• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
,:;
I
.rri
i:
.rl
l:rl
I
PROBABILISTICRISK
ANALYSIS
Its
Possible
Use
in
Safeguards
ProblemsNorman
C.
Rasrnussen
Professor
of
_NuclearEngineering
Massachusetts
fnstituteof
Technology
Canbridge,
Mass.
-02139
1.
0
Introduction
The
recently
conpleted
Reactor
Safety Study
(RSS)
which
resulted.
in
the
ITASH-1400
report
has
stimulated
considerable
interestin
the
use
ofthis
nethodology
as
a
possible
way
of
assessing
the
risk
invoLved
in
other
þa;^ts
of'the
nuclearfuel
cycle
as
well
as
other
societal
activities.
This
paper
briefly
reviews
the
RSS
nethodology
and
discusses
its
possible
applica-
tionto
the
safeguards
problem.
For
the
reasonsdiscussed
herein,
the
Paper'concluães
that
there
are
possible
applications
of
these
methodologies
for
the
development
of
effective
safeguards.
How-
everr
ân
overall
quantitative
risk
assessment
of
the
safeguards
issues
is at
present
beyond
the
capability
of
the
methodology.
2.0
Description
of
RSS
Methodology
In
quantitative
risk
analysis
riskis
expressed
as
a
function
of
the
probabilityof
occurrence
of
an
event
and
the
rnagnitude
of
the
consequence
being examined.
On'e
of
the
mostcommon
definitions
(but
certainly
not theonly
one)
is
simply
the
product
of
probabiLity
and
the
consequence.
Thus
such
studiesmustevaluate
both
thelikelihood
of
certain
eventsas
well
as
their
consequences.A
variety
of
methodologies
have
been
deyel-
oped
for
carrying
out
these
evaluations.
Z.L
Estination
of
Probabilities
.
The
principal
techniques
used
by
the
Reactor
Safety
Study
werea
'forn
oi
decisi.on'analysiscätt."d
"eyenttrees't
which
defined
accident
seguences, and
a
nethod
ca1led
"fault
treesn
which
deternined
failureprobabilities,
Event
trees
start
withan
i4itiating
event
of
possible
serious
consequences
and
develop
possible
accident
sequences depending upon
the
operability
of
various
plant
systerns
that
influence
the
Subsequent
course
of
events.
This
logic isillustrated
by
the
sinplified
eventtree
for
a
loss
of
coolant accident
(LOCA)
shown
ln
Figure
1.
In
Figure
I
the
values
of
P1
through
P5
are
the
probabilityoffail-
ure
of
thefunctions
at
the
top
of
[tre
figure.
The
probability
of
successful
function
is
given
by(l-Pi).
The
size
of
the
radioa.ctiverelease
depends
upon
just
úhãt
systems
fai1.
Various
pQssible
consequences
areindicated
on
the
figure.
For
exanple,
ifçfectric
power
failsafter
apipe
break
no
other safety
systens
will
operate
and
so
the
core
will
lnelt
and
there
wiLl
be
à
vêry
...t
;'t",
''i
r'ri
i,:
l:':ì
_'ì::'T
l:r
r,i
r
1
",'l
I
ii,;,'j
'
;1.1
.
j
,,,]
iiii
i,.,lr*
i',i
ì
:iil,!
,i
'l
-jl.:i
í
.
ì'i;+
rili:
riiï¡
,iii,i
'l¡¡t-r:i
ì,ili
ii:ir¡
r;1.,C
I
ilrd
rr':ì
i
it.l
'|l:'I
r,J
,ili!,,iå
il!:l
llr,
1lì,r
t,
!,iil.1
:t
t:i
i:liil
;i
¡itri
I
liil'i
!liìl
'
ti.i
''
:1
i:
ì.rljì:!
tr
.ì:
i
;
lrl.
r,,iiÈ.
'r'lii,iì
..trJilt_i,
-,
Ii
:r
-;
iti;
nii.:'
'1L
i
,l:
..
t,:
..,]
ii
j,
:i*Ej;ii!
'l{4.
:iií
t*:
;.Í:
'9_:
::-i:
lzl
,l
,ii.
iii
,¿.
i
il,'|
'::i-:
:i
'f
''::
il
Í
'{
I
:,i
{
,4
d
.1
:l¡
.tt
;i.
Í;
Nuclear
M¡terials
Menagement
 
large
release.Ih"
prgbSÞility.of.such
arelease
isftx
P2.
In
calculating
the
piobabilityit-is
important
to
consider
any
ãäpã"ã""cies
Ëetw-"ett
n1
"ttg
P2
and
to
take
them
into
account'
ihã-ã;p;ndencies
betweËn
theiå
probabilities
are
cornrnonly
referred
to
as
i'common
mode
f
ailures
'
"
As
can
be
seen
from
Figure
1,
a
number
of-possiu;le.acci-dent
sequencei--rt"
identifie¿
Ui
such
a.
diagram'
Figure
itr
isactually
"y"ty-ii*;iii:-e¿
version
of
the
event
trees
used
by
ih;
Reattor
Sá'teiy
^Study
toillustrate
the-methodology'
The
event
ii"ur
actually
us-ed
produce
many
more
accident
sequences
'
When
using
the
event
tree
method
the
analyst
must
decide
just
when
i"itiatiñg
events
nust
be
considered.
For
reasons
a1-
readydiscusseã,tftË
principãf
-concern.
in
reactor
accidentS
is
¿;;;.me1ti'g,whichcänariiefromeitheroverheating.(i...,^
operating
at
tôã-higfr
"
po*ãi
1ãve1)
or.undercooling-(i-'e'I
fai1-.
ure
ofplant
systems
to
relnove-the
ieat).
Because
of
the
inherent
ii'ãpãitiãi--ðt
inater
reactori-C"ãgãti""
iemperature
coeffíci"l!l
ih;'it"áy
group
deternined
that
core
rnelt
by
overpowerwas
very
unlikely
conpaied,
to
core
*"tt
by
undercoofingl
llY:
the
study
$;;;-;óri-
o?
tttu
effort
analyziig
undercooling
accidents
'
Inanalyzingundercoolingaccidents,evglttreesu¡gr9
developed-ior
five
type:
ofinitiäting
events
'
These
inclucled
vesset
rupture,
Large
pipe-brã;k;
*;lTumsize-pipe
brea\,,snal1
;i;;-Utè.t,
aná
trañsiãni
events.
ffte
first
four
are
LoCA's
fr;î'i"g-áifi"tutttcharacteristics.
Transients
referto
those
cases
where
the
planiir
asked
tã-itrut
down
for
either
a
planned
or
un-
planned
1.u"rorr.
In
the
transient
case
the
two
questions
of
im-
port,ance
"tu,---¿oãJ-iitu
reactor
trip,.and
ðo
the
decay
heatre-
inoval
systems
function
ProPerlY
A1-though
the
event
trees
can
definethe
accident
se-quences
they
do
not
providJ
ã"y
*"iftoa
for
deterniningthe
proba-
tîiï;;'";'^;ír"-àccide'nt.
To
do'
rhis
thevarious
failure
probabili-
ties
must
be
known,
Generally
there
-have
not
been
enoughsystens
failuresin
reactor
tytt"*i-tá
fiovide.thes-e
probabilities
so
the
,,fault
tree,,
rnethodwâs
usã¿-io'deternine
theie
probabilities'
Thefaulttreelogicisthereyerseofthgeventtreeinthatitstarts
with
,o*ã
defined
final
undesired
eyent
and.
reasons
back-iã-i¿ã"tify
all
thepossible
causes
ofthis
event'
A
sirnplified
¡;"ii-ir""'foi-"iôis'of
pow"t
to
the
emergency
safety
features"
is
shown
in
Figure
2.
The
iot
event
t1}!:
caused
either
by
tosiof
AC
pgwÞI
or
loss
of
DC
power,
since
AC
polerprovides
ttr"-ãnãigi-"ã¿
DC
power
operates
the:
control
circuit'
iiil'i;;
piãu"uirity
of
.!u-i;p
evånt
is
the
sun
of
the
probabili-
;ï;;ði-tit"tu
tt^ro
events
(more
accuratelv
iis;,,";,,'
ilg;,ötç"
;,i;glÀg
I
1.
-if
i
t
,;
ll:1"ï
ì
îi3.
i;.
:"ti:
:$"Ïäo
-
ment
of
the
diagram,
constããi.loss
of
AC
poï/er'
which
can
be
caused
by
loss
ofofflite
powet.
"tá
the
simultaneous-
loss
of
on
sitepower.
Thus"ir,ã-pr"6ã¡iri;t-"i--ioii
ðr
AC
power
is
rhe
producr
of
fall
1976
67
 
ililäl
li:
¡ii4
:r!.1
;il
'nll
Ìl¡
s'ilr
'1,
the
probability
of
loss
ofoll.rite,powerlld !h"probability
of
he
loss
of
on
site
power.
This
relätio"rrrifii-iilustrated
by
he
"and"
svnbol
on
ttte
figure.-i;-;;"ctice
the
treeis
developed
furtheruntil
thera:-iurãs
indicat*a'ry
the
bottom
boxes
aïe
such,
hings
as"re1ay
f
ailsto
op"rr,;-
,lirlt.i,
f
ails
,,,
or
such
human
f
ailures
as
"operator
mista-k"súand
'iiest
and.
maintenance
errors.
r,
The probabit
itiesof
theseevents
are
trrown
ir;;-;;perience
rvith
imilar
systems
inindustrial;;;
;;ãuy.
The
study
has
been
crit
icizedby
some
for
not
including
uman
errors
in
ah:
analysis.
clearly
tír"r"
p"ãpie-Iiaye
either
ot
read
or
not
understoôd
tl.u
s¡ggr.'
To
illüstiatethis
pointonsider
Tables
1
and
z
rox
the
pwR'and
BwR-;t;;;;-irilure
con_
tributions'
The
column
marked
"rtui¿rät""
includes
failures
of
arious..pieces.
of
equip-ment,
whilethoie
narked
,,test
and
nain-
enance'
and
"human
erior"
áre
lwo
tlpåtof
rr"*u"-.ã,rr"¿
failures,
s
noted'
part
of
the
common
mod.e
coílributionis
also
d.ue
to
human
errors.
From
these
tables
itïi
crear
that
not
only
have
mistakesbv
operators
and
*uiniã"ãt.J-p"tsonnel
been
includ.ed,
butil-tltl.systems.
they
aïe
dominàni
ãontributoïs
to
rhe
overall
navailability
of
the
system.
Another
criticísn
often
expressed
isthatitis
not
pos_
sibleto
accurately
predict
very
r*ät1
probabilities
by
these
methods
'rtis
true-
that
_very
sma11f
ailure.;a¿;-ãr"
dj.f
ficulto
predict
accurately
by_
fault
treà*ãinoat
becauie
at
such
levels
f
probability
very
ûnritery
and
su¡ii"failures
can
be
important.
owever,
our
faulttree
anaiysis
rã""ã
that
the
unavailabilities
f!!"
systenswere
not
in-
tire;";g;'^;"nera11y
regarded
as
very
rnal1.
This
is
indicated
Þy
Table!
3'ãnd
4.
'rqotã
.rrãi;b";i'tl
+
l{*}1
systems
anaryzed
had'""r"ãii"¡iiiti",of
more';hr;"íö:+".''
0f
the
40
svstems
anaryzed',
39.had.
unavairaÀiiitiãi
greater
than"
l-0-
5
,
s4
*"i"
greater'than'rõ:¿i-ärrä'^iö'*"r*grearer
rhan
10-s.he
probabilit¡
.of-
19-9/year
ttiát-ãppããrr
on
îhe
consequencecurves
s
not
the
orobability
þ{
systen
faiiures
but
is
the probability
of
the
most
serious
"Í:.iãeni.
This
includes
the
probability
of
ore
melt
times,
the
probability_of
the
worst
type'of
containment
failure
tines.
the
prõbabil
íty
'of-irrð'-iorrt
wearher
tirnes
the
probability.thar
tiie
wind
is'¡i;*i;;
iã,u"r¿,
?
region
of
very
high
opulation
density.
since
these
raõtois
areindeienáent,
it
is
uite
proper
to-
murliply
theirpr;b;biiiti"s
tog"ir.,Ë,
ro
obtain
such
a
sma11
value
juit'asiti; ptof"r-to
estimate
the
chance
of
btainins
heads
s0Lonsecutive
times'in
flippingããi",
as
(L/2)30 IfO-g.vvu!¡YvL¿rt.çr¡rr
using
reliability-analysis
techniques
as
d.escribed
above,
tire
Reãctor_
safetr'study
conclucled
thatinu.s.
water
re-
ctors
the
probability
core
melt
was
about
I in
io,oo0
per
plant
per.year.
The
uncertainty
ãrri!n"atothís
number
rvas
plusor
minus
a
factorof5.riris
nrrñ¡é,,ou,obtained
for
the
4th
and34th
plants
of
the
first
roo
u.s. reactors.rt
would.
be
expected
thàt
^tþu
plants
b*i;t
uùiri'toaay*iÀrri-rr"
somervhat
better
because
of
impiovenrents
i;ã;;i;".
N
uclearMaterialsManagement
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...