Nuclear power plant (NPP) risk assessment is broadly separated into disciplines of nuclear safety, security, and safeguards. Different analysis methods and computer models have been constructed to analyze each of these as separate disciplines. However, due to the complexity of NPP systems, there are risks that can span all these disciplines and require consideration of safety-security (2S) interactions which allows a more complete understanding of the relationship among these risks. In this work, a novel leading simulator/trailing simulator (LS/TS) method is introduced to integrate multiple generic safety and security computer models into a single, holistic 2S analysis. A case study is performed using this novel method to determine its effectiveness. The case study shows that the LS/TS method avoided introducing errors in simulation, compared to the same scenario performed without the LS/TS method. A second case study is then used to illustrate an integrated 2S analysis which shows that different levels of damage to vital equipment from sabotage at a NPP can affect accident evolution by several hours.
Risk assessment of nuclear power plants (NPPs) is commonly driven by computer modeling which tracks the evolution of NPP events over time. To capture interactions between nuclear safety and nuclear security, multiple system codes each of which specializes on one space may need to be linked with information transfer among the codes. A systems analysis based on fixed length time blocks is proposed to allow for such a linking within the ADAPT framework without needing to predetermine in which order the safety/security codes interact. A case study using two instances of the Scribe3D code demonstrates the concept and shows agreement with results from a direct solution.
This document details the development of modeling and simulations for existing plant security regimes using identified target sets to link dynamic assessment methodologies by leveraging reactor system level modeling with force-on-force modeling and 3D visualization for developing table-top scenarios. This work leverages an existing hypothetical example used for international physical security training, the Lone Pine nuclear power plant facility for target sets and modeling.
This document details the development of modeling and simulations for existing plant security regimes using identified target sets to link dynamic assessment methodologies by leveraging reactor system level modeling with force-on-force modeling and 3D visualization for developing table-top scenarios. This work leverages an existing hypothetical example used for international physical security training, the Lone Pine nuclear power plant facility for target sets and modeling.
Security at nuclear power plants (NPPs) in the United States is currently based on vital area identification (VAI)-a procedure to determine locations within a nuclear facility that need to be defended from adversaries in order to avoid damage to the facility and/or release of radionuclides to the environment. This procedure heavily leverages a Level 1 probabilistic risk assessment (PRA) which identifies combinations of events that can lead to core damage. Current approaches to VAI for NPPs, however, are determined on a “snapshot-in-time,” and therefore unable to include the time-dependent effects of safety systems within a NPP A novel “leading simulator (LS) / trailing simulator (TS)” methodology is proposed to integrate the thermal hydraulic-based safety analysis of a NPP with a physical security analytical tool to model vital area boundaries and related potential consequences. The methodology will use dynamic event trees to systematically explore the uncertainties in an adversary attack scenario at a hypothetical NPP while incorporating the timing and repair effects that are not captured using the available modeling approaches to physical security practices. Ultimately, the LS/TS methodology will enable NPPs to incorporate the full complement of safety systems and procedures when performing security analyses.
Coupling interests in small modular reactors (SMR) as efficient and effective method to meet increasing energy demands with a growing aversion to cost and schedule overruns traditionally associated with the current fleet of commercial nuclear power plants (NPP), SMRs are attractive because they offer a significant relative cost reduction to current-generation nuclear reactors-- increasing their appeal around the globe. Sandia's Global Nuclear Assurance and Security (GNAS) research perspective reframes the discussion around the "complex risk" of SMRs to address interdependencies between safety, safeguards, and security. This systems study provides technically rigorous analysis of the safety, safeguards, and security risks of SMR technologies. The aims of this research is three-fold. The first aim is to provide analytical evidence to support safety, safeguards, and security claims related to SMRs (Study Report Volume I). Second, this study aims to introduce a systems-theoretic approach for exploring interdependencies between the technical evaluations (Study Report Volume II). The third aim is to demonstrate Sandia's capability for timely, rigorous, and technical analysis to support emerging complex GNAS mission objectives. This page left blank intentionally
To support more rigorous analysis on global security issues at Sandia National Laboratories (SNL), there is a need to develop realistic data sets without using "real" data or identifying "real" vulnerabilities, hazards or geopolitically embarrassing shortcomings. In response, an interdisciplinary team led by subject matter experts in SNL's Center for Global Security and Cooperation (CGSC) developed a hypothetical case description. This hypothetical case description assigns various attributes related to international SNF transportation that are representative, illustrative and indicative of "real" characteristics of "real" countries. There is no intent to identify any particular country and any similarity with specific real-world events is purely coincidental. To support the goal of this report to provide a case description (and set of scenarios of concern) for international SNF transportation inclusive of as much "real-world" complexity as possible -- without crossing over into politically sensitive or classified information -- this SAND report provides a subject matter expert-validated (and detailed) description of both technical and political influences on the international transportation of spent nuclear fuel.
In response to the expansion of nuclear fuel cycle (NFC) activities -- and the associated suite of risks -- around the world, this project evaluated systems-based solutions for managing such risk complexity in multimodal and multi-jurisdictional international spent nuclear fuel (SNF) transportation. By better understanding systemic risks in SNF transportation, developing SNF transportation risk assessment frameworks, and evaluating these systems-based risk assessment frameworks, this research illustrated interdependency between safety, security, and safeguards risks is inherent in NFC activities and can go unidentified when each "S" is independently evaluated. Two novel system-theoretic analysis techniques -- dynamic probabilistic risk assessment (DPRA) and system-theoretic process analysis (STPA) -- provide integrated "3S" analysis to address these interdependencies and the research results suggest a need -- and provide a way -- to reprioritize United States engagement efforts to reduce global nuclear risks. Lastly, this research identifies areas where Sandia National Laboratories can spearhead technical advances to reduce global nuclear dangers.
ANS IHLRWM 2017 - 16th International High-Level Radioactive Waste Management Conference: Creating a Safe and Secure Energy Future for Generations to Come - Driving Toward Long-Term Storage and Disposal
Transportation of spent nuclear fuel (SNF) is expected to increase in the future, as the nuclear fuel infrastructure continues to expand and fuel takeback programs increase in popularity. Analysis of potential risks and threats to SNF shipments is currently performed separately for safety and security. However, as SNF transportation increases, the plausible threats beyond individual categories and the interactions between them become more apparent. A new approach is being developed to integrate safety, security, and safeguards (3S) under a system-theoretic framework and a probabilistic risk framework. At the first stage, a simplified scenario will be implemented using a dynamic probabilistic risk assessment (DPRA) method. This scenario considers a rail derailment followed by an attack. The consequences of derailment are calculated with RADTRAN, a transportation risk analysis code. The attack scenarios are analyzed with STAGE, a combat simulation model. The consequences of the attack are then calculated with RADTRAN. Note that both accident and attack result in SNF cask damage and a potential release of some fraction of the SNF inventory into the environment. The major purpose of this analysis was to develop the input data for DPRA. Generic PWR and BWR transportation casks were considered. These data were then used to demonstrate the consequences of hypothetical accidents in which the radioactive materials were released into the environment. The SNF inventory is one of the most important inputs into the analysis. Several pressurized water reactor (PWR) and boiling water reactor (BWR) fuel burnups and discharge times were considered for this proof-of-concept. The inventory was calculated using ORIGEN (point depletion and decay computer code, Oak Ridge National Laboratory) for 3 characteristic burnup values (40, 50, and 60 GWD/MTU) and 4 fuel ages (5, 10, 25 and 50 years after discharge). The major consequences unique to the transportation of SNF for both accident and attack are the results of the dispersion of radionuclides in the environment. The dynamic atmospheric dispersion model in RADTRAN was used to calculate these consequences. The examples of maximum exposed individual (MEI) dose, early mortality and soil contamination are discussed to demonstrate the importance of different factors. At the next stage, the RADTRAN outputs will be converted into a form compatible with the STAGE analysis. As a result, identification of additional risks related to the interaction between characteristics becomes a more straightforward task. In order to present the results of RADTRAN analysis in a framework compatible with the results of the STAGE analysis, the results will be grouped into three categories: • Immediate negative harms •Future benefits that cannot be realized •Additional increases in future risk By describing results within generically applicable categories, the results of safety analysis are able to be placed in context with the risk arising from security events.