Figure 1: The sequence of events at Fukushima (Tokyo Power Co. May 15, 2011)
In order to safely shut down nuclear reactors, the key control systems that must be operational are:
- The reactor cooling system
- The control rod operators
- The steam and hydrogen pressure controls
- The spent fuel rod pond water level controls
If these safety systems were properly designed and their operation was fully automated, the tsunami and earthquake would not have caused the accident in Japan. In this article the required level of automation is described which is required to minimize the risk of nuclear accidents in other nuclear plants, caused by hurricanes, tsunamis, earthquakes, terrorist airplanes or other forms of terrorism. Safety automation is equally important in other industries. For example, the recent methane explosions causing coal mine collapses, the BP oil spill, the NG pipeline explosion and the NG shale well accidents could all have been prevented by automation.
In case of all nuclear power plants the key safety requirement is to maintain the flow of cooling water to the reactors and to maintain the water level in the cooling ponds that store the spent fuel rods. This is because if uncovered, both the operating and the spent rods will melt and release high amounts of radioactivity. At the Fukushima plants, over 10,000 spent fuel rods are “temporarily” stored in these ponds, but because neither reprocessing nor final storage are available, they just stay in these ponds.
In case of the Fukushima plant (Figure 1), the primary source of energy to operate the cooling water pumps was electricity from the grid. Following the tsunami the following sequence of events followed:
- The primary source of electricity was lost because the grid was damaged by the earthquake.
- Backup power should have come from diesel generators, but they were at ground level and therefore stopped when they got flooded by the tsunami.
- The secondary sources of backup power were batteries. These batteries were undersized and quickly depleted.
- Tertiary backup was not provided and the design did not provide convenient means of introducing water by water cannons or dropping water from helicopters.
Figure 1: The Main Components of a Boiling Water Reactor (BWR)
Figure 1: The Main Components of a Boiling Water Reactor (BWR)
The loss of coolant resulted in a temperature rise resulting in the partial uncovering of some of the fuel rods both in the reactors and in the spent fuel storage ponds. The high temperature caused the generation of high pressure steam and cladding oxidation caused the dissociation of water into hydrogen and oxygen. The high pressure was not reduced be the suppression chambers (also called wet well), because there was no water in them. The suppression chamber or torus is a donut shaped vessel, which when containing water serves to depressurize the reactor by condensing the hot steam. In case of Unit 2 of the Fukushima Daiichi plant explosions also occurred in the suppression chamber. This sequence of events caused hydrogen explosions both within the primary containment torus (Figure 2) and also in the upper part of the reactor building.
No other means were available but to relieve the pressure by releasing the hydrogen and steam into the atmosphere and thereby also emitting radioactive material.
Figure 2: The BWR design, showing the dry and wet wells. The wet well is also called torus or suppression well.
Figure 2: The BWR design, showing the dry and wet wells. The wet well is also called torus or suppression well.
Listed below are specific design and control errors, which if corrected, could have prevented the Fukushima accident:
- As to automation errors, the lack reliable sensors were obvious. It is hard to believe that level sensors were not provided in the reactors, suppression chambers, storage ponds and therefore the operators did not know if fuel rods were uncovered and to what extent. It is also inconsistent with present automation practices that means were not provided for wireless remote monitoring of plant conditions.
- Another major error was the lack of automation. In future designs all safety shutdown systems should be fully automated and their triggering should not dependent on the judgment of hesitant or panicked operators. In order for this to happen, operators must have full confidence in the reliability of these systems. Therefore they must be well maintained and completely reliable, which requires multiple backup sensors.
- In order to make sure that cooling can not be lost, a “last resort” backup system should have been provided, which does not depend on the availability of any interruptible energy source (electricity, steam, etc.) and does not contain any moving parts. Such uninterruptible energy source is gravity. Therefore, cooling water tanks should be placed on top of the reactor buildings. These tanks should be sized to remove all the heat that is released during a normal reactor shut down. If faster heat removal is needed, the cooling rate can be increased by air pressurization of the water tanks and if increased cooling capacity is needed, the tanks can be so designed that they can be conveniently refilled by water cannons, fire engines or helicopters.
- Prior to activating the above described “last resort” backup system, first a diesel generators should be automatically started and if they fail, the system should be automatically switched to battery backup that is sized large enough to supply all electricity needed during the shut down.
- In case of pressure buildup, neither hydrogen, nor steam should be allowed to be released into the atmosphere. Therefore, fully enclosed external condensers should be provided outside the reactor building. If regular power is unavailable, the coolant for these external condensers should come from the gravity flow system on the roof.
As to the steps needed to increase safety, all nuclear power stations which are older than 30 years should be temporarily shut down and besides making the above listed changes, should have their poorly documented safety sensors, (presently often consisting of a hodgepodge of pneumatic, analog electronic and digital devices) converted into a state of the art uniformly designed system with full backup. Also, in the future, governments should not allow the nuclear industry to decide on matters of safety, but should establish and enforce uniform minimum standards for all plants.
The longer term moral of this accident is that the dependence on nuclear power, – which provides only about 7% of the global energy consumption (Table 1) – should be phased out over a couple of decades and a gradual conversion to inexhaustible energy sources, such as solar, geothermal, hydraulic, etc. should be started.
TABLE 1: Global Energy Balance
| ENERGY (ZJ*) | TOTAL | COAL | OIL | NAT. GAS | NUCLEAR(U235 ) | RENEWABLE |
| PROVED DEPOSITS | 40 -50 ZJ | 20 – 25 ZJ | 8 – 9 ZJ | 7 – 10 ZJ | 2 – 3 ZJ | UNLIMITED |
| PERCENT OF TOTAL DEPOSITS | 100% | ~ 55% | ~ 20% | ~ 19% | ~ 6% | UNLIMITED |
| YEARLY CONSUMPTION | 0.5 ZJ | 0.13 ZJ | 0.2 ZJ | 0.12 ZJ | 0.03 ZJ | 0.03 ZJ |
| PERCENT OF TOTAL CONSUMPTION | 100% | ~ 27% | ~ 37% | ~ 23% | ~ 7% | ~ 8% |
| RESERVE TO USE RATIO | 80 – 100 | 150 – 190 | 40 – 45 | 58 – 83 | 66 – 100 | UNLIMITED |
* ZJ = 1021 Joules = 0.95×1018 BTUs = 950 Quads (Q= 0.95×1018 BTUs) = 31.6 TW-yr
The Sun is a reliable nuclear reactor, located at a safe distance. The solar energy received on 5% of the Sahara (or the Mojave Desert) can provide all the energy to meet the global needs. This energy can be stored and distributed in the form of liquid hydrogen (just like LNG) without spreading radioactivity or causing global warming. This conversion, – in addition to eliminating energy wars – would (as did the “Marshall Plan”) immediately create jobs and prosperity and once the infrastructure is completed, would result in a stable and inexhaustible energy economy for all generations to come.
Béla Lipták, PE
President
Lipták Associates PC
84 Old N. Stamford Rd.
Stamford, CT, 06905
T: 203-357-761
F: 203-325-3922
E: liptakbela@aol.com
http://belaliptakpe.com/
The writer is an ISA (International Society of Automation) fellow, recipient of ISA’s Lifetime Achievement Award and editor of the Instrument Engineers’ Handbook.
