Ilargi: You may not be have been aware of it until now, but The Automatic Earth has an in-house full-blown nuclear safety expert. The subject of Stoneleigh’s master thesis at the law faculty of Warwick University in Coventry, England, where she studied International Law in Development, was nuclear safety research. After graduating in 1997, she became a Research Fellow at the Oxford Institute for Energy Studies, where her research field was power systems, with a specific focus on nuclear safety in Eastern Europe. The monograph she wrote sets the nuclear safety debate in the political and economic context of the collapse of the Soviet Union. It looks at the technical aspects of nuclear safety, safety upgrade programs, safety culture and the human factor, regulation at all levels and bargaining over reactor closures. It was published in 1999 under the title Nuclear Safety and International Governance: Russia and Eastern Europe, and it remains available online here at Oxford Institute for Energy Studies. Here’s her analysis of the situation in Japan:
Stoneleigh: The Japanese earthquake is a tragedy of epic proportions in so many ways. The situation continues to evolve, and the full scope of the disaster will not be understood for a long time. One critical aspect is the effect on Japan’s nuclear industry, which provides over 30% of the country’s electricity from 54 reactors. Some of the largest nuclear plants in the world (Fukushima Dai-ichi and Fukushima Dai-ni, 4696 MW and 4400 MW, respectively) are located close to the epicentre, and on the coast, directly in the path of the resulting tsunami:
A state of emergency has been declared for five reactors, with the worst affected reactors being the forty year old Boiling Water Reactors (BWRs) at Fukushima Dai-ichi, 240 km north of Tokyo. These reactors shut down, as the control rods were automatically inserted to dampen the nuclear reaction (SCRAM). At least two reactors experienced a station blackout, which prevented the cooling system from functioning (a loss of coolant, or LOCA accident).
Without the ability to cool the core, the risk is a meltdown, with the potential for explosions resulting from steam or hydrogen. Even after the cessation of a nuclear chain reaction, heat from radioactive decay continues to be produced, and this heat needs to be dispersed in order to avoid a meltdown of the components of the core. Workers have been desperately trying to cool the reactor cores at units 1 and 3, but there has already been an explosion at Fukushima 1. Footage of the plant shows only the skeleton of the building remains. An evacuation zone has been expanded from 10km to 20km, and close to 200.000 people have been evacuated from the area.
Reactors are equipped with multiple cooling systems as part of the defence in depth design principle. The idea is that there should be redundant systems with no components in common, and therefore (theoretically) no possibility for common mode failures. Each system should be capable of independently preventing a design-basis accident. Japan is a sophisticated country with a long history of nuclear power, and also a long history of seismic activity. One could argue that this is Japan’s Hurricane Katrina moment, in that a predictable scenario was not adequately prepared for in advance despite the potential for very severe consequences.
Company documents show that Tokyo Electric tested the Fukushima plant to withstand a maximum seismic jolt lower than Friday’s 8.9 earthquake. Tepco’s last safety test of nuclear power plant Number 1—one that is currently in danger of meltdown—was done at a seismic magnitude the company considered the highest possible, but in fact turned out to be lower than Friday’s quake. The information comes from the company’s “Fukushima No. 1 and No. 2 Updated Safety Measures” documents written in Japanese in 2010 and 2009.
The documents were reviewed by Dow Jones. The company said in the documents that 7.9 was the highest magnitude for which they tested the safety for their No. 1 and No. 2 nuclear power plants in Fukushima. Simultaneous seismic activity along the three tectonic plates in the sea east of the plants—the epicenter of Friday’s quake—wouldn’t surpass 7.9, according to the company’s presentation. The company based its models partly on previous seismic activity in the area, including a 7.0 earthquake in May 1938 and two simultaneous earthquakes of 7.3 and 7.5 on November 5 of the same year.
The Fukushima 1 plant was equipped with 13 diesel back-up generators to power the Emergency Core Cooling System (ECCS), but all of these failed. Battery back-ups are available, but these function only for a few hours. Without the ability to cool the reactor, the outcome is a meltdown, which can occur rapidly after the failure of cooling:
- Core uncovery. In the event of a transient, upset, emergency, or limiting fault, LWRs are designed to automatically SCRAM (a SCRAM being the immediate and full insertion of all control rods) and spin up the ECCS. This greatly reduces reactor thermal power (but does not remove it completely); this delays core “uncovery”, which is defined as the point when the fuel rods are no longer covered by coolant and can begin to heat up. As Kuan states: “In a small-break LOCA with no emergency core coolant injection, core uncovery generally begins approximately an hour after the initiation of the break. If the reactor coolant pumps are not running, the upper part of the core will be exposed to a steam environment and heatup of the core will begin. However, if the coolant pumps are running, the core will be cooled by a two-phase mixture of steam and water, and heatup of the fuel rods will be delayed until almost all of the water in the two-phase mixture is vaporized. The TMI-2 accident showed that operation of reactor coolant pumps may be sustained for up to approximately two hours to deliver a two phase mixture that can prevent core heatup.”
- Pre-damage heat up. “In the absence of a two-phase mixture going through the core or of water addition to the core to compensate water boiloff, the fuel rods in a steam environment will heatup at a rate between 0.3 K/s and 1 K/s (3).”
- Fuel ballooning and bursting. “In less than half an hour, the peak core temperature would reach 1100 K. At this temperature, the zircaloy cladding of the fuel rods may balloon and burst. This is the first stage of core damage. Cladding ballooning may block a substantial portion of the flow area of the core and restrict the flow of coolant. However complete blockage of the core is unlikely because not all fuel rods balloon at the same axial location. In this case, sufficient water addition can cool the core and stop core damage progression.”
- Rapid oxidation. “The next stage of core damage, beginning at approximately 1500 K, is the rapid oxidation of the Zircaloy by steam. In the oxidation process, hydrogen is produced and a large amount of heat is released. Above 1500 K, the power from oxidation exceeds that from decay heat (4,5) unless the oxidation rate is limited by the supply of either zircaloy or steam.”
- Debris bed formation. “When the temperature in the core reaches about 1700 K, molten control materials [1,6] will flow to and solidify in the space between the lower parts of the fuel rods where the temperature is comparatively low. Above 1700 K, the core temperature may escalate in a few minutes to the melting point of zircaloy (2150 K) due to increased oxidation rate. When the oxidized cladding breaks, the molten zircaloy, along with dissolved UO2 [1,7] would flow downward and freeze in the cooler, lower region of the core. Together with solidified control materials from earlier down-flows, the relocated zircaloy and UO2 would form the lower crust of a developing cohesive debris bed.”
- (Corium) Relocation to the lower plenum. “In scenarios of small-break LOCAs, there is generally. a pool of water in the lower plenum of the vessel at the time of core relocation. Release of molten core materials into water always generates large amounts of steam. If the molten stream of core materials breaks up rapidly in water, there is also a possibility of a steam explosion. During relocation, any unoxidized zirconium in the molten material may also be oxidized by steam, and in the process hydrogen is produced. Recriticality also may be a concern if the control materials are left behind in the core and the relocated material breaks up in unborated water in the lower plenum.”
Other aspects of defence in depth failed as well:
1st layer of defense is the inert, ceramic quality of the uranium oxide itself. 2nd layer is the air tight zirkonium alloy of the fuel rod. 3rd layer is the reactor pressure vessel made of steel more than a dozen centimeters thick. 4th layer is the pressure resistant, air tight containment building. 5th layer is the exclusion zone around the reactor.
Top government officials assured the nation that an explosion that took place Saturday at one of the reactors at the Fukushima Daiichi plant merely knocked down the walls of its external concrete building, and that the reactor and the containment structure surrounding it remained intact.
US Nuclear Regulatory Commission analysts explain the hydrogen production process under accident conditions:
Former U.S. Nuclear Regulatory Commission (NRC) member Peter Bradford added, “The other thing that happens is that the cladding, which is just the outside of the tube, at a high enough temperature interacts with the water. It’s essentially a high-speed rusting, where the zirconium becomes zirconium oxide and the hydrogen is set free. And hydrogen at the right concentration in an atmosphere is either flammable or explosive.” “Hydrogen combustion would not occur necessarily in the containment building,” Bergeron pointed out, “which is inert—it doesn’t have any oxygen—but they have had to vent the containment, because this pressure is building up from all this steam. And so the hydrogen is being vented with the steam and it’s entering some area, some building, where there is oxygen, and that’s where the explosion took place.”
A hydrogen release is very much part of a meltdown scenario, and difficult to imagine hydrogen explosion scenarios on the scale of what was seen at Fukushima 1 that would not involve compromising the reactor pressure vessel:
If hydrogen were allowed to build up within the containment, it could lead to a deflagration event. The numerous catalytic hydrogen recombiners located within the reactor core and containment will prevent this from occurring; however, prior to the installation of these recombiners in the 1980s, the Three Mile Island containment (in 1979) suffered a massive hydrogen explosion event in the accident there. The containment withstood this event and no radioactivity was released by the hydrogen explosion, clearly demonstrating the level of punishment that containments can take, and validating the industry’s approach of defence in depth against all contingencies. Some, however, do not accept the Three Mile Island incident as sufficient proof that a hydrogen deflagration event will not result in containment breach.
One speculative scenario may be alpha-mode failure. This would involve an explosion sufficient to blow the head off the reactor pressure vessel, launching it at the outer containment system, which could then be breached as a result. The odds of this are considered low, but many supposedly very low probability events have in fact occurred at nuclear installations. Given the detection of radioactive caesium, which could only have come from inside exposed fuel rods beginning to burn, and the subsequent violent explosion, it is difficult to imagine scenarios not involving substantial destruction of the reactor.
Indeed it has been admitted that a major accident has occurred in one unit and another is at risk:
Japan’s top government spokesman Yukio Edano said Sunday that radioactive meltdowns may have occurred in two reactors of the quake-hit Fukushima nuclear plant. Asked in a press conference whether meltdowns had occurred, Edano said “we are acting on the assumption that there is a high possibility that one has occurred” in the plant’s number-one reactor. “As for the number-three reactor, we are acting on the assumption that it is possible,” he said.
There are 6 reactors at Fukushima 1 and an additional 4 at nearby Fukushima 2. Tokyo Electric (TEPCO) is now indicating that there are cooling problems and dangerous pressure increases at several of these units:
Tokyo Electric said Saturday another nuclear-power plant nearby, Fukushima Dai-ni, was experiencing rises of pressure inside its four reactors. A state of emergency was called and precautionary evacuations ordered. The government has ordered the utility to release “potentially radioactive vapor” from the reactors, but hasn’t confirmed any elevated radiation around the plant.
Loss of cooling ability appears to be the common problem:
Tokyo Electric Power Co. (TEPCO), operator and owner of Fukushima nuclear plants, said early on Sunday that a sixth reactor at the nuclear power plants has lost its ability to cool the reactor core since Friday’s quake. The No. 3 reactor at Fukushima No. 1 nuclear power plant lost the cooling function after No. 1 and No. 2 reactors at the No. 1 plant and No. 1, No. 2 and No. 4 at the No. 2 plant had suffered the same trouble.
Kodama said the cooling system had failed at three of the four such units of the Daini plant [Fukushima 2]. Temperatures of the coolant water in that plant’s reactors soared to above 100 degrees Celsius (212 degrees Fahrenheit), Japan’s Kyodo News Agency reported, an indication that the cooling system wasn’t working.
Containment structures are being flooded with seawater and boric acid as a desperation move to lower the temperature and poison any capacity for further nuclear reactivity. The latter is important to absorb neutrons in order to avoid incidences of potential criticality during a meltdown. Such an event would have the potential to cause much more widespread releases of radiation. There seems to be considerable evidence that we are closer to the beginning of this disaster than to the end, and already it is almost unprecedented in scope.
“If this accident stops right now it will already be one of the three worst accidents we have ever had at a nuclear power plant in the history of nuclear power,” said Joseph Cirincione, an expert on nuclear materials and president of the U.S.-based Ploughshares Fund, a firm involved in security and peace funding.
Comparisons are being made with the accident at Chernobyl, but there are a number of very important differences, notably in terms of reactor design, and therefore accident implications. Nuclear safety in the former Soviet Union was once my research field (see Nuclear Safety and International Governance: Russia and Eastern Europe), and the specifics of the accident at Chernobyl could not be replicated in Japan. The risk in Japan is primarily meltdown, not a Chernobyl-style run-away nuclear reaction.
RBMK (Reaktor bolshoy moshchnosty kanalny [high-power channel reactor]), Chernobyl-type reactors have a very large positive void coefficient, meaning that reactivity increases as a positive feedback loop. The presence of steam from overheating increases reactivity, which increases steam production. The graphite moderator in an RBMK is flammable, and RBMKs also have no containment system. If two or three of the 1700 channels in an RBMK are breached, the steam pressure will lift the lid, introducing air, while shearing the remaining tubes. Essentially, the reactor will explode on a sharp spike of reactivity. The moderator will catch fire, and a nuclear volcano will be the result. At Chernobyl, some 50 million Curies of radiation was released over several days.
Like the Fukushima incident, Chernobyl began with a loss of power, undertaken in that case as a test of safety systems commissioned long after the reactor became operational (the Chernobyl reactor had been in a state of critical vulnerability to blackout for two years at the time of the accident.) It could have been worse, however. Attempts to extinguish the fire at Chernobyl 4 came very close to causing a loss of power to the other three reactors at the site, which could easily have sent four reactors into into a critical state rather than one.
Non-technical comparisons between Fukushima and Chernobyl are more apt, specifically in terms of governance in the nuclear industry and complacency as to risk. Nuclear insiders in many jurisdictions are notorious for being an unaccountable power unto themselves, and failing to release critical information publicly.
The Soviet nuclear bureaucracy ignored obvious risks and concealed accidents wherever possible. While nothing remotely like so serious has occurred previously in Japan, Fukushima 1 has been at the centre of transparency problems in the Japanese nuclear industry before. In 2002, the president and four executives of Tokyo Electric Power Corporation (TEPCO) were forced to resign over the falsification of repair records.
The company was suspected of 29 cases involving falsified repair records at nuclear reactors. It had to stop operations at five reactors, including the two damaged in the latest tremor, for safety inspections. A few years later it ran into trouble again over accusations of falsifying data. In late 2006, the government ordered TEPCO to check past data after it reported that it had found falsification of coolant water temperatures at its Fukushima Daiichi plant in 1985 and 1988, and that the tweaked data was used in mandatory inspections at the plant, which were completed in October 2005.
In addition, the Japanese government had been repeatedly warned about seismic risks:
[..] the real embarrassment for the Japanese government is not so much the nature of the accident but the fact it was warned long ago about the risks it faced in building nuclear plants in areas of intense seismic activity. Several years ago, the seismologist Ishibashi Katsuhiko stated, specifically, that such an accident was highly likely to occur. Nuclear power plants in Japan have a “fundamental vulnerability” to major earthquakes, Katsuhiko said in 2007. The government, the power industry and the academic community had seriously underestimated the potential risks posed by major quakes.
Katsuhiko, who is professor of urban safety at Kobe University, has highlighted three incidents at reactors between 2005 and 2007. Atomic plants at Onagawa, Shika and Kashiwazaki-Kariwa were all struck by earthquakes that triggered tremors stronger than those to which the reactor had been designed to survive.
In the case of the incident at the Kushiwazaki reactor in northwestern Japan, a 6.8-scale earthquake on 16 July 2007 set off a fire that blazed for two hours and allowed radioactive water to leak from the plant. However, no action was taken in the wake of any of these incidents despite Katsuhiko’s warning at the time that the nation’s reactors had “fatal flaws” in their design[..] The trouble is, says Katsuhiko, that Japan began building up its atomic energy system 40 years ago, when seismic activity in the country was comparatively low. This affected the designs of plants which were not built to robust enough standards, the seismologist argues.
Many countries are currently looking to nuclear power to carry the load as energy production from conventional fossil fuels declines. Japan has previously unveiled very ambitious plans to expand nuclear capacity:
The Japan Atomic Energy Agency has modelled a 54 percent reduction in CO2 emissions from 2000 levels by 2050, leading on to a 90 percent reduction by 2100. This would lead to nuclear energy contributing about 60 percent of primary energy in 2100 (compared with 10 percent now), 10 percent from renewables (now 5 percent) and 30 percent fossil fuels (now 85 percent).
Proponents argue that the energy returned on energy invested (EROEI) for nuclear power is sufficient to power our societies, that nuclear power can be scaled up quickly enough as fossil fuel supplies decline, that there will be sufficient uranium reserves for a massive expansion of capacity, that nuclear is the only option for reducing carbon dioxide emissions, and that nuclear power can be operated with no safety concerns through probabilistic safety assessment (PSA).
I disagree with all these assertions. Looking at the full life-cycle energy inputs for nuclear power, it seems to be barely above the minimum EROEI for maintaining society, and the costs (in both money and energy terms) are front-loaded.
Scaling up nuclear capacity takes extrordinary amounts of both money and time. While construction can be speeded up, where this has been done (as it was in Russia), the deleterious effect on construction standards was significant. Uranium reserves, especially the high-grade ores, are depleting rapidly. The reduction in carbon dioxide emissions over the full life-cycle do not impress me. In addition, nuclear authorities make risk decisions without informing the public. They have consistently made risk calculations that have grossly underestimated the potential for accidents of the kind that can have generational impacts.
In my view, nuclear power represents an unjustified faith in the power of human societies to control extremely complex technologies over the very long term. Any activity requiring a great deal of complex and cooperative control will do badly in difficult economic times.
Also, no human society has ever lasted for as long as nuclear waste must be looked after. It needs to be held in pools on site for perhaps a hundred years in order to cool down enough for permanent disposal, assuming a form of permanent disposal could be conceived of, approved and developed. During this period, the knowledge as to how this must be done will need to be maintained, and this may be more difficult than is currently supposed.
We need to evaluate the potential for a nuclear future in light of the disaster in Japan. This was not unpredictable, and should have been accounted for in any realistic assessment of nuclear potential. It cannot realistically be described as a black swan event.
Japan has few energy alternatives, as it lacks indigenous energy reserves and must import 80% of its energy requirements. It was therefore prepared to make Faustian bargains despite what should have been obvious risks. The impact of the loss of so much capacity, much of it probably permanently, on available electric power following the accident is very likely to impede Japan’s ability to recover from this disaster, potentially strengthening the parallels with America’s Hurricane Katrina.
We need to assess the risks inherent in using nuclear power in other locations, whether or not the risk they face is seismic (see Metsamor in Armenia, for instance, or Diablo Canyon in California). There are risks in many areas, most of which are grounded in human behaviour, either at the design stage or the operational phase. Human behaviour can easily turn what should be a one in one hundred thousand reactor-year event in to something all too likely within a human lifespan. Nuclear power may allow us to cushion the coming decline in fossil fuel availability, but only at a potentially very high price.