Douglas E. Peplow, C. David Sulfredge, Robert L. Sanders, and Robert H. Morris Oak Ridge National Laboratory Todd A. Hann Defense Threat Reduction Agency |
"Calculating Nuclear Power Plant Vulnerability Using Integrated Geometry and Event/Fault Tree Models" |
Nuclear Science and Engineering 146, No. 1, 71-87 (2004) |
Since the events of September 11, 2001, the vulnerability of nuclear power plants to terrorist attacks has become a national concern. The results of vulnerability analysis are greatly influenced by the computational approaches used. Standard approximations used in fault tree analysis are not applicable for attacks, where high component failure probabilities are expected; two methods that do work with high failure probabilities are presented. Different blast modeling approaches can also affect the end results. Modeling the structural details of facility buildings and the geometric layout of components within the buildings is required to yield meaningful results.
Reports in the popular news media have indicated that nuclear power plants are prime targets for terrorist organizations. A likely avenue for such an attack is a bomb carried by car or truck, similar to the recent events listed in Table I. Car bombs require less preparation, skill, or manpower than complex attacks such as those of September 11, 2001.
The managements of nuclear power plants, as well as other infrastructure targets, need to know the parts of their facilities where a bomb explosion could lead to facility shutdown -- or in the worst case, core damage (potential of release of hazardous materials). These areas need to be identified so that they can be adequately protected.
To determine the areas where nuclear facilities are vulnerable, a calculational tool is needed that can quickly evaluate the effects of a bomb explosion in or around the buildings of a facility and determine the probable impact on facility operation as well as the probability of an accompanying radiological release. The Visual Interactive Site Analysis Code (VISAC) developed at Oak Ridge National Laboratory (ORNL) does this using a geometric model of the facility coupled to an event/fault tree model of plant systems to analyze the effects of blasts. The event/fault tree models associated with facility vulnerability calculations often involve unreliable systems (systems with high component failure probabilities resulting from an attack scenario). For VISAC to analyze such situations accurately, ORNL had to develop some novel techniques for evaluating event/fault trees associated with unreliable systems.
Date | Target/Location | Delivery/Material | TNT equiv (lbs) | Reference |
---|---|---|---|---|
Apr 1983 | US Embassy Beirut, Lebanon |
van | 2000 | www.beirut-memorial.org |
Oct 1983 | US Marine Barracks Beirut, Lebanon |
truck, TNT with gas enhancement | 12000 | www.usmc.mil |
Feb 1993 | World Trade Center New York, USA |
van, urea nitrate and hydrogen gas | 2000 | www.interpol.int |
Apr 1995 | Murrah Federal Bldg Oklahoma City, USA |
truck, ammonium nitrate fuel oil | 5000 | US Senate documents |
Jun 1996 | Khobar Towers Dhahran, Saudi Arabia |
tanker truck, plastic explosive | 20000 | www.fbi.gov |
Aug 1998 | US Embassy Nairobi, Kenya |
truck, TNT, possibly Semtex | 1000 | news reports, US Senate documents |
Aug 1998 | US Embassy Dar es Salaam, Tanzania |
truck | 1000 | US Senate documents |
Oct 2000 | Destroyer USS Cole Aden Harbor, Yemen |
small watercraft, possibly C-4 | 440 | www.al-bab.com news.bbc.co.uk |
Murrah Bldg | |
Murrah Bldg | |
Khobar Towers | |
Destroyer USS Cole |
Traditional event/fault tree analysis techniques do not work well when input failure probabilities are high and the system is unreliable. Improvements to the cut set methodology would be difficult due to the large number of terms involved.
For systems where the number of common events in each event tree sequence is small, reliable or unreliable, a variation of the brute force technique can be used to find the exact answer. This paper has shown several improvements to the brute force technique, but some problems can still be too large to obtain solutions in reasonable periods of time.
Monte Carlo methods are well suited to analyzing unreliable systems. Calculations can be made to any level of uncertainty desired. Like the brute force techniques, by focusing on the common events, a solution with lower variance can be calculated.
Correlation-based algorithms using scaled parameters allow a fast-running code to represent blast effects without resorting to hydrocode solutions.
The different blast modeling approaches used can also affect the end results. Modeling only the buildings without any critical components will give only a rough idea of the true facility vulnerability, which may not be particularly useful in designing countermeasures. Including geometric detail in the target facility model is required to obtain meaningful vulnerability analysis results.
ORNL's VISAC code successfully integrates the concepts of target geometric modeling, a correlation-based methodology for blast damage assessment, and unreliable event/fault tree evaluation techniques to analyze nuclear power plant vulnerability.
Oak Ridge National Laboratory is managed and operated by UT-Battelle, LLC for the U.S. Department of Energy under Contract No. DE-AC05-00OR22725.
This work was funded by DTRA, the Defense Threat Reduction Agency, Alexandria, VA.
Special thanks to Robert T. Santoro and Ronald J. Ellis, both of Oak Ridge National Laboratory, for reviewing the manuscript before its submission.
|
Figure 1. The essence of an event/fault tree problem. N basic events feed into a set of gates and subsystems, resulting in I top-level gates that are used in an event tree. |
|
Figure 2. A simple event tree made from three top-level gates. |
|
Figure 3. The SAPHIRE example problem event tree using two top-level system gates. |
|
Figure 4. A closer look at an event/fault tree problem. N basic events feed into a set of gates and subsystems but only M of them are common events. |
|
Figure 5. Example showing the general form for a component fragility function in terms of the blast peak overpressure. |
|
Figure 6. Location of the 100 pound TNT charge (at the intersections of the dashed lines) inside the containment building. |
|
Figure 7a. Location of the 3500 pound TNT charge outside of the turbine and transformer buildings. |
|
Figure 7b. The transformer building components, 15 feet above the plane where the blast took place. |
|
Figure 8. The core damage probabilities resulting from a truck bomb using building level models. This indicates that an explosion next to any building other than the transformer building will lead to core damage. |
|
Figure 9. The core damage probabilities resulting from a truck bomb using detailed critical components inside each building. This indicates that explosions next to the containment, next to the control room and near critical equipment in the auxiliary building will lead to core damage. |