What 1975 knew about Fukushima Daiichi

As you can probably tell by now, the blogging hiatus was spend (among other things) researching the safety of nuclear power and the  Fukushima Daiichi accident in particular.

The Fukushima nuclear power plants, both operated by TEPCO, had 10 nuclear reactors at the time of the Tohoku earthquake. The designs of the power plants were derived (that is: copied) from General Electric boiling water reactors. The three types used are BWR-3, BWR-4 and BWR-5.

The most modern type, BWR-5, was introduced in 1968, the year when Apollo-10 flew around the moon in a rehearsal for the landing by Apollo-11. It is also the most powerful of the three types (about 1GWe (3GWt) – where “e” is for electric power and “t” is for thermal). BWR-5 reactors were only offered in the improved Mark II containment.

The BWR-3 (440MWe) and BWR-4 (740MWe) reactors were offered in the original “Mark I” containment. Its design was finished in 1962, the year when John Glen became the first American to complete an orbit around the earth.

It will not surprise any of my readers that 1960ies technology is not what we called state of the art in 2011. Yet, General Electric boiling water reactors of this kind were among the more popular in Western Europe, the USA and obviously Japan. The reason is that they are inherently simpler in construction than pressure water reactors, the containment was small and thus cheap.

The problem was not that it was cheap, but that it was small. Too small. By 1975 the WASH-1400 report stated clearly and beyond all doubt, that the Mark I and Mark II containments would fail due to overpressure in the case of a core meltdown. This would result in a major release of radioactive isotopes with low boiling temperatures – noble gasses, Iodine and Caesium within a relatively short time.

This is in contrast to the pressure water reactors that had been or were being build by 1975. They shared large containments and containment sprays, resulting in much more benign behaviour in the case of a meltdown.

The WASH-1400 report also clearly states that tsunamis are a potential danger to nuclear power plants and must be protected against. However, since the USA has no nuclear power plants along a tsunami prone coast, this was not part of the safety assessment in this report.

Let’s backtrack and explain the technical aspects of that.

In water moderated reactors the power density is high enough that the fuelrods will melt even after a shutdown, if all cooling water is withdrawn. More accurately, the fuelrods consist of pipes of zirconium alloys with the actual fuel inside of the rods, which is a ceramic Uranium compound (Uraniumoxide) with a much higher melting point.

Since water will not stay liquid at temperatures above 374 degrees, even at arbitrarily high pressures. This is a major concern. Such temperatures are too low to allow the heat generated from decaying radioisotopes in the fuel rods to be removed effectively in the reactors used in commercial power plants. In physics, temperatures can be defined as the ability to transfer energy from one body to another. The higher the difference in temperatures, the easier it is to conduct heat. This is why it is so hard to heat stuff to very high temperatures – at some point it will transfer as much heat away from it into the environment as is put into it. To achieve higher temperatures, more heat per second must be put into the thing to be heated up (upon which, even more heat per second will be lost).

Water is very effective in conducting heat from fuel rods – water steam is not. When water has evaporated, fuel rods quickly heat up. Worse, the material of the fuel rods starts to react exothermically with the water steam at about 700 degree, creating hydrogen in the process and heating up the fuel rods even more. This is a basic chemical process that was long known to occur and be very relevant for reactor safety. The WASH-740 report described it already in 1957 and this is merely the oldest report I could find.

In normal operation after shutdown, hot cooling water from the reactor vessel is cooled down outside of the reactor building and pumped back into the reactor vessel in a closed circuit. Things become complicated when either the pumps cannot be operated or there is no way to cool the water down outside the reactor building.

When the tsunami hit the Fukushima nuclear power plants, both problems occurred. This is in contrast to the Onagawa and Tokai power stations, that were sufficiently prepared for a tsunami – although Tokai was in the process of preparing for a large tsunami since the end of 2010 and fortunately progress had been sufficient to prevent those problems from occurring.

Fukushima Daini retained power supply from the grid throughout the earthquake, but Fukushima Daiichi lost grid connection due to power lines being cut by the effects of the earthquake. Both were flooded by the tsunami. Cooling water inlets, pumps and the basements of the power stations in general were flooded by the tsunami. This caused different problems.

While power was available in Fukushima Daini, the pumps to cool down the water from the reactor were destroyed. It took several days to replace them. In the meantime, water had to be pumped from large tanks within the Mark II containments of the four reactors into the reactor vessels. The steam from the boiling water of the reactor was piped back into the those water tanks, where it was condensed.

Without this, the pressure inside the reactor would rise to the point where safety valves open and release steam into the containment. Containment pressure would rise quickly due to the water steam. Condensing water, however, also heats up the water in the reservoirs. At some point, the water will start to boil itself and lose the ability to condense any more steam. Then, pressure in the containment starts to rise.

Unless there is a way to get heat out of the containment, the pressure will rise inexorably until it fails and steam flows out of the containment.This, in and of itself, in not a disaster. Steam from a reactor after shutdown is barely radioactive, provided that the reactor is fully intact. Problems in Fukushima Daini were solved before this point was reached – although it was much too close for comfort. The water could be cooled again, pressure and temperatures inside the containments and reactors fell.

This was not the case in Fukushima Daiichi.

Not only did Fukushima Daiichi lose all power supply from the grid, it also lost 12 out of 13 emergency generators and all switch yards of 5 out of 6 reactors were destroyed. The surviving equipment was in reactor #6 – the only BWR-5 reactor, housed in the 1968 Mark II containment on the site.

This is not luck. The Mark II containment has a redundant area that is closed off from the rest of the power plant and contains all equipment necessary to safely run the power plant. Including its own diesel powered emergency generator installed above grade by design, saving it from flooding. This is unlike its two counterparts in the basement of the reactor #6 building … and all other emergency generators similarly installed in the basements of reactor buildings #1 through #5.

Unfortunately, while powerlines existed between reactor #5 and #6, there were none from reactor #6 to the other four leaving them without power supply, literally in the dark.

None of this was necessary, but resulted from complete neglect of safety standards both by TEPCO (the plant operator) and NISA (the regulating agency for nuclear reactors and industry). Fukushima Daiichi complied with the updated safety regulation of 2002 to the letter, but went no further. Each reactor had at least two emergency generators. Before the update, two reactors were allowed to have one emergency generator each and share a third one. NISA released an official statement that a complete power blackout is an unlikely event and operators of nuclear power plant do not need to train their staff to handle it.

Compare this with regulation in Germany, which prescribes that each reactor must have two working emergency generators at any time – even when one generator is in maintenance and another is assumed to break down just when it is needed most. This requires at least 4 generators for each reactor. But even then this must still hold in all predicted emergency scenarios that are assumed to happen at least once in 10,000 years. Common cause failures – such as all generators being flooded in the basement – must also be ruled out, requiring that those generators must be of different designs. This results in some reactors having six or more generators each. Additionally, at least two redundant connections to the public electricity grid are required.

When 2 out of 4 emergency generators failed due to a common cause in the Swedish powerplant in Forsmark in 2002, this prompted a Europe-wide scandal and investigations in all nuclear power plants. When a French nuclear power plant had a close call during a flood of the adjacent river in 1999, a similar response – including upgrades of safety measures – occurred. As already mentioned, even in Japan itself the operators of Tokai and Onagawa power plants went beyond regulations and installed effective measures that prevented the tsunami from doing major damage.

Those measures alone would have prevented the accident outright.

As it was, however, there was a total blackout in Fukushima Daiichi. Cooling failed at some point in all three reactors operating during the earthquake and all suffered meltdowns with the consequences predicted in the WASH-1400 report back in 1975.

Pressure inside the containments rose. The increasing inability to condense water from the reactor in the water tanks (“condensation chambers”) below the reactor buildings, as the water heated up and eventually started to boil, caused steam to be vented into the containment building. Until this happened, steam-driven turbines managed to refill reactors #2 and #3 with water. But those can only operate so long as there is water to condense steam and create a pressure differential.

Reactor #1, due to its lower power, had a different emergency system that failed to operate properly. Steam from the reactor is driven through two heat exchangers on the roof of the reactor building, where the steam is condensed to water and returned to the reactor. The heat exchangers themselves are immersed in enough water for 8 hours of operation. This was deemed sufficient by regulators and designers of the plant. In order to operate, valves need to be brought into the correct position, which requires power to be applied. When the tsunami struck, one valve was closed because the system was working too well in conjunction with the regular cooling (before the power outage). Without power supply, valves failed to close properly, rendering the system ineffective within 4 hours, causing the fuel in the reactor to melt down.

Meltdown of the fuel further increased the pressure due to the formation of hydrogen. Hydrogen was no significant problem within the containment, because it is filled with pure nitrogen in operation. This is different outside. When pressure in the containment is rising too high, it will eventually leak uncontrolled.

By this point, however, the inside of the containment is filled with volatile radioactive isotopes from the molten fuel. Given enough time, the caesium will settle on the walls inside  the containment in the same way it settles on the ground in the environment as contamination. But since the containment in question is too small and pressure is rising too high too quickly, this doesn’t happen to any significant extent.

Larger containments – such as in Three Mile Island – provide enough volume for the hydrogen to expand without increasing pressure too much. More time is available for Caesium to settle. Furthermore, large containments can employ containment sprays. This is water sprayed into the containment. On its way to the ground, it is washing out aerosols – especially caesium, but also iodine to some extent, as it is water soluble – keeping them inside the containment. This was the reason why Three Mile island caused no notable contamination of the surrounding area.

The lack of those possibilities is the reason why the BWR containments were known to be unsafe 36 years before the accident at Fukushima Daiichi – and PWR containments were judged relatively safe in case of a meltdown 4 years before Three Mile Island.

In order to vent the containments of the old BWRs, unfiltered hardened vents were installed.  Due to lack of power, those could not be operated and were inaccessible for manual control. As a power outage had not been considered a plausible scenario, this flaw went unnoticed in 40 years of operation. Even if they had worked, they would have been unable to contain any radioactive elements vented through them – but at least they would have brought the hydrogen out of the buildings, preventing any explosion outright.

In reactor #1 steam was released uncontrolled – which resulted in a hydrogen deflagration in the upper part of the reactor building outside of the containment. This blew off the roof.

To prevent this, an improvised method of controlled venting was attempted. There is a ventilation system installed that is normally used for the ventilation of the containment during maintenance and refuelling, it is even filtered. It is also used for the ventilation of the rest of the reactor building – but it was not made for the release of large quantities of steam at high pressure. When the valve was opened in reactor-building #3, steam rushed out of the containment. Only a part of it went through the completely overwhelmed filters, into the exhaust stack. Those filters became one of the most radioactive spots on the site after the accident. This proves the principle, of filtered venting, keeping the radioactivity back at the plant. But it requires filters of sufficient size to deal with the task.

As it was, a large amount of the steam-hydrogen mixture – along with the radioactive contaminants – was pushed through the whole ventilation system. This not only meant reactor building #3 but also reactor building #4, with which it shared the ventilation system. In both buildings, the mixture of air and hydrogen proofed to be explosive, when it ignited within the closed-off spaces of the buildings – allowing for higher pressures and a much more destructive result.

The possibility of hydrogen explosions in Mark I containments was known long before the accident of Fukushima Daiichi. Countermeasures in the form of catalytic converters that can burn hydrogen without igniting it, were implemented 18 years earlier in all German nuclear power stations in 1993. Japan passed a similar law … in 2012.

Filtered venting has also been developed and implemented, wherever regulations required this to be done. This was not in Japan. And even outside of Japan, the flaws of the already build and licenced nuclear power plants were not taken seriously – least of all by the nuclear industry itself.

That is not to say they were not taken seriously at all. The Mark III containment addressed the flaws of its predecessors in 1972. By using a large containment, including containment sprays, BWRs can be just as safe in an accident as PWRs without further amendments. The existing power plants, however, were declared to be safe enough.

After the Three Mile Island accident, Sweden was first to demand filtered containment vents to be implemented in 1980. This is obviously too late, as such measures should have been implemented right after it was clear that small containments were insufficient. But it took another 8 years and the Chernobyl accident to finally convince Germany, France and several other countries of their necessity. In May 1988 a conference was held in Paris on filtered containment vents, where the three countries mentioned presented their filtering systems – legally required to be capable of filtering out 99.99% of Caesium and 99% of Iodine from the steam vented through it, in the case of Germany.

The USA sent no representatives, Japan’s delegation said afterwards, that Japan had “no position on filtered containment vents”. Neither Japan nor the USA have laws requiring them – even today.

[I’m calling it a day here – it’s well past midnight. More sources will be added later. If there are any specific requests, please leave them in the comments.]

3 thoughts on “What 1975 knew about Fukushima Daiichi

  1. Even the Generation II reactors have enough safety features that it requires unusual circumstances to melt the core or breach containment. This also means that new safety features can’t be dismissed with “that’s not a very likely scenario.” NONE of the dangerous scenarios are going to be very likely, but once identified they should still be protected against.

    There are incentives for individual reactor owners to forego safety upgrades unless regulators force them to. The gap between individual and global incentives are even worse than usual for collective action problems: one nuclear accident impacts public perception globally, even if local designs and safety practices are better than the equipment that failed. The American and European nuclear regulators required more safety features and upgrades but their nuclear industries suffered just the same from the publicity over Soviet and later Japanese accidents.

    Some nuclear advocates think that the solution is to go on the offensive: coal power is far worse! Everyone who worries about nuclear safety yet drives an automobile should just be mocked for their stupidity and innumeracy! Despite the factual basis I think that’s an insane approach, completely blind to the realities of democratic politics and historical path dependency. Complain all you like that nuclear is held to unfair standards, but you can’t whine a nuclear renaissance into being.

    I think a better approach would be for industry groups originating in regions with high safety standards to lobby for equivalent standards abroad. If there’s a nuclear accident in Bulgaria or China, Areva will suffer for it, no matter how little their own technology or home region had to do with it.

    • Matt,

      the point of writing this piece was to show just that. (That and to have some explanation to point to, when it is needed.) Unfortunately, it seems that this is not yet a widely held opinion.

      When I hear Indian officials say that their reactors are so safe you could put them in the middle of a city, I cringe. I cringe because we’ve been there and done that and it didn’t do anybody any good. Safety is all about worrying about possible failure modes and removing or alleviating them when they crop up.

      There is a historical similarity to this in Germany.

      In the early industrialization the boilers of steam engines had a disconcerting tendency to rupture and scald or kill everyone in the vicinity. The reason was actually quite simple, the higher the pressure in the boiler, the more powerful and efficient the engine. There was an incentive for every individual owner of a steam engine to block safety valves and drive pressure as high as possible.

      Of course, this didn’t help in any way to improve the popularity of factory owners and eventually, from 1866 onwards, subjected themselves to the scrutiny of a body of their own making – the “Dampfkesselprüfgesellschaft” (boiler checking association). Today they are known as the TÜV and check just about anything that is remotely dangerous and are best known for mandatory car check-up.

      I don’t see any similar development in the nuclear industry, although it is absolutely needed. In fact, the huge differences in the approaches to nuclear safety even between rich and developed nation are not so much as being discussed. (And I wouldn’t give the USA or Germany a perfectly clean bill of health either.)

      • I agree with you. I also get nervous when I see nuclear advocates longingly observing the fast pace and low cost of Chinese reactor construction. They pick pretty safe designs but I don’t know how good the implementation of those designs is, or what their operational/safety culture is like for active reactors. I’m a little skeptical that the speed and cost savings relative to the West are purely from lower local labor costs or more efficient government. Other large-scale projects in China have later suffered failures that revealed foolish corner-cutting. And it’s not as if citizen activists or news outlets in China are free to act as watchdogs on their nuclear projects.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s