Nuclear Safety After Chernobyl

Apr 25, 1986 - ... reactor in the Soviet. Union; in1985, it had a load factor of ... worst nuclear accident in history? That ... is unique to the Sovi...
0 downloads 0 Views 2MB Size
Nuclear safety after Chernobyl -

For thejiture, the only certainty is that accidents will continue to occur By Christopher Flavin On April 25, 1986, the Chernobyl 4 nuclear reactor was one of the world‘s finest. It had the best operating record of any power reactor in the Soviet Union; in 1985, it had a load factor of 83% of capacity. On April 26, it exploded, hurling the contents of its radioactive core thousands of kilometers across Europe. How could a reactor that had such excellent performance indicators have been involved in the worst nuclear accident in history? That is a fundamental question not only for Soviet nuclear authorities but for policy makers and nuclear plant managers everywhere. The accident at Chernobyl, like the one at Three Mile Island, has cast a spotlight on unresolved safety problems. Western nuclear authorities were quick to point to differences in Soviet technology; their argument, essentially, was “it can’t happen here.” The RBMK design used at Chernobyl, they noted, is unique to the Soviet Union. But they failed to note that both designs have weaknesses and the same capacity for catastrophic accidents-“ours” as well as “theirs.” Chernobyl could not h a p pen here; other accidents could, and unfortunately, probably will. Both the Three Mile Island and Chernobyl accidents can be traced to human mistakes and, more specifically, to the “man-machine interface” at the center of complex technology. The President’s Commission on the Accident at Three Mile Island stated in its 1979 report:

Equipment can and should be improved to oddfurther safety to nuclear power plants. But as the evidence accumuhted, it become clear that the fundamental problems are people-related problems and not equipment problems. .. . To prevent nuclear accidents as serious as Three Mile Island, fundamental changes will be necessary in the organization. procedures, and practices-and above all-in the anirudes of the Nuclear Regulatory Commission and of the nuclear industry. 624 Environ. Sci. Technol.. Vol. 21. No. 7. 1987

Clirisropher Flavin

The conclusions of the official Soviet report on Chernobyl were similar:

n e prime cause of the accident was an extremely improbable combination of violations of instructions in operating rules commined by the staff of the unit. . . . The accident assumed catastrophic proportions . . . because all the negative aspects of the reactor design . . . were brought out by the operators. The fact that operators helped cause both accidents means that plant control systems and operator-training programs need to be upgraded. It does not mean, however, that human operators should be replaced with robots. Computer systems can malfunction o r be misprogrammed, and some aspects of plant operation require human judgment. Complacency and arrogance helped sow the seeds of disaster in the Ukraine. Statements by Soviet officials and the actions of the Chernobyl operators indicate an utter confidence in their technology. When Pennsylvania Gov. Richard Thornburgh toured nuclear facilities in the Soviet Union in 1979, he was informed that nuclear safety was a solved problem and that it would soon be possible to operate a reactor safely in Red Square. Three Mile Island, he was told, had little relevance to the Soviet nuclear program. Ironically, overconfidence and the excellent performance of the Chernobyl plant may have encouraged the operators’ blatant violations of safety procedures.

A trademark of the RBMK is its positive void coefficient. In an accident, if the water coolant changes to steam, the fission reaction speeds up, making it possible for the reactor to run out of control, a characteristic that is not permitted under nuclear regulations in force in most Western countries. Since Chernobyl, Soviet officials have pledged to change the reactor design to remove the positive void coefficient and to upgrade control systems, just as Western nations stepped up safety precautions after Three Mile Island. Most Western reactors have a secondary, concrete containment structure to ensure that in an accident radioactive materials will not be dispersed. Although the Chernobyl plant lacked full secondary containment, it was surrounded by a thick-walled containment building, and there was a “suppression pool” beneath it. This less complete system is similar to those used at boiling-water reactors in the United States. Nevertheless, no one knows whether any containment system could have survived the Chernobyl explosion. The light-water reactors most common in the West have a number of weaknesses, including a power density far higher than that of the Soviet RBMK model. This presents inherent dangers. Even after shutdown, the core of a large reactor emits as much heat as does a large steel-melting furnace, and it must be cooled actively. Nuclear engineers have identified scenarios in which a light-water reactor could go quickly and dangerously out of control, leading to the destruction of multiple safety systems and the containment StNCNre. For example, explosive destruction of a reactor core could turn the pressure vessel into a mass of projectiles that would destroy the secondary containment housing. Chernobyl demonstrated that once operators lose control of a reactor, the results can be sudden, unexpected, and destructive. If the primary coolant system in a light-water plant were to fracture, the water would boil into steam with the potentially disastrous result of a meltdown, in which the overheated radioac-

0013-936X/87/0921-006: 24$01.5010

@

1987 American Chemical Society

FIGURE 1

Worldwide nuclear reactor operations, 1960-2000

tive core could melt through the bottom of the containment structure. To prevent such an accident, engineers have spent decades designing special safety systems. These include backup power units, redundant electrical wiring and piping for essential systems, an emergency core-cooling system, and, if all else fails, a steel vessel and secondary concrete containment structure surrounding the reactor. The result is a system whose complexity probably surpasses that of any other technology. But that complexity can yield unpleasant surprises. Some unforeseen chain of events could render the advanced safety systems as futile as France’s Maginot line, which was built to protect that country from invasion by Germany in World War 1. Before the Chernobyl accident, safety engineers had not considered catastrophic steam explosions a major risk, and prior to Three Mile Island, which almost resulted in a h y d r e gen explosion, the potential for hydrogen buildup in a damaged reactor had not seriously worried the industry. Despite post-Three Mile Island improvements, U.S. nuclear plants are still plagued by problems. There were nearly 3000 plant mishaps and 764 emergency shutdowns in 1985, up 28% from 1984. The average nuclear plant was shut down six times in 1985, and the industry as a whole averaged two shutdowns per day. More than just a sign of trouble, emergency shutdowns are sudden, violent occurrences that place stress on many parts of a nuclear plant and can impair safety. Although most shutdowns last year were caused by minor problems, at least 18 were serious accidents that could have led to core damage. One of nuclear power’s fundamental problems is that even the most trivial incident could one day lead to catastrophe, given the enormous complexity of nuclear power systems. Significant nuclear incidents have been set off by hungry field mice, workers’ loose shirttails, and improperly used candles. There are other problems on the safety horizon. The world now has a growing number of aging nuclear plants, many of which are beginning to show signs of deterioration. By 1990 there will be 35 plants that are at least 25 years old, by 1995 there will be 66, and in 2000 there will be 150. The nuclear industry has little experience with aging nuclear plants, but many have already developed unanticipated problems. Among the most serious are corrosion of steam generators and embrittlement of steel pressure vessels due to neutron bombardment. Both problems are widespread in some types of plants, involve critical components, and are difficult to remedy. The prob-

10

--z Y)

ez3,

/ 8 #

8

8-

8

#

8

8 8

6-

2

z

Chernobyl accident

4-

1970

1980

lems of aging plants were highlighted in late 1986 when the 13-year-old nuclear plant in Surrey, Va., suffered a “guillotine break” in a hot water pipe. Four workers were killed by steam burns, and the plant was closed until March 1987 so that the plumbing system could be thoroughly inspected. Inspectors found extensive corrosion of pipes in unexpected areas, indicating once again that nuclear plants are aging in unexplained and dangerous ways. To assess safety problems critically, engineers have developed a modeling tool known as probabilistic risk assessment. Analysts study accident scenarios and failure probabilities of critical components, estimate safety margins, and develop overall estimates of risk. Government-sponsored assessments in the United States and West Germany state that core-damaging accidents should occur once every 10,000 years of reactor operation; a post-Three Mile Island study by Oak Ridge National Laboratory in 1982 raised the risk rate to once in 4000 reactor years. Even if the more optimistic figure were correct, with 500 nuclear plants in operation, there would be one core-damaging accident every 20 years. So far, nuclear power is more accident-prone than predicted even by the more pessimistic Oak Ridge study. The Three Mile Island accident occurred after 1500 years of worldwide reactor o p eration; the accident at Chernobyl occurred after another 1900 years (Figure 1). Core-damaging accidents are now occurring at more than double the rate predicted by government studies. With the size of the nuclear industry continuing to grow rapidly, the chances and likelihood of a serious accident are increasing as well. If this accident rate were to continue, there would be three additional accidents by 2000. At that point, with 500 reactors in operation, a coredamaging accident would occur every four years. Scientists in Sweden and West Germany have used these

projection lor

*,

1985-2000

#

I

1960

Dashed line

___indicates

8 8

1990

m

data to estimate a 70% probability that another such accident will occur within the next 5.4 years. Scientists are even more uncertain as to how many of these accidents could have modest health and environmental effects, like Three Mile Island, and how many are likely to be catastrophic, like Chernobyl. Another measure of risk is the availability of private insurance. The U.S. insurance industry’s assessment is relatively simple: Nuclear accidents are uninsurable at any price. Most home owner, automobile, and even contact lens insurance policies exclude liability in the event of a nuclear power plant accident. The federal government has intervened by means of the Price Anderson Act, which limits the liability of nuclear plant operators to $655 million, which is less than I % of the estimated cost of a worst-case nuclear accident. Harnessing nuclear energy has created opportunities for a new kind of disaster. As with unpredictable natural catastrophes, there is no way to know exactly where o r when the next nuclear accident will occur, only that it almost certainly will. Whatever the fate of nuclear power, more must be done to reduce the frequency of accidents, and there must be greater preparation for the consequences of the inevitable failures. One danger is that, like generals who prepare for a past war, the world’s nuclear planners may be planning for the most recent meltdown. Three Mile Island and Chernobyl provide important lessons, but future accidents are unlikely to replicate either. Nuclear safety issues must be addressed broadly, and important reforms must be introduced soon.

Christopher Flavin is a Senior Researcher at Worldwarch Institute in Washington. D.C. He is the author of Reassessing Nu-

clear Power: The Fallout from Chernobyl anda cwurhor of State of the World 1987. Enviton. Sei. Technol.. Vol. 21, NO.7, 1987 625