Nuclear Engineering and Technology

  • 제46권6호
  • /
  • Pages.803-816
  • /
  • 2014
  • /
  • 1738-5733(pISSN)
  • /
  • 2234-358X(eISSN)
한국원자력학회 (Korean Nuclear Society)
권호 표지
DOI QR코드

DOI QR Code

OBSERVABILITY-IN-DEPTH: AN ESSENTIAL COMPLEMENT TO THE DEFENSE-IN-DEPTH SAFETY STRATEGY IN THE NUCLEAR INDUSTRY

  • Favaro, Francesca M. (Georgia Institute of Technology) ;
  • Saleh, Joseph H. (Georgia Institute of Technology)
  • 투고 : 2014.02.26
  • 심사 : 2014.06.16
  • 발행 : 2014.12.25
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Defense-in-depth is a fundamental safety principle for the design and operation of nuclear power plants. Despite its general appeal, defense-in-depth is not without its drawbacks, which include its potential for concealing the occurrence of hazardous states in a system, and more generally rendering the latter more opaque for its operators and managers, thus resulting in safety blind spots. This in turn translates into a shrinking of the time window available for operators to identify an unfolding hazardous condition or situation and intervene to abate it. To prevent this drawback from materializing, we propose in this work a novel safety principle termed "observability-in-depth". We characterize it as the set of provisions technical, operational, and organizational designed to enable the monitoring and identification of emerging hazardous conditions and accident pathogens in real-time and over different time-scales. Observability-in-depth also requires the monitoring of conditions of all safety barriers that implement defense-in-depth; and in so doing it supports sensemaking of identified hazardous conditions, and the understanding of potential accident sequences that might follow (how they can propagate). Observability-in-depth is thus an information-centric principle, and its importance in accident prevention is in the value of the information it provides and actions or safety interventions it spurs. We examine several "event reports" from the U.S. Nuclear Regulatory Commission database, which illustrate specific instances of violation of the observability-in-depth safety principle and the consequences that followed (e.g., unmonitored releases and loss of containments). We also revisit the Three Mile Island accident in light of the proposed principle, and identify causes and consequences of the lack of observability-in-depth related to this accident sequence. We illustrate both the benefits of adopting the observability-in-depth safety principle and the adverse consequences when this principle is violated or not implemented. This work constitutes a first step in the development of the observability-in-depth safety principle, and we hope this effort invites other researchers and safety professionals to further explore and develop this principle and its implementation.

키워드

참고문헌

  1. Sorensen, J. N., Apostolakis, G. E., Kress, T. S., and Powers, D. A. "On the Role of Defense in Depth in Risk-Informed Regulation". In: Proceedings of the PSA '99, 1999.
  2. NRC, US. "Causes and Significance of Design Basis Issues at US Nuclear Power Plants". Draft Report, Washington, DC: US Nuclear Regulatory Commission, Office of Nuclear Regulatory Research, 2000.
  3. Saleh, J. H., Marais, K. B., Bakolas, E. and Cowlagi, R. V. "Highlights from the literature on accident causation and system safety: Review of major ideas, recent contributions, and challenges." Reliability Engineering & System Safety, Volume 95, Issue 11, pp. 1105-1116, 2010. https://doi.org/10.1016/j.ress.2010.07.004
  4. Rasmussen, J. "Risk management in a dynamic society: a modeling problem". Safety Science, Volume 27, Issues 2-3, pp. 183-213, 1997. https://doi.org/10.1016/S0925-7535(97)00052-0
  5. Svedung, I., and Rasmussen, J. "Graphic representation of accident scenarios: mapping system structure and the causation of accidents". Safety Science, Volume 40, Issue 5, pp. 397-417, 2002. https://doi.org/10.1016/S0925-7535(00)00036-9
  6. NRC-ML13277A421, Enclosure 3 (2013). Defense-in-depth observations and detailed history. Nuclear Regulatory Commission, Washington, D.C. Available at http://pbadupws.nrc.gov/docs/ML1327/ML13277A425.pdf [Accessed May 13, 2014]
  7. Saleh, J.H., Marais, K. B., Favaro, F.M. "System safety principles: A multidisciplinary engineering perspective". Journal of Loss Prevention in the Process Industry, vol. 29, 2014, pp. 283-294. https://doi.org/10.1016/j.jlp.2014.04.001
  8. Reason, J. T. "Managing the risks of organizational accidents". Aldershot, Hants, England; Brookfield, Vt., USA: Ashgate, 1997.
  9. Favaro, F. M., and Saleh, J. H. "Observability in Depth: novel safety strategy to complement defense-in-depth for dynamic real-time allocation of defensive resources". Presented at the ESREL Conference September 29 - October 2 2013, Amsterdam, 2013.
  10. Hopkins, A. "Was Three Mile Island a 'Normal Accident'?". Journal of Contingencies and Crisis Management, Volume 9, Issue 2, pp. 65-72, 2001. https://doi.org/10.1111/1468-5973.00155
  11. Saleh, J. H., Haga, R. A., Favaro, F. M., Bakolas, E. (2014a) "Texas City Refinery Accident: Case Study in Breakdown of Defense-In-Depth and Violation of the Safety-Diagnosability Principle". Engineering Failure Analysis, Volume 36, pp. 121-133, 2014. https://doi.org/10.1016/j.engfailanal.2013.09.014
  12. Saleh, J. H., Cummings, A. M. "Safety in the Mining Industry and the Unfinished Legacy of Mining Accidents: Safety Levers and the Principle of Defense-in-Depth for Addressing Mining Hazards." Safety Science, Vol. 49, Issue 6, 2011, pp. 764-777. https://doi.org/10.1016/j.ssci.2011.02.017
  13. Gates, R.A., Phillips, R.L., Urosek, J.E., et al. "Report of investigation: Fatal underground coal mine explosion, January 2, 2006. Sago Mine". Mine Safety and Health Administration, 2007. Available at http://www.msha.gov/sagomine/sagomine. asp. [Accessed May 13, 2014]
  14. Bakolas, E., and Saleh, J. H. "Augmenting defense-in-depth with the concepts of observability and diagnosability from Control Theory and Discrete Event Systems". Reliability Engineering & System Safety, Volume 96, Issue 1, pp. 184-193, 2011. https://doi.org/10.1016/j.ress.2010.09.002
  15. OECD/NEA "CSNI Technical Opinion Papers: (7) Living PSA and its Use in the Nuclear Safety Decision-making Process; (8) Development and Use of Risk Monitors at Nuclear Power Plants." Nuclear Energy Agency, Paris, France, 2005 Available at http://www.oecd-nea.org/nsd/reports/2005/nea 4411-PSArisk-monitors.pdf [Accessed May 12, 2014]
  16. Le Bot, P. "Human reliability data, human error and accident models- illustration through the Three Mile Island accident analysis." Reliability Engineering and System Safety. Volume 83, No. 2, pp. 153-167, 2004. https://doi.org/10.1016/j.ress.2003.09.007
  17. Endsley, M. R. "Toward a theory of situation awareness in dynamic systems." Human Factors: The Journal of the Human Factors and Ergonomics Society, Vol. 37, No. 1, pp. 32-64, 1995a. https://doi.org/10.1518/001872095779049543
  18. Durso, F. T., and Sethumadhavan, A. (2008). "Situation awareness: Understanding dynamic environments." Human Factors: The Journal of the Human Factors and Ergonomics Society, Vol. 50, No. 3, pp. 442-448, 2008. https://doi.org/10.1518/001872008X288448
  19. Endsley, M. R. "Measurement of situation awareness in dynamic systems". Human Factors: The Journal of the Human Factors and Ergonomics Society, Vol. 37, No. 1, pp. 65-84, 1995b. https://doi.org/10.1518/001872095779049499
  20. NRC, US "DAVIS-BESSE REACTOR VESSEL HEAD DEGRADATION LESSONS-LEARNED TASK FORCE REPORT" available at www.nrc.gov/reactors/operating/ops-experience/vessel-head-degradation/lessons-learned/lessons-learned-files/lltf-rpt-ml022760172.pdf
  21. Saleh, J. H., Saltmarsh, E., Favaro, F. M., Brevault, L. "Accident precursors, near misses, and warning signs: critical review and formal definition within the framework of Discrete Event Systems". Reliability Engineering and System Safety, Volume 114, pp.148-154, 2013. https://doi.org/10.1016/j.ress.2013.01.006
  22. Sovacool, B. K. "The costs of failure: a preliminary assessment of major energy accidents, 1907-2007." Energy Policy, Volume 36, No. 5, pp. 1802-1820, 2008. https://doi.org/10.1016/j.enpol.2008.01.040
  23. Perrow, C. "The President's Commission and the normal accident." Accident at Three Mile Island: The Human Dimensions pp. 173-84, 1982.
  24. Rogovin, M. "Three Mile Island: A report to the Commissioners and to the public". No. NUREG/CR-1250 (Vol. 1). Nuclear Regulatory Commission, Washington, DC (USA), 1979.
  25. Gorinson, Stanley, M., and Kane, K. P. "Report of the Office of Chief Counsel on the role of the managing utility and its suppliers". No. NP-25106. President's Commission on the Accident at Three Mile Island, Washington, DC (USA), 1979.
  26. NRC, US "Backgrounder on the Three Mile Island Accident", available at http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/3mile-isle.html
  27. NRC, US - LERSearch database website, available at https://lersearch.inl.gov/Entry.aspx
  28. NRC, US "10CFR50.73 Licensee Event Report System" available at http://www.nrc.gov/reading-rm/doc-collections/cfr/part050/part050-0073.html
  29. NRC, US public blog "Easy Searching for Licensee Event Reports" available at http://public-blog.nrc-gateway.gov/ 2011/03/04/easy-searching-for-licensee-event-reports/
  30. NRC, US "Licensee Event Report 96-022-00 Emergency Diesel Generator Inoperable Due to Low Fuel Oil in Storage Tank" Limerick Geberating Station, Unit 1, December 31st 1996.
  31. NRC, US "Licensee Event Report 98-027-00 Unmonitored Flowpath in Safety Injection Cooling Pumps May Prevent Detection of Pump Degradation" Millstone Power Station Unit 3, April 16th 1998.
  32. NRC, US "Licensee Event Report 97-025-00 Design Deficiency - Potential for an Unmonitored Release Path Through the Station Service Water System" Hope Creek Generating Station, October 4th 1997.
  33. NRC, US "Licensee Event Report 97-037-00 Unmonitored Release Path Due to Radioactive Ash in the House Heating Boiler" Millstone Power Station Unit 1, September 10th 1997.