2012 Report: Tolerating the Intolerable
Download: The NRC and Nuclear Power Plant Safety 2012: Executive Summary | The NRC and Nuclear Power Plant Safety 2012: Full Report
Previous Reports
The NRC and Nuclear Power Plant Safety is an annual series. Below are links to previous editions:2011 Report: Living on Borrowed Time
2010 Report: A Brighter Spotlight Needed
This analogy serves as the starting point for The NRC and Nuclear Power Plant Safety in 2012: Tolerating the Intolerable, our third annual review of the Nuclear Regulatory Commission's performance in policing the U.S. nuclear power industry. The report takes the NRC to task for its failure to consistently enforce its own regulations, effectively leaving long-term holes in the safety net that is supposed to protect the public from the inherent hazards of nuclear power.
According to the report, the NRC's lax oversight "reflects a poor safety culture," including a disconnect between the agency's workforce and its senior management, with managers tending to downplay safety problems and react negatively when workers point them out.
The report examines 14 “near-misses” at U.S. nuclear plants during 2012 (see table below) and evaluates the NRC response in each case. In addition to these 14 near-misses, the report offers examples of both positive and negative aspects of the agency's safety performance:
Positives
Proactive CFSI efforts. Every year nuclear plant owners must replace or refurbish component parts to prevent aging degradation from affecting reliability and safety. These efforts are undermined when counterfeit, fradulent and suspect items (CFSI) are used. When recent reports indicated a growing problem of CFSI in government supply chains, NRC took steps to develop an action plan and improve its procedures for identifying and responding to CFSI problems, even though CFSI had not been implicated in any safety incidents up to that point.Sustained focus on nuclear security. In December 2012, the NRC hosted the inaugural International Regulators Conference on Nuclear Security, featuring keynote speeches by high-ranking U.S. and international security officials and sessions on security topics with panels consisting of regulators from around the world. The NRC deserves credit for this sustained focus more than a decade after 9/11, as well as for conducting the conference in public.
Negatives
Safety culture. In 2011, the NRC issued a statement outlining its expectation that the nuclear industry would take steps to "promote a positive safety culture." However, as a 2012 survey of NRC staff shows, the safety culture within the agency itself is deeply flawed, with nearly half of its employees expressing skepticism that the NRC is serious about addressing the issue.Fire non-protection. After a 1975 fire at the Browns Ferry plant, the NRC adopted a new set of fire protection regulations, issued in 1980 and revised in 2004. In 2012, the NRC granted an extension to the Tennessee Valley Authority (TVA), giving the TVA more time to prepare a fire regulation compliance plan—for that very same Browns Ferry plant. For over 30 years, the plant has been allowed to operate out of compliance with the regulations its own accident prompted.
Temporary storage of spent fuel. In 2012 a federal court ruled that the NRC had failed to meet its obligations under the National Environmental Policy Act of 1969 (NEPA) by neglecting to prepare an environmental impact statement for its Waste Confidence Decision, which specifies how long nuclear waste may safely be stored at nuclear power plant sites.
Recurring reactor cooling water leaks. The near-miss at the Palisades plant, in which cooling water leakage was allowed to continue for nearly a month, even though the leak was in an area where NRC regulations require the plant to be shut down within six hours, points to an ongoing problem: the NRC routinely allows violations of this type to go unpenalized, thus "enabling poor decision-making by plant owners." In a similar incident at the Davis-Besse plant in 2002, the leakage problem was allowed to continue for years; a study later concluded that the reactor vessel head was less than a year from failure, which could have caused a serious accident, when the problem was finally detected and the plant shut down for repair.
Nuclear plant flooding hazards. NRC commissioners told a Senate committee in a 2012 hearing that a Fukushima-like disaster could not happen in the U.S. In fact, two years earler the NRC had notified the owner of the Oconee reactors, located downstream from the Jocassee dam, that they needed to implement measures to guard against what NRC risk analysts considered a near certainty of flood damage in the event of a dam failure. Not only did the commissioners mislead the Senate, they withheld this information from the public for two years.
Incomplete and inaccurate statements. Nuclear plant owners are required by law to include complete and accurate information in all documents they submit to the NRC. Yet each year, NRC staffers find themselves sending thousands of Requests for Additional Information (RAIs) to plant owners in connection with applications for licensing actions. While many of these RAIs no doubt involve questions that plant management honestly did not anticipate, it is also likely that in many cases the RAIs result from efforts to evade the legal requirement of completeness and accuracy, leaving it up to the NRC to take the initiative to ask an unwelcome question. The NRC currently does not investigate RAIs for evidence of such evasion, thus encouraging plant management to continue engaging in it.
Three-year trends
Analysis of the near-miss data for the three years covered by UCS reports shows that 40 of the nation's 104 operating commercial reactors experienced a near miss between 2010 and 2012, with 12 reactors experiencing at least two near-miss events, and three—at Fort Calhoun, Palisades, and Wolf Creek—experiencing three or more. The three-year data indicate that the average U.S. reactor is likely to experience seven near misses over its 40-year license period (increasing to about ten if the license is extended by 20 years, as most have been).While none of the near misses UCS has studied have resulted in harm to nuclear plant workers or the public, the "safety pyramid" principle used by industrial safety experts suggests that reducing the frequency of near misses will also reduce the likelihood of a major accident that could cause serious harm.
| NUCLEAR NEAR-MISSES IN 2012 | ||
| Reactor & Location | Owner | HighlightsSIT=10x increase in risk of reactor core damage AIT=100x increase in risk of reactor core damage |
| Brunswick Steam Electric Plant, Unit 2 Southport, NC | Progress Energy | SIT: Excessive leakage of cooling water from the reactor vessel, determined to have been caused by the improper installation of the reactor vessel’s head, led to an emergency being declared and the reactor being shut down. |
| Byron Station, Unit 2 Byron, IL | Exelon Generation Co., LLC | SIT: Equipment failure in the switchyard triggered an automatic shut-down of the reactor. A design deficiency caused emergency equipment to be de-energized until workers took steps to isolate the problem and restore power from the emergency diesel generators. |
| Catawba Nuclear Station, Unit 1 York, SC | Duke Energy Corp. | SIT: After an age-related problem caused one of four reactor coolant pumps to fail, the Unit 1 reactor and turbine automatically shut down as designed. Due to a design error in a recent modification, the decreasing voltage output by the main generator caused electrical breakers to open that disconnected Units 1 and 2 from the offsite power grid. One of the emergency diesel generators started but failed to supply electricity to safety equipment due to another design error when it was installed in 1984. |
| Farley Nuclear Plant, Units 1 and 2 Dothan, AL | Southern Nuclear Operating Company, Inc. | SIT: Security problems prompted the NRC to conduct a special inspection. Details of the problems, their causes, and their fixes are not publicly available. |
| Fort Calhoun Station Omaha, NE | Omaha Public Power District | SIT: The NRC investigated a fire that disabled half of the 4,160 volt and two-thirds of the 480 volt power supplies for emergency equipment at the plant and triggered the declaration of an Alert—the third most serious of the NRC’s four emergency classifications. |
| Fort Calhoun Station Omaha, NE | Omaha Public Power District | SIT: Security problems prompted the NRC to conduct a special inspection. Details of the problems, their causes, and their fixes are not publicly available. |
| Harris Nuclear Power Plant Raleigh, NC | Progress Energy | SIT: As the reactor was being shut down for a scheduled refueling outage, workers tested the closing time of the three main steam isolation valves. These valves are designed to close within five seconds during an accident to limit the amount of radioactivity released to the atmosphere. The NRC dispatched an SIT after it took one valve 37 minutes to close and another 4 hours and 7 minutes. |
| Palisades Nuclear Plant, South Haven, MI | Entergy Nuclear Operations, Inc. | SIT: Workers shut down the reactor about a month after they detected a small cooling water leak. The NRC sent an SIT to the site after the source of the leak was determined to be a location where any leakage required the plant to be shut down within six hours. |
| Palo Verde Nuclear Generating Station, Units 1, 2, and 3 Wintersburg, AZ | Arizona Public Service Company | SIT: Security problems prompted the NRC to conduct a special inspection. Details of the problems, their causes, and their fixes are not publicly available. |
| Perry Nuclear Power Plant Perry, OH | FirstEnergy Nuclear Operating Company | SIT: Security problems involving failures to prevent unauthorized individuals from entering secure areas of the plant prompted the NRC to conduct a special inspection. |
| River Bend Station St. Francisville, LA | Entergy Operations, Inc. | AIT: The operators manually shut down the reactor on May 24 after an electrical fault on the motor of a feedwater pump caused it to stop running. A failed relay prevented the electrical breaker for the motor from opening to isolate the electrical fault. The fault propagated through the electrical distribution system, causing the breaker supplying power to the 13,800 volt electrical bus to open. Due to another electrical cable problem on May 21, all of the plant’s circulating water pumps and non-emergency cooling water pumps were being powered from this single electrical bus. Its loss caused the plant’s normal heat sink to be lost and stopped the supply of cooling water to equipment in the turbine building and to some emergency equipment. |
| San Onofre Nuclear Generating Station, Units 2 and 3 San Clemente, CA | Southern California Edison Company | AIT: Operators shut down the Unit 3 reactor following a leak inside a steam generator replaced less than a year earlier. The NRC dispatched an AIT after eight steam generators tubes failed pressure testing and inspections identified extensive and unusual degradation in the steam generators of both units. |
| Wolf Creek Generating Station Burlington, KS | Wolf Creek Nuclear Operating Corporation | SIT: Erratic performance of an emergency diesel generator during a routine test prompted the NRC’s special inspection. The SIT determined that an improper fix to another problem four months earlier impaired the emergency diesel generator’s control system. |
| Wolf Creek Generating Station Burlington, KS | Wolf Creek Nuclear Operating Corporation | AIT: After one electrical fault in the switchyard caused the main generator to shut down automatically, a second electrical fault disconnected the plant from its offsite electrical grid. |
