There is an NRC event report out today about a reactor SCRAM in Clinton, Illinois that occurred "after main steam bypass valves unexpectedly closed" and caused a high pressure condition in the reactor. No high pressure safety valves were blown; and 'the licensee is MANUALLY controlling the steam bypass valves to remove decay heat via the main condenser. The situation occurred "during a planned shutdown in preparation for refueling outage"
This reactor SCRAM is interesting on several levels. Accidents are mostly likely to happen when humans are mucking with the reactor, in this case they were getting ready to shut things down. Odds are it was "pilot error". But now they are "manually" controlling the valves, which would again increase the risk of further pilot error.
The real question is does "manually" imply that some one is physically turning a valve with a wrench, when required; or, does it mean they have just switched off the autopilot and the driver is now just pushing a button on the dashboard when required.
The situation also tripped our Red team / Blue team thinking. The statistical data indicates that the reactor is safest when machines run the system, but machines are also prone to hack. At what point does the safety of automation increase the system vulnerability to nefarious actions? How hard is it hack the controller for the bypass valves, and what are the odds that the safety pressure relief valves were installed incorrectly, and as a result did not blow? What are the odds Clinton Illinois has created an additional process to add to the Murphy watch list?
No comments:
Post a Comment