Role of Regulation in Nuclear Plant Safety #5
St. Lucie Unit 1 began operating in 1976. From the beginning, it was required by federal regulations to be protected against flooding from external hazards. After flooding in 2011 led to the meltdown of three reactors at Fukushima Dai-ichi in Japan, the NRC ordered owners to walk down their plants in 2012 to verify conformance with flood protection requirements and remedy all shortcomings. The owner of St. Lucie Unit 1 told the NRC that only one minor deficiency had been identified and it was fixed.
But heavy rainfall in January 2014 flooded the Unit 1 reactor auxiliary building with 50,000 gallons through flood barriers that had been missing since at least 1982. Unit 1 became as wet as the owner’s damp assurances and the NRC’s soggy oversight efforts.
Parade of Flood Protection Promises
Operators achieved the first criticality, or sustained nuclear chain reaction, of the Unit 1 reactor core at the St. Lucie nuclear plant located about miles southeast of Ft. Pierce, Florida at 8:30 am on April 22, 1976. Federal regulations adopted more than five years earlier required the plant to be protected against natural phenomena. The Atomic Energy Commission (AEC), forerunner to today’s Nuclear Regulatory Commission (NRC), issued guidance in August 1973 that explicitly informed nuclear plant owners and applicants that the natural phenomena to be protected against included heavy local precipitation.
En route to the AEC issuing an operating license for Unit 1 on March 1, 1976, the owner submitted a Preliminary Safety Analysis Report and later a Final Safety Analysis Report, now called the Updated Final Safety Analysis Report (UFSAR), describing the design features and operational procedures that demonstrated conformance with all applicable regulatory requirements such as flood protection. The design bases external flood was a Probable Maximum Hurricane (PMH) while the design bases internal flood was the postulated rupture of a 14-inch diameter low pressure safety injection system pipe. The analyses summarized in the UFSAR reported the flooding rates, flooding depths needed to submerge and disable safety components, alarms alerting workers to the flooding situation, and response actions and associated times for workers to intervene and successfully mitigate a flooding event.
In December 1993, the owner submitted an Individual Plant Examination (IPE) of St. Lucie to the NRC in response to the agency’s mandate in Generic Letter 88-20 for an assessment of vulnerabilities to severe accidents. The owner revisited several potential internal flooding scenarios (e.g., postulated rupture of various tanks filled with water or liquid and break of a component cooling water system pipe that drains all 78,000 gallons of water into the reactor auxiliary building). The conclusions were that the scenarios would either not result in flooding damage to safety components or that flood-damaged safety component(s) so unlikely to lead to reactor core damage as to be accepted with no additional protective measures taken.
On March 11, 2011, an earthquake off the coast of Japan triggered a tsunami wave that overwhelmed the protective sea wall at the Fukushima Dai-ichi nuclear plant. The earthquake disabled the offsite electrical power grid for the plant; the tsunami flood waters disabled the backup power supplies. Although the Pacific Ocean was literally a stone’s throw away, the complete loss of electrical power left workers unable to supply cooling water to the reactor cores of the three units that had been operating at the time; all three cores overheated and melted.
Among the reactions by the NRC was a temporary instruction for its inspectors to use to verify whether U.S. reactors were properly protected against earthquake and flooding hazards. The NRC’s inspections supplemented similar efforts voluntarily undertaken by nuclear plant owners. On May 13, 2011, the NRC reported on the inspection conducted at St. Lucie per the post-Fukushima temporary instruction. NRC inspectors reviewed the UFSAR for flooding hazards and associated protective features and response procedures. NRC inspectors reviewed the flood protection walkdowns performed by plant workers and conducted their own walkdowns. The NRC reported “No significant deficiencies were identified.” The report did indicate that workers found one potentially degraded flood barrier, but had initiated paperwork to investigate it further and remedy it as applicable.
On March 12, 2012, the NRC ordered the owners of all operating U.S. nuclear plants to undertake more comprehensive flooding and earthquake walkdowns and re-assessments. The owner of St. Lucie submitted its flooding walkdown report to the NRC on November 27, 2012. The owner stated that “The flooding walkdowns verified that permanent structures, systems, components (SSCs), portable flood mitigation equipment, and the procedures needed to install and or operate them during a flood are acceptable and capable of performing their design function as credited in the current licensing basis” with but one exception—some missing and degraded conduit seals were found in electrical manholes connected to the reactor auxiliary buildings on Unit 1 and Unit 2. The conduits are metal tubes containing electrical cables. The seals fill the gaps where the conduits pass through the reactor auxiliary building’s concrete wall. The owner reported that the configuration had been restored to full compliance with regulatory requirements.
The owner reported to the NRC on December 27, 2012, the results of its evaluation of the missing and degraded conduit seals. The NRC was told that the electrical manholes have 4-inch and 1.5-inch diameter drain lines to the storm water system. In the event of site flooding due to a storm, water could flow through these drain lines into the electrical manholes. When the water filled the manholes to a certain depth, water would flow through the missing and degraded conduit seals into the reactor auxiliary building and disable components needed for safe shutdown of the reactor. The owner reported that the conduit seals had been missing since original construction in the 1970s. This potential hazard no longer existed because the missing and degraded conduit seals had been corrected.
The NRC evaluated the missing and degraded conduit seals reported by the owner via its November 27 and December 27 submittals. On April 25, 2013, the NRC issued its report for its evaluation. The NRC noted:
The licensee’s design basis does not allow for any external leakage into safety-related buildings during a PMH. Unit 1 UFSAR section 3.4.4, states in part, that “All external building penetrations are waterproofed and/or flood protected to preclude the failure of safety related system or component due to external flooding.”
Even though the flood protection deficiency existed for over three decades before being found and fixed, the NRC elected to impose no sanction for violating federal safety regulations.
The NRC reported on July 30, 2013, about additional walkdowns its inspectors made of the Unit 1 and 2 reactor auxiliary buildings. The NRC inspectors also reviewed documents in the owner’s corrective action and work order databases for weather-related problems that could result in site flooding. No problems were found.
Raining on the Promise Parade
On January 9, 2014, it rained on St. Lucie. A culvert in the storm water drain system obstructed by debris caused rain water to pool around the reactor auxiliary building instead of being carried away. Rain water leaked into the reactor auxiliary building via two electrical conduits that lacked the proper flood barriers. A video obtained by UCS via the Freedom of Information Act (FOIA) shows water pouring from an electrical junction box mounted on the inside wall of the Unit 1 reactor auxiliary building. (We don’t have a video of this location before the flood, but we know that it wasn’t nearly as wet and noisy.)
An estimated 50,000 gallons of water flooded Unit 1. Workers periodically manipulated valves to allow flood water to drain into the emergency core cooling system (ECCS) pump room sumps where it was transferred to an outdoor collection tank. Their efforts successfully prevented any safety components from being disabled and Unit 1 continuing operating through the rainfall.
When the dust dried, workers found four other electrical conduits that lacked proper flood barriers. The six conduits passed through the reactor auxiliary building wall below the design bases flood elevation. Consequently, they should have been equipped with flood barriers, but the required barriers had not been provided. These six conduits were not part of the plant’s original design, but had been installed via modifications implemented in 1978 and 1982.
The NRC issued a White finding, the second least serious among its Green, White, Yellow and Red classification scheme, on November 19, 2014, for two violations of regulatory requirements:
[F]rom November 26, 2012, until January 9, 2014, the licensee failed to promptly identify and correct conditions adverse to quality involving missing external flood barriers in the Unit 1 reactor auxiliary building (RAB). Specifically, the licensee performed flooding walkdowns in response to the NRC’s “Request for Information Pursuant to Title 10 of the Code of Federal Regulations 50.54(f)” … and failed to identify missing internal flood barriers on six conduits that penetrated the Unit 1 RAB wall below the design basis external flood elevation. This condition was identified when the site experienced a period of unusually heavy rainfall on January 9, 2014, and approximately 50,000 gallons of water entered the … RAB through two of the six degraded conduits in the ECCS pipe tunnel.
[F]rom 1978 and 1982 until 2014, the licensee failed to translate the design basis associated with external flood protection into specifications, drawings, procedures and instructions. Specifically, permanent change modifications (PCM) 77272, “Primary Water Degassifier and Transfer Pump” and PCM 80105, “Waste Monitor Tank Addition,” implemented in 1978 and 1982 respectively, added six power supply conduits in the emergency core cooling system (ECCS) pipe tunnel that penetrated the Unit 1 RAB wall below the design basis external flood elevation and did not include internal flood barriers to protect safety-related equipment from the effects of a design basis external flood event.
In other words, the owner violated federal regulations in 1978 and 1982 by not providing flood barriers with the installed conduit and re-violated federal regulations in 2012 by not finding the flood barriers missing when commanded by NRC to do so after Fukushima.
In the letter transmitting the White finding to the plant’s owner, NRC noted that the severity of the two violations of federal regulations would normally have also resulted in a $70,000 fine, but explained:
Because your facility has not been the subject of escalated enforcement actions within the last two years, the NRC considered whether credit was warranted for Corrective Action in accordance with the civil penalty assessment process in Section 2.3.4 of the Enforcement Policy. … Therefore, to encourage prompt identification and comprehensive correction of violations, and in recognition of the absence of previous escalated enforcement action, I have been authorized, after consultation with the Director, Office of Enforcement, not to propose a civil penalty in this case.
“Because your facility has not been the subject of escalated enforcement actions within the last two years” is largely because the owner violated federal regulations by not finding, fixing, and reporting the missing flood barriers on the six electrical conduits that factored in the January 9, 2014, flooding event. So, the reason the owner has a clean slate over the past two years is because the owner violated federal regulations two years ago that would otherwise have uncleaned that slate. Who says crime doesn’t pay?
“…to encourage prompt identification and comprehensive correction of violations” ignores a key fact—the NRC does not need to “encourage” owners to do these things. A federal regulation, specifically Appendix B to 10 CFR Part 50, requires owners to find and fix problems in a timely and effective manner. Thus, the NRC does not need to encourage owners; it merely needs to enforce regulatory requirements.
Is the White finding without the usual (and entirely appropriate) $70,000 fine a slap on the wrist of this owner?
I don’t know. But I do know that it is a slap in the face of the many plant owners who took the NRC’s order seriously by doing a thorough job of walking down their plants for flooding and earthquake vulnerabilities and remedying all deficiencies (not just a token one or two).
By “encouraging” owners who perform badly, the NRC is discouraging owners who perform well. It takes time and effort (i.e., MONEY) to do it right and saves time and effort (i.e., MONEY) to do it wrong. The NRC must discourage wrong-doing and encourage right-doing. All the NRC need do is merely enforce its regulations instead of meekly encouraging violators of safety regulations. If the NRC cannot or will not enforce safety regulations, then like Elvis it should leave the building.
For over 30 years, St. Lucie operated without flood barriers it was required by federal regulations to have. After flooding melted three reactors at Fukushima, the NRC ordered St. Lucie’s owner in 2012 to take extra steps to ensure required flood protection measures were adequate. The owner informed the NRC in November 2012 that only one deficiency had been found and it had been remedied. Rainfall in January 2014 revealed several other deficiencies. The owner, once again, claimed that all deficiencies have now been remedied.
Maybe the owner is finally right about flood protection at St. Lucie. Maybe not. What is entirely certain is that St. Lucie is adequately protected against flooding—unless a flood happens. That flood might reveal still more deficiencies for the NRC to “encourage” the owner to promptly find and comprehensively fix (assuming the reactor still hasn’t melted down.)
The only reason this event goes into the “under-regulation” bin is that there are no lower bins for it.
* * *
UCS’s Role of Regulation in Nuclear Plant Safety series of blog posts is intended to help readers understand when regulation played too little a role, too much of an undue role, and just the right role in nuclear plant safety.