UPDATE: I just came across some evidence to suggest that some of the techniques in WASH-1400 evolved from a variety of other places…  I will post these older docs and reports on a new page soon.

Thanks to the diligent searching/scanning efforts of my new graduate student Jon Becker and assistance from several members of the RISKANAL users group, for the first time ever you can download the entire WASH-1400 report right from a single web page.  Prior to this landmark event, pieces of WASH-1400 were scattered across the Internet – a few appendices at the NRC website, an executive summary at OSTI and other pieces elsewhere.  I just updated Wikipedia to link to this post so that future readers interested in learning more about the heritage of PRA can download a copy of this important report for their personal consumption.

Click on any of the links below to download the desired section of the “Reactor Safety Study: An Assessment of Accident Risks in U.S. Commercial Nuclear Power Plants” (WASH-1400, NUREG 75/014)

• Executive Summary (18 pages, 4.4 MB)
• Main Report (228 pages, 11.7 MB)
• Appendix I: Accident Definition and Use of Event Trees (113 pages, 11.4 MB)
• Appendix II: Fault Trees (607 pages, 35.2 MB)
• Appendix III: Failure Data (112 pages, 11.5 MB)
• Appendix IV: Common Mode Failures: Bounding Techniques and Special Techniques (55 pages, 6.2 MB)
• Appendix V: Quantitative Results of Accident Sequences (142 pages, 6.1 MB)
• Appendix VI: Calculation of Reactor Accident Consequences (500 pages, 23.7 MB)
• Appendix VII: Release of Radioactivity in Reactor Accidents (292 pages, 25.3 MB)
• Appendix VIII: Physical Processes in Reactor Meltdown Accidents (177 pages, 19.0 MB)
• Appendix IX: Safety Design Rationale for Nuclear Power Plants (43 pages, 5.2 MB)
• Appendix X: Design Adequacy (166 pages, 17.5 MB)
• Appendix XI: Analysis of Comments on the Draft WASH-1400 Report (141 pages, 12.6 MB)

Need I say that WASH-1400 is a big document???  Here is a funny email exchange I had with my graduate student before he realized just how big WASH-1400 is:

PROFMCGILL (me), 11:51AM: “I need a scanned copy of the WASH-1400 “Reactor Safety Study” report by Norman C. Rasmussen.  It is not available online.  The Engineering Library has it.  I need the executive summary, main report and all its appendices. Can you make this happen?”

GRADSTUDENT (Jon), 11:54AM: “On it. I’ll have that to you when I come back from lunch.”

PROFMCGILL, 12:02PM: “Good luck… do you have any idea how long it is?”

GRADSTUDENT, 12:25PM: “Ha! You have a truly formidable ability to fill people with dread in the span of one question. I’ll find out after lunch which I am about to take.”

PROFMCGILL, 12:35PM: “Enjoy lunch.”

A few hours later…

GRADSTUDENT, 2:23PM: “The report you have requested occupies about a foot of library shelf space.”

At this point, my grad student decided to commence an extensive librarian-assisted Internet search to find whatever pieces of the report there was to be found in electronic form.  He dreaded the idea of having to scan the fold-out fault trees!  Fortunately, everything was avaiable, just not in the same place.

Send article as PDF to

Since the events of 9/11, particularly following the creation of the Department of Homeland Security, much attention has been paid to the use of probabilistic or quantitative risk analysis methods for the purposes of informing security investment decisions.  The debate on the appropriateness of these techniques was quite intense for awhile (say 2003-2006), and to some extent I think there was no clear winner (though I think we are finally coming to grips with what “risk-informed decisions” really means, which in a sense weakens the need for this debate).  Among the fighting and debating, I often found myself wondering what the late Prof. Norm Rasmussen would say about the value of QRA for security.  Now, a number of well-respected scholars have spent quite a deal of time and effort writing on the issue (e.g., Apostolakis, Cox, Bier, Ayyub, Haimes, Kunreuther, Slovic, Pate-Cornell, Diesler, Lave, etc.).  But nowhere could I find even a comment from Rasmussen on the issue.

[NOTE: Norman C. Rasmussen was the director of the famous 1975 Reactor Safety Study, or WASH-1400.  Because of its extreme significance in those days, the report was nicknamed "The Rasmussen Report." I hope to have a copy of the WASH-1400 report posted to this site sometime really soon - oddly enough I can't find it anywhere online]

Then there was my visit to Sandia.  I was priviledged to sit in on a presentation delivered by a scientist at Sandia National Labs that walked through the history of Security Risk Analysis from the Sandia perspective.  On one of the slides there was a quote about the appropriateness of QRA for security attributed to Professor Rasmussen himself!  I was truly taken aback!  I asked whether there was citation I could use for this quote, and low-and-behold there was.  Thanks to the Sandia people, I was able to obtain a copy of this paper and post it here via Scribd:

The citation information is as follows:

• Rasmussen, N. C. (1976). “Probabilistic Risk Assessment: Its Possible Use in Safeguards Problems.” Presented at the Institute for Nuclear Materials Management meeting, Fall 1976, pp. 66-88.

Note the timing… this commentary was made just after the 1975 release of the WASH-1400 report.  My understanding was that many believed PRA/QRA could be applied to problems outside the domain of nuclear safety, perhaps to include nuclear safeguards.  Prof Rasmussen believed then that QRA methods, as outlined in WASH-1400, are NOT appropriate for quantifying safeguards risks (though he says nothing about their usefulness in empowering analysts with knowledge to better inform decision makers).

Just to quickly layout the outline for this paper, Prof Rasmussen begins by offering an overview of all three levels of QRA then comments on the differences between security and safety problems, the most clear being that terrorists are not random and that there is some deliberate attempt to maximize consequences.  Rasmussen also points out that the only practical conservative value to assume in security is one, which given the tendency for terrorists to maximize consequences, almost always results in an unacceptable quantitative risk.  His solution – “make the unauthorized access to special nuclear material very difficult,” that is, make the probability of access so small that even if all the other probabilities are unity, the benefit of having nuclear power still outweighs the risk of malicious terrorist use of nuclear material.  Basically, this amounts to a focus on vulnerability reduction, but only those aspects of vulnerability pertaining to the unauthorized access to special nuclear material (not egress, use, response, recovery, etc. dimensions).  The paper concludes with a short question and answer exchange between Prof. Rasmussen and several audience members, some of which is quite interesting (and clearly dated before the existence of the Design Basis Threat).

In the end, I believe this talk is where the idea of “assuming probability of attack is one” came from, though I could be wrong.

Send article as PDF to