Search This Blog

Saturday, August 7, 2021

Nuclear safety and security

From Wikipedia, the free encyclopedia
 
A clean-up crew working to remove radioactive contamination after the Three Mile Island accident.

Nuclear safety is defined by the International Atomic Energy Agency (IAEA) as "The achievement of proper operating conditions, prevention of accidents or mitigation of accident consequences, resulting in protection of workers, the public and the environment from undue radiation hazards". The IAEA defines nuclear security as "The prevention and detection of and response to, theft, sabotage, unauthorized access, illegal transfer or other malicious acts involving nuclear material, other radioactive substances or their associated facilities".

This covers nuclear power plants and all other nuclear facilities, the transportation of nuclear materials, and the use and storage of nuclear materials for medical, power, industry, and military uses.

The nuclear power industry has improved the safety and performance of reactors, and has proposed new and safer reactor designs. However, a perfect safety cannot be guaranteed. Potential sources of problems include human errors and external events that have a greater impact than anticipated: The designers of reactors at Fukushima in Japan did not anticipate that a tsunami generated by an earthquake would disable the backup systems that were supposed to stabilize the reactor after the earthquake. Catastrophic scenarios involving terrorist attacks, insider sabotage, and cyberattacks are also conceivable.

Nuclear weapon safety, as well as the safety of military research involving nuclear materials, is generally handled by agencies different from those that oversee civilian safety, for various reasons, including secrecy. There are ongoing concerns about terrorist groups acquiring nuclear bomb-making material.

Overview of nuclear processes and safety issues

As of 2011, nuclear safety considerations occur in a number of situations, including:

With the exception of thermonuclear weapons and experimental fusion research, all safety issues specific to nuclear power stems from the need to limit the biological uptake of committed dose (ingestion or inhalation of radioactive materials), and external radiation dose due to radioactive contamination.

Nuclear safety therefore covers at minimum:

  • Extraction, transportation, storage, processing, and disposal of fissionable materials
  • Safety of nuclear power generators
  • Control and safe management of nuclear weapons, nuclear material capable of use as a weapon, and other radioactive materials
  • Safe handling, accountability and use in industrial, medical and research contexts
  • Disposal of nuclear waste
  • Limitations on exposure to radiation

Responsible agencies

International

The International Atomic Energy Agency was created in 1957 to encourage peaceful development of nuclear technology while providing international safeguards against nuclear proliferation.

Internationally the International Atomic Energy Agency "works with its Member States and multiple partners worldwide to promote safe, secure and peaceful nuclear technologies." Some scientists say that the 2011 Japanese nuclear accidents have revealed that the nuclear industry lacks sufficient oversight, leading to renewed calls to redefine the mandate of the IAEA so that it can better police nuclear power plants worldwide.

The IAEA Convention on Nuclear Safety was adopted in Vienna on 17 June 1994 and entered into force on 24 October 1996. The objectives of the Convention are to achieve and maintain a high level of nuclear safety worldwide, to establish and maintain effective defences in nuclear installations against potential radiological hazards, and to prevent accidents having radiological consequences.

The Convention was drawn up in the aftermath of the Three Mile Island and Chernobyl accidents at a series of expert level meetings from 1992 to 1994, and was the result of considerable work by States, including their national regulatory and nuclear safety authorities, and the International Atomic Energy Agency, which serves as the Secretariat for the Convention.

The obligations of the Contracting Parties are based to a large extent on the application of the safety principles for nuclear installations contained in the IAEA document Safety Fundamentals ‘The Safety of Nuclear Installations’ (IAEA Safety Series No. 110 published 1993). These obligations cover the legislative and regulatory framework, the regulatory body, and technical safety obligations related to, for instance, siting, design, construction, operation, the availability of adequate financial and human resources, the assessment and verification of safety, quality assurance and emergency preparedness.

The convention was amended in 2014 by the Vienna Declaration on Nuclear Safety. This resulted in the following principles:

1. New nuclear power plants are to be designed, sited, and constructed, consistent with the objective of preventing accidents in the commissioning and operation and, should an accident occur, mitigating possible releases of radionuclides causing long-term off site contamination and avoiding early radioactive releases or radioactive releases large enough to require long-term protective measures and actions.

2. Comprehensive and systematic safety assessments are to be carried out periodically and regularly for existing installations throughout their lifetime in order to identify safety improvements that are oriented to meet the above objective. Reasonably practicable or achievable safety improvements are to be implemented in a timely manner.

3. National requirements and regulations for addressing this objective throughout the lifetime of nuclear power plants are to take into account the relevant IAEA Safety Standards and, as appropriate, other good practices as identified inter alia in the Review Meetings of the CNS.

There are several problems with the IAEA, says Najmedin Meshkati of University of Southern California, writing in 2011:

"It recommends safety standards, but member states are not required to comply; it promotes nuclear energy, but it also monitors nuclear use; it is the sole global organization overseeing the nuclear energy industry, yet it is also weighed down by checking compliance with the Nuclear Non-Proliferation Treaty (NPT)".

National

Many nations utilizing nuclear power have specialist institutions overseeing and regulating nuclear safety. Civilian nuclear safety in the U.S. is regulated by the Nuclear Regulatory Commission (NRC). However, critics of the nuclear industry complain that the regulatory bodies are too intertwined with the industries themselves to be effective. The book The Doomsday Machine for example, offers a series of examples of national regulators, as they put it 'not regulating, just waving' (a pun on waiving) to argue that, in Japan, for example, "regulators and the regulated have long been friends, working together to offset the doubts of a public brought up on the horror of the nuclear bombs". Other examples offered include:

  • in China, where Kang Rixin, former general manager of the state-owned China National Nuclear Corporation, was sentenced to life in jail in 2010 for accepting bribes (and other abuses), a verdict raising questions about the quality of his work on the safety and trustworthiness of China's nuclear reactors.
  • in India, where the nuclear regulator reports to the national Atomic Energy Commission, which champions the building of nuclear power plants there and the chairman of the Atomic Energy Regulatory Board, S. S. Bajaj, was previously a senior executive at the Nuclear Power Corporation of India, the company he is now helping to regulate.
  • in Japan, where the regulator reports to the Ministry of Economy, Trade and Industry, which overtly seeks to promote the nuclear industry and ministry posts and top jobs in the nuclear business are passed among the same small circle of experts.

The book argues that nuclear safety is compromised by the suspicion that, as Eisaku Sato, formerly a governor of Fukushima province (with its infamous nuclear reactor complex), has put it of the regulators: “They’re all birds of a feather”.

The safety of nuclear plants and materials controlled by the U.S. government for research, weapons production, and those powering naval vessels is not governed by the NRC. In the UK nuclear safety is regulated by the Office for Nuclear Regulation (ONR) and the Defence Nuclear Safety Regulator (DNSR). The Australian Radiation Protection and Nuclear Safety Agency (ARPANSA) is the Federal Government body that monitors and identifies solar radiation and nuclear radiation risks in Australia. It is the main body dealing with ionizing and non-ionizing radiation and publishes material regarding radiation protection.

Other agencies include:

Nuclear power plant safety and security

Complexity

Nuclear power plants are some of the most sophisticated and complex energy systems ever designed. Any complex system, no matter how well it is designed and engineered, cannot be deemed failure-proof. Veteran journalist and author Stephanie Cooke has argued:

The reactors themselves were enormously complex machines with an incalculable number of things that could go wrong. When that happened at Three Mile Island in 1979, another fault line in the nuclear world was exposed. One malfunction led to another, and then to a series of others, until the core of the reactor itself began to melt, and even the world's most highly trained nuclear engineers did not know how to respond. The accident revealed serious deficiencies in a system that was meant to protect public health and safety.

The 1979 Three Mile Island accident inspired Perrow's book Normal Accidents, where a nuclear accident occurs, resulting from an unanticipated interaction of multiple failures in a complex system. TMI was an example of a normal accident because it was "unexpected, incomprehensible, uncontrollable and unavoidable".

Perrow concluded that the failure at Three Mile Island was a consequence of the system's immense complexity. Such modern high-risk systems, he realized, were prone to failures however well they were managed. It was inevitable that they would eventually suffer what he termed a 'normal accident'. Therefore, he suggested, we might do better to contemplate a radical redesign, or if that was not possible, to abandon such technology entirely.

A fundamental issue contributing to a nuclear power system's complexity is its extremely long lifetime. The timeframe from the start of construction of a commercial nuclear power station through the safe disposal of its last radioactive waste, may be 100 to 150 years.

Failure modes of nuclear power plants

There are concerns that a combination of human and mechanical error at a nuclear facility could result in significant harm to people and the environment:

Operating nuclear reactors contain large amounts of radioactive fission products which, if dispersed, can pose a direct radiation hazard, contaminate soil and vegetation, and be ingested by humans and animals. Human exposure at high enough levels can cause both short-term illness and death and longer-term death by cancer and other diseases.

It is impossible for a commercial nuclear reactor to explode like a nuclear bomb since the fuel is never sufficiently enriched for this to occur.

Nuclear reactors can fail in a variety of ways. Should the instability of the nuclear material generate unexpected behavior, it may result in an uncontrolled power excursion. Normally, the cooling system in a reactor is designed to be able to handle the excess heat this causes; however, should the reactor also experience a loss-of-coolant accident, then the fuel may melt or cause the vessel in which it is contained to overheat and melt. This event is called a nuclear meltdown.

After shutting down, for some time the reactor still needs external energy to power its cooling systems. Normally this energy is provided by the power grid to which that plant is connected, or by emergency diesel generators. Failure to provide power for the cooling systems, as happened in Fukushima I, can cause serious accidents.

Nuclear safety rules in the United States "do not adequately weigh the risk of a single event that would knock out electricity from the grid and from emergency generators, as a quake and tsunami recently did in Japan", Nuclear Regulatory Commission officials said in June 2011.

As a safeguard against mechanical failure, many nuclear plants are designed to shut down automatically after two days of continuous and unattended operation.

Vulnerability of nuclear plants to attack

Nuclear reactors become preferred targets during military conflict and, over the past three decades, have been repeatedly attacked during military air strikes, occupations, invasions and campaigns:

  • In September 1980, Iran bombed the Al Tuwaitha nuclear complex in Iraq in Operation Scorch Sword.
  • In June 1981, an Israeli air strike completely destroyed Iraq's Osirak nuclear research facility in Operation Opera.
  • Between 1984 and 1987, Iraq bombed Iran's Bushehr nuclear plant six times.
  • On 8 January 1982, Umkhonto we Sizwe, the armed wing of the ANC, attacked South Africa's Koeberg nuclear power plant while it was still under construction.
  • In 1991, the U.S. bombed three nuclear reactors and an enrichment pilot facility in Iraq.
  • In 1991, Iraq launched Scud missiles at Israel's Dimona nuclear power plant
  • In September 2007, Israel bombed a Syrian reactor under construction.

In the U.S., plants are surrounded by a double row of tall fences which are electronically monitored. The plant grounds are patrolled by a sizeable force of armed guards. In Canada, all reactors have an "on-site armed response force" that includes light-armored vehicles that patrol the plants daily. The NRC's "Design Basis Threat" criterion for plants is a secret, and so what size of attacking force the plants are able to protect against is unknown. However, to scram (make an emergency shutdown) a plant takes fewer than 5 seconds while unimpeded restart takes hours, severely hampering a terrorist force in a goal to release radioactivity.

Attack from the air is an issue that has been highlighted since the September 11 attacks in the U.S. However, it was in 1972 when three hijackers took control of a domestic passenger flight along the east coast of the U.S. and threatened to crash the plane into a U.S. nuclear weapons plant in Oak Ridge, Tennessee. The plane got as close as 8,000 feet above the site before the hijackers’ demands were met.

The most important barrier against the release of radioactivity in the event of an aircraft strike on a nuclear power plant is the containment building and its missile shield. Former NRC Chairman Dale Klein has said "Nuclear power plants are inherently robust structures that our studies show provide adequate protection in a hypothetical attack by an airplane. The NRC has also taken actions that require nuclear power plant operators to be able to manage large fires or explosions—no matter what has caused them."

In addition, supporters point to large studies carried out by the U.S. Electric Power Research Institute that tested the robustness of both reactor and waste fuel storage and found that they should be able to sustain a terrorist attack comparable to the September 11 terrorist attacks in the U.S. Spent fuel is usually housed inside the plant's "protected zone" or a spent nuclear fuel shipping cask; stealing it for use in a "dirty bomb" would be extremely difficult. Exposure to the intense radiation would almost certainly quickly incapacitate or kill anyone who attempts to do so.

Threat of terrorist attacks

Nuclear power plants are considered to be targets for terrorist attacks. Even during the construction of the first nuclear power plants, this issue has been advised by security bodies. Concrete threats of attack against nuclear power plants by terrorists or criminals are documented from several states. While older nuclear power plants were built without special protection against air accidents in Germany, the later nuclear power plants built with a massive concrete buildings are partially protected against air accidents. They are designed against the impact of combat aircraft at a speed of about 800 km / h. It was assumed as a basis of assessment of the impact of an aircraft of type Phantom II with a mass of 20 tonnes and speed of 215 m / s.

The danger arising from a terrorist caused large aircraft crash on a nuclear power plant is currently being discussed. Such a terrorist attack could have catastrophic consequences. For example, the German government has confirmed that the nuclear power plant Biblis A would not be completely protected from an attack by a military aircraft. Following the terrorist attacks in Brussels in 2016, several nuclear power plants were partially evacuated. At the same time, it became known that the terrorists had spied on the nuclear power plants, and several employees had their access privileges withdrawn.

Moreover, "nuclear terrorism", for instance with a so-called "Dirty bomb," poses a considerable potential hazard.

Plant location

earthquake map
 

In many countries, plants are often located on the coast, in order to provide a ready source of cooling water for the essential service water system. As a consequence the design needs to take the risk of flooding and tsunamis into account. The World Energy Council (WEC) argues disaster risks are changing and increasing the likelihood of disasters such as earthquakes, cyclones, hurricanes, typhoons, flooding. High temperatures, low precipitation levels and severe droughts may lead to fresh water shortages. Failure to calculate the risk of flooding correctly lead to a Level 2 event on the International Nuclear Event Scale during the 1999 Blayais Nuclear Power Plant flood, while flooding caused by the 2011 Tōhoku earthquake and tsunami lead to the Fukushima I nuclear accidents.

The design of plants located in seismically active zones also requires the risk of earthquakes and tsunamis to be taken into account. Japan, India, China and the USA are among the countries to have plants in earthquake-prone regions. Damage caused to Japan's Kashiwazaki-Kariwa Nuclear Power Plant during the 2007 Chūetsu offshore earthquake underlined concerns expressed by experts in Japan prior to the Fukushima accidents, who have warned of a genpatsu-shinsai (domino-effect nuclear power plant earthquake disaster).

Multiple reactors

The Fukushima nuclear disaster illustrated the dangers of building multiple nuclear reactor units close to one another. Because of the closeness of the reactors, Plant Director Masao Yoshida "was put in the position of trying to cope simultaneously with core meltdowns at three reactors and exposed fuel pools at three units".

Nuclear safety systems

The three primary objectives of nuclear safety systems as defined by the Nuclear Regulatory Commission are to shut down the reactor, maintain it in a shutdown condition, and prevent the release of radioactive material during events and accidents. These objectives are accomplished using a variety of equipment, which is part of different systems, of which each performs specific functions.

Routine emissions of radioactive materials

During everyday routine operations, emissions of radioactive materials from nuclear plants are released to the outside of the plants although they are quite slight amounts. The daily emissions go into the air, water and soil.

NRC says, "nuclear power plants sometimes release radioactive gases and liquids into the environment under controlled, monitored conditions to ensure that they pose no danger to the public or the environment", and "routine emissions during normal operation of a nuclear power plant are never lethal".

According to the United Nations (UNSCEAR), regular nuclear power plant operation including the nuclear fuel cycle amounts to 0.0002 millisieverts (mSv) annually in average public radiation exposure; the legacy of the Chernobyl disaster is 0.002 mSv/a as a global average as of a 2008 report; and natural radiation exposure averages 2.4 mSv annually although frequently varying depending on an individual's location from 1 to 13 mSv.

Japanese public perception of nuclear power safety

In March 2012, Prime Minister Yoshihiko Noda said that the Japanese government shared the blame for the Fukushima disaster, saying that officials had been blinded by an image of the country's technological infallibility and were "all too steeped in a safety myth."

Japan has been accused by authors such as journalist Yoichi Funabashi of having an "aversion to facing the potential threat of nuclear emergencies." According to him, a national program to develop robots for use in nuclear emergencies was terminated in midstream because it "smacked too much of underlying danger." Though Japan is a major power in robotics, it had none to send in to Fukushima during the disaster. He mentions that Japan's Nuclear Safety Commission stipulated in its safety guidelines for light-water nuclear facilities that "the potential for extended loss of power need not be considered." However, this kind of extended loss of power to the cooling pumps caused the Fukushima meltdown.

In other countries such as the UK, nuclear plants have not been claimed to be absolutely safe. It is instead claimed that a major accident has a likelihood of occurrence lower than (for example) 0.0001/year.

Incidents such as the Fukushima Daiichi nuclear disaster could have been avoided with stricter regulations over nuclear power. In 2002, TEPCO, the company that operated the Fukushima plant, admitted to falsifying reports on over 200 occasions between 1997 and 2002. TEPCO faced no fines for this. Instead, they fired four of their top executives. Three of these four later went on to take jobs at companies that do business with TEPCO.

Uranium supplies

Nuclear fuel is strategic resource whose continuous supply needs to be secured to prevent plant outages. IAEA recommends at least two suppliers to ensure supply disruptions as result of political events or monopolistic pressure. Worldwide uranium supplies are well diversified, with dozens of suppliers in various countries, and small amounts of fuel required make the diversification much easier than in case of large-volume fossil fuel supplies required by energy sector. For example, Ukraine faced the challenge as result of conflict with Russia, which continued to supply the fuel but used it to leverage political pressure. In 2016 Ukraine obtained 50% of its supplies from Russia, and the other half from Sweden, with a number of framework contracts with other countries.

Hazards of nuclear material

Spent nuclear fuel stored underwater and uncapped at the Hanford site in Washington, USA.

There is currently a total of 47,000 tonnes of high-level nuclear waste stored in the USA. Nuclear waste is approximately 94% Uranium, 1.3% Plutonium, 0.14% other actinides, and 5.2% fission products. About 1.0% of this waste consists of long-lived isotopes 79Se, 93Zr, 99Te, 107Pd, 126Sn, 129I and 135Cs. Shorter lived isotopes including 89Sr, 90Sr, 106Ru, 125Sn, 134Cs, 137Cs, and 147Pm constitute 0.9% at one year, decreasing to 0.1% at 100 years. The remaining 3.3–4.1% consists of non-radioactive isotopes. There are technical challenges, as it is preferable to lock away the long-lived fission products, but the challenge should not be exaggerated. One tonne of waste, as described above, has measurable radioactivity of approximately 600 TBq equal to the natural radioactivity in one km3 of the Earth's crust, which if buried, would add only 25 parts per trillion to the total radioactivity.

The difference between short-lived high-level nuclear waste and long-lived low-level waste can be illustrated by the following example. As stated above, one mole of both 131I and 129I release 3x1023 decays in a period equal to one half-life. 131I decays with the release of 970 keV whilst 129I decays with the release of 194 keV of energy. 131gm of 131I would therefore release 45 gigajoules over eight days beginning at an initial rate of 600 EBq releasing 90 kilowatts with the last radioactive decay occurring inside two years. In contrast, 129gm of 129I would therefore release 9 gigajoules over 15.7 million years beginning at an initial rate of 850 MBq releasing 25 microwatts with the radioactivity decreasing by less than 1% in 100,000 years.

One tonne of nuclear waste also reduces CO2 emission by 25 million tonnes.

Anti-nuclear protest near nuclear waste disposal centre at Gorleben in northern Germany

 Radionuclides such as 129I or 131I, may be highly radioactive, or very long-lived, but they cannot be both. One mole of 129I (129 grams) undergoes the same number of decays (3x1023) in 15.7 million years, as does one mole of 131I (131 grams) in 8 days. 131I is therefore highly radioactive, but disappears very quickly, whilst 129I releases a very low level of radiation for a very long time. Two long-lived fission products, technetium-99 (half-life 220,000 years) and iodine-129 (half-life 15.7 million years), are of somewhat greater concern because of a greater chance of entering the biosphere. The transuranic elements in spent fuel are neptunium-237 (half-life two million years) and plutonium-239 (half-life 24,000 years). A more complete solution to both the problem of both actinides and to the need for low-carbon energy may be the integral fast reactor. One tonne of nuclear waste after a complete burn in an IFR reactor will have prevented 500 million tonnes of CO2 from entering the atmosphere. Otherwise, waste storage usually necessitates treatment, followed by a long-term management strategy involving permanent storage, disposal or transformation of the waste into a non-toxic form.

Governments around the world are considering a range of waste management and disposal options, usually involving deep-geologic placement, although there has been limited progress toward implementing long-term waste management solutions. This is partly because the timeframes in question when dealing with radioactive waste range from 10,000 to millions of years, according to studies based on the effect of estimated radiation doses.

Since the fraction of a radioisotope's atoms decaying per unit of time is inversely proportional to its half-life, the relative radioactivity of a quantity of buried human radioactive waste would diminish over time compared to natural radioisotopes (such as the decay chain of 120 trillion tons of thorium and 40 trillion tons of uranium which are at relatively trace concentrations of parts per million each over the crust's 3 * 1019 ton mass). For instance, over a timeframe of thousands of years, after the most active short half-life radioisotopes decayed, burying U.S. nuclear waste would increase the radioactivity in the top 2000 feet of rock and soil in the United States (10 million km2) by 1 part in 10 million over the cumulative amount of natural radioisotopes in such a volume, although the vicinity of the site would have a far higher concentration of artificial radioisotopes underground than such an average.

Safety culture and human errors

The thermonuclear bomb that fell into the sea recovered off Palomares, Almería, 1966

One relatively prevalent notion in discussions of nuclear safety is that of safety culture. The International Nuclear Safety Advisory Group, defines the term as “the personal dedication and accountability of all individuals engaged in any activity which has a bearing on the safety of nuclear power plants”. The goal is “to design systems that use human capabilities in appropriate ways, that protect systems from human frailties, and that protect humans from hazards associated with the system”.

At the same time, there is some evidence that operational practices are not easy to change. Operators almost never follow instructions and written procedures exactly, and “the violation of rules appears to be quite rational, given the actual workload and timing constraints under which the operators must do their job”. Many attempts to improve nuclear safety culture “were compensated by people adapting to the change in an unpredicted way”.

According to Areva's Southeast Asia and Oceania director, Selena Ng, Japan's Fukushima nuclear disaster is "a huge wake-up call for a nuclear industry that hasn't always been sufficiently transparent about safety issues". She said "There was a sort of complacency before Fukushima and I don't think we can afford to have that complacency now".

An assessment conducted by the Commissariat à l’Énergie Atomique (CEA) in France concluded that no amount of technical innovation can eliminate the risk of human-induced errors associated with the operation of nuclear power plants. Two types of mistakes were deemed most serious: errors committed during field operations, such as maintenance and testing, that can cause an accident; and human errors made during small accidents that cascade to complete failure.

According to Mycle Schneider, reactor safety depends above all on a 'culture of security', including the quality of maintenance and training, the competence of the operator and the workforce, and the rigour of regulatory oversight. So a better-designed, newer reactor is not always a safer one, and older reactors are not necessarily more dangerous than newer ones. The 1979 Three Mile Island accident in the United States occurred in a reactor that had started operation only three months earlier, and the Chernobyl disaster occurred after only two years of operation. A serious loss of coolant occurred at the French Civaux-1 reactor in 1998, less than five months after start-up.

However safe a plant is designed to be, it is operated by humans who are prone to errors. Laurent Stricker, a nuclear engineer and chairman of the World Association of Nuclear Operators says that operators must guard against complacency and avoid overconfidence. Experts say that the "largest single internal factor determining the safety of a plant is the culture of security among regulators, operators and the workforce — and creating such a culture is not easy".

Investigative journalist Eric Schlosser, author of Command and Control, discovered that at least 700 "significant" accidents and incidents involving 1,250 nuclear weapons were recorded in the United States between 1950 and 1968. Experts believe that up to 50 nuclear weapons were lost during the Cold War.

Risks

The routine health risks and greenhouse gas emissions from nuclear fission power are small relative to those associated with coal, but there are several "catastrophic risks":

The extreme danger of the radioactive material in power plants and of nuclear technology in and of itself is so well known that the US government was prompted (at the industry's urging) to enact provisions that protect the nuclear industry from bearing the full burden of such inherently risky nuclear operations. The Price-Anderson Act limits industry's liability in the case of accidents, and the 1982 Nuclear Waste Policy Act charges the federal government with responsibility for permanently storing nuclear waste.

Population density is one critical lens through which other risks have to be assessed, says Laurent Stricker, a nuclear engineer and chairman of the World Association of Nuclear Operators:

The KANUPP plant in Karachi, Pakistan, has the most people — 8.2 million — living within 30 kilometres of a nuclear plant, although it has just one relatively small reactor with an output of 125 megawatts. Next in the league, however, are much larger plants — Taiwan's 1,933-megawatt Kuosheng plant with 5.5 million people within a 30-kilometre radius and the 1,208-megawatt Chin Shan plant with 4.7 million; both zones include the capital city of Taipei.

172,000 people living within a 30 kilometre radius of the Fukushima Daiichi nuclear power plant, have been forced or advised to evacuate the area. More generally, a 2011 analysis by Nature and Columbia University, New York, shows that some 21 nuclear plants have populations larger than 1 million within a 30-km radius, and six plants have populations larger than 3 million within that radius.

Black Swan events are highly unlikely occurrences that have big repercussions. Despite planning, nuclear power will always be vulnerable to black swan events:

A rare event – especially one that has never occurred – is difficult to foresee, expensive to plan for and easy to discount with statistics. Just because something is only supposed to happen every 10,000 years does not mean that it will not happen tomorrow. Over the typical 40-year life of a plant, assumptions can also change, as they did on September 11, 2001, in August 2005 when Hurricane Katrina struck, and in March, 2011, after Fukushima.

The list of potential black swan events is "damningly diverse":

Nuclear reactors and their spent-fuel pools could be targets for terrorists piloting hijacked planes. Reactors may be situated downstream from dams that, should they ever burst, could unleash massive floods. Some reactors are located close to faults or shorelines, a dangerous scenario like that which emerged at Three Mile Island and Fukushima – a catastrophic coolant failure, the overheating and melting of the radioactive fuel rods, and a release of radioactive material.

The AP1000 has an estimated core damage frequency of 5.09 x 10−7 per plant per year. The Evolutionary Power Reactor (EPR) has an estimated core damage frequency of 4 x 10−7 per plant per year. In 2006 General Electric published recalculated estimated core damage frequencies per year per plant for its nuclear power plant designs:

BWR/4 – 1 x 10−5
BWR/6 – 1 x 10−6
ABWR – 2 x 10−7
ESBWR – 3 x 10−8

Beyond design basis events

The Fukushima I nuclear accident was caused by a "beyond design basis event," the tsunami and associated earthquakes were more powerful than the plant was designed to accommodate, and the accident is directly due to the tsunami overflowing the too-low seawall. Since then, the possibility of unforeseen beyond design basis events has been a major concern for plant operators.

Transparency and ethics

According to journalist Stephanie Cooke, it is difficult to know what really goes on inside nuclear power plants because the industry is shrouded in secrecy. Corporations and governments control what information is made available to the public. Cooke says "when information is made available, it is often couched in jargon and incomprehensible prose".

Kennette Benedict has said that nuclear technology and plant operations continue to lack transparency and to be relatively closed to public view:

Despite victories like the creation of the Atomic Energy Commission, and later the Nuclear Regular Commission, the secrecy that began with the Manhattan Project has tended to permeate the civilian nuclear program, as well as the military and defense programs.

In 1986, Soviet officials held off reporting the Chernobyl disaster for several days. The operators of the Fukushima plant, Tokyo Electric Power Co, were also criticised for not quickly disclosing information on releases of radioactivity from the plant. Russian President Dmitry Medvedev said there must be greater transparency in nuclear emergencies.

Historically many scientists and engineers have made decisions on behalf of potentially affected populations about whether a particular level of risk and uncertainty is acceptable for them. Many nuclear engineers and scientists that have made such decisions, even for good reasons relating to long term energy availability, now consider that doing so without informed consent is wrong, and that nuclear power safety and nuclear technologies should be based fundamentally on morality, rather than purely on technical, economic and business considerations.

Non-Nuclear Futures: The Case for an Ethical Energy Strategy is a 1975 book by Amory B. Lovins and John H. Price. The main theme of the book is that the most important parts of the nuclear power debate are not technical disputes but relate to personal values, and are the legitimate province of every citizen, whether technically trained or not.

Nuclear and radiation accidents

The nuclear industry has an excellent safety record and the deaths per megawatt hour are the lowest of all the major energy sources. According to Zia Mian and Alexander Glaser, the "past six decades have shown that nuclear technology does not tolerate error". Nuclear power is perhaps the primary example of what are called ‘high-risk technologies’ with ‘catastrophic potential’, because “no matter how effective conventional safety devices are, there is a form of accident that is inevitable, and such accidents are a ‘normal’ consequence of the system.” In short, there is no escape from system failures.

Whatever position one takes in the nuclear power debate, the possibility of catastrophic accidents and consequent economic costs must be considered when nuclear policy and regulations are being framed.

Accident liability protection

Kristin Shrader-Frechette has said "if reactors were safe, nuclear industries would not demand government-guaranteed, accident-liability protection, as a condition for their generating electricity". No private insurance company or even consortium of insurance companies "would shoulder the fearsome liabilities arising from severe nuclear accidents".

Hanford Site

The Hanford site represents two-thirds of America's high-level radioactive waste by volume. Nuclear reactors line the riverbank at the Hanford Site along the Columbia River in January 1960.

The Hanford Site is a mostly decommissioned nuclear production complex on the Columbia River in the U.S. state of Washington, operated by the United States federal government. Plutonium manufactured at the site was used in the first nuclear bomb, tested at the Trinity site, and in Fat Man, the bomb detonated over Nagasaki, Japan. During the Cold War, the project was expanded to include nine nuclear reactors and five large plutonium processing complexes, which produced plutonium for most of the 60,000 weapons in the U.S. nuclear arsenal. Many of the early safety procedures and waste disposal practices were inadequate, and government documents have since confirmed that Hanford's operations released significant amounts of radioactive materials into the air and the Columbia River, which still threatens the health of residents and ecosystems. The weapons production reactors were decommissioned at the end of the Cold War, but the decades of manufacturing left behind 53 million US gallons (200,000 m3) of high-level radioactive waste, an additional 25 million cubic feet (710,000 m3) of solid radioactive waste, 200 square miles (520 km2) of contaminated groundwater beneath the site and occasional discoveries of undocumented contaminations that slow the pace and raise the cost of cleanup. The Hanford site represents two-thirds of the nation's high-level radioactive waste by volume. Today, Hanford is the most contaminated nuclear site in the United States and is the focus of the nation's largest environmental cleanup.

1986 Chernobyl disaster

Map showing Caesium-137 contamination in Belarus, Russia, and Ukraine as of 1996.

The Chernobyl disaster was a nuclear accident that occurred on 26 April 1986 at the Chernobyl Nuclear Power Plant in Ukraine. An explosion and fire released large quantities of radioactive contamination into the atmosphere, which spread over much of Western USSR and Europe. It is considered the worst nuclear power plant accident in history, and is one of only two classified as a level 7 event on the International Nuclear Event Scale (the other being the Fukushima Daiichi nuclear disaster). The battle to contain the contamination and avert a greater catastrophe ultimately involved over 500,000 workers and cost an estimated 18 billion rubles, crippling the Soviet economy. The accident raised concerns about the safety of the nuclear power industry, slowing its expansion for a number of years.

UNSCEAR has conducted 20 years of detailed scientific and epidemiological research on the effects of the Chernobyl accident. Apart from the 57 direct deaths in the accident itself, UNSCEAR predicted in 2005 that up to 4,000 additional cancer deaths related to the accident would appear "among the 600 000 persons receiving more significant exposures (liquidators working in 1986–87, evacuees, and residents of the most contaminated areas)". Russia, Ukraine, and Belarus have been burdened with the continuing and substantial decontamination and health care costs of the Chernobyl disaster.

Eleven of Russia's reactors are of the RBMK 1000 type, similar to the one at Chernobyl Nuclear Power Plant. Some of these RBMK reactors were originally to be shut down but have instead been given life extensions and uprated in output by about 5%. Critics say that these reactors are of an "inherently unsafe design", which cannot be improved through upgrades and modernization, and some reactor parts are impossible to replace. Russian environmental groups say that the lifetime extensions "violate Russian law, because the projects have not undergone environmental assessments".

2011 Fukushima I accidents

Fukushima reactor control room.
 
Following the 2011 Japanese Fukushima nuclear disaster, authorities shut down the nation's 54 nuclear power plants. As of 2013, the Fukushima site remains highly radioactive, with some 160,000 evacuees still living in temporary housing, and some land will be unfarmable for centuries. The difficult cleanup job will take 40 or more years, and cost tens of billions of dollars.

Despite all assurances, a major nuclear accident on the scale of the 1986 Chernobyl disaster happened again in 2011 in Japan, one of the world's most industrially advanced countries. Nuclear Safety Commission Chairman Haruki Madarame told a parliamentary inquiry in February 2012 that "Japan's atomic safety rules are inferior to global standards and left the country unprepared for the Fukushima nuclear disaster last March". There were flaws in, and lax enforcement of, the safety rules governing Japanese nuclear power companies, and this included insufficient protection against tsunamis.

A 2012 report in The Economist said: "The reactors at Fukushima were of an old design. The risks they faced had not been well analysed. The operating company was poorly regulated and did not know what was going on. The operators made mistakes. The representatives of the safety inspectorate fled. Some of the equipment failed. The establishment repeatedly played down the risks and suppressed information about the movement of the radioactive plume, so some people were evacuated from more lightly to more heavily contaminated places".

The designers of the Fukushima I Nuclear Power Plant reactors did not anticipate that a tsunami generated by an earthquake would disable the backup systems that were supposed to stabilize the reactor after the earthquake. Nuclear reactors are such "inherently complex, tightly coupled systems that, in rare, emergency situations, cascading interactions will unfold very rapidly in such a way that human operators will be unable to predict and master them".

Lacking electricity to pump water needed to cool the atomic core, engineers vented radioactive steam into the atmosphere to release pressure, leading to a series of explosions that blew out concrete walls around the reactors. Radiation readings spiked around Fukushima as the disaster widened, forcing the evacuation of 200,000 people. There was a rise in radiation levels on the outskirts of Tokyo, with a population of 30 million, 135 miles (210 kilometers) to the south.

Back-up diesel generators that might have averted the disaster were positioned in a basement, where they were quickly overwhelmed by waves. The cascade of events at Fukushima had been predicted in a report published in the U.S. several decades ago:

The 1990 report by the U.S. Nuclear Regulatory Commission, an independent agency responsible for safety at the country’s power plants, identified earthquake-induced diesel generator failure and power outage leading to failure of cooling systems as one of the “most likely causes” of nuclear accidents from an external event.

The report was cited in a 2004 statement by Japan's Nuclear and Industrial Safety Agency, but it seems adequate measures to address the risk were not taken by TEPCO. Katsuhiko Ishibashi, a seismology professor at Kobe University, has said that Japan's history of nuclear accidents stems from an overconfidence in plant engineering. In 2006, he resigned from a government panel on nuclear reactor safety, because the review process was rigged and “unscientific”.

According to the International Atomic Energy Agency, Japan "underestimated the danger of tsunamis and failed to prepare adequate backup systems at the Fukushima Daiichi nuclear plant". This repeated a widely held criticism in Japan that "collusive ties between regulators and industry led to weak oversight and a failure to ensure adequate safety levels at the plant". The IAEA also said that the Fukushima disaster exposed the lack of adequate backup systems at the plant. Once power was completely lost, critical functions like the cooling system shut down. Three of the reactors "quickly overheated, causing meltdowns that eventually led to explosions, which hurled large amounts of radioactive material into the air".

Louise Fréchette and Trevor Findlay have said that more effort is needed to ensure nuclear safety and improve responses to accidents:

The multiple reactor crises at Japan's Fukushima nuclear power plant reinforce the need for strengthening global instruments to ensure nuclear safety worldwide. The fact that a country that has been operating nuclear power reactors for decades should prove so alarmingly improvisational in its response and so unwilling to reveal the facts even to its own people, much less the International Atomic Energy Agency, is a reminder that nuclear safety is a constant work-in-progress. 

David Lochbaum, chief nuclear safety officer with the Union of Concerned Scientists, has repeatedly questioned the safety of the Fukushima I Plant's General Electric Mark 1 reactor design, which is used in almost a quarter of the United States' nuclear fleet.

A report from the Japanese Government to the IAEA says the "nuclear fuel in three reactors probably melted through the inner containment vessels, not just the core". The report says the "inadequate" basic reactor design — the Mark-1 model developed by General Electric — included "the venting system for the containment vessels and the location of spent fuel cooling pools high in the buildings, which resulted in leaks of radioactive water that hampered repair work".

Following the Fukushima emergency, the European Union decided that reactors across all 27 member nations should undergo safety tests.

According to UBS AG, the Fukushima I nuclear accidents are likely to hurt the nuclear power industry's credibility more than the Chernobyl disaster in 1986:

The accident in the former Soviet Union 25 years ago 'affected one reactor in a totalitarian state with no safety culture,' UBS analysts including Per Lekander and Stephen Oldfield wrote in a report today. 'At Fukushima, four reactors have been out of control for weeks – casting doubt on whether even an advanced economy can master nuclear safety.'

The Fukushima accident exposed some troubling nuclear safety issues:

Despite the resources poured into analyzing crustal movements and having expert committees determine earthquake risk, for instance, researchers never considered the possibility of a magnitude-9 earthquake followed by a massive tsunami. The failure of multiple safety features on nuclear power plants has raised questions about the nation's engineering prowess. Government flip-flopping on acceptable levels of radiation exposure confused the public, and health professionals provided little guidance. Facing a dearth of reliable information on radiation levels, citizens armed themselves with dosimeters, pooled data, and together produced radiological contamination maps far more detailed than anything the government or official scientific sources ever provided.

As of January 2012, questions also linger as to the extent of damage to the Fukushima plant caused by the earthquake even before the tsunami hit. Any evidence of serious quake damage at the plant would "cast new doubt on the safety of other reactors in quake-prone Japan".

Two government advisers have said that "Japan's safety review of nuclear reactors after the Fukushima disaster is based on faulty criteria and many people involved have conflicts of interest". Hiromitsu Ino, Professor Emeritus at the University of Tokyo, says "The whole process being undertaken is exactly the same as that used previous to the Fukushima Dai-Ichi accident, even though the accident showed all these guidelines and categories to be insufficient".

In March 2012, Prime Minister Yoshihiko Noda acknowledged that the Japanese government shared the blame for the Fukushima disaster, saying that officials had been blinded by a false belief in the country's "technological infallibility", and were all too steeped in a "safety myth".

Other accidents

Serious nuclear and radiation accidents include the Chalk River accidents (1952, 1958 & 2008), Mayak disaster (1957), Windscale fire (1957), SL-1 accident (1961), Soviet submarine K-19 accident (1961), Three Mile Island accident (1979), Church Rock uranium mill spill (1979), Soviet submarine K-431 accident (1985), Therac-25 accidents (1985-1987), Goiânia accident (1987), Zaragoza radiotherapy accident (1990), Costa Rica radiotherapy accident (1996), Tokaimura nuclear accident (1999), Sellafield THORP leak (2005), and the Flerus IRE cobalt-60 spill (2006).

Health impacts

Japan towns, villages, and cities around the Fukushima Daiichi nuclear plant. The 20km and 30km areas had evacuation and sheltering orders, and additional administrative districts that had an evacuation order are highlighted.

Four hundred and thirty-seven nuclear power stations are presently in operation but, unfortunately, five major nuclear accidents have occurred in the past. These accidents occurred at Kyshtym (1957), Windscale (1957), Three Mile Island (1979), Chernobyl (1986), and Fukushima (2011). A report in Lancet says that the effects of these accidents on individuals and societies are diverse and enduring:

"Accumulated evidence about radiation health effects on atomic bomb survivors and other radiation-exposed people has formed the basis for national and international regulations about radiation protection. However, past experiences suggest that common issues were not necessarily physical health problems directly attributable to radiation exposure, but rather psychological and social effects. Additionally, evacuation and long-term displacement created severe health-care problems for the most vulnerable people, such as hospital inpatients and elderly people."

In spite of accidents like these, studies have shown that nuclear deaths are mostly in uranium mining and that nuclear energy has generated far fewer deaths than the high pollution levels that result from the use of conventional fossil fuels. However, the nuclear power industry relies on uranium mining, which itself is a hazardous industry, with many accidents and fatalities.

Journalist Stephanie Cooke says that it is not useful to make comparisons just in terms of number of deaths, as the way people live afterwards is also relevant, as in the case of the 2011 Japanese nuclear accidents:

"You have people in Japan right now that are facing either not returning to their homes forever, or if they do return to their homes, living in a contaminated area for basically ever... It affects millions of people, it affects our land, it affects our atmosphere ... it's affecting future generations ... I don't think any of these great big massive plants that spew pollution into the air are good. But I don't think it's really helpful to make these comparisons just in terms of number of deaths".

The Fukushima accident forced more than 80,000 residents to evacuate from neighborhoods around the plant.

A survey by the Iitate, Fukushima local government obtained responses from some 1,743 people who have evacuated from the village, which lies within the emergency evacuation zone around the crippled Fukushima Daiichi Plant. It shows that many residents are experiencing growing frustration and instability due to the nuclear crisis and an inability to return to the lives they were living before the disaster. Sixty percent of respondents stated that their health and the health of their families had deteriorated after evacuating, while 39.9 percent reported feeling more irritated compared to before the disaster.

"Summarizing all responses to questions related to evacuees' current family status, one-third of all surveyed families live apart from their children, while 50.1 percent live away from other family members (including elderly parents) with whom they lived before the disaster. The survey also showed that 34.7 percent of the evacuees have suffered salary cuts of 50 percent or more since the outbreak of the nuclear disaster. A total of 36.8 percent reported a lack of sleep, while 17.9 percent reported smoking or drinking more than before they evacuated."

Chemical components of the radioactive waste may lead to cancer. For example, Iodine 131 was released along with the radioactive waste when Chernobyl disaster and Fukushima disasters occurred. It was concentrated in leafy vegetation after absorption in the soil. It also stays in animals’ milk if the animals eat the vegetation. When Iodine 131 enters the human body, it migrates to the thyroid gland in the neck and can cause thyroid cancer.

Other elements from nuclear waste can lead to cancer as well. For example, Strontium 90 causes breast cancer and leukemia, Plutonium 239 causes liver cancer.

Improvements to nuclear fission technologies

Redesigns of fuel pellets and cladding are being undertaken which can further improve the safety of existing power plants.

Newer reactor designs intended to provide increased safety have been developed over time. These designs include those that incorporate passive safety and Small Modular Reactors. While these reactor designs "are intended to inspire trust, they may have an unintended effect: creating distrust of older reactors that lack the touted safety features".

The next nuclear plants to be built will likely be Generation III or III+ designs, and a few such are already in operation in Japan. Generation IV reactors would have even greater improvements in safety. These new designs are expected to be passively safe or nearly so, and perhaps even inherently safe (as in the PBMR designs).

Some improvements made (not all in all designs) are having three sets of emergency diesel generators and associated emergency core cooling systems rather than just one pair, having quench tanks (large coolant-filled tanks) above the core that open into it automatically, having a double containment (one containment building inside another), etc.

Approximately 120 reactors, such as all those in Switzerland prior to and all reactors in Japan after the Fukushima accident, incorporate Filtered Containment Venting Systems, onto the containment structure, which are designed to relieve the containment pressure during an accident by releasing gases to the environment while retaining most of the fission products in the filter structures.

However, safety risks may be the greatest when nuclear systems are the newest, and operators have less experience with them. Nuclear engineer David Lochbaum explained that almost all serious nuclear accidents occurred with what was at the time the most recent technology. He argues that "the problem with new reactors and accidents is twofold: scenarios arise that are impossible to plan for in simulations; and humans make mistakes". As one director of a U.S. research laboratory put it, "fabrication, construction, operation, and maintenance of new reactors will face a steep learning curve: advanced technologies will have a heightened risk of accidents and mistakes. The technology may be proven, but people are not".

Developing countries

There are concerns about developing countries "rushing to join the so-called nuclear renaissance without the necessary infrastructure, personnel, regulatory frameworks and safety culture". Some countries with nuclear aspirations, like Nigeria, Kenya, Bangladesh and Venezuela, have no significant industrial experience and will require at least a decade of preparation even before breaking ground at a reactor site.

The speed of the nuclear construction program in China has raised safety concerns. The challenge for the government and nuclear companies is to "keep an eye on a growing army of contractors and subcontractors who may be tempted to cut corners". China has asked for international assistance in training more nuclear power plant inspectors.

Nuclear security and terrorist attacks

Nuclear power plants, civilian research reactors, certain naval fuel facilities, uranium enrichment plants, and fuel fabrication plants, are vulnerable to attacks which could lead to widespread radioactive contamination. The attack threat is of several general types: commando-like ground-based attacks on equipment which if disabled could lead to a reactor core meltdown or widespread dispersal of radioactivity; and external attacks such as an aircraft crash into a reactor complex, or cyber attacks.

The United States 9/11 Commission has said that nuclear power plants were potential targets originally considered for the September 11, 2001 attacks. If terrorist groups could sufficiently damage safety systems to cause a core meltdown at a nuclear power plant, and/or sufficiently damage spent fuel pools, such an attack could lead to widespread radioactive contamination. The Federation of American Scientists have said that if nuclear power use is to expand significantly, nuclear facilities will have to be made extremely safe from attacks that could release massive quantities of radioactivity into the community. New reactor designs have features of passive safety, which may help. In the United States, the NRC carries out "Force on Force" (FOF) exercises at all Nuclear Power Plant (NPP) sites at least once every three years.

Nuclear reactors become preferred targets during military conflict and, over the past three decades, have been repeatedly attacked during military air strikes, occupations, invasions and campaigns. Various acts of civil disobedience since 1980 by the peace group Plowshares have shown how nuclear weapons facilities can be penetrated, and the groups actions represent extraordinary breaches of security at nuclear weapons plants in the United States. The National Nuclear Security Administration has acknowledged the seriousness of the 2012 Plowshares action. Non-proliferation policy experts have questioned "the use of private contractors to provide security at facilities that manufacture and store the government's most dangerous military material". Nuclear weapons materials on the black market are a global concern, and there is concern about the possible detonation of a small, crude nuclear weapon by a militant group in a major city, with significant loss of life and property. Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran's nuclear facilities.

Nuclear fusion research

Nuclear fusion power is a developing technology still under research. It relies on fusing rather than fissioning (splitting) atomic nuclei, using very different processes compared to current nuclear power plants. Nuclear fusion reactions have the potential to be safer and generate less radioactive waste than fission. These reactions appear potentially viable, though technically quite difficult and have yet to be created on a scale that could be used in a functional power plant. Fusion power has been under theoretical and experimental investigation since the 1950s.

Construction of the International Thermonuclear Experimental Reactor facility began in 2007, but the project has run into many delays and budget overruns. The facility is now not expected to begin operations until the year 2027 – 11 years after initially anticipated. A follow on commercial nuclear fusion power station, DEMO, has been proposed. There is also suggestions for a power plant based upon a different fusion approach, that of an Inertial fusion power plant.

Fusion powered electricity generation was initially believed to be readily achievable, as fission power had been. However, the extreme requirements for continuous reactions and plasma containment led to projections being extended by several decades. In 2010, more than 60 years after the first attempts, commercial power production was still believed to be unlikely before 2050.

More stringent safety standards

Matthew Bunn, the former US Office of Science and Technology Policy adviser, and Heinonen, the former Deputy Director General of the IAEA, have said that there is a need for more stringent nuclear safety standards, and propose six major areas for improvement:

  • operators must plan for events beyond design bases;
  • more stringent standards for protecting nuclear facilities against terrorist sabotage;
  • a stronger international emergency response;
  • international reviews of security and safety;
  • binding international standards on safety and security; and
  • international co-operation to ensure regulatory effectiveness.

Coastal nuclear sites must also be further protected against rising sea levels, storm surges, flooding, and possible eventual "nuclear site islanding".

Passive nuclear safety

From Wikipedia, the free encyclopedia

Passive nuclear safety is a design approach for safety features, implemented in a nuclear reactor, that does not require any active intervention on the part of the operator or electrical/electronic feedback in order to bring the reactor to a safe shutdown state, in the event of a particular type of emergency (usually overheating resulting from a loss of coolant or loss of coolant flow). Such design features tend to rely on the engineering of components such that their predicted behaviour would slow down, rather than accelerate the deterioration of the reactor state; they typically take advantage of natural forces or phenomena such as gravity, buoyancy, pressure differences, conduction or natural heat convection to accomplish safety functions without requiring an active power source. Many older common reactor designs use passive safety systems to a limited extent, rather, relying on active safety systems such as diesel powered motors. Some newer reactor designs feature more passive systems; the motivation being that they are highly reliable and reduce the cost associated with the installation and maintenance of systems that would otherwise require multiple trains of equipment and redundant safety class power supplies in order the achieve the same level of reliability. However, weak driving forces that power many passive safety features can pose significant challenges to effectiveness of a passive system, particularly in the short term following an accident.

Terminology

'Passive safety' describes any safety mechanisms the engagement of which requires little or no outside power or human control. Modern reactor designs have focused on increasing the number of passive systems to mitigate risk of compounding human error.

Despite the increased safety associated with greater coverage by passive systems, all current large-scale nuclear reactors require both external (active) and internal (passive) systems. There are no 'passively safe' reactors, only systems and components. Safety systems are used to maintain control of the plant if it goes outside normal conditions in case of anticipated operational occurrences or accidents, while the control systems are used to operate the plant under normal conditions. Sometimes a system combines both features. Passive safety refers to safety system components, whereas inherent safety refers to control system process regardless of the presence or absence of safety specific subsystems.

An example of a safety system with passive safety components is the containment vessel of a nuclear reactor. The concrete walls and the steel liner of the vessel exhibit passive safety, but require active systems (valves, feedback loops, external instrumentation, control circuits, etc.) which require external power and human operation to function.

The International Atomic Energy Agency (IAEA) classifies the degree of "passive safety" of components from category A to D depending on what the system does not make use of:

  1. no moving working fluid
  2. no moving mechanical part
  3. no signal inputs of 'intelligence'
  4. no external power input or forces

In category A (1+2+3+4) is the fuel cladding, the protective and nonreactive outer layer of the fuel pellet, which uses none of the above features: It is always closed and keeps the fuel and the fission products inside and is not open before arriving at the reprocessing plant. In category B (2+3+4) is the surge line, which connects the hot leg with the pressurizer and helps to control the pressure in the primary loop of a PWR and uses a moving working fluid when fulfilling its mission. In category C (3+4) is the accumulator, which does not need signal input of 'intelligence' or external power. Once the pressure in the primary circuit drops below the set point of the spring-loaded accumulator valves, the valves open and water is injected into the primary circuit by compressed nitrogen. In category D (4 only) is the SCRAM which utilizes moving working fluids, moving mechanical parts and signal inputs of 'intelligence' but not external power or forces: the control rods drop driven by gravity once they have been released from their magnetic clamp. But nuclear safety engineering is never that simple: Once released the rod may not fulfil its mission: It may get stuck due to earthquake conditions or due to deformed core structures. This shows that though it is a passively safe system and has been properly actuated, it may not fulfil its mission. Nuclear engineers have taken this into consideration: Typically only a part of the rods dropped are necessary to shut down the reactor. Samples of safety systems with passive safety components can be found in almost all nuclear power stations: the containment, hydro-accumulators in PWRs or pressure suppression systems in BWRs.

In most texts on 'passively safe' components in next generation reactors, the key issue is that no pumps are needed to fulfil the mission of a safety system and that all active components (generally I&C and valves) of the systems work with the electric power from batteries.

IAEA explicitly uses the following caveat:

... passivity is not synonymous with reliability or availability, even less with assured adequacy of the safety feature, though several factors potentially adverse to performance can be more easily counteracted through passive design (public perception). On the other hand active designs employing variable controls permit much more precise accomplishment of safety functions; this may be particularly desirable under accident management conditions.

Nuclear reactor response properties such as Temperature coefficient of reactivity and Void coefficient of reactivity usually refer to the thermodynamic and phase-change response of the neutron moderator heat transfer process respectively. Reactors whose heat transfer process has the operational property of a negative void coefficient of reactivity are said to possess an inherent safety process feature. An operational failure mode could potentially alter the process to render such a reactor unsafe.

Reactors could be fitted with a hydraulic safety system component that increases the inflow pressure of coolant (esp. water) in response to increased outflow pressure of the moderator and coolant without control system intervention. Such reactors would be described as fitted with such a passive safety component that could – if so designed – render in a reactor a negative void coefficient of reactivity, regardless of the operational property of the reactor in which it is fitted. The feature would only work if it responded faster than an emerging (steam) void and the reactor components could sustain the increased coolant pressure. A reactor fitted with both safety features – if designed to constructively interact – is an example of a safety interlock. Rarer operational failure modes could render both such safety features useless and detract from the overall relative safety of the reactor.

Examples of passive safety in operation

Traditional reactor safety systems are active in the sense that they involve electrical or mechanical operation on command systems (e.g., high-pressure water pumps). But some engineered reactor systems operate entirely passively, e.g., using pressure relief valves to manage overpressure. Parallel redundant systems are still required. Combined inherent and passive safety depends only on physical phenomena such as pressure differentials, convection, gravity or the natural response of materials to high temperatures to slow or shut down the reaction, not on the functioning of engineered components such as high-pressure water pumps.

Current pressurized water reactors and boiling water reactors are systems that have been designed with one kind of passive safety feature. In the event of an excessive-power condition, as the water in the nuclear reactor core boils, pockets of steam are formed. These steam voids moderate fewer neutrons, causing the power level inside the reactor to lower. The BORAX experiments and the SL-1 meltdown accident proved this principle.

A reactor design whose inherently safe process directly provides a passive safety component during a specific failure condition in all operational modes is typically described as relatively fail-safe to that failure condition. However most current water-cooled and -moderated reactors, when scrammed, can not remove residual production and decay heat without either process heat transfer or the active cooling system. In other words, whilst the inherently safe heat transfer process provides a passive safety component preventing excessive heat while the reactor is operating, the same inherently safe heat transfer process does not provide a passive safety component if the reactor is shut down (SCRAMed). The Three Mile Island accident exposed this design deficiency: the reactor and steam generator were shut down but with loss of coolant it still suffered a partial meltdown.

Third generation designs improve on early designs by incorporating passive or inherent safety features which require no active controls or (human) operational intervention to avoid accidents in the event of malfunction, and may rely on pressure differentials, gravity, natural convection, or the natural response of materials to high temperatures.

In some designs the core of a fast breeder reactor is immersed into a pool of liquid metal. If the reactor overheats, thermal expansion of the metallic fuel and cladding causes more neutrons to escape the core, and the nuclear chain reaction can no longer be sustained. The large mass of liquid metal also acts as a heatsink capable of absorbing the decay heat from the core, even if the normal cooling systems would fail.

The pebble bed reactor is an example of a reactor exhibiting an inherently safe process that is also capable of providing a passive safety component for all operational modes. As the temperature of the fuel rises, Doppler broadening increases the probability that neutrons are captured by U-238 atoms. This reduces the chance that the neutrons are captured by U-235 atoms and initiate fission, thus reducing the reactor's power output and placing an inherent upper limit on the temperature of the fuel. The geometry and design of the fuel pebbles provides an important passive safety component.

Single fluid fluoride molten salt reactors feature fissile, fertile and actinide radioisotopes in molecular bonds with the fluoride coolant. The molecular bonds provide a passive safety feature in that a loss-of-coolant event corresponds with a loss-of-fuel event. The molten fluoride fuel can not itself reach criticality but only reaches criticality by the addition of a neutron reflector such as pyrolytic graphite. The higher density of the fuel along with additional lower density FLiBe fluoride coolant without fuel provides a flotation layer passive safety component in which lower density graphite that breaks off control rods or an immersion matrix during mechanical failure does not induce criticality. Gravity driven drainage of reactor liquids provides a passive safety component.

Low power swimming pool reactors such as the SLOWPOKE and TRIGA have been licensed for unattended operation in research environments because as the temperature of the low-enriched (19.75% U-235) uranium alloy hydride fuel rises, the molecular bound hydrogen in the fuel cause the heat to be transferred to the fission neutrons as they are ejected. This Doppler shifting or spectrum hardening dissipates heat from the fuel more rapidly throughout the pool the higher the fuel temperature increases ensuring rapid cooling of fuel whilst maintaining a much lower water temperature than the fuel. Prompt, self-dispersing, high efficiency hydrogen-neutron heat transfer rather than inefficient radionuclide-water heat transfer ensures the fuel cannot melt through accident alone. In uranium-zirconium alloy hydride variants, the fuel itself is also chemically corrosion resistant ensuring a sustainable safety performance of the fuel molecules throughout their lifetime. A large expanse of water and the concrete surround provided by the pool for high energy neutrons to penetrate ensures the process has a high degree of intrinsic safety. The core is visible through the pool and verification measurements can be made directly on the core fuel elements facilitating total surveillance and providing nuclear non-proliferation safety. Both the fuel molecules themselves and the open expanse of the pool are passive safety components. Quality implementations of these designs are arguably the safest nuclear reactors.

Examples of reactors using passive safety features

Three Mile Island Unit 2 was unable to contain about 480 PBq of radioactive noble gases from release into the environment and around 120 kL of radioactive contaminated cooling water from release beyond the containment into a neighbouring building. The pilot-operated relief valve at TMI-2 was designed to shut automatically after relieving excessive pressure inside the reactor into a quench tank. However the valve mechanically failed causing the PORV quench tank to fill, and the relief diaphragm to eventually rupture into the containment building. The containment building sump pumps automatically pumped the contaminated water outside the containment building. Both a working PORV with quench tank and separately the containment building with sump provided two layers of passive safety. An unreliable PORV negated its designed passive safety. The plant design featured only a single open/close indicator based on the status of its solenoid actuator, instead of a separate indicator of the PORV's actual position. This rendered the mechanical reliability of the PORV indeterminate directly, and therefore its passive safety status indeterminate. The automatic sump pumps and/or insufficient containment sump capacity negated the containment building designed passive safety.

The notorious RBMK graphite moderated, water-cooled reactors of Chernobyl Power Plant disaster were designed with a positive void coefficient with boron control rods on electromagnetic grapples for reaction speed control. To the degree that the control systems were reliable, this design did have a corresponding degree of active inherent safety. The reactor was unsafe at low power levels because erroneous control rod movement would have a counter-intuitively magnified effect. Chernobyl Reactor 4 was built instead with manual crane driven boron control rods that were tipped with the moderator substance, graphite, a neutron reflector. It was designed with an Emergency Core Cooling System (ECCS) that depended on either grid power or the backup Diesel generator to be operating. The ECCS safety component was decidedly not passive. The design featured a partial containment consisting of a concrete slab above and below the reactor – with pipes and rods penetrating, an inert gas filled metal vessel to keep oxygen away from the water-cooled hot graphite, a fire-proof roof, and the pipes below the vessel sealed in secondary water filled boxes. The roof, metal vessel, concrete slabs and water boxes are examples of passive safety components. The roof in the Chernobyl Power Plant complex was made of bitumen – against design – rendering it ignitable. Unlike the Three Mile Island accident, neither the concrete slabs nor the metal vessel could contain a steam, graphite and oxygen driven hydrogen explosion. The water boxes could not sustain high pressure failure of the pipes. The passive safety components as designed were inadequate to fulfill the safety requirements of the system.

The General Electric Company ESBWR (Economic Simplified Boiling Water Reactor, a BWR) is a design reported to use passive safety components. In the event of coolant loss, no operator action is required for three days.

The Westinghouse AP1000 ("AP" standing for "Advanced Passive") uses passive safety components. In the event of an accident, no operator action is required for 72 hours. Recent version of the Russian VVER have added a passive heat removal system to the existing active systems, utilising a cooling system and water tanks built on top of the containment dome.

The integral fast reactor was a fast breeder reactor run by the Argonne National Laboratory. It was a sodium cooled reactor capable of withstanding a loss of (coolant) flow without SCRAM and loss of heatsink without SCRAM. This was demonstrated throughout a series of safety tests in which the reactor successfully shut down without operator intervention. The project was canceled due to proliferation concerns before it could be copied elsewhere.

The Molten-Salt Reactor Experiment (MSRE) was a molten salt reactor run by the Oak Ridge National Laboratory. It was nuclear graphite moderated and the coolant salt used was FLiBe, which also carried the uranium-233 fluoride fuel dissolved in it. The MSRE had a negative temperature coefficient of reactivity: as the FLiBe temperature increased, it expanded, along with the uranium ions it carried; this decreased density resulted in a reduction of fissile material in the core, which decreased the rate of fission. With less heat input, the net result was that the reactor would cool. Extending from the bottom of the reactor core was a pipe that lead to passively cooled drain tanks. The pipe had a "freeze valve" along its length, in which the molten salt was actively cooled to a solid plug by a fan blowing air over the pipe. If the reactor vessel developed excessive heat or lost electric power to the air cooling, the plug would melt; the FLiBe would be pulled out of the reactor core by gravity into dump tanks, and criticality would cease as the salt lost contact with the graphite moderator.

The General Atomics HTGR design features a fully passive and inherently safe decay heat removal system, termed the Reactor Cavity Cooling System (RCCS). In this design, an array of steel ducts line the concrete containment (and hence surround the reactor pressure vessel) which provide a flow path for air driven natural circulation from chimneys positioned above grade. Derivatives of this RCCS concept (with either air or water as the working fluid) has also been featured in other gas-cooled reactor designs, including the Japanese High-temperature engineering test reactor, the Chinese HTR-10, the South African PBMR, and the Russian GT-MHR. While none of these designs have been commercialized for power generation research in these areas is active, specifically in support of the Generation IV initiative and NGNP programs, with experimental facilities at Argonne National Laboratory (home to the Natural convection Shutdown heat removal Test Facility, a 1/2 scale air-cooled RCCS) and the University of Wisconsin (home to separate 1/4 scale air and water-cooled RCCS).

 

Operator (computer programming)

From Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Operator_(computer_programmin...