UCS White House presentation
by David Lochbaum of Union of Concerned Scientists
(posted on greenspun.com : LUSENET : Electric Utilities and Y2K July 07, 1999)
Good afternoon. Thank you for this opportunity to present our views on this important safety matter.
My name is David Lochbaum. I have been the Nuclear Safety Engineer for the Union of Concerned Scientists since October 1996. Prior to joining UCS, I worked as a nuclear engineer in the US commercial nuclear power industry for over 17 years.
For more than a quarter century, UCS has been concerned about safety levels at US nuclear power plants because of the inherent dangers of the light water reactors. We are convinced that the Nuclear Regulatory Commission is doing an unacceptable job of protecting the American public from the Y2K safety hazard.
What happens if Y2K, or any other problem, triggers an accident at a US nuclear power plant?
The Sandia National Laboratory, in a report released on November 1, 1982, by the US House of Representatives Subcommittee on Oversight & Investigations, estimated an accident at the Calvert Cliffs nuclear plant in Maryland while it is running could produce 5,600 fatalities within a year, 23,000 additional cancer deaths after one year, and cost $90 billion (in 1980 dollars).
The Brookhaven National Laboratory, in report released in August 1997 by the Nuclear Regulatory Commission, estimated an accident at a plant like Calvert Cliffs after being shut down for 3 * years could produce 29 fatalities within a year, 33,200 additional cancer deaths after one year, and cost $186 billion.
These national laboratory studies illustrate that an accident at a nuclear power plant has extremely grave consequences whether that plant is running or not.
The worst US nuclear power plant accident occurred at Three Mile Island near Harrisburg, Pennsylvania. An equipment problem interrupted the plant's feedwater flow. Emergency systems automatically started to compensate for the loss. Unfortunately, operators in the control room relied on a false indication of plant conditions and turned the emergency systems off. Within two hours, the irradiated fuel in the reactor core overheated and partially melted. Nearly 150,000 people evacuated their homes.
Y2K can start any US nuclear power plant down the Three Mile Island pathway. The feedwater system at every nuclear power plant in the United States is Y2K vulnerable. Many of these systems use embedded chips and/or digital controls. All of these systems require the electrical grid to be available. Y2K can directly disable the feedwater system or it can indirectly disable the system by knocking out the electrical grid.
As at Three Mile Island, emergency systems would automatically start upon failure of the feedwater system. These emergency systems can cool the reactor, but only if the operators allow them to function. The computer systems used by the operators to monitor plant conditions during much of their training and virtually all of their daily activities are susceptible to Y2K failures. Deprived of their normal method of monitoring plant conditions, the operators may not be able to get the necessary information from backup sources accurately and timely. Therefore, they might repeat the mistake made at Three Mile Island and turn the emergency systems off.
I realize that this scenario strings together a few "ifs" to paint a gloomy picture. But it is not an inconceivable string of "ifs" after all, it has already happened once in this country. In addition, this scenario is only one among several Y2K scenarios that start nuclear plants down the road toward an accident. The US has 103 operating nuclear power plants. A Y2K success rate of 75, 85, or even 95 percent will be unacceptable. One hundred percent of the plants must avoid a Y2K-triggered accident.
Unfortunately, the Nuclear Regulatory Commission is doing a bad job of ensuring that nuclear power plants will be ready for the new millennium. NRC inspectors conducted audits of Y2K preparations at nuclear power plants. Their very sincere efforts have been a huge waste of time. The inspectors have been told what to examine, but they have not been provided acceptance criteria. Therefore, these audits which are more precisely termed sightseeing tours cannot determine if the nuclear plants meet minimum safety standards.
The NRC's Y2K performance really is truly that bad. NRC inspectors went to the Brunswick nuclear plant in North Carolina and learned that the plant's owner relied exclusively on certifications by companies supplying its hardware and software. Brunswick did no testing when it had a piece of paper saying that a computer system was Y2K compliant. The NRC inspectors then traveled to the Salem nuclear plant in New Jersey. At Salem, the plant owner tested some of the hardware and software that had been certified to be Y2K compliant. Some of the certified systems flunked the tests.
The NRC knows that some nuclear plant owners are relying heavily on paperwork instead of testing. The NRC has documentation that this paperwork cannot always be trusted. The NRC is not unhappy about this situation. Why? Because in the NRC's eyes, no nuclear plant can be below Y2K minimum standards because there are no standards defined. Everyone passes an NRC test because there is no answer key.
Another troubling sign is the NRC's treatment of three petitions for Y2K expedited rulemaking submitting by the Nuclear Information and Resource Service (NIRS) last December. The NRC told NIRS that they'd have a response to their petitions by the end of April, then the end of May, and then the end of June. NIRS has yet to receive the NRC's response. The NRC's foot-dragging on this national safety issue is inexcusable.
We urge you to induce the Nuclear Regulatory Commission an executive branch agency to establish clearly defined minimum standards for Y2K and ensure that all plants meet or exceed those standards. A 99 percent success rate in avoiding a Y2K-triggered accident means that one nuclear plant somewhere in the United States may be checking Sandia or Brookhaven's body count estimates.
Hi - don't recall this info being posted before (I don't have
time to read
everything that comes down the pike), but I was concerned that I saw
nothing on Y2K and nuclear problems in the most recent publication of the
Union of Concerned Scientists, so emailed them and got this response. If
attachments don't come through, and you want them, let me know - though it
looks like you can get them from their website www.nirs.org.
- Wanda <email@example.com>
>Date: Mon, 14 Jun 1999 09:58:48 -0500
>Subject: Fwd:Year 2000
>Our Cambridge office forwarded me yoru inquiry concerning Year 2000 issues.
>Last December, UCS helped the Nuclear Information and Resource Service
>develop three petitions that were submitted to the Nuclear Regulatory Commission.
>These petitions seek changes to federal regulations on an expedited basis to
>address Year 2000 concerns, including many of those outlined in your inquiry.
>These petitions may be viewed/downloaded from the NIRS website:
>On March 8, 1999, UCS was a panelist at a Year 2000 Symposium in DC
>co-chaired by Dr. Helen Caldicott of STAR and Rep. Edward Markey. This
>symposium was covered extensively by the media. As part of that effort,
>UCS helped develop a list of questions that nuclear plant owners should
>answer about their Year 2000 preparations. I've attached those questions
>and my presentation at the symposium to this message.
>UCS has been working with NIRS and Rep. Markey on this issue. Due largely
>to pressure from the Congressman, the NRC recently reversed a decision. It
>had originally planned to audit only 12 of the 103 operating nuclear plants for
>Year 2000 readiness. The NRC will now audit all 103 plants.
>Thanks for your inquiry and please do not hesitate to contact me with further
>questions/comments on this, or any other, nuclear safety matter.
>Nuclear Safety Engineer
>Union of Concerned Scientists