The meltdowns, radiation leaks and ongoing dangers of the stricken nuclear power plant could have been prevented with better risk management, contingency planning, readiness training and communication.
By Ryan McGreal
Published August 09, 2012
this article has been updated
On March 11, 2011, a magnitude 9.0 earthquake ripped through the eastern coast of Japan, one of the most powerful earthquakes since measurement started a century ago. The undersea upthrust of the earthquake also triggered a tsunami that flooded 560 square kilometres along the coast under several metres of water.
The twofold devastation killed nearly 16,000 people, destroying or damaging hundreds of thousands of buildings and 230,000 automobiles and trucks. The total cost is estimated in the hundreds of billions of dollars.
When the earthquake hit, eleven nuclear reactors at four power plants automatically shut down, including the 40-year-old Fukushima Daiichi plant with six boiling water reactors.
Satellite view of Fukushima Daiichi nuclear power plant (Image Credit: Wikimedia Commons)
So far, so good. However, the earthquake disrupted the power supply to the cooling systems at Fukushima. The nuclear fission of uranium fuel rods produces radioisotopes that in turn generate heat as they undergo radioactive decay. As a result, pumps need to keep circulating cold water over the fuel rods - even spent fuel - so they do not overheat.
If the fuel rods get too hot, they can literally melt from the heat - a meltdown - and the liquid reactor fuel drops down into the concrete base of the reactor.
When the power to the Fukushima cooling systems was disrupted, backup diesel generators kicked in to maintain the cooling. Unfortunately, an hour after the earthquake, a 14 metre tall tsunami overran the seawall protecting the plant. It flooded the generator rooms, washed away the fuel tanks and knocked out the cooling system.
This precipitated a cascade of failures that spiraled quickly out of control and ultimately revealed some serious deficiencies in the disaster readiness of Tokyo Electric Power Company (TEPCO), the nuclear power operator running Fukushima.
Immediately following the crisis, I was impressed with the engineering and disaster management at the stricken nuclear plant.
It remains true that the plant managed to ride out an earthquake ten times more powerful than it was designed to withstand, but with the perspective of hindsight and more complete information, my enthusiasm for the plant's risk planning and crisis management is tempered by the understanding that the meltdowns, radioactive leaks and ongoing dangers could have been prevented.
Units 1-3 were in operation when the earthquake hit on Friday. Units 4-6 were offline, but had spent fuel rods stored in pools above the reactors that still needed to be kept cool. When the cooling systems failed and the water levels fell, the fuel rods began to heat up as they became exposed.
The Japanese government evacuated a 3 km radius around Fukushima the day of the earthquake, but extended the evacuation area to 20 km the next day as the situation deteriorated. By late March, the government also offered assistance for an evacuation up to 30 km around the plant.
Attempts to reduce pressure by venting radioactive steam from inside the reactors caused several hydrogen-air explosions that destroyed the exterior buildings and caused some damage to the reactors themselves. Radiation spikes forced workers to withdraw even as fuel rods continued to overheat and release radiation. Because the reactors are so close together, incidents at one unit often exacerbated conditions at an adjacent unit and forced retreats from the entire area.
Meanwhile, the spent fuel rods were also exposed when water levels in their cooling pools fell or boiled off. Firefighters sprayed water through holes in the buildings to try and cover the spent fuel rods and cool the reactors, while workers injected seawater and boric acid into the cooling systems.
Even as these measures sought to control the heating inside the reactors, the corrosive seawater was destroying the cooling systems. Multiple leaks caused radioactive water to leak out, contaminating the areas around the units and running into the sea.
As an example of the cascading nature of the disaster, an explosion in unit 3 knocked out the cooling system in unit 2. A subsequent explosion in unit 2 damaged the reactor container itself, releasing dangerous levels of radiation outside the reactor.
By about the fourth day, the reactors at units 1, 2 and 3 had undergone full meltdowns (though this was not confirmed until mid-April).
Because of the spiking radiation, workers were frequently withdrawn from the plant and could not stay for long. They were not able to gain access to the reactors themselves until May, at which point they began the job of replacing the severely damaged cooling systems. Attempts to use robots on-site were hampered by a combination of high radioactivity and extreme humidity, coupled with the severe damage inside and around the reactors.
Over the next few months, TEPCO managed to put in place a water decontamination and recycling system so the same water could be re-used for cooling, instead of constantly having to add water which would then become contaminated and leak. By September, core temperatures in units 1-3 had all dropped below 100 degrees Celsius.
By December, all three reactors were stable - though leaks, equipment failures and radioactive discharges continued to plague the stabilization efforts. The long-term plan is to have all the reactors decommissioned by 2052. The area around the plant is still severely radioactive and will be uninhabitable for decades.
The government and TEPCO claimed on December 16 that the three reactors had achieved cold shutdown, meaning the cooling water was being maintained below the boiling point of 100 degrees Celsius. However, observers pointed out that given the extent of damage and the ongoing extreme levels of radioactivity inside the reactors, TEPCO could not actually confirm the condition of the melted fuel rods or the reactors themselves.
As recently as this past May, the government-sponsored Japan Nuclear Energy Safety Organization reported that unit 1 was leaking water and that the water level inside the reactor had already fallen low enough to potentially expose some fuel rods.
It is by no means certain that the units will remain in cold shutdown if the cooling systems fail again. Another serious earthquake at this stage could completely undo all of the recovery work taken so far and trigger a much wider release of radiation than has already occurred.
Today, thousands of fuel rods remain in the spent fuel pools on top of the reactors, and several buildings are showing signs of structural instability.
The Fukushima disaster has been rated level 7, "Major Accident", on the International Nuclear Event Scale (INES). Level 7 is the highest rating, indicating extensive radioactive contamination and widespread impact on health and the environment. The 1986 Chernobyl disaster is the only other incident to be rated at this level (the partial meltdown at Three Mile Island in the USA was rated level 5, "Accident With Wider Consequences").
Overall, it is estimated that 900,000 terabecquerels of radioactive material were released in the Fukushima disaster. For comparison, the Chernobyl disaster released 5,200,000 terabecquerels in total, or almost six times as high as Fukushima.
One becquerel is enough radioactive material to produce one radioactive decay per second. In other words, enough radioactive material has been released from Fukushima to produce 900,000,000,000,000,000 (900 quadrillion) radioactive decays per second.
160,000 people were evacuated from the area around Fukushima, and most people remain skeptical about government claims that some areas are now safe for return.
According to recent estimates by scientists at Stanford, the fallout from Fukushima will most likely cause 180 additional cancers and 130 deaths, most of them in Japan. (In the worst case, the fallout will cause 2,500 cancers and 1,500 deaths from cancer.) In contrast, 600 people died during the evacuation, due to stress, fatigue and exposure to the elements.
The management of this disaster by TEPCO and the Japanese government has been excoriated in several damning reports, including the Fukushima Nuclear Accident Independent Investigation Commission and the Investigation Committee on the Accident at the Fukushima Nuclear Power Stations of Tokyo Electric Power Company.
TEPCO conducted an internal study back in 2008 warning that the Fukushima cooling systems would be flooded in the event of a tsunami over 10 metres. The company declined to address the danger, claiming that the risk was too remote to worry about. The March 11, 2011 tsunami was 14 metres high when it washed over the power plant. (In contrast, a similar study highlighting the danger to Tokai Nuclear Power Plant prompted its management to build a much taller seawall. That protected Tokai from being similarly swamped by the tsunami.)
In the 1990s, the main generators and cooling pumps for the nearby Fukushima Daini nuclear plant had been moved into the watertight reactor buildings, and the backup generators were moved to higher ground from the basements of their reactor buildings. As a result, the cooling systems could be brought back online before the fuel rods went into meltdown.
TEPCO officials and staff were not properly trained in disaster management and evacuation procedures. The company's disaster plan, essentially, was to assume the reactor design was safe and that any disaster that could overwhelm the design was too remote to worry about.
TEPCO had no contingency plans in case the primary, backup diesel and battery power sources should all fail, which is what happened after the earthquake and tsunami.
The meltdowns could have been prevented if the cooling systems were restored more quickly, but workers at the plant could not quickly determine that the cooling systems had failed and had no standing procedures on what to do if that should happen.
Japan, a world leader in robotics, did not have nuclear plant robots ready in case of a disaster. A national program to develop nuclear plant robots was actually shut down because officials believed it would send the message that nuclear power is not safe.
No one took notes at the emergency meetings to deal with the Fukushima disaster. In disaster management, record-keeping is essential to assess responses after the fact and learn lessons that can be applied in future.
Communication between TEPCO, the Nuclear and Industrial Safety Agency (NISA) and the Japanese government was extremely poor and sporadic, with both TEPCO and the Japanese government suppressing bad news, including measured levels of radiation.
Then-Prime Minister Naoto Kan intervened to micromanage the disaster, yelling at officials and workers and actually delaying the restoration of the failed cooling systems.
The Japanese government ignored offers of help from the US and failed to act on information provided by the US Department of Energy about the spread of radiation around the plant, resulting in additional exposure for evacuated residents.
Japanese nuclear safety regulations are older and less stringent than global standards, and in any case were frequently not followed or enforced properly. The nuclear industry has persistently and stubbornly pushed back against regulatory pressure to improve their safety standards and operate transparently.
In the conclusion [PDF] of the Fukushima Nuclear Accident Independent Investigation Commission (NAIIC), a corporate culture of deference, bureaucracy and intransigence conspired to create a perfect storm of vulnerability and unpreparedness that transformed a natural disaster into a crisis management fiasco.
For all the extensive detail it provides, what this report cannot fully convey - especially to a global audience - is the mindset that supported the negligence behind this disaster.
What must be admitted - very painfully - is that this was a disaster "Made in Japan." Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to 'sticking with the program'; our groupism; and our insularity.
The report is clear and emphatic: the disaster at Fukushima was man-made. With open, responsible risk management, full contingency planning and proper attention to safety and continuous improvement, the outcome for Fukushima after the earthquake and tsunami would have been much different. Instead, officials hid behind the "safety myth" of nuclear power and refused to act on their own studies of risk and risk management.
Unfortunately, the response, recovery and clean-up operations since last March suggest that, at least so far, the lessons of Fukushima have yet to percolate through the organization.
Radiation screening processes have been shoddy and substandard, prioritizing deadlines over worker safety. Workers have been forced to manipulate their dosimeters, small devices that trigger an alarm when radiation dosage exceeds a safe limit, by putting lead shields in front of them or putting them in their socks.
TEPCO's analysis of the disaster contains numerous factual errors and fails to uncover the root causes of the cascading disaster. TEPCO also tried to hide information from the independent, government-appointed investigatory committees by submitting heavily-redacted reports in response to requests for information.
Since the disaster, TEPCO has regularly stalled and backpedaled in its assessments of the situation at Fukushima, often admitting the severity of the situation only after independent third parties released their own reports contradicting its claims.
In response, the Japanese government has just nationalized TEPCO and placed it under state control.
From a technical and engineering perspective, it is possible to build and maintain a nuclear power plant that is safe from any imaginable threat (but not, obviously, from an unimaginable threat). There are already several designs of nuclear reactors that are much more inherently safe than the boiling water reactors at Fukushima, including the CANDU reactors designed and used in Canada.
You can engineer a mechanism for safety, but how do you engineer an organization for safety? In the case of Fukushima Daiichi, TEPCO knew that it could not withstand a tsunami higher than 10 metres but chose to ignore the threat. The organization did not raise the seawall high enough to hold back a taller tsunami. It did not move its cooling systems into watertight chambers. It did not move the backup generators to higher ground.
It also failed to develop a plan for what to do if all three power systems (main, generator, battery) failed in succession. It failed to train its workers in how to recognize such a crisis and how to respond to it. It failed to coordinate information internally between its vertically-segregated silo departments. It failed to provide timely information to third parties who could help it cope with the crisis. It failed to act on information provided by third parties.
More generally, the company actively resisted government attempts to increase the strength of the safety regulations it had to follow, and repeatedly falsified reports on its conformance with existing regulations.
The government also bears considerable responsibility for the failures. It allowed regulatory capture (the tendency for executives of regulated industries to move into leadership positions in the regulatory body) to undermine the mission of its oversight bodies. It fell behind international standards for nuclear safety. It was too quick to accept the facile claims by the nuclear industry that threats to their operations were too remote to take seriously.
Notwithstanding the conclusion of the NAIIC that Fukushima was a "Made in Japan" disaster, the regulatory and cultural state of affairs that precipitated the cascading crisis is by no means unique to Japan - nor, indeed, to the nuclear power industry. Narrow interest, secrecy and irresponsibility are both global and endemic in public policy organizations.
The question we face is whether it is possible to build - and, more important, to sustain - a high-reliability organization with the clear mandate, open operation and expertise to make the most responsible decisions in the public interest based on the best information.
Can the crooked timber of humanity produce a platform straight and strong enough to maintain a responsible nuclear agency in perpetuity? Too much is at stake merely to shrug and hope for the best.
Update: Corrected article to note that decay heat comes from radioisotopes produced as a result of uranium fission, not from the fission itself. Thanks to Mark Ramsay for helpfully pointing out the error. You can jump to the changed paragraph.