Nuclear power plant (NPP) risk assessment is broadly separated into disciplines of nuclear safety, security, and safeguards. Different analysis methods and computer models have been constructed to analyze each of these as separate disciplines. However, due to the complexity of NPP systems, there are risks that can span all these disciplines and require consideration of safety-security (2S) interactions which allows a more complete understanding of the relationship among these risks. A novel leading simulator/trailing simulator (LS/TS) method is introduced to integrate multiple generic safety and security computer models into a single, holistic 2S analysis. A case study is performed using this novel method to determine its effectiveness. The case study shows that the LS/TS method avoided introducing errors in simulation, compared to the same scenario performed without the LS/TS method. A second case study is then used to illustrate an integrated 2S analysis which shows that different levels of damage to vital equipment from sabotage at a NPP can affect accident evolution by several hours.
In response to the expansion of nuclear fuel cycle (NFC) activities -- and the associated suite of risks -- around the world, this project evaluated systems-based solutions for managing such risk complexity in multimodal and multi-jurisdictional international spent nuclear fuel (SNF) transportation. By better understanding systemic risks in SNF transportation, developing SNF transportation risk assessment frameworks, and evaluating these systems-based risk assessment frameworks, this research illustrated interdependency between safety, security, and safeguards risks is inherent in NFC activities and can go unidentified when each "S" is independently evaluated. Two novel system-theoretic analysis techniques -- dynamic probabilistic risk assessment (DPRA) and system-theoretic process analysis (STPA) -- provide integrated "3S" analysis to address these interdependencies and the research results suggest a need -- and provide a way -- to reprioritize United States engagement efforts to reduce global nuclear risks. Lastly, this research identifies areas where Sandia National Laboratories can spearhead technical advances to reduce global nuclear dangers.
This report will summarize the group?s work to provide recommendations to secure nuclear facilities before, during and after an extreme weather event. Extreme weather events can have drastic impacts to nuclear facilities as seen by the earthquake and subsequent tsunami at the Fukushima Daiichi Nuclear Power Plant in 2011. Recent hurricanes in the United States including Hurricane Harvey demonstrate the devastating effects these storms can have on infrastructure and the surrounding communities. The group is attempting to identify the gaps that potential small modular reactor (SMR) facilities will need to address in order to provide adequate site security before, during and after extreme weather events. This effort proceeded in three parts to provide insights and recommendations to secure Small Modular Reactor facilities for extreme weather events:(1) a literature review of academic articles as well as relevant documents including the existing regulatory framework and recommendations from the IAEA, NRC, and DOE, (2) subject matter expert interviews from a wide variety of security backgrounds, and (3) modeling and simulation on a hypothetical SMR facility. Special attention was paid to the interactions between stakeholders and nuclear facility design considerations, particularly the topics of safety and security. Engineering design issues from safety and security perspectives were discussed and included in simulation. Each step informed the proceeding, with the result including full tabletop scenarios of EWE impacts to security system effectiveness on the hypothetical model. This systems-level analysis provides results to inform recommendations to secure SMR facilities.
This document details the development of modeling and simulations for existing plant security regimes using identified target sets to link dynamic assessment methodologies by leveraging reactor system level modeling with force-on-force modeling and 3D visualization for developing table-top scenarios. This work leverages an existing hypothetical example used for international physical security training, the Lone Pine nuclear power plant facility for target sets and modeling.
To support more rigorous analysis on global security issues at Sandia National Laboratories (SNL), there is a need to develop realistic data sets without using "real" data or identifying "real" vulnerabilities, hazards or geopolitically embarrassing shortcomings. In response, an interdisciplinary team led by subject matter experts in SNL's Center for Global Security and Cooperation (CGSC) developed a hypothetical case description. This hypothetical case description assigns various attributes related to international SNF transportation that are representative, illustrative and indicative of "real" characteristics of "real" countries. There is no intent to identify any particular country and any similarity with specific real-world events is purely coincidental. To support the goal of this report to provide a case description (and set of scenarios of concern) for international SNF transportation inclusive of as much "real-world" complexity as possible -- without crossing over into politically sensitive or classified information -- this SAND report provides a subject matter expert-validated (and detailed) description of both technical and political influences on the international transportation of spent nuclear fuel.
This document details the development of modeling and simulations for existing plant security regimes using identified target sets to link dynamic assessment methodologies by leveraging reactor system level modeling with force-on-force modeling and 3D visualization for developing table-top scenarios. This work leverages an existing hypothetical example used for international physical security training, the Lone Pine nuclear power plant facility for target sets and modeling.
Nuclear security relies on the method of vital area identification (VAI) to determine which locations within the nuclear power plant (NPP) need to be protected from radiological sabotage. The VAI methodology uses fault trees (FTs) and event trees (ETs) to identify locations in the NPP that contain vital equipment: structures and components that may result in reactor significant core damage if direct or indirect sabotage occurred. However, the traditional FT/ET process cannot fully capture the dynamics of NPP systems and mitigating measures at play. Existing safety systems or possible operator procedures may be able to avert or mitigate core damage despite the loss of one or more vital areas. Dynamic probabilistic risk assessment (DPRA) methodologies are those that, unlike traditional probabilistic risk assessment, explicitly consider time effects when modeling a system. One common DPRA methodology is that of the use of dynamic event trees (DETs) that drive computer models of a system with user-specified branching conditions to account for uncertainties in a scenario. The DPRA process allows analysts to explore the uncertainties and state space of a scenario in a systematic fashion. A scenario was developed that uses the novel leading simulator/trailing simulator methodology to perform a DET analysis of a combined nuclear safety and nuclear security analysis. The scenario under consideration models the successful sabotage of a vital area by adversaries and determines the effects of timing and the extent of sabotage, as well as possible recovery actions, on the state of the plant. The results of this integrated analysis include the timing and extent of core damage as well as the extent of any radiological release that may occur as a result of sabotage.
