Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

The ADAPT software allows for the examination of aleatory and epistemic uncertainties in complex system transients using the Dynamic Event Tree (DET) methodology. This manual outlines the principles of operation of ADAPT and provides directions for its use. Future plans for the code are briefly outlined.

The consequences of a transient in an advanced sodium-cooled fast reactor are difficult to capture with the traditional approach to probabilistic risk assessment (PRA). Numerous safety-relevant systems are passive and may have operational states that cannot be represented by binary success or failure. In addition, the specific order and timing of events may be crucial which necessitates the use of dynamic PRA tools such as ADAPT. The modifications to the SAS4A/SASSYS-1 sodium-cooled fast reactor safety analysis code for linking it to ADAPT to perform a dynamic PRA are described. A test case is used to demonstrate the linking process and to illustrate the type of insights that may be gained with this process. Newly-developed dynamic importance measures are used to assess the significance of reactor parameters/constituents on calculated consequences of initiating events.

This paper explores the viability of using counterfactual reasoning for impact analyses when understanding and responding to "beyond-design-basis" nuclear power plant accidents. Currently, when a severe nuclear power plant accident occurs, plant operators rely on Severe Accident Management Guidelines. However, the current guidelines are limited in scope and depth: for certain types of accidents, plant operators would have to work to mitigate the damage with limited experience and guidance for the particular situation. We aim to fill the need for comprehensive accident support by using a dynamic Bayesian network to aid in the diagnosis of a nuclear reactor's state and to analyze the impact of possible response measures. The dynamic Bayesian network, DBN, offers an expressive representation of the components and relationships that make up a complex causal system. For this reason, and for its tractable reasoning, the DBN supports a functional model for the intricate operations of nuclear power plants. In this domain, it is also pertinent that a Bayesian network can be composed of both probabilistic and knowledge-based components. Though probabilities can be calculated from simulated models, the structure of the network, as well as the value of some parameters, must be assigned by human experts. Since dynamic Bayesian network-based systems are capable of running better-than-real-time situation analyses, they can support both current event and alternate scenario impact analyses.

Dynamic probabilistic risk assessment (DPRA) methodologies and the dynamic event tree (DET) methodology specifically allow traditional PRA to be complemented by insights into time-dependent behavior. The ADAPT DET driver has been enhanced recently to provide greater capability to generate DETs and analyze results. The functions that ADAPT uses to gather and present output data have been standardized and enhanced with the goal of automating as much of the process as feasible while remaining simulator and technology agnostic. These individual enhancements come together to reduce the burden on the analyst and allow insights to be discovered more quickly. A recent goal has been the use of ADAPT on high performance computing (HPC) platforms. The number and granularity of treatment of uncertain parameters in a DET may lead to a state space explosion unless DETs are truncated (e.g., using a probability threshold) which may make the complete DET to be infeasible to run on local machines or small computer clusters. Progress can be greatly accelerated by using the large capacity of HPCs. A scheme is presented by which ADAPT gains the capability to distribute jobs to an HPC and retrieve the results seamlessly alongside other types of computation hosts.

Containment bypass scenarios in nuclear power plants can lead to large early release of radionuclides. A residual heat removal (RHR) system interfacing system loss of coolant accident (ISLOCA) has the potential to cause a hazardous environment in the auxiliary building, a loss of coolant from the primary system, a pathway for early release of radionuclides, and the failure of a system important to safely shutting down the plant. Prevention of this accident sequence relies on active systems that may be vulnerable to cyber failures in new or retrofitted plants with digital instrumentation and control systems. RHR ISLOCA in a hypothetical pressurized water reactor is analyzed in a dynamic framework to evaluate the time-dependent effects of various uncertainties on the state of the nuclear fuel, the auxiliary building environment, and the release of radionuclides. The ADAPT dynamic event tree code is used to drive both the MELCOR severe accident analysis code and the RADTRAD dose calculation code to track the progression of the accident from the initiating event to its end states. The resulting data set is then mined for insights into key events and their impacts on the final state of the plant and radionuclide releases.

Sodium Fast Reactors (SFRs) have an extensive operational history that can be leveraged to accelerate the licensing process for modern designs. Sandia National Laboratories (SNL) has recently reconstituted the United States SFR data from the Centralized Reliability Database Organization (CREDO) into a new modern database called the Sodium (Na) System Component Reliability Database (NaSCoRD). This new database is currently undergoing validation and usability testing to better understand the strengths and limitations of this historical data. The most common class of equipment found in the NaSCoRD database are valves. NaSCoRD contains a record of over 4,000 valves that have operated in EBR-II, FFTF, and test loops including those operated by Westinghouse and the Energy Technology Engineering Center. Valve failure events in NaSCoRD can be categorized by working fluid (e.g., sodium, water, gas), valve type (e.g., butterfly, check, throttle, block), failure mode (e.g., failure to open, failure to close, rupture), operating facility, operating temperature, or other user defined categories. Sodium valve reliability estimates will be presented in comparison to estimates provided in historical studies. The impacts of EG&G Idaho’s suggested corrections and various prior distributions on these reliability estimates will also be presented.

Two sodium spray fire experiments performed by Sandia National Laboratories (SNL) were used for a code - to - code comparison between CONTAIN - LMR and SPHINCS. Both computer codes are used for modeling sodium accidents in sodium fast reactors. The comparison between the two codes provides insights into the ability of both codes to model sodium spray fires. The SNL T3 and T4 experiments are 20 kg sodium spray fires with sodium spray temperature s of 200 deg C and 500 deg C, respe ctively. Given the relatively low sodium temperature in the SNL T3 experiment, the sodium spray experienced a period of non - combustion. The vessel in the SNL T4 experiment experienced a rapid pressurization that caused of the instrumentation ports to fail during the sodium spray. Despite these unforeseen difficulties, both codes were shown in good agreement with the experiment s . The subsequent pool fire that develops from the unburned sodium spray is a significant characteristic of the T3 experiment. SPHIN CS showed better long - term agreement with the SNL T3 experiment than CONTAIN - LMR. The unexpected port failure during the SNL T4 experiment presented modelling challenges. The time at which the port failure occurred is unknown, but is believed to have occur red at about 11 seconds into the sodium spray fire. The sensitivity analysis for the SNL T4 experiment shows that with a port failure, the sodium spray fire can still maintain elevated pressures during the spray.

Instrumentation and control of nuclear power is transforming from analog to modern digital assets. These control systems perform key safety and security functions. This transformation is occurring in new plant designs as well as in the existing fleet of plants as the operation of those plants is extended to 60 years. This transformation introduces new and unknown issues involving both digital asset induced safety issues and security issues. Traditional nuclear power risk assessment tools and cyber security assessment methods have not been modified or developed to address the unique nature of cyber failure modes and of cyber security threat vulnerabilities. iii This Lab-Directed Research and Development project has developed a dynamic cyber-risk in- formed tool to facilitate the analysis of unique cyber failure modes and the time sequencing of cyber faults, both malicious and non-malicious, and impose those cyber exploits and cyber faults onto a nuclear power plant accident sequence simulator code to assess how cyber exploits and cyber faults could interact with a plants digital instrumentation and control (DI&C) system and defeat or circumvent a plants cyber security controls. This was achieved by coupling an existing Sandia National Laboratories nuclear accident dynamic simulator code with a cyber emulytics code to demonstrate real-time simulation of cyber exploits and their impact on automatic DI&C responses. Studying such potential time-sequenced cyber-attacks and their risks (i.e., the associated impact and the associated degree of difficulty to achieve the attack vector) on accident management establishes a technical risk informed framework for developing effective cyber security controls for nuclear power.

Abstract not provided.

This report was written as part of a United States Department of Energy (DOE), Office of Nuclear Energy, Advanced Reactor Technologies program funded project to re-create the capabilities of the legacy Centralized Reliability Database Organization (CREDO) database. The CREDO database provided a record of component design and performance documentation across various systems that used sodium as a working fluid. Regaining this capability will allow the DOE complex and the domestic sodium reactor industry to better understand how previous systems were designed and built for use in improving the design and operations of future loops. The contents of this report include: overview of the current state of domestic sodium reliability databases; summary of the ongoing effort to improve, understand, and process the CREDO information; summary of the initial efforts to develop a unified sodium reliability database called the Sodium System Component Reliability Database (NaSCoRD); and explain both how potential users can access the domestic sodium reliability databases and the type of information that can be accessed from these databases.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

It is difficult to assess the consequences of a transient in a sodium-cooled fast reactor (SFR) using traditional probabilistic risk assessment (PRA) methods, as numerous safety-related sys- tems have passive characteristics. Often there is significant dependence on the value of con- tinuous stochastic parameters rather than binary success/failure determinations. One form of dynamic PRA uses a system simulator to represent the progression of a transient, tracking events through time in a discrete dynamic event tree (DDET). In order to function in a DDET environment, a simulator must have characteristics that make it amenable to changing physical parameters midway through the analysis. The SAS4A SFR system analysis code did not have these characteristics as received. This report describes the code modifications made to allow dynamic operation as well as the linking to a Sandia DDET driver code. A test case is briefly described to demonstrate the utility of the changes.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Accident scenarios in nuclear power plants that bypass containment have the potential for large and early releases of radionuclides. They are typically guarded against using means such as redundant valves arranged in series and interlocks for systems that interface with the high pressure reactor coolant system. Some of these preventative arrangements rely on active systems that may fail in unique ways with the introduction of digital instrumentation and control. A hypothetical scenario in a pressurized water reactor plant is examined in which the digital controllers for the residual heat removal system intake valves are subjected to a common cause failure. This failure may cause simultaneous unintended valve opening while the reactor is at power, which has the potential to overpressurize and damage piping in the residual heat removal system and cause a leak of primary system water past containment into the auxiliary building (interfacing system loss of coolant accident). If the controllers are in a persistent fault condition, plant personnel will have to traverse the potentially contaminated auxiliary building to override at least one controller and close its associated valve. A dynamic case is assembled and run using the ADAPT dynamic event tree driver and the MELCOR severe accident analysis code in which uncertainties in the progression of the accident as well as mitigating operator actions are explored for an interfacing systems loss of coolant accident initiator. The results are assessed using recently-developed tools to gain insight into the likely outcomes and key events.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Calibration is the process of using experimental data to gain more precise knowledge of simulator inputs. This process commonly involves the use of Markov-chain Monte Carlo, which requires running a simulator thousands of times. If we can create a faster program, called an emulator, that mimics the outputs of the simulator for an input range of interest, then we can speed up the process enough to make it feasible for expensive simulators. To this end, we implement a Gaussian-process emulator capable of reproducing the behavior of various long-running simulators to within acceptable tolerance. This fast emulator can be used in place of a simulator to run Markov-chain Monte Carlo in order to calibrate simulation parameters to experimental data. As a demonstration, this emulator is used to calibrate the inputs of an actual simulator against two sodium-fire experiments.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Accident management is an important component to maintaining risk at acceptable levels for all complex systems, such as nuclear power plants. With the introduction of passive, or inherently safe, reactor designs the focus has shifted from management by operators to allowing the system's design to take advantage of natural phenomena to manage the accident. Inherently and passively safe designs are laudable, but nonetheless extreme boundary conditions can interfere with the design attributes which facilitate inherent safety, thus resulting in unanticipated and undesirable end states. This report examines an inherently safe and small sodium fast reactor experiencing a variety of beyond design basis events with the intent of exploring the utility of a Dynamic Bayesian Network to infer the state of the reactor to inform the operator's corrective actions. These inferences also serve to identify the instruments most critical to informing an operator's actions as candidates for hardening against radiation and other extreme environmental conditions that may exist in an accident. This reduction in uncertainty serves to inform ongoing discussions of how small sodium reactors would be licensed and may serve to reduce regulatory risk and cost for such reactors.

Sandia National Laboratories (SNL) has conducted an uncertainty analysi s (UA) on the Fukushima Daiichi unit (1F1) accident progression wit h the MELCOR code. Volume I of the 1F1 UA discusses the physical modeling details and time history results of the UA. Volume II of the 1F1 UA discusses the statistical viewpoint. The model used was developed for a previous accident reconstruction investigation jointly sponsored by the US Department of Energy (DOE) and Nuclear Regulatory Commission (NRC). The goal of this work was to perform a focused evaluation of uncertainty in core damage progression behavior and its effect on key figures - of - merit (e.g., hydrogen production, fraction of intact fuel, vessel lower head failure) and in doing so assess the applicability of traditional sensitivity analysis techniques .

Abstract not provided.

Severe accidents pose unique challenges for nuclear power plant operating crews, including limitations in plant status information and lack of detailed diagnosis and response planning support. Simulation-based PRA provides an opportunity to garner detailed insight into severe accidents; this insight has implications for both HRA and accident management. In this work, we present a framework leveraging simulation-based PRA methods to provide real-time diagnostic support for nuclear power plant operators during severe accidents. This paper presents a prototype model for diagnosing reactor system states associated with loss of flow and transient overpower accidents after an earthquake in a generic Sodium Fast Reactor. We discuss a vision for using this framework to enhance human performance and modelling.

Accident management is an important component to maintaining risk at acceptable levels for all complex systems, such as nuclear power plants. With the introduction of self - correcting, or inherently safe, reactor designs the focus has shifted from management by operators to allowing the syste m's design to manage the accident. While inherently and passively safe designs are laudable, extreme boundary conditions can interfere with the design attributes which facilitate inherent safety , thus resulting in unanticipated and undesirable end states. This report examines an inherently safe and small sodium fast reactor experiencing a beyond design basis seismic event with the intend of exploring two issues : (1) can human intervention either improve or worsen the potential end states and (2) can a Bayes ian Network be constructed to infer the state of the reactor to inform (1). ACKNOWLEDGEMENTS The author s would like to acknowledge the U.S. Department of E nergy's Office of Nuclear Energy for funding this research through Work Package SR - 14SN100303 under the Advanced Reactor Concepts program. The authors also acknowledge the PRA teams at A rgonne N ational L aborator y , O ak R idge N ational L aborator y , and I daho N ational L aborator y for their continue d contributions to the advanced reactor PRA mission area.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Probabilistic Risk Assessment (PRA) is the primary tool used to risk-inform nuclear power regulatory and licensing activities. Risk-informed regulations are intended to reduce inherent conservatism in regulatory metrics (e.g., allowable operating conditions and technical specifications) which are built into the regulatory framework by quantifying both the total risk profile as well as the change in the risk profile caused by an event or action (e.g., in-service inspection procedures or power uprates). Dynamical Systems (DS) analysis has been used to understand unintended time-dependent feedbacks in both industrial and organizational settings. In dynamical systems analysis, feedback loops can be characterized and studied as a function of time to describe the changes to the reliability of plant Structures, Systems and Components (SSCs). While DS has been used in many subject areas, some even within the PRA community, it has not been applied toward creating long-time horizon, dynamic PRAs (with time scales ranging between days and decades depending upon the analysis). Understanding slowly developing dynamic effects, such as wear-out, on SSC reliabilities may be instrumental in ensuring a safely and reliably operating nuclear fleet. Improving the estimation of a plant's continuously changing risk profile will allow for more meaningful risk insights, greater stakeholder confidence in risk insights, and increased operational flexibility.

Abstract not provided.

This report overviews crosscutting regulatory topics for nuclear fuel cycle facilities for use in the Fuel Cycle Research & Development Nuclear Fuel Cycle Evaluation and Screening study. In particular, the regulatory infrastructure and analysis capability is assessed for the following topical areas: Fire Regulations (i.e., how applicable are current Nuclear Regulatory Commission (NRC) and/or International Atomic Energy Agency (IAEA) fire regulations to advance fuel cycle facilities) Consequence Assessment (i.e., how applicable are current radionuclide transportation tools to support risk-informed regulations and Level 2 and/or 3 PRA) While not addressed in detail, the following regulatory topic is also discussed: Integrated Security, Safeguard and Safety Requirement (i.e., how applicable are current Nuclear Regulatory Commission (NRC) regulations to future fuel cycle facilities which will likely be required to balance the sometimes conflicting Material Accountability, Security, and Safety requirements.)

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Expert panels comprised of subject matter experts identified at the U.S. National Laboratories (SNL, ANL, INL, ORNL, LBL, and BNL), universities (University of Wisconsin and Ohio State University), international agencies (IRSN, CEA, JAEA, KAERI, and JRC-IE) and private consultation companies (Radiation Effects Consulting) were assembled to perform a gap analysis for sodium fast reactor licensing. Expert-opinion elicitation was performed to qualitatively assess the current state of sodium fast reactor technologies. Five independent gap analyses were performed resulting in the following topical reports: (1) Accident Initiators and Sequences (i.e., Initiators/Sequences Technology Gap Analysis), (2) Sodium Technology Phenomena (i.e., Advanced Burner Reactor Sodium Technology Gap Analysis), (3) Fuels and Materials (i.e., Sodium Fast Reactor Fuels and Materials: Research Needs), (4) Source Term Characterization (i.e., Advanced Sodium Fast Reactor Accident Source Terms: Research Needs), and (5) Computer Codes and Models (i.e., Sodium Fast Reactor Gaps Analysis of Computer Codes and Models for Accident Analysis and Reactor Safety). Volume II of the Sodium Research Plan consolidates the five gap analysis reports produced by each expert panel, wherein the importance of the identified phenomena and necessities of further experimental research and code development were addressed. The findings from these five reports comprised the basis for the analysis in Sodium Fast Reactor Research Plan Volume I.

This report proposes potential research priorities for the Department of Energy (DOE) with the intent of improving the licensability of the Sodium Fast Reactor (SFR). In support of this project, five panels were tasked with identifying potential safety-related gaps in available information, data, and models needed to support the licensing of a SFR. The areas examined were sodium technology, accident sequences and initiators, source term characterization, codes and methods, and fuels and materials. It is the intent of this report to utilize a structured and transparent process that incorporates feedback from all interested stakeholders to suggest future funding priorities for the SFR research and development. While numerous gaps were identified, two cross-cutting gaps related to knowledge preservation were agreed upon by all panels and should be addressed in the near future. The first gap is a need to re-evaluate the current procedures for removing the Applied Technology designation from old documents. The second cross-cutting gap is the need for a robust Knowledge Management and Preservation system in all SFR research areas. Closure of these and the other identified gaps will require both a reprioritization of funding within DOE as well as a re-evaluation of existing bureaucratic procedures within the DOE associated with Applied Technology and Knowledge Management.

Abstract not provided.