Forgot your password?
typodupeerror
Power Stats

Report: Nuclear Plants Should Focus On Risks Posed By External Events 133

Posted by timothy
from the it-might-be-this-knob-or-maybe-that-one dept.
mdsolar (1045926) writes "Engineers at American nuclear plants have been much better at calculating the risk of an internal problem that would lead to an accident than they have at figuring the probability and consequences of accidents caused by events outside a plant, a report released Thursday by the National Academy of Science said. Accidents that American reactors are designed to withstand, like a major pipe break, are "stylized" and do not reflect the bigger source of risk, which is external, according to the study. That conclusion is one of the major lessons from the Fukushima Daiichi nuclear accident in Japan in 2011, which began after an earthquake at sea caused a tsunami.
This discussion has been archived. No new comments can be posted.

Report: Nuclear Plants Should Focus On Risks Posed By External Events

Comments Filter:
  • already done (Score:4, Informative)

    by Mr D from 63 (3395377) on Sunday July 27, 2014 @07:38AM (#47542147)
    External events are considered in US plant design already, this author seems to be a bit ignorant on how the safety case for plants is built. Who cares if we refine the probability of an event is if the plant is already designed to withstand it? More total stupidity disguised as a serious study. Even highly unlikely events are designed against in our plants.

    Now, Post-Fukushima, plants are adding response capabilities for apocalyptic type scenarios even though three is nobody that can provide an example of how such an event may happen for the particular site short of some major war type event. Fukushima was simple...don't put reactors that were not design to operate underwater where they can find themselves underwater. Given the situation, the outcome was quite easily predictable.
    • Let me clarify; "more total stupidity" was aimed at the article author's interpretation of the study, not at the study itself. Poorly worded in my post. The study is what it is, the article author is clearly not qualified to interpret it.
    • by mdsolar (1045926)
      Matthew Wald does his homework and reports pretty accurately. Perhaps you should give some examples where he has misread the report.
      • by AmiMoJo (196126) *

        When someone has to rely on an ad-hominem you can take it as read that they don't have any specific criticisms. I somehow knew the first comment would be an hominem.

    • Re:already done (Score:5, Informative)

      by tp1024 (2409684) on Sunday July 27, 2014 @08:49AM (#47542355)

      It gets better, all the way back in 1975, the Wash-1400 report listed tsunamis as one of the potential ways to knock out the safety systems of a nuclear power plant, leading to the exact same outcome we have seen. All the way to the point of having to evacuate a few thousand square kilometers, given the BWR Mark I containment. (Actually, it was just one thousand, but the rest was off-shore.)

      The main problem was that just about ALL the tsunami protection in Japan (both for cities and nuclear power plants) was based on the 1960 tsunami, that came all the way across the Pacific from Chile. The result was quite a disaster, but the worst part was the completely unprotected population and certainly not the nuclear power plants. Contamination is quite reversible, 18500 dead people not so much.

      • by AmiMoJo (196126) *

        Contamination is quite reversible

        Yes, but the effects of short term contamination are not. The evacuated towns in Japan are pretty much being abandoned now, because even when they do manage to fully decontaminate them there will be no-one to live there. All the former residents have had to move on with their lives, find homes and jobs elsewhere, go to other schools and try to start some kind of new life.

        Those communities, those businesses are all gone for good.

        • by tp1024 (2409684)

          But
          a) Nobody died. (Unlike due to the direct effects of the tsunami.)
          b) In places like Ishinomaki, Kesenuma, Rikuzentakata or Ofunato the people are essentially in the same situation. People can't just go back, because they now realized that those places are too darn dangerous to live in, because of the tsunami hazard. If history provides any pattern there, the towns will be abandonned for several decades upon which people will start ignoring the danger again, rebuild former settlements and then suffer the

          • by AmiMoJo (196126) *

            People did die during the evacuation, mostly the elderly. They can't go back because there are still spots of significant contamination where radiation levels are above the legal limit. The towns near Fukushima survived the tsunami unscathed, they are perfectly safe from even the largest waves.

            • by tp1024 (2409684)

              If all those cities were "fine", 'unscathed" and "perfectly safe from even the largest waves" then how come there were 182 deaths in Namie, 85 deaths in Okuma and 35 deaths in Futaba? And why have all the coastal communities of Namie essentially been scrubbed from the coast? Why has the mayor of Futaba (previous population 7406) said, that 90% of its houses have been destroyed?

              As for people dieing during the evacuation. Yes, there have been such reports. But those people died because the evacuation was botc

    • I find it hard to believe that a major earthquake would allow a reactor to remain intact.
      • Re:already done (Score:5, Informative)

        by Mr D from 63 (3395377) on Sunday July 27, 2014 @09:40AM (#47542561)
        It will, in fact the reactors near Fukushima experienced major quakes beyond their design basis, remained intact and actually saw little or no structural damage. Only those plants that got flooded by the tsunami had problems, because they were not designed to be underwater.

        If a major natural disaster hits, a nuclear plant is probably one of the safest places to be.
        • by Rich0 (548339)

          It will, in fact the reactors near Fukushima experienced major quakes beyond their design basis..

          Is anybody else concerned that anything like a nuclear reactor could ever encounter a major quake beyond their design basis?

          Shouldn't we be designing reactors to handle any quake that is reasonably likely to occur? Japan is highly prone to earthquakes - I'd expect any reactor design to account for a very strong one.

          We're not talking about a freak incident like a comet impact that destroys all of Japan. We're talking about an earthquake in one of the most earthquake-prone regions on Earth. I'd expect a re

          • Shouldn't we be designing reactors to handle any quake that is reasonably likely to occur? Japan is highly prone to earthquakes - I'd expect any reactor design to account for a very strong one.

            They do, but you have to prescribe a specific requirement in the license and that is on the regulator. The actual designs handle quite a bit more than the licensed design specification, because a reactor designer will typically consider the worst site where a reactor is expected to be built, and the site specific design can be augmented if necessary. US plants have conservative earthquake requirements to start with as prescribed by the NRC, and they do consider the location. Designing a facility to withsta

            • by Rich0 (548339)

              Shouldn't we be designing reactors to handle any quake that is reasonably likely to occur? Japan is highly prone to earthquakes - I'd expect any reactor design to account for a very strong one.

              They do, but you have to prescribe a specific requirement in the license and that is on the regulator.

              My issue is with the statement, "the reactors near Fukushima experienced major quakes beyond their design basis." That suggests to me that regulators set a design basis requirement smaller than earthquakes that have subsequently hit the region.

              Obviously they have to set some kind of design threshold, since no machine can withstand an earthquake of such magnitude that it destroys the earth and half the solar system with it. I'd just expect them to take the largest earthquake in known history in that area,

              • Agreed. Japan is a high seismic activity area and should have set higher requirements to start with, just as they should have never assumed a massive tsunami would not happen when its clear that it could based on the geology of the area and the type of coastline. Raising the minimum requires going back and re-analyzing to see if the design is still adequate and making modifications where it isn't, costly to do after the fact.
              • by Boronx (228853)

                The earth quake was a millennial quake, so they figured they only had a five percent chance of seeing one in the life span of the plants. In other words, they cut corners. They also cut corners on personnel. Competent management could have prevented the meltdown even post tsunami. For instance, they could have vented the Hydrogen gas, and they should have moved mountains to get the generators running (or get new generators flown in) and keep them fueled.

                • by Rich0 (548339)

                  Good point. You'd think that after the fact this could have been escalated so that the military could have heavy-lifted whatever they could into the area.

                  I'm not surprised about the lack of venting though. You're talking about somebody having to make the call about deliberately venting what was probably contaminated air into the environment. For whatever reason society tends to favor allowing a huge disaster over causing a smaller one - just the trolley problem in another form.

                  • by Boronx (228853)

                    I get the attitude, but the nuclear engineers I work with were sure the thing was going to explode.

        • It won't.
          The reactors at Fukushima did not feel anything from the earth quake.
          They where 450 miles away from the epicenter. They suffered because surrounding pillars for electric wires collapsed ... they got damaged enough to be broken beyond repair and finally they got hit by a tsunami destroying the emergency cooling.
          So an earthquake that was at the site certainly below 6 on the Richter Scale already did server damage.
          The news that is survived a 9.x quake is a myth, the 9.x quake was as far away as the di

          • Re:already done (Score:4, Informative)

            by Mr D from 63 (3395377) on Sunday July 27, 2014 @01:01PM (#47543863)
            ^you can make stuff up all you want, but there are no such thing as safety related electrical pillars. Offsite power supply is not credited in a safety analysis of the plant, and failure of those systems is just fine, as the safety related systems could more than handle the earthquake. The plant was doomed when it was inundated by water and the safety related systems became inoperable.

            You should learn more about how a plant safety design basis is developed, and in particular the difference between safety related and non-safety related systems and components.
        • by AmiMoJo (196126) *

          Actually the earthquake did damage the plant in a very critical way. The emergency cooling system was broken, so that even when they started pumping in water from fire engines it didn't cool the cores and they went into meltdown.

          I suggest you try watching this documentary: http://youtu.be/ldki2ji5-gU [youtu.be]

          • First, there were more than one unit that all met essentially the same fate from the tsunami, it was not just one unit, and each unit has multiple safety systems that are designed to complete their mission even if one fails, as the assumption is always that something will go wrong. There were plenty of operable cooling components in place to shut down the plant after the earthquake. Not so after the tsunami.
      • by Hussman32 (751772)
        The reactors are fine during an earthquake because they are effectively bolted to bedrock, and the move with the earth. There was a serious earthquake a few years ago at the Kashiwaszaki-Kariwa site, and the primary systems didn't move at all. There was a lot of damage to the switchyard and non-safety systems, and there was some water sloshed out of the spent fuel pool, but the reactor started up fine after all systems were requalified.
    • Given the situation, the outcome was quite easily predictable.

      If it was that easy FP&L would be making plans to close Turkey Point instead of expand it. That whole site is going to be underwater and, before that happens, there's going to be a storm surge high enough to swamp it. That's a guarantee which seems to fly in the face of your supposition.

      I worked in the nuclear industry for nearly a decade. What I saw with my own eyes could best be described as straining out a gnat and swallowing a cam

      • Can you please describe the event that suddenly places Turkey Point underwater without sufficient warning to take appropriate actions? Many hurricanes have come through, even those with the highest scale, and TP has been quite fine. If you can show there can be a surge will inundate the plant that is not accounted for, please specify the height and relative limits for the plant.
      • by Rich0 (548339)

        What I saw with my own eyes could best be described as straining out a gnat and swallowing a camel.

        I don't have any experience in the nuclear industry, but this sort of thing is common where satisfying inspectors/etc are concerned.

        There is a lot more emphasis on looking busy than being safe. If you try to introduce a product in a regulated space and your testing is documented on two pages of paper an inspector would laugh at you and deny your application to market the product. On the other hand, if you produced 10k pages of documentation, but ignored testing some likely failure mode, chances are it wou

      • Why would Turkey Point be underwater? If it's the sea-level rise due to Apocolyptic Global Warming then you should be pushing for as much non-CO2 emmiting generation capacity as possible, Solar and Wind are the icing on the cake, but nuclear is your cake.

    • by multi io (640409)

      Now, Post-Fukushima, plants are adding response capabilities for apocalyptic type scenarios even though three is nobody that can provide an example of how such an event may happen for the particular site short of some major war type event. Fukushima was simple...don't put reactors that were not design to operate underwater where they can find themselves underwater. Given the situation, the outcome was quite easily predictable.

      Can you cite any pre-Fukushima regulation that mandates this? Because if you can't, then that's a case of "hindsight is 20/20". I'm pretty sure the type of thing that happened at Fukushima has always been thought to be a "there is nobody that can provide an example of how such an event may happen for the particular site" type of scenario -- until it did happen.

      • Plants do address what they call "beyond design basis" events with various coping scenarios over and above the prescribed design basis accidents and events. Post Fuku response is really an extension of that severe accident management element. But that is not in response to a specified event, rather the approach is to simply imagine the plant is left crippled badly in various ways and put mitigations in place to cope. Now, they simply imagine a more crippled starting point. That's all well and good and conse
      • by tp1024 (2409684)

        Go read WASH-1400, that one said 36 years before Fukushima Daiichi what would happen when a tsunami hits a nuclear power plant. The predicted result is easily comparable to what we have seen, because Japan (just like the USA) didn't bother to implement major upgrades that were demanded by law in France, Germany and Sweden. Among those are hydrogen recombiners that the Japanese demanded by law in 2012 and were bought in France where they have been implemented for decades. You may remember the hydrogen explos

    • Re:already done (Score:4, Informative)

      by Solandri (704621) on Sunday July 27, 2014 @03:08PM (#47544607)

      External events are considered in US plant design already, this author seems to be a bit ignorant on how the safety case for plants is built. Who cares if we refine the probability of an event is if the plant is already designed to withstand it?

      Technically, the Fukushima plant was also already designed to withstand this type of event. It had sufficient backup power systems necessary to continue operating the cooling pumps in the event of a catastrophic disaster of this type.

      Where they screwed up was in the redundancy of the backups. This is unfortunately a fairly common failure mode in engineering designs. Say a single diesel generator has a 10% chance of failing to start up if you try to run it during an emergency. People then naively think that if you just put 6 diesel generators into the design, then that reduces the statistical probability of failure to 1 in a million. The chance of all six generators failing is (10%)^6 = 1 in a million.

      That's the correct math for generator failures due to independent internal causes. But everything changes when you talk about external causes. Suddenly you have a cause like, oh, say, a tsunmai, which can affect all the generators simultaneously. The failure mode for each generator is no longer independent, and your redundancy does nothing to decrease the odds of a failure. All they had to avoid this effect was put the generators and diesel fuel tanks in different places. But no, the typical Japanese obsession with order and symmetry* mandated that they put all their generators in a row in the same place. And the tsunami took them out and contaminated their fuel all at once. Indeed the two newer Fukushima reactors where the generators and fuel were stored in a different location got through the earthquake and tsunami just fine.

      * I rag on the Japanese, but the same thing happened with the Space Shuttle Challenger. They were having problems with poor O-ring seals in the solid rocket boosters. So to reduce the probability of a failure, they just added more O-rings. That worked to stop the independent failures (burn-through due to improper seating of an O-ring in one spot). But when an external factor popped up which caused all O-rings to fail simultaneously (cold weather), the safety of the redundant O-rings was negated.

      • The plant was not designed to operate when inundated by water, it was not designed to withstand a tsunami of this magnitude, it was assumed a tsunami would never breach the protective wall and reach the plant, therefore, simple things like protecting the structures from the forces of the tsunami, and waterproofing all of the ducts, vents, doors, etc with controls over when and how long they can be open, were never in place.

        Even with diesel failures at a unit, it could still have been safely shut down had
        • by MrKaos (858439)

          it was assumed a tsunami would never breach the protective wall and reach the plant

          Tepco ignored geological evidence and relied on historical data when evaluating the height the sea wall *should* have been.

          The key is not placing a plant that cannot withstand a tsunami where it can be hit by one, because designing to withstand a tsunami suddenly inundating the site it really not practical.

          Another key issue is not grouping all of the backup generators on the sea facing side of the reactor with an inadequat

          • On that last DG failure item, the point was that with multiple units right next to each other, each with multiple DGs, if the DGs for a unit failed, they could, in a reasonably short time, use supply from another unit's DG (that assumes the site was not destroyed by a tsunami, of course). You are correct, a source of power beyond the batteries is required to be available within a certain period of time. That period of time ranges from several hours to a few days, depending on the specific plant design.
          • Another key issue is not grouping all of the backup generators on the sea facing side of the reactor with an inadequate sea wall was a disaster waiting to happen.

            Exactly my point, the plant should never have been placed where it could get hit by a tsunami, because it was not designed to withstand one. Had it been designed to withstand one, you would see a lot of differences, including layout of DGs and alternate sources above tsunami level. Improperly assessing the potential event was a failure of the regulator, and the constructor/owner as well.

            • by MrKaos (858439)

              Exactly my point, the plant should never have been placed where it could get hit by a tsunami, because it was not designed to withstand one.

              I agree with the premise, though I'm not certain that is something you can do with any degree of certainty, certainly not in Japan where earthquake activity is more frequent. The driver of placing them is the availability of cooling water, so this generally means they will be located next to large bodies of water.

              I'm satisfied with the approach of making sea walls, and the like, however the external risk we are talking about is if the operator actually complies with the rules, as is the case with Tepco.

  • Stylized (Score:4, Interesting)

    by mdsolar (1045926) on Sunday July 27, 2014 @08:17AM (#47542231) Homepage Journal
    It really harms the credibility of the NRC when their risk calculation come to a accident every ten thousand years while the real world rate is one every 18 years. There are ten or more near misses each year http://www.ucsusa.org/news/pre... [ucsusa.org] so nuclear plants are operating far outside the claimed safety envelope.
    • by khallow (566160)

      while the real world rate is one every 18 years

      Over 400+ nuclear reactors in the world.

      • by mdsolar (1045926)
        Accounted for that.
        • by khallow (566160)
          No, otherwise you wouldn't have written:

          It really harms the credibility of the NRC when their risk calculation come to a accident every ten thousand years while the real world rate is one every 18 years.

          • by mdsolar (1045926)
            What?
            • by khallow (566160)
              18 years*435 current reactors=7830 reactor years. Which is close to the claimed 10,000 reactor years of your original post.
          • khallow, he just doesn't understand about application of statistical data, and repeats what he reads from nuclear FUD websites. You won't get a logical response to this obvious point.
            • khallow, he just doesn't understand about application of statistical data, and repeats what he reads from nuclear FUD websites. You won't get a logical response to this obvious point.

              I'm an astronomer who is also interested in music, especially sacred, and global warming. In astronomy, I've worked mainly on how intertellar dust can reveal the presence of super massive blackholes. ... For a number of years I've been involved in attempting to reverse global warming. I'm a member of the Green Party of the United States EcoAction committee and have helped to develop energy policy for the party. Very recently, I've gotten involved in a startup that plans to rent solar photovoltaic systems i

            • by khallow (566160)
              mdsolar stated that the NRC estimated the odds of a "nuclear accident" at 1 in 10,000 and then claimed that such accidents occurred at a frequency of 1 every 18 years. What I noted is that there are 435 reactors currently (according to Wikipedia) and that accident rate he claims corresponds to one such accident per 8,000 years of operation of the nuclear reactor. That is very much in line with the estimate.

              This has nothing to do with "nuclear FUD websites". This is just rudimentary statistics.
              • Thanks for the correction. I mis-read the statements and I was wrong on that one. I got thrown off by the sudden switch from a discussion of external events to this topic which really isn't external events. I admit when I am incorrect and appreciate your clarification.

                Still, be careful with the terminology of 'accident' and 'near miss' and the statistics behind them, as they get applied and represented in a very inconsistent manner by the anti-nuke lobby.
                • by khallow (566160)
                  mdsolar indicates that he is referring to some estimate rate of 1 such accident in several million. But that sounds like a theoretical rate for a limited class of failure modes under ideal maintenance and regulation conditions. Can't say any more about that until I find out what he's speaking of.
                  • by MrKaos (858439)

                    But that sounds like a theoretical rate for a limited class of failure modes under ideal maintenance and regulation conditions. Can't say any more about that until I find out what he's speaking of.

                    The report in question actually refers to (something we've previously discussed) the metrics used to report on reactors by the NRC, specifically accident sequence precursors and licensee event reports. They are actual events that generated a reactive inspection by the NRC or a formal report to the NRC under the Reactor Oversight Process because the risk of damage to the reactor core exceeded a factor of 10, or there was an accident.

                    These are the metrics used by the NRC so they're not theoretical or limited

                • by MrKaos (858439)

                  Still, be careful with the terminology of 'accident' and 'near miss' and the statistics behind them, as they get applied and represented in a very inconsistent manner by the anti-nuke lobby.

                  That is incorrect.

                  Specifically the term 'near miss' is referred to (in the report) when the NRC sends a special, augmented or incident investigation team, under the Reactor Oversight Process, to a reactor site because the risk of reactor core damage has exceeded a factor of 10. NRC classifies these as 'reactive inspections' as response to a Accident Sequence Precursor.

                  Accidents come under a different class which results in a formal written report (called a Licensee Event Report) to the NRC because a fail

        • by dasunt (249686)

          Accounted for that.

          Do you understand how this works?

          18 * 400 = 7,200 reactor-years per accident.

          Not too far away from the 10,000 figure.

    • Re:Stylized (Score:5, Informative)

      by Anonymous Coward on Sunday July 27, 2014 @09:04AM (#47542421)

      If the 1 in 10.000 years is per reactor, 18 years between accidents is "reasonable". With 400 reactors worldwide, that would mean approximately 25 years (~10000/400) between accidents.* Accounting for older designs, improving risk estimation, worse safety/quality standards in some parts of the world, etc. 18 years is close and not "far outside the claimed safety envelope".

      Also, one "near miss" per year suggests luck, ten or more per year implies that there are enough safeties and checks in the systems to catch trouble before a catastrophe happens.

      * I know this is not exact. It should be close enough. Fanatics can do the 1/(1 - ((10k-1)/10k)^400) stuff with a calculator.

      • Add that 'near miss' is not an official event defined event by the NRC , but rather that of the anti nuke group, so they decide what to call a near miss.
      • by mdsolar (1045926)
        It is not per reactor, that is 1 in over in a million in the generic approach.
        • by khallow (566160)
          Ok, where's the reference then?

          I see when I googled, an estimate [nrc.gov] for "large" "loss of coolant accidents" around 5*10^-6 per year per plant. That sounds like your number. It's worth noting that the accident category in question hasn't happened yet since they're speaking of loss of coolant from pipe corrosion and mechanical failure in a plant with proper maintenance and the following of procedures, not the many other sorts of loss of coolant accidents that can happen to a nuclear plant (such as the real wo
    • The contamination from a reactor spill might be so serious that one spill in ten thousand years might not be an acceptable risk. There is also a problem in that giving one nation the permission to build reactors really gives any regime the right to do the same. And we have no control over the safety or design standards applied in other nations. Nations like Iran and N. Korea act like mental patients who failed to take their meds. I'm not certain these nations should be allowed to chew gum much l
      • by Rich0 (548339)

        Nations like Iran and N. Korea act like mental patients who failed to take their meds. I'm not certain these nations should be allowed to chew gum much less have anything to do with nuclear power.

        If my next door neighbor runs over a kid with their car because they don't look backwards when reversing, the solution isn't to remove the reverse gear from every car in the world.

        You can't use the existence of N Korea as a rationale to constrain the behavior or legitimate governments.

  • ... unfortunately only regard one major failure (e.g. main coolant feeding line failure), with other failures (e.g. one emergency generator fails) covered by redundancies.

    This might work for technical breakdowns, but not for external events. ("All coolant pumps and emergency generators fail - because the whole power plant compound is under three meters of water.").

    • by tp1024 (2409684)

      Read the NUREG-1150 or whatever more recent document (this one is from 1990 or so). You'll find that your claim is outdated by about half a century.

It is wrong always, everywhere and for everyone to believe anything upon insufficient evidence. - W. K. Clifford, British philosopher, circa 1876

Working...