Fukushima Dai-Ichi – Black Swan Event or Engineering Design Error?

By Robert C. McCue, PE
MDCSystems® Consulting Engineer

Tsunami triggers destruction of nuclear reactors, Japan

On the afternoon of March 11, 2011 a magnitude 9.0 earthquake struck the coast of Japan triggering a massive tsunami that ravaged the country’s northern coast.  The images of the water moving at a rate of 500 miles per hour inland carrying boats, cars and entire buildings were gut-wrenching.  In the path of the destruction were six nuclear reactors at Fukushima. The reactors were automatically shut down (SCRAMMED¹) on the sensing of the earthquake and the installed emergency shutdown systems operated to allow the reactors to begin the process of cool-down.

About 40 minutes after the shutdown, the tsunami waves²reached the Fukushima complex.  The waves engulfed the plants with over 18 feet of water sweeping over  Units One, Two, Three and Four. Units Five and Six were constructed after One through Four and they were sited about 15 feet higher in elevation, resulting in about three feet of water covering those units at grade level. At the time of the earthquake Units One, Two, and Three were operating; Units Four, Five, and Six were previously shut down for maintenance and refueling. ³

The immediate effect of the tsunami was a loss of all AC ⁴ power at all units as the high voltage transmission systems were destroyed, followed by the on-site emergency diesel generators and switchgear rooms being flooded. The tsunami had destroyed the transmission lines which normally could be relied upon to bring power to the plants and this loss essentially isolated them from any off-site sources of power. Initially battery power was used to provide minimum power and cooling to all units, while the operators were evaluating damage and attempting to restore on-site AC power systems and emergency generator systems. The damage to the switchgear and emergency generators was complete and could not be repaired for Units One through Four.

However, Unit Six had a diesel generator that was on the roof of the auxiliary building and was able to be operated to later provide emergency power to Unit Six and eventually the operators used this power source to provide power to control the cooling systems on Unit Five.

Eventually the battery systems for Units One through Four were exhausted. Without power the units began to overheat and the inevitable result of the overheating was the release of large amounts of hydrogen gas into the reactor buildings at Units One. through Four. Normally, in such an upset operating condition, the hydrogen gas would be vented to the atmosphere and would not present either a radioactivity or explosion danger to the plants and environment. However, without AC power the valves used to vent the hydrogen gas could not be operated allowing dangerous levels of hydrogen to accumulate in the reactor building.

The video of the resulting explosions to the reactor buildings provide graphic evidence of the power of the explosions and the developing emergency situation. The loss of the building enclosure now allowed radioactive gases to spread without filtering, capture or delay into the surrounding countryside. This was the beginning of the widespread impact of the plant accidents. The spent fuel pools are normally covered by the reactor building and now these pools which were also releasing radioactive gases added to the spread of contamination.  Subsequent explosions in the adjacent reactor building prevented any operator actions to control the situation.

Even today, one year after the tsunami, details of the sequence of events are sketchy. A recently released U.S. Nuclear Regulatory Commission Report⁵ provides some additional detail concerning the timeline of the main events. It is estimated that the entire coast line of Japan fell by three feet and the tsunami waves topped the seawall constructed to protect the Fukushima plants by over 20 feet.

BLACK SWAN EVENT⁶?

Is this just the latest example of a Black Swan Event?  At first glance it would appear to be one, but then what about the ancient warning system erected by previous generations which could have prevented the entire nuclear accident?  Tsunami Stones⁷, which have been in place on the Japanese coast for centuries, provided an ominous warning: “Do not build your homes below this point.”

Did Tokyo Electric Power (TEPCO), the plant owner and operator, read the warnings? Why were Plants Five and Six built 15 feet higher in site elevation than One through Four?  It is reported that some Tsunami Stones were themselves swept away by this tsunami, providing evidence of the historical significance of the event.

Apparently coastline anomalies and concentrated wave action did result in exceeding previous tsunami’s in many areas.  Nevertheless, much evidence suggests that all locations above the ancient markers suffered little loss of life and minimum destruction from the water. Why then, was the destruction, and resulting radiation releases so great from the Fukushima nuclear facility and what design/operational defects are now apparent?

• Site Elevation  –  too low at grade and ignored historic tsunami elevations
• Sea Wall  –  inadequate to protect the facility
• Emergency Generators  –  only one provided for each unit and not protected from flooding; violates US NRC design criteria
• Emergency Switchgear  –  not protected from flooding
• Reliance on Sharing AC Power Between Adjacent Units  –  violates U.S. NRC design criteria
• Emergency Procedures  – no provision for providing long term emergency power from barges or ships in emergency situations
• Emergency Planning  –  management information systems and public notification failed to provide information and warning ⁸

Engineering Design Error?

Considering all of the above issues, we must conclude that this nuclear and radiological disaster was avoidable and not a Black Swan event.  From our experience investigating and analyzing engineering failures, it appears that TEPCO made conscious decisions to save capital costs on construction by avoiding site costs for:

• Raising the grade elevation
• Not installing an adequate sea wall
• Utilizing only one diesel generator per plant
• Ignoring the need to waterproof key safety equipment and operating areas

Prior to the earthquake, another Japanese utility Chubu Electric Power was in the process of enhancing sea wall protection at the Hamaoka Nuclear Plant and upgrading the reliability of its emergency power systems and plant flood protection.  Therefore, the potential danger from tsunami was well known but not adequately analyzed and accounted for in the original designs of a number of Japanese Nuclear Plants.

Because Japan sits on the “Ring of Fire” the likelihood of tsunami’s resulting from earthquake action in the tectonic plates offshore is very high. This knowledge should have caused the plant operators and regulators to undertake a defense in depth analysis and modify the plant design criteria to withstand the effects of tsunamis. One of the most important features of U.S. NRC safety requirements is a philosophy of defense in depth, meaning that a series of design and operational features are envisioned to overcome postulated accident scenarios like tornadoes, floods and earthquakes.  Fukushima Dai-Ichi did not employ such a philosophy and the damage both economically and physically to the population from the combination of earthquake, flooding and radiation exposure is still to be determined

It is rumored that the Nuclear Steam System Supplier at all Fukushima reactors, General Electric, had argued for more modernization of systems for the older designs employed there. Unfortunately, there has been little public discussion of plant specific or design specific safety issues by either the International Atomic Energy Agency or the U.S. NRC. Perhaps this is understandable where nationalism and protocol are a first consideration, but it has lead to a series of avoidable radiation exposures.  As an example, the lack of a containment structure at Chernobyl was well known, as was the danger of overheating and fire in the graphite moderator, but there was no pressure on the Russian utility operator to shutdown the reactors and today similar designs are still in operation.

Perhaps the lessons of this accident will result in more open and transparent criticism of obvious safety issues across borders.  Hopefully, now the necessary safety review and upgrading of deficient reactors around the world can take place.  As new inherently safer designs are developed, Nuclear Power should be able to provide the type of safe reliable electric power once promised. Reactor facilities have long usable lifetimes and so the current plants will require continued vigilance and significant safety upgrades to avoid the next failure.

The inescapable conclusion is that the Fukushima Dai-Ichi nuclear accident was avoidable and should be classified as an engineering design failure.

———————————–
Mr. McCue is a Consulting Engineer with MDCSystems® and has been investigating and analyzing engineering and construction failures on major projects around the world since 1987.  He has previously been employed by General Electric in its nuclear business and was a member of the technical review staff of the United States Nuclear Regulatory Commission.  He can be contacted via e-mail; [email protected]

—————————

¹ Acronym – meaning that all control rods are dropped into the reactor core stopping the nuclear fission process

² Estimated to be over 45 feet

³ Onagawa 1,2,3 located north of Fukushima and two other nuclear stations south of Fukushima were also shutdown by the earthquake but did not suffer significant damage from the Tsunami

⁴ Alternating Current, batteries provide DC, Direct Current power

⁵ Recommendations for Enhancing Reactor Safety in the 21st Century – the Near-Term Task Force Review of Insights from the Fukushima Dai-Ichi Accident

⁶ A Black Swan event- has three characteristics, it is unpredictable; it carries a massive impact and after the fact we concoct explanations that make it appear less random and more predictable than it was.

⁷ Google, Tsunami Stones for articles similar to www.nytimes.com/2011/04/21/world/asia21stones.html

⁸ See The Economist March 10th – 16th; Briefings Japan after the 3/11 disaster; also The Dream that Failed