LESSONS LEARNED FORSMARK EVENT Presented To IEEEE

Similar documents
CSNI Draft Report DEFENCE IN DEPTH OF ELECTRICAL SYSTEMS AND GRID INTERACTION. Final DIDELSYS Task Group Report

The IAEA does not normally maintain stocks of reports in this series.

WELCOME AND INTRODUCTORY REMARKS

IMPLEMENTATION OF THE RCP SHIELD MECHANICAL SEAL MODEL IN THE COMANCHE PEAK PRA

APR1400 Electric System Design. KHNP KEPCO E&C November 29, 2017

JAMES F. GLEASON, P.E. CHAIRMAN QUALIFICATION COMMITTEE

Startup and Operation of SEE-THRU Nuclear Power Plant for Student Performance MP-SEE-THRU-01 Rev. 018

Sola/Hevi-Duty S3K Series Mini-Tower UPS

TECHNICAL SPECIFICATION FOR A 10 TO 50 KVA THREE PHASE, UNINTERRUPTIBLE POWER SYSTEM WaveRider III

AP1000 Plant Overview

AP1000 European 7. Instrumentation and Controls Design Control Document

PLANT HATCH FEEDWATER SYSTEM OPERATING EXPERIENCE. Significant events from 2015

Standby Power Systems

Model ESV Uninterruptible Power System 1.5 KVA/KW KVA/KW Single Phase

Shunt Capacitor Bank Protection in UHV Pilot Project. Qing Tian

ISO Rules Part 500 Facilities Division 502 Technical Requirements Section Interconnected Electric System Protection Requirements

Chapter 6 Generator-Voltage System

Modular Standardized Electrical and Control Solutions for Fast Track Projects

Health and Safety Executive, Technology and Health Sciences Division, Magdalen House, Bootle.

Valcom Failsafe Unit. 1620ESv2 SERIES. Operation and Maintenance Manual

Uninterruptible Power System

ATevo SERIES BATTERY CHARGER

APC Smart-UPS. GUIDE SPECIFICATIONS FOR 1000VA & 2000VA Smart-UPS 230VAC Uninterruptible Power Supply

POWER SYSTEM OPERATING INCIDENT REPORT TRIPS OF YALLOURN W POWER STATION UNITS W1 AND W3 ON 14 NOVEMBER 2012

Liebert PowerSure PSI UPS

2015 WDC Disturbance and Protection Standards Overview

Fortress 1 Outdoor Emergency Central Lighting Inverter (CLI) Technical Specifications

User Manual. Wind and Solar Hybrid Charge Controller 1KW / 2KW 48VDC. HCON Series

The B&W mpower TM Small Modular Reactor I&C Design, Architecture and Challenges

TRANSMISSION PLANNING CRITERIA

Guideline for Using IEEE 1547 for Solar PV Interconnection Page 1

AT EVO SERIES BATTERY CHARGER

Horizontal Circuit Switchers

Horizontal Circuit Switchers

EVO SERIES BATTERY CHARGER SERIES BATTERY CHARGER

AP1000 European 7. Instrumentation and Controls Design Control Document

Defender Mini Online Emergency Central Lighting Inverter (CLI) Technical Specifications

R-MAG Vacuum Circuit Breaker with Magnetic Actuator Mechanism 15.5 kv - 27 kv; 1200 A A

Copyright 2003 Advanced Power Technologies, Inc.

Power Lynx 3 Uninterruptible Power System (UPS) Technical Specifications

Aswan high dam - Distributed control system AUTOMATION

HIGH PENETRATION RENEWABLE HYBRID POWER SYSTEMS TO MEET OFF-GRID COMMUNITY AND INDUSTRIAL ENERGY NEEDS

Cobra 3 Stand-By Emergency Central Lighting Inverter (CLI) Technical Specifications

DISTURBANCES IN THE EUROPEAN NUCLEAR POWER PLANT SAFETY RELATED ELECTRICAL SYSTEMS

CCHMP Comments on ConocoPhillips Incident Report For 10/22/10 Flaring Event

16kA Solid Dielectric, Triple Option Reclosers Catalog VLT12

Transmission Switching

Fortress 3 Harsh. Harsh Environment. Emergency Central Lighting Inverter (CLI) Technical Specifications

Foreword

EH2741 Communication and Control in Electric Power Systems Lecture 3. Lars Nordström Course map

INTERCONNECTION STANDARDS FOR PARALLEL OPERATION OF SMALL-SIZE GENERATING FACILITIES KILOWATTS IN THE STATE OF NEW JERSEY

III. Substation Bus Configurations & Substation Design Recommendations

2013 Grid of the Future Symposium. Utilizing Single Phase Operation Scheme on Untransposed 765kV lines for a Stability-Limited Plant

EVO AT SERIES BATTERY CHARGER

AP1000 European 8. Electric Power Design Control Document

National Research Council

CP-250E-60/72-208/240-MC4 Microinverter with Modular Trunk Cable

R-MAG. Vacuum Circuit Breaker with Magnetic Actuator Mechanism

Vacuum Circuit Breaker Type VAD-3

AT SERIES EVO BATTERY CHARGER

Static frequency converter couples US paper mill s 25-Hz and 60-Hz electricity grids

Type SDV6 distribution circuit breaker. Top performance - proven reliability. Answers for energy.

Beyond Design Basis Analysis:

SPECIFICATIONS UPS Triple Output 13.6VDC/213W, 48VDC/153W, 48VDC/39W

Project #148. Generation Interconnection System Impact Study Report

MODEL A96 SERIES. 130Vdc Switchmode Utility Rectifier / Battery Charger. Used with LaMarche Power Cage ECN/DATE

Forsmark 12. S3K Applications. Thomas Smed US User Group Meeting Arizona, October 2008

TECHNICAL SPECIFICATIONS for. Telecommunication Battery Backup Systems (TBS)

CHAPER 5 POWER FLOW STUDY IN THE INTEGRATED GRID NETWORK

Guide. Services Document No: GD-1401 v1.0. Issue Date: Title: WIND ISLANDING. Previous Date: N/A. Author: Heather Andrew.

TOTALFLOW Technical Bulletin 82

Advanced Protective Relay Training

Alternator protection, part 1: Understanding code requirements

Liebert GXT & 10000VA RT208 Rack-Tower models, Dual Inverter GUIDE SPECIFICATIONS 1.0 GENERAL

INSTALLATION INSTRUCTIONS

Outage dates (duration): March 2, 1993 to April 20, 1994 (1.1 years) Reactor age when outage began: 11.7 years

TECHNICAL SPECIFICATION FOR INDEPENDENT POWER PRODUCERS. NB Power Customer Service and Distribution. June 2008

KONČAR Group. Research and Development

EE 741 Over-voltage and Overcurrent. Spring 2014

Cigre SC B4 Activities Towards HVDC Grids. HVDC Grid Workshop Belgium

Bombardier Challenger Auxiliary Power Unit

Summary of General Technical Requirements for the Interconnection of Distributed Generation (DG) to PG&E s Distribution System

Grounding Of Standby & Emergency Power Systems

FUNCTIONAL SAFETY SOLUTIONS in Solenoid Valves

CP /240-MC4 User Manual

EE069: Electrical Engineering for Non-Electrical Engineers

DENVER PUBLIC SCHOOLS DESIGN AND CONSTRUCTION STANDARDS This Standard is for guidance only. SECTION MOTORS, STARTERS & DRIVES

DESIGN CONSIDERATIONS FOR APPLICATION OF SHUNT CAPACITORS IN HEAVY HATER PLANT (TUTICORIN)

Washington, DC Area Low Voltage Disturbance

Generator Interconnection Facilities Study For SCE&G Two Combustion Turbine Generators at Hagood

SECTION MOTORS AND VARIABLE FREQUENCY DRIVES

Power Conversion Systems 2005/2006. Schaefer the Power to make it happen.

Hope Creek Variable Frequency Drive

Design Criteria and Practices for the Electric Warship

A Cost Benefit Analysis of Faster Transmission System Protection Schemes and Ground Grid Design

Summary of Revision, IEEE C , Guide for Breaker Failure Protection of Power Circuit Breakers

Seabrook Substation Reliability Improvement Project

Combustion Turbine Outages For 2008

ANALYSIS OF BREST-OD-300 SAFETY DURING ANTICIPATED OPERATIONAL OCCURRENCES

CONNECTION ASSESSMENT & APPROVAL PROCESS. Cardinal Substation Modification of 115kV Substation

Transcription:

LESSONS LEARNED FORSMARK EVENT Presented To IEEEE Thomas Koshy Member of the Task Group on Forsmark Chief of Mechanical & Electrical Engineering Office of Research, USNRC Thomas.Koshy@nrc.gov 1

Agenda Safety Systems Overview Event Summary Risk Insights Event Details Over Voltage Recommendations Millstone 2 Failure Modes Preferred Failure Modes Solutions to House-load Operational Problems Regulations IEEE Challenges 2

Forsmark station Sweden Three Asea Atom BWR # 1: 2928 MWth 1980 # 2: 2928 MWth 1981 # 3: 3300 MWth 1985 NPEC Meeting July 16, 2008 3 3

Forsmark Safety Systems Overview Safety systems are divided into four trains Each train with its own emergency diesel generator and capacity to manage 50% of the ECCS loads Emergency Core Cooling is all electric 4 4

Event Summary July 25, 2006; Plant at 100% Opened 400 kv disconnect and caused an Electrical Fault Generator voltage dropped to 30% Unit disconnected from the grid Generator over-voltage (OV) 130% OV caused 2 of 4 UPSs to fail 2 of 4 Emergency Diesel Generators (EDG) failed to connect to the safety buses 5 5

Maintenance work in the switchyard causes an arc and a short circuit. Unit 1 is disconnected from the grid and reactor scrams. Failure in the generator protection results in generator breaker not opening. Generator breaker should open and transfer to 70kV offsite power. Internal power supply is divided into four separate buses/trains (A,B,C,D) for emergency power. Rectifier and inverter on buses/trains A&B fail. Buses A&B loss power and the signal to start the EDGs fail. Gas Turbine 6 6

TA11 TA12 7 7

Event Summary Both generator breakers should have tripped immediately Common Cause Failure Over voltage tripped two battery charges & two inverters (2/4 UPS shutdown) Common Cause Failure 2/4 EDGs failed to energize the safety bus Common design flaw Gas turbine failed to start 70kV grid was available Loss of control room information Loss of network power A&B 8 8

Risk Insights Plant Uniqueness that influence risk : No steam/diesel-driven pumps (diversity /defense in depth) 2 Common Cause Failures (UPS, Generator Relay Protection) EDG controls relied on AC power from UPS Failure of power supplies to control room indications Gas Turbine didn t start 9 9

Event Details When two Uninterruptible Power Supplies (UPSs) failed during the Forsmark event The pressure regulating valve in the primary system failed open The valve remained open until the bus was re-energized Failures beyond single failure that originated from common-cause (IAEA NS-G-1.8 Section 2.11:Common Cause) 10

Over Voltages 11

Over Voltage Breakers can t address lightning surges because they operate too slowly Surge arrestors can divert short duration Overvoltage 12

Over Voltage electrical systems NPP nominally designed for operation with +/-10% Voltage Voltages above120% but below lightning protection lightning features are generally beyond design bases 2006 Forsmark--1 and 2008 Olkiluoto--1 events indicate that Previously assumed Withstand Voltage may be as low as:~130% 13

Recommendations Prevent NPP--grid interaction challenges to NPP electrical power systems (Prevent Grid Challenges) Improve Robustness of NPP electrical systems to cope with grid, and internal NPP electrical faults (Electrical System Coping) Improve NPP training, procedures, display capabilities to deal with degraded electrical systems (Procedures) Improve Coping Capability of NPP to deal with NPP electrical of power system failures (NPP Coping) Improve capability to recover offsite grid to support NPP electrical power systems (Electrical System Recovery) 14

Preventing Grid Challenges WANO SOER 99WANO 99--1 and 2004 Addendum offer practical approaches to reduce electrical grid challenge, including: Binding Agreements for communication, coordination of planned activities Jointly planning, coordinating electrical circuit test & Jointly maintenance activities Grid operators: provide NPPs early warning of grid problems NPP operators: provide grid operators early warning of operational NPP limitations that might impact NPP power output Grid procedures must recognize NPP as priority load center Grid requiring efforts to avoid shedding circuits to NPP requiring NPP 15

Electrical System Coping Identify possible voltage surge transients between nominal and existing lightning surge protection. Include consideration of combinations of events, such as: Large load rejection attempted runback to house load AND failure of main generator excitation and voltage regulator failure Conduct equipment review to determine current Conduct Voltage Withstand capability for power frequency over--voltage transients (including: asymmetric cases) Give special emphasis to recently upgraded solid state equipment that may have the least Voltage Withstand capability This includes: UPS units, rectifier circuits, chargers, I&C power supplies 16

Procedure Improvements WANO SOER 99WANO 99--1 and 2004 Addendum recommend NPP to have procedures for addressing : Degraded voltage Degraded grid frequency How well these recommendations have been implemented, information systems to monitor such events, thoroughness of procedures etc., should be evaluated in each country 17

NPP Coping Capability Recognize defense in depth requires improving ability to cope with losses of uninterruptible electrical buses Review RPS and ESFAS logic circuits to identify any undesirable effects from loss of uninterruptible electrical buses Examples would include: generation of ADS signal in BWRs or Examples AUTO Switchover to Recirculation in PWRs, PORV openings etc., USNRC (1993) issued USNRC Information Notice information 93 11 describing concern and to consider evaluations & modifications for US NPPs 18

For any plants any plants with allelectric Core Cooling: Evaluate providing a diverse means for promptly supplying power to core cooling systems This could include: Direct diesel driven pump Dedicated fast start gas turbines NPP Coping 19

Electrical System Recovery WANO SOER 99WANO 99--1 and 2004 Addendum offer practical approaches to improve electrical system recovery: Grid procedures must recognize NPP as priority load center requiring highest priority for restoration 20

Preferred Failure Modes Supervisory Controls Design to cause failure mode when parameters cross the operating band (voltage, air pressure, hydraulic pressure, etc.,) Provide alarms for inoperative and bypassed conditions Annunciations in Control Room Powered by auctioneered power supply different than logic power (eg: 24vDC multiple power supply units daisy-chained) 21

Power Supplies Provide DC control system (without UPS and inverters) for core cooling systems and AC power with emergency diesel generator back up for powering core cooling pumps & valves Provide AC vital bus with UPS back up for trip systems that have fail-safe logic on loss of power eg. Rod drop systems (reactor protection system) 22

Solutions to House-load Operational Problems When grid conditions are undesirable reduce reactor power to approx. 5-15% Transfer plant loads to offsite power Dump the steam to the condenser Prevent over voltage to UPS and other safety systems Design UPSs to withstand worst case voltage Interrupt power to UPS until fault transients are cleared Bypass house load operation following a fault / protective relay actuation 23

Design Review Failure Mode and effects Analysis How can each part conceivably fail? What mechanisms might produce these modes of failure? What could the effects be if the failures did occur? Is the failure in the safe or unsafe direction? How is the failure detected? What inherent provisions are provided in the design to compensate for the failure? 24

Millstone-2 Failure Modes On July 6, 1992, during a refueling outage, the licensee identified several undesirable failure modes of a two-out-of-four logic following an event. The plant was designed with two sensor cabinets and one actuation cabinet for each of the two trains. (Information Notice 93-11) When power was lost to either one of the vital buses it caused safety injection and sump recirculation actuation. When two of the sensor cabinets in a train lost power it caused the containment sump outlet valves to open Loss of DC power to one actuation train caused power operated relief valve in the other train to open The logic was modified to limit certain combinations of two-out-of-four logic to prevent this problem. 25

Regulations Bulletin 79-27 identify the instrument and control system loads connected to the bus and evaluate the effects of loss of power to these loads including the ability to achieve a cold shutdown condition 26

Regulations Generic letter 89-018 pointed out the incorrect reliance on failsafe design principles and cautioned the industry regarding the automated safetyrelated actions with no preferred failure mode. The need for extra precaution to avoid (a) failure to actuate when necessary and (b) a failure that actuate the system when not required 27

IEEE Challenges ANSI/IEEE Standard 352-1987 (Under Revision) To assist in selecting design alternatives with high reliability and high safety potential during early design phases To ensure that all conceivable failure modes and their effects on the operational success of the system have been considered To list potential failures and identify the magnitude of their effects To develop early criteria for test planning and the design of test and checkout systems Develop UPS qualifying guidance to include 150% overvoltage 28

Simplified Fail-Safe Reactor Trip System with a Two-out-of-Three Logic Instrument Rack Sensor Cabinet Logic Cabinet Actuation Cabinet Train A Pressure Transmitter Test Trip Unit Fuse Fuse DC Power DC Power Train A Fuse DC Power S1A S2A S3A T1A To Process System PT - 1 S3A S1A S2A T2A T3A DC Power Supply S1A S1B T1A T2A T3A TRIP A1 TRIP A2 To Reactor Trip Breaker To Reactor Trip Breaker Train B Pressure Transmitter Test Trip Unit Fuse DC Power Fuse S1B DC Power Train B S2B S3B Fuse DC Power T1B To Process System PT - 2 S3B S1B S2B T2B T3B DC Power Supply S2A S2B T1B T2B T3B TRIP B1 TRIP B2 To Reactor Trip Breaker To Reactor Trip Breaker Pressure Transmitter Test Trip Unit Fuse DC Power To Process System PT - 3 DC Power Supply S3A S3B Loss of power causes actuation Loss of power causes logic actuation Loss of power causes actuation Loss of power causes reactor trip signal 29

Simplified Core Cooling System with a Two-out-of-Three Logic Instrument Rack Sensor Cabinet Logic Cabinet Actuation Cabinet Train A To Process System Pressure Transmitter PT - 1 Test Trip Unit Fuse DC Power Alarm Fuse DC Power Train A S1A S2A S3A S1A S2A Alarm Fuse DC Power T1A T2A DC Power Supply S1A Fuse S1B DC Power Power Supply T1A T2A Power Supply TRIP A1 TRIP A2 Auto start signal to Pumps/Valves Auto start signal to pumps/valves To Process System Pressure Transmitter PT - 2 Test Trip Unit Loss of power causes no actuation DC Power Supply S2A S2B Fuse DC Power T1B T2B To Process System Pressure Transmitter PT - 3 Test Trip Unit Fuse DC Power TRIP A3 TRIP A4 Auto start signal to pumps/valves Auto start signal to pumps/valves DC Power Supply S3A S3B Loss of power causes actuation Loss of power causes actuation Loss of power causes logic actuation Loss of power fails actuation but it causes an alarm for prompt action 30

2024 © autodocbox.com Privacy Policy | Terms of Service | Feedback