‘Confessions of a rogue nuclear regulator’: excerpts from the latest book by former US NRC Chief Gregory Jaczko

Courtesy: Barns and Noble

My interest in fire safety was sparked years earlier, when I learned about the 1975 fire at the Browns Ferry nuclear power plant in Tennessee. That fire grew out of routine maintenance work on the buildings that housed the reactor. Despite their formidable size, the containment structures of many nuclear power plants, designed to corral dangerous radiation in the event of an accident, are punctured by vents and ducts. These penetration points are the weak spots that can undermine an otherwise airtight containment shell. A leak in one of these areas is a significant problem.

On March 22, 1975, just a few months after the Nuclear Regulatory Commission officially became the nation’s nuclear safety watchdog, workers at the Browns Ferry plant were doing repairs to some of these penetration seals. They were working in the cable spreading room, a location near the control room that gathers together all the cables that connect to the plant’s various instruments, motors, pumps, and other mechanical and electronic equipment. A fire in this room could disable all those faraway components without even entering those parts of the plant. The Browns Ferry fire did just that.

The workers were searching for a possible leak in the walls separating the reactor from the public. To determine the location of a draft—which could serve as an escape route for dangerous radioactive material—a technician held a candle up to places where there might be holes and watched to see if the flame wiggled in the slight breeze of outward-flowing air. While performing this low-tech examination, the technician held the candle too close to a nearby cable; its insulation started to burn. Over the next several hours, the fire raced along cables like a fuse on a stick of dynamite in a cartoon, taking out not only many of the safety systems of the reactor where the fire occurred, but also those of a second reactor whose cables shared this spreading room. As the fire burned the plastic insulation coating off the cables, the raw metal wire—now exposed—could easily touch other wires, leading to electrical shorts that disabled vital safety equipment.

It took hours for plant engineers and operators to determine how best to arrest the blaze, confusion that wasted precious time and allowed more and more systems to burn. As we all learn as children, water and live electric wires can be a dangerous combination, and so the plant operators feared that water used to douse the flames would react with the exposed wiring of the now-burned cables. Eventually they did use water, and the fire was extinguished, but not before causing significant damage to the plant’s vital systems, despite the fact that the actual fire progressed only a short distance. The primary emergency cooling systems were rendered useless, forcing the plant to shut down for over a year.

The incident alerted the industry and the NRC to the fact that fires could no longer be treated as merely a company problem. They were a public safety threat. This realization led to a comprehensive rewrite of the agency’s fire safety standards—standards that would then go unenforced for decades.

Nothing demonstrates the culture clash in approaches to nuclear regulation more clearly than the efforts to address the Browns Ferry fire. On one side were the traditional nuclear safety standards, “deterministic requirements” setting out lists of rules that must be followed. On the other was a new class of requirements that would be developed later relying on computer models, “risk-informed, performance-based rules.”

The deterministic rules were structured exactly as you would think they should be: you define a set of do’s and don’ts, laying out minimum or maximum performance expectations for reactors and other plant equipment. This makes it simple to differentiate good behavior from bad. The safety authority can easily know whether a plant is in compliance. Deterministic standards are used in everyday life; think of the speed limit on roads. They’re sturdy but inflexible, and so they may lose relevance as knowledge and technology evolve.

Nuclear safety regulators determined these standards in response to a design basis accident: a limited set of accident scenarios they envisioned for what could go wrong. Designers would then develop safety systems to respond to these accidents. Because these scenarios were limited in number, early designers also tried to add in extra protections to address the limitations of the design basis accident approach.

After the Browns Ferry fire, the agency designed a straightforward approach to safeguard plants against a typical fire that could spread throughout the facility, wiping out many systems. The rules were simple, so simple that I could easily remember and recite them. As the Browns Ferry fire showed, the plant’s most vulnerable elements were the power and control cables that ran throughout the building like nerves in the human body. To address this, the new deterministic rules called for separation: keeping combustibles far away from one another. That way a fire confined to one spot might disable some but not all of the safety systems in a plant.

Join discussion: leave a comment