The crisis that unfolded at the Fukushima Daiichi nuclear plant after Japan's megaquake and tsunami is rewriting the nuclear safety guide.
The European Union, for instance, has ordered a risk assessment
of all nuclear power plants in its member states. These assessments are
supposed to consider each plant's ability to withstand a full range of
potential hazards – from earthquakes and floods to plane crashes and
terrorist attacks.
The Japanese disaster did bring some
positive news. The reactors along Japan's Pacific coast suffered no
serious damage from the earthquake, even though its magnitude exceeded
the worst-case scenarios assumed in their designs. That bodes well for
the ability of reactors worldwide to withstand major earthquakes.
But Fukushima Daiichi was doomed by a
decision to plan for a maximum tsunami height of only 5.7 metres, well
short of the wave of up to 15 metres that engulfed the plant on 11 March
2011. In the light of this error, regulators worldwide are reassessing
whether other plants are vulnerable to catastrophic floods, caused by
tsunami, swollen rivers or failed dams.
Shake-proofing
Since the Japanese megaquake, much has been made of the fact that many reactors may face quakes that exceed those they were designed to withstand. In the US, the Nuclear Regulatory Commission is giving plant operators in central and eastern parts of the country 18 months to revise their hazard assessments, following a new report reconsidering the risks posed by the region's geological faults.
Although this may result in seismic
upgrades at some facilities, the performance of Japan's plants after
last year's magnitude-9.0 quake suggests that existing reactors are able
to survive ground shaking greater than anticipated by their designers.
Even the Onagawa plant,
which sits closer to the megaquake's epicentre than Fukushima, shut
down with no major damage. "Onagawa had the world's best stress test,
and it seems to have passed," says Peter Yanev, a seismic risk consultant based in Orinda, California.
It was a similar story in 2007, when the Kashiwazaki-Kariwa plant in western Japan was rocked by a magnitude-6.6 quake, and last year, when a magnitude-5.8 quake hit less than 20 kilometres from the North Anna plant in Virginia. Both quakes exceeded the plants' design specifications, yet the reactors remained intact.
This resilience reflects the caution of reactor designers, who build a margin of error into their seismic engineering.
Inadequate flood protection
By contrast, a wall built to withstand
a 5.7-metre tsunami offers no protection from a 15-metre wave. And
according to those who have analysed Japan's history of tsunamis, the
engineers who built Fukushima Daiichi should have known that their
protection was inadequate (see graphic).
Johannis Nöggerath, president of the Swiss Nuclear Society, seismologist Robert Geller
of the University of Tokyo, and Viacheslav Gusiakov, who heads the
Russian Academy of Sciences' Tsunami Laboratory in Novosibirsk, have
looked at the historical record of tsunamis that was available when
Fukushima Daiichi was designed in the mid-1960s (Bulletin of the Atomic Scientists, vol 67, p 37).
They note that tsunamis rising up to
38 metres had already hit parts of Japan's Pacific coast some 200
kilometres to the north, and say that it would have been prudent to plan
for a similar onslaught. Instead, based on waves seen at Fukushima in
1960, generated by a magnitude-9.5 quake across the Pacific in Chile,
the plant's designers initially assumed that the worst-case scenario
was a 3.1-metre tsunami. That figure was revised to 5.7 metres in 2002.
In a bitter irony, before construction
at Fukushima Daiichi began, the site was excavated by more than 20
metres. This was done in part to allow the reactors to be built on
bedrock to improve their seismic resilience, but it put the plant
directly in harm's way when the tsunami hit.
Worse, the diesel generators needed to
power emergency cooling systems, and switching gear that connects the
plant to the electricity grid and controls core cooling, were not in
waterproof buildings. Once they flooded, a disaster was almost
inevitable.
Swiss example
It needn't have been this way. Swiss
reactors, which could face flash floods from Alpine rivers, house their
backup cooling systems in waterproof bunkers. They also have filtered
venting systems so that even if cooling fails and pressure starts to
build in the containment building, radioactive iodine and caesium can be
removed from the steam before it is released. Had Fukushima Daiichi
been designed to similar specifications, says Nöggerath, "I'm convinced
that it would have prevented the accident".
Operators of reactors that are
vulnerable to severe floods may now decide to follow the Swiss example.
But flooding is just one of many possible hazards, some of which are
difficult to anticipate. "You always worry about what you haven't
analysed," says Chip Lagdon, chief of nuclear safety with the US
Department of Energy.