-International Experts Meeting on Protection against Extreme Earthquakes and Tsunamis in the Light of the Accident at the Fukushima

Daiichi Nuclear Power Plant (IEM3)IAEA Headquarters, Vienna, 4-7 September 2012

Technology Governance for Nuclear Safety under Earthquake-Tsunami Environments

-Engineering Mission to Overcome the 3.11 Fukushima Disaster-

Hiroyuki Kameda
Professor Emeritus, Kyoto University Technical Counsellor, JNES
1

Contents
1. General Remarks 2. Technology Governance A Key Technology Management Framework for Nuclear Safety 3. Critical Lessons from the 3.11 Fukushima Accident and Relevance to Technology Governance 4. Action Criteria for Technology Governance 5. Input from Investigation Committees with implications to Technology Governance 6. Conclusions
2

1. General Remarks
(1) Background +The nuclear safety is being seriously questioned by the people of Japan since the Fukushima I accident. +The question has enough reasons to be asked in the presence of the accident that should have never happened. +Thorough and comprehensive reviews must be conducted on i) socio-economic and political issues relevant to energy policy and ii) technological bases of this complex system. +The final judgment is to be made by the people of Japan. +Sufficient information must be disclosed enough to make such judgments.

(2) Implications to international agenda +The presentation basically reflects Japanese situations; it is very Japanese. +We believe that the issues discussed herein are universal as well. +We recognize that some countries do exercise excellent framework of technology governance. +For other countries, especially new-comers in the nuclear business, it is strongly hoped that lessons learned from the Fukushima accident and described herein be carefully incorporated in their nuclear development processes.
4

* Acknowledgments to: Tsuyoshi Takada (Univ. of Tokyo) and Katsumi Ebisawa (JNES)
* Reference:
H. Kameda, T. Takada, K. Ebisawa, and S. Nakamura, Prevent Nuclear Disaster (3) Agenda on Nuclear Safety from Earthquake Engineering, Journal of Atomic Energy Society of Japan (AESJ), Vol.54, No.9, Sep. 2012, pp.29-35, (in Japanese).

* Note: + PSA or PRA ? => PRA is employed herein.

2. Technology Governance A Key Technology Management Framework for Nuclear Safety

+It is critically important to use appropriate technology for nuclear safety. +More importantly, appropriate decision mechanism should be established to implement appropriate technology. +Comprehensive observations of Fukushima I (SA occurred) and Onagawa, Fukushima II, Tokai II (stabilized before SA) demonstrate its importance. +The issue is beyond individual technological elements. It questions how to put safety technology firmly in regulation and operators cooperate management. +It is the issue of Technology Governance, todays main subject.

*Definition of Technology Governance (proposed) +Technology Governance = Totality of actors, rules, conventions, processes, and mechanisms concerned with how relevant technological information is collected, analysed and communicated and management decisions are taken +Analogy to Risk Governance
Ortwin Renn, Risk Governance towards an Integrative Approach, IRGC White Paper No.1, International Risk Governance Council, September 2005.

+Should be applicable throughout NPP life cycles: Siting, Design, Construction, Operation, Decommission
7

3. Critical Lessons from the 3.11 Fukushima Accident and Relevance to Technology Governance
(1) Lessons raised three months after the event: i) Report of Japanese Government to the IAEA Ministerial Conference on Nuclear Safety (June 2011), The Accident at TEPCOs Fukushima Nuclear Power Stations, Nuclear Emergency Response Headquarters ii) IAEA International Fact Finding Expert Mission of the Fukushima Dai-ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, 24 May 2 June 2011, Report to the Member States
8

i) Report of Japanese Government to the IAEA Ministerial Conference (June 2011)

+ Lessons in category 1: Strengthen preventive measures against severe accidents (1) Strengthen measures against earthquakes and tsunamis, (2) Secure power supply, (3) Secure
robust cooling functions of reactor and PCV, (4) Secure robust cooling functions of spent fuel pools, (5) Thorough accident management (AM) measures, (6) Response to issues concerning the siting with more than one reactor, (7) Consideration on placements of NPS in basic design, (8) Ensuring the water tightness of essential equipment = Technical agenda

+ Lessons in category 2: Enhancement of response measures against severe accidents (9) prevention measures of hydrogen explosion, (10) containment venting system, (11) accident
response environment, (12) radiation exposure management system at accident, (13) training responding to severe accident, (14) instrumentation to identify the status of reactors and PCVs, (15) Central control of emergency supplies and equipment and setting up rescue team = Technical agenda

+ Lessons in category 3: Enhancement of nuclear emergency response

(16) combined large-scale natural disaster and prolonged nuclear accident, (17) environment monitoring, (18) clear division of roles between central and local organizations, (19) communication relevant to the accident, (20) assistance by other countries and communication to the international community, (21) identification and forecast on the effect of released radioactive materials, (22) definition of widespread evacuation area and radiological protection guideline = Technical agenda + Societal agenda + Technology governance bodies, (24) legal structure, criteria and guidelines, (25) human resources, (26) independence and diversity of safety system, (27) effective use of PSA in risk management = Technology governance

+ Lessons in category 4: Reinforcement of safety infrastructure (23) safety regulatory + Lessons in category 5: Raise awareness of safety culture
safety culture = Technology governance
9

(28) Raise awareness of

ii) IAEA International Fact Finding Expert Mission of the Fukushima Dai-ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, 24 May ~ 2 June 2011
Main feature: Report to the IAEA Member States + Lessons 1 ~ 15 are mainly technical agenda:
(1) Hazard, (2) Alternative power sources and (3) their handling, (4) Emergency response centers and (5) their functionality, (6) Severe accident management guidelines, (7) Multi-unit issues, (8) Hydrogen explosion, (9) Diversity in defense-in-depth, (10) Information management systems, (11) Off-site emergency preparedness, (12) Sheltering, (13) Utilization of data and information generated from Fukushima accident, (14) Radiation protection for workers, (15) Exercises and drills for on-site workers

+ Lesson 16 is a key for technology governance:

(16) Regulatory independence and clarity or roles in nuclear regulatory systems
10

(2) Critical Lessons raised by an Earthquake Engineer: A Basis for Technology Governance
(Kameda (Oct. 2011- JAEE Jour. / Mar. 2012-Int. Symposium on GEJE ) )

* Fundamental issues in order never to have a recurrence of the Fukushima accident * Individual engineering agenda converge to a set of critical lessons consisting of: 1) Risk-informed decision 2) Scientific imagination 3) Speed in action * An engineering principle underlying technology governance * An umbrella to individual technical components
11

+ Critical Lessons
1) Risk-informed decision should be the basis of nuclear safety measures: Lack of beyond-design tsunami protection was a major cause of the accident at Fukushima-I. This requires risk-informed decision. 2) Scientific imagination should be a key for establishing risk models: Historical high have been too widely used in hazard assessment. Extreme events with very long return periods should be incorporated in risk modeling if no historical data but sound scientific bases. There are evidences. 3) Speed in action is critical: The nature does not wait for us. / i) The case of Tokai II NPP should be positively highlighted where construction of new side walls with increased height (7m) to enclose sea water pump areas, nearly completion at the time of the Great Tsunami, protected the ultimate heat sink function. / ii) Delay of implementing risk-informed decision should be critically reviewed.

12

4. Action Criteria for Technology Governance

(Kameda, Takada, Ebisawa and Nkamura (2012.9- AESJ Journal (in Japanese))

(1) Science-based hazard model~ Field-based judgment and scientific imagination leading to appropriate risk models (2) Risk-informed technology options~ Beyond-design hazard regions / alternatives based on cost~benefit (safety, BCM, etc.) trade-off under risk constraint (3) Technology assessment incorporating total process and total system of nuclear safety (4) Safety decision standing on technological ethics~ accountability and transparency (5) Risk communication in the decision process~ purpose = trust building (6) Multi-disciplinary collaboration~ Fill perception gaps / Overcome academic gaps 13

+ Action Criteria (1): Science-based hazard model Field-based judgment and scientific imagination leading to appropriate risk models

Scientific imagination

Superposition of "large tsunami" and "high tsunami" in the Tohoku-Pacific Earthquake (PARI)
14

Tsunami height at NPPs (red: observed in Tohoku-Pacific Earthquake;

green: site elevation; violet: assessment in construction permit; blue: re-assessments) Onagawa
Tsunami Height: around O.P. +13m Site elevation : O.P. +14.8m (subsidense about 1m ) Design tsunami & reassessment Construction permit O.P.9.1 / 1611 Keichou Sanriku : M8.6 Tsunami Height 1415m 1415m 1314m 1314m Site elevation 10m 10m 1213m 1213m O.P. 3.1 m Chile 1960 O.P.5.7 mShioyazaki EQ M7.91938 2002 JSCE method O.P.13.6 / 1896 Meiji Sanrku : M8.3

Fukushima I
Unit #1 - #4 #5,#6 ,#6

Deign tsunami & reassessment

Construction permit 19661972 Based on JSCE guide2002

Average subsidence of Tohoku-Kanto coastal area ~ 0.8m

Fukushima II
Tsunami Heigt Sea side area: O.P. +6.5 7m South side of 1U runnup: O.P. +14 15m Site elevation: O.P. +12m Design tsunami & reassessment Construction permit : 3.7m ( Chile EQ, M 9.0 1960) 2002 evaluation : 5.2m (Shioyazaki EQ, M7.9 1938)

Tokai II
Tsunami Height: about H.P. +6.3m (ASL 5.4m) Site elevation H.P. +8.89m (ASL 8m) - Increased side wall of seawater pump room (under construction): H.P.+5.80m (ASL 4.91m) New side wall and waterseal outside the side wall (wall completed): H.P.7m (ASL 6.11m) Design tsunami & reassessment Establishment Permit No-description JSCE Method (2002 ASL4.9m / Off-Boso: M8.21677 15

+ Tsunami Simulation at NPP Sites (JNES, Oct. 2011) * Calibration to the four NPP sites using a single tsunami source model
*Inversion from tsunami records to generate slips and rupture initiation times at each small segment *Slip propagation and effects of time lags in tsunami generation from small segments were incorporated *Max. slip = 78m, Mw = 9.1 Note: Consistency with geodetic and ground motion (T=10-20-125-250s filter) based models was confirmed. 1896 Meiji Sanriku Tsunami
15 Wave Height(m) 10 5 0 -5 -10 -15 0 15 30 45 60 75 T im e ( m in ) 90 105 120 135 150

Onagawa

Max 12.3m J18 : O nagaw a Max 12.3m

S im u la t io n O bse rve d

15 Wave Height(m) 10 5 0 -5 -10 -15

Fukushima I

Max 6.9m Max 9.6m

S im u la t io n O bse rve d

0
15 Wave Height(m) 10 5 0 -5 -10 -15 0

15

30

45

Fukushima II

60 75 90 T im e ( m in ) J 1 8 : F u k u s h im a 2

105

120

135

150

Max 7.9m

S im u la t io n

78m

15

30

45

60

15

Tokai II
4.4m 4.1m

75 T im e ( m in )

90

105

120

135

150

4.5m 4.7m

Major contributors to Onagawa NPS Major contributors to Fukushima & Tokai NPSs

Wave Height(m)

10 5 0 -5 -10 -15 0 15 30 45 60 75 T im e ( m in ) 90 105 120

S im u la t io n O bse rve d

135

150

Comparison with tide gauge records

(Nonlinear long wave model)
16

(a) distinction of "tsunami earthquake" and inter-plate thrust zones

(b) past events and sources of TohokuTohoku-Pacific Earthquake

Seismicity of Tohoku-Pacific Japan

(added to Earthquake Research Committee, 2002)
17

+ Action Criteria (2): Risk-informed technology options

+Critical lesson 1) Risk-informed decision should be the basis of nuclear safety measures: Lack of beyond-design tsunami protection was a major cause of the accident at Fukushima-I. This requires risk-informed decision. + The Japanese regulatory framework: the NSC Seismic Design Guide revised in 2006 (NSC, 2006) made explicit statements of the risk concept in terms of "residual risk" which stands for seismic risk of the plant in the beyond-design hazard levels. PRA application was promoted (not enforced). / Slow process of substantial implementation
18

Risk-informed decision scheme for nuclear seismic safety

Deterministic format * Benchmark assurance by seismic design
interconnected Note: The scheme is applicable to tsunami safety. Basic safety level (Design point) assured explicitly

* Quantitative safety assessment of the entire plant system

(relative to safety goal/ performance goal)

Accountability to the public

Probabilistic assessment * Seismic margin assessment of SSC

probability density

Seismic margin as realistic failure point of individual SSC's relative to design level

* covered by seismic design * covered by "residual risk" assessment (benchmark (entire plant system) assurance) * covered by seismic margin assessment (SSC)
core damage frequency (residual risk)

Fragility * Residual risk assessment [Seismic PRA]

Assurance of low "Residual risk" as seismic margin of the entire plant system in beyondDBGM ranges

PRA, fragility

Note: SSC = structure, system, component DBGM = design basis ground motion "Failure" here means functional loss as well as structural failure

DBGM

hazard level
Hiroyuki Kameda (Kyoto U., JNES)

Scheme of seismic safety assurance of NPP that should be realized under the 2006 NSC Seismic Design Guide

+Key safety parameters are: 1) Design point to define benchmark assurance, 2) Seismic margin of SSC to clarify their beyonddesign capacity, and 3) Residual risk to define seismic margin of the entire plant system +These parameters are connected consistently through fragility concepts and PRA integration. + On this basis, we can discuss deterministic design and probabilistic assessment in the same arena of physical phenomena. + (Meaningless disputes between determinist and probabilists should be halted.)
20

+ Benefit of using PRA for earthquake/tsunami protection - Integrated system reliability - Identification of critical accident scenarios and critical plant components - Rigorous application to common-cause failures caused by earthquake and/or tsunami - Synthetic treatment of inherent uncertainties - Risk-informed technological options: Cost ~ benefit (safety, BCM, etc.) trade-off alternatives under risk constraint
21

+Action Criteria (3): Technology assessment incorporating Total process and Total system + Implementing risk-informed decision in regulatory procedure => Technical decisions must be made under the framework of 1) Total process and 2) Total system => Reduction of integrated system risk

22

1) Total process: + Conventional practice

Decision: NISA (administration)

DBGM/DBTH Design Hazard Committee Gap Committee Gap Committee (experts) (experts) (experts)

+ Enhancement (preliminary sketch)

Decision: JNRA (administration)

Integration and feedback Design point, Seismic margin, Residual risk (engineering assessment & review) Hazard DBGM/DBTH Fragility SSC Design PRA procedure

Accident scenario

23

2) Total system: + Robustness e.g.: Identification of critical safety-related SSC? / Redundancy, independence, diversity of safety functions + Multi-hazard e.g.: Combined losses of external power by strong motion and on-site emergency power by tsunami / earthquake-induced fire / earthquake-induced internal flooding, etc. + Multi-unit e.g.: Functional interactions within unit groups
24

+Action Criteria (4): Safety decision standing on technological ethics ~ Accountability and Transparency
+ Clarify decision processes in terms of total process and total system + At regulator meetings, open meeting, disclosed documents showing not only results but processes, and fair operation are essential. + Trace, monitor, assess and feedback regulator and operators activities.

25

+Action Criteria (5): Risk communication in the decision process~ purpose = trust building
+ Purpose of risk communication: One-way dissemination => Building a foundation of trust + Risk information engineers should provide for risk communication based on PRA: i) Core damage frequency (CDF) / Containment failure frequency / radioactive materials release / public radioactive exposure, ii) Critical accident scenarios and SSCs with high contribution to CDF / iii) Possibility of simultaneous failure of SSCs (influence of common-cause failure to CDF) / iv) Ranges of strong motion as major contributors to CDF, etc.
26

+ Quality of information: *Not only numerical results + underlying conditions + process of assessment *Documents accountable to non-experts + Organization of discussion groups: *e.g.: a local discussion group on nuclear safety consisting of 3/1 pro-nuclear, 1/3 anti nuclear and 1/3 neutral experts + Research activities: *M. Kitamura: 1) Human interface (HI) technique useful for citizens-experts communication, and 2) Filling gap among experts * T. Takada: Developing a new area Engineering accountability and understanding * Nuclear risk communication research by JNES and NITEC, in cooperation with IAEA, involving Kashiwazaki-Kariwa municipalities and local citizens

27

+ Regulators activities: *USNRC: Diablo Canyon open WS on active faults * France: ACT No. 2006-686 of 13 June 2006 on Transparency and Security in the Nuclear Field / High Committee for Transparency * Japan regulators: new actions are being practiced to find public opinions / in the context of trust building, innovation needed / urged to practice and institutionalize a sound mechanism of nuclear risk communication

28

+ Action Criteria (6): Multi-disciplinary collaboration ~ Fill perception gaps / Overcome academic gaps Responsibility of academia + Issues to overcome
A view as a member of Japan Society for Earthquake Engineering (JAEE) and Atomic Energy Society of Japan (AESJ))

* Lack of perspective spanning cross-disciplinary issues * Sticking too much to their own individual fields (Ignore other fields and/or look at other fields only as boundary conditions) * Gaps between fields should be filled (The nature does not overlook such gaps.) * Cross-disciplinary brain storming and integration are indispensable.
29

+ Collaboration between Nuclear Safety Engineering and Earthquake Engineering ~ indispensable element for earthquakeearthquake-tsunami safety of NPP * Defense-in-depth scheme has been realized neat and robust against NPP accidents caused by internal events. * In case of earthquakes and tsunami: we deal with common-cause events induced by external loads that simultaneously affect the entire plant system / Not only safety front systems (shut down and core cooling) but support systems (RHR, ultimate heat sink) experience critical conditions as well / Due to large uncertainties in earthquake and tsunami hazards, hazard levels and corresponding SSC performances must be seamlessly integrated through the PRA procedure. * Collaboration between nuclear safety engineering and earthquake engineering is critically important to connect hazards and system performances appropriately. * Experience of collaboration between the AESJ Committee on Seismic Safety of NPP (Dec. 2007-March 2012) and the JAEE Committee on Seismic Safety of NPP (Oct. 2008-March 2012) 30

5. Input from Investigation Committees with Implications to Technology Governance

1) Official Report of the Fukushima Nuclear Accident Independent Investigation Commission / the National Diet of Japan, 5 July 2012 (NAIIC Report) (http://www.naiic.jp/en/) 2) Final Report on the Accident at Fukushima Nuclear Power Stations of Tokyo Electric Power Company / Investigation Committee of the Japanese Government, 23 July 2012 (http://icanps.go.jp/eng/)

31

1) NAIIC Report, the National Diet of Japan, 5 July 2012

Major issues discussed = Institutional problems / root causes in the Japanese culture
What must be admitted very painfully is that this was a disaster Made in Japan. Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to sticking with the program; our groupism; and our insularity. (K. Kurokawa, Chair)

Recommendations (Institutional aspects of technology governance) on: i) Monitoring the regulatory body by the National Diet ii) Reform the crisis management system iii) Government responsibility for public health and welfare iv) Monitoring the operators v) Criteria for the new regulatory body (independent, transparent, professional, consolidated, proactive) vi) Reforming laws related to nuclear energy vii) Develop a system of independent investigation commissions

32

2) Final Report of the Investigation Committee, Japanese Government

Thorough discussion on technical evidences / Institutional clarification (regulators, operators, safety culture) Recommendations (keen for substantiating technology governance) : i) Basic stance for safety measures and disaster preparedness
complex disasters, risk perception, disaster victims standpoint, incorporating latest knowledge

ii) Safety measures regarding nuclear power generation

risk-based assessment, severe accident management

iii) Nuclear disaster response systems

crisis management system, emergency response headquarters, off-site centers, roles of prefectural governments

iv) Damage prevention and mitigation

risk communication, monitoring operation, SPEEDI, evacuation procedure, stable iodine tables, medical care, overseas aid

v) Harmonization with international practices vi) Relevant organizations

regulatory body (independence, transparency, preparedness, information dissemination, professional, R&D update, international), TEPCO, safety culture

vii) Continued investigation of accident causes and damage

33

6. Conclusions
(1) Concept of Technology Governance was proposed as a key technology management framework for nuclear safety: its definition was proposed. (2) Action criteria for technology governance were proposed: 1) Science-based hazard model embodying "scientific imagination" 2) Risk-informed technology options 3) Total process and Total system 4) Safety decision standing on technological ethics 5) Risk communication in the decision process 6) Multi-disciplinary collaboration (3) Relevance of technology governance was reviewed by analyzing three sets of lessons from the 3.11 Fukushima Accident and two final reports of investigation committees .
34