Against the clock16 August 2016
Technology plays a significant role in the nuclear industry’s emergency preparedness and can safeguard against costly regulatory fines when it comes to submitting nuclear notification forms. In the US, every nuclear facility’s response to reportable incidents is underpinned by a dedicated crisis information system. John O’Dell, senior vice president of Intermedix and creator of WebEOC, looks at the software tools available to the nuclear industry and how they have evolved.
Nuclear facilities must ensure they have robust, reliable technology in place. This can help deliver regulatory metrics on reportable incidents on time and compliantly. While this has always been the case, post-Fukushima, there has been a greater need and urgency to be doing this. Furthermore, technology needs to be opened up securely to allow access to authorised agencies, when the level of an incident dictates urgent assistance is required.
For decades now, WebEOC has been at the heart of nuclear power plant safety, and continues to perform a key role in the
safe operation in the US and at other facilities across the globe. The nuclear power industry has always faced a unique set of challenges and never more than in today’s world with its heavily regulated framework. The body tasked with protecting
public health and safety in relation to nuclear energy in the US is the Nuclear Regulatory Commission (NRC) and, in the wake of Fukushima, it was inevitable that the already tight regulations governing power plants would come under scrutiny and be strengthened.
Software like WebEOC is on the regulatory frontline, ensuring that power plants can meet the demands of the regulator and was born out of the nuclear weapons industry. It was recognised very early on that nuclear weapons needed a comprehensive framework to guard their use and to prepare for crisis management. It was also acknowledged that the processes that underpin nuclear weapons safety and security are the same for civilian crisis management. Therefore the tool trusted by the nuclear weapons industry could provide a ready-made, tried and trusted system for managing nuclear power plants in the civilian sector, because the safety processes that underpin both are broadly the same.
Given these facts, it wasn't a difficult process for those of us working with the nuclear weapons industry to take that technology and apply it to crisis management in other sectors. Its application in nuclear power stations was an obvious first step.
The software works by delivering information in real-time from the nuclear power plant to status boards then direct to the nuclear control room. What this means is the very latest accurate data is available instantly to all, allowing more time to focus discussions on decision making versus data and event reporting. This is vital because when it comes to managing a nuclear facility, having instant access to accurate data matters. If data is incorrect by even a single digit, that is a big issue and software helps to deliver the accuracy required and reduces the risk of human error as a consequence.
It is a strange but true axiom that the simplest of communications can prove the most difficult to implement during a crisis. This is because seemingly simple steps must be right. Take the nuclear notification forms. What could be easier than filling in a simple form, right? Wrong. These forms are complex and must be filled in correctly before submission. Get it wrong and the consequences are severe. A mistake in any part of the form destroys the integrity of the whole document and the smart forms help to ensure accuracy 100% of the time. The form can also recognise certain key elements – so do you need to include X data? If so, you must also include Y data, and so on.
The manual notification form was much more open to human error in the past and this was identified as a big risk. Under the old manual system, once the form was complete it would be faxed out, followed by a call to go through, line by line, and then (hopefully) a confirmation. This was a long process and changing to the modern software style systems has been one of the biggest revolutions in the nuclear industry, ensuring these basic, vital communications are accurate means those tasked with making the big decisions are doing so with the very latest, most accurate and up-to-date information at their fingertips.
In the past, nuclear facilities had a procedure book three inches thick with detailed instructions on how to fill this form in. The thought of trying to assimilate the contents of such a tome in a crisis and act on it correctly is a sobering one. Today’s technology has gone beyond that, ensuring the correct data goes in the correct place and that the form is never issued with incorrect data. Does any of this matter? When dealing with nuclear power, you bet it does. In the
US, federal law requires nuclear operating companies to develop emergency response plans and to ensure these are in place. Other countries around the world have similar systems and protocols. The NRC is tasked with approving these plans together at the local level with the US Department of Energy. Without approval, a facility will not be able obtain, let alone retain an operating license.
The regulators are watching and failure to manage the risks and demonstrate you and your staff can take the actions necessary to control and minimise a crisis event, you could be fined hundreds of thousands of dollars as the price for getting it wrong and the whole team responsible could also be fired on the spot. Accurate reporting really is that big a deal and something that no one in the industry here in the US, or overseas, can afford to take lightly and these days, I’m pleased to say, no one does.
Thanks to these latest software systems, the data goes out on time and correct to the satisfaction of some of the most stringent rules and regulators to be found in any sector, anywhere in the world. The smart forms help immeasurably with this process, leaving employees with more time to work on those areas where data must still be added in an ad-hoc manner.
Regulatory bodies keep an extremely close eye on the approval process. Indeed, the NRC often has resident inspectors on duty at each facility around the clock. Once the nuclear notification forms are out, they need to be signed off and then go out for broadcast. There is a non-negotiable 15 minute time window for this to be completed. If you miss this by as little as a few seconds, you have failed. This can come as a shock to those used to time pressures in civilian life. In the nuclear world, that 15 minute deadline is just that, not 15 minutes and three seconds – so anything that speeds up the process is beneficial.
In the civilian environment, it is often essential to be able to share some of this information with other agencies; modern software allows the interface to local systems for status reports and notifications – and to notify the relevant national agencies as required. During an event, personnel need to respond, classify and activate crisis response and notify the authorities. A system is required that will deliver this information accurately in real time. There is a time limit on notifications and how fast you get the data out – and that data must be accurate. You get no second chances. Training drills are a regular part of the job (all subject to the same stringent evaluation and inspection) and these drills cover all the four main classifications of emergency.
Nuclear emergency classification levels
The categories of emergency classification in relation to a nuclear emergency differ across the globe, but are broken down by NRC regulations into four main areas. These are, in ascending order of seriousness, a Notification of Unusual Event (NOUE); Alert; Site Area Emergency; and the most serious, a General Emergency.
As the least serious, an unusual event is defined as something having the potential to impact plant safety that does not include a release of radioactive material. In the US 19 such events were declared in 2014. A work alert indicates a decrease in plant safety. If this were to include a release of radioactive material, it would be limited to a small fraction of EPA public exposure levels. Four such alerts were declared in 2014. A site area emergency signifies that major failures of those plant functions needed for public protection have occurred or are likely to. Should there be a release of radiation, the offsite dose is not expected to exceed EPA guideline levels, other than at the site boundary. In the last three decades there have only been two such events in 1982 and 2006.
The highest level of alert is a General Emergency. This denotes substantial damage to nuclear fuel, with the potential for loss of containment integrity and a radiation release. This could exceed EPA public exposure levels offsite. There have been no general emergencies in the US since the criteria were first established in the wake of the Three Mile Island accident in 1979. In this case, the crisis was compounded by the failure of plant operators to recognise the situation for what it was – something modern software is designed to prevent, by giving everyone the core information they need to make correct decisions during an event.
Given these core classifications, the one thing nuclear plants must be able to satisfy are the regulations governing them and the regulatory authorities behind them. Everything must be documented and all transaction history must be maintained. This holds true in all emergency management situations.
In the past this would all be done manually, first by faxing the information then phoning a ring down. Today, we can now do this electronically, with electronic signatures, even email is accepted. This doesn’t mean hard copy has become obsolete – far from it. The industry moves slowly but it has to be when you cannot afford to make any mistakes. The committees involved, plus the regulators and forms make for a long process.
If high profile incidents like Three Mile Island and Fukushima changed anything, it was to reinforce the importance of real-time information management and the primary role of software tools. The regulators can say – this is the information we need from you. They can come in at any time to demand it and investigate anyone who may have issues. Anything that helps with this process and jumping through the hoops matters.
A crisis information management system is a must. You need to be able to monitor and display everything from the reactor itself to the site boundary. As well as internal issues, you also have to factor in external ones such as dealing with the public and getting all the required actions out on time.
Technology is vital in meeting the expectations of all. It is not a stand-alone isolated tool, but what I like to call the plumbing in the system. Getting this plumbing and technology right is essential, as it gives you the right information on time and the power to determine what information needs to go where and when. The NRC is tasked with protecting public health and safety related to nuclear energy and they often need to approve the data before it goes to the next level.
A global platform
Change can be a slow process, but what is clear is that mobile reporting is coming. WebEOC already has free apps for this – push notification apps – so once the user is logged in the data goes direct to their handset, in a text format, linked to live data.
The advantages of this in an emergency situation are obvious – providing real-time information to those tasked with dealing with a situation on the ground. The app will do all this straight from the nuclear site, helping you to respond. Mapping and GIS is also available, and while not yet used so much from the nuclear angle, it is there. The point is, the technology exists and is available now. A few are using it already, but it is clear the future is that mobile access will be available and used by all.
Social media is also an area that cannot be ignored. Many others involved in crisis management have adopted approaches to social media, but it is understandable that nuclear has not yet taken this route. When it comes to mobile technology and the advent of social media those of us in this business are tasked with constantly looking beyond the curve, so we are prepared for whatever may come. So, including social media as part of the package is already possible but the considered nature of the regulations and approvals process slows this down.
Criticisms of past events have focused on poor or contradictory statements being issued and the impact of this on the emergency services and indeed on a public anxious for news. Having the facts at your fingertips can save lives.
There are many examples in the civilian world where crisis management software has been implemented and saved lives. The Boston marathon bombing in 2013 is one that sticks out in my mind for several reasons. WebEOC was used for this event for years without incident and when the worst did happen, the system swung into action and did what it is supposed to do in delivering the necessary responses as fast as possible. When people are injured, time matters and I’m proud the software did its job in helping the emergency services save lives. There are many other examples where this had also been the case, such as hurricanes and other natural disasters like the wildfires in San Diego in 2007 and 2015.
Experience counts when responding to incidents. The 2007 fires laid waste to 380,000 acres of California and necessitated the evacuation of over 300,000 people. This can’t be done successfully without a viable crisis management plan in place and the tools to manage it. In this and many other situations, thanks to software like ours, state and local emergency responders were able to draw on established relationships and communications developed as part of crisis management simulations with nuclear plants. As I said above, the ways you handle a crisis tend to be the same, no matter what the specifics of a situation.
Security to US nuclear weapons standards
Security is always going to remain a paramount concern when it comes to software and never more so than when managing data concerning a nuclear power plant, especially the contemporary burning issue of cyber threat risk. There is no doubt the cyber threat is a serious one but my colleagues and I have been addressing this before it became part of popular culture. Our product is currently used at all levels of the US Federal government so the system has had to successfully run the gauntlet time and again and triumph over the mother of all security reviews – and we have had to pass them all.
If people honestly think the Federal government takes their word for it if they claim their system is secure, they clearly lack experience. You must not just pass and meet expectations at this level, but exceed them. In this regard our product can be used as a closed network, which the internet cannot access, while maintaining the ability to communicate with other internet systems if need be. Some systems are designed not to be publicly accessible, but can send information to other servers – one-way traffic ensures the integrity of the primary server.
I am often asked why switch to crisis management software if people have had no issues before. This is a variant of ‘if it isn’t broke, don’t fix it’ and underestimates the pace of change and the increasing burden of regulatory frameworks. Using a modern system is vital in demonstrating to regulators that you take the issues seriously and have the plans and systems in place to handle any crisis responsibly.
Drills and exercises are part of life and all those involved in nuclear power must go through these steps. Oversight agencies are going to test you no matter what country you operate in and anything that is going to help you pass such rigorous evaluations and prove you have the competence to handle any situation is a step worth taking. Issues do come up all the time – while you may never get to the status of a ‘General Emergency’, other events are going to happen and software such as WebEOC is one of the systems available to help manage them effectively.
Chernobyl is seldom used as an example because it was such a different world that no one working in modern crisis management today would recognise it. The modern approach is based on the understanding that you must share information (with effective controls), but in the past the focus was sometimes on control first and share second. But that can have terrible consequences. Today, safety is the first priority. You must go through the correct process fast and in a real crisis, the better and more efficiently you can do this, the better you can protect the public.
If you do not manage a drill or exercise effectively, fines will come and your team will be the first people to come under the spotlight. The clean-up cost of Three Mile Island alone was given as $1 billion, setting aside any other considerations. Each and every nuclear facility’s response to reportable incidents must be underpinned by a dedicated crisis information system; not having a system of some kind is just not an option.
About the author: John O’Dell, senior vice president of Intermedix, has extensive experience in the design and development of complex command, control and emergency facilities, and specialises in Crisis Information Management Systems and critical systems integration technology. He has been involved with emergency management and developing Crisis Information Management Systems (CIMS) for more than 20 years and has implemented WebEOC for many customers across the world.