-International Experts’ Meeting on Protection against Extreme Earthquakes and Tsunamis in the Light of the Accident at the

Fukushima Daiichi Nuclear Power Plant (IEM3)-IAEA Headquarters, Vienna, 4-7 September 2012

1

Technology Governance for Nuclear Safety under

Earthquake-Tsunami Environments-Engineering Mission to Overcome the 3.11 Fukushima Disaster-

Hiroyuki Kameda Professor Emeritus, Kyoto University

Technical Counsellor, JNES

Contents

2

1. General Remarks2. Technology Governance– A Key Technology

Management Framework for Nuclear Safety3. Critical Lessons from the 3.11 Fukushima

Accident and Relevance to Technology Governance

4. Action Criteria for Technology Governance5. Input from Investigation Committees with

implications to Technology Governance6. Conclusions

3

1. General Remarks(1) Background+The nuclear safety is being seriously questioned by the people of Japan since the Fukushima I accident.

+The question has enough reasons to be asked in the presence of the accident that should have never happened.

+Thorough and comprehensive reviews must be conducted on i) socio-economic and political issues relevant to energy policy and ii) technological bases of this complex system.

+The final judgment is to be made by the people of Japan.

+Sufficient information must be disclosed enough to make such judgments.

4

(2) Implications to international agenda+The presentation basically reflects Japanese situations; it is very Japanese.

+We believe that the issues discussed herein are universal as well.

+We recognize that some countries do exercise excellent framework of technology governance.

+For other countries, especially new-comers in the nuclear business, it is strongly hoped that lessons learned from the Fukushima accident and described herein be carefully incorporated in their nuclear development processes.

5

* Acknowledgments to:Tsuyoshi Takada (Univ. of Tokyo) and Katsumi Ebisawa (JNES)

* Reference:H. Kameda, T. Takada, K. Ebisawa, and S. Nakamura, “Prevent Nuclear

Disaster (3) – Agenda on Nuclear Safety from Earthquake Engineering”, Journal of Atomic Energy Society of Japan (AESJ), Vol.54, No.9, Sep. 2012, pp.29-35, (in Japanese).

* Note:+ PSA or PRA ? => PRA is employed herein.

6

2. Technology Governance – A Key Technology Management Framework for Nuclear Safety

+It is critically important to use appropriate technology for nuclear safety.

+More importantly, appropriate decision mechanism should be established to implement appropriate technology.

+Comprehensive observations of Fukushima I (SA occurred) and Onagawa, Fukushima II, Tokai II (stabilized before SA) demonstrate its importance.

+The issue is beyond individual technological elements. It questions how to put safety technology firmly in regulation and operators’ cooperate management.

+It is the issue of “Technology Governance”, today’s main subject.

7

*Definition of Technology Governance (proposed)+Technology Governance = Totality of actors, rules, conventions, processes, and mechanisms concerned with how relevant technological information is collected, analysed and communicated and management decisions are taken

+Analogy to “Risk Governance”Ortwin Renn, “Risk Governance towards an Integrative Approach”, IRGC White Paper No.1, International Risk Governance Council, September 2005.

+Should be applicable throughout NPP life cycles: Siting, Design, Construction, Operation, Decommission

8

3. Critical Lessons from the 3.11 Fukushima Accident and Relevance to Technology Governance

i) Report of Japanese Government to the IAEA Ministerial Conference on Nuclear Safety (June 2011), “The Accident at TEPCO’s Fukushima Nuclear Power Stations”, Nuclear Emergency Response Headquarters

ii) IAEA International Fact Finding Expert Mission of the Fukushima Dai-ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, 24 May – 2 June 2011, Report to the Member States

(1) Lessons raised three months after the event:

+ Lessons in category 1: Strengthen preventive measures against severe accidents(1) Strengthen measures against earthquakes and tsunamis, (2) Secure power supply, (3) Secure robust cooling functions of reactor and PCV, (4) Secure robust cooling functions of spent fuel pools, (5) Thorough accident management (AM) measures, (6) Response to issues concerning the siting with more than one reactor, (7) Consideration on placements of NPS in basic design, (8) Ensuring the water tightness of essential equipment = Technical agenda

+ Lessons in category 2: Enhancement of response measures against severe accidents(9) prevention measures of hydrogen explosion, (10) containment venting system, (11) accident response environment, (12) radiation exposure management system at accident, (13) training responding to severe accident, (14) instrumentation to identify the status of reactors and PCVs, (15) Central control of emergency supplies and equipment and setting up rescue team= Technical agenda

+ Lessons in category 3: Enhancement of nuclear emergency response(16) combined large-scale natural disaster and prolonged nuclear accident, (17) environment monitoring, (18) clear division of roles between central and local organizations, (19) communication relevant to the accident, (20) assistance by other countries and communication to the international community, (21) identification and forecast on the effect of released radioactive materials, (22) definition of widespread evacuation area and radiological protection guideline= Technical agenda + Societal agenda + Technology governance

+ Lessons in category 4: Reinforcement of safety infrastructure(23) safety regulatory bodies, (24) legal structure, criteria and guidelines, (25) human resources, (26) independence and diversity of safety system, (27) effective use of PSA in risk management = Technology governance

+ Lessons in category 5: Raise awareness of safety culture(28) Raise awareness of safety culture= Technology governance

i) Report of Japanese Government to the IAEA Ministerial Conference (June 2011)

9

10

ii) IAEA International Fact Finding Expert Mission of the Fukushima Dai-ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, 24 May ~ 2 June 2011

Main feature: Report to the IAEA Member States+ Lessons 1 ~ 15 are mainly technical agenda:

(1) Hazard, (2) Alternative power sources and (3) their handling, (4) Emergency response centers and (5) their functionality, (6) Severe accident management guidelines, (7) Multi-unit issues, (8) Hydrogen explosion, (9) Diversity in defense-in-depth, (10) Information management systems, (11) Off-site emergency preparedness, (12) Sheltering, (13) Utilization of data and information generated from Fukushima accident, (14) Radiation protection for workers, (15) Exercises and drills for on-site workers

+ Lesson 16 is a key for technology governance: (16) Regulatory independence and clarity or roles in nuclear regulatory systems

11

* Fundamental issues in order never to have a recurrence of the Fukushima accident

* Individual engineering agenda converge to a set of critical lessons consisting of:

1) Risk-informed decision2) “Scientific imagination”3) Speed in action

* An engineering principle underlying technology governance

* An umbrella to individual technical components

(2) Critical Lessons raised by an Earthquake Engineer: A Basis for Technology Governance (Kameda (Oct. 2011- JAEE Jour. / Mar. 2012-Int. Symposium on GEJE ) )

12

+ Critical Lessons1) Risk-informed decisionshould be the basis of nuclear safety

measures:Lack of beyond-design tsunami protection was a major cause of the accident at Fukushima-I. This requires risk-informed decision.

2) “Scientific imagination” should be a key for establishing risk models:Historical high have been too widely used in hazard assessment. Extreme events with very long return periods should be incorporated in risk modeling if no historical data but sound scientific bases. There are evidences.

3) Speed in actionis critical: The nature does not wait for us. / i) The case of Tokai II NPP should be positively highlighted where construction of new side walls with increased height (7m) to enclose sea water pump areas, nearly completion at the time of the Great Tsunami, protected the ultimate heat sink function. / ii) Delay of implementing risk-informed decision should be critically reviewed.

13

4. Action Criteria for Technology Governance

(1) Science-based hazard model~ Field-based judgment and scientific imagination leading to appropriate risk models

(2) Risk-informed technology options~ Beyond-design hazard regions / alternatives based on cost~benefit (safety, BCM, etc.) trade-off under risk constraint

(3) Technology assessment incorporating “total process and total system” of nuclear safety

(4) Safety decision standing on technological ethics~ accountability and transparency

(5) Risk communication in the decision process~ purpose = trust building

(6) Multi-disciplinary collaboration~ Fill perception gaps / Overcome academic gaps

(Kameda, Takada, Ebisawa and Nkamura (2012.9- AESJ Journal(in Japanese))

Superposition of "large tsunami" and "high tsunami" in the Tohoku-Pacific Earthquake (PARI)

14

+ Action Criteria (1): Science-based hazard model Field-based judgment and scientific imagination leading to appropriate risk models

Scientificimagination

15

Unit Tsunami Height Site elevation

####1 1 1 1 ---- ####4444 14141414～～～～15151515mmmm 10101010mmmm

####5555,#,#,#,#6666 13131313～～～～14141414mmmm 12121212～～～～13131313mmmm

・・・・Average subsidence of Tohoku-Kanto coastal area ~ – 0.8m

Deign tsunami & reassessment

Construction permit

（（（（1966～～～～1972））））

Based on JSCE guide（（（（2002））））

O.P. 3.1 m

（（（（Chile 1960））））

O.P.5.7 m（（（（Shioyazaki EQ：：：：

M7.9、、、、1938））））

Fukushima I

・・・・Design tsunami & reassessment・・・・Construction permit : 3.7m ( Chile EQ, M 9.0 1960)・・・・2002 evaluation : 5.2m (Shioyazaki EQ, M7.9 1938)

■■■■ Tsunami Heigt・・・・Sea side area: O.P. +6.5 ～～～～ 7m・・・・South side of 1U runnup: O.P. +14 ～～～～ 15m■■■■ Site elevation: O.P. +12m

Fukushima II

■■■■Tsunami Height: around O.P. +13m■■■■Site elevation : O.P. +14.8m

(subsidense about 1m )

Design tsunami & reassessment

Construction permit 2002 JSCE method

O.P.9.1 / 1611 Keichou Sanriku :

M8.6

O.P.13.6 / 1896 Meiji Sanrku :

M8.3））））

Onagawa

Design tsunami & reassessment

Establishment Permit JSCE Method (2002））））

No-description ASL4.9m / Off-Boso:

M8.2、、、、1677

■■■■ Tsunami Height: about H.P. +6.3m (ASL 5.4m)■■■■ Site elevation：：：： H.P. +8.89m (ASL 8m)

- Increased side wall of seawater pump room (under construction): H.P.+5.80m (ASL 4.91m)・・・・New side wall and waterseal outside the side wall (wall completed): H.P.＋＋＋＋7m (ASL 6.11m)

Tokai II

Tsunami height at NPPs(red: observed in Tohoku-Pacific Earthquake; green:site elevation; violet: assessment in construction permit; blue: re-assessments)

+ Tsunami Simulation at NPP Sites (JNES, Oct. 2011)* Calibration to the four NPP sites using a single tsunami source model

78m

*Inversion from tsunami records to generate slips and rupture initiation times at each small segment

*Slip propagation and effects of time lags in tsunami generation from small segments were incorporated

*Max. slip = 78m, Mw = 9.1Note: Consistency with geodetic and ground motion (T=10-20-125-250s filter) based models was confirmed.

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

J 1 8 : O n a g a w a

T im e ( m in )

Wave H

eight(m

)

S i m u l a t i o n

O b s e r v e d

Max 12.3m

Max 12.3m

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

T im e ( m in )

Wave H

eight(m

)

S im u l a t i o n

O b s e r v e d

計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損

Max 9.6mMax 6.9m（計測時間中）

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

T im e ( m in )

Wave H

eight(m

)

S im u l a t i o n

O b s e r v e d

計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損計測不能によるデータ欠損

Max 9.6mMax 6.9m（計測時間中）

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

J 1 8 : F u k u s h im a 2

T im e ( m in )

Wave H

eight(m

)

S i m u l a t i o n

Max 7.9m

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

J 1 8 : F u k u s h im a 2

T im e ( m in )

Wave H

eight(m

)

S i m u l a t i o n

Max 7.9m

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

T im e ( m in )

Wave H

eight(m

)

S im u l a t i o n

O b s e r v e d

4.4m

4.1m

4.5m

4.7m

0 1 5 3 0 4 5 6 0 7 5 9 0 1 0 5 1 2 0 1 3 5 1 5 0

- 1 5

- 1 0

- 5

0

5

1 0

1 5

T im e ( m in )

Wave H

eight(m

)

S im u l a t i o n

O b s e r v e d

4.4m

4.1m

4.5m

4.7m

Comparison with tide gauge records(Nonlinear long wave model)

Onagawa

Fukushima I

Fukushima II

Tokai II

16

Major contributorsto Onagawa NPS

Major contributors to Fukushima & Tokai NPSs

1896 MeijiSanriku Tsunami

17

(a) distinction of "tsunami earthquake" (b) past events and sources of and inter-plate thrust zones TohokuTohokuTohokuTohoku----Pacific EarthquakePacific EarthquakePacific EarthquakePacific Earthquake

Seismicity of Tohoku-Pacific Japan (added to Earthquake Research Committee, 2002)

18

+ Action Criteria (2): Risk -informed technology options

+Critical lesson 1)Risk-informed decision should be the basis of nuclear safety measures:Lack of beyond-design tsunami protection was a major cause of the accident at Fukushima-I. This requires risk-informed decision.

+ The Japanese regulatory framework: the NSC Seismic Design Guide revised in 2006 (NSC, 2006) made explicit statements of the risk concept in terms of "residual risk" which stands for seismic risk of the plant in the beyond-design hazard levels. PRA application was promoted (not enforced). / Slow process of substantial implementation

Scheme of seismic safety assurance of NPP that should be realized under the 2006 NSC Seismic Design Guide

inter-connected

* Quantitative safety assessment of the entire plant system(relative to safety goal/ performance goal)

Accountability to the public

・Basic safety level (Design point) assured explicitly* Benchmark assurance by seismic design

Deterministic format

* Residual risk assessment[Seismic PRA]・Assurance of low "Residual risk" as seismic margin of the entire plant system in beyond-DBGM ranges

Fragility

・Seismic marginas realistic failure point of individual SSC's relative to design level

* Seismic margin assessment of SSC

Probabilistic assessment

Note: SSC = structure, system, componentDBGM = design basis ground motion"Failure" here means functional loss as well as structural failure

hazard levelp

rob

abili

ty d

ensi

ty

DBGM

* covered by "residual risk" assessment (entire plant system)

core damage frequency(residual risk)

* covered by seismic design (benchmark assurance)

* covered by seismic margin assessment (SSC)

PRA, fragility

Risk-informed decision scheme for nuclear seismic safety

Hiroyuki Kameda (Kyoto U., JNES)

Note: The scheme is applicable to tsunami safety.

20

+Key safety parameters are: 1) Design pointto define benchmark assurance, 2) Seismic marginof SSC to clarify their beyond-

design capacity, and 3) Residual riskto define seismic margin of the entire

plant system

+These parameters are connected consistently through fragility concepts and PRA integration.

+ On this basis, we can discuss deterministic design and probabilistic assessment in the same arena of physical phenomena.

+ (Meaningless disputes between “determinist” and “probabilists” should be halted.)

21

+ Benefit of using PRA for earthquake/tsunami protection- Integrated system reliability- Identification of critical accident scenarios and

critical plant components- Rigorous application to common-cause failures

caused by earthquake and/or tsunami- Synthetic treatment of inherent uncertainties- Risk-informed technological options: Cost ~

benefit (safety, BCM, etc.) trade-off alternatives under risk constraint

22

+Action Criteria (3): Technology assessment incorporating “Total process and Total system”

+ Implementing risk-informed decision in regulatory procedure=> Technical decisions must be made under the framework of 1) “Total process” and 2) “Total system”

=> Reduction of integrated system risk

23

+ Conventionalpractice

+ Enhancement(preliminary sketch)

1) Total process:

Hazard Committee(experts)

DBGM/DBTH Committee(experts)

Design Committee(experts)

Decision: NISA(administration)

Gap Gap

Hazard DBGM/DBTH SSC Design

Decision: JNRA(administration)

Integration and feedbackDesign point, Seismic margin, Residual risk

(engineering assessment & review)

Fragility Accident scenario

PRA procedure

24

+ Robustnesse.g.: Identification of critical safety-related SSC? /Redundancy, independence, diversity of safety functions

2) Total system:

+ Multi-hazard e.g.: Combined losses of external power by strong motion and on-site emergency power by tsunami / earthquake-induced fire / earthquake-induced internal flooding, etc.

+ Multi-unite.g.: Functional interactions within unit groups

25

+Action Criteria (4): Safety decision standing on technological ethics ~ Accountability and Transparency

+ Clarify decision processes in terms of “total process” and “total system

+ At regulator meetings, open meeting, disclosed documents showing not only results but processes, and fair operation are essential.

+ Trace, monitor, assess and feedback regulator and operators’ activities.

26

+Action Criteria (5): Risk communication in the decision process~ purpose = trust building

+ Purpose of risk communication:One-way dissemination => Building a foundation of trust

+ Risk information engineers should provide for risk communication based on PRA:i) Core damage frequency (CDF) / Containment failure

frequency / radioactive materials release / public radioactive exposure,

ii) Critical accident scenarios and SSCs’ with high contribution to CDF /

iii) Possibility of simultaneous failure of SSCs (influence of common-cause failure to CDF) /

iv) Ranges of strong motion as major contributors to CDF, etc.

27

+ Quality of information:*Not only numerical results + underlying conditions + process of assessment*Documents accountable to non-experts

+ Research activities:*M. Kitamura: 1) Human interface (HI) technique useful for citizens-experts communication, and 2) Filling gap among experts* T. Takada: Developing a new area “Engineering accountability and understanding”* Nuclear risk communication research by JNES and NITEC, in cooperation with IAEA, involving Kashiwazaki-Kariwa municipalities and local citizens

+ Organization of discussion groups:*e.g.: a local discussion group on nuclear safety consisting of 3/1 pro-nuclear, 1/3 anti nuclear and 1/3 neutral experts

28

+ Regulators’ activities:*USNRC: Diablo Canyon open WS on active faults

* France: ACT No. 2006-686 of 13 June 2006 on Transparency and Security in the Nuclear Field / High Committee for Transparency

* Japan regulators: new actions are being practiced to find public opinions / in the context of trust building, innovation needed / urged to practice and institutionalize a sound mechanism of nuclear risk communication

29

+ Action Criteria (6): Multi-disciplinary collabora tion~ Fill perception gaps / Overcome academic gaps

Responsibility of academia

+ Issues to overcome（（（（A view as a member of Japan Society for Earthquake Engineering (JAEE) and Atomic Energy Society of Japan (AESJ))

* Lack of perspective spanning cross-disciplinary issues* Sticking too much to their own individual fields (Ignore other fields and/or look at other fields only as boundary conditions)

* Gaps between fields should be filled (The nature does not overlook such gaps.)

* Cross-disciplinary brain storming and integration are indispensable.

* Defense-in-depth scheme has been realized neat and robust against NPP accidents caused by internal events.

* In case of earthquakes and tsunami: we deal with common-cause events induced by external loads that simultaneously affect the entire plant system / Not only safety front systems (shut down and core cooling) but support systems (RHR, ultimate heat sink) experience critical conditions as well / Due to large uncertainties in earthquake and tsunami hazards, hazard levels and corresponding SSC performances must be seamlessly integrated through the PRA procedure.

* Collaboration between nuclear safety engineering and earthquake engineering is critically important to connect hazards and system performances appropriately.

* Experience of collaboration between the AESJ Committee on Seismic Safety of NPP (Dec. 2007-March 2012) and the JAEE Committee on Seismic Safety of NPP (Oct. 2008-March 2012)

+ Collaboration between Nuclear Safety Engineering and + Collaboration between Nuclear Safety Engineering and + Collaboration between Nuclear Safety Engineering and + Collaboration between Nuclear Safety Engineering and

Earthquake Engineering ~ indispensable element for Earthquake Engineering ~ indispensable element for Earthquake Engineering ~ indispensable element for Earthquake Engineering ~ indispensable element for

earthquakeearthquakeearthquakeearthquake----tsunami safety of NPPtsunami safety of NPPtsunami safety of NPPtsunami safety of NPP

30

31

1) Official Report of the Fukushima Nuclear Accident Independent Investigation Commission / the National Diet of Japan, 5 July 2012 (NAIIC Report) (http://www.naiic.jp/en/)

2) Final Report on the Accident at Fukushima Nuclear Power Stations of Tokyo Electric Power Company / Investigation Committee of the Japanese Government, 23 July 2012 (http://icanps.go.jp/eng/)

5. Input from Investigation Committees with Implications to Technology Governance

32

1) NAIIC Report, the National Diet of Japan, 5 July 2012

Major issues discussed = Institutional problems / root causes in the Japanese culture“What must be admitted – very painfully – is that this was a disaster ‘Made in Japan.’ Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to ‘sticking with the program’; our groupism; and our insularity.” (K. Kurokawa, Chair)

Recommendations (Institutional aspects of technology governance)on: i) Monitoring the regulatory body by the National Dietii) Reform the crisis management systemiii ) Government responsibility for public health and welfareiv) Monitoring the operatorsv) Criteria for the new regulatory body (independent,

transparent, professional, consolidated, proactive)vi) Reforming laws related to nuclear energyvii) Develop a system of independent investigation

commissions

33

2) Final Report of the Investigation Committee, Japanese Government

Thorough discussion on technical evidences / Institutional clarification (regulators, operators, safety culture)Recommendations (keen for substantiating technology governance):i) Basic stance for safety measures and disaster preparedness

complex disasters, risk perception, disaster victims’ standpoint, incorporating latest knowledge

ii) Safety measures regarding nuclear power generationrisk-based assessment, severe accident management

iii ) Nuclear disaster response systemscrisis management system, emergency response headquarters, off-site centers, roles of prefectural governments

iv) Damage prevention and mitigationrisk communication, monitoring operation, SPEEDI, evacuation procedure, stable iodine tables, medical care, overseas aid

v) Harmonization with international practicesvi) Relevant organizations

regulatory body (independence, transparency, preparedness, information dissemination, professional, R&D update, international), TEPCO, safety culture

vii) Continued investigation of accident causes and damage

34

6. Conclusions

(1) Concept of “Technology Governance” was proposed as a key technology management framework for nuclear safety: its definition was proposed.

(2) Action criteria for technology governance were proposed:1) Science-based hazard model embodying "scientific

imagination"2) Risk-informed technology options 3) “Total process” and “Total system” 4) Safety decision standing on technological ethics5) Risk communication in the decision process6) Multi-disciplinary collaboration

(3) Relevance of technology governance was reviewed by analyzing three sets of lessons from the 3.11 Fukushima Accident and two final reports of investigation committees .