Fukushima Nuclear Worker Accidentally Toggles Off Cooling Pumps

← Back to Stories (view on slashdot.org)

Fukushima Nuclear Worker Accidentally Toggles Off Cooling Pumps

Posted by samzenpus on Monday October 7, 2013 @06:10AM from the my-bad dept.

An anonymous reader writes "A Tepco employee carelessly pressed a button shutting off cooling pumps that serve the spent fuel pool in reactor #4 — thankfully a backup kicked in before any critical consequences resulted. The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools, filled nearly to capacity as they are with over 12,000 spent fuel rods? From the article: 'The latest incident is another reminder of the precarious state of the Fukushima plant, which has suffered a series of mishaps and accidents this year. Earlier this year, Tepco lost power to cool spent uranium fuel rods at the Fukushima Daiichi plant after a rat tripped an electrical wire.'"

22 of 190 comments (clear)

Evidently not that vulnerable by Anonymous Coward · 2013-10-07 06:13 · Score: 5, Insightful

since a backup system kicked in to prevent any critical consequences.
1. Re:Evidently not that vulnerable by Anonymous Coward · 2013-10-07 06:47 · Score: 5, Insightful
  
  I think the point is not that no disaster occurred, it is that a failure of the primary system happened for whatever reason. Remember that the backup generators failed during the tsunami. On a different day, this inadvertent power off might have been worse.
  Ideally you have no unexpected failures, and at least one redundant backup.
  The sad thing about all this is that at least one of the Fukushima reactors began to fail before the tsunami even hit the buildings (due to the original quake). Would a simple quake now bring the rest of the system to failure state? Japan is an earthquake haven.
2. Re:Evidently not that vulnerable by Anonymous Coward · 2013-10-07 07:15 · Score: 4, Insightful
  
  While I AM of the opinion that Fukushima remains a challenge and threat to entire humankind, these kinds of articles are not helpful. The backup system in this case is kind of irrelevant, but more so than that, now over 3 years since the reactor core was offloaded into the cooling pool, all calculations and evidence (from intentional, several days long cooling outages) points to that the pools could remain without cooling for weeks with no "critical consequences". Moreover, in such a case that something is amiss would be detected long before critical consequences allowing the situation to be rectified.
  General consensus is that even in case of sudden loss of water in the pool, 3 years old irradiated fuel bundles could easily be cooled by air convection from their own heat alone, although for somewhat obvious reasons that hasn't been tested out. In addition radiation would then make working on the site even harder than now. The critical failure mode for this particular setup is loss of coolant with air convection blocked (such as by rubble from the initial explosion, or the temporary cover they had installed in the early months) or structural failure of the building in case of another earthquake in particular, or simply from the prior damage and ground subsidence due to groundwater changes etc. Or prompt criticality incident due to unfavorable geometry of the nuclear material from damage or attempts to remove the fuel bundles.
  The occurrence of human error is, "human", but extremely worrisome in that they have zero margin of error once the removal of the fuel bundles from the pool starts in the coming months. Due to the sheer number of the bundles in the pool (1535 give or take), any chance of mistake would spell almost certain disaster. Even if they somehow press the chance of serious human error to 0,01 percent (one percent of one percent) per bundle the chance of everything running smoothly is 0,9999 to the power or 1535 or 85,8%, leaving a 14.2% chance of disaster for the whole operation. A worker allegedly failing in this basic task under less stressful circumstances isn't necessarily relevant, but it's tempting to consider it not boding well for the future prospects.
3. Re:Evidently not that vulnerable by IndustrialComplex · 2013-10-07 07:48 · Score: 3, Insightful
  
  I think the point is not that no disaster occurred, it is that a failure of the primary system happened for whatever reason. Remember that the backup generators failed during the tsunami. On a different day, this inadvertent power off might have been worse.
  Ideally you have no unexpected failures, and at least one redundant backup.
  I think the bigger point here is that even though someone pressed the wrong button, the system didn't go into a catastrophic failure mode. You can't expect that every failure possiblity be prevented, only that no single failure leads to a catastrophic failure.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
4. Re:Evidently not that vulnerable by ottothecow · 2013-10-07 08:05 · Score: 4, Interesting
  
  One thing worth noting though is that often these systems use ancient control schemes.
  Can't speak directly about the japanese systems since they have some more modern stuff, but in the US they are *old*. We haven't started building a new plant since 1974 or a new reactor since 1977 (though they did start some new reactors at existing plants earlier this year).
  The control rooms at these places are filled with tons of manual buttons and switches. Many of them look like this. I have no doubt that they are reliable and have failsafes, but a physical switch doesn't have a "are you sure" dialog or stop to ask for an admin password. Sure, switches might have those little covers you have to lift up to press a button, and the most important switches could be controlled with a key, but if somebody wants to push a button, it is getting pushed.
  We hear a lot about how much reactor design has come along in the 35 years it has been since we last built one (just think about how long ago that was)...but don't forget that along with efficiency and physical safety, there have been a LOT of improvements in monitoring and control (only a fraction of which have been able to be integrated into the old plants).
  
  --
  Bottles.
5. Re:Evidently not that vulnerable by girlintraining · 2013-10-07 13:24 · Score: 4, Interesting
  
  One thing worth noting though is that often these systems use ancient control schemes.
  The control systems were state of the art when it was built: In the early 80s. These reactors have a life expectancy of 50 years. They generally don't get a refit until halfway through that service life, when many of its non-structural components like pipes, tubing, turbines, and pumps, have degraded to the point that the ongoing maintenance cost exceeds the replacement cost.
  
  I have no doubt that they are reliable and have failsafes, but a physical switch doesn't have a "are you sure" dialog or stop to ask for an admin password.
  
  No, it has about a year's worth of training, and time in a simulator ensuring that every plant operator has a full and complete understanding of the machine they'll be working with. It also has multiple people checking each others' work. It also has ongoing training and random inspections by an independent government body, as well as regular inspections by management, to ensure operational safety and compliance with the protocols they were trained in.
  You're right that a switch doesn't have a dialog box that pops up when you push it... but these buttons aren't being pushed by Joe Average just following a three ring binder. There has been only a handful of cases in which this training failed, and it took numerous failures at all levels to allow it to happen; And the systems these events happened at were immediately pulled from active service or retrofitted so that it couldn't happen again.
  The nuclear industry's safety record is unmatched in the larger industry of energy production. Every year we tolerate a major oil spill. Every year we hear about gas stations experiencing catastrophic failure of safety systems leading to massive neighborhood-sized fireballs. We only hear about nuclear accidents about once every decade or so, and the majority of them result in a big mess and lots of costs for the plant operators, but do not endanger public safety or harm the environment.
  All that said... Fukishima has been mismanaged from day one, and a lot of the failure is down to Japanese culture; An inability to be transparent and admit when there's a problem. This retiscence to work the problem is what led to the disaster, and what has since amplified the failure enormously.
  The international community in the hours and days following the disaster repeatedly offered assistance, including the US Army Corp of Engineers, who were dispatched to an aircraft carrier who was sitting about 200 miles off the coast in international waters with a full team prepped and on standby, ready to assist in evacuation and containment efforts. These were some of the most highly trained people on the planet; They had each spent years training for it. They were a phone call and 30 minutes away by helicopter from being on the scene and ready to assist.
  The phone never rang.
  To this very day, the plant managers continue to underfund the cleanup and containment efforts. They continue to keep insufficient equipment and personnel onsite. They have no published plan on how they plan on cleaning up the affected area. Even the Russians, after Chernobyl, put their entire military into containment and isolation of the area... and while many people died, and they were not adequately trained, or equipped, they sent people in by the busload to try and stop it from getting worse. Now I'm not saying Japan should have done that... thrown away thousands of lives to a radiological inferno, like the Russians did... especially not when state of the art equipment and well-trained personnel were ready to assist and knew how to minimize the risk to life.
  But I am saying this disaster has been made needlessly worse, much worse, because the Japanese government, their culture, and the corporate culture within TEPCO, are functionally incompetent. And there's no equipment on the planet that can fix what is essentially a problem between the ears of TEPCO management and Japanese government leaders.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
Homer! by Anonymous Coward · 2013-10-07 06:13 · Score: 4, Funny

It was homer simpson who did it.
Wow ... by gstoddart · 2013-10-07 06:15 · Score: 4, Insightful

Am I imagining things, or does it sound like a nuclear plant is being operated by a company without the barest idea of how to do that?
Accidentally flipping off the cooling pumps in a nuclear plant sounds like something which shouldn't even be physically possible.

--
Lost at C:>. Found at C.
1. Re:Wow ... by TheResilientFarter · 2013-10-07 06:34 · Score: 3, Insightful
  
  This is my thinking, but it's the employees, thus management, that are the problem, not the equipment. I worked in the Naval Nuclear Power Program, where everything was essentially manual. One single operator could cause a meltdown, yet the U.S. Navy is one of the largest and one of the oldest operators of nuclear power plants (by hours critical) and has a spotless safety record. Keep in mind that the average age of the 'employees' is around 22 or 23, with a very low percentage of them over age 26.
2. Re:Wow ... by Somebody+Is+Using+My · 2013-10-07 06:54 · Score: 5, Informative
  
  the U.S. Navy is one of the largest and one of the oldest operators of nuclear power plants (by hours critical) and has a spotless safety record
  If you don't count there loss of the nuclear submarines USS Thresher and the USS Scorpion, the radioactive contamination of the USS Guardfish, or both the USS Puffer and the USS Proteus discharging radioactive water into the oceans.
  Not to mention I am sure there are a number of other incidents that haven't been declassified yet.
  I don't know how well the US Navy ranks amongst other operators of nuclear power plants, but "spotless" is not an accurate description. They may do very well comparatively and the overall harm may be minimal, but they have made their share of mistakes.
3. Re:Wow ... by bobbied · 2013-10-07 07:04 · Score: 5, Insightful
  
  Keep in mind too, that the Navy is not interested in making a profit. It's goal is to keep it's resources available (afloat, underway and mission capable) under the most difficult circumstances. They can afford to have many times the number of people operating a power plant and they utilize their people to keep their plants operating sans automation. The Navy is not interested in being efficient either. They routinely power cycle their plants and burn though more fuel than they other wise would. They also are not risk adverse. In time of war, they would have no problem pushing their reactors beyond the design limits if the mission demanded it.
  Electric power generation is about efficiency and safety. It's more efficient to automate and not pay operators, so they automate their plants, and operate within very narrow operating parameters. They are risk adverse and would rather scram a reactor and go off line than risk operating outside of their design limits.
  The navy does have an enviable safety record. But what you really are saying is that the safety of nuclear power is really something to be trumpeted. Except for some research accidents, the worst US event in history was Three Mile Island and that was pretty much nothing. When you put Japan into the mix, things get more interesting, but who can really complain about that? The earthquake was well beyond design limits and even then the damage, while significant, is going to be manageable. It's just going to take a few decades for things to radioactively cool.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
4. Re:Wow ... by NatasRevol · 2013-10-07 07:05 · Score: 3, Insightful
  
  Because they didn't know how to protect primary systems.
  
  --
  There are two types of people in the world: Those who crave closure
5. Re:Wow ... by TheResilientFarter · 2013-10-07 07:44 · Score: 4, Informative
  
  In training we covered the incidents of the Thresher and the Scorpion, and neither will discharge anything of genuine concern around them. Even immediately following the shutdown of the reactors and assuming reactor coolant pumps and natural circulation failures, the decay heat would easily be absorbed by the sea water that would have filled the reactor compartment, thus it can safely be assumed that the core remained intact. The other areas that contain high amounts of contamination are the primary shield water tank, the ion exchanger, and the charcoal filters. These systems are closed systems designed to operate at incredibly high pressures and are made of very corrosion resistant materials. Although eventually leaks will form from corrosion, but the leakage would be very slow as there is not significant difference in densities, temperatures, pressures, etc, to cause rapid loss, and the leaks themselves would be quite small.
  The other 'incidents' are more public embarrassment than actual environmental concerns. The 'radioactive' water that is discharged comes from the water that circulates through the reactor. Technically, there are radioactive contaminants that emit a small amount of gamma radiation. These contaminants are actually particles that will typically settle in the seabed, IIRC, and are typically borderline measurable in most plants as the water is continually circulated through an ion exchanger (resin bed) and an activated charcoal filter. However, the Navy is so anal it treats anything remotely contaminated as radioactive material. The 'father of Nuclear Power', Admiral Hyman Rickover, famously drank a glass of this water at a Congressional hearing to demonstrate how benign the water really is. I think it is also important to note that the Proteus is not a nuclear powered ship, but a sub tender.
  Prior to some year, I forget which (1970, maybe?), the Navy would discharge all kinds of crap at sea, which is actually quite typical of many industries and nations even today. However, the Navy stopped discharge of highly radioactive materials, such as ion exchanger resin, and has set a fleet-wide goal to only discharge so much total annually, I think it's something like 50 Ci, and while I was in would regularly come in under that number.
  'Radiation' can come from many other sources than nuclear power plants. I don't know if the limits have changed, but it used to be that coal plants would discharge far more radioactive materials than nuclear power plants, but this would never get mentioned anywhere except nuclear power propaganda. When we were going through our radiological controls training, we learned that porcelain dentures are among the highest sources that people are exposed to. One of the Navy's training facilities has a containment vessel built completely around a nuclear power plant, which is unusual, as containment usually only goes around the reactor compartment. This vessel was made of a material that contained a high amount of alpha radiation, and the subsequent painting with lead-based paint made the vessel itself a far higher in-practice contamination risk than the nuclear plant it contained! Keep in mind this is a product of the private contractor that build the vessel, not the Navy, and the vessel was quite old and built in a time when most people and organizations had less concern for such things.
Just another sign of TEPCO's incompetence... by Elledan · 2013-10-07 06:16 · Score: 4, Interesting

This isn't another example of how precarious the situation at the Fukushima Daiichi plant is, but one of how massive the incompetence of TEPCO is that they keep having 'incident' after 'incident'. Even long before Fukushima Daiichi TEPCO's safety record was beyond frightening.

That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.

--
Site & blog: http://www.mayaposch.com
1. Re:Just another sign of TEPCO's incompetence... by icebike · 2013-10-07 06:36 · Score: 3, Insightful
  
  That the Japanese government a) allows TEPCO to 'clean up' Fukushima and b) refuses any foreign help shows that the problem with Fukushima is and always has been a political one.
  If the Japanese government is anything like our government, (or most governments), suddenly tossing them into a critical situation in a plant they are not familiar with (which is already fundamentally compromised), is just BEGGING for a far worse Chinese fire-drill than is currently going on.
  If it is in fact a political problem as you suggest, then implying that the government should do anything differently is pointless, because governments are, by definition, political.
  
  --
  Sig Battery depleted. Reverting to safe mode.
Huh? by Antipater · 2013-10-07 06:17 · Score: 4, Insightful

'The latest incident is another reminder of the precarious state of the Fukushima plant...'
So something unexpected occurred, but automatic backups stepped in and prevented any negative consequences. While the plant may or may not be in a precarious state, this is hardly the example to be using for a FUD article. Hell, change the spin around and it could be used in a TEPCO press release showing how far they've come in stabilizing the situation.

--
Everything is better with chainsaws.
1. Re:Huh? by girlintraining · 2013-10-07 06:32 · Score: 3, Funny
  
  The question remains just how vulnerable to simple mistakes (such as a single button push) are these spent fuel pools,
  
  Did you also notice that this is pretty much how the Linux command line and programming is? One single button push can ruin your whole week. Yet, everyone here calls that a feature and blanches at Windows when it says "Are you sure you want to do this?"
  I bet the engineer who pushed the button was a slashdotter... "ARE YOU SURE YOU WANT TO CAUSE A MAJOR NUCLEAR EVENT? y/N? _" ... oh fuck you, NukeOS, I know what I'm doing!
  
  --
  #fuckbeta #iamslashdot #dicemustdie
2. Re:Huh? by AmiMoJo · 2013-10-07 07:03 · Score: 4, Insightful
  
  They failed to train the employees properly and allowed a critical function to be operated by someone who clearly didn't understand it. In this instance the backup saved them, but relying on backups is not a good policy. To put it another way, they can't ignore this incident and simply rely on the backups in future, they have to take steps to correct it.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Where's the problem? by Anonymous Coward · 2013-10-07 06:18 · Score: 4, Insightful

A human made a mistake which was caught and corrected by an engineered system. Seems like a non-story.
Sadly, we're all human. by Dzimas · 2013-10-07 06:38 · Score: 4, Interesting

We've instilled a belief in the general public that scientists and engineers can pull of miracles, and that we know more than them. Science in movies is often almost magical, and people expect our encyclopedic knowledge of esoteric technical systems to translate into quick and easy solutions to difficult problems. About a decade ago, I found myself giving a presentation to a group of nuclear scientists. It was a nerve-wracking experience for a young computer geek, and I presented the team with two alternatives for warehousing environmental data at their facility. There was a brief debate before the most senior member of the group spoke up and said, "You're the expert. What do you recommend?" It didn't matter that there were ten people in the room with PhDs and decades of experience; everyone naturally wants someone else to provide them with an easy path to the best answer. At that point, they were all primed to accept a recommendation from the young whippersnapper who could think quickly on his feet (and was armed with a laser pointer, I might add) I gave them the best recommendations I could, and many were eventually accepted. But deep down I realized that I could quite easily have led them astray at that point. I'm acutely aware that there must be dozens of people like me who have been working at Fukushima for over a year now; the so-called "experts" on the ground who are trying to make the best choices possible. Their job is unenviable because they're facing contamination on a huge scale and many decisions were made in haste in an attempt to limit the scope of the catastrophe. That will make everything harder for those involved in the containment and remediation in the coming decades.
Re: The Boss by jd2112 · 2013-10-07 06:42 · Score: 5, Funny

Didn't he write The Iliad?

--
Any insufficiently advanced magic is indistinguishable from technology.
Re:Weird by icebike · 2013-10-07 06:50 · Score: 4, Funny

That seems like the sort of function that should be designed with a multi-step process to execute, to eliminate precisely that kind of error. How in the world did that get implemented?
I suggest one more step in the process might be effective.
They need a slight reconfiguration of the Cooling Pump Switch. It would be relatively cheap, and pretty much idiot proof.

--
Sig Battery depleted. Reverting to safe mode.