The 1975 fire at Browns Ferry prompted the US Nuclear Regulatory Commission (NRC) to develop new fire safety standards. One major result was the (voluntary) National Fire Protection Association (NFPA) Standard 805 for Light-Water Reactor plants. That shifted the stress from regulation to fire probabilistic risk assessments (PRAs), introducing new best practice into the industry. This practice has spread outside the US, providing a serious check of nuclear power plant safety risks.
Evaluating the risks
NFPA Standard 805 aims to improve safety by focusing resources on risk-significant issues, with less attention given to low-risk issues to reduce bureaucracy. NFPA 805 aims to assess the overall accident risks quantitatively. It describes the fundamental fire design requirements, and sets performance-based goals, objectives and criteria for safety and radioactive release.
All improvements need piloting, and NFPA 805 was piloted by Progress Energy at its Shearon-Harris plant, and by Duke Energy at Oconee. The overall approach broadly follows the evaluate, plan, do, check, amend / adopt cycle.
An evaluation uses fire risk audits to highlight the critical points. Fire event trees effectively model the fire sources, protection measures and safety systems. Failure models predict the speed of spread of a fire and its effects, with the predicted frequency of failures affecting the relative weights of event paths.
Fire safety is optimised by modifying event paths, fire protection measures and their parameters. Safety contractors like Westinghouse can help by demonstrating fire modelling at nuclear facilities in the US and elsewhere.
They can generate model input files and calculate fire parameters (non-suppression probability, severity factor, frequency and so on).
The evaluation needs good fire history information, and has to be translated into a system design that prevents fires.
Plants must be safely zoned, for example, with fire barriers (there has been much development in fire-resistant coatings and barrier materials) and suppression measures. There must be fast reaction to detect and contain the effects of leaks and fires.
Active detection can bring fast reaction
The front line of the system is the fire sensor, and fire sensors can now give alarms hours earlier than older ones. Traditional fire protection systems like point detectors and beam detectors have their disadvantages. Point detection systems are passive, waiting for smoke to enter the detection chamber before responding. Along with beam detectors, they often have low sensitivity and are ineffective when smoke is diluted in large open spaces or by air movement. They can also be subject to false alarms and need a lot of maintenance.
High Sensitivity Smoke Detection (HSSD) and Very Early Smoke Detection Apparatus (VESDA) systems detect smoke at the earliest possible stage. HSSDs are particularly needed in computer and clean rooms, turbine halls, areas where there is already high pollution, and spaces that are hard to access like buildings floor voids, atria and buildings with high roofs. A wide range of sensitivities means that they can be used in different areas, and they have different response procedures as the smoke level rises. These could be activating a pager, general alarm, evacuate the building and/or contacting the fire services.
Xtralis specialises in VESDA ASD (aspirating smoke detection) systems that continually sample the air, looking for fires throughout a building. They can give several hours warning. A typical VESDA system has a number of small bore pipes across a ceiling (for example) with a matrix of holes as sampling points. Air is drawn into the pipe by the fan, where a central detector uses light scattering to analyse for the presence of smoke. The system reports to fire and/or building management systems.
Preventing fires by design
System redundancy with fast switchover helps prevent failures, including fire-induced circuit faults, from affecting operations. Computer systems need redundancy, as do communication systems.
Large amounts of steel in many buildings make radio communication difficult in an emergency, so hard-wired and fire-resistant emergency voice communication systems (EVAC) should help evacuate people quickly. A fire-isolated control building must be able to shut down the reactor. All need reliable (hydroelectric or diesel generator, for example) emergency power.
Automating systems reduces the chance of manual error (a common cause of problems during incidents). The design must however specify who will respond when an alarm is activated (also when buildings are unoccupied), and false alarms need to be eradicated or people will lose trust. Fire safety, security, and building systems need to interoperate. They need to be scalable, with best practice easily replicated across sites. Risks need to be handled end-to-end, including remote facilities and networks. Incident responses need to be co-ordinated with national agencies.
Systems – particularly IT systems – of course need close monitoring and fast reaction to attacks. The disturbing recent Stuxnet worm targets SCADA (Supervisory Control and Data Acquisition) systems. It attacked Windows software, reprogrammed Siemens PLCs, and hid the changes. The worm seems to have been spread on USB flash drives and across private networks, and seems to have been mainly targeted at Iran. Iran itself believes it was intended to slow down or sabotage the uranium enrichment facility at Natanz. The worm ended up infecting almost 100,000 computers worldwide, and signalled a whole new layer of required security for nuclear plants across the world.
Operation, maintenance and upgrades
Once installed and commissioned, the key safety actions fall under operation / training, maintenance and upgrades.
The whole workforce needs to know the importance of good housekeeping and how to spot hazards. Cleaning strategies can prevent build up of combustible dust, rubbish and spills. Some areas are easy to neglect – particularly hidden areas like cable trays.
Regular maintenance is critical, particularly for avoiding human errors such as installing equipment incorrectly, making repairs with the wrong parts, neglecting to fully test backup systems, and not following procedures.
Maintenance can be particularly difficult where detectors are hard to access, or become contaminated in hazardous and dirty environments.
Unlike other fossil-fuelled plants, most of the world’s nuclear plants date from the 1970s and 1980s. Many are coming up for modernisation, and new control systems and turbines can raise power outputs by 100MW or more. That can generate extra revenue to pay for fire security upgrades, and is as good an opportunity as operators will get to improve fire safety and security.