Introduction

Since the terrorist attacks of September 11. 2001, the vulnerability of nuclear power plants to such attacks has become a national concern. Reports in the popular news media have indicated that nuclear power plants are prime targets for terrorist organizations. A likely avenue for such an attack is a bomb carried by car or truck, similar to the Oklahoma City event in 1995. Areas around the facility where a bomb explosion could lead to facility shutdown -- or in the worst case, core damage -- need to be identified so that they can be adequately protected.

To accomplish this, a calculational tool is needed that can quickly evaluate the effects of a bomb explosion in or around the buildings of a nuclear facility.

Description of Actual Work

To predict the outcome of an attack, three models must be combined: a geometric representation of the facility, a weapons-effects model used to determine which plant components are damaged due to a blast, and an event tree/fault tree model to determine which plant safety systems fail as a result of the component damage. From the event/fault tree model, the final consequences (probability of facility shutdown and probability of core damage) are also determined. This paper will focus on three aspects of this calculation that are new and significant.

Unreliable Event/Fault Tree Calculation

Typical event/fault tree calculations are used for systems that are highly reliable, where the basic events have very low failure probabilities. Popular software tools used for event/fault tree analysis usually use cut set approaches and take advantage of those low probabilities to use several approximations to speed up the calculations. With large component failure probabilities from an intentional attack, the terms left out by the cut set methods become important, making those approximations break down - giving erroneous results. We use methods that calculate the fault trees exactly or by Monte Carlo methods if exact will take too long to get more accurate answers for unreliable event/fault tree systems.

Geometry Fidelity

One approach to linking the geometry model to the event/fault tree model is to construct the event trees in terms of buildings (containment, turbine building, etc) as overall basic events which represent all the critical components located inside each building. If a blast breaks any of the exterior walls of a building, the logic model assumes that the entire building is considered failed in the fault trees. This approach can lead to overestimation of negative outcomes from attacks because buildings are seldom completely destroyed in realistic attack scenarios.

The approach used in this work models individual critical components inside each building of the plant. For each of these components, a blast fragility function is prescribed and used to calculate the failure probability of the component from a given blast. Each critical component in the geometry is mapped to a basic event used in the fault trees. In addition to evaluating the vulnerability better, this more detailed approach can be used to determine the ultimate outcome with greater fidelity (a large early release or small late release).

Blast Modeling

Propagating a blast wave through a realistic geometry model is a difficult problem. There are different approaches [Young et al, 1995; Dunn et al, 1999] that can be used. Each has its advantages and disadvantages. Ray tracing can be done in a variety of ways, such as uniform rays, rays to every critical component, etc but could still miss items hidden behind walls. Letting the blast propagate through discretized air voxels can find hidden components, but only to the resolution level of voxelization. All of the methods give more precise results with longer computation times.

Results

For a typical nuclear power plant facility, the probabilities of facility shutdown and core damage are found using integrated geometry and event/fault tree models. The different approaches for fault tree calculation, geometry fidelity, and blast wave propagation are explored. The examples shown in Figures 1 and 2 are the core damage probabilities resulting from a truck bomb with 3500 pounds of TNT equivalent detonated ten feet above ground level near a generic two-loop PWR model that does not represent any particular real plant. Figure 1 is calculated using a building-level fidelity and Figure 2 is calculated using more than 150 critical components in the geometry. It is not surprising that the results are quite different. If these maps were to be used to guide the placement of security enhancements, a great deal of money would be saved using the map that the more detailed model produced.

Figure 1. The core damage probabilities resulting from a truck bomb using building level models. This indicates that an explosion next to any building other than the transformer building will lead to core damage.

Figure 2. The core damage probabilities resulting from a truck bomb using detailed critical components inside each building. This indicates that explosions next to the containment, next to the control room and near critical equipment in the auxiliary building will lead to core damage.

Conclusions

The results of a vulnerability analysis are greatly influenced by the computational approaches used. Standard approximations used in fault tree analysis cannot be used for attacks with high failure probabilities. The different blast modeling approaches used can also affect the end results. Geometric detail is required for meaningful results.

References

1. Dunn, P. E., J. E. Madrigal, D. A. Parsons, J. C. Partch, D. A. Verner, L. A. Young, Modular Effectiveness/Vulnerability Assessment (MEVA) Software User's Manual, Applied Research Associates, Inc., Albuquerque, NM, published by Wright Laboratory, Armament Directorate, Air Force Materiel Command, United States Air Force, April 23, 1999.

2. Young, L. A., B. K. Streit, K. J. Peterson, D. L. Read, F. A. Maestas, Effectivieness/Vulnerability Assessments in Three Dimensions (EVA-3D) Versions 4.1F and 4.1C User's Manual - Revision A, Applied Research Associates, Inc., Albuquerque, NM, published by Wright Laboratory, Armament Directorate, Air Force Materiel Command, United States Air Force, November 29, 1995.