Not everyone in the hoistand crane-making industry appreciates just how complex the requirements for a crane at a nuclear-licensed site has to be. Or, to put it another way, “a lot of people in the nuclear world do not appreciate just how unsuitable a commercial crane will be for their application.”
So says Dave Little, nuclear sales manager for SCX Special Projects.
“Lifting a load in a nuclear environment is not the hard part,” he says. “It is often harder to design the crane to fit within the physical constraints of the building, and even then, installing it can be as challenging as the design.”
This is especially true for decommissioning work. It is now more than 60 years since the world’s first commercial nuclear power generating plant opened at Windscale (now Sellafield) in 1956. New plants are still being built around the world; but many more have reached the end of their design life and are being decommissioned or are being granted extensions of operating lifetimes and need upgrades or refurbishments that require new lifting gear. “SCX has installed cranes at the majority of UK nuclear-licensed sites including Sellafield, Sizewell, Dounreay, Hunterston, Bradwell, Winfrith and others,” says Little. “Compared to installing lifting gear in new nuclear stations, decommissioning is much the harder challenge.
“Often the cranes have to be designed to the same level of failure-proof requirements and certification, but they need to be installed in buildings that were put up 50 or 60 years ago and that were never designed to have further equipment put into them,” he says.
“For example, one project was to downsize and remove waste, for later packaging, that was submerged within a vault. It involved installing a multistage telescopic mast and manipulator, fully remote controlled, single failure- proof and fully recoverable, with a 12m vertical deployment and 4m horizontal reach; but with only very limited headroom.
Designing and installing the final solution was not easy. Reasons like these mean that lifting gear for the nuclear industry is very rarely an off-the-shelf solution. It has to be designed not only for work in a radioactive environment, but to meet the rigors of the project-specific safety case for work inside each nuclear licensed site.”
Cranes operating in a radiation-controlled area need to be remotely operated, but radiation presents other design constraints that are not always obvious. “For example, high levels of radiation can degrade digital electronics,” says Little. “That means that many modern digital instruments are simply unsuitable for use in this environment, and you have to revert to an analogue equivalent.” And, digitisation being so ubiquitous nowadays, it can crop up where you least expect it, creating pitfalls, sometimes unexpected ones. “Within BS EN61508 safety circuits you will want a range of transducers in your system,” says Little. “Transducers are categorised as Type A and B. Type B transducers are intelligent, with some form of digital processor inside them; Type A are analogue. Quite often people will innocently use Type B transducers as the digital content is often not clear in the manufacturer’s literature. It’s only when the independent design authorities review the design—which also is a nuclear industry requirement—that you may suddenly find that your design is non-compliant and have to start again! Understanding the safety requirements really is a minefield for the unwary.”
But even with the specialised knowledge that would spot the hidden processor, your problems are not over. Type A transducers are, in effect, yesterday’s technology: “Fewer and fewer manufacturers make them now,” says Little. “They are hard to find, and when you do find them it is a very small market, so they are expensive.” And you have to keep hoping that manufacturers will carry on making them.
Every element of a design has to be cleared by the nuclear safety authority, with certification and a paper trail to prove it. Sometimes the difficulties are rooted in history. “Non-nuclear safety allows the use of type B, intelligent, transducers; nuclear safety has by definition to err on the side of caution.
Therefore nuclear cranes lag behind some of the modern commercial approaches to crane implementation,” says Little. “There is talk that the industry is considering allowing digital control under certain circumstances, but I am not holding my breath… .”
In such a safety-critical industry you need to ensure that the equipment is reliable and safe far beyond all limits of its operation. “We recently supplied a hoist with a design life of 100 years for an intermediate level waste (ILW) store. Its task is to put ILW drums into long-term storage; when full the store will hold thousands of drums. The crane has full remote control, with semi-automatic operation, a bespoke grapple and lifting interface, and full recovery capability for all three axes of travel. To ensure design integrity and failure proofing it has segregated power and control for normal operation and separate set of segregated power and control for the redundant recovery systems.”
And before any hoist is sent to its plant, it is fully tested, under all operating conditions, at the factory. “The last thing you want is to be making modifications to any system inside a nuclear-licensed site; so it is vital that you do full testing, of everything that it will do on-site, before it gets there. You build a mock-up of the installation at your own factory. It is all about managing risk—that is the key.”
The most shocking nuclear disaster of recent years has of course been Fukushima. Tsunami are generally caused by seismic events offshore; and seismic resistance is something that has to be designed into any nuclear plant. “Seismic verification for nuclear cranes comes in different categories of earthquake withstand,” says Little. “The base requirement might be that the crane must not collapse or drop the load but that the crane doesn’t need to function post event; more onerously, the requirement might be that it must not collapse or drop the load and that it should continue to function as normal after the event. This is all specified within each project’s safety case.
“Another recent project we completed was to install two 25t, seismically qualified, Goliath cranes with 35m span on a 350m runway at an outdoor nuclear licenced site. Each crane has full semi-automatic, remote control and multiple layers of nuclear-safety protection.
So it has normal travel limit switches and speed limiters, as on any gantry crane. But on top of that it has a layer of nuclear protection: another set of stop limits, another set of speed limiters, both independent of the first layer. And on top of that there is yet a third layer, again independent, in case the first two both fail. To give substantiated SIL (Safety Integrity Level) protection these three layers are all independent, all with segregated wiring routes and—this one is important— each layer using diverse technology and/ or a different manufacturer for each sensor.
Here again, due to limited demand, you run into the unexpected difficulty that there may not be enough diverse types of sensor in the marketplace to eliminate all possible occurrences of common mode failure.
“This level of independent and layered safety system not only carries a large financial cost but it also carries a large weight. Over 10t of additional cabinets, cabling, containment, cable reelers and festoons was required for each of these cranes.”
Steve Waisanen, president of nuclear cranes and services division of Konecranes, has 33 years of experience in the sector. “Seismic qualification will depend on where the crane is located,” he says. He cites an overhead crane at the nuclear facility at Diabolo Canyon in California, which is close to two fault lines. “In an earthquake it might experience lateral loadings of 13g—thirteen times the force of gravity. Without special precautions in the design, under that sort of stress the mass of the crane would roll down its runway and take the whole building down.”
He also takes care to stress the extreme control of every stage of manufacture of cranes for nuclear use. “Nuclear cranes are classified by where in the process they are used. Commercial plants that are generating power have safety requirements that are through the roof,” he says. “If the crane is in a radiation-rich environment, handling loads actually inside the core, you cannot break requirements for redundancy and singlefailure safety.”
Consider, for example, a crane in a turbine hall of a nuclear power plant. It may be lifting heavy loads over the turbine itself. If the reactor is of the PWR (Pressurised Water Reactor) design, the reactor core heats water, which flows to a steam generator where it transfers its thermal energy to a secondary system which powers the turbines. The steam in the turbines therefore has not been in the core and is not highly radioactive.
Compare that to the BWR, (Boiling Water Reactor), less common but used in Canada and elsewhere. In this the reactor boils the water, which drives the steam turbine directly. The water in the turbine has therefore been through the reactor core and is radioactive, and an accident in the turbine hall might therefore release radioactivity.
Any lifting apparatus in the turbine hall must have safety systems that are much much more extensive.
Single failure cranes do what they say: failure of any single component cannot result in the load either dropping or being stranded. Full recovery of the load under any circumstance is a requirement. Konecranes has had patents in the field since 1974.
They developed, says Waisanen, out of requirements, dating back even further, for cranes to lift solid-fuel rockets for NASA’s Gemini space program. As Weisanen puts it, with some understatement: “It is really bad if you drop a rocket.”
NOG 1 is the standard set by ASME (American Society of Mechanical Engineers) for overhead and gantry cranes in nuclear facilities; the European equivalent is KTA 3902 and KTA 3903 from the German Nuclear Safety Commission.
Designing for nuclear safety, he says, is a probability issue. “You cannot end up with a circumstance where failure can occur. Two approaches can be used or combined. You can have redundant components which come into play should its counterpart fail; or you build in a safety factor so great as to make failure highly improbable. If the maximum load to be carried, for example, is 5t, the lifting capacity of the crane transporting it might be ten times that.”
The extra capacity might not be entirely wasted. Polar cranes, which are gantry cranes that run on circular tracks above the reactor core, are common in reactors, used for example to lift fuel rods. It is a convenient arrangement because the tracks are mounted on the walls of the containment building, which itself is generally of circular design. “You can use the polar crane, at higher capacity, when you are actually building the facility, as a construction crane. Then, once the facility is up and running, you use it as an operating crane, at a much lower capacity.”
As Little has also pointed out, the documentation required to ensure that all parts of the crane meet the safety requirements are tremendous: “For example, all structural work needs a certificate, confirming its chemical composition.” A plate from every steel component is sent for third-party testing to confirm its compliance. Every weld is tested and documented, and weld maps confirm the penetration of every single weld.
“The machine must be exactly the same as the design drawing,” says Waisanen. “At inspection, any deviation is counted as non-conformant, and must be documented and tested and signed off, generally by the customer. Make the smallest change and you suddenly find you have generated a huge amount of paperwork.”
That is for mechanical components. Control of electrical components is just as severe. “You must, just for starters, use radiation-resistant wire. You cannot use PVC coatings on it, because PVC turns brittle under radiation. So insulations must be designed for the levels of radiation that will be encountered. Where wires terminate you cannot use standard crimped lugs because you cannot tell if they will have been properly crimped.”
And it is not only the crane components that are so regulated: even the tools used to put them together must be certified. “Torque wrenches must be calibrated and certified; and that must be repeated every year.” An engineer assembling a crane for nuclear use cannot simply reach for the nearest spanner to hand.