A full review of the incident that caused radiation leaks is still many months away.
The earthquake and tsunami that caused widespread devastation in the area north of Tokyo were responsible for the damage which led to radiation leaks. With unseemly glee, “Greens” were quick to suggest a major cover up by Japanese authorities and claimed that the incident was proof that nuclear power generation should be halted around the world.
The initial information suggests that the basic design of the Fukushima reactors was sound and enabled the reactors to survive the earthquake. The first main shock triggered an automatic shutdown sequence. From available evidence, all reactors at the power station had completed their shutdown before the tsunami hit the site. What the design did not anticipate was the damage caused to diesel generators and pumping gear by the tsunami. In the months to come, one area that will be looked at is the effectiveness of sea defences along the coast. It is already clear that defences, specifically intended to protect against a major tsunami, failed and that this led to widespread major damage to buildings in the area and to significant loss of life. What may emerge from investigation is evidence that the designers of the power plant placed too high a reliance on the sea defences when planning the emergency control procedures for safely shutting down the reactors and reducing their temperature to a safe level. The first rule of risk analysis is to “walk the site”. That means extending out beyond the core location to consider the risks that could affect the core location. As it costs time and money to extend the consideration of external risks, risk analysts often take someone else’s word that they have adequately addressed these risks. It is possible that those planning the nuclear power plants may not have directly assessed the effectiveness of sea defences, to include additional risk reduction in their own calculations to compensate for any weakness in the work of others.
An inability to bring in alternative cooling, or repair the generators, led to core temperatures rising even though the reaction in each reactor had been automatically halted. As temperatures increased, hydrogen and oxygen were created. This caused explosions that destroyed the walls and roofs of the reactor buildings. This was again an example of the plant following a pre-planned process of damage limitation and everything operated correctly. Initially low levels of radiation appear to have resulted from the spent fuel ponds and this may prove one area that requires urgent reconsideration. It appears that good design and some courageous action by emergency teams has maintained three of four reactors at a safe level, but Reactor No 3 appears to have suffered damage to its containment shell, leading to releases of radiation. It may prove necessary to encase this reactor in sand and concrete. Subsequent investigation may conclude that this step should have been undertaken at an earlier time, although one important factor was the severe damage across a wide area, making the intorduction of people and materials to contian and/or repair was physically not possible. There may also be questions about the speed of evacuation of people from the immediate danger zone, and questions about the size of the declared danger zone. However, the extensive damage across the area affected by the earthquake and tsunami seriously limited the scope for rapid evacuation as a preventive measure.
In the design of nuclear reactors, great care is rightly taken to produce a very robust design that includes a series of resilience features. Preventive maintenance is a strong element of the fail safe design concept. Components are tested in a similar manner to testing of aircraft components. This test-to-destruction approach, and the use of engineering simulators, provides a method of identifying failure points ahead of the oldest operational equipment reaching those points. In consequence, components are replaced before they fail. Although this approach provides a much higher level of confidence than is common in other potentially dangerous processes, it is not fully relied on, and redundant systems are employed to provide a backup in the event of main system failures.
The temperature of a reactor core is not the only critical factor, but it is a major potential risk. As a result, reactors, such as those at Fukushima, are themselves duplicated systems. Rather than attempting to build a single large reactor, the power plant employs a number of reactors of similar size and design. This allows the plant to continue operating while one or more reactors are shut down for maintenance and testing. Within each reactor/generator installation, duplicated systems provide for unexpected and unforecast component failure. A risk chart, which today is often a computerized risk management and incident control system, monitors the reactor operation and any actions to deal with emergencies.
Huge amounts of water are required to maintain safe temperatures, which also encourages the construction of nuclear power plants in coastal areas where sea water is available. If the primary cooling system fails, the risk management system automatically switches on a backup cooling system and continues to monitor the temperature. If this secondary system fails, there will be further backups. As the risk manager identifies the need to bring on backups, it also looks at alternatives, of which the ultimate is a SCRAM when the reactor undergoes an emergency shutdown. However, the automatic emergency shutdown is not a total and immediate solution. The reactor will not instantly cool after emergency shutdown. Cooling pumps will have to continue operating for some time afterwards to reduce the reactor temperature. As the pumps are electric-powered systems, provision has to be made to continue to supply them with electric power after the normal mains power supply has ceased to operate. The common way of achieving this is to install diesel-powered generators. That in turn requires storage tanks for diesel fuel that are sufficient to fuel the emergency power generators for longer than a full emergency. It is also common practice to include one or more levels of backups to cover the possible failure of the primary diesel generators. As the emergency power is rarely used, a full test programme is operated so that diesel generators are automatically started up on a regular programme to test their reliability. Careful records are made of the results of this test programme monitoring the health of emergency systems. Similar routine and frequent testing of other backup systems is undertaken.
What appears to have happened at Fukushima is that all the systems survived the earthquake as intended. In risk management terms, the power station design and operating procedures performed exactly as planned and could be judged to be a 100% effective. Subsequent investigation may identify a number of aspects of design and operation that could be further improved and it would be surprising if that was not the case because the earthquake was a rare incident at the level of power, position relative to the Earth surface, and proximity to land. That almost guarantees that there will be lessons to learn, even where design and procedures proved entirely effective.
Investigation of the emergency diesel generators may provide some surprises although most nuclear power specialists believe this will not be the case. From available information, the diesel engines started up as expected and began to produce the power to run the pumps. The pumps and pipe work also appear to have survived the earthquake and published evidence shows that the reactors had successfully shutdown and their temperature was being brought down successfully. The current belief is that, in the absence of the tsunami, the reactors would have been fully under control and that there would have been no release of radiation.
Available evidence shows that the diesel generators were inundated by water and debris from the tsunami. It is therefore highly probable that the subsequent investigation may recommend that further safety improvements be made to all Japanese nuclear power plants to address the possibility that an even stronger earthquake may strike in the future. It is also highly probable that there will be recommendations to protect backup diesel generators from damage by tsunami inundation. Now that there has been experience of the type of tsunami that struck Fukushima, design changes may see a very strong elevated base to resist the attack of tsunami and position the generators and their fuel supplies well above what is expected to be the maximum height of possible tsunami. It is possible that other countries may follow these recommendations even where the potential risk of severe earthquakes is not considered possible. The scale of devastation experienced at Fukushima may lead to recommendations for increased fuel storage to allow for a period of poor to non-existent communications, preventing the fuel storage to be replenished for weeks or months after a severe incident.
A team of workers has demonstrated great courage in working on in dangerous local levels of radiation in an attempt to regain control and prevent an escape of high levels of radiation. Their exposure will undoubtedly lead to new measures to improve safety for emergency teams working during any future incident.
The Japanese Government has demonstrated considerable disclosure of the unfolding situation. Whether they reacted as quickly or as openly as they might will be judged later. Certainly the reaction from international news media was that a surprising level of honesty was exhibited from the beginning, with some journalists suggesting that this was a model for other governments to follow. At this point it is difficult to be sure whether disclosure was adequate and early enough, and equally difficult to know how large a part was played by broken communications. There will be lessons to learn about how to improve communications during and following a major disaster. Certainly the way in which the Japanese Government has repaired some of the roads that were seriously damaged has been highly commendable and an example of how to address these issues. It is easy to overlook the fact that no Government can disclose information that it does not have, and the disaster prevented information reaching the Government.
There will be difficult questions to address that apply to most countries. Most of the world’s population lives and works in areas that are potentially liable to flooding. Some of the worst cases are areas that are regularly inundated and where loss of life is a regular situation. Governments are reluctant to prohibit construction of housing and workplaces in these high risk areas because the economic consequences would be serious. There are also large populations living in areas that are subject to volcanic and seismic incidents. Some of the most critical production areas for high technology products are located in areas subject to very high risk of earthquakes and tsunami. There are also large low income populations living in areas where there is a very high risk of severe volcanic activity, where volcanic explosions have cause great devastation and triggered major tsunami. Once again, there are serious economic consequences from attempting to move populations from these areas.
In an era of belief in Global Warming caused by human activity, substantial increases in nuclear power generation is the only short term way in which rising power demand can be met without generating high carbon output. Most of the “green solutions” have proved to be deeply disappointing. Wind turbines have been sited in large numbers in areas where the average wind speed is inadequate to produce more than 30% efficiency and some installations do not even achieve those levels of effectiveness. When the true carbon footprint of the wind turbines is taken into account, many wind farms are producing more carbon than coal-fired power stations and generating very high levels of pollution, while destroying visual amenity in some of the most beautiful areas. Insufficient effort has been put into developing tidal and wave power generators but, even here, the ecological consequences of the technology are highly undesirable and more disadvantages may emerge as the technology is more widely used.
What we choose to ignore is that nature is infinitely more destructive than man. There are a number of locations where huge earthquakes and volcanic activity could produce the equivalence of nuclear winter, more severe and long lasting than even a full scale global nuclear war.
In an age of information overload, and the very human desire for simple solutions and free lunches, the real risk is that we are vulnerable to poorly researched reactive solutions. We ignore the fact that nature reacts to over-population. Through history species have established and expanded to the point where they cannot be sustained in the area they have colonized. If they are unable to reduce pressure by expanding into new areas, they will eventually reach the point where nature culls the population, whatever the species. Man is not immune to these laws. While we tinker with aspects of our life, we overlook the more important questions that are difficult and painful to address logically. Much of our current reactive activities are largely counter productive and create larger problems that eventually must be addressed.