT stated that “If there’s a radiological event that costs more than $2,000, they would have had to notify us.” The paper reported that the company was “preparing to clean up the material at an estimated cost of $1.5 million.”

The Charges

Company officials met with NRC representatives on October 30, 1989, to discuss violations identified by the NRC AIT. The NRC summary of the meeting reported, “The licensee began their presentation by stating that, except for the apparent violations, the findings noted in NRC Inspection Report 50-220/89-80 were essentially correct.” Company officials contested the violations cited by the NRC on grounds that “Actual Property Damage Less Than $2,000” and that the waste “building was used in accordance with its design.” The company outlined its plans to use a robot to enter the lethal Radwaste Processing Building in early 1990 and mitigate the mess. The company told the NRC that its robot would save about 100 person-rem of radiation exposure to non-robotic (i.e., human) workers.

The Conviction

The NRC issued a Severity III violation, the third most severe of the four sanction levels used at the time, to the company on February 23, 1990, for violating federal regulations. Specifically, the company failed to evaluate the intentional overflowing of liquid radioactive storage tanks in July 1981 and flooding the waste storage building floor, as required by regulation 10 CFR 50.59. The NRC indicated that a fine would normally be imposed along with the Severity Level III infraction, but was being waived in this case due to the “major management changes [that] have been made during the extended outage because of your past inability to identify and correct problems.”

The Parole

The NRC staff briefed its Commissioners on May 14, 1990, about the readiness of Nine Mile Point Unit 1 to restart. Many items on the “To Do” list had been completed, but some yet remained The NRC approved restart on Friday, July 27, 1990. After being shut down for about two and a half years, the Unit 1 reactor was restarted on July 29, 1990.

UCS Perspective

I often say and write that NRC really stands for Nielsen Ratings Commission. Too often, it doesn’t matter what the regulations say, doesn’t matter whether it’s right or wrong, and doesn’t matter if it’s safe or unsafe—what matters is the media spotlight. When the spotlight is off, wrong seems right, illegal seems legal, and unsafe looks like safe enough. When the spotlight gets turned on, darkness becomes brigthness and right morphs into wrong. This case epitomizes the appropriateness of that moniker.

Fig. 2 (Source: Pixabay)

The owner informed the NRC in writing in October 1981 that it had released radioactively contaminated water into Lake Ontario rather than deepen the flooded basement of the waste storage building. The NRC did nothing.

High radiation levels rendered the Radwaste Processing Building inaccessible for most of the 1980s. The NRC did nothing.

The NRC sanctioned the owner in 1987 for improperly handling radioactive materials. The NRC did nothing about the handling of the radioactive materials that rendered a building inaccessible.

The NRC reviewed a draft INPO report in early 1989 that blasted the company for mishandling the flooded waste storage building problem. The NRC did nothing.

The NRC issued the plant its lowest performance ratings ever in May 1989. The NRC did nothing about the flooded waste storage building.

Is the NRC to blame for the decade of doing nothing?

Nope. It’s the media’s fault.

Had the media turned its spotlight on the July 1981 release of radioactive liquid into Lake Ontario and the flooding of the waste storage building’s basement, the NRC would have done something.

Had the media turned its spotlight during the 1980s on the building made inaccessible by spilt radioactive material, the NRC would have done something.

Had the media turned its spotlight on the company’s handling of other radioactive materials in 1987, the NRC would have done something.

Had the media turned its spotlight on the company’s abysmal ratings in May 1989, the NRC would have done something.

When the media turned its spotlight on INPO scathing report in August 1989, the NRC did something.

So, if the media had only spotlighted the problem at the plant sooner, it might not have taken nearly a decade for this problem to get fixed.

But the NRC has inspectors assigned full-time to each operating nuclear plant whereas the media is not allowed, except under rare special circumstances, to venture inside the plants’ security fences. Thus, the media has much better justification for taking so long to turn on its spotlight than the NRC has for needing the spotlight in the first (second) (third) (fourth) place.

Consequently, this case represents under-regulation by the NRC.

Postscript: The NRC has made several changes to its oversight processes since the 1980s that make it less likely, but not impossible, for under-regulation of this nature to be repeated. After the Millstone saga in the mid 1990s, the NRC replaced the ratings system it used at Nine Mile Point and elsewhere in the 1980s with its Reactor Oversight Process (ROP). The old ratings system enabled conditions at Nine Mile Point to deteriorate to the point where Unit 1 had to remain shut down for over two years until enough of the safety problems had been remedied to permit its restart. Dozens of other reactors had to remain shut down for over a year while safety problems were corrected. Since the ROP was adopted in 2000, only two reactors have been mired in such protracted outages. The ROP is better at flagging problems sooner, allowing them to be corrected before they build up to epidemic proportions. After the Davis-Besse debacle in 2002, the NRC tweaked the ROP to require its inspectors at each site to review every problem report written. While most problems do not require further NRC engagement, this review makes it less likely that a building rendered inaccessible due to very high radiation levels will escape the agency’s notice and response.

* * *

UCS’s Role of Regulation in Nuclear Plant Safety series of blog posts is intended to help readers understand when regulation played too little a role, too much of an undue role, and just the right role in nuclear plant safety.

Questions about a US Space Force

This week, President Trump verbally directed General Dunford, the Chairman of the Joint Chiefs of Staff, “to begin the process necessary to establish a Space Force as the sixth branch of the armed forces.”

The term “Space Force” really got everyone’s attention. Obviously, everyone wants to know what the uniform would be. And the whole idea is built for memes.

What’s it all about? Let me respond to three different kinds of questions I’ve been hearing about this.

Fig. 1 (Source: Hayri Er/iStock)

Q1: I haven’t been paying attention, but I do love Star Wars. I thought space is a sanctuary and that we don’t have military satellites or weapons up there. Isn’t space is for astronauts and NASA and making sure I have Google Maps and don’t get lost? And doesn’t the Outer Space Treaty prohibit the weaponization or even militarization of space? Are we going to now have soldiers in space and bombs and lasers shooting up and down? Was this just another wild new tangent of Trump’s?

Response: There have been military satellites in orbit since the very beginning of the space age, but so far, no destructive weapons have been deployed there (though some have been tested). Space services are incredibly important to modern militaries. Satellites provide intelligence, reconnaissance, and surveillance; precision timing and navigation signals; ballistic missile launch warning; long distance, secure and large capacity communications, and more. All of the US armed forces use satellite services and have space-focused personnel.

The Outer Space Treaty (OST) sets out the guiding principles for space, including that it is the province of all (hu)mankind and should be used for peaceful purposes, and it expressly prohibits the stationing of weapons of mass destruction in space or on celestial objects. It’s really worth a read. It doesn’t prohibit all military activity in space, though it does prohibit military activity on the moon and other celestial bodies (such as Mars or asteroids.) Here’s a good take on how the OST fits in with the Space Force idea. Geopolitics and technology have changed, and it really is time for an elaboration of expected norms of behavior, limits on technologies, and rules of the road.

Satellites are difficult to protect, and this worries the Pentagon because the US military (and civilian economy) depends on them so heavily. More states are launching and buying their own satellites, and more states are developing anti-satellite weapons that can be used to target an adversary’s satellites if they see a need.

The US military has a keen interest in keeping satellites safe and secure, protecting the space environment, and ensuring that insecurity in space does not threaten security on the ground. The Pentagon has been coming at this issue from a number of different angles, including making satellites more resilient to attack and creating a deterrent strategy, including targeting others’ satellites.

The “Space Force” isn’t a new idea: the president’s announcement is one volley in an ongoing discussion about Pentagon organization. If the Space Force’s main mission reflects the way the military currently operates in space, the main responsibilities would be to operate satellites that provide support to terrestrial operations, keep those satellites protected, and hold a potential adversary’s satellites at risk. Keeping US satellites working in a conflict and denying an adversary the same is at least part of what President Trump was referring to when he talked about “American dominance in space.”  This language harkens back to the George W. Bush administration era, and Secretary of Defense Donald Rumsfeld, who led a commission that suggested the United States reorganize the Pentagon’s space mission but also “vigorously pursue” capabilities that would give the President the option to deploy weapons in space.

Q2: I pay a lot of attention to defense and space issues and am really interested in bureaucratic organization. When does the Space Force start?

Response: The conversation about Pentagon space organization has been going on for years. While some Congress members, in particular Representative Mike Rogers (R-AL), have strong opinions on the space force idea, Congress in general has not greeted the idea warmly. Congress rejected a House proposal for a Space Corps within the Air Force last year, but agreed to direct a study, due August 1, to look at “a road map to establish a separate military department responsible for national security space.” Neither the House Armed Services Committee nor the Senate Armed Services committee markups of this year’s defense bill has included a separate Space Force. And Congress holds the purse strings. And the secretary of defense, the joint chiefs, and the secretary of the Air Force are all not on board with the concept.

Here’s a detailed look at what a Space Force or Space Corps might look like. (Note: The author thinks it’s an answer in search of a question.)

But it’s not all just a snoozy discussion about chains of command and acquisition authority. The way you set up bureaucracies sets up incentives (How do you get more resources under your purview? Who gets promoted for what activities?), and bureaucracies are not completely subservient to policy—they can drive policy. So, it’s certainly worth keeping a close eye on this process.

Q3: I’m sorry, I just fell asleep when you were talking about military bureaucracy. But you got me interested in space security. Tell me more.

Response: In any case, this bureaucratic move is not a solution to the wider issue at hand, which is the secure and sustainable use of space in the face of rapid technological and geopolitical changes. Forward-looking policies will need to be tailored not just to ensure national security but also to support civil and commercial space activities, which today comprise the predominant uses of space.

These policies’ central goals should be to minimize threats to all satellites, foster coordination to increase the benefits of space activities for all humankind, to protect the space environment for future use, and to keep space activities from spurring an arms race or creating or escalating terrestrial conflicts.

Space security cannot be achieved unilaterally, or solely through military means. It requires coordination, cooperation and diplomacy. There are a number of international processes going on, ranging from development of guidelines for the long-term sustainability of space, to the (currently stalled) European Union proposal for an International Code of Conduct for Outer Space Activities, to the United Nations Group of Governmental Experts process on practical measures to prevent an arms race in outer space.

Given that the United States is the dominant player in space, US leadership is essential.

Role of Regulation in Nuclear Plant Safety: A New Series of Posts

President Trump seeks to lessen the economic burden from excessive regulation. The Nuclear Regulatory Commission (NRC) initiated Project AIM before the 2016 elections seeking to right-size the agency and position it to become more adaptive to shifting needs in the future. And the nuclear industry launched its Delivering the Nuclear Promise campaign seeking productivity and efficiency gains to enable nuclear power to compete better against natural gas and other sources of electricity.

In light of these concurrent efforts, we will be reviewing momentous events in nuclear history and posting a series of commentaries on the role of regulation in nuclear plant safety. The objective is to better understand under-regulation and over-regulation to better define “Goldilocks” regulation—regulation that is neither too lax nor too onerous, but just right. That better understanding will enable us to engage the NRC more effectively as the agency pursues Project AIM and the industry tries to deliver on its promise.

Searching for Goldilocks

We will be reviewing “momentous events” with the expectation of examining times when regulation played too little a role as well times when regulation played too large a role. If we are lucky, we will examine events from all three bins—regulation too lax, regulation just right, and regulation overly stringent. Lessons from all three bins will yield the best understanding of what traps to avoid as well as what practices to emulate for the “just right” bin to become more and more popular in the future.

We have a working list of events that will hopefully populate all three bins. While we will not draft the commentaries or bin an event until after reviewing the relevant records, the events likely to fall into the “too lax” bin include the 1979 accident at Three Mile Island, the mid 1990s Millstone, Salem and Cooper problems, and the 2011 accident at Fukushima.

Events likely to fall into the “undue burden” bin include the August 1991 Site Area Emergency declared at Nine Mile Point following a transformer failure, the 1998 Towers Perrin report, and the semi-annual reports by the NRC’s Office of the Inspector General.

And events likely to fall into the “just right” bin include March 1990 station blackout at Vogtle, the September 1997 discovery of and recovery from containment problems at DC Cook, and the flood protection deficiencies identified at Fort Calhoun in 2010 whose remedies sure came in handy during the flood the plant experienced in June 2011.

While we may have reported on or blogged about some of these events already, the perspective is slightly different now. Before, we may have explained how event A resulted in regulatory requirements x, y, and z. Now, we will strive to determine whether there was sufficient awareness prior to the event for these requirements to already have been put in place (i.e, lax regulation), a knee-jerk reaction imposing more regulatory requirements than necessary (i.e., over-regulation), or a prudent reaction to a reasonably unavoidable event (i.e., just right regulation).

The list of potential events for this series contains nearly four dozen candidates. Other candidates may emerge during the reviews. We do not anticipate posting commentaries until every candidate is crossed off the list. Instead, we will continue the series until all three bins are populated with sufficient events to shed meaningful insights on the proper role of regulation in nuclear plant safety. Upon reaching this point, we intend to discontinue the series and share the findings and observations from our reviews in a post and/or report.

Trump Wants a New Low-Yield Nuclear Weapon. But the US Has Plenty Already.

The Trump administration’s Nuclear Posture Review (NPR), released in February of this year, calls attention to the composition of the US nuclear arsenal and its adequacy as a deterrent. The NPR calls for a new lower-yield submarine-launched nuclear warhead, arguing that it is needed to “counter any mistaken perception of an exploitable ‘gap’ in U.S. regional deterrence capabilities.” We decided to put together the chart in Fig. 1 to illustrate the range of nuclear weapons already available in the US arsenal.

One thing that this visual immediately makes clear is that it would be difficult to perceive any real gap in US capabilities—the existing arsenal certainly does not lack for nuclear options for any occasion.

Fig. 1 (Source: UCS)

The blue bars in the image above each represent the explosive power, in kilotons, of an existing weapon or weapons in the US arsenal. As you can see, the US already has weapons with yields ranging from 0.3 to 1,200 kilotons—from 1/50 to 80 times the yield of the roughly 15 kiloton bomb that the United States dropped on Hiroshima in WWII (represented by the dotted bar in the chart). On the lower-yield side, the US currently deploys around 450 weapons, sometimes called “tactical nuclear weapons,” that have options for yields ranging from 0.3 to 10 kilotons. These include both an air-launched cruise missile and gravity bombs. It also deploys another roughly 2,000 weapons with higher—in some cases much higher—yields, ranging from 45 to 1,200 kilotons.

Still, the administration is proposing to fill this non-existent gap with a new lower-yield submarine-launched warhead, called the W76-2—the orange bar in Fig. 1. This new warhead would reportedly have a yield of 6.5 kilotons—right in the middle of the range of existing US low-yield nuclear options. “Low”-yield in the case of 6.5 kilotons, however, is a pretty questionable description. As noted above, the nuclear bomb that the US dropped on Hiroshima in WWII had a yield of roughly 15 kilotons—a little more than twice that of the proposed new weapon. It killed 100,000 people and reduced the city to rubble.

Labeling such deadly and destructive weapons “low-yield” may give leaders the dangerous impression that using them is not as serious as using a nuclear weapon with a larger yield, and that their use would not lead to full-scale nuclear war. But in reality, no one knows what would happen if a nuclear weapon—of any size—were once again used in war. As Defense Secretary James Mattis has said,

“I don’t think there’s any such thing as a tactical nuclear weapon. Any nuclear weapon used at any time is a strategic game changer.”

The administration’s choice of language in the NPR rationale for the new warhead is also interesting. It does not argue that such a gap actually exists, but that it is concerned that an adversary might mistakenly perceive one. While perceptions are always an important consideration in deterrence, it’s useful to keep in mind the fact that 1) we don’t actually know what our adversaries are thinking, and we’ve been dangerously wrong in past guesses; and 2) trying to ensure that no country could ever possibly perceive that it might have any type of military advantage is how arms races happen. Most relevant in the current situation, it is how the US and Soviet Union ended the Cold War with arsenals of tens of thousands of nuclear weapons each. This type of thinking is not about deterrence, but about “escalation dominance” and “nuclear warfighting,” both of which are even more unstable and dangerous.

Recognition of the particular dangers of low-yield nuclear weapons has, until recently, been widespread and bipartisan among US military and political leaders. Over the past several decades, the United States has eliminated much of its arsenal of low-yield nuclear weapons for this and other reasons. The Trump administration’s new move to develop more of these weapons is a step in the wrong direction that is both unnecessary and dangerous.

The Versatile Test Reactor Debate: Round 2

In mid-February, the House of Representatives passed the “Nuclear Energy Research Infrastructure Act of 2017” (H.R. 4378). It authorizes the secretary of energy to spend nearly $2 billion to build and begin operating a facility called a “versatile, reactor-based fast neutron source” by the end of 2025 “to the maximum extent practicable.” The purpose of the facility would be to provide an intense source of fast neutrons that could be used by startup companies developing fast reactors for power production. Current US power and test reactors do not generate large quantities of fast neutrons.

However, the facility itself would be a fairly large, experimental fast neutron reactor, likely fueled with weapon-usable plutonium, and would pose significant security and safety risks. H.R. 4378 authorizes the Department of Energy (DOE) to construct this facility, now known as the “Versatile Test Reactor” (VTR), without really knowing how much it would cost or how long it would take, let alone whether there was a significant need for it in the first place. In fact, at the time of the bill’s passage in the House, the DOE had not even begun to conduct such an analysis. This is bad public policy.

Even though H.R. 4378 has not yet become law, Congress is already funding the VTR program. The DOE requested $10 million in its Fiscal Year 2018 budget request for preliminary studies of the VTR and $15 million in its Fiscal Year 2019 budget request to begin “preconceptual design development.” But the FY 2018 omnibus budget bill that President Trump signed into law in March provided the DOE with $35 million—$25 million more than the DOE requested. In FY 19, while Senate appropriators would only provide the DOE with its $15 million request, the House has voted to give the VTR $65 million. And Congressman Randy Weber (R-TX), a co-sponsor of H.R. 4378, is pushing to increase the final FY 19 appropriation to $100 million.

It is unclear what DOE could even do with all that money at this early stage of the project.

According to DOE official John Herczeg, the agency only began in April to determine the VTR’s “true cost and schedule” and will not decide whether to build it until after the study is completed in 2021. Congress should stop pressuring the DOE to move forward on construction of the VTR before this analysis is done. And the DOE should use some of the extra money to conduct a nonproliferation and nuclear terrorism impact assessment of the VTR.

In response to my February blog post criticizing the VTR project, the Idaho National Laboratory (INL), the DOE facility where the VTR would likely be housed, issued a “technical rebuttal” containing numerous inaccuracies and misleading assertions.

More information has come out about the VTR project since I posted my critique that confirms many of my points. I have  issued a reply to INL’s rebuttal. Hopefully, it will shed more light on the substantial risks and questionable benefits of the VTR project.

Update on the Low-Yield Trident Warhead: Time for the Senate to Step Up

A couple of weeks ago, we noted that the Senate Armed Services Committee was about to get its chance to consider the National Defense Authorization Act (NDAA), which in its current form includes $88 million in funding for a new, lower-yield warhead for the Trident D5 submarine-launched ballistic missile (SLBM), designated the W76-2. At the time, the House Armed Services Committee had voted, along party lines, to reject an amendment that would have eliminated funding for the new warhead.

An unarmed Trident II D5 missile launches from the Ohio-class ballistic missile submarine USS Nebraska, These missiles currently carry W76 and W88 warheads with yields of 100 kilotons and 455 kilotons, respectively. The proposed W76-2 warhead would reportedly have a yield in the range of 6.5 kilotons.

Plans for the new lower-yield warhead have drawn criticism from many quarters, including a number of prominent former officials and military leaders, who collectively sent a letter to Congress asking that it not fund the program. The letter, signed by former defense secretary William Perry, former secretary of state George Shultz, former vice chairman of the Joint Chiefs of Staff Gen. James Cartwright (Ret.), and former head of the National Defense University Lt. Gen. Robert Gard (Ret.), among others, calls the new warhead “dangerous, unjustified, and redundant.” The signers say that “the greatest concern…is that the president might feel less restrained about using [the new warhead] in a crisis.” They call on Congress to exercise its authority to reject the administration’s request for funding and thereby “stop the administration from starting down this slippery slope to nuclear war.”

Since our previous post, the full House passed its version of the NDAA on May 24th, in the process rejecting—in a surprisingly close and but mostly partisan vote—an amendment sponsored by Rep. John Garamendi (D-CA) and Rep. Earl Blumenauer (D-OR) that proposed fencing half of the funding for the low-yield warhead. This funding would have been held until the secretary of defense submitted a report to Congress assessing: the effect of the new warhead on strategic stability, ways to reduce the risk of miscalculation associated with it, and how to preserve the survivability of subs that would carry it, should it ever be launched. The House rejected it by a vote of 226 to 188, largely along party lines, with seven Democrats voting against the amendment and five Republicans voting for it.

The Senate version of the NDAA is expected to be released any time now, and could go to the floor as early as this week. One point of debate is likely to be over a House provision that eliminates a 2004 requirement that the Secretary of Energy must get Congressional approval before developing a new low-yield nuclear weapon.

Success, however, will require Republican support as well. The 2004 limitation on low-yield weapons was approved on a bipartisan basis. And in 2005 Congress did find bipartisan backing to reject a Bush administration proposal for a new bunker-busting nuclear bomb. Senators should take a lesson from these and other past decisions that looked beyond knee-jerk party allegiance. They should listen to the experts—from both parties—who argue based on their long involvement with these questions that low-yield nuclear weapons are both dangerous and unnecessary, and they should base their votes on what is best for the security of the country as a whole. That security does not require a new lower-yield Trident warhead; in fact, just the opposite: it requires that the Senate oppose it.




The FY2019 National Nuclear Security Administration Budget: Weapons Are Winners

In late February the Department of Energy (DOE) released its FY2019 budget request for the National Nuclear Security Administration (NNSA), and in late March Congress passed its final FY2018 appropriations bill, so we now have more information about the agency’s plans for the next several years. To no one’s surprise, both the administration and Congress increased funding for the NNSA and, in particular, for its nuclear weapons work.

(Source: free pictures of money)

Meanwhile funding for Defense Nuclear Nonproliferation—the category that covers programs to secure nuclear materials, detect illicit activities, and provide technical support for arms control measures—was down slightly in the request, but Congress added funds in this category, so the final appropriation actually shows a slight increase.

The administration requested a total of $15.1 billion for the NNSA, with $11 billion of this devoted to nuclear weapons (listed as “Weapons Activities”). This is an increase in overall NNSA funding of roughly $2 billion (17%) over the FY2017 enacted budget and $422,000 (3%) over the FY2018 enacted budget. The increase in Weapons Activities funding is sharper, an additional $1.8 billion (19%) from FY17 and $375,000 (4%) from FY18. Defense Nuclear Nonproliferation, on the other hand, saw a slight decrease in the budget request vs. previous year’s funding. The administration’s request included $1.86 billion for Defense Nuclear Nonproliferation, down from $1.9 billion in FY2018. Congress, however, increased this funding to $2.05 billion, a small increase from both FY2018 and the FY2017 enacted budget of $1.9 billion.

Table 1 lays out the progression of funding so far, and a few of the more notable changes are discussed below, but for an overview of the latest funding moves, good summaries are available in this short but thorough piece from the American Institute of Physics (though note that it was published before information about the W76-2 funding—discussed below—came out), and this more comprehensive summary from the Congressional Research Service focuses on appropriations for the NNSA’s Weapons Activities category.

Table 1.

Low-Yield Nuclear Weapons

Both the budget request and appropriations legislation are in line with the administration’s increased emphasis on the importance of nuclear weapons to US security, a view that is very clear in its recently released Nuclear Posture Review. The Trump administration claims that the US needs to modernize and expand its nuclear arsenal to respond to what it states are increased threats from Russia and others. One way it seeks to do this is by building new “low-yield” nuclear weapons, which it says are needed to increase the flexibility of US responses and thus increase deterrence. In particular, it is planning to produce a new warhead for the sub-based Trident missiles, the so-called W76-2, with a reported yield of 6.5 kilotons. (For comparison, the two warhead types now carried by subs have yields of 100 and 455 kT, and the bomb that destroyed Hiroshima had a yield of about 15 kT.) However, the US already has bombs and air-launched cruise missiles with variable yields—including some as low as 0.3 kT. Adding another type of low-yield nuclear weapon is provocative.

Although the budget request and appropriations legislation did not include any NNSA funding for the W76-2, an Office of Management and Budget amendment to the FY19 budget request submitted on April 13 does provide $65 million for work on the W76-2 (see p. 44). This money is reallocated from elsewhere in the Weapons Activities category and, when added to Department of Defense funds, brings the total funding for the modified warhead to $87.6 million in FY2019. The amendment also indicates that the administration plans to begin working on the modified warhead in FY2019, before the W76-1 life extension program ends and the associated production line closes.

Mixed-Oxide Fuel (MOX)

As my colleague Ed Lyman has already reported, another notable change in the latest legislation is that it moved one step closer to finally ending the expensive and dangerous Mixed Oxide Fuel (MOX) program. The FY2019 appropriations legislation cleared the way for the Department of Energy to shift to an alternative approach, “dilute and dispose,” that is both cheaper and has fewer security risks, and DOE has now taken the necessary step to make this change.

The MOX program was designed to dispose of excess plutonium from the US nuclear weapons program by turning it into fuel for nuclear power reactors. However, the project is decades behind schedule and cost estimates have climbed to more than $50 billion—ten times its original projected cost. The FY2019 appropriations legislation provided that if DOE submitted to Congress a life-cycle cost estimate showing that there is an alternative approach to MOX that would cost less than half the remaining MOX program cost, it would be allowed to terminate the MOX program. DOE submitted this report in mid-May, finally making it possible to kill the program, which has been on life support for years.

China Not an Obstacle to US Summit with North Korea

Last fall, as North Korea raced to demonstrate it could strike the United States with a nuclear-armed missile, the Chinese government acceded to strict international economic sanctions it previously resisted. This spring, after North Korea declared it had achieved its goal and would stop further testing, the Chinese government acceded to North Korean requests for greater engagement, including high-profile meetings between Xi Jinping and Kim Jong-un.

President Trump, along with many US officials and observers, praised China’s willingness to sign on to tougher sanctions. But they greeted China’s positive response to North Korea’s testing freeze with a mix of skepticism and suspicion. Trump suggested his Chinese counterpart was playing geopolitical poker with the summit in Singapore. US observers wondered whether China felt threatened by the summit and intentionally undermined it.

That’s unlikely.

Chinese President Xi Jinping (right) and North Korean leader Kim Jong-un walk the beach in Dalian, China during their recent May meeting.

China consistently advances two oft-stated objectives. The first is to prevent a war on the Korean peninsula. The second is to maintain political stability within North Korea. It accepted strict international sanctions in order to decrease the risk of a US military attack. It agreed to greater engagement with North Korea to sure up the government in Pyongyang. The prospective summit meeting advances both Chinese objectives. Should it fail to occur, the risk of a US military attack will increase. And China will face unwanted US pressure for new and potentially destabilizing economic sanctions.

China’s Current Successes

Throughout the fall, as North Korea kept testing and the United States kept piling on sanctions, China pushed for a freeze on North Korea’s nuclear weapons program, a freeze on US military exercises and direct talks between the United States and North Korea.

As US threats to attack North Korea were elevated in the US press, Kim used his 2018 New Year’s address to announce that the goal of developing a nuclear-armed missile that could reach the United States had been accomplished. At the same time, the North Korean leader extended an olive branch to South Korea.

South Korean President Moon Jae-in seized the opening and the two Koreas agreed to cooperate in hosting the Winter Olympic games in PyeongChang, which were held in mid-February and reversed the downward spiral of counterproductive rhetoric and behavior. The United States cooperated by postponing regularly scheduled annual military exercises with South Korea during the games. Kim received a high-level South Korean delegation in early March and agreed to meet with South Korean President Moon Jae-in. The South Korean envoys then told the United States Kim was open to discussing denuclearization.  President Trump quickly agreed to meet with Kim and the US military scaled back the postponed military exercises.

Chinese President Xi Jinping spoke with President Trump by phone the day after he agreed to meet with Kim. The Chinese press reported that Xi praised Trump for his “enthusiastic embrace of a political solution” to the North Korean nuclear problem and encouraged Trump to hold the meeting as soon as possible. Xi also expressed the hope that all concerned parties “could discharge a little more good will” and “avoid doing anything that might interfere with the continuing relaxation of tensions.” China’s president did not sound like he was trying to downplay or undermine bilateral US-North Korean talks the Chinese government had been publicly recommending for decades.

Xi Jinping, unlike his predecessors, did not meet with the North Korean leadership during his first term in office. US and Chinese observers opined about the deterioration of the relationship and a possible shift in Chinese foreign policy. China’s massive state propaganda apparatus put that discussion to bed after Kim traveled to Beijing in late March. Ever since, China’s state media has gone overboard to emphasize the traditional fraternal relationship between the two communist nations.

A week before his late-April summit with South Korean President Moon Jae-in, Kim unilaterally announced a halt to nuclear and missile tests, noting they were no longer needed. Kim also declared the nation was moving into a new stage of history focused on economic development.

It is difficult to know whether Kim’s meeting with Xi was responsible for the late-April announcement, but China appears to have received the North Korean freeze it requested during the height of tensions in the fall. Chinese state media reported that during Xi’s second meeting with Kim in the Chinese city of Dalian in early May, the North Korean leader told Xi that “significant progress in the situation on the Korean peninsula” was the product of their “historic” first meeting. Xi responded by emphasizing the following “four mutually agreed upon principles of a new era in China-North Korean relations.”

  • That the traditional friendship between North Korea and China was a shared precious treasure.
  • That because China and North Korea were both socialist nations their relationship had very important strategic significance requiring strengthened unity, cooperation and exchange.
  • That high-level exchanges had an irreplaceably important influence in building bilateral relations.
  • That consolidating the foundation of popular friendship was an important avenue for advancing the development of China-North Korea relations.

The fourth principle left many Chinese with the impression that a productive summit between North Korea and the United States would precipitate a regional economic boom. Chinese expectations for success were so high that articles on opportunities in the North Korean real estate market circulated in the press.

All of these developments are inconsistent with the suggestion that China is trying to undermine a successful summit between North Korea and the United States.

China’s Hopes for the Future 

Many Chinese look at North Korea through the lens of their own history. Their hope is that North Korea will follow China’s example and gradually reform its economy. As the process of economic reform unfolds, regional anxieties about provocative and violent North Korean behavior should recede, and North Korean concerns about its security should become less pressing.

Most Chinese nuclear arms control experts tell us that as long as those security concerns persist, North Korea is unlikely to agree to denuclearize. But they do believe that now that the North Korean leadership thinks it has demonstrated the potential to retaliate with a nuclear weapon it would be willing to freeze its program in exchange for some loosening of the severe economic sanctions constraining its economy.

The question for the United States, North Korea’s other neighbors and the international community is whether that’s a bargain they are willing to make.

Yesterday, after North Korea responded constructively to President Trump’s suggestion that the time for a summit was not ripe, the Chinese Foreign Ministry told reporters that China was “paying attention to the twists and turns in the preparations for the summit,” suggesting the Chinese leadership was still expecting it would eventually take place. Moreover, ministry spokesperson Lu Kang emphasized, “The Chinese government’s position on the problems on the Korean peninsula is clear and consistent. We feel that as the parties to the peninsula’s nuclear weapons problem, the meeting between the leaders of North Korea and the United States will have a critical impact on the progress of the process towards the denuclearization of the peninsula.”

The Senate Should Oppose the New Low-Yield Trident Warhead

This week, the Senate Armed Services Committee will take its turn to mark up the FY 2019 National Defense Authorization Act (NDAA). This also gives it an opportunity to weigh in on the Trump administration’s proposal for a new, lower-yield warhead for the Trident D5 submarine-launched ballistic missile (SLBM), funding for which is included in the bill.

The new warhead, designated the W76-2, will reportedly have a yield of 6.5 kilotons and would replace some of the W76 warheads currently on the Trident missiles, which have a yield of 100 kilotons.

The NDAA as it is now written would authorize $88 million in spending for the new warhead: $65 million from the Department of Energy’s National Nuclear Security Administration’s budget and $23 million in Department of Defense funds. The House Armed Services Committee earlier this month voted along party lines to reject an amendment that would have eliminated funding for the program from its version of the bill.

Despite the administration’s rhetoric about the need to strengthen deterrence, there is no good reason to develop a new warhead. As the head of the US Strategic Command, General Hyten, said himself in Congressional testimony earlier this year, “I have everything I need today to deter Russia from doing anything against the United States of America.” Worse, as many experts have pointed out, the new warhead could cause confusion for Russia and potentially increase the chances of miscalculation leading to an escalating nuclear exchange. Former Secretary of Defense William Perry has called such low-yield weapons “a gateway to a nuclear catastrophe.”

Opposition to this new program may be stronger in the Senate than in the House. It is certainly ripe for debate, given the dangers it presents and the questionable rationale the administration has put forward for it. To help make the case, more than twenty NGOs sent a letter to Senate Majority Leader Mitch McConnell that lays out the arguments against a new lower-yield Trident warhead.

It is unlikely that the Senate, in its current configuration, will stop the program, but it is important at the very least to ask the relevant questions about why we need such a weapon (we don’t) and how it would really affect US security (by decreasing it).

Closing North Korea’s Nuclear Test Site

Of the surprising announcements North Korea has made in recent weeks, one of the most surprising was its statement that it would not only end nuclear tests but shut down its nuclear test site with international observers watching.

What should we make of this?

Pyongyang said it would allow journalists from the United States, Russia, Britain, and South Korea to watch the destruction of the tunnels at Punggye-ri sometime in the coming week (May 23-25). These tunnels dug into the mountain are where North Korea conducts its nuclear tests. US intelligence says that North Korea is already dismantling the test site, and satellite photos of the site (here and here) confirm that a number of facilities at the site have already been torn down.

Punggye-ri Test Site (Source: Google Earth)

If North Korean leader Kim Jong-un is serious about limiting and perhaps eventually eliminating his nuclear and missile capabilities in return for economic engagement with the outside world, the question is how he demonstrates that seriousness. Publicly shutting down his test site is a meaningful step in the right direction and an interesting way to try to send that message.

It’s true that shutting down the Punggye-ri test site does not prevent North Korea from ever testing again. If negotiations fail or situations change in the future, it could decide to tunnel at a different site and build the required infrastructure needed to test. But it’s a meaningful and pretty dramatic action nonetheless.

For one thing, while part of the current test site is no longer usable because some tunnels collapsed after previous tests, experts agree that a couple tunnels at the site remain usable. They also agree that disabling the facilities would take time to reverse—perhaps months or longer.

This reminds me of North Korea’s decision in 2008 to disable its nuclear reactor at Yongbyon by  blowing up the cooling tower and letting foreign reporters film the event. This was at a time when negotiations with the United States seemed to be moving ahead. A few years later after negotiations had stalled, Pyongyang built a new cooling system and was able to restart the reactor. But disabling the reactor was still a meaningful action, since it kept the reactor from operating for several years.

What’s next?

North Korea’s statements last week raised the possibility that Kim was walking back his various offers. Yet Kim’s criticism was focused on statements by John Bolton and others about the need for the North to denuclearize as an early step of negotiations. This is an approach Pyongyang has consistently rejected, calling instead for a step-by-step process that helps build the trust needed for additional steps.

President Trump’s subsequent statement disavowing this so-called “Libyan model” of disarmament seemed intended to help repair the situation, but his later statement that appeared to threaten destruction of North Korea if talks failed could have exactly the opposite effect and lead Kim to cancel or delay the talks. In the meantime, China has urged Pyongyang to continue with the talks.

So whether or not the summit will proceed as planned remains uncertain. An important indicator will be whether North Korea goes ahead with destroying tunnels at its test site this week.

A Response to Roberts and Payne

A recent letter by Bradley Roberts and Keith Payne responds to a Japanese press account of a blog post that discussed Japanese Vice Foreign Minister Takeo Akiba’s 25 February 2009 presentation to a US congressional commission on US nuclear weapons policy. Reports of Mr. Akiba’s presentation created some controversy in the Japanese Diet, since he may have made statements that contradict the spirit, if not the letter, of a long-standing Diet resolution. That resolution, adopted decades ago and reaffirmed many times since, prohibits any transportation of US nuclear weapons into Japanese territory.

The 1969 US-Japan agreement granting the United States “standby retention and activation” of nuclear weapons storage sites on US military bases in Okinawa.

Roberts and Payne mistakenly claim the document on which the post was based does not exist, despite the fact that it was published on the website of a non-governmental Japanese arms control expert more than a month before their letter appeared in the Japan Times.

The document exists.

Roberts and Payne also claimed that because the Japanese participants were “off-the-record” no records were kept. This too is incorrect. There may be no transcript of Mr. Akiba’s presentation, but an April 10 reply by the cabinet to questions from Rep. Seiji Osaka confirmed that the Foreign Ministry kept records on the proceedings of the US commission where representatives of the ministry were present. The same reply was repeated in a document issued on April 13 by the Security Treaty Division of the North American Bureau of the Ministry of Foreign Affairs. The United States Institute of Peace (USIP) also archived documents that describe the discussions between the commissioners and the Japanese officials.

Records were kept.

Meetings are often held “off the record” to allow public officials to express their personal opinions. Rep. Osaka asked the Abe government whether the Foreign Ministry officials who participated in the proceedings of the US commission were acting in a personal or an official capacity. The April 10 reply by the cabinet confirmed that all of the Japanese officials who participated in the proceedings were acting in an official capacity under the direction of Foreign Minister Nakasone.

The three-page document Akiba presented to the US commission is therefore an official record of the Japanese government’s views on the role of US nuclear weapons in the defense of Japan. So are any oral statements Akiba and the other Japanese officials gave to the commission.

Some of those oral statements were recorded in hand-written notes on the margins of the document. Those notes contain an abbreviated rendition of a conversation between Akiba and James Schlesinger in which the Japanese minister gives a favorable response to Schlesinger’s question about building nuclear weapons storage facilities in Okinawa. Roberts and Payne recall the conversation. They note that Akiba “clearly set out the three non-nuclear principles,” which the Japanese official does in the hand-written notes on his conversation with Schlesinger. Yet Roberts and Payne neglected to mention Mr. Akiba also said that “some quarters talk about revising the third principle,” which would be necessary if the United States were to bring nuclear weapons into Japan or prepare to store them in Okinawa.

The language in the hand-written notes makes it difficult to assess whether Mr. Akiba is among those who want to revise the third principle. But his favorable response to Schlesinger’s proposal to construct nuclear weapons storage sites in Okinawa deserves more careful scrutiny.

Notes are often incomplete and sometimes inaccurate. Memories, especially of a conversation that took place nine years ago, can be faulty. One way to help clarify this matter is for the United States Institute of Peace (USIP) to release the Foreign Ministry from its promise of confidentiality and encourage the ministry to respond to Diet requests for access to its records. USIP should also grant the Diet access to all materials on the proceedings of the commission it may hold in its archives. Greater transparency, from both sides, is the best way to set the record straight.

High Energy Arc Faults and the Nuclear Plant Fire Protection IOU

Last year, we posted a commentary and an update about a high energy arc fault (HEAF) event that occurred at the Turkey Point nuclear plant in Florida. The update included color photographs obtained from the Nuclear Regulatory Commission (NRC) via a Freedom of Information Act request showing the damage wrought by the explosion and ensuing fire. Neither the HEAF event or its extensive damage surprised the NRC—they had been researching this fire hazard for several years. While the NRC has long known about this fire hazard, its resolution remains unknown. Meanwhile, Americans are protected from this hazard by an IOU. The sooner this IOU is closed out, the better that Americans in jeopardy will be really and truly protected.

What is a HEAF?

The Nuclear Energy Agency (NEA), which has coordinated international HEAF research efforts for several years, defines HEAF this way: “An arc is a very intense abnormal discharge of electrons between two electrodes that are carrying an electrical current. Since arcing is not usually a desirable occurrence, it is described as an arcing fault.”

Nuclear power plants generate electricity and use electricity to power in-plant equipment. The electricity flows through cables or metal bars, called buses. An arc occurs when electricity jumps off the intended pathway to a nearby metal cabinet or tray.

Electricity is provided at different voltages or energy levels for different needs. Home and office receptacles provide 120-volt current. Nuclear power plants commonly have higher voltage electrical circuits carrying 480-volt, 4,160-volt, and 6,900-volt current for motors of different sizes. And while main generators at nuclear plants typically produced electricity at 22,000 volts, onsite transformers step up the voltage to 345,000 volts or higher for more efficient flow along the transmission lines of the offsite power grid.

How is the Risk from HEAF Events Managed?

Consistent with the overall defense-in-depth approach to nuclear safety, HEAF events are managed by measures intended to prevent their occurrence backed by additional measures intended to minimize consequences should they occur.

Preventative measures include restrictions on handling of electrical cables during installation. Limits on how much cables can be bent and twisted, and on forces applied when cables are pulled through wall penetrations seek to keep cable insulation intact as a barrier against arcs. Other preventative measures seek to limit the duration of the arc through detection of the fault and automatic opening of a breaker to stop the flow of electrical current through the cables (essentially turning the arc off).

Mitigative measures include establishing zones of influence (ZOI) around energized equipment that controls the amount of damage resulting from a HEAF event. Figure 1 illustrates this concept using an electrical cabinet as the example Electrical cabinets are metal boxes containing breakers, relays, and other electrical control devices. Current fire protection regulatory requirements impose a 3-foot ZOI around electrical cabinets and an 18-inch ZOI above them. Anything within the cabinet and associated ZOI is assumed to be damaged by the energy released during a HEAF event. Sufficient equipment must be located outside the affected cabinet and its ZOI to survive the event and adequately cool the reactor core to prevent meltdown.

Fig. 1 (Source: Nuclear Regulatory Commission)

Even with these preventative and mitigative measures, NEA recognized the hazard that HEAF events poses when it wrote in a May 2017 report: “The electrical disturbance initiating the HEAF often causes loss of essential electrical power and the physical damage and products of combustion provide significant challenges to the operators and fire brigade members handling the emergency. It is clear that HEAFs present one of the most risk significant and challenging fire scenarios that a [nuclear power plant] will face.”

What is the Problem with HEAF Risk Management?

Actual HEAF events have shown that the preventative and mitigative measures intended to manage the hazard have shortcomings and weaknesses. For example, arcs have sometimes remained energized far longer than assumed, enabling the errant electricity to wreak more havoc.

Additionally, HEAF events have damaged components far outside the assumed zones of influence, such as in the Turkey Point event from March 2017. In other words, the HEAF hazard is larger than its defenses.

How is the HEAF Risk Management Problem Being Resolved?

On March 11, 2011, an earthquake offshore of Japan and the tsunami it spawned led to the meltdown of three reactors at the Fukushima Daiichi nuclear plant. That earthquake also caused a HEAF event at the Onagawa nuclear plant in Japan. The ground motion from the earthquake prevented an electrical circuit breaker from opening to limit the duration of the arc. The HEAF event damaged equipment and started a fire (Fig. 2). Because the fire brigade could not enter the room due to heat and smoke, the fire blazed for seven hours until it had consumed all available fuel. As an NRC fire protection engineer commented in April 2018, “If Fukushima wasn’t occurring, this is probably what would have been in the news headlines.” Onogawa was bad. Fukushima was just worse.

Fig. 2 (Source: Nuclear Regulatory Commission)

Research initiated in Japan following the Onagawa HEAF event sought to define the factors affecting the severity of the events. Because the problem was not confined to nuclear power plants in Japan, other countries collaborated with the Japanese researchers in pursuit of a better understanding of, and better protection for, HEAF events.

The NRC participated in a series of 26 tests conducted between 2014 and 2016 using different types of electrical panels, bus bar materials, arc durations, electrical current voltages, and other factors. The results from the tests enabled the NRC to take two steps.

First, the NRC entered HEAF events into the agency’s generic issues program in August 2017. In a related second step, the NRC formally made the owners of all operating US nuclear power plants aware of this testing program and its results via an information notice also issued in August 2017. The NRC has additionally shared its HEAF information with plant owners during the past three Regulatory Information Conferences and several other public meetings and workshops.

The NRC plans a second series of tests to more fully define the conditions that contribute to the severity of HEAF events.

How Are HEAF Events Tested?

Test 23 during the Phase I program subjected a 480-volt electrical cabinet with aluminum bus material to an arc lasting 7.196 seconds. Figure 3 shows the electrical cabinet with its panel doors opened prior to the test. A pointer on the left side of the picture shows the location where the arc was intentionally caused.

Fig. 3 (Source: Nuclear Energy Agency)

To induce an arc for the test, a wire was wrapped around all three phases of the 480-volt alternating current connectors within one of the cabinet’s panels as shown in Figure 4. On the right edge of the picture is a handswitch used to connect or disconnect electrical power flowing into the cabinet via these buses to in-plant electrical loads.

Fig. 4 (Source: Nuclear Energy Agency)

Instrumentation racks and cameras were positioned around the cabinet being tested. The racks included instruments measuring the temperature and pressure radiating from the cabinet during the HEAF event. High-speed, high definition cameras recorded the progression of the event while infrared cameras captured its thermal signature. A ventilation hood positioned over the cabinet connected to a duct with an exhaust fan conducted smoke away from the area to help the cameras see what was happening. More importantly, the ventilation duct contained instruments measuring the heat energy and byproducts released during the event.

Fig. 5 (Source: Nuclear Regulatory Commission)

What Are the HEAF Test Results?

For a DVD containing reports on the HEAF testing conducted between 2014 and 2016 as well as videos from the 26 tests conducted during that period, send an email with your name and address to RES_DRA_FRBQnrc.gov. Much of the information in this commentary comes from materials on the DVD the NRC mailed me in response to my request.

Test 4 in the Phase I Program subjected a 480-volt electrical cabinet with aluminum bus material to an arc lasting only 0.009 seconds (i.e., 9 milliseconds). The short duration arc had minimal consequences, entirely missed if one blinks at the wrong time while watching the video. This HEAF event did not damage components within the electrical cabinet, yet alone any components outside the 3-foot zone of influence around it.

Test 3 in the Phase I Program subjected a 480-volt electrical cabinet with copper bus material to an arc lasting 8.138 seconds. The longer duration arc produced greater consequences than in Test 4. But the video shows that the consequences are largely confined to the cabinet and zone of influence.

Test 23 in the Phase I Program subjected a 480-volt electrical cabinet with aluminum bus material to an arc lasting 7.196 seconds. The voltage level and arc duration for Test 23 were essentially identical to that for Test 3, but the consequences were significantly different. Aluminum behaved differently than copper during the HEAF event, essentially fueling the explosion and ensuing fire. As a result, the damage within the cabinet, zone of influence, and even beyond the 3-foot zone of influence was much greater. For example, some of the instruments on the rack positioned just outside the 3-foot zone of influence were vaporized.

Until debris from the event obscured the lens of a camera positioned many feet outside the 3-foot zone of influence, a side view of the Test 23 HEAF event showed it was a bigger and badder event than the HEAF event in Test 3 and the HEAF event in Test 4.

Figure 6 shows the electrical cabinet with its panel doors open after Test 23. The cabinet clearly looks different from its pre-test appearance (see Figure 4). But this view does not tell the entire story.

Fig. 6 (Source: Nuclear Energy Agency)

Figure 7 shows the left side of the electrical cabinet after Test 23. The rear upper left corner of the cabinet is missing. It was burned and/or blown away by the HEAF event. The cabinet is made of metal, not wood, plastic, or ice. The missing cabinet corner is compelling testimony to the energy released during HEAF events.

Fig. 7 (Source: Nuclear Energy Agency

Tests 3, 4 and 23 all featured electrical cabinets supplied with 480-volt power.

Tests 4 and 23 each featured aluminum bus material. Test 4 had negligible consequences while Test 23 had significant consequences, attesting to the role played by arc duration. The arc lasted 0.009 seconds in Test 4 while it lasted 7.196 seconds in Test 23.

Tests 3 and 23 featured arcs lasting approximately 8 seconds. Test 23 caused substantially greater damage within the electrical cabinet and beyond the 3-foot zone of influence due to the presence of aluminum rather than copper materials.

How Vulnerable Are US Nuclear Plants to HEAF Events?

The Phase I series of tests revealed that HEAF events depend on the voltage level, the conducting material (i.e., copper, iron, or aluminum), and the arc duration. The higher the voltage, the greater the amount of aluminum, and the longer the arc duration, the greater the consequences from HEAF events.

The NRC received results in 2017 from an industry survey of US nuclear plants. The survey showed that the plants have electrical circuits with voltage levels of 480, 4160, 6900, and 22000 volts. The survey also showed that while some plants did not have electrical circuits with components plated with aluminum, many did.

As to arc durations, actual HEAF events at US plants have involved arc durations longer than the 8 seconds used in Tests 3 and 23. The May 2000 event at Diablo Canyon lasted 11 seconds. The March 2010 event at HB Robinson last 8 to 12 seconds. And the June 2011 event at Fort Calhoun last 42 seconds and likely would have lasted even longer had operators not intervened by manually opening an electrical breaker to end the event.

So, many US nuclear plants have all the ingredients necessary for really nasty HEAF events.

What Might the Fixes Entail?

The testing program results to date suggest a tiered approach to the HEAF event solution. Once the key factors (i.e., combinations of voltage levels, materials, and arc durations) are definitively established, they can be used to screen out configurations within the plant where a HEAF event cannot compromise safety margins. For example, a high voltage electrical cabinet with aluminum bus material and suspect arc duration limiters might need no remedies if it is located sufficiently far away from safety components that its HEAF vaporization carries only economic rather than safety implications. Similarly, configurations with voltage levels and materials that remain bound by the current assumptions like the 3-foot zone of influence would require no remedies.

When a configuration cannot be screened out, the remedy might vary. In some cases, it might involve providing more reliable, quick-acting fault detection and isolation systems that limit the duration of the arc. In other cases, replacing aluminum buses with copper or iron buses might be a suitable remedy. And the fix might be simply installing a protective wall between an electrical cabinet and safety equipment.

Further HEAF testing will expand knowledge of the problem, thus more fully informing the decisions about effective solutions.

UCS Perspective

It has been known for many years now that HEAF events could cause wider damage than currently assumed in designing and applying fire protection measures. As a result, a fire could damage primary safety systems and their backups—the very outcome the fire protection regulatory requirements are intended to prevent.

This is normally the time and spot where I chastise the NRC for dragging its feet in resolving this known safety hazard. But while years have passed since the HEAF hazard flag was first raised, the NRC’s feet have been busy. For while it was known that HEAF events could cause greater damage than previously realized, it was not known what factors played what roles in determining the severity of HEAF events and the damage they inflict. The NRC joined regulatory counterparts worldwide in efforts designed to fill in these information gaps. That knowledge was vitally needed to ensure that a real fix, rather than an ineffective band-aid fix, was applied.

That research took time to plan and conduct. And further research is needed to fully define the problem to find its proper solution. In the meantime, the NRC has been very forthcoming with plant owners and the public about its concerns and associated learnings to date.

While the NRC’s efforts to better understand HEAF events may be justified, it’s worth remembering that the agency’s intentions and plans are little more than IOUs to the millions of Americans living close to vulnerable nuclear plants. IOUs provide zero protection. The NRC needs to wrap up its studies ASAP and turn the IOUs into genuine protection.

Made in Chattanooga

What do the Arkansas Nuclear One Unit 2, Beaver Valley Unit 1, Beaver Valley Unit 2, Big Rock Point, Callaway, Calvert Cliffs Unit 1, Calvert Cliffs Unit 2, Catawba Unit 2, Comanche Peak Unit 1, Comanche Peak Unit 2, Connecticut Yankee, Cooper, Diablo Canyon Unit 1, Diablo Canyon Unit 2, Donald C. Cook Unit 1, Edwin I. Hatch Unit 1, Edwin I. Hatch Unit 2, Fort Calhoun, HB Robinson, Indian Point Unit 1, Indian Point Unit 2, Indian Point Unit 3, James A. FitzPatrick, Joseph M. Farley Unit 1, Joseph M. Farley Unit 2, Fermi Unit 2, Kewaunee, LaSalle Unit 1, Maine Yankee, Marble Hill, McGuire Unit 1, Millstone Unit 1, Millstone Unit 2, Millstone Unit 3, Nine Mile Point Unit 1, Oyster Creek, Palisades, Palo Verde Unit 1, Palo Verde Unit 2, Palo Verde Unit 3, Pilgrim, Point Beach Unit 2, Salem Unit 1, Salem Unit 2, San Onofre Unit 1, San Onofre Unit 2, San Onofre Unit 3, Seabrook, South Texas Project Unit 1, South Texas Project Unit 2, St. Lucie Unit 1, St. Lucie Unit 2, Vogtle Unit 1, Vogtle Unit 2, Waterford, and Wolf Creek nuclear power reactors have in common?

True, they are all mentioned in this same question. But the subject commonality has a broader dimension.

Also true, they are all located on planet earth. But the subject commonality has a narrower dimension.

Hint: Check out the title of this commentary.

Yes, the reactor vessels for all these nuclear plants, and many others worldwide, were manufactured by Combustion Engineering at their factory in Chattanooga, Tennessee.

Indeed, the Chattanooga factory made the vessels for boiling water reactors like FitzPatrick and Pilgrim, for Westinghouse pressurized water reactors like Diablo Canyon and Indian Point and for Combustion Engineering pressurized water reactors like Palo Verde and Waterford.

In the days before FedEx, how did reactor vessels made in the hills of east Tennessee get to so many locations coast to coast? The Tennessee River winds through Chattanooga and empties into the Mississippi River. Whenever possible, the reactor vessels were lifted onto barges in Chattanooga and floated to the plant sites. For example, the Unit 1 reactor vessel for the Nine Mile Point nuclear plant in Oswego, New York took the scenic route down the Tennessee River, up the Mississippi River, up the Illinois River, across four of the five Great Lakes.

Fig. 1 (Source: Daily Standard (October 7, 1966))

It took 29 days for Pilgrim’s reactor vessel to make the 3,587-mile journey down the Tennessee and Mississippi Rivers, across the Gulf of Mexico and along the Atlantic coast to Plymouth, Massachusetts. (The plant is scheduled to permanently shut down by June 2019. On behalf of my fellow citizens of Chattanooga, the current owner should check out the “No Return” provision in the contract.)

Fig. 2 (Source: UPI Telephoto published in News Journal (March 4, 1970))

The Unit 1 reactor vessel for the San Onofre Nuclear Generating Station in southern California began its 2,000-mile journey on a barge, was transferred onto a freighter for passage through the Panama Canal, was transferred back onto a barge, and then loaded onto a train car for delivery to the site.

Fig. 3 (Source: Daily Republican (April 23, 1965))

Not all the journeys were event-free. The Unit 3 reactor vessel for the Indian Point nuclear plant in Buchanan, New York was dropped on January 12, 1971, as it was being unloaded at the plant. Well, it was not actually dropped. It underwent an “unscheduled descent during its installation” at the plant. An overhead crane rated for 175-tons was being used to lift the 456-ton package of reactor vessel and shipping rig. Somehow, the motor for the 175-ton rated crane became overheated as it was lifting the 456-ton load. The 456-ton load had been raised from its original horizontal configuration to nearly the vertical (i.e., 90°) position when the lift was halted to let the overheated crane motor cool down. The 175-ton crane’s hoist failed, dropping the load—or letting the load make its unscheduled descent back to the horizontal position.

Fig. 4 (Source: Oak Ridge National Laboratory)

Scientists from Oak Ridge, representatives of Combustion Engineering in Chattanooga, and workers from Westinghouse huddled to determine whether the unscheduled descent of the reactor vessel resulted in its unscheduled dis-use. They reviewed results from magnetic particle and ultrasonic examinations and concluded the vessel could be used.

Scientists from the Oak Ridge National Laboratory traveled to Buchanan to view the Unit 3 reactor vessel. They heard contradictory accounts as to the position of the reactor vessel when it began its unscheduled descent. Some eyewitnesses said the vessel and rig were about three feet off the ground. Others insisted it was not off the ground at all. Similarly, the scientists received varying accounts of how long it took the vessel to complete its unscheduled decent. Some eyewitnesses reported the descent took 15 seconds. Others claimed the descent went on for nearly 60 seconds. The discrepancies might be attributed to the eyewitnesses making unscheduled departures from the vicinity.

UCS Perspective

UCS has staffed a remote office in Chattanooga for the past eight years. At the time, we knew the city was the location for the International Towing Museum, but did not realize that the city played such a prominent role in the development of nuclear power reactors in the United States. And as if making tow trucks and reactor vessels was not enough, but Moon Pies were invented in Chattanooga in 1917.

Chattanooga also has the offices for the Nuclear Division of the Tennessee Valley Authority (TVA), with TVA’s Sequoyah Nuclear Plant within sight of downtown. Chattanooga also has the Nuclear Regulatory Commission’s Technical Training Center as well as a Westinghouse training facility.

But Chattanooga no longer makes reactor vessels. Combustion Engineering scaled back manufacturing at the factory as demand for nuclear components dwindled in the U.S. and abroad. In 2007, the nearly idled manufacturing plant was acquired by French-based Alstom with intentions to make components to support the nuclear renaissance. The factory did not need a first shift, yet alone a second or third shift, to handle all the non-orders for reactor vessels and other nuclear plant parts. The factory closed shop in 2016.

But don’t despair. Chattanooga still makes Moon Pies and tow trucks.

NRC Cherry-Picking in the Post-Fukushima Era: A Case Study

In the late 1960s, the Atomic Energy Commission (AEC), the forerunner of the NRC, paid the very companies that designed nuclear reactors—Westinghouse and General Electric (GE)—to test the efficacy of their own emergency cooling systems.

In the event of an accident in which a reactor loses water, uncovering the fuel rods—called a “loss-of-coolant accident”—these systems inject water back into the reactor in an attempt to prevent a meltdown. The tests that Westinghouse and GE performed were named the Full Length Emergency Cooling Heat Transfer (FLECHT) tests. The FLECHT tests simulated fuel rods undergoing a loss-of-coolant accident. The tests were intended to be as realistic as possible: bundles of 12-foot-tall rods, simulating fuel rods, were electrically heated up to reactor-accident temperatures and then inundated with cooling water.

Several of the tests were geared toward assessing how well the outer casing of fuel rods, called “cladding,” would endure in accident conditions. The cladding of fuel rods is primarily zirconium, a silver-colored metal. After the injection of water in an accident, hot-zirconium cladding is intended to endure the thermal shock of swift re-submergence and cooling. The cladding must not be stressed to its failure point. It is crucial that the fuel cladding perform well in an accident because it is a barrier preventing the release of highly radioactive materials into the exterior environment.

Figure 1. Source: Westinghouse)

Robert Leyse, my father, a nuclear engineer employed by Westinghouse, conducted a number of the FLECHT tests. On December 11, 1970, one of those tests, designated as Run 9573, had unexpected results. In Run 9573, a section of the test bundle’s zirconium cladding essentially caught on fire. The cladding burned in steam—then, when cooled, shattered like overheated glass doused with cold water.

Mr. Leyse instructed a lab assistant to take photographs of the destroyed test bundle, one of which is displayed as Figure 1. In a report on the FLECHT tests that Mr. Leyse coauthored, Westinghouse referred to the severely burnt, shattered section as the “severe damage zone” and noted that “the remainder of the [test] bundle was in excellent condition.”

Westinghouse’s FLECHT data is nearly 50 years old yet it is still highly regarded. The AEC used some of the FLECHT data to establish regulations that remain in place to this day. Westinghouse’s report on the FLECHT tests states that data from the first 18 seconds of Run 9573—before the cladding caught fire—is valid.

Concern over the extent zirconium burns in reactor accidents

In 2009, I submitted a rulemaking petition (PRM-50-93), requesting new regulations intended to improve public and plant worker safety. PRM-50-93 contends industry and NRC computer safety models under-predict the extent zirconium fuel cladding burns in steam. In more technical terms, the petition alleges models under-predict the rates at which zirconium chemically reacts with steam in a reactor accident. I buttressed my claims by citing data from FLECHT Run 9573 and other experiments conducted with bundles of zirconium cladding.

The zirconium-steam reaction produces zirconium dioxide, hydrogen, and heat. In a serious accident, the rate of the zirconium-steam reaction increases as local cladding temperatures increase within the reactor core. As the reaction speeds up, more and more heat is generated; in turn, the additional heat increases the rate of the reaction, potentially leading to thermal runaway and a meltdown.

It is problematic that the zirconium-steam reaction generates hundreds of kilograms of explosive hydrogen gas in a meltdown. In the Fukushima Daiichi accident—in which three reactors melted down—hydrogen leaked out of reactors’ containments and detonated, blowing apart reactor buildings. The release of radioactive material prompted the evacuation of tens of thousands of people and rendered a large area of land uninhabitable.

A “high priority”

In 2010, the NRC said its technical analysis of my 2009 rulemaking petition (PRM-50-93) was a “high priority.” Then, in 2011, the agency issued a press release announcing it intended to “increase transparency” in its petition review process by releasing preliminary evaluations of PRM-50-93. The announcement said the final decision on the petition would “not be issued until after the NRC Commissioners…considered all staff recommendations and evaluations.”

As part of the preliminary technical analysis of PRM-50-93, the NRC staff conducted computer simulations of FLECHT Run 9573. They compared the results of their simulations to data Westinghouse reported. However, there is a major problem with the staff’s simulations. They did not simulate the section of the test bundle that ignited. (Or if they did simulate that section, they decided not to release their findings.)

By way of an analogy: what the NRC staff did would be like simulating a forest fire and omitting trees reduced to ash and only simulating those that had been singed. After doing such a bogus simulation one might try to argue that trees actually do not burn down in forest fires. The staff basically did just that. They used the results of their simulations to argue that models of the zirconium-steam reaction are not flawed—that reaction rates are not under-predicted.

On January 31, 2013, I gave a presentation to the five commissioners who were heading the NRC at the time. They invited me to present my views in a meeting addressing public participation in the NRC’s rulemaking process. They apparently wanted my insights, because, in 2007, I raised a safety issue in a rulemaking petition (PRM-50-84) that they decided to incorporate into one of their regulations. I had pointed out that computer safety models neglected to simulate a phenomenon affecting the performance of fuel rods in a loss-of-coolant accident.

In my presentation, I criticized the staff’s computer simulations of FLECHT Run 9573. I said: “You cannot do legitimate computer simulations of an experiment that [caught on fire] by not actually modeling the section of the test bundle that [caught on fire].” In the Q and A session, Commissioner William Magwood assured me that he and the other commissioners would instruct the staff “to follow up on” my comments, including my criticism of the staff’s simulations of Run 9573. Then, five weeks after the meeting, Annette Vietti-Cook, Secretary of the Commission, instructed the staff to “consider and respond” to my comments on its review of PRM-50-93.

I hoped the staff would promptly conduct and report on legitimate computer simulations of FLECHT Run 9573. Instead, in March 2013, the staff restated that their prior, incomplete simulations of Run 9573 over-predicted the extent that zirconium burns in steam, indicating computer safety models are beyond adequate.

In November 2015, after I made a series of additional complaints, with help from Dave Lochbaum of the Union of Concerned Scientists, Aby Mohseni, Deputy Director of the NRC’s Division of Policy and Rulemaking, disclosed results of computer simulations of FLECHT Run 9573 including the section of the test bundle that ignited. The simulations drastically under-predict temperatures Westinghouse reported for that section.

The NRC’s severe-damage-zone computer simulations of Run 9573

The NRC’s severe-damage-zone computer simulations predicted cladding and steam temperatures for the FLECHT Run 9573 test bundle, at the 7-foot elevation, at 18 seconds into the experiment. (The severe damage zone was approximately 16 inches long, centered at the 7-foot elevation of the 12-foot-tall test bundle.)

The highest cladding temperature the severe-damage-zone simulations of Run 9573 predicted is 2,350°F, at the 7-foot elevation, at 18 seconds. Westinghouse reported that at 18.2 seconds into Run 9573, cladding temperatures by the 7-foot elevation exceeded 2,500°F. Cladding temperatures by the 7-foot elevation were not directly measured by thermocouples (temperature-measuring devices); however, Westinghouse reported that electrical heaters installed in the cladding began to fail at 18.2 seconds, by the 7-foot elevation, after local cladding temperatures reached higher than 2,500°F. Hence, even considering the time difference of a 0.2 second, one can infer that the severe-damage-zone simulations of Run 9573 under-predicted the cladding temperature by a margin of more than 100°F (at the section of the test bundle that ignited).

(Note that there is a time difference of a 0.2 second between the time the NRC picked for its simulations of Run 9573 and the time that the electrical heaters began to fail in the experiment. In the staff’s incomplete simulations of Run 9573—reported in the staff’s preliminary evaluations of PRM-50-93—the highest predicted cladding temperature is 2,417.5°F, at the 6-foot elevation, at 18 seconds. And the highest predicted cladding temperature increase rate is 29°F per second, at the 6-foot elevation, at 18 seconds. From these predictions we can infer that—although the value has not been reported—the highest predicted cladding temperature increase rate would be approximately 29°F per second or less, at the 7-foot elevation, at 18 seconds.)

In Run 9573, at the 7-foot elevation, the heat generated by the zirconium-steam reaction radiated to the local environment, heating the steam in proximity. The highest steam temperature the NRC’s severe-damage-zone simulations of Run 9573 predicted is 2,055°F, at the 7-foot elevation, at 18 seconds. Westinghouse reported that at 16 seconds into Run 9573, a steam-probe thermocouple mounted at the 7-foot elevation directly recorded steam temperatures that exceeded 2,500°F. And a Westinghouse memorandum (included as Appendix I of PRM-50-93) stated that after 12 seconds, the steam-probe thermocouple recorded “an extremely rapid rate of temperature rise (over 300°F/sec).” (Who knows how high the local steam temperatures actually were at 18 seconds; they were likely hundreds of degrees Fahrenheit higher than 2,500°F.) Hence, the severe-damage-zone simulations of Run 9573 under-predicted the steam temperature by a margin of more than 400°F (by the section of the test bundle that ignited).

The fact the NRC’s severe-damage-zone simulations under-predict cladding and steam temperatures that occurred in Run 9573 is powerful evidence indicating models under-predict the zirconium-steam reaction rates that occur in reactor accidents.

Qualifying power level increases for reactors

Since the 1970s, the NRC has approved more than 150 power level increases (termed “power uprates”) for reactors in the US fleet, enabling them to generate more and more electricity. An important part of qualifying a power uprate is to provide assurance with computer simulations that emergency systems would be able to prevent a meltdown if there were a loss-of-coolant accident at the proposed, higher power level.

A computer simulation is supposed to over-predict the severity of a potential nuclear accident. A margin of safety is established when a reactor’s power level is qualified by a “conservative” simulation—one that overcompensates. Meltdowns are less likely to occur if the reactor operates at a safe power level, providing a sufficient safety margin.

The extent zirconium burns at high temperatures has a major impact on the progression and outcome of a reactor accident. If zirconium-steam reaction rates are under-predicted by computer safety models, they will also under-predict the severity of potential reactor accidents. And, if power uprates have been qualified by models under-predicting the severity of potential accidents, it is likely power levels of reactors have been set too high and emergency cooling systems might not be able to prevent a meltdown in the event of a loss-of-coolant accident.

A petition review process of beyond eight years (with cherry-picking)

The NRC staff’s technical analysis of my 2009 rulemaking petition (PRM-50-93) was completed on March 18, 2016, but was not made publicly available until March 5, 2018, nearly two years later. The technical analysis signals an intention to deny PRM-50-93. It concludes with the statement: “Each of the petition’s key presumptions was investigated in detail. … The petition fails to provide any new information that supports a rule change. The NRC staff does not agree with the petition’s assertions, and concludes that revisions to [NRC regulations] or other related guidance are not necessary.”

Interestingly, a NRC staff e-mail, released in response to a Freedom of Information Act request, reveals that in August 2015—seven months before their technical analysis was completed—the staff already planned to deny PRM-50-93. At that time, the staff intended to announce their denial in August 2016.

The 2016 technical analysis of PRM-50-93 fails to discuss or even mention the results of the computer simulation of FLECHT Run 9573 that Mr. Mohseni disclosed in November 2015. Certain staff members appear intent on denying PRM-50-93 to the extent that they’re willing to make false statements and omit evidence lending support to the petition’s allegations. They appear determined to bury the fact their own computer simulation underpredicts, by a large margin, temperatures Westinghouse reported for the section of the Run 9573 test bundle that ignited.

The staff members who conducted the 2016 technical analysis of PRM-50-93 did not comply with the commissioners who directed them, in January 2013, to “consider and respond” to my criticisms of their simulation of Run 9573. The 2016 technical analysis has a section titled “Issues Raised at the Public Commission Meeting in January 2013;” however, that section fails to discuss the simulation results Mr. Mohseni disclosed in November 2015.

In April 2014, I submitted over 50 pages of comments alleging the staff’s preliminary evaluations of PRM-50-93 have numerous errors as well as misrepresentations of material I discussed to support my arguments. In my opinion, the 2016 technical analysis has the same shortcomings. I suspect that portions of the technical analysis have been conducted in bad faith. Perhaps certain staff members fear enacting the regulations I requested would force utilities to lower the power levels of reactors.

As a member of the public, who spent months writing PRM-50-93, I personally resent the way certain staff members disrespect science and efforts of the public to participate in the NRC’s rulemaking process. (The NRC gives lip service to encouraging public participation. Its website boasts that the agency is “committed to providing opportunities for the public to participate meaningfully in the NRC’s decision-making process.”) Even worse, much worse, their cynical actions undermine public safety.

In a written decision, D.C. Circuit appeals court judges said it was “nothing less than egregious” when a federal agency took longer than six years to review a rulemaking petition. The NRC has been reviewing PRM-50-93 for longer than eight years—procrastinating as well as cherry-picking.

UCS perspective

[What follows was written by Dave Lochbaum, Director of the Nuclear Safety Project at the Union of Concerned Scientists]

I (Dave Lochbaum) invited Mark Leyse to prepare this commentary. I more than monitored Mark’s efforts—I had several phone conversations with him about his research and its implications. I also reviewed and commented on several of his draft petitions and submissions.

Mark unselfishly devoted untold hours researching this safety issue and painstakingly crafting his petition. He did not express vague safety concerns in his petition. On the contrary, his concerns were described in excruciating detail with dozens of citations to source documents. (Reflective of that focused effort, Mark’s draft of this commentary contained 33 footnotes citing sources and page numbers, supporting his 2,300-plus words of text. I converted the footnotes to embedded links, losing chapter and verse in the process. Anyone wanting the specific page numbers can email me for them.)

Toward the end of his commentary, Mark expresses his personal resentment over the way the NRC handled his concerns. It is not my petition, but I also resent how the NRC handled, or mis-handled, Mark’s sincere safety concerns. He made very specific points that are solidly documented. The NRC refuted his concerns with vague, ill-supported claims. If Mark’s safety concerns are unfounded, the NRC must find a way to conclusively prove it. “Nuh-uh” is an unacceptable way to dismiss a nuclear safety concern.

In addition to handling Mark’s safety concerns shoddily from a technical standpoint, the NRC mistreated his concerns process-wise. Among other things, Mark asked the NRC staff to explain why it had not conducted a complete computer simulation of Westinghouse’s experiment, FLECHT Run 9573. The NRC refused to answer his questions, contending that its process did not allow it to release interim information to him. I protested to the NRC on Mark’s behalf, pointing out case after case where the NRC had routinely provided interim information about rulemaking petitions to plant owners. I asked why the NRC’s process treated members of the public one way and plant owners a completely different way. Their subterfuge exposed, the NRC “suddenly” found itself able to provide Mark with interim information, or at least selective portions of that information.

The NRC completed its technical analysis of Mark’s petition in March 2016 but withheld that information from him and the public for two years. The NRC would not withhold similar information from plant owners for two years. The NRC must play fair and stop being so cozy with the industry it sometimes regulates.

If how the NRC handled Mark’s petition is the agency at its best, we need a new agency. These antics are simply unacceptable.

What Does North Korea Want—and What is the US Prepared to Give?

North Korea is not likely to negotiate in earnest unless it is convinced the United States is committed to the process. It is important that the administration put together a package of what it is willing to put on the table in response to Pyongyang’s steps.

Kim has talked about the dual goals of security and improving the economy. A key goal of early talks should be for the United States to understand what North Korea wants and what it is willing to do to get those things.

(Source: KCNA)

Kim’s first interest is likely setting up conditions that assure the survival of his regime without needing nuclear weapons. Recent press reports indicated what steps North Korea sees as important to increase its security, including:

  • stopping the inclusion of “nuclear and strategic assets” during US joint military exercises with South Korea,
  • guaranteeing that the United States will not attack North Korea with either conventional or nuclear weapons,
  • converting the armistice agreement from the Korean War into a peace treaty, and
  • normalizing diplomatic relations with the United States.

As part of normalizing relations, the United States should discuss opening a liaison office in Pyongyang, and to have North Korea do so in the United States. This step was discussed in the 1990s and was expected to occur by the end of 1998, but never happened.

As noted in Part 1, North Korea stated in 2016 that denuclearization “includes the dismantlement of nukes in South Korea and its vicinity.” The United States will need to understand what it means by “its vicinity,” and whether Pyongyang sees that as including the US air base on Guam, where nuclear-capable bombers are based, or Okinawa, where nuclear storage sites may be built as part of a new US military base there.

Non-military issues

In addition to security measures, North Korea is also looking for economic and development assistance. As in past negotiations this assistance would not all come from the United States.

One step would clearly be relaxing sanctions. A second would be to remove North Korea from the list of state sponsors of terrorism. President Bush had removed it from the list in 2008, but President Trump relisted it last November. This creates a barrier, for example, to economic assistance and getting loans from the World Bank and other international institutions.

In the past there were discussions of helping North Korea grow more of its own food through assistance with fertilizer, measures to repair and improve irrigation systems, etc. Such assistance would still be important.

In past negotiations there has also been a focus on energy assistance. Frequently that took the form of shipments of heavy fuel oil, which was chosen because it could be used to produce energy but was not highly refined enough to be useful to fuel military vehicles, etc. However, its interest is certainly broader than that. In the 1990s, North Korea was interested in assistance in developing energy technologies, including sending scientists to the National Renewable Energy Laboratory. The North could also benefit from assistance in modernizing its power grid.

In the past, North Korea has also declared the right to develop nuclear energy for peaceful uses, and is currently building a reactor that it says is intended for producing power and would not be used for military purposes. In principle, this could be done once it has rejoined the NPT and allowed the IAEA to safeguard its nuclear facilities, but given North Korea’s past action in expelling inspectors and pulling out of the NPT this is certain to be controversial.

North Korea has also been interested in assistance to improve its mining sector. Such a step could be very important since minerals are one of the main resources North Korea has to earn foreign exchange. A recent article notes that

North Korea has sizeable deposits of more than 200 different minerals, including coal, iron ore, magnesite, gold ore, zinc ore, copper ore, limestone, molybdenite, graphite and tungsten. All have the potential for the development of large-scale mines.

The United States could help establish a fund to assist North Korea in developing its mining technology and infrastructure, and could encourage private capital to help develop the mining sector. In 1993, Israel was negotiating with North Korea to stop missile sales to the Middle East, and assistance for its mining industry was an important part of the deal. Ultimately, Israel backed away from this agreement under US pressure since the United States was negotiating with North Korea over its nuclear program at the time.

Former Senators Nunn and Lugar have also proposed developing a program that would help employ and retrain scientists and engineers from North Korea’s military sector, and to provide technical and financial assistance for destroying and disposing of nuclear, chemical, and biological weapons and their delivery systems. This is similar to what was done under the successful Cooperative Threat Reduction program Nunn and Lugar developed after the breakup of the Soviet Union.

Finally, North Korea has stated that it wants to be able to use space in the ways other countries do—for communications, earth monitoring, resource exploration, weather forecasts, etc.—and has developed an incipient satellite launch capability. An indigenous satellite launch program could be acceptable sometime in the future when the international community has developed more trust in the North Korean regime, but not in the near term.

There are several approaches to negotiating an end to this program. One approach is for the international community to provide North Korea access to various kinds of satellite services and help with developing the expertise needed to use it, eliminating the need for it to own and operate its own satellites.

A second approach would be to set up a consortium that could help North Korea develop technical satellite expertise and design and build a satellite. The international community would then fund or heavily subsidize foreign launch services to compensate for North Korea’s lack of domestic launch capability. And in either case it could be useful to integrate North Korea into various international and regional space and satellite forums.

(Part 1 of this post)

What Does the US Want from North Korea?

President Trump is planning to meet with North Korean leader Kim Jong-Un in May or June. In preparing for the summit, the administration must be clear about what it wants from the process—both near-term and long-term. And it needs to figure out what it is willing to put on the table to get those things.

(Source: KCNA)

Beginning talks

The current situation seems to offer about as good a stage as one can imagine for talks that could lead to meaningful changes in North Korea’s nuclear and missile programs.

In particular, North Korea has said it is willing to talk about denuclearization, which is a long-standing US pre-condition for talking. Press reports in early April reported that Pyongyang had repeated its willingness to discuss denuclearization and indicated the key things it wanted in return, which are steps to increase the security of the regime that appear similar to steps the United States agreed to under the Bush administration. And it has said it would not require US forces to leave South Korea as part of such a deal.

Moreover, North Korea has said it is ending nuclear and missile tests. It has not conducted a missile test in more than four months—which is especially noteworthy after testing at a rate of nearly twice a month in 2017. A lack of testing is meaningful since it places significant limits on North Korea’s development of nuclear weapons and long-range missiles, and it can be readily verified by US satellites and seismic sensors in the region.

There is a debate about whether “denuclearization” is a realistic long-term goal of negotiations, what that term means to North Korea, and what it would take to get North Korea to give up its weapons. It seems significant, however, that in July 2016 Pyongyang stated that denuclearization means “denuclearization of the whole Korean peninsula and this includes the dismantlement of nukes in South Korea and its vicinity” but did not say it would only give up its weapons when the United States and other countries disarm, which is the position it had taken previously.

Whether or not full denuclearization of the peninsula is possible, there is a lot to be done in the near-term that would greatly benefit US and regional security and set the conditions for denuclearization.

And the administration should remember that the alternatives to diplomacy are not good: The best is a stalemate in which the United States uses the threat of retaliation to deter a North Korean strike, just as it does with Russia and China. A military strike and response by North Korea would be a disaster for the region.

Confrontation vs. Diplomacy

The first thing the administration must decide is whether it will pursue confrontation or diplomacy in this meeting.

There is a strong feeling among some in Washington that the North Korean regime is evil and that any effort to negotiate simply helps the regime—and that the United States should not be doing that. Instead these people believe the only solution is regime change in Pyongyang. They see a face-to-face meeting at best as an opportunity to confront North Korea rather than seriously negotiate.

This issue will certainly become a prominent point debated in Washington if negotiations go forward. If President Trump wants an agreement he will have to ignore these arguments, which torpedoed negotiations under the Bush administration.

Even among those in the administration who want to engage North Korea, the prevailing idea seems to be that the United States should demand that North Korea give the United States what it wants up front before Washington will reciprocate.

For example, in his recent confirmation hearing for secretary of state, Mike Pompeo said the administration would not give North Korea “rewards” until it had denuclearized “permanently, irreversibly.” Similarly, an unnamed administration official said “the US will not be making substantial concessions, such as lifting sanctions, until North Korea has substantially dismantled its nuclear programs.”

Because of the long-standing lack of trust between the two countries, North Korea has instead called for a “phased, synchronized” implementation of any deal. This is the approach adopted at the Six Party talks in 2005, when the parties agreed to move forward “commitment for commitment, action for action.” Kim presumably wants a step-by-step process that convinces him that he will not become then next Gadhafi.

These US statements may still allow Washington to offer things early on other than sanctions relief, such as taking steps to normalize relations and remove North Korea from the list of state sponsors of terrorism. If instead the administration expects North Korea to give the United States what it wants up front—and lose its negotiating leverage before the United States addresses the issues Pyongyang brings to the table—that approach will fail.

One concern is that the United States may overestimate the leverage it has, overplay its hand at the table, and lead to a failed summit. If other countries see an intransigent US approach as preventing progress on engaging North Korea and reducing the risk it poses, that could begin to create cracks in the sanctions regime, which would reduce US leverage for substantial changes.

It’s worth remembering that in the early 2000s the George W Bush administration’s confrontation policy derailed negotiations that appeared close to ending Pyongyang’s plutonium production and missile development at a time North Korea had no nuclear weapons or long-range missiles. Following that, North Korea continued these programs and today it has both.

What is North Korea up to?

Why the new tone from Pyongyang and the limits it has announced on its nuclear and missile programs?

Some suggest this is just a ploy by North Korea to buy time to produce more fissile material and missile parts, and to try to create splits between the countries currently supporting sanctions against it with the hope of getting sanctions relief without really limiting its military capabilities in a serious way.

On the other hand, it may be that Kim understands his military buildup is unsustainable and that to stay in power he needs to turn to improving the economy, as he promised when he took power. Nicholas Kristof wrote recently that “Kim has made rising living standards a hallmark of his leadership, and sanctions have threatened that pillar of his legitimacy.” Now that he appears to feel secure with his position within the ruling elite he may need to think about the middle class that appears to be emerging in North Korea.

He may have decided, as his father appeared to in the late 1990s, that opening to the world is his only chance for real economic growth. Not only are his nuclear and missile programs barriers to that opening, they are also two of the few things of significant value he has to take to the negotiating table.

That doesn’t mean he has decided to get rid of them any time soon. But if this is his thinking, then significantly limiting—and possibly eventually eliminating—these programs makes sense if he can get security assurances that convince him he doesn’t need these weapons.

To understand what it is dealing with, the United States will have to take steps that test to what extent the North is willing to accept meaningful limitations—such as accepting international inspectors to confirm that plutonium production and uranium enrichment facilities are shut down and beginning to be dismantled. This has happened before with North Korea’s nuclear facilities at Yongbyon, so there is a precedent. These steps are important both for understanding Pyongyang’s intent and for halting its nuclear program on the way to denuclearization.

Near-term goals

The best outcome for a meeting between the two leaders is that it will set broad goals for an agreement that addresses both countries’ security concerns and establishes a path to denuclearization. But as we’ve seen in the past, working out the details—especially on issues like inspections and verification—will be tricky and take time. So one goal of the first meeting should be to agree to a schedule of ongoing talks to give both countries an expectation of a continuing process, and a list of what issues will be on the table at future meetings.

Here are three things that should be near-term goals of the negotiations:

  1. Locking in a permanent ban on nuclear and missile tests, and satellite launches.

(Source: KCNA)

North Korea has announced that it is ending nuclear and missile tests and shutting down its nuclear test site. The United States should clarify the details and get it written down as a formal commitment.

While North Korea put this on the table even before negotiations began, people should not overlook its potential importance.

North Korea has now done a single test of a missile that in principle can reach all of US territory, several underground tests of an atomic bomb, and a single underground test of what was likely a hydrogen bomb. Given those tests, North Korea can say it has—in principle at least—the ability to hit the United States with a nuclear missile and therefore has a deterrent to a US military attack.

Indeed, in his New Years’ message this year, Kim said, “we achieved the goal of completing our state nuclear force in 2017,” adding that “the entire area of the US mainland is within our nuclear strike range, and the US can never start a war against me and our country.”

But North Korea does not yet have a fully tested capability to attack the United States with a long-range missile, and this matters. With only a single test of its Hwasong-15 missile on a lofted trajectory and no known successful test of a reentry vehicle on a long-range missile, additional tests are necessary to gain that practical capability. Similarly, after only a single test of a hydrogen bomb, it is very unlikely North Korea has a design that is small and light enough to launch on a missile, and it has little information about the reliability of the design.

This means that stopping additional nuclear and missile tests is important and meaningful. And since the United States can verify that no tests are occurring, it will know if North Korea is abiding by the agreement.

There are reasons why Kim may be happy to stop testing long-range missiles at this point. For one thing, while his single test of the Hwasong-15 missile was successful, there is no guarantee that a second test would be. A failure would undercut Kim’s claim of having a missile capability against the United States.

Moreover, gaining confidence in the missile performance would require a series of successful flight tests. The rapid increase in the range of the tested missiles during 2017 may have been possible because key components were acquired from Russia. If so, the North may be limited in how many missiles it can actually build—either to test or put in an arsenal.

While I have argued that developing a working reentry vehicle is not likely to be a technical barrier for North Korea, it has not yet demonstrated that it has one in hand for a long-range missile. Stopping further missile tests would keep it that way.

The two countries should clarify what missiles the flight ban applies to. The United States should press for it to include all missiles—ballistic and cruise—that would have a range over 300 km with a 500 kg payload, which is the MTCR limit. It would therefore apply to missiles that could reach Japan. South Korea has developed ballistic missiles with ranges up to 800 km and cruise missiles with ranges up to 1,500 km, and this flight ban would apply to the South as well. That would require South Korea’s agreement to this limit.

The United States should make clear that the ban also applies to satellite launchers. Because the technologies for satellite launchers can be used to develop long-range missiles, stopping this development is an important part of ending its missile program. Getting the North to agree to give up that program, given the civil benefits of a satellite program, is likely to require the US to arrange for the international community to provide access to space launch or satellite services in place of a domestic space launch program.

A longer term step would be eliminating all missiles on the peninsula that fall under the flight ban. Verifying elimination would be more difficult than verifying a flight ban, but was discussed in the negotiations with North Korea under both Clinton and Bush, and verification was put in place as part of the Intermediate Nuclear Forces (INF) Treaty, which eliminated all US and Russia ground-based missiles with ranges between 500 and 5,500 km.

Following that, the next step could be to eliminate all missiles, as well as the artillery North Korea has aimed at Seoul, as part of a broader agreement limiting conventional forces.

  1. A freeze on the production of separated plutonium and highly enriched uranium, leading to a ban

Yongbyon reactor (Source: US Senate)

A second near-term goal of negotiations should be an agreement to shut down North Korea’s nuclear reactors, which are the source of its plutonium, and have inspectors on the ground to ensure it does not extract plutonium from fuel rods that have been removed from the reactors. North Korea agreed to both steps in the 1994 Agreed Framework and verifiably did so until the Framework collapsed in 2002.

The agreement should also put international inspectors at North Korea’s known enrichment facility to verify that it is not being operated, and allow challenge inspections of other sites that it might suspect are being used for enrichment.

Getting these agreements would not be unprecedented. During the 2005 negotiations, Pyongyang agreed to “abandoning all nuclear weapons and existing nuclear programs and returning, at an early date, to the Treaty on the Nonproliferation of Nuclear Weapons and to IAEA safeguards.” Those negotiations eventually stalled over disagreements on verification measures and inspections, which were unresolved when the Bush administration left office.

The agreement should also require Pyongyang to preserve information that in the future would allow the IAEA to construct a history of its past nuclear activities. This would allow the IAEA to determine how much fissile material North Korea had produced—and whether it was all accounted for.

As part of the Six Party talks under George W. Bush in 2008, North Korea shut down its reactor at Yongbyon and provided 18,000 documents about its plutonium production, so there is a precedent for this as well.

  1. A ban on the sale or transfer of missile or nuclear technology, or technical assistance

As part of a deal, North Korea should agree to a ban on the sale or transfer of missile or nuclear technology to other countries or groups, and a ban on providing technical assistance on these systems. Such a ban would require agreement on transparency measures to help provide confidence that such activities were not taking place. In a recent speech, Kim stated:

… the DPRK will never use nuclear weapons nor transfer nuclear weapons or nuclear technology under any circumstances unless there are nuclear threats and nuclear provocations against the DPRK.

So this could be a starting point for a discussion of these issues.

In the longer term, in addition to talking about denuclearization, the United States should focus on getting rid of North Korea’s chemical and biological weapons programs, and put restrictions on its conventional weapons. The latter would have to include restrictions on South Korean conventional weapons as well.

(The second part of this post will discuss what North Korea is likely to want from the talks.)

The “Race” to Resolve the Boiling Water Reactor Safety Limit Problem

General Electric (GE) informed the Nuclear Regulatory Commission (NRC) in March 2005 that its computer analyses of a depressurization event for boiling water reactors (BWRs) non-conservatively assumed the transient would be terminated by the automatic trips of the main turbine and reactor on high water level in the reactor vessel. GE’s updated computer studies revealed that one of four BWR safety limits could be violated before another automatic response terminated the event.

Over the ensuring decade-plus, owners of 28 of the 34 BWRs operating in the US applied for and received the NRC’s permission to fix the problem. But it’s not clear why the NRC allowed this known safety problem, which could allow nuclear fuel to become damaged, to linger for so long or why the other six BWRs have yet to resolve the problem. UCS has asked the NRC’s Inspector General to look into why and how the NRC tolerated this safety problem affecting so many reactors for so long.

BWR Transient Analyses

The depressurization transient in question is the “pressure regulator fails open” (PRFO) event. For BWRs, the pressure regulator positions the bypass valves (BPV in Figure 1) and control valves (CV) for the main turbine as necessary to maintain a constant pressure at the turbine inlet.

When the reactor is shut down or operating at low power, the control valves are fully closed and the bypass valves are partially opened as necessary to maintain the specified pressure. When the turbine/generator is placed online, the bypass valves are closed and the control valves are partially opened to maintain the specified inlet pressure. As the operators increase the power level of the reactor and send more steam towards the turbine, the pressure regulator senses this change and opens the control valves wider to accept the higher steam flow and maintain the constant inlet pressure.

Fig. 1 (Source: Nuclear Regulatory Commission, annotated by UCS)

If the sensor monitoring turbine inlet pressure provides a false high value to the pressure regulator or an electronic circuit card within the regulator fails, the pressure regulator can send signals that fully open the bypass valves and the control valves. This is called a “pressure regulator fails open” (PRFO) event. The pressure inside the reactor vessel rapidly decreases as the opened bypass and control valves accept more steam flow. Similar to how the fluid inside a shaken bottle of soda rises to and out the top when the cap is removed (but for different physical reasons), the water level inside the BWR vessel rises as the pressure decreases.

The water level is normally about 10 feet above the top of the reactor core. When the water level rises about 2 feet above normal, sensors will automatically trip the main turbine. When the reactor power level is above about 30 percent of full power, the turbine trip will trigger the automatic shut down of the reactor. The control rods will fully insert into the reactor core within a handful of seconds to stop the nuclear chain reaction and terminate the PRFO event.

The Race to Automatic Reactor Shut Down

The reactor depressurization during a PRFO event above 30 percent power actually starts two races to automatically shut down the reactor. One race ends when high vessel level trips the turbine which in turn trips the reactor. The second race is when low pressure in the reactor vessel triggers the automatic closure of the main steam isolation valves (MSIV in Figure 1). As soon as sensors detect the MSIVs closing, the reactor is automatically shut down.

BWRs do not actually stage PRFO events to see what parameter wins the reactor shut down race. Instead, computer analyses are performed of postulated PRFO events. The computer codes initially used by GE had the turbine trip on high water level winning the race. GE’s latest code shows MSIV closure on low reactor vessel pressure winning the race.

The New Race Winner and the Old Race Loser

The computer analyses are performed for reasons other than picking the winner of the reactor shut down race. The analyses are performed to verify that regulatory requirements will be met. When the winner of the PRFO event reactor shut down race was correctly determined, the computer analyses showed that one of four BWR safety limits could be violated.

Figure 2 shows the four safety limits for typical BWRs. The safety limits are contained within the technical specifications issued by the NRC as appendices to reactor operating licenses. GE’s latest computer analyses of the PRFO event revealed that the reactor pressure could decrease below 785 pounds per square inch gauge (psig) before the reactor power level dropped below 25 percent—thus violating Safety Limit The earlier computer analyses non-conservatively assumed that reactor shut down would be triggered by high water level, reducing reactor power level below 25 percent before the reactor pressure decreased below 785 psig.

Fig. 2 (Source: Nuclear Regulatory Commission)

Safety Limit supports Safety Limit Safety Limit requires the Minimum Critical Power Ratio (MCPR) limit to be met whenever reactor pressure is above 785 psig and the flow rate trough the reactor core is above 10 percent of rated flow. The MCPR limit protects the fuel from being damaged by insufficient cooling during transients, including PRFO events. The MCPR limit keeps the power output from individual fuel bundles from exceeding the amount that can be carried away during transients.

As in picking reactor shut down race winners, BWRs do not slowly increase fuel bundle powers until damage begins, then back it down a smidgen or two. Computer analyses of transients also model fuel performance. The results from the computer analyses establish MCPR limits that guard against fuel damage during transients.

The computer analyses examine transients from a wide, but not infinite, range of operating conditions. Safety Limit defines the boundaries for some of the transient analyses. Because Safety Limit does not permit the reactor power level to exceed 25 percent when the reactor vessel pressure is less than 785 psig, the computer analyses performed to establish the MCPR limit in Safety Limit do not include an analysis of a PRFO event for high power/low pressure conditions.

Thus, the problem reported by GE in March 2005 was not that a PRFO event could violate Safety Limit and result in damaged fuel. Rather, the problem was that if Safety Limit was violated, the MCPR limit established in Safety Limit to protect against fuel damage could no longer be relied upon. Fuel damage may, or may not occur, as a result of a PRFO event. Maybe, maybe not is not prudent risk management.

The Race to Resolve the BWR Safety Limit Problem

The technical specifications allow up to two hours to remedy a MCPR limit violation; otherwise the reactor power level must be reduced to less than 25 percent within the next four hours. This short time frame implies that the race to resolve the BWR Safety Limit problem would be a dash rather than a marathon.

Fig. 3 (Source: Nuclear Regulatory Commission)

The nuclear industry submitted a request to the NRC on July 18, 2006, asking that the agency merely revise the bases for the BWR technical specifications to allow safety limits to be momentarily violated. The NRC denied this request on August 27, 2007, on grounds that it was essentially illegal and unsafe:

Standard Technical Specifications, Section 5.5.14(b)(1), “Technical Specifications (TS) Bases Control Program,” states that licensees may make changes to Bases without prior NRC approval, provided the changes do not involve a change in the TS incorporated in the license. The proposed change to the TS Bases has the effect of relaxing, and hence, changing, the TS Safety Limit. An exception to a stated TS safety limit must be made in the TS and not in the TS Bases. In addition,  a potential exists that the requested change in the TS Bases could have an adverse effect on maintaining the reactor core safety limits specified in the Technical Specifications, and thus, may result in violation of the stated requirements. Therefore, from a regulatory standpoint, the proposed change to the TS Bases is not acceptable. [emphasis added]


… the staff is concerned that in some depressurization events which occur at or near full power, there may be enough bundle stored energy to cause some fuel damage. If a reactor scram does not occur automatically, the operator may have insufficient time to recognize the condition and to take the appropriate actions to bring the reactor to a safe configuration. [emphasis added]

In April 2012, the nuclear industry abandoned efforts to convince the NRC to hand wave away the BWR safety limit problem and recommended that owners submit license amendment requests to the NRC to really and truly resolve the problem.

Forget the Tortoise and the Hare—the Snail “Wins” the Race

On December 31, 2012, nearly ten years after GE reported the problem, the owner of two BWRs submitted a license amendment request to the NRC seeking to resolve the problem. The NRC issued the amendment on December 8, 2014. Table 1 shows the “race” to fix this problem at the 34 BWRs operating in the US.

Table 1: License Amendments to Resolve BWR Safety Limit Problem Reactor License Amendment Request License Amendment Original Reactor  Pressure Revised Reactor  Pressure Susquehanna Units 1 and 2 12/31/2012 12/08/2014 785 psig 557 psig Monticello 03/11/2013 11/25/2014 785 psig 686 psig Pilgrim 04/05/2013 03/12/2015 785 psig 685 psig River Bend 05/28/2013 12/11/2014 785 psig 685 psig FitzPatrick 10/08/2013 02/09/2015 785 psig 685 psig Hatch Units 1 and 2 03/24/2014 10/20/2014 785 psig 685 psig Browns Ferry Units 1, 2, and 3 12/11/2014 12/16/2015 785 psig 585 psig Duane Arnold 08/06/2015 08/18/2016 785 psig 686 psig Clinton 08/18/2015 05/11/2016 785 psig 700 psia Dresden Units 2 and 3 08/18/2015 05/11/2016 785 psig 685 psig Quad Cities Units 1 and 2 08/18/2015 05/11/2016 785 psig 685 psig LaSalle Units 1 and 2 11/19/2015 08/23/2016 785 psig 700 psia Peach Bottom Units 2 and 3 12/15/2015 04/27/2016 785 psig 700 psia Limerick Units 1 and 2 01/15/2016 11/21/2016 785 psig 700 psia Columbia Generating Station 07/12/2016 06/27/2017 785 psig 686 psig Nine Mile Point Unit 1 08/01/2016 11/29/2016 785 psig 700 psia Oyster Creek 08/01/2016 11/29/2016 785 psig 700 psia Perry 11/01/2016 06/19/2017 785 psig 686 psig Nine Mile Point Unit 2 12/13/2016 10/31/2017 785 psig 700 psia Brunswick Units 1 and 2 None found None found 785 psig Not revised Cooper None found None found 785 psig Not revised Fermi Unit 2 None found None found 785 psig Not revised Grand Gulf None found None found 785 psig Not revised Hope Creek None found None found 785 psig Not revised


UCS Perspective

BWR Safety Limits and provide reasonable assurance that nuclear fuel will not be damaged during design bases transients. In March 2005, GE notified the NRC that a computer analysis glitch undermined that assurance.

The technical specifications issued by the NRC allow BWRs to operate above 25 percent power for up to six hours when the MCPR limit is violated. GE’s report did not reveal the MCPR limit to be violated at any BWR; but it stated that the computer methods used to establish the MCPR limits were flawed.

There are only four BWR safety limits. After learning that one of the few BWR safety limits could be violated and determining that fuel could be damaged as a result, the NRC monitored the glacial pace of the resolution of this safety problem. And six of the nation’s BWRs have not yet taken the cure. Two of those BWRs (Brunswick Units 1 and 2) do not have GE fuel and thus may not be susceptible to this problem. But Cooper, Fermi Unit 2, and Hope Creek have GE fuel. It is not clear why their owners have not yet implemented the solution.

The NRC is currently examining how to implement transformational changes to become able to fast track safety innovations. I hope those efforts enable the NRC to resolve safety problems in less than a decade; way, way less than a decade. Races to resolve reactor safety problems must become sprints and no longer leisurely paced strolls. Americans deserve better.

UCS asked the NRC’s Inspector General to look into how the NRC mis-handled the resolution of the BWR safety limit problem. The agency can, and must, do better and the Inspector General can help the agency improve.