Of course it was, as were things like the explosions afterward.
However, management always gets in the way--either up front, because there is profit pressure, or on the backend, because there is profit and/or political pressure. This paper covers the up front failures.
However, backend failures, like spraying water on the core (NOT one of the established procedures because calm engineers knew that the reactor could dissociate the hydrogen and oxygen) rather than letting the core melt into the bottom of the containment area which was designed to deactivate and contain the core, were also rampant.
This was just like Three Mile Island. If people had sat on their hands, done nothing, and let the engineered last-chance safety systems do their job, things would have turned out better.
Reactors should not be for-profit. Rickover showed us all how to do it right, but we lack the stomach.
Here is his quote about real reactors: "On the other hand, a practical reactor plant can be distinguished by the following characteristics: (1) It is being built now. (2) It is behind schedule. (3) It is requiring an immense amount of development on apparently trivial items. Corrosion, in particular, is a problem. (4) It is very expensive. (5) It takes a long time to build because of the engineering development problems. (6) It is large. (7) It is heavy. (8) It is complicated."
The point that it's organisational and management issues which so frequently seem to be behind major disasters -- four of the larger nuclear accidents (Fukushima, the earlier Japanese criticality incident at Tokaimura, Chernobyl, Three Mile Island), as well as numerous other large-scale industrial accidents, of which energy systems play a large role: the BP Gulf Oil spill, Exxon Valdez, Banqiao Dam (China, 1975), recent South Carolina flooding and dam bursts, the Union Carbide Bhopal, India, disaster.
You cannot engineer out human nature. This isn't a root cause for which there are technical solutions.
I hugely recommend Charles Perrow's Normal Accidents and The Next Catastrophe. As well as other writings.
Note that Rickover also wished we'd never gone to the nuclear option. He defended his choice for lack of options, but would have preferred to see all plants mothballed.
"Paper Reactors", which you quote in part, is excellent.
> You cannot engineer out human nature. This isn't a root cause for which there are technical solutions.
Have you heard the saying: In the future they will be staffed by a man and a dog. The man to feed the dog, and the dog to bark at the man in case he tries to touch anything.
I have to second Perrow's Normal Accidents. I read it first in college and I've kept my copy sitting on my desk ever since as a reminder. (I joke-not-joke that, if I ever run a startup, every employee gets a copy on their first day.)
You can do a lot to minimize the effects of human nature or even utilize it. You just need to build systems for humans not some abstract ideal. Case in point, the giant Menu inside a fast food restaurant has a lot of counter intuitive properties designed to alter people’s behavior. It's not pretty, but it works. Note, we are talking about the masses of humanity not just those you select or train etc.
Now, doing the same for complex systems is hard. But, clearly there are ways to improve.
You can engineer to influence human nature. But often the task is, as you highlight, to take existing tendencies and influence them. Fast food, and consumer marketplaces generally, are highly engineered to prompt desired behaviors. Those generally aren't, though, very high reliability error-correcting behaviors.
Some other examples that come to mind:
1. Public spaces designed to be "riot proof". Generally this works by avoiding single large assembly points, putting entrances and exits such that there's no through transit of a space or building, and otherwise dispersing the energy of crowds.
2. Las Vegas. The manipulation is so grossly apparent to me that the entire place disgusts me. Windowless interiors, no clocks, bright lights and flashing displays, loud music. And, most iconically: moving walkways to take you into casinos, but having to depart under your own power.
3. Much of air safety practices. While it's not possible to design out pilot (or other human) error, you can become highly aware of what leads to accidents. The commercial air travel industry is a fascinating study in risk reduction, starting with the goal of incident studies, which is to ascertain cause, not assign blame.
> However, backend failures, like spraying water on the core (NOT one of the established procedures because calm engineers knew that the reactor could dissociate the hydrogen and oxygen)
I cannot find any other information on this claim and I just read the main Wikipedia article, this article, and the Wikipedia timeline.
Didn't the hydrogen explosions start before they started spraying the reactor/building with fire trucks anyway (March 12th Vs March 17th respectively)? According to the timeline it did.
So while hydrogen explosions definitely occurred due to an overheating core, it is specifically laying blame at the use of emergency water to try and cool the core that I am asking about. It does not seem accurate.
According to a chart in this press release[0], fresh water was being pumped through Unit 1 for ~10 hours prior to the first explosion, during which time none of the "active fuel" was submerged. I'm not a professional but it seems like a lot of that water would have evaporated and could have been oxidizing the cladding the whole time, if it was hot enough. I wouldn't discount the rest of your theory too quickly.
Not that Zircalloy won't dissociate, but you're correct, don't discount the water either.
At one point during the Windscale fire they tried to pump down liquid CO2, but the reactor face was so hot it was ripping the O2 off the molecule. They next tried to pump down water - there was a very real risk that it would rip the water apart as well, feeding the fire and potentially forming a hydrogen bubble and exploding. However they were able to deliver it in greater quantity than the CO2, and succeeded in cooling the fire.
Yes, this point is the basis for 'public choice' theory.[1]
The levees in New Orleans were government built and maintained; should we not take the failures there into account before we rush to judge the private sector for Fukushima?[2] The other problem with blaming private actors for problems at Fukushima is that (as far as I can tell) they followed all the standards and regulations as required by the regulators responsible for public safety, which seems to indicate that if anyone was at fault, it was the government regulators.
That almost sounds like a human interaction problem. Maybe a codebook with keys, that gives you access to a room with a big lever, that doesn't really do much other than kick in the emergency last chance safety systems a little early is the right way to go.
edit
And they should really hollywood it up. all the lights in the building dim, the siren from alien blaring, maybe a fog machine in the room with the lever.
That's how it should be, but in this case not doing anything was not an option. The passive (gravity fed) cooling system on the first reactor to melt had it's valve's almost closed when they lost power. Seems like a bad design to even have valves on it but I'm not a Nuclear Engineer.
> The passive (gravity fed) cooling system on the first reactor to melt had it's valve's almost closed when they lost power. Seems like a bad design to even have valves on it but I'm not a Nuclear Engineer.
It wasn't a great design. But that's what happens when you take reactors that were built before Chernobyl, were optimized for producing material suitable for nuclear bombs instead of safety, and then run them long past their designed lifespan.
More or less, these reactors should have been retired long ago, and replaced with more modern designs.
This is repeating points from other replies, but it has to be said again that much of the passive-safe design in a BWR/PWR has to do with the fact that it will melt down (rather than go prompt-critical and explode) even when every cooling system fails, since the coolant itself is what allows the reaction to continue.
If we flip the question around - what is it about the profit motive that makes it better? If workers can design and construct a better nuclear power plant why couldn't they do that - within the same budget constraints, etc. - unless there's some third party getting paid just for being rich.
Is greed really the most important thing to add to a human endeavour to make it successful?
Considering that markets when combined with stable institutions, property rights and the rule of law, have done more to reduce poverty, increase lifespans and health than any else in history, I think the onus of proof is on the other side.
If you consider migration a type of voting mechanism, then countries that feature markets tend to attract more votes.
I'm not sure what it is about the profit motive that makes it better, but empirically it seems to result in more successful outcomes for everyone in the countries where it is available when compared with countries where it isn't available.
If workers can construct a better nuclear power plant without anyone making a profit - they are welcome to try. If they did a good job, I would congratulate them. But when it comes to alternate economic systems, there seems to be a lot of talk and little action on the ground where the work gets done. Talk doesn't feed people or keep the lights on.
I think you are misjudging those people that have made large profits as being purely greedy. From what I've seen, they are driven, hardworking and focused on achieving their vision. For most, profits are just the means to the end they imagine.
Do you really imagine the world would be better off if Elon Musk's profits were confiscated and given to some government bureaucrat? Would a workers collective take a risk on inventing new technologies? History suggests not.
The funny thing is that most of the benefits from the hard work of entrepreneurs flows to everyone else, not the entrepreneurs themselves, through more plentiful food, health and technology.
Your "solution" is also well on its way to making the earth uninhabitable, and is also responsible for creating societies that have incredibly poor mental and emotional health.
Worse, the opportunity costs of future development lost because of short-sighted greed - the poor energy choices, the regular financial meltdowns, the fact that so much progress relies on military spending and research, the vast cost of industries like smoking and sugar that are only profitable because they destroy the health of their customers - hardly suggests this is the best of all possible worlds.
If economics came with built-in accounting for the cost of externalities, predictable human failure modes, network effects, and negative feedback for corporate sociopathy, we'd probably be on our way to the rest of the galaxy.
The Internet electric cars are a nice consolation prize, but they're not any more than that - certainly not when the effects of poverty and caste stratification still waste so much human talent and cause so many catastrophes that we're decades behind where we could be.
> Your "solution" is also well on its way to making the earth uninhabitable
It's not just my solution. It's the solution consistently voted for in many countries by the most educated general population in history.
If your point is so strong, why do you need to exaggerate? When will the earth be uninhabitable? Do you know a date?
>Responsible for creating societies that have incredibly poor mental and emotional health
Taking this interesting statement at face value, if you traveled back in time several hundred years and asked someone if they would trade: plentiful food, medicine that can heal infections, nearly eliminating infant mortality, rapid travel to distant destinations, nearly everybody enjoying the luxuries that only the exceptionally wealthy of their own time have access to in exchange for: poor mental and emotional health, what choice do you think they would make?
If we don't take it at face value, how do you even measure poor mental and emotional health? Do people with alternate economic systems have better mental and emotional health? I don't think the millions that died in mass starvation in Mao's China appreciated having superior emotional health.
> Worse, the opportunity costs of future development lost because of short-sighted greed - the poor energy choices, the regular financial meltdowns
What opportunities are we passing up? Our energy choices are largely driven by obtaining energy most efficiently, just like the rest of nature. The energy choice you are probably most critical of, coal, is largely responsible for lifting the worlds poorest people out of poverty. Is not wanting to be impoverished being greedy? Are you using a device that runs on electricty? Does it contain plastic?
As for financial meltdowns, economists have discovered recessions throughout history. They are a normal feature of all economies and they affect non-market driven systems too. I'm not sure how you think you would avoid recessions, but lots of people have tried with little success.
> the fact that so much progress relies on military spending and research
I wouldn't agree that a lot of progress relies on military spending. I think a lot of resources are wasted on military spending. However, there needs to be sufficient spending to deter other parties that might start to think they would be better off taking from others rather than creating for themselves.
> the vast cost of industries like smoking and sugar that are only profitable because they destroy the health of their customers
At the time these industries came into existence, there was no evidence they were harmful. All of the evidence is relatively recent. Are you saying in your alternate system you would have foreseen this and banned them before they were ever produced? Perhaps you are saying that as soon as there was evidence they were harmful you would have banned them. But, when trans fats were invented, health conscious scientists wanted to replace all of our fat intake with trans fats because they thought they were healthier. Would you have enforced this change too? What about when it was found they were mistaken about trans fats? Would you force everyone to change back? Maybe it's better to let people make up their own minds.
>If economics came with built-in accounting for the cost of externalities, predictable human failure modes, network effects, and negative feedback for corporate sociopathy, we'd probably be on our way to the rest of the galaxy.
If what you are saying is true, then surely an alternate economic model, like those attempted in Communist Russia and China would have smashed our poor little capitalist economies. Or some other model would have arisen throughout the ages. Or maybe you are saying our situation is hopeless and there is no economic model, either market driven or other, that can force people to behave the way you want them to? In which case we're all doomed and you don't have much to contribute.
> The Internet electric cars are a nice consolation prize, but they're not any more than that - certainly not when the effects of poverty and caste stratification
It's hard to believe that you can throw away all of the achievements of the industrial age so lightly. If you don't value a significant reduction in poverty, longer life expectancy, increased living standards, reduction in child mortality, vastly improved standards of literacy and education, elimination of many infectious diseases, improved environmental outcomes in developed countries vs developing/ex-communist countries... then what do you value?
I'm not saying we can't improve the systems we have. But I think we can be proud of what we've already achieved and feel confident that we will be able to do even better in the future. There isn't any reason to be defeatist or cynical.
> Considering that markets when combined with stable institutions, property rights and the rule of law, have done more to reduce poverty, increase lifespans and health than any else in history, I think the onus of proof is on the other side.
Actually, the markets created some of the most disease-ridden, sewage-infested hellholes with jobs that exploited child labor and threw away the sick and injured.
It was people who took up arms, got shot at, but persisted in wrenching some measure of control from the "capitalists" who managed to pass child labor laws, get medical insurance, and 40 hour work weeks.
Your fairy tale narrative is a pleasant fiction, but we have plenty of examples of unfettered capitalism in history--the vast majority of them were horrible.
>Actually, the markets created some of the most disease-ridden, sewage-infested hellholes
The two most polluted places in the world currently exist in China and Russia and stem from when they were run by Communist dictators ships without markets. So, an absence of markets doesn't seem to reduce pollution, it actually seems to increase it.
Market's aren't pefect, far from it, but alternate systems seem to do worse at providing for the things that you specifically care about.
> jobs that exploited child labor
In agrarian societies, children worked in the fields and still do. This has been since near the beginning of human civilization. It's only in advanced, developed countries with mature markets that there are barely any children working.
>threw away the sick and injured
What evidence do you have for this?
>It was people who took up arms, got shot at, but persisted in wrenching some measure of control from the "capitalists" who managed to pass child labor laws, get medical insurance, and 40 hour work weeks.
What are you talking about? Who got shot at in advanced developed economies to ensure these laws were passed? The laws were passed through the acts of various parliaments, not through revolution. These changes were made peacefully with in most cases broad agreement across the community. In countries that have experienced violent revolutions, like China and Russia, there are still many children working today, even though they've passed anti child labour laws.
You don't like the current system, obviously. But any alternate systems that have been tried appear to have done a poorer job on achieving the objectives that you desire. So what alternative do you propose and what evidence do you have that it will do a better job than our current systems?
>Your fairy tale narrative is a pleasant fiction, but we have plenty of examples of unfettered capitalism in history--the vast majority of them were horrible.
It's a shame you don't give any examples. I'm presuming you would be referring to the early industrial revolution. Supposing this is the case, you would be right - at the start of the industrial revolution the working conditions for many people (including children) were poor compared with the standards we enjoy today. Yet, despite this, people still flocked to the cities from the country side to work in factories. Why do you think this is? Do you think that people back then were stupid, or that they hated children? Or do you think they could see for themselves that compared with living on subsistence farms that they were better off? As I said earlier, it is common for children in to work on farms, so they weren't any worse off, and the extra income they provided their families made their whole family better off. It's easy to apply today's morality to people having to deal with conditions hundreds of years ago, it's harder to actually live under those conditions and make the best decisions for one's family.
Also, without going through the early industrial revolution, how do you think we all would have escaped living lives that were poor, nasty, brutish and short?
Where, exactly, are we storing power in the TWh-scale? The terrible availability[1] of wind and solar is going to require a heroic amount of storage, which isn't going to be "simple". It will probably have serious environmental impact as well.
As I understand it, the Fukushima plant was never designed or rated to sustain such a large earthquake or tsunami. If this understanding is correct, we should not have expected it to survive the damage, and the problems were not with the design, but perhaps with the specification (depending on whether you think this should have been foreseen).
It seems to be a common thread with all tragedies and disasters that people suffer from hindsight bias, and believe that this specific case should have been foreseen. It is not clear what the cost of building everything to sustain all similar low-probability events would be, and whether doing so would be statistical murder.
Here's a key phrase from the abstract that suggests more than hindsight bias is involved in the report:
The Fukushima accident was preventable, if international best practices and standards had been followed, if there had been international reviews, and had common sense prevailed in the interpretation of pre-existing geological and hydrodynamic findings.
Another one:
Three, the hazard analysis to calculate the maximum probable tsunami at Dai-ichi appeared to have had methodological mistakes, which almost nobody experienced in tsunami engineering would have made.
So there is sense in which they are pretty strongly pointing at regulatory failure.
I'm not sure if you agree that the findings are unsustainable or not. Two things that the IAEA had established were that
1) Fukishima survived the earthquake as designed, and was in the process of shutting down when the tsunami hit.
2) The tsunami disabled primary and backup power to the cooling systems which was the proximate cause of the failure.
Further, at the time of its commissioning, the tsunami it experienced was accepted by the best engineering data at the time to be impossible.
You can make the argument that over time as more data became available the regulatory agency should have required additional upgrades to cover the larger tsunami risk. There have been plenty of stories about regulatory capture between TEPCO and the regulators which prevented best practices from being followed.
A lot of retrofits had been installed over time and that no doubt contributed to its survival of the earthquake.
> 2) The tsunami disabled primary and backup power to the cooling systems which was the proximate cause of the failure.
What I find really disgusting is that they had backup BACKUP generators trucked in and they couldn't use them because the plugs didn't match up. IT'S A FREAKING NUCLEAR POWER PLANT! DO YOUR JOB, CUT THE CONNECTORS OFF AND MAKE A CONNECTION! Literally EVERY ONE of the people who worked there are directly involved in the power generation business and they couldn't make a wonky connection work? If that's not in the top 10 completely preventable disasters of the century I don't know what is.
I'll give them a pass on that, personally. Tsunamis are rare and the sea wall was supposed to protect them against just about any "realistic" tsunami threat.
But what's inexcusable is allowing a reactor to melt down because you don't know how to cut connectors off of cables and do makeshift splices.
How many people will end up dying because someone wasn't willing to take a little risk? I mean, what's the worst that could happen? It'd work for a while and then fall apart? It'd blow up your generators? The worst-case scenario is that the nuclear reactor melts down which is what happens if you don't create a makeshift splice. So you have nothing to lose.
I'm obviously armchair quarterbacking this, but I can't see the argument against just trying something and hoping it works.
This report directly disagrees with Further, at the time of its commissioning, the tsunami it experienced was accepted by the best engineering data at the time to be impossible. Directly.
This part uses scare quotes to describe the 'quality' of the work:
Its initial application was based on the 3.122 m measurement local tsunami height (above Onahama Peil (O.P.) reference sea level), observed during the 1960 Great Chilean tsunami at or close to Fukushima [32]. The flooding estimate was provided to the nearest millimetre, underscoring a false sense of accuracy in the safety assessment that is impossible even today. With hindsight, it also underscores the ‘quality’ of the engineering work and of its review.
British use of quotes is typically distinguished from American, in that where emphasis using language from the original document is intended, those words are typically quoted. You'll see this extensively in BBC headlines.
They're not "scare quotes", to quote you. They're direct quotations, for emphasis.
I've definitely noticed that. I often misread BBC headlines as scare-quotes at first, which is sometimes funny. Two on there right now: Ministers 'in listening mode' on tax credits; 'Autonomy' plan for Scottish Labour.
Useage elsewhere doesn't support your comment. E.g., in the introduction:
Interestingly, while the Onagawa NPP was
also hit by a tsunami of approximately the same
height as Dai-ichi, it survived the event ‘remarkably
undamaged’.
I believe I misquoted the IAEA, but I did find the actual report [1] which talked about the Tsunami hazard. As reported it was "Fukishima's tsnumani vulnerability has been regularly updated with the latest accepted methodology." (and I relayed that as meeting the standards of the time) but the actual report also concludes that the methodology was insufficient because it did not consider beyond the most recent few hundred years.
But perhaps more importantly this is a great example of how complex these things can be. The "accepted methodology" and by that they mean the one the regulators hold them to, failed to consider a more geologically relevant time span (thousands of years versus hundreds of years).
My understanding of the situation was that the regulators said "Tell us you have accounted for tsunamis" and TEPCO said "We have, using the accepted methodology, here are the results."
So when did we know the methodology was wrong or insufficient? A lot of people had access to what TEPCO filed and their rationale over the 40+ years of operation. I'm interested if there was a concerted effort, pre-disaster, to get the methodology changed.
[1] "While the tsunami hazard assessment ha
d been periodically updated at the
Fukushima nuclear power plant taking into account the latest accepted
methodology in Japan, the magnitude of the tsunami hazard was underestimated
because it was based solely on historical data on relatively recent events
(occurring within the past few hundred years). " -- https://www.iaea.org/sites/default/files/protection040912.pd...
The article talks about the Soloviev & Go catalogue how it wasn't taken into account: "Presumably on the basis of these studies, [Soloviev & Go] assigned it a tsunami intensity I=4, which is one of their highest values for Japan tsunamis. Yet, in the aftermath of the Fukushima accident, it has been argued repeatedly that the Jōgan tsunami had not been documented until 2001 [17], well after the design of the NPP"
Also, the 2007 journal paper that found insufficient protections at Fukushima: "The senior author of [46] was then a TEPCO scientist, while another two co-authors are two of the most senior tsunami engineers in Japan. We wonder how disappointed they must have been on 26 November 2010, when, in the symposium organized by JNES, they found out that TEPCO did not appear to have heeded their recommendations [46] in its re-assessment of Fukushima Dai-ichi"
I haven't read the whole report, these are just 2 that I picked up.
The article cites the safety culture at the company that runs the compared reactor and discusses how they went about deciding what sort of events they needed to plan for. They apparently knew what they were doing in 1968 and did not lean on passing the regulatory minimum (the reports cites later studies of how the plant is situated and the relative lack of damage from the 2011 tsunami).
> the tsunami it experienced was accepted by the best engineering data at the time to be impossible.
I find that hard to believe. It was the 4th largest earthquake in the last century and doesn't make the Wikipedia list of "Megatsunamis". It was more a question of how long between such extreme events than if such an extreme event could occur.
Megatsunamis are caused by large volumetric displacements of water resulting from massive amounts of earth entering the water. The tsunami that caused the Fukushima disaster was not a megatsunami - it was caused by thrust faulting resulting in underwater displacement rather than the megatsunami mechanism discussed above.
The analogy here is splashing your hand into water (megatsunami) versus moving your hand underwater.
When it was built or after? This plant was built in the early eighties. The article doesn't state if it violated the ideals of then or more recent knowledge.
The comparison to Onagawa makes it clear enough that they are talking about when it was built. They wouldn't have had so much more experience in 1968 than when they did the early design work for Fukushima Dai-ichi.
The next nuclear accident that will occur in the world is 100% preventable, and without any hindsight bias I will tell you exactly how... after it occurs.
/s
(seriously, if you want me to take a claim seriously that accidents are preventable, talk about what we are doing wrong today, not in the past.)
Engineers at TEPCO did tell them what they were doing wrong at Fukushima Daiichi. They were ignored:
"In 2008, TEPCO did two sets of calculations, one based on the Headquarters for Earthquake Research Promotion (HERP) fault models which suggested tsunami height estimates of 8.4–10.2 m relative to the reference sea level. Another one based on Satake et al. [47] produced 8.7–9.2 m tsunami height estimates which were also apparently dismissed [32]. TEPCO ignored them, claiming there was ‘no wave source model’ for the former, and it required a tsunami deposit investigation for the latter [32]. In 2009, new estimates using updated bathymetry and tidal data yielded a 6.1 m tsunami height [12,32]. This was not followed-up and was only reported to Japan's Nuclear and Industrial Safety Agency (NISA) on 7 March 2011 [48]. A post-event study [48] asserts that ‘a senior NISA official has confirmed to us that NISA neither ‘commissioned nor reviewed’ numerical studies of tsunami run-up at Fukushima Daiichi’."
The reason you only hear about these issues after an accident occurs is not because they could only be predicted in hindsight, but because no-one cared about the predictions until after the accident.
if our title read "Nuclear power plants are still being run recklessly, and the next Fukushima-like accident is likely 100% preventable today" it would get my attention, and I would read what the claims that we need to be doing are.
small statistical disagreements about experts on the other hand, are hard to take as seriously.
The thing is that those are not small statistical disagreements.
The maximum tsunami+tide they designed for was 5m. Design parameters said that you should have a wall 2x what you think you need so they built a 10m (about 30 foot) wall.
Two independent teams came up with realistic tsunamis near that 10m wall (one over and one under), so they should have changed their wall requirement up substantially. But they argued themselves into believing that 6m was a realistic maximum then did nothing.
Their estimates were also out of line with actual tsunamis experienced elsewhere. Tsunamis in recent decades from earthquakes similar to the ones that they knew could hit the area have ranged from 3-30m. Even a 7.0 earthquake managed to create a 12m tsunami in New Guinea.
The actual tsunami was 13m.
The most telling point is how the response afterwards has shown lessons not learned. For example The United States National Research Council of the National Academies had a 21 person panel conduct 18 months of interviews with a wide variety of technical experts on how the disaster could be prevented here. NOT ONE of the members of the panel or the people interviewed was an expert on tsunamis. The author's of the paper clearly believe that if you're studying the aftermath of a tsunami, you should at least talk to someone who studies tsunamis...
If the paper is correct, it is a question of time until somewhere in the world we have another entirely preventable major disaster because local officials underestimate tsunami threats that current knowledge is more than sufficient to predict. Of course enough things can go wrong that the next big disaster won't be that. But that preventable disaster is coming...
The point of that link being, there are people that are thinking about what the problems are and working to fix them, so it is sort of glib to demand that such things be done.
If you read closely you see that the accident was so bad because of one simple problem.
If a nuclear reactor has a cooling failure, the fuel will eventually heat up and then melt down. To prevent this you have to keep water circulating around the reactor core. It doesn't take a huge amount of energy to do this, but it does take some. If the power goes out at the station and they can't get emergency power, the outcome is very bad.
If they had spent maybe $300k or so they could have moved the emergency generators a little bit higher up. With that investment there still would have been serious damage to the plant but only a very limited release of radioactivity because the fuel integrity and the coarse integrity of the plant would have been protected.
I have read that many times, and it makes some sense. The issue with this line of reasoning is that the move would be a design change which is not required by the specification (as I have read and understood it), which would have been seen as unnecessary waste at the time.
A study which I would find more important and useful than the one here would be a cost/benefit analysis of increasing all specifications relating to all (similar) low probability events. In other words, if you had been a designer of the plant looking to spend an extra $500000 to make the plant safer, would you have spent it on moving the generators? How many other contingencies would have been higher priorities than this one (if any)? What would be the total cost/benefit of applying this heightened standard to all new facilities? Would this be statistical murder?
It's very hard to estimate the probability of very rare events like tsunamis and earthquakes, so you kind of have to use heuristics to get a reasonable "design basis" event. Then you design your system to survive said event. The argument the authors make is that the event was improperly chosen (too low). A proper choice of event would have led TEPCo to conclude that they had to mitigate the danger posed by a higher flood line, by, for instance, moving the generators.
If you had been more cautious with respect to this one type of event at this one plant, you would have prevented this problem at a low cost. The problem is that only really tells you that 'if you know what's going to happen, you can do a really good job planning for it', which is rather obvious and completely useless.
My point is that if you were to have been more cautious in the overall specification for the plant (because, again, the plant was never designed to survive the type of event it was subjected to,) it is not clear whether the generators would have been moved (as that may not have been a high priority compared to other improvements), or even if they had, what the cost/benefit ratio would be. You have to remember that there may be many other events which may have appeared more likely than large earthquakes and tsunamis, and those would probably have been seen as more cost-effective safety enhancements, and would have been waste. In addition, this heightened standard would be applied to all the power plants subject to similar regulation, which would have been further waste.
The important question is not what the cost/benefit ratio for moving generators at Fukuhima before the tsunami would have been, but what the cost/benefit ratio for taking precautions against all events of similar likelihood and impact in would be for all power plants (or even all infrastructure) would be.
The value used to determine the Design Basis Flood is a 10000 year recurrence. Over a 100 year lifespan, there is around a 1% chance of that flood happening. The consequences of loss of all power including backups is the loss of the plant + huge evacuation costs and possible loss of life. $1M is very cheap to protect a multi-billion plant in this context.
When you consider that a nuclear plant costs billions of USD and that billions of USD of damage has been done, the $500,000 upgrade to the generators is a slam dunk. Also based on recent projections, the probability of a tsunami event of that severity was 80% for the next few decades, so it is a no brainer -- particularly when you consider that the nuclear industry worldwide has been set back 20 or 40 years at least by this incident.
The NRC has had modernization plans at U.S. reactors that have spent much more than this. For instance the hydrogen bubble formation in that kind of BWR was well known here and reactors in the U.S. have had features added (dependent on a power source) that would get rid of it.
cost of preventing low probability events in the future >> cost of preventing events in hindsight
The problem is that you do not know which events will occur, so you will inevitably spend not only on implementing that $300000 upgrade on one plant which will need it, but on many $500000 upgrades on many plants (most of which will never be necessary or related to tsunamis). The cost/benefit ratio of preventing low probability events in the future should be studied, and only after looking at such studies can we decide whether any one change should be made. For example, the US government rejects any highway improvement which costs more than $3MM per life saved, as there are many lower-cost measures that save lives, and spending on less cost-effective measures is "statistical murder".
If a nuclear reactor has a cooling failure, the fuel will eventually heat up and then melt down. To prevent this you have to keep water circulating around the reactor core.
This is the one simple problem.
There are now reactor designs that are passively fail-safe. So that even if all the pumps and everything stop, it will still not result in an explosion or otherwise serious release of radioactive material.
I don't know how much those sorts of designs were developed at the time Fukushima was commissioned though.
BWR reactors like Fukushima are all passive-safe in at least one way, since water moderates the neurons coming off the critical materials, slowing them enough to continue the reaction. If the water boils away, sure the thing will almost certainly melt but there won't be a runaway prompt-critical event like Chernobyl, and if the concrete "bathtub" around the core holds, there won't be much radioactive material released into the groundwater either.
From what I heard the concern at Fukushima was that the earthquake had compromised the integrity of the containment structure, so allowing the core to melt down was judged as too risky (I'm not sure if I agree with that decision, but of course my opinion in hindsight is not relevant). In fact the majority of radioactive material that was released in the incident might have leaked from the spent fuel storage, which was also damaged in the earthquake:
In fact Fukushima had a passive cooling system, but the valve to it was mostly closed when the power was lost and nobody knew how to open it or even check its state.
You could have a much safer design available, but if the 'less safe' design is more cost effective, and meets all specifications, it would still be the preferred design. This means that the any problem is with the specifications/requirements. The next question is whether the standard of safety which would require choosing the 'failsafe' (or at least failsafer) design would cause statistical murder.
Molten salt reactors have the ability to avoid such disasters, as a built-in design criterion. In such a reactor there's no issue if the fuel melts down, it's normally molten anyway. If there's a loss of coolant then the core melts through a frozen salt plug and then sits in a catch area. Because the core isn't under high pressures there's vastly less risk of any radioactive bits escaping the confines of the reactor.
The authors argue that there were very serious and repeated shortcomings in the methodology used to estimate the highest possible flooding caused by a tsunami.
The plant was designed for 6-meter tsunami from an M=7.5 earthquake, but what actually hit them was a 13-meter tsunami from an M=9.0 quake. I understood it's international standard practice to consider worst-case events from historical record spanning thousands of years in nuclear plant risk analysis, and it is known that almost as strong earthquakes hit Japan in 1933 (M=8.5) and 869 (M=8.6), for example. A plant by a different company just 100 km north of Dai-ichi was built for a 13-meter tsunami, so there was little consistency in what preparations the tsunami analysis actually induced, and the regulator seems to have been indifferent to these disparities. Further, there were for some reason no mandatory "safety margins" in tsunami level precautions to offset modelling inaccuracies, unlike in precautions for the earthquake ground shock – eventhough computational models for tsunami levels were and remain much less accurate than the ground shock models.
Although by 2000s the shortcomings of tsunami analysis like the one done for Dai-ichi were already well-known, a methodologically-flawed further analysis by TEPCO in 2010 failed to introduce any new recommendations – against the published opinions of their own scientists. The cost of relocating the diesel generators higher up in the building would have been just in the hundreds of thousands of dollars, rather than millions.
Isn't every accident preventable in hindsight since you know exactly what the failure mode was?
If they'd built the generators on a hillside that was washed away in a mudslide the article would read "Critical backup generators were built on unstable hillside despite warnings from scientists".
The idea with building safe systems is not to imagine what could cause subsystem X to fail, but to figure out how to cope when subsystem X fails.
The most obvious design failure at Fukushima was not "how big a tsunami we should protect against" but not asking "how will we cope when the seawall fails".
If the critical backup generators had been in a bunker designed to protect them from a seawall breach, the disaster would not have happened.
Although it's been a very long time since I did engineering that could actually kill people, this idea that you focus on what can go wrong and how you mitigate it has stuck with me and has proved useful in lots of things.
Having said that, the next questions are usually: what is the likelihood of it going wrong and what is the cost of mitigation? I don't envy the people making those decisions on something like a nuclear reactor, with or without hindsight.
At some point, you do assign a probability of systemic failure threshold, as nothing is perfect.
The idea behind orthogonal backups, however, is that since they are independent, very high reliability can be achieved with low reliable components. For example, if you've got a main with 90% reliability, and a backup with 90% reliability, the combined reliability is 99%. This can be a lot easier and less expensive to achieve than making one component 99%.
The backup generators could have a cheap extra seawall built around them, or could have simply raised them up on a 10 foot platform, or built them with snorkels like a jeep designed to cross streams.
Building a heftier main seawall would have been an order of magnitude or two more expensive.
Indeed, and most accidents can shown to have been preventable "if international best practices and standards had been followed, if there had been international reviews, and had common sense prevailed in the interpretation of pre-existing geological and hydrodynamic findings."
[the article]
But claims would seem to be little more than a thin gloss on the unbreakable unobtainium[1] of your hindsight.
Here's something about the real world: Things break. Shit happens. We can sit on a chair now and look back and point out all the things that could've been done better, and I honestly don't see the value in it.
When the World Trade Center was built, it was designed to withstand the impact of a common airplane at the time and remain structurally sound. The engineers didn't envision a 757 being flown into them, and so they fell. Does that mean they were engineered poorly too? 9/11 would've been prevented if we built additional structure around the WTC each year to accommodate newer, larger, heavier aircraft, but at what point do you rule safety cost as too high to be justified?
On the same note, Fukushima survived a storm massively larger than it was ever meant to. It still failed, but it did so in a way that prevented any direct deaths. As nuclear "disasters" go, I honestly don't even think Fukushima should be among them. Considering what COULD have happened, very little actually happened.
How about we just agree to say we got lucky this time and do better in the future?
> As nuclear "disasters" go, I honestly don't even think Fukushima should be among them. Considering what COULD have happened, very little actually happened.
There are hundreds of square miles still in the exclusion zone and some 80,000 people haven't been able to return to their homes.. I'd say a nuclear meltdown that displaces tens of thousands of people and costs several hundred billion dollars to clean up qualifies as a 'disaster'.
I don't think "a traditional disaster" means what you think it means.
The Cerro Grande Fire destroyed about 420 homes and caused ~$1 billion in damages but no one died. The Bel Air Fire destroyed 484 homes but again left no fatalities. Tropical Storm Fay hit Texas and nine counties in Texas were declared disaster areas, but again, no fatalities.
When was there ever a tradition where something had to have deaths in order for it to be called a "disaster"? I gave three counter-examples of events which were labeled disasters but which had no fatalities.
While what you said is (theoretically) true, all evidence is that it's appropriate to use the term "disaster" for something which 'displaces tens of thousands of people and costs several hundred billion dollars', and there's no need to distinguish between 'traditional' and 'modern' definitions.
> The Fukushima accident was preventable, if international best practices and standards had been followed, if there had been international reviews, and had common sense prevailed in the interpretation of pre-existing geological and hydrodynamic findings.
I think the main point is that the damage wasn't caused by a freak storm that no one could have predicted. It was caused by a series of mistakes that we shouldn't have made with the knowledge we had at the time.
The report says that for less than $1M they could have raised the emergency generators up higher in which case they could have maintained reactor cooling and had reactor damage but no major harm. Also there was evidence of similar events in the inhabited past.
Only under an overly broad definition of "preventable". In the context of this article, "preventable" means that the failure mode was foreseen and not accounted for in the design. If the failure mode had not been foreseen then the accident would not be preventable, because how can you protect against something you can't even imagine?
> causing the third most severe accident in an NPP ever.
I thought this was the second most severe nuclear power plant accident. Obviously Chernobyl is the first, so what is the second according to this article?
Hmm. According to the International Nuclear Event Scale, there have only been 2 events at the most severe level (7): Chernobyl and Fukushima. There was 1 event at a rating of 6, which was a Soviet explosion in 1957. There was also the Three Mile Island accident, which cost a lot of money to clean up (~$1 billion) but I don't think the severity was anywhere near Fukushima.
With that Mk 1 reactor design, lose cooling water for 4-6 hours and you get a meltdown. The containment vessel is too small for the pressures in a worst-case accident. It's just not a good design.
Peach Bottom station in Pennsylvania has the same Mk 1 design, and that's been a worry for years. They now have extra backup power systems of different types and multiple cooling water sources for that reason.
Of course they have to say that. If they admitted how dangerous nuclear power is, the bribes required to force the taxpayer to build new plants would be simply enormous.
As much as the parent comment is content-free, direct deaths aren't the only thing to consider. There's also cancer and other diseases that can be caused because of the increased radiation in the area, including that which got into the food chain.
Yeah... the number of those deaths is estimated at somewhere between 0 and 100. Which is to say such a tiny number that it won't be empirically distinguishable from normal fluctuations.
I said diseases, not deaths. Cancer isn't always fatal, but they impact the quality of life for the sufferers as well as putting an economic burden on the healthcare system.
Ok. That's still only a handful of people in the worst cases.
Now what is the cost to the healthcare system of the coal power generation that replaced the nuclear power stations that were shutdown after the tsunami?
Radiation doesn't increase cancer linearly. Otherwise eating bananas would be very bad idea. If you stay under certain threshold, it's unlikely that small dose can do anything that your immune system could not handle.
It costs us nothing when people sell cigarettes. Actually, private investors are happy to finance cigarette production without any help from the public. No such investors can be found for nuclear power, so it costs us billions when our leaders are convinced that we need another nuclear plant.
Given that cigarettes kill orders of magnitude more people annually than have ever died from nuclear power, I would posit that it is far more dangerous. And the fact that the people who are most likely to smoke are likely to be relying on taxpayer-funded subsidies for health care, I'm having a hard time determining where you got your "nothing" number from
Really this is silly. People who advocate nuclear power do not understand the difference between "risk" and "uncertainty".
"Risk" is where the probabilities of occurrence can be estimated and the consequences predicted.
"Uncertainty" is the set of other things going wrong.
Nuclear risk can be managed: We can contain a nuclear pile, we can design piping to withstand wear and sopply redundancy.
But with a nuclear power station if some thing unforeseen happens to the containment vessel the consequences are ruin and effectively unbounded catastrophe.
A coal burning stations are dirty polluting monstrosities (at their best) but it is all risk.
Not that I am advocating coal, I am not! But nuclear is no replacement. We are much better to do without energy than build nuclear power plants.
But the main incentive for nuclear power is making materials for bombs, IMO
However, management always gets in the way--either up front, because there is profit pressure, or on the backend, because there is profit and/or political pressure. This paper covers the up front failures.
However, backend failures, like spraying water on the core (NOT one of the established procedures because calm engineers knew that the reactor could dissociate the hydrogen and oxygen) rather than letting the core melt into the bottom of the containment area which was designed to deactivate and contain the core, were also rampant.
This was just like Three Mile Island. If people had sat on their hands, done nothing, and let the engineered last-chance safety systems do their job, things would have turned out better.
Reactors should not be for-profit. Rickover showed us all how to do it right, but we lack the stomach.
Here is his quote about real reactors: "On the other hand, a practical reactor plant can be distinguished by the following characteristics: (1) It is being built now. (2) It is behind schedule. (3) It is requiring an immense amount of development on apparently trivial items. Corrosion, in particular, is a problem. (4) It is very expensive. (5) It takes a long time to build because of the engineering development problems. (6) It is large. (7) It is heavy. (8) It is complicated."