Abstract

Since the events of September 11, 2001, the vulnerability of nuclear power plants to terrorist attacks has become a national concern. The results of vulnerability analysis are greatly influenced by the computational approaches used. Standard approximations used in fault tree analysis are not applicable for attacks, where high component failure probabilities are expected; two methods that do work with high failure probabilities are presented. Different blast modeling approaches can also affect the end results. Modeling the structural details of facility buildings and the geometric layout of components within the buildings is required to yield meaningful results.

I. INTRODUCTION

Reports in the popular news media have indicated that nuclear power plants are prime targets for terrorist organizations. A likely avenue for such an attack is a bomb carried by car or truck, similar to the recent events listed in Table I. Car bombs require less preparation, skill, or manpower than complex attacks such as those of September 11, 2001.

The managements of nuclear power plants, as well as other infrastructure targets, need to know the parts of their facilities where a bomb explosion could lead to facility shutdown -- or in the worst case, core damage (potential of release of hazardous materials). These areas need to be identified so that they can be adequately protected.

To determine the areas where nuclear facilities are vulnerable, a calculational tool is needed that can quickly evaluate the effects of a bomb explosion in or around the buildings of a facility and determine the probable impact on facility operation as well as the probability of an accompanying radiological release. The Visual Interactive Site Analysis Code (VISAC) developed at Oak Ridge National Laboratory (ORNL) does this using a geometric model of the facility coupled to an event/fault tree model of plant systems to analyze the effects of blasts. The event/fault tree models associated with facility vulnerability calculations often involve unreliable systems (systems with high component failure probabilities resulting from an attack scenario). For VISAC to analyze such situations accurately, ORNL had to develop some novel techniques for evaluating event/fault trees associated with unreliable systems.

Murrah Bldg
Murrah Bldg
Khobar Towers
Destroyer USS Cole

II. UNRELIABLE EVENT/FAULT TREE CALCULATION

II.A. Brief Description of Typical Fault Tree Methods

II.A.1. Brute Force Technique

II.A.2. Monte Carlo Solution

II.A.3. Minimal Cut Set Analysis

II.A.4. Rare Events Approximations

II.A.5. Minimal Cut Set Upper Bound

II.A.6. Example Problem

II.B. Methods for Unreliable Systems

II.B.1. Brute Force Methods Revisited

II.B.2. Monte Carlo Solutions Revisited

II.B.3. Example Problem

III. BLAST MODELING

III.A. Blast Modeling in VISAC

III.A.1. Uniform Ray Tracing

III.A.2. Direct Ray Tracing

III.A.3. Continuous Air Regions

III.B. Example Facility

III.B.1. Example 1

III.B.2. Example 2

III.C. Geometry Fidelity

IV. CONCLUSIONS

Traditional event/fault tree analysis techniques do not work well when input failure probabilities are high and the system is unreliable. Improvements to the cut set methodology would be difficult due to the large number of terms involved.

For systems where the number of common events in each event tree sequence is small, reliable or unreliable, a variation of the brute force technique can be used to find the exact answer. This paper has shown several improvements to the brute force technique, but some problems can still be too large to obtain solutions in reasonable periods of time.

Monte Carlo methods are well suited to analyzing unreliable systems. Calculations can be made to any level of uncertainty desired. Like the brute force techniques, by focusing on the common events, a solution with lower variance can be calculated.

Correlation-based algorithms using scaled parameters allow a fast-running code to represent blast effects without resorting to hydrocode solutions.

The different blast modeling approaches used can also affect the end results. Modeling only the buildings without any critical components will give only a rough idea of the true facility vulnerability, which may not be particularly useful in designing countermeasures. Including geometric detail in the target facility model is required to obtain meaningful vulnerability analysis results.

ORNL's VISAC code successfully integrates the concepts of target geometric modeling, a correlation-based methodology for blast damage assessment, and unreliable event/fault tree evaluation techniques to analyze nuclear power plant vulnerability.

ACKNOWLEDGEMENTS

Oak Ridge National Laboratory is managed and operated by UT-Battelle, LLC for the U.S. Department of Energy under Contract No. DE-AC05-00OR22725.

This work was funded by DTRA, the Defense Threat Reduction Agency, Alexandria, VA.

Special thanks to Robert T. Santoro and Ronald J. Ellis, both of Oak Ridge National Laboratory, for reviewing the manuscript before its submission.

Figure 1. The essence of an event/fault tree problem. N basic events feed into a set of gates and subsystems, resulting in I top-level gates that are used in an event tree.

Figure 2. A simple event tree made from three top-level gates.

Figure 3. The SAPHIRE example problem event tree using two top-level system gates.

Figure 4. A closer look at an event/fault tree problem. N basic events feed into a set of gates and subsystems but only M of them are common events.

Figure 5. Example showing the general form for a component fragility function in terms of the blast peak overpressure.

Figure 6. Location of the 100 pound TNT charge (at the intersections of the dashed lines) inside the containment building.

Figure 7a. Location of the 3500 pound TNT charge outside of the turbine and transformer buildings.

Figure 7b. The transformer building components, 15 feet above the plane where the blast took place.

Figure 8. The core damage probabilities resulting from a truck bomb using building level models. This indicates that an explosion next to any building other than the transformer building will lead to core damage.

Figure 9. The core damage probabilities resulting from a truck bomb using detailed critical components inside each building. This indicates that explosions next to the containment, next to the control room and near critical equipment in the auxiliary building will lead to core damage.

REFERENCES

1. US Nuclear Regulatory Commission Reactor Safety Study - An Assessment of Accident Risks in US Commercial Nuclear Power Plants, Report WASH-1400, NUREG-75/014 (1975).

2. D. F. HAASL, N. H. ROBERTS, W. E. VESELY, F. F. GOLDBERG, Fault Tree Handbook, US Nuclear Regulatory Commission, Washington, DC (1981).

3. SAPHIRE: Systems Analysis Programs for Hands-on Integrated Reliability Evaluations, Version 6.64, Idaho National Engineering and Environmental Laboratory (1999).

4. FaultTree+ V8.0, Isograph Ltd. (1998).

5. R. R. FULLWOOD and R. E. HALL, Probabilistic Risk Assessment in the Nuclear Power Industry, Pergamon Press, Oxford, England (1988).

6. N. J. MCCORMICK, Reliability and Risk Analysis, Academic Press, New York, New York (1981).

7. I. MILLER and J. E. FREUND, Probability and Statistics for Engineers, Prentice-Hall, Englewood Cliffs, New Jersey, pp. 79, 108-110, 240-246 (1976).

8. Young, L. A., B. K. Streit, K. J. Peterson, D. L. Read, F. A. Maestas, Effectivieness/Vulnerability Assessments in Three Dimensions (EVA-3D) Versions 4.1F and 4.1C User's Manual - Revision A, Applied Research Associates, Inc., Albuquerque, NM, published by Wright Laboratory, Armament Directorate, Air Force Materiel Command, United States Air Force, November 29, 1995.

9. Dunn, P. E., J. E. Madrigal, D. A. Parsons, J. C. Partch, D. A. Verner, L. A. Young, Modular Effectiveness/Vulnerability Assessment (MEVA) Software User's Manual, Applied Research Associates, Inc., Albuquerque, NM, published by Wright Laboratory, Armament Directorate, Air Force Materiel Command, United States Air Force, April 23, 1999.

10. M. P. WHITE, editor, Effects of Impact and Explosion, Summary Technical Report of Division 2. National Defense Research Committee, Office of Scientific Research and Development, Washington, DC (1946).

11. W. E. BAKER, Explosions in Air, University of Texas Press, Austin, Texas (1973).

12. S. GLASSTONE, The Effects of Nuclear Weapons. US Atomic Energy Commission, Washington, DC (1962).

13. M. M. STEPHENS, Minimizing Damage to Refineries from Nuclear Attack, Natural and Other Disasters, US Department of the Interior, Office of Oil and Gas, Washington, DC (1970).