Nuclear power plant (NPP) risk assessment is broadly separated into disciplines of nuclear safety, security, and safeguards. Different analysis methods and computer models have been constructed to analyze each of these as separate disciplines. However, due to the complexity of NPP systems, there are risks that can span all these disciplines and require consideration of safety-security (2S) interactions which allows a more complete understanding of the relationship among these risks. A novel leading simulator/trailing simulator (LS/TS) method is introduced to integrate multiple generic safety and security computer models into a single, holistic 2S analysis. A case study is performed using this novel method to determine its effectiveness. The case study shows that the LS/TS method avoided introducing errors in simulation, compared to the same scenario performed without the LS/TS method. A second case study is then used to illustrate an integrated 2S analysis which shows that different levels of damage to vital equipment from sabotage at a NPP can affect accident evolution by several hours.
Nuclear security relies on the method of vital area identification (VAI) to inform the sabotage target locations within a nuclear power plant (NPP) that need to be protected. The VAI methodology uses fault trees (FTs) and event trees (ETs) to identify locations in the NPP that contain vital systems, structures, or components. However, the traditional FT/ET process cannot fully capture the dynamics occurring following NPP sabotage or of mitigating actions. A methodology is presented which examines the consequences of sabotage to NPP systems using the dynamic probabilistic risk assessment approach to explore these dynamics. A force-on-force computer code determines the timing and extent of damage to NPP systems and a reactor response code models the effects of this damage on the reactor. These two codes are connected using the novel leading simulator/trailing simulator (LS/TS) methodology. A case study is created using the LS/TS methodology to model an adversary attack on an NPP. This case study models uncertainties in an adversary attack and in the response to determine if reactor core damage would occur, and the time to core damage, as well as the extent of core damage, if damage occurs.
Vital Area Identification (VAI) is an important element in securing nuclear facilities, including the range of recently proposed advanced reactors (AR). As ARs continue to develop and progress to licensure status, it will be necessary to ensure that safety analysis methods are compatible with the new reactor designs. These reactors tout inherently passive safety systems that drastically reduce the number of active components whose failures need to be considered as basic events in a Level 1 probabilistic risk assessment (PRA). Instead, ARs rely on natural processes for their safety, which may be difficult to capture through the use of fault trees (FTs) and subsequently difficult to determine the effects of lost equipment when completing a traditional VAI analysis. Traditional VAI methodology incorporates FTs from Level 1 PRA as a substantial portion of the effort to identify candidate vital area sets. The outcome of VAI is a selected set of areas deemed vital which must be protected in order to prevent radiological sabotage. An alternative methodology is proposed to inform the VAI process and selection of vital areas: Systems-Theoretic Process Analysis (STPA). STPA is a systems-based, top-down approach which analyzes a system as a hierarchical control structure composed of components (both those that are controlled and their controllers) and controlled actions taken by/acted upon those components. The control structure is then analyzed based on several situational parameters, including a time component, to produce a list of scenarios which may lead to system losses. A case study is presented to demonstrate how STPA can be used to inform VAI for ARs.
Risk assessment of nuclear power plants (NPPs) is commonly driven by computer modeling which tracks the evolution of NPP events over time. To capture interactions between nuclear safety and nuclear security, multiple system codes each of which specializes on one space may need to be linked with information transfer among the codes. A systems analysis based on fixed length time blocks is proposed to allow for such a linking within the ADAPT framework without needing to predetermine in which order the safety/security codes interact. A case study using two instances of the Scribe3D code demonstrates the concept and shows agreement with results from a direct solution.
This document details the development of modeling and simulations for existing plant security regimes using identified target sets to link dynamic assessment methodologies by leveraging reactor system level modeling with force-on-force modeling and 3D visualization for developing table-top scenarios. This work leverages an existing hypothetical example used for international physical security training, the Lone Pine nuclear power plant facility for target sets and modeling.
This document details the development of modeling and simulations for existing plant security regimes using identified target sets to link dynamic assessment methodologies by leveraging reactor system level modeling with force-on-force modeling and 3D visualization for developing table-top scenarios. This work leverages an existing hypothetical example used for international physical security training, the Lone Pine nuclear power plant facility for target sets and modeling.
Security at nuclear power plants (NPPs) in the United States is currently based on vital area identification (VAI)-a procedure to determine locations within a nuclear facility that need to be defended from adversaries in order to avoid damage to the facility and/or release of radionuclides to the environment. This procedure heavily leverages a Level 1 probabilistic risk assessment (PRA) which identifies combinations of events that can lead to core damage. Current approaches to VAI for NPPs, however, are determined on a “snapshot-in-time,” and therefore unable to include the time-dependent effects of safety systems within a NPP A novel “leading simulator (LS) / trailing simulator (TS)” methodology is proposed to integrate the thermal hydraulic-based safety analysis of a NPP with a physical security analytical tool to model vital area boundaries and related potential consequences. The methodology will use dynamic event trees to systematically explore the uncertainties in an adversary attack scenario at a hypothetical NPP while incorporating the timing and repair effects that are not captured using the available modeling approaches to physical security practices. Ultimately, the LS/TS methodology will enable NPPs to incorporate the full complement of safety systems and procedures when performing security analyses.