From Chernobyl to Fukushima

Twentyfive years ago an accident at the Chernobyl unit 4 nuclear power station destroyed the reactor and released massive amounts of radioactivity into the environment. Contamination of vast areas of land, mostly in Belarus and Ukraine but also reaching as far as central and Western Europe, persists to this day. Most of the cesium-137 released that day has yet to decay.

It can be argued that the lessons of Chernobyl had been fading much more quickly than the radiation. With fear of Global Warming growing, the nuclear industry was pushing for new reactors to be constructed and old reactors, many of which had been constructed in the 1970s, to have their operating spans extended by another decade or two. One such reactor was Fukushima 1 unit 1, the oldest of the Fukushima reactors, which started up on March 26, 1971. Its original operating span of 40 years would have expired at the end of March 2011, but it had its license extended by another ten years in February. Unlike its siblings units 2 and 3, unit 1 was an older type called BWR3 (the others were of a type called BWR4). One difference between them is that the BWR4 has a Reactor Core Isolation Cooling (RCIC) system. During a loss of all grid and backup power a steam turbine running off decay heat in the core could still pump water from the Suppression Chamber into the reactor core. The BWR3 makes do with an isolation condensor, which relies on electric pumps to cool and condense steam from the reactor using cold outside water. Once the pumps stop, the isolation condenser stops cooling steam. With the RCIC at least liquid water was being injected as long as there was battery power to control valves and the water in the suppression chamber wasn’t boiling yet.

According to the AREVA report, cooling in the isolation condenser in unit 1 stopped at 16:36 on March 11, less than an hour after the backup diesel generators had failed. By contrast, the RCIC pump in unit 3 continued until 02:44 on March 13, about 35 hours after loss of backup power. In unit 2 the RCIC survived until 13:25 on March 14, some 46 hours after the accident.

Immediately after the emergency stop (“scram”) of the reactors, the fuel rods were still producing 6% of the original thermal output in decay heat, which is why cooling was desperately needed. After 24 hours the decay heat had dropped to 1% of original output. From there it takes another 4 days for the output to drop by half again (0.5%). Without adequate cooling, the water level inside the reactor drops and the steam pressure in the reactor pressure vessel (RPV) goes up. At some point a valve opens and steam is released into the suppression chamber (wet well) at the bottom of the reactor. Once the water level drops too far the exposed fuel rods overheat until zirconium cladding gets damaged and nuclear waste starts leaking from inside the fuel rods. At 1200C the zirconium rods start burning in a steam atmosphere, releasing hydrogen as a byproduct. It was estimated that in unit 1 between 300 and 600kg of hydrogen were produced that way (300-1000 kg in units 2 and 3, which hold more fuel). The hydrogen leaks through the water in the wet well into the dry well. This is the first containment of the reactor, which is designed for a pressure of a little over 4 bar. If the containment pressure gets too high, there is no alternative but to release steam and hydrogen from the containment into the environment, along with radioactivity from the damaged fuel rods.

Unit 1 was completely without cooling water for 27 hours (until 20:20 on March 12). Units 2 and 3 were without cooling water for 7 hours (until 20:33 on March 14 and 09:38 on March 13, respectively). Because of the far longer period without cooling, 70% of the fuel assemblies in unit 1 is estimated to be damaged, versus 30% in unit 2 and 25% in unit 3. Perhaps if unit 1 had also had an RCIC system like units 2 and 3, it could have avoided that high degree of fuel damage. All three units were designed before the Three Mile Island (TMI) accident that highlighted the risks of losing core cooling and consequent hydrogen buildup.

When the containment vessel is vented, the gases are normally scrubbed (filtered) before being fed into a pipe that goes up a tall steel tower located between two of the units (1 and 2, 3 and 4, 5 and 6). That is not what happened. In units 1 and 3 radioactive steam and hydrogen ended up leaking into the upper part of the reactor building, the service floor above the containment, where the spent fuel pool and a crane for refueling and unloading the reactor are located. After TMI, hardened pipes were installed in US boiling water reactors for venting gas, but apparently Tepco didn’t think it was worth spending money that could instead be paid to its shareholders as dividends. Perhaps the leak occurred because insufficiently robust venting pipes had already been damaged by the initial earthquake, or perhaps the pressure was too high because Tepco waited too long with venting, hoping to still get pumps going again in time and save its capital investment. Whatever the reason, had the venting occurred through the tower, the reactor buildings might have survived and the spent fuel pools wouldn’t be lying full of debris from the collapsed structure now.

As an engineer, I know how difficult it is to build and operate complex systems. Often you might hear engineers confess they’re glad what they’re designing wasn’t used to run a nuclear power station, or fly an aircraft or run medical equipment. It’s one thing when failure of technology causes loss of data or loss of money, but it’s quite another if people die as a result. That is a grave responsibility.

Most of us engineers are aware of our imperfections. It takes careful design and implementation to build mission-critical systems. For example, a friend of mine was working on the avionics of the Airbus A-320, the first fly-by-wire commercial aircraft. Airbus had multiple programmers implement the software in different programming languages and using different hardware platforms in order to ensure that it was as unlikely as possible that if one system failed the other would be in trouble too. Environments such as airlines and nuclear power stations require a corporate culture where safety is always the top priority. Not cost, not convenience, not customer expectations — only safety.

That is not how Tepco has been operating. They have been caught red handed, again and again. One of the most embarrassing cases even involved Fukushima 1 unit 1:

Faked pressure test
Yet in the most serious case of all, Tepco officials are alleged to have faked a pressure test designed to test the integrity of the containment building. The test involves pumping nitrogen gas into the building to increase the pressure to about three times atmospheric pressure, then taking pressure readings to measure the leak rate.

Regulations state that the leak rate must be less than 0.45% per day. However, at Fukushima I-1 in 1992, the company conducted its own tests before the government inspectors turned up, and discovered that the building might not pass the test. One source quoted in the Daily Yomiuri said that leak rates fluctuated from 0.3% to 2.5% per day.

Documents found at Hitachi by Tepco’s own investigative team describe a method to fake the test by secretly pumping in extra air from the main steam isolation valve. At the time, Hitachi had a contract to check Tepco equipment. It is alleged that Tepco officials followed this procedure when the government inspectors were checking the leak rate.

Japan: nuclear scandal widens and deepens (WISE, 2002-10-04)

It has been argued that nuclear power could never be safe in a country so criss crossed with earthquake fault lines as Japan is. But the forces of nature are not the only challenge facing nuclear technology. Chernobyl exploded because of operator errors. Fukushima failed because of mistakes made by the humans who designed and operated it. The Fukushima I nuclear disaster was a man-made disaster, with a natural disaster acting only as the trigger.

In 2001 and again in 2009, researchers had published evidence of past huge tsunamis in the region, which were ignored by the nuclear industry. Fukushima 1 was kept running, without any upgrade to its breakwaters. When the quake struck on March 11, 2011, unit 1 was set to operate until 2021, without the reactor core isolation cooling system that the other units have had since the 1970s and without the upgraded venting systems that US reactors have had since the 1980s.

Instead of thinking of ways to upgrade these ancients plants to at least make them a little bit safer, Tepco was being creative only in dodging vital inspections, for example to hide their leaking containment that was supposed to protect the tens of thousands of people living near the reactors. Extending the lifetime of the plants by another 10 or 20 years with the least amount of money spent was going to be profitable to Tepco shareholders. As a result, hundreds of square kilometers have now become a nuclear wasteland, 90,000 people have lost their homes and probably over a trillion yen (US$12 billion) will have to be spent on cleaning up the mess at the reactor site over a number of years.

See also:

2 thoughts on “From Chernobyl to Fukushima

  1. I am interested in learning more about the RCIC valves in this failure. Specifically I’m interested to know why these valves were not forced to stay open so that when battery power ran out they would remain open.

    Thank you for your discussion.

  2. Unfortunately my knowledge of how those valves are operated is not more detailed than what I have gathered from newspaper articles.

    However, regardless of the valve control issue the RCIC system would have failed eventually because the liquid water it pumped into the reactor came from the suppression chamber (S/C), which gets heated by hot steam vented from the reactor pressure vessel. Thus its capacity to absorb heat is limited.

    Eventually all the water in the S/C turns into steam, which means too much steam pressure and therefore the need to vent radioactive gas first into the containment, then into the atmosphere, as well as running out of liquid water inside the building.

    Without a working heat exchanger that removes heat from inside the reactor using pumped sea water or some kind of air cooling there is no way to permanently remove megawatts of decay heat and turning steam back into water. All such systems require a power source.

    The RCIC is not designed to carry heat outside the building, only outside of the core. It is a stopgap measure that buys time, not a permanent backup system that could have replaced the failed cooling system. Unfortunately it didn’t buy enough time, given that it took not hours, not a day or two but over a week before grid power could be restored and when it was restored, it turned out that none of the electric pumps of the RHRS were still usable.

Leave a Reply

Your email address will not be published.