Thoughts on the eternal headache that is nuclear power – Part 2 of 6: Safety and Surprises

Safety, from a technical perspective:
Safety, from an engineering perspective, is always about trade-offs. You can make a perfectly safe car, but it’ll be so expensive that no-one will buy it. So we have cars that are fairly safe, as well as fairly affordable, fairly comfortable, and fairly reliable, and globally kill over a million people per year. Still, the thing about cars is, the driver benefit from driving around in them, and the risk of dying in an accident falls (mostly) upon them.

For a car, we can accept that there are going to be accidents, we design to keep drivers and passengers as safe as we can in those accidents, but at some point, if the accident is harsh enough, then we accept that a crash will be unsurvivable, and up to four people will die in what’s left of that car. That sucks, but at an overall society level, we accept that this known risk is justified is bearable.

For nuclear power, there’s enough radioactivity inside a nuclear power station to kill an astoundingly huge number of people. So we’re not talking about four people. We’re talking about an unbearable number. That fact alone dominates the trade-offs about safety design. There are possible accidents that simply must never happen. Anyone designing a nuclear power station must be able to say “here are all the bad things that could possibly happen in this design and here are how we will stop them from happening”. Something as dangerous as a nuclear power station must never do anything surprising. Sadly, nuclear plants keep surprising us.

The long history of nasty nuclear surprises:
There are well over five hundred million cars in the world. We must have crashed getting on for a million cars in potentially fatal accidents. This is a huge pile of experience to learn from.

There are less than five hundred nuclear power stations in the world. We’ve crashed three of them. This is not a lot of experience to learn from.

We know how cars crash. We know what cars are made out of – steel. It’s crushingly boring stuff, we’ve had hundreds of years of experience making things out of steel, it’s entirely well understood, we can design a car, crash it on a computer before it’s ever been built, and predict how survivable a crash is down to a tiny error.

Nuclear power plants are not well understood. They operate under weird conditions of high radiation, high temperatures, high pressures, and strange mixtures of materials. They have a history of producing surprises, expensive and dangerous surprises.

One example – what happens when you turn the power knob down:
Here’s a really basic surprise – what happens when you turn a nuclear power station down? You’d think that turning the power knob down would turn the power down, right? Wrong. The basic feature that makes them safe is called the power co-efficient of reactivity – basically what happens when you take your foot off the go pedal. For a car, you take your foot off the accelerator, it slows down – a negative co-efficient. In the Chernobyl accident, the reactor happened to have a positive co-efficient at low power levels, resulting in the reactor power increasing from 5% of design level to kaboom in a few seconds. Positive co-efficients are bad and should be designed out. So, Canada produces radioactive isotopes for medical uses, the reactors they use for this are ancient. The replacement MAPLE reactors were designed to be utterly safe, to the point of boring tedium, which is what you want in a nuclear reactor. Hence they were designed to be negative, but when built they turned out to be positive. That’s a pretty massive fuckup on a fundamental safety feature in a modern design. They were canceled at a cost of about US$300 million. Whoops.

Another example – breakaway corrosion in Magnox reactors:
Even when we’re using normal materials, the weird conditions catch us out. We all know that steel rusts, it oxidises due to oxygen in the air. So when the Brits were building the Magnox reactors in the 1950s, they wanted to make them maintenance free and affordable. And hey, they used carbon dioxide as the cooling gas, no oxygen around, so they could use mild steel, not stainless steel, and it wouldn’t rust. Sweet! Yeah, unfortunately, they discovered an entirely new form of corrosion called breakaway corrosion, which is just as bad as it sounds. They discovered this after building and running the Magnox reactors for several years and, being English, they were rather put off their tea. The steel components were deep inside the reactor cores and, because the reactor had been designed to be maintenance-free, they hadn’t designed in a way to replace the parts that were rusting. You couldn’t take the whole thing apart coz it had been running for several years and was thus horribly radioactive. Hell, it was a bugger even getting inside the reactor core to have at look at just how rusty the parts were. In the end, the only real solution was to turn the reactors down so they ran less hot, rusted less rapidly, and produced less power, making them even less economically viable. Whoops.

So nuclear power stations keep on surprising engineers. We can’t test them to destruction, coz each one costs silly money and contains enough radioactivity to render large areas uninhabitable. We’re taking a massive punt each time we try a new design and, if we’re lucky, then every surprise will just cost huge amounts of money. If we’re unlucky, then that’s another part of the planet rendered uninhabitable for decades.

The point of these examples is not that engineering is hard. Engineering is always hard. You make something new, it sucks, you learn, you do it better next time. Engineering proceeds by making mistakes. However, the reality of nuclear safety is that mistakes are incredibly costly, so learning is slow. More on that tomorrow.

11 thoughts on “Thoughts on the eternal headache that is nuclear power – Part 2 of 6: Safety and Surprises”

  1. There are possible accidents that simply must never happen

    So how did the Japanese not see a tsunami coming at their reactors?

    Or is that like the pressurised hydrogen tanks on the control room roof in Oregon – too bleeding obvious…

    1. Well, the industry uses the maximum credible accident as a guide to what safety standards are needed. What a credible accident is depends entirely upon your imagination: come on, suicide terrorists crashing a fully-loaded 747 into a tower block? That sounds like a bad Michael Bay film. Or a once-in-a-thousand year earthquake just offshore that produces 14 metre high waves? 99.7% not going to happen in the thirty-year lifetime of the power plant.

      Designing to cope with such extreme conditions gets very expensive, very fast, so if you want to design a profitable nuclear power station, you want to give that part of the risk assessment to an engineer with very limited imagination.

      Of course, there’s the industry’s view of the maximum credible accident, and then there’s reality. So far, reality seems to be winning.

      1. There were some folk in Japan who thought about tsunamis – did you see that item on Stuff about the posts along the shore line marked “don’t build below here” that were erected after the last big tsunami, and subsequently ignored by recent builders of housing etc…

        1. If you think it won’t happen in your lifetime, *particularly* if you stand to make a buck off it, it’s really easy to justify building below that sign. Where I grew up had a huge flood in the 1970’s that killed a hundred some people. Now they’re building houses in places I remember seeing underwater. I’m not sure how they can claim that flood was a thousand-year flood, insofar as people have only been keeping records here for 110 years, but hey lots of developers now have lots of money from all those houses they built. I suppose their grandkids will make lots of money when they rebuild them after the next one.

          1. Same thing happened in Brisbane – big flood in the 70s – “We won’t build where it got wet” at the time – by the time the next one rolls around this year, waddaya know? All those houses are under water again…

            I haven’t heard whether anyone decided to take the developer/city council to court for letting the houses be built there. Perhaps the insurance companies should consider getting their losses back off the developer/council…

          2. Well, what governs if the risk of using a particular piece of land is too great? If you’re just building a shack by the beach, it’s no big deal if it’s washed away. If you’re building a house, then you’ll want to be further back from the coast and you’ll want to invest in making your house more wave & flood resistant. If the house has a risk of total loss every hundred years or so, then the insurance could be bearably expensive.* If you’re building a nuclear plant, then the consequences of flooding are unbearable, so you should build to resist the flood, but how big a flood? What risk is acceptable? A one-in-hundred year chance of flooding isn’t acceptable. A one-in-a-thousand year flood? Is that acceptable? One-in-ten-thousand year flood? Now, for each order of magnitude, the costs go up, they go up lots, so any plant owner has a strong incentive to downplay the chance of flooding.

            * – Flood insurance is the classic case for what the insurance industry calls adverse selection. The point of insurance is to spread the cost of risks across the whole of society. For fire, any property could burn so everyone buys into insurance and every property probably won’t burn, making the insurance cheap. However, property owners know if they are at risk of flooding or not, so the only people who buy flood insurance are the few who are likely to be flooded. Thus flood insurance tends to be more expensive, as the majority of society isn’t contributing. Because it’s more expensive, people in properties at risk of flooding are tempted to go without, further pushing up the insurance costs for people who do buy insurance. Hence you’ve got market failure. There are several nations were the state has stepped in to provide insurance because of this failure, that then risks the kind of government failure that causes moral hazard – where people know they can get state insurance, so they build in flood risk areas. Oops.

          3. Or you have a building/planning code that forbids construction in flood risk areas. If you ignore this and do so, then apart from risking enforcement action to pull your house down, you won’t get any payment.

          4. Well, you can have that kind of regulation, if you’ve got room to build elsewhere, or if your public authorities have the political strength to resist developers who claim that their new designs really are flood-resistant this time around, or if you haven’t already built a town there and the property owners aren’t really ‘building’, they’re just doing some renovations.

            So in practice, you can rarely have that kind of regulation.

    1. Re: Cars

      Oops, yup. Checking my figures I was confusing number produced per year with number on the road. Thanks for the correction.

  2. Science is hard, let’s go shopping

    Cars were remarkably unsafe until relatively recently (where by “relatively recently” I mean about two human generations, or around 40 model years, ago). The idea of actually designing in safety to cars took, amongst other things, some major law suits in the USA (see, generally, “Unsafe at Any Speed” on Wikipedia), and required creating a new branch of science (“crash science”).

    It wasn’t entirely that people didn’t care, before, that they were unsafe (although there were certainly those that didn’t), but also that there simply wasn’t the scientific experience to know what would make them safer. And that experience comes as a result of actual research. Which involved making lots of cars as one-offs, and testing them to destruction. The computer model testing of cars is a product of that research, which minimises the cost of validating new designs now (you can reject 9 out of 10 crazy ideas for just the cost of a bit of computer time). But it wouldn’t have been possible without the basic research, of making lots of mistakes and learning from them.

    We’ve come much further in making cars safer than in making nuclear power plants after, not only for the “mistakes are incredibly costly” reason that you list, but also because the testing cycle time is much shorter (takes years to build a nuclear power plant “full scale”, compared with months for a custom first-of-kind car), and because the up front build cost of a car is dramatically lower than that of a nuclear power plant (somehow spending $300M on a “full size experimental model” is harder to justify). Oh, and deliberately “crashing” a nuclear power plant to find out what happens is… frowned upon.

    The “has to be impossible to break”, “no you can’t experiment other than by building production models that won’t break” combination makes for poor science. At best you’re doing “I hope we’ve thought of everything” engineering. At some level the only way out of this mess is to find a way to make mistakes “safely”; most of “crash science” comes from controlled tests in circumstances that damage only the subject under test, rather than eliminating parts of the world from the (habitable) map. With “one new design test every few years” rate, it’s going to take several centuries to get the same level of scientific data as we have gained on car safety in the last 40 years or so.


Leave a Reply

Your email address will not be published. Required fields are marked *