World Is Ignoring Most Important Lesson From Fukushima

mdsolar writes "Kenichi Ohmae, an MIT-trained nuclear engineer also widely regarded as Japan's top management guru, is dean of Business Breakthrough University. In the CSM he writes: 'Fukushima's most important lesson is this: Probability theory (that disaster is unlikely) failed us. If you have made assumptions, you are not prepared. Nuclear power plants should have multiple, reliable ways to cool reactors. Any nuclear plant that doesn't heed this lesson is inviting disaster.'"

Correct

[geekoid]

Which is why modern reactors depends on gravity; which to the best of my knowledge has never been turned off.

Re:Correct

[BagOBones]

That doesn't solve the problem of all the OLD reactors that are now past the original intended end of life for their design.

Re:Correct

[Mitchell314]

Right. Everybody's percolating coffee machines wouldn't work. Death would be a welcome reprieve should this horrible reality come into being.

Re:Correct

[ArhcAngel]

Nuke em...It's the only way to be sure.

Re:Correct

[Troggie87]

For those who don't follow reactor tech and don't know whats being talked about, liquid sodium reactors use literally a vat of salts and radioactive material in a magma-like sludge. There is a plug at the bottom of the vat with a melting point that is well above operating spec, but well within reach if the reactor lost cooling. If all other failsafes are disabled, the plug melts and all the molten sludge runs into 2-3 smaller tanks. The reaction then stops being self sustaining, and you just have to recover the containment units and repair the reactor. Its literally idiot proof barring a fault line opening a chasm beneath the plant or a direct asteroid impact.

There are also gravity-fed means of cooling conventional reactors, but I wouldn't call any of them fool proof. Liquid sodium seems like the best bet to me from a safety standpoint, at least as far as using up existing nuclear material. Thorium reactors show promise as well, but since we have a ton of reusable nuclear material liquid sodium would be my choice from a practicality standpoint.

Re:Correct

[hydrofix]

He is referring to a passive cooling systems (aka. convection cooling, gravity cooling or natural cooling). Such systems are great and essential safety feature in modern reactors, and Fukushima Daiichi actually had a passive emergency cooling system. However, with current technology such systems can only contain the decay heat for up to 72 hours. It is only a temporary system, giving technicians time to restore external power to cooling pumps. This can be problematic in a catastrophic situation (such as natural disaster).

Re:Correct

[KreAture]

Actually, the plug in the bottom is not made of any other substance. It is simply reactor melt that is cooled by an external system to keep it from flowing.
You are correct however in that if, for any reason, external cooling of this "freeze plug" is stopped, the plug melts and the reactor content drains to split storage tanks stopping the reaction.
The stopping of external cooling may be due to all power generation is lost (no power to cooling), external system is destroied or ruined (natural disaster) or everybody on the plant has already left and the plant is left to fend for itself and fails (zombie invasion).

As you say however, it seems to me too, to be the best solution so far.

A benefit of Fukushima (if we look hard) is that the research on other types of reactors are now starting again, even though they can't produce nuclear weapons.

Re:Correct

[NeutronCowboy]

Molten salt reactors introduce a new problem though: the material is highly corrosive, and there are few materials that have even been tested that could provide a proper lifespan to the reactor. Furthermore, maintenance on the entire primary loop is like maintenance on the containment vessel for water cooled reactors: you just don't do it. This means that while the system is safer from a human fuck-up perspective, it presents brand-new engineering, construction and maintenance challenges.

Re:Correct

[Internetuser1248]

That's just the kind of reckless thinking that caused the failure in the first place. We must provide for EVERY contingency, no matter how unlikely! For the children!

Unfortunately unwashed masses that inhale fumes from coal plants every day go batshit insane when they hear 'nuclear' and politicians play along. I am all for closing all nukes at once. Maybe those ignorant hippies, who don't understand how the world they live in works and what greases its wheels, will learn something from blackouts, brownouts and less juice for their apple branded gizmos.

Basically a "suitable" site can't be:

* within 1 light year of anything else * actually engage in any sort of nuclear reactions * use the standing nuclear infrastructure for anything * produce any waste whatsoever. It produces clean drinking water, power, and air? BAD! BAAAAAAD! * "actually" nuclear in any way, shape or form. * use any technology that doesn't have at least 50,000 years of hardcore reliability testing * offend anyone's delicate sensibilities in any way

Basically there is no such thing as a "suitable" site for these people. Because the second someone says "nuclear" their head turns off COMPLETELY (if it wasn't already off) and the first thing out of their yap-holes is "bombs" "Hiroshima" "Nagasaki", "Three Mile Island", "Chernobyl" and now "Fukashima".

***
Is it just me, or are the nuclear power lobby on slashdot getting more and more emotional and less and less coherent?

Error in translation?

[ceoyoyo]

Either there's an error in translation or the MIT trained nuclear engineer has forgotten what probability theory is.

Having multiple means of cooling a reactor sounds like a good idea, but that will only reduce the probability of disaster.

Re:Error in translation?

[Sir_Sri]

Got it in 1.

The article even states, all of this would have been avoided if it had maintained even one connection to the grid. They had 5. Now they may have all failed at once because they were basically all the same and they weren't really redundant, but past this layer they had multiple generators at each reactor so even if the external power did fail there was something to go on.

He is sort of right, in the same way security researchers in computing systems talk about never assuming a system is secure. You need layers of defences, detection, prevention, repair, redundancy etc. But I don't think anyone disputes that, nor is there any evidence they didn't have those things. They may have implemented them badly, maliciously, but they picked a probability of failure and said 'that's good enough for the money we have'.

There are lots of theories about designing reactors that are fundamentally more safe, they won't have runaway heating for example (a by product of how uranium undergoes nuclear reactions, and how the reactors are built to deal with that). I'm not sure anyone is suggesting we should somehow not consider those designs superior in some way. But no matter what you design you can only build so much redundancy into the system. If your error tolerance is 1/10K years, then why not 1/100k years? Why not 1/1M years? With any physical thing there is a probability of something going really wrong. Suggesting otherwise is lying. You choose your risk tolerance. Ultimately the people who pay the bills have to decide what the risk is worth. If a nuclear reactor cost 100 billion dollars, and had a 1 in a billion chance of failing per year is that good enough? It could still get hit by a 1 in a billion event after all.

Re:Error in translation?

[NatasRevol]

If you're near any large body of water, they're very likely to happen together and should always be considered that way.

Re:Error in translation?

[Baloroth]

The risk tolerance should be for an event that causes significantly more damage in and of itself than the reactor meltdown would. Someone above mentioned an asteroid collision. An asteroid of significant size would cause far more damage than the destroyed reactor would. You can also make the engineering such that even in extreme failure conditions, the amount of radioactive spreading is minimal (although, again, an asteroid would pretty much splatter the uranium everywhere).

I would argue that the Fukushima disaster actually did meet this criterion: far more people were killed by the earthquake/tsunami than will ever be killed by the radiation (in fact, the disaster probably killed more people than all the nuclear reactor accidents ever put together) released, and the cleanup will be a fairly small fraction of the total cost of the disaster. Obviously, they could have been better designed and survived even this (a modern reactor would have), but the simple fact is a disaster bad enough to take out a well-designed nuclear reactor will dwarf the damage caused by the reactor malfunction itself.

The PR disaster is a different story.

Re:Error in translation?

[RightwingNutjob]

Too many people learn risk management like this:

The probability of a widget failing is 0.001. The cost of a widget failing for us is $1000. Therefore, we should budget $1 per widget to cover the expected failures.

Trouble is, this only makes sense if you make 10000 widgets. Then you expect 0.001 x 10000 x 1000= 1000x(10 +/- sqrt(10)) failures (assuming widget failures are independent and uncorrelated events, which means the expected number of failures follow a Poisson distribution), so if yo budget
$20000 = 1000 x (~10 + 3*sqrt(10)), you'll be covered 99% of the time.

Note that "99% of the time" means that if you make 100 production runs of 10000 widgets, and budget $20000 for covering failures on each run, you'll be good for 99 of those 100 runs, and you might be over budget on the 100th.

When you make exactly one widget, and it costs you $1000 if it fails, and you estimate that the probability of failure is 0.001, and you budget exactly $1 to cover failures, what you've done is you've wasted $1, and you're still not covered, because if your one widget fails, you don't have the budget to cover it.

There was exactly one Fukushima plant, and when you talk about risk analysis for something like that, anything that is remotely likely to cause a catastrophic failure needs to be fully accounted for, because there is no such thing as an amortized catastrophic failure. It either works or it blows up in your face, not a small percentage of your face.

Reckless!

That's just the kind of reckless thinking that caused the failure in the first place. We must provide for EVERY contingency, no matter how unlikely!

For the children!

Re:Reckless!

[lgw]

From what I understand pebble-bed reactors don't even count on gravity-fed cooling. The reaction simply stops if it gets too hot, effectively setting a maximum temp that won't burn through concrete.

Of course, pebble-bed was more about demonstrating idiot-proof safety than practical power generation, but it would actually work just fine (if not as cheaply as more sophisticated designs).

Re:Reckless!

The "only" problem with pebble bed reactors is that if the pebbles are exposed to air, such as if the coolant is lost, they violently burst into flames and spew forth high radioactive and toxic smoke. Not exactly idiot proof if you ask me.

Re:Reckless!

[TheLink]

To prevent that from happening even if air leaks in, there's supposed to be a coating on ALL the pebbles that needs to be good and intact. I don't call that significant redundancy, hence I don't consider the design that safe.

Re:Reckless!

[TheTurtlesMoves]

The prototype pebble bed reactor in Germany was complete failure. Not only was there some serious leaks and breaches during operation, but it has also become a decommissioning nightmare. That was without anything going "seriously" wrong. They are not the magic nuclear energy elixir you have been lead to believe they are.

Re:Reckless!

[orzetto]

pebble-bed was more about demonstrating idiot-proof safety

Then it did not work very well, considering that one of the two pebble-bed reactor ever built and operated is classified as the highest beta-contaminated site worldwide. In the other one, the pebble design caused a number of issued with feeding, as pebbles would get lodged (maybe only 0.0001% of the time) and required, well, someone to open the tube and shovel'em. Letting out lots of radioactivity in the process.

That, and pebble-bed reactors are the only ones using compressors (as opposed to liquid pumps) in the primary circuit. Compressors are mean beasts and are not unknown to surge and explode, plus the most efficient type (the axial) has its highest efficiency at the closest point to the stall line.

Or use a different type of reactor....

[blunttrauma]

Or use a different type of reactor that doesn't rely on electricity for cooling. See any of Kirk Sorensen's liquid-fluoride thorium reactor talks on YouTube. His talk at Ted is a good 10,000 overview and only 10 minutes long: http://www.youtube.com/watch?v=N2vzotsvvkw

Which lesson?

[fahrbot-bot]

I'm guessing the first?

1. Never get involved in a land war in Asia.
2. Never go against a Sicilian when death is on the line.

That's an important lesson, but...

[Omnifarious]

But I think the most important lesson is that neither the nuclear power industry nor the regulators of that industry can be trusted to be at all truthful about the scope and scale of problems. They both have strong incentives to minimize the perception of such. This, more than anything, is the biggest and most important lesson that has broad applicability to almost any regulated industry.

Probability in reliability engineering

[Beryllium+Sphere(tm)]

A few voices in reliability engineering and safety engineering (not the same thing!) have warned that if you start producing figures that show that you can go a million years or more without an accident, that doesn't mean your product is safe, it means you've overlooked something.

Not even an anvil can live up to some of the probability estimates people have come up with for deployed systems.

That said, there's still such a thing as intellectual dishonesty. Large scale blackouts in industrialized societies are a known phenomenon (1965 eastern US, etc.) and should have been taken into account even if Japan weren't prone to natural disasters. Rumor has it that there's a plaque in the hills above Fukushima that says in effect "Water has come up this high in the past, don't build anything you care about lower than this level".

Too many protective measures

[rtaylor]

Fukushima taught me that Japanese Nuclear reactors may be too protected.

19,300 people died as a result of the tsunami. Fukushima has had minimal impact by comparison (573 related deaths thus far).

Diverting all of the safety protections away from the reactors (guaranteeing full meltdown of all 4) to add to safety protections around shoreline towns, oil refineries, chemical factories, could have saved thousands of lives reducing the 19,300 total.

Re:Too many protective measures

[AmiMoJo]

That's fine if you only care about deaths. If you actually lived there and found your home was no longer habitable, your job was gone and you had to live in crappy rented accommodation where your children can't play outside... Well, you might take issue with it. If you are a farmer or fisherman who can't sell their produce due to contamination it may bother you. If you are a tax payer facing a bill of trillions of yen to deal with it you could be quite upset.

Even Japanese companies and citizens that are having to deal with power shortages may be troubled by the problems with nuclear power there. One of the big attractions of wind, geothermal and solar in Japan is that even if a tsunami completely destroyed some installations it wouldn't require them all to be shut down - the danger just isn't there. Even if some are damaged by an earthquake the majority will be fine, so instead of losing 500+MW from a single reactor going offline you lose a few tens of megawatts from a couple of downed turbines.

Wrongheaded....

[NoKaOi]

Modern reactors already do the things this guy is suggesting. This guy is decades late to the party. I'm sure there will be 100 comments saying this by the time I hit submit, but the real lesson should be to build new plants with modern reactors, so that once built the old ones can be decommissioned *after* the new ones are built. The kind of attitude this guy has (I'm sure his real motivation is just to get attention) obviously scares people into not wanting new nuke plants built.

On the other hand, he's not very specific in the TFA. Perhaps is real life he has suggested a specific way to retrofit existing reactors with backup generators? Or is he just regurgitating crap that we were reading the day after the tsunami?

And Business Breakthrough University? SERIOUSLY? WTF is that? It reminds me of all those high priced fat loss pills that were developed by places like the "fat loss institute." Apparently anyone can file a DBA with the word institute or university in it. Does anybody really regard this clown as Japan's top management guru? Or am I wrong and this guy is actually dean of an accredited university?

Re:The Black Swan

[Entropius]

That has nothing to do with probability theory. It turns out that you can predict how much wealth people have from one to the next very neatly. Failure comes in when you assume that the distribution is Gaussian. It's not; it's log-normal. The billionaire is no more an outlier in that distribution than a pauper.

One MIT Engineer to Another

I am an MIT trained nuclear engineer than specializes in Probabilistic Risk Assessment. The first thing we should note is the PRA has had many benefits for the nuclear industry. Once you calculate the risk, and understand the contributors, you understand how to make things safer.

http://mydocs.epri.com/docs/CorporateDocuments/SectorPages/Portfolio/Nuclear/Safety_and_Operational_Benefits_1016308.pdf

The thesis of this article has a few problems, though the conclusion isn't horribly off base. The first problem is that he believe probability theory was applied to ignore the risk of the tsunami. The opposite is true. In fact, probabilistic hazard assessment of the tsunami showed the site to be horribly under prepared in 2006 (10% chance of exceeding the design basis in 50 years or about 1 in 500 per year [which is high for nuclear reactors]). There were even more studies in later years before the tsunami hit. This was just plain bad management and shows what may happen when you ignore updated risk information.

http://enformable.com/2011/10/new-exposed-scandal-shows-tepco-calculations-in-2006-showed-probability-of-worst-case-tsunami-dramatically-increased-10-over-50-years-utility-took-no-countermeasures/

The main point though, that no matter how unlikely a single event is (in this case a tsunami), you ought to have some countermeasures, is not bad. That is why PRA is used in combination with deterministic defense-in-depth measures at well designed, operated, and managed nuclear reactors. Mobile emergency diesels should be available to all reactors and are in the United States. This is a feature that Fukushima did not have. At the end of the day though, ceoyoyo is right. Even with multiple methods of cooling a reactor, you can not eliminate the possibility of core melt and release of radionuclides to the public. You can only ensure the release is acceptably infrequent. This brings us full circle to the fact that using probability theory to focus on the high risk stuff is good and that Fukushima failed to do this.

That being said, even in the case of passively cooled reactors such as fast reactors, massive earthquakes (1 in 1,000,000 per year or less), could destroy the water tank or piping required for passive cooling to take place. I would argue that while one should not ignore earthquakes and other rare external events below a certain probability. The burden would be onerous to use events below 1 in 100,000 per year as a design basis. This is in line with previous regulatory safety goal and can be seen in use in debate over the transition break size rule. A plug for my journal article is below. If you are wondering which author I am, the hint is that I am not the NRC commissioner.

http://www.sciencedirect.com/science/article/pii/S0029549311008284

Re:What the hell?

[mlts]

Where the rubber meets the road is deaths per terawatt hours. Even with the disaster, nuclear remains well lower (0.04) than any of the other mainstream energy sources (coal's world average is 161, oil is 36).

With nuclear having 900 times fewer deaths than oil, this shows that something is being done right.

The problem is that with all the fear around nuclear reactors, no new, safe ones are built, so we are left with maintaining venerable designs designed barely after WWII with far fewer safety features.

The insanity of this shows when one compares this with other industries. It would be ridiculous to claim that aircraft are fundamentally unsafe and banning any new design to be made, only allowing biplanes from WWI to keep in the skies. Or saying how pathetic an automobile is while barring anything newer than a steam engine.

Found a perfect place for a nuclear reactor...

[slew]

Unforutnatly, it doesn't meet all of your criteria...

* only 8 light minutes from earth (closer than 1 light year)
* actually engages in nuclear reactions (although you didn't specify fusion vs fision)
* doesn't use current nuclear infrastructure (check!)
* produces lots of waste (e.g., low energy cosmic rays)
* is actually "nuclear" in the fusion sense (but not fission sense)
* uses techology that has billions of years of hardcore reliability testing (check!)
* generally doesn't offend anyone's delicate sensibility (other than basement dwellers and vampires)

For now, I'll keep this perfect place a secret, because as soon as people find out about it, people are gonna protest and want to have it shut it down...