Click for next page ( 106


The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 105
4 HUMAN INTRUSION AND INSTITUTIONAL CONTROLS INTRODUCTION In Section 801(a)(2) of the Energy Policy Act of 1992, Congress asked three specific questions. The first question, about the use of incliviciual dose as a criterion for protecting the public, was addressed in Chapter 2. The second en c! third questions concern the potential that at some future time people might intrude into the repository, thereby defeating its geologic and engineered barriers. We were asker! to examine the scientific basis for predicting human intrusion and the potential for protecting against it, specifically: Question 2. Whether it is reasonable to assume that a system for post-closure oversight of the repository can be cieveloped, based on active institutional controls, that will prevent an unreasonable risk of breaching the repository's engineered barriers or increasing the exposure of individual members of the public to radiation beyonc! allowable limits. Question 3. Whether it is reasonable to make scientifically supportable predictions of the probability that a repository's engineered! or geologic barriers will be breaches! as a result of human intrusion over a period of 10,000 years. Briefly, we conclude that the answer to both questions is "no" for the reasons outlined below. Human activity that penetrates the repository, such as by drilling into it from the surface, can cause or accelerate the release of radionuclicles. Waste material might be brought to the surface and expose the intruder to high radiation doses, or the material might disperse into the biosphere. Even if this does not occur, a borehole could go through the 105

OCR for page 105
106 YUCCA MOUNTAIN STANDARDS repository and open a pathway by which radionuclides more readily reach the ground water. Over the years, DOE has developed a considerable literature on human intrusion and on active and passive controls to prevent it (von Winterfeldt, 19941. For example, some studies have examined resource potential and historical exploration activity and used current understanding and rates of drilling to project future activity. Other studies have detailed examples of monuments and inscriptions that have survived from long ago. Still others have speculated on the characteristics of signs and markers that might improve their long-term effectiveness at delivering a message to future generations. Basec! on our understanding of this literature, however, we conclude that there is no technical basis for predicting either the nature or the frequency of occurrence of intrusions. For some initial period, human intrusion could be managed through active or passive controls. As long as they are in place, active institutional controls such as guards could prevent intruders from coming near the repository. We conclude, however, that there is no scientific basis for making projections over the long term of either the social, institutional, or technological status of future societies. Relying on active controls implies requiring future generations to dedicate resources to the effort. There is, however, no scientific basis from which to project the durability of governmental institutions over the period of interest, which exceeds that of all recorder! human history. On this time scale, human institutions have come and gone. We might expect some degree of continuity of institutions, and hence of the potential for active institutional controls, into the future, but there is no basis in experience for such an assumption beyond a time scale of centuries. Similarly, there is no scientific basis for assuming the long-term effectiveness of active institutional controls to protect against human intrusion. Although it may be reasonable to assume that a system of post- closure oversight can be developer! and relied on for some initial period of time, there is no defensible basis for assuming that such a system can be relied on for times far into the future. Between these limits, the ability to rely on such active institutional systems presumably diminishes in a way that is intrinsically unknowable. We have seen no evidence to support a claim to the contrary. People might disagree, of course, on their predictions for how long into the future active institutional controls might survive and remain effective.

OCR for page 105
HUMAN INTR USION AND INSTITUTIONAL CONTROLS 10 7 The situation is not qualitatively different for passive institutional controls. As long as they are recognized and heeded, passive controls such as markers, barriers, and archival records could serve to warn potential intruders away. Passive controls, too, may be of limited duration, requiring future generations to renew them. While many historical markers, monuments, and recorcis have survived for long periods of time, up to thousands of years, most presumably have not. Those records that have survived might not represent records for which the local social knowledge was continuous. We cannot know those that did not survive to our time. Further, languages have changed over periods of centuries so that fill documents and inscriptions might be clifficult for any but scholars to interpret. Even though technologies for making markers and monuments will improve and even though modern global telecommunications might slow the rate of change of languages, the time span of concern for a high- leve! waste repository far exceeds experience, so there is no technical basis for making forecasts about the reliability of such passive institutional controls. Just as there is no basis for assuming the effectiveness of either active or passive institutional controls to reduce the risk of human intrusion, we also conclude that there is no scientific basis for estimating the probability of intrusion at far-future times. Several types of intrusion can be considered: inadvertent intrusion into the repository in the process of exploring for or producing other resources in the vicinity, intrusion driven by curiosity about the markers and what might lie below them, or intentional intrusion for malicious purposes or to recover the repository contents. (The malicious intrusion might be by a hostile nation or subnational group assuming a societal or institutional presence.) In our view, there is simply no scientific basis for estimating the probability of inadvertent, willful, or malicious human action. Estimating the probability of inadvertent intrusion as a consequence of exploration or production of resources might seem more plausible than for the cases of willful or malicious intrusion. Doing so, however, requires knowledge of which materials at or near the site will be regarded as resources in the future and the technologies that will exist for exploration and production. We cannot predict fixture economic conditions that help to define what is a valuable resource nor can we forecast future exploration technology, although we can observe that, if the past is an aciequate guide, economic conditions and technology will change rapidly

OCR for page 105
108 YUCCA MOUNTAIN STANDARDS in the future. It might very well be, for example, that subsurface exploration technology in the future could be based on remote sensing so that penetration of the surface is no longer required. We therefore do not think that it is feasible to make meaningful predictions about the probability of advertent or inadvertent intrusion. Based on these findings, we make two observations about how to deal with human intrusion in the Yucca Mountain standard. First, although there is no scientific basis for judging whether active institutional controls can prevent an unreasonable risk from human intrusion, we think that if the repository is built such controls ant] other activities can be helpful in reducing the risk of intrusion' at least for some initial period of time after a repository is closed. Therefore, although it cannot be proven, we believe that if a repository is built at Yucca Mountain, a collection of prescriptive requirements, inclucling active institutional controls, record-keeping, ant] passive barriers and markers, will help to reduce the risk of human intrusion, at least in the near term. The degree of benefit is likely to decrease over time. Further, once other knowledge of the repository is lost, passive markers could attract the curious and actually increase the risk of intrusion. Nonetheless, we conclude that the benefits of passive markers outweigh their clisadvantages, at least in the near tertn. Second, because it is not technically feasible to assess the probability of human intrusion into a repository over the long term, we do not believe that it is scientifically justified to incorporate alternative scenarios of human intrusion into a fully risk-based compliance assessment that requires knowledge of the character and frequency of various intrusion scenarios. We clo however conclucle that it is possible to carry out calculations of the consequences for particular types of intrusion events, for example drilling one or more boreholes into and through the repository. We also believe that calculations of this type might be informative in the sense that they can provide useful insight into the degree to which the ability of a repository to protect public health would be degraded by intrusion. For these reasons, to address the human intrusion issue on an adequate basis, we recommence that the repository developer should be required to provide a reasonable system of active and passive controls to reduce the risk of intrusion in the near term and that EPA should specify in its standard a typical intrusion scenario to be analyzed for its consequences on the performance of the repository. Such an analysis will

OCR for page 105
HUMAN INTR USION AND INSTITUTIONAL CONTROLS 109 provide useful quantitative information that can be meaningful in the licensing process, as ciescribe~i later in this chapter. Because the assumed intrusion scenario is arbitrary and the probability of its occurrence cannot be assessed, the result of the analysis should not be integrated into an assessment of repository performance based on risk, but rather should be considered separately. The purpose of this consequence analysis is to evaluate the resilience of the repository to intrusion. Although we believe that a requirement baser! on analyses of intrusion consequences is useful in assessing repository performance at Yucca Mountain, such analyses are likely to be more meaningful in selecting among alternative sites (such as by avoiding sites that have potentially valuable mineral, energy, or ground-water resources) than in assessing the performance of a particular site and design. However, Yucca Mountain has already been selected for evaluation as a potential repository site, so the value of analyses of the consequences of human intrusion at Yucca Mountain is limited. Consideration of analytic approaches that would discriminate among alternative sites with greater or lesser likelihood! or consequences of intrusion is beyond our charge. In the remainder of this chapter, we present our argument for the usefulness of an analysis of consequences of a simple intrusion scenario; ant! provide additional cletai] on the factors we consiclerec] in arriving at our conclusions. The Consequences of Intrusion As noted earlier, the consideration of human intrusion cannot be integrated into a fully risk-based standard] because the results of any analysis of increaser] risk as a consequence of intrusion events would be driven mainly by unknowable factors. We reach this conclusion specifically because the numerical value of the risk of Diverse health effects due to intrusion is always the product of two factors, the frequency of an intrusion scenario and the measure of consequence. However, the frequency of an intrusion scenario in the distant future is indeterminate.

OCR for page 105
110 Technical basis YUCCA MOUNTAIN STANDARDS Some factors affecting an analysis of the consequences of human intrusion can be assesses! from a technical base, and some cannot. The historical record of intrusion in the region of the site, inclucling both rate and characteristics (drill depth, hole size, etc.) and the characterization of known mineral and other current resources near the site, can be assesses! very well. However, the relevance of the historical recorc} is doubting. The physical consequences, in terms of the release and probable dispersion of radioactive materials, which is conditional on a cleaner! intrusion scenario either benevolent or malevolent in purpose (such as the timing ant} physical characteristics of the intrusion ant! whether the intrusion is recognizes! and remecliated), can be assesses! moderately well within limits imposer! by the level of detail contained in the modeling. Aciverse consequences from a specified type of intrusion to a specified local society can also be assesses! moclerately well, but this assessment for the distant future requires making assumptions about many aspects of the future society, including its sources anti technologies for distributing drinking water and food, the ability to detect contamination of food or water, locations of future populations, etc. which cannot be accurately predicted. These assumptions, discusser! in Chapters 2 and 3, are inherent in any health-based standard, and we have recommended that for the purposes of compliance analysis they be made explicit through the rulemaking process. Factors that cannot be technically assessed include the likelihood that institutional controls will persist and succeed over time, or that markers or barriers would persist, be understood, and deter intrusion; the probability that a future intrusion would occur in a given future time period such as in any one year; and the probability that a future intrusion would be detectecI and remediated, either when it occurs or later. In addition, we cannot predict which resources will be discovered or will become valuable enough to be the objective of an intruder's activity. We cannot predict the characteristics of future technologies for resource exploration and extraction or whether future practice will include sealing of physical intrusions such as boreholes. Continued developments in current non- invasive geophysical techniques, for example, could substantially reduce the frequency of exploratory boreholes.

OCR for page 105
HUMAN INTR USION AND INSTITUTIONAL CONTROLS I 1 1 Consequence-based analysis Although it would be desirable if the risks associated with the disturbances to a repository by human intrusion could be integrated into a risk assessment of the undisturbed repository performance, technically it is not appropriate to do so. Rather than a complete risk analysis, one alternative is to examine the site- and design-related aspects of repository performance under an assumed intrusion scenario to inform a qualitative judgment. In this approach, the objective would be to perform a consequences-only analysis without attempting to determine an associated probability for the analyzed scenario. We recommend that the Yucca Mountain standard require such an analysis. We considered at some length the question of whether the calculation of consequences for one or more specified human intrusion scenarios, absent their associated probabilities, could form a useful basis for evaluating a proposed repository site and design. We conclude that the calculations of consequences would provide useful information about how well a repository might perform after an intrusion occurs. The key performance issue is whether the repository would continue to be able to isolate wastes from the biosphere, or if its performance would be substantially degraded as a consequence of an intrusion of the type postulated. Because the form ant! frequency of intrusions cannot be predicted, certain assumptions must be made in order to assess the resilience of the repository to intrusion. As in the case of adopting a mode] of the biosphere ant! identifying critical groups, selecting an intrusion scenario for analysis entails judgment. To provide for the broadest consideration of what scenario or scenarios might be most appropriate, we recommend that EPA make this determination in its rulemaking to adopt a standard. In this regard, we suggest the following starting point. For simplicity, we considered a stylized intrusion scenario consisting of one borehole of a specified diameter drilled from the surface through a canister of waste to the underlying aquifer. One can always conceive of worse cases, such as multiple boreholes with each penetrating a canister, but this single-borehole scenario seems to us to hold the promise

OCR for page 105
112 of providing consiclerable minimum complication. YUCCA MOUNTAIN STANDARDS . Insight into repository performance with the An example of a scenario that we believe provides a reasonable basis for evaluation would postulate current drilling technology but assume sloppy practice, such as not plugging the hole carefully when abandoning it, after which natural processes would gradually modify the hole. Although the time at which the intrusion occurs in the future is arbitrary in any hypothetical scenario, we believe it is useful to assume that the intrusion occurs during a period when some of the canisters will have failed but the released materials would not otherwise have had time to reach the grounc! water. This assumption places emphasis in the consequence analysis on the creation of enhancer! pathways to the environment (both to the atmosphere and to the aquifer) as opposed to emphasis on the intrusion's breaching of the canister, which will happen eventually even without human intrusion. Having definer! the reference scenario, the principal questions are what consequence should be assesses} and how the result should be interpreted. In our view, the performance of the repository, having been intruded upon, should be assessed using the same analytical methods and assumptions, including those about the biosphere and critical groups, used in the assessment of the performance for the undisturbed case. This analysis should be carried out to determine how the hypothesized intrusion event affects the risk to the appropriate critical groups. We propose that the figure-of-merit for this calculation should be the same as in the undisturbecI case, because a repository that is suitable for safe, long-term disposal should be able to continue to provide acceptable waste isolation after some type of intrusion. The result ofthis calculation, however, would be a conditional risk: that is, a risk assuming that the hypothesized intrusion occurs. Because the probability is inherently unknowable, we are led to the conclusion that the most useful purpose of this type of analysis is to identi fy the incremental effects from the assumed scenario. As indicated earlier, we believe that Under many conditions, the effect of multiple boreholes presumably would be the sum of the effects of each taken separately, but circumstances when this assumption is invalid can easily be conceived. Because construction of scenarios is arbitrary, we would argue for the simplest case that tests the repository.

OCR for page 105
HUMAN INTRUSION AND INSTITUTIONAL CONTROLS 113 since human intrusion of some type might be likely at some time in the future, a repository should be resilient to at least modest inadvertent intrusions. Because whether and how frequently intrusion events might occur are unknowable, how important these effects are for our expectation that the repository will protect the public can also only be a matter of judgment. Our recommendation is that EPA should require that the conditional risk as a result of the assumed intrusion scenario should be no greater than the risk levels that would be acceptable for the undisturbed- repository case. The conditional risk calculation would not include risks to the intruder or those arising from the material brought directly to the surface as a consequence of the intrusion. As with other policy-related aspects of our recommendations, we note that EPA might decicle that some other risk level is appropriate. Finally, we wish to reiterate that the single borehole scenario that we have discussed should not be interpreter} as an estimate of the likely form or frequency of intrusion. A calculation of consequences for such an intrusion removes from consideration a number of imponderables, each of which would otherwise need to be treated separately, including the probability that an intrusion borehole would intersect a waste canister, the probabilities of detection and remediation, and the effectiveness of institutional controls and markers to prevent intrusion. This scenario should not be interpreter! as either an optimistic or pessimistic estimate of what might actually occur, because there might be no boreholes that intercept canisters, or there might be more than one. We believe that the simplest scenario that provides a measure of the ability of the repository to isolate waste ant! thereby protect the public health is the most appropriate scenario to use for this purpose. ADDITIONAL BASES FOR OUR RECOMMENDATION In this section we discuss two additional aspects of the human intrusion question that underlie our thinking: the various categories of future human intrusion scenarios and the categories of hazards that could result from a typical borehole intrusion.

OCR for page 105
114 YUCCA MOUNTAIN STANDARDS Categories of Future Human Intrusion Events For the purposes of considering how to clear with human intrusion in the context of stantiard-setting and licensing, we have focused on the particular class of cases in which the intrusion is inadvertent and the intruder does not recognize that a hazardous situation has been created. We consiciered several other categories of intrusive events. One case is when the intrusion is inadvertent, but the intruder recognizes that a radioactive waste repository has been clisrupted ant! takes corrective actions. On the assumption that the corrective measures taken are effective ant! the repository is sealed, this class is not of concern. If, however, corrective actions are not taken or are ineffective, this type of intrusion is operationally the same as the inadvertent intrusion that is not recognized as hazardous, which is the class of cases on which we have focused. We also considered! intentional intrusion for either beneficial or malicious purposes, but concluded that it makes no sense indeed! it is presumptuous to try to protect against the risks arising from the conscious activities of future human societies. Given the potential energy value of the wastes intended for Yucca Mountain, however, this category of intrusion scenarios might be likely. Categories of Hazards Resulting From an Intrusion We have identifier] three broad types of hazards from radioactive material that could occur as a result of an intrusion into the repository of the type characterizes! by borehole scenarios. The categories are: Hazards to the intruders themselves (the drillers, miners, or handlers of material previously in the unclisturbed repository). Hazards to the public from any material brought directly to the surface by the intrusive activity. These hazards would arise because such material, now no longer at depth within the repository, would! now be mobile in the biosphere, and the public (in addition to the intruders) can be exposed to the material.

OCR for page 105
HUMAN INTR USION AND INSTITUTIONAL CONTROLS 11 5 Hazards that arise because the integrity of the repository's engineered! or geologic barriers have been compromiser! by the intrusion. In the first and second instances, we concluded that analyzing the risks to the intrusion crew and the risks from any material brought directly to the surface as a consequence of intrusion is unlikely to provide useful information about a specific repository site or design and therefore should not provicle a basis for judging the resilience of the proposed repository to intrusion. Whenever highly dangerous materials are gatherer! into one location ant! an intruder inadvertently breaks in, that intruder runs an inevitable risk. This is not unique to a cieep geologic repository, and all deep geologic repositories have this feature. In particular, for inadvertent human intrusion, we believe that it wouIc! not be feasible to take regulatory actions today to protect the intrusion crew itself against the risks of its actions, except that requirements identified above associates! with active or passive institutional controls might be helpful in this regard. However, it is possible that an inadvertent intruder would not recognize or wouIc} irresponsibly ignore the hazard and wouIc! leave the cuttings on the surface so that further exposures would occur. This is the second category of hazards listed above. Our view is that the amount of such future cuttings might not be very different from one repository site or design to another, especially given the unknown nature of an intrusion. Analysis of this hazard too, therefore does not provide information that is useful for judging the ability of the particular repository site ant} design to protect the public. In this case, we also believe that it is not feasible to take regulatory actions tociay to alter the repository design to minimize these risks. We therefore, recommend that the compliance analysis should concentrate on the third category of hazard posed by human intrusion, the one resulting from modification of the repository's barriers and the consequences of these mollifications for the ability of the repository to perform its intended function.

OCR for page 105