UNENE 32 S1

1
Chapter 3 -- Case Studies Lecture 2Accident
Histories - Future Lessons

• Louis Slotin USA
• NRX Canada
• SL-1 USA
• Other reactivity-initiated events Japan
• Close call - ZPR-3 USA

2
Why Study Old Accidents?

• Typical Failure Trend for a New TechnologyRef.
  K.O. Ott and J.F. Marchaterre (1981)

• Accidents are usually highly complex
• Most designs obey single failure rule
• High component of human factors
• Lessons learned for future designs
• Humility

3
A Learning Experience?? Ref. Meneley (1982)
Three Mile Island Accident
UFM - unidentified failure mode IFM - Identified
failure mode
New UFM?
Failures per Unit-Year
UFM
Metal Fatigue, or Mental Fatigue?
IFM
Year
Present Time
4
Subcritical Initial State(e.g. ref. Slotin
experiment, NRX, SL-1, JCO, etc.)
5
Characteristics of a Subcritical Reactor

• It is sleeping -- i.e. innocent, cool, inactive
• Detectors are insensitive, and indications of a
  near-to-critical state are not very obvious
• It is VERY dangerous if it is nearly critical
• This is the reason for the guaranteed shutdown
  state
• This is the reason for discouraging fuelling
  during shutdown
• This is the reason for requiring poised safety
  systems during shutdown conditions

6
The Louis Slotin Experiment

• At Los Alamos, they called it tickling the
  dragons tail.
• Louis (from Winnipeg) had done this experiment
  many times before.
• On May 21, 1946 he made a small mistake -- a
  screwdriver slipped
• Things went wrong -- and he died nine days later.
• SEE THE DEMONSTRATION
• This provides LESSON 2 in reactor safety - what
  is it?
• Technical lesson - maintain control at all times
  --and backups are good.
• Human lesson - we are at least half of the
  problem.

7
Re-Enactment of Slotin Experiment
8
National Research Experimental -- NRXFirst
critical July 22, 1947
9
NRX Elevation View Channel X-Section
10
The NRX AccidentChalk River, Ontario, December
12, 1952

• A reactivity accident occurred during reactor
  startup
• What went wrong, and why? Compare different
  accounts.
• What can we learn?
• What lessons from this event are still
  remembered in todays safety procedures?

11
NRX Accident Sequence -1
12
NRX Accident Sequence - 2
13
NRX Accident Sequence - 3
14
NRX Accident Sequence - 4

• Cooling flow to experimental rods reduced one
  was air cooled
• Rods raised earlier in error did not drop when
  error was corrected
• Reactivity reached 6 mk. positive due to
  removal of safeguard
• bank power reached 100kW in 20 sec. and 17 MW
  at 30 sec.
• Voiding of low-flow channels suddenly added
  another 2.5 mk
• Moderator dump started at 45 sec.
• Peak power 80-90 MW at 49 sec. Rapidly
  decreased to low level
• at 70 sec.

15
NRX Human Errors
16
NRX Human Errors (Continued)
17
NRX -- Consequence

• Several fuel channels damaged
• Some fuel melting
• Heavy contamination in the building
• No worker injuries
• No significant public dose
• Calandria removed, buried, replaced
• After refurbishment, NRX operated until April 08,
  1994

18
NRX -- Lessons Learned

• Safeguard bank -- to be poised (ready to
  operate) at all times
• Loss of confidence in rods
• Large clearances, simple design, fail-safe
• Separation of control safety systems
• Eventually, redundant shutdown systems

19
The SL-1 AccidentNational Reactor Testing
Station, Idaho, January 3, 1961

• Reactivity accident from subcritical conditions.
  Reactor was intended to supply electricity and
  space heating for remote US Army bases, at a
  thermal power of 3 MW.
• Peak thermal power during transient was 10,000
  MW, energy release was 130 MW.s.
• First indication of trouble came from personnel
  gamma monitors, 1.5 km
• Three operators were killed by the explosion
• What went wrong, and why? What can we learn?
  What do we remember about the accident?

20
SL-1 General LayoutUS Army developed this
concept electricity and heating at remote sites
Why not use the USN reactor design?
Reactor
Operator
21
SL-1Elevation View
22
SL-1 Core PlanCore was 90 cm square, 35 cm high
23
SL-1 Accident Chronology
24
SL-1 Lessons Learned

• Single rod rule
• Limits on rod withdrawal speed
• Inherent fast feedback required in reactors where
  rapid positive insertion is possible
• Human factors / maintenance

25
JCO Uranium Processing Plant, Tokai,
JapanSeptember 30, 1999

• Information at ltwww.inea.org.brgt - Newsletter
  Publications - Consequences and Causes.
• Workers were preparing batches of uranyl nitrate
  solution in a tank, and grossly exceeded the
  amount of uranium allowed in the tank at one
  time.
• The tank solution went super-critical. One
  worker died.
• Investigate this accident

26
JCO Processes
Operations became progressively more lax over a
period of years. Criticality was reached in the
precipitation tank - overloaded. Rapid pulse
followed by slow reaction - for 20
hours Criticality terminated by draining cooling
water jacket, to reduce neutron reflection Total
fissions 2.5 x 10E18, or 100 MWsec
27
JCO Accident Causes ad Remedies

• Direct cause - addition of Uranyl nitrate in the
  amount of 16.6 kg into a tank not designed to
  prevent criticality
• Contributors (in brief)
• Inappropriate procedure-batch was too large
• Operators performed operations exceeding batch
  limit of 2.4 kgU
• Tech management failed to provide or enforce
  proper procedures
• Company did not enforce special control measures
  in this (rare) operation
• Licensing did not review the operations in detail
  - as necessary in criticality cases
• Safety regulations did not specify periodic
  inspection of operations
• Recommendations of this review mainly
  concentrated on strenthening of the regulations,
  enforcement, and training.

28
Eight Antinomies(Conclusions of the Chairman,
JCO Accident Investigation Committee)

• If safety increases, efficiency decreases
• If regulations are reinforced, creativity is
  lost
• If surveillance is reinforced, spirit declines
• If manuals are introduced, self-management is
  lost
• If fool-proof measures are implemented, the level
  of skills decreases
• If responsibilities are centered on a key person,
  the group loses concentricity
• If responsibilities are too strict, cover-ups
  result
• If information disclosure is promoted, situation
  becomes too conservative.

29
Central Finding and ConclusionJCO Committee
Chairman

• AUTHORITY AND RESPONSIBILITY WERE NOT PROPERLY
  ASSIGNED
• CLEAR ALLOCATION OF AUTHORITY AND CORRESPONDING
  RESPONSIBILITY WITHIN MANAGEMENT STRUCTURES IS
  ESSENTIAL TO ACHIEVEMENT OF SAFE OPERATIONS OF
  THE NUCLEAR INDUSTRY

30
Memory Aid for Safety Managers The Organization
Tree -- from Masao Nozawa

• If you work near the trunk of the tree you must
  be strong -- flexible, but not too flexible.
• If you work near the trunk of the tree you must
  be aware of the organizations roots and the
  sources of its strength and needs of the whole
  tree.
• If your job is to support the tree as staff you
  must accept this as a service role.
• If you work part way up the tree you must be
  aware of your duty to support the branches above
  and to carry out the policies given from below
• If you work near the top of the tree you must be
  aware of your duty to to grow, and of your
  inter-dependence with those below you in the tree.

31
Close Call -- Zero Power Reactor 3National
Reactor Testing Station, Idaho, 1964

• Critical assembly experiments for US fast reactor
  program
• One-half of ZPR 3 slid on a horizontal track, to
  ensure that it remained subcritical during
  loading. Criticality was achieved by moving two
  halves of reactor together slowly, then
  withdrawing safety rods
• Shutdown via fast-acting rods (poised during
  loading).
• Independent shutdown action via large scram
  motor mounted on the movable track.
• Motor was 3-phase, and it was powered from site
  power lines -- these were long. Many other
  intermittent loads on these lines. Phase
  reversal was a common transient condition.
• If phase-reversal had occurred coincident with a
  scram demand, the reactor halves would have
  been slammed TOGETHER rather than being
  separated.
• Had that happened this lecture would have been
  presented by someone else. What was the combined
  probability?