Control Global
Páginas: 9 (2050 palabras)
Publicado: 2 de agosto de 2011
TMI-2 plant at Three Mile Island in Pennsylvania
http://www.controlglobal.com/articles/2009/3MileIslandAccident0905.html
Bela Liptak
At 4 a.m. on March 28, 1979, Unit 2 of the 900-MW reactor at the TMI-2 plant at Three Mile Island in Pennsylvania experienced a partial core meltdown. Between 13 and 43 million curies of radioactive krypton gases were released, half the core melted, and 90%of the fuel rod cladding was destroyed. The maximum offsite radiation reached 83millirem, but the radiation dose received by the community was small.
Figure 1 shows the main components of the plant and the instrumentation that had a role in the accident (other instrumentation has been eliminated from the drawing). This simple process consisted of three heat transfer loops, located from the left tothe right in the figure. The first or "primary" loop transfers the heat generated by nuclear fission into the high- pressure reactor cooling water (PWR). The heat from this closed circuit is transferred into the "secondary" feed water loop that takes it into the steam boiler. The steam is used to generate electricity in the turbine generator, while the waste heat from the condenser is sent to thecooling tower.
Figure 1
Here, I will describe each "domino" in the sequence of events that led to this accident and contributed to the public distrust of nuclear energy. After each event, I will note in parenthesis how properly designed process control systems and better operator training could have prevented the accident.
1) Operators working on an upstream demineraliser at 4 a.m.unintentionally caused one or more of the three HCV-1 valves to go to "fail-closed" by accidentally admitting water into the instrument air system. The valves were badly designed because all valves on cooling applications should fail open. In addition, the operators did not realize that the valve(s) had closed. (Remedy: Select valve failure position correctly, and do not allow water or anything but airinto the instrument air system. Add an electric motor-actuated parallel backup valve and provide limit switches on all valves with status displays and alarms in the control room.)
2) This caused the main feed water pumps (P2) to stop. (Remedy: Provide bypass valve(s) around HCV-1 and automatically open them if HCV-1 should be open and it is not. On all automatic valves in the plant, provide limitswitches that trigger alarms if the valve doesn't take the automatically requested position).
3) Because the secondary feed water was stopped, the heat from the primary reactor coolant water (PRW, circulated by P1) was no longer being removed. This caused the temperature to rise and the reactor to scram (control rods inserted to cease fission). (Remedy: Alarm and automatically open HCV2, start theauxiliary feed water pump(s) P3, and actuate high-temperature alarm on the PRW inlet.
4) The reactor that was shut down continued to generate "decay heat," and the stationary secondary water in the boiler quickly turned into steam. This automatically started the emergency cooling water pump (P3), but that did no good because valve(s) (HCV-2) were also failed closed because of the water in theinstrument air supply line. (Remedy: Same as in 1, plus provide safety interlock that automatically starts a backup pump and opens its valve if P3/HCV2 fails to respond.)
5) Next, the PRW temperature and pressure in the reactor started to rise. The high-pressure switch (PSH-3) on the pressurizer tank opened the pilot-operated relief valve (PORV-3), which started to relieve the PRW water into thequench tank (QT). When the pressure dropped and PSH-3 signaled PORV-3 to close, it remained open. (Remedy: The selection of fail-in-last position valve was wrong, so use designers who know how to select valve failure positions. Also automate the block valve HCV5 with an electric motor and close it if PFH-3 signals PORV-3 to close and it does not).
6) The operators did not know that PORV-3 was...
http://www.controlglobal.com/articles/2009/3MileIslandAccident0905.html
Bela Liptak
At 4 a.m. on March 28, 1979, Unit 2 of the 900-MW reactor at the TMI-2 plant at Three Mile Island in Pennsylvania experienced a partial core meltdown. Between 13 and 43 million curies of radioactive krypton gases were released, half the core melted, and 90%of the fuel rod cladding was destroyed. The maximum offsite radiation reached 83millirem, but the radiation dose received by the community was small.
Figure 1 shows the main components of the plant and the instrumentation that had a role in the accident (other instrumentation has been eliminated from the drawing). This simple process consisted of three heat transfer loops, located from the left tothe right in the figure. The first or "primary" loop transfers the heat generated by nuclear fission into the high- pressure reactor cooling water (PWR). The heat from this closed circuit is transferred into the "secondary" feed water loop that takes it into the steam boiler. The steam is used to generate electricity in the turbine generator, while the waste heat from the condenser is sent to thecooling tower.
Figure 1
Here, I will describe each "domino" in the sequence of events that led to this accident and contributed to the public distrust of nuclear energy. After each event, I will note in parenthesis how properly designed process control systems and better operator training could have prevented the accident.
1) Operators working on an upstream demineraliser at 4 a.m.unintentionally caused one or more of the three HCV-1 valves to go to "fail-closed" by accidentally admitting water into the instrument air system. The valves were badly designed because all valves on cooling applications should fail open. In addition, the operators did not realize that the valve(s) had closed. (Remedy: Select valve failure position correctly, and do not allow water or anything but airinto the instrument air system. Add an electric motor-actuated parallel backup valve and provide limit switches on all valves with status displays and alarms in the control room.)
2) This caused the main feed water pumps (P2) to stop. (Remedy: Provide bypass valve(s) around HCV-1 and automatically open them if HCV-1 should be open and it is not. On all automatic valves in the plant, provide limitswitches that trigger alarms if the valve doesn't take the automatically requested position).
3) Because the secondary feed water was stopped, the heat from the primary reactor coolant water (PRW, circulated by P1) was no longer being removed. This caused the temperature to rise and the reactor to scram (control rods inserted to cease fission). (Remedy: Alarm and automatically open HCV2, start theauxiliary feed water pump(s) P3, and actuate high-temperature alarm on the PRW inlet.
4) The reactor that was shut down continued to generate "decay heat," and the stationary secondary water in the boiler quickly turned into steam. This automatically started the emergency cooling water pump (P3), but that did no good because valve(s) (HCV-2) were also failed closed because of the water in theinstrument air supply line. (Remedy: Same as in 1, plus provide safety interlock that automatically starts a backup pump and opens its valve if P3/HCV2 fails to respond.)
5) Next, the PRW temperature and pressure in the reactor started to rise. The high-pressure switch (PSH-3) on the pressurizer tank opened the pilot-operated relief valve (PORV-3), which started to relieve the PRW water into thequench tank (QT). When the pressure dropped and PSH-3 signaled PORV-3 to close, it remained open. (Remedy: The selection of fail-in-last position valve was wrong, so use designers who know how to select valve failure positions. Also automate the block valve HCV5 with an electric motor and close it if PFH-3 signals PORV-3 to close and it does not).
6) The operators did not know that PORV-3 was...
Leer documento completo
Regístrate para leer el documento completo.