Publications

6 Results
Skip to search filters

Evaluation of Joint Cyber/Safety Risk in Nuclear Power Systems

Clark, Andrew C.; James, Jacob J.; Mohmand, Jamal A.; Lamb, Christopher L.; Maccarone, Lee M.; Rowland, Michael T.

This report presents an analysis of the Emergency Core Cooling System (ECCS) for a generic Boiling Water Reactor (BWR)-4 NPP. The Electric Power Research Institute (EPRI) developed Hazards and Consequences Analysis for Digital Systems (HAZCADS) process is applied to the ECCS and its subsystems to identify unsafe control actions (UCAs) which act as possible cyber events of concern. The analysis is performed for two design basis events: Small-break Loss of Coolant Accident (SLOCA) and general transients (TRANS), such as unintended reactor trip. In previous work, HAZCADS UCAs were combined with other cyber-attack analysis to develop a risk-informed approach; however, this was for a single system. This report explores advanced systems engineering modeling approaches to model the interactions between digital assets across multiple systems which may be targeted by cyber adversaries. The complex and interdependent design of digital systems has the potential to introduce emergent cyber properties that are generally not covered by hazard analyses nor formal nuclear Probabilistic Risk Assessment (PRA). The R&D and supporting analysis presented here explores approaches to predict and manage how interdependent system properties effect risk. To show the potential impact of a successful cyber-attack to formal PRA event tree probabilities, HAZCADS analysis was also used. HAZCADS was also used to model the automatic depressurization system (ADS) automatic actuation. This analysis extended to an integrated system analysis for common-cause failure (CCF). In this aspect, the HAZCADS analysis continued by analyzing plant design details for system connectivity in support of critical plant functions. A dependency matrix was developed to depict the integrated functionality of the interconnected systems. Areas of potential CCF are indicated. Future work could include adversary attack development to show how CCF could be caused, resulting in PRA events. Across the multiple systems that comprise the ECCS, the analysis shows that the change in such probabilities was very different between systems. This indicates that some systems have a larger potential risk impact from successful cyber-attack or digital failure, which indicates a need for these systems to have a higher priority for design and defensive measures. Furthermore, we were able to establish that a risk analysis using any arbitrary threat model establishes an ordering of components with regard to cyber-risk. This ordering can be used to influence the overall system design with an eye to lowering risk, or as a way to understand real-time risk to operational systems based on a current threat landscape. Expert knowledge of both the analysis process and the system being analyzed is required to perform a HAZCADS analysis. The need for a tiered risk analysis is demonstrated by the results of this report.

More Details

Identification and Resolution of Gaps in Mechanistic Source Term and Consequence Analysis Modeling for Molten Salt Reactors Salt Spill Scenarios

Leute, Jennifer E.; Beeny, Bradley A.; Gelbard, Fred G.; Clark, Andrew C.

This report represents an assessment of the gaps in Mechanistic Source Term (MST) and consequence assessment modeling for Molten Salt Reactors (MSRs). The current capabilities for MELCOR and the MELCOR Accident Code System (MACCS) are discussed, along with updates needed in order to address specific needs for MSRs. A test plan developed by Argonne National Laboratories is discussed as addressing some of these gaps, while some will require additional attention. Further recommendations are made on addressing these gaps. This report satisfies the DOE NE Milestone M2RD-21SN0601061 to leverage MELCOR and MACCS to identify parameters of importance for source term assessments for salt spill experiments.

More Details

Mechanistic Source Term Considerations for Advanced Non-LWRs (Revision 1)

Clark, Andrew C.; Higgins, Michael H.; Leonard, Elliott J.; Leute, Jennifer E.; Luxat, David L.; Nenoff, T.M.

This report is a functional review of the radionuclide containment strategies of fluoride-salt-cooled high temperature reactor (FHR), molten salt reactor (MSR) and high temperature gas reactor (HTGR) systems. This analysis serves as a starting point for further, more in-depth analyses geared towards identifying phenomenological gaps that still exist, hindering the creation of a mechanistic source term for these reactor types. As background information to this review, an overview of how a mechanistic source term is created and used for consequence assessment necessary for licensing is provided. How a mechanistic source term is used within the Licensing Modernization Project (LMP) is also provided. Lastly, the characteristics of non-LWR mechanistic source terms are examined. This report does not assess the viability of any software system for use with advanced reactor designs, but instead covers system function requirements. Future work within the Nuclear Energy Advanced Modeling and Simulations (NEAMS) program will address such gaps. This document is an update of SAND 2020-6730. An additional chapter is included as well as edits to original content.

More Details

Sodium fire analysis using a sodium chemistry package in MELCOR

International Conference on Nuclear Engineering, Proceedings, ICONE

Aoyagi, Mitsuhiro; Uchibori, Akihiro; Takata, Takahi; Louie, David L.; Clark, Andrew C.

The Sodium Chemistry (NAC) package in MELCOR has been developed to enhance application to sodium cooled fast reactors. The models in the NAC package have been assessed through benchmark analyses. The F7-1 pool fire experimental analysis is conducted within the framework of the U.S.-Japan collaboration; Civil Nuclear Energy Research and Development Working Group. This study assesses the capability of the pool fire model in MELCOR and provides recommendations for future model improvements because the physics of sodium pool fire are complex. Based on the preliminary results, analytical conditions, such as heat transfer on the floor catch pan are modified. The current MELCOR analysis yields lower values than the experimental data in pool combustion rate and pool, catch pan, and gas temperature during early time. The current treatment of heat transfer for the catch pan is the primary cause of the difference in the results from the experimental data. After sodium discharge stopping, the pool combustion rate and temperature become higher than experimental data. This is caused by absence of a model for pool fire suppression due to the oxide layer buildup on the pool surface. Based on these results, recommendations for future works are needed, such as heat transfer modification in terms of the catch pan and consideration of the effects of the oxide layer for both the MELCOR input model and pool physic.

More Details
6 Results
6 Results