Wednesday, October 6, 2010

Safety of Nuclear Power Reactors

Safety First!


  1. From the outset, there has been a strong awareness of the potential hazard of both nuclear criticality and release of radioactive materials.
  2. There have been two major reactor accidents in the history of civil nuclear power - Three Mile Island and Chernobyl. One was contained without harm to anyone and the other involved an intense fire without provision for containment.
  3. These are the only major accidents to have occurred in some 14,000 cumulative reactor-years of commercial operation in 32 countries.
  4. The risks from western nuclear power plants, in terms of the consequences of an accident or terrorist attack, are minimal compared with other commonly accepted risks. Nuclear power plants are very robust.
  5. Safety is achieved through "defence in depth".

Context

In relation to nuclear power, Safety is closely linked with Security, and in the nuclear field also with Safeguards. Some distinctions:
Safety focuses on unintended conditions or events leading to radiological releases from authorised activities. It relates mainly to intrinsic problems or hazards.

Security focuses on the intentional misuse of nuclear or other radioactive materials by non-state elements to cause harm. It relates mainly to external threats to materials or facilities.

Safeguards focus on restraining activities by states that could lead to acquisition of nuclear weapons. It concerns mainly materials and equipment in relation to rogue governments.

In the 1950s attention turned to harnessing the power of the atom in a controlled way, as demonstrated at Chicago in 1942 and subsequently for military research, and applying the steady heat yield to generate electricity. This naturally gave rise to concerns about accidents and their possible effects. In particular the scenario of loss of cooling which resulted in melting of the nuclear reactor core motivated studies on both the physical and chemical possibilities and the biological effects of any dispersed radioactivity.

Those responsible for nuclear power technology in the west devoted extraordinary effort to ensuring that a meltdown of the reactor core would not take place, since it was assumed that a meltdown of the core would create a major public hazard, and if uncontained, a tragic accident with likely fatalities.

In avoiding such accidents the industry has been outstandingly successful. In over 14,000 cumulative reactor-years of commercial operation in 32 countries, there have been only two major accidents to nuclear power plants - Three Mile Island and Chernobyl, the latter being of little relevance outside the old Soviet bloc.

It was not until the late 1970s that detailed analyses and large-scale testing, followed by the 1979 meltdown of the Three Mile Island reactor, began to make clear that even the worst possible accident in a conventional western nuclear power plant or its fuel could not cause dramatic public harm. The industry still works hard to minimize the probability of a meltdown accident, but it is now clear that no-one need fear a potential public health catastrophe.

The decades-long test and analysis program showed that less radioactivity escapes from molten fuel than initially assumed, and that this radioactive material is not readily mobilized beyond the immediate internal structure. Thus, even if the containment structure that surrounds all modern nuclear plants were ruptured, it would still be highly effective in preventing escape of radioactivity.

It is the laws of physics and the properties of materials that preclude disaster, not the required actions by safety equipment or personnel. In fact, licensing approval now requires that the effects of any core-melt accident must be confined to the plant itself, without the need to evacuate nearby residents.

The two significant accidents in the 50-year history of civil nuclear power generation are:

  • Three Mile Island (USA 1979) where the reactor was severely damaged but radiation was contained and there were no adverse health or environmental consequences
  • Chernobyl (Ukraine 1986) where the destruction of the reactor by steam explosion and fire killed 31 people and had significant health and environmental consequences. The death toll has since increased to about 56.

A table showing all reactor accidents, and a table listing some energy-related accidents with multiple fatalities are appended.

These two significant accidents occurred during more than 14,000 reactor-years of civil operation. Of all the accidents and incidents, only the Chernobyl accident resulted in radiation doses to the public greater than those resulting from the exposure to natural sources. Other incidents (and one 'accident') have been completely confined to the plant.

Apart from Chernobyl, no nuclear workers or members of the public have ever died as a result of exposure to radiation due to a commercial nuclear reactor incident. Most of the serious radiological injuries and deaths that occur each year (2-4 deaths and many more exposures above regulatory limits) are the result of large uncontrolled radiation sources, such as abandoned medical or industrial equipment. (There have also been a number of accidents in experimental reactors and in one military plutonium-producing pile - at Windscale, UK, in 1957, but none of these resulted in loss of life outside the actual plant, or long-term environmental contamination.)

Cumulative Reactor Years

It should be emphasised that a commercial-type power reactor simply cannot under any circumstances explode like a nuclear bomb.

The International Atomic Energy Agency (IAEA) was set up by the United Nations in 1957. One of its functions was to act as an auditor of world nuclear safety. It prescribes safety procedures and the reporting of even minor incidents. Its role has been strengthened since 1996 (see later section). Every country which operates nuclear power plants has a nuclear safety inspectorate and all of these work closely with the IAEA.

While nuclear power plants are designed to be safe in their operation and safe in the event of any malfunction or accident, no industrial activity can be represented as entirely risk-free. However, a nuclear accident in a western-type reactor is now understood to have severe financial consequences for the owner but will give rise to minimal off-site consequences.

Achieving safety: the record so far

Operational safety is a prime concern for those working in nuclear plants. Radiation doses are controlled by the use of remote handling equipment for many operations in the core of the reactor. Other controls include physical shielding and limiting the time workers spend in areas with significant radiation levels. These are supported by continuous monitoring of individual doses and of the work environment to ensure very low radiation exposure compared with other industries.

Concerning possible accidents, up to the early 1970s, some extreme assumptions were made about the possible chain of consequences. These gave rise to a genre of dramatic fiction (eg The China Syndrome) in the public domain and also some solid conservative engineering including containment structures (at least in Western reactor designs) in the industry itself. Licensing regulations were framed accordingly.

One mandated safety indicator is the calculated probable frequency of degraded core or core melt accidents. The US Nuclear Regulatory Commission (NRC) specifies that reactor designs must meet a 1 in 10,000 year core damage frequency, but modern designs exceed this. US utility requirements are 1 in 100,000 years, the best currently operating plants are about 1 in 1 million and those likely to be built in the next decade are almost 1 in 10 million.

Even months after the Three Mile Island accident in 1979 it was assumed that there had been no core melt because there were no indications of severe radioactive release even inside the containment. It turned out that in fact about half the core had melted. This remains the only core melt in a reactor conforming to NRC safety criteria, and the effects were contained as designed, without radiological harm to anyone.*

* About this time there was alarmist talk of the so-called "China Syndrome", a scenario where the core of such a reactor would melt, and due to continual heat generation, melt its way through the reactor pressure vessel and concrete foundations to keep going until it reached China on the other side of the globe! The TMI accident proved the extent of truth in the proposition, and the molten core material got exactly 15 mm of the way to China as it froze on the bottom of the reactor pressure vessel.

However apart from this accident and the Chernobyl disaster there have been about ten core melt accidents - mostly in military or experimental reactors lists most of them. None resulted in any hazard outside the plant from the core melting, though in one case there was significant radiation release due to burning fuel in hot graphite (similar to Chernobyl but smaller scale).

Regulatory requirements today are that the effects of any core-melt accident must be confined to the plant itself, without the need to evacuate nearby residents.

The main safety concern has always been the possibility of an uncontrolled release of radioactive material, leading to contamination and consequent radiation exposure off-site. . Earlier assumptions were that this would be likely in the event of a major loss of cooling accident (LOCA) which resulted in a core melt. Experience has proved otherwise in any circumstances relevant to Western reactor designs. In the light of better understanding of the physics and chemistry of material in a reactor core under extreme conditions it became evident that even a severe core melt coupled with breach of containment could not in fact create a major radiological disaster from any Western reactor design. Studies of the post-accident situation at Three Mile Island (where there was no breach of containment) supported this.

An OECD/NEA report in 2010 pointed out that the theoretically-calculated frequency for a large release of radioactivity from a severe nuclear power plant accident has reduced by a factor of 1600 between the early Generation I reactors as originally built and the Generation III/III+ plants being built today. Earlier designs however have been progressively upgraded through their operating lives.

It has long been asserted that nuclear reactor accidents are the epitome of low-probability but high-consequence risks. Understandably, with this in mind, some people were disinclined to accept the risk, however low the probability. However, the physics and chemistry of a reactor core, coupled with but not wholly depending on the engineering, mean that the consequences of an accident are likely in fact be much less severe than those from other industrial and energy sources. Experience bears this out.

At Chernobyl the kind of reactor and its burning contents which dispersed radionuclides far and wide tragically meant that the results were severe. This once and for all vindicated the desirability of designing with inherent safety supplemented by robust secondary safety provisions and avoiding that kind of reactor design. However, the problem here was not burning graphite as popularly quoted. The graphite was certainly incandescent as a result of fuel decay heat - sometimes over 1000°C - and some of it oxidised to carbon monoxide which burned along with the fuel cladding.

Mention should be made of the accident to the US Fermi-1 prototype fast breeder reactor near Detroit in 1966. Due to a blockage in coolant flow, some of the fuel melted. However no radiation was released off-site and no-one was injured. The reactor was repaired and restarted but closed down in 1972.

The use of nuclear energy for electricity generation can be considered extremely safe. Every year several thousand people die in coal mines to provide this widely used fuel for electricity. There are also significant health and environmental effects arising from fossil fuel use.

In passing, it is relevant to note that the safety record of the US nuclear navy from 1955 on is excellent, this being attributed to a high level of standardisation in over one hundred naval power plants and in their maintenance, and the high quality of the Navy's training program. Until the 1980s, the Soviet naval record stood in marked contrast.

Achieving optimum nuclear safety

To achieve optimum safety, nuclear plants in the western world operate using a 'defence-in-depth' approach, with multiple safety systems supplementing the natural features of the reactor core. Key aspects of the approach are:

  • high-quality design & construction,
  • equipment which prevents operational disturbances or human failures and errors developing into problems,
  • comprehensive monitoring and regular testing to detect equipment or operator failures,
  • redundant and diverse systems to control damage to the fuel and prevent significant radioactive releases,
  • provision to confine the effects of severe fuel damage (or any other problem) to the plant itself.

These can be summed up as: Prevention, Monitoring, and Action (to mitigate consequences of failures).

The safety provisions include a series of physical barriers between the radioactive reactor core and the environment, the provision of multiple safety systems, each with backup and designed to accommodate human error. Safety systems account for about one quarter of the capital cost of such reactors.

The barriers in a typical plant are: the fuel is in the form of solid ceramic (UO2) pellets, and radioactive fission products remain largely bound inside these pellets as the fuel is burned. The pellets are packed inside sealed zirconium alloy tubes to form fuel rods. These are confined inside a large steel pressure vessel with walls up to 30 cm thick - the associated primary water cooling pipework is also substantial. All this, in turn, is enclosed inside a robust reinforced concrete containment structure with walls at least one metre thick. This amounts to three significant barriers around the fuel, which itself is stable.

These barriers are monitored continually. The fuel cladding is monitored by measuring the amount of radioactivity in the cooling water. The high pressure cooling system is monitored by the leak rate of water, and the containment structure by periodically measuring the leak rate of air at about five times atmospheric pressure.

Looked at functionally, the three basic safety functions in a nuclear reactor are: to control reactivity, to cool the fuel and to contain radioactive substances.

The main safety features of most reactors are inherent - negative temperature coefficient and negative void coefficient. The first means that beyond an optimal level, as the temperature increases the efficiency of the reaction decreases (this in fact is used to control power levels in some new designs). The second means that if any steam has formed in the cooling water there is a decrease in moderating effect so that fewer neutrons are able to cause fission and the reaction slows down automatically.

Beyond the control rods which are inserted to absorb neutrons and regulate the fission process, the main engineered safety provisions are the back-up emergency core cooling system (ECCS) to remove excess heat (though it is more to prevent damage to the plant than for public safety) and the containment.

Traditional reactor safety systems are 'active' in the sense that they involve electrical or mechanical operation on command. Some engineered systems operate passively, eg pressure relief valves. Both require parallel redundant systems. Inherent or full passive safety design depends only on physical phenomena such as convection, gravity or resistance to high temperatures, not on functioning of engineered components. All reactors have some elements of inherent safety as mentioned above, but in some recent designs the passive or inherent features substitute for active systems in cooling etc.

The basis of design assumes a threat where due to accident or malign intent (eg terrorism) there is core melting and a breach of containment. This double possibility has been well studied and provides the basis of exclusion zones and contingency plans. Apparently during the Cold War neither Russia nor the USA targeted the other's nuclear power plants because the likely damage would be modest.

Nuclear power plants are designed with sensors to shut them down automatically in an earthquake, and this is a vital consideration in many parts of the world.

The Three Mile Island accident in 1979

demonstrated the importance of the inherent safety features. Despite the fact that about half of the reactor core melted, radionuclides released from the melted fuel mostly plated out on the inside of the plant or dissolved in condensing steam. The containment building which housed the reactor further prevented any significant release of radioactivity. The accident was attributed to mechanical failure and operator confusion. The reactor's other protection systems also functioned as designed. The emergency core cooling system would have prevented any damage to the reactor but for the intervention of the operators.

Investigations following the accident led to a new focus on the human factors in nuclear safety. No major design changes were called for in western reactors, but controls and instrumentation were improved and operator training was overhauled.

By way of contrast, the Chernobyl reactor did not have a containment structure like those used in the West or in post-1980 Soviet designs.

A different safety philosophy: Early Soviet-designed reactors

The April 1986 disaster at the Chernobyl nuclear power plant in the Ukraine was the result of major design deficiencies in the RBMK type of reactor, the violation of operating procedures and the absence of a safety culture. One peculiar feature of the RBMK design was that coolant failure could lead to a strong increase in power output from the fission process ( positive void coefficient). However, this was not the prime cause of the Chernobyl accident.

The accident destroyed the reactor and killed 56 people, 28 of whom died within weeks from radiation exposure. It also caused radiation sickness in a further 200-300 staff and firefighters, and contaminated large areas of Belarus, Ukraine, Russia and beyond. It is estimated that at least 5% of the total radioactive material in the Chernobyl-4 reactor core was released from the plant, due to the lack of any containment structure. Most of this was deposited as dust close by. Some was carried by wind over a wide area.

About 130,000 people received significant radiation doses (i.e. above internationally accepted ICRP limits) and continue to be monitored. About 4000 cases of thyroid cancer in children have been linked to the accident. Most of these were curable, though about nine were fatal. No increase in leukaemia or other cancers have yet shown up, but some is expected. The World Health Organisation is closely monitoring most of those affected.

The Chernobyl accident was a unique event and the only time in the history of commercial nuclear power that radiation-related fatalities occurred.

The destroyed unit 4 was enclosed in a concrete shelter which now requires remedial work.

An OECD expert report on it concluded that "the Chernobyl accident has not brought to light any new, previously unknown phenomena or safety issues that are not resolved or otherwise covered by current reactor safety programs for commercial power reactors in OECD Member countries. In other words, the concept of 'defence in depth' was conspicuous by its absence, and tragically shown to be vitally important.

International efforts to improve safety

There is a great deal of international cooperation on nuclear safety issues, in particular the exchange of operating experience under the auspices of the World Association of Nuclear Operators (WANO) which was set up in 1989. In practical terms this is the most effective international means of achieving very high levels of safety through its four major programs: peer reviews; operating experience; technical support and exchange; and professional and technical development. WANO peer reviews are the main proactive way of sharing experience and expertise, and by the end of 2009 every one of the world's commercial nuclear power plants had been peer-reviewed at least once. See also: paper on Cooperation in Nuclear Power Industry.

The IAEA Convention on Nuclear Safety was drawn up during a series of expert level meetings from 1992 to 1994 and was the result of considerable work by Governments, national nuclear safety authorities and the IAEA Secretariat. Its aim is to legally commit participating States operating land-based nuclear power plants to maintain a high level of safety by setting international benchmarks to which States would subscribe.

The obligations of the Parties are based to a large extent on the principles contained in the IAEA Safety Fundamentals document The Safety of Nuclear Installations. These obligations cover for instance, siting, design, construction, operation, the availability of adequate financial and human resources, the assessment and verification of safety, quality assurance and emergency preparedness.

The Convention is an incentive instrument. It is not designed to ensure fulfillment of obligations by Parties through control and sanction, but is based on their common interest to achieve higher levels of safety. These levels are defined by international benchmarks developed and promoted through regular meetings of the Parties. The Convention obliges Parties to report on the implementation of their obligations for international peer review. This mechanism is the main innovative and dynamic element of the Convention.

The Convention entered into force in October 1996. As of September 2009, there were 79 signatories to the Convention, 66 of which are contracting parties, including all countries with operating nuclear power plants.

In relation to Eastern Europe particularly, since the late 1980s a major international program of assistance has been carried out by the OECD, IAEA and Commission of the European Communities to bring early Soviet-designed reactors up to near western safety standards, or at least to effect significant improvements to the plants and their operation. The European Union has also brought pressure to bear, particularly in countries which aspired to EU membership.

Modifications have been made to overcome deficiencies in the 11 RBMK reactors still operating in Russia. Among other things, these have removed the danger of a positive void coefficient response. Automated inspection equipment has also been installed in these reactors. cf RBMK paper .

The other class of reactors which has been the focus of international attention for safety upgrades is the first-generation of pressurised water VVER-440/230 reactors. These were designed before formal safety standards were issued in the Soviet Union and they lack many basic safety features. Some are still operating in Russia and one in Armenia, under close inspection.

Later Soviet-designed reactors are very much safer and have Western control systems or the equivalent, along with containment structures.

Ageing of nuclear plants

Several issues arise in prolonging the lives of nuclear plants which were originally designed for 30 or 40-year operating lives. Systems, structures and components (SSC) whose characteristics change gradually with time or use are the subject of attention.

Some components simply wear out, corode or degrade to a low level of efficiency. These need to be replaced. Steam generators are the most prominent and expensive of these, and many have been replaced after about 30 years where the reactor otherwise has the prospect of running for 60 years. This is essentially an economic decision. Lesser components are more straightforward to replace as they age, and some may be safety-related as well as economic. In Candu reactors, pressure tube replacement has been undertaken on some older plants, after some 30 years of operation.

A second issue is that of obsolescence. For instance, older reactors have analogue instrument and control systems, and a question must be faced regarding whether these are replaced with digital in a major mid-life overhaul, or simply maintained.

Thirdly, the properties of materials may degrade with age, particularly with heat and neutron irradiation. In some early Russian pressurized water reactors, the pressure vessel is relatively narrow and is thus subject to greater neutron bombardment that a wider one. This raises questions of embrittlement, and has had to be checked carefully before extending licences.

In respect to all these aspects, periodic safety reviews are undertaken on older plants in line with the IAEA safety convention and WANO's safety culture principles to ensure that safety margins are maintained.

In the USA most of the more than one hundred reactors are expected to be granted licence extensions from 40 to 60 years. This justifies significant capital expenditure in upgrading systems and components, including building in extra performance margins. There is widespread agreement that further extensions may be justified, and this prospect is driving research on ageing to ensure both safety and reliability in older plants.

The IAEA has a safety knowledge base for ageing and long term operation of nuclear power plants (SKALTO) which aims to develop a framework for sharing information on ageing management and long term operation of nuclear power plants. It provides published documents and information related to this.

Reporting nuclear incidents

The International Nuclear Event Scale (INES) was developed by the IAEA and OECD in 1990 to communicate and standardise the reporting of nuclear incidents or accidents to the public. The scale runs from a zero event with no safety significance to 7 for a "major accident" such as Chernobyl. Three Mile Island rated 5, as an "accident with off-site risks" though no harm to anyone, and a level 4 "accident mainly in installation" occurred in France in 1980, with little drama. Another accident rated at level 4 occurred in a fuel processing plant in Japan in September 1999. Other accidents have been in military plants .

The International Nuclear Event Scale
For prompt communication of safety significance

Level, Descriptor Off-Site Impact On-Site Impact Defence-in-Depth Degradation Examples
7
Major Accident
Major Release:
Widespread health and environmental effects
Chernobyl, Ukraine, 1986 (fuel meltdown and fire)
6
Serious Accident
Significant Release:
Full implementation of local emergency plans
Mayak at Ozersk, Russia, 1957 (reprocessing plant criticality)
5
Accident with Off-Site Risks
Limited Release:
Partial implementation of local emergency plans, or
Severe damage to reactor core or to radiological barriers Windscale, UK, 1957 (military).
Three Mile Island, USA, 1979 (fuel melting)
4
Accident Mainly in Installation
either of:
Minor Release:
Public exposure of the order of prescribed limits, or
Significant damage to reactor core or to radiological barriers; worker fatality Saint-Laurent A1, France, 1969 (fuel rupture) & A2 1980 (graphite overheating).
Tokai-mura, Japan, 1999 (criticality in fuel plant for an experimental reactor).
3
Serious Incident
any of:
Very Small Release:
Public exposure at a fraction of prescribed limits, or
Major contamination; Acute health effects to a worker, or Near Accident:
Loss of Defence in Depth provisions - no safety layers remaining
Vandellos, Spain, 1989 (turbine fire)
Davis-Besse, USA, 2002 (severe corrosion)
Paks, Hungary 2003 (fuel damage)
2
Incident
nil Significant spread of contamination; Overexposure of worker, or Incidents with significant failures in safety provisions
1
Anomaly
nil nil Anomaly beyond authorised operating regime
0
Deviation
nil nil No safety significance
Below Scale nil nil No safety relevance

Source: International Atomic Energy Agency

Terrorism

Since the World Trade Centre attacks in New York in 2001 there has been concern about the consequences of a large aircraft being used to attack a nuclear facility with the purpose of releasing radioactive materials. Various studies have looked at similar attacks on nuclear power plants. They show that nuclear reactors would be more resistant to such attacks than virtually any other civil installations. A thorough study was undertaken by the US Electric Power Research Institute (EPRI) using specialist consultants and paid for by the US Dept. of Energy. It concludes that US reactor structures "are robust and (would) protect the fuel from impacts of large commercial aircraft".

The analyses used a fully-fuelled Boeing 767-400 of over 200 tonnes as the basis, at 560 km/h - the maximum speed for precision flying near the ground. The wingspan is greater than the diameter of reactor containment buildings and the 4.3 tonne engines are 15 metres apart. Hence analyses focused on single engine direct impact on the centreline - since this would be the most penetrating missile - and on the impact of the entire aircraft if the fuselage hit the centreline (in which case the engines would ricochet off the sides). In each case no part of the aircraft or its fuel would penetrate the containment. Other studies have confirmed these findings.

Penetrating (even relatively weak) reinforced concrete requires multiple hits by high speed artillery shells or specially-designed "bunker busting" ordnance - both of which are well beyond what terrorists are likely to deploy. Thin-walled, slow-moving, hollow aluminum aircraft, hitting containment-grade heavily-reinforced concrete disintegrate, with negligible penetration. But further (see Sept 2002 Science paper and Jan 2003 Response & Comments), realistic assessments from decades of analyses, lab work and testing, find that the consequence of even the worst realistic scenarios - core melting and containment failure - can cause few if any deaths to the public, regardless of the scenario that led to the core melt and containment failure. This conclusion was documented in a 1981 EPRI study, reported and widely circulated in many languages, by Levenson and Rahn in Nuclear Technology.

In 1988 Sandia National Laboratories in USA demonstrated the unequal distribution of energy absorption that occurs when an aircraft impacts a massive, hardened target. The test involved a rocket-propelled F4 Phantom jet (about 27 tonnes, with both engines close together in the fuselage) hitting a 3.7m thick slab of concrete at 765 km/h. This was to see whether a proposed Japanese nuclear power plant could withstand the impact of a heavy aircraft. It showed how most of the collision energy goes into the destruction of the aircraft itself - about 96% of the aircraft's kinetic energy went into the its destruction and some penetration of the concrete, while the remaining 4% was dissipated in accelerating the 700-tonne slab. The maximum penetration of the concrete in this experiment was 60 mm, but comparison with fixed reactor containment needs to take account of the 4% of energy transmitted to the slab.

The study of a 1970s US power plant in a highly-populated area is assessing the possible effects of a successful terrorist attack which causes both meltdown of the core and a large breach in the containment structure - both extremely unlikely. It shows that a large fraction of the most hazardous radioactive isotopes, like those of iodine and tellurium, would never leave the site.

Much of the radioactive material would stick to surfaces inside the containment or becomes soluble salts that remain in the damaged containment building. Some radioactive material would nonetheless enter the environment some hours after the attack in this extreme scenario and affect areas up to several kilometres away. The extent and timing of this means that with walking-pace evacuation inside this radius it would not be a major health risk. However it could leave areas contaminated and hence displace people in the same way as a natural disaster, giving rise to economic rather than health consequences.

Looking at spent fuel storage pools, similar analyses showed no breach. Dry storage and transport casks retained their integrity. "There would be no release of radionuclides to the environment".

Similarly, the massive structures mean that any terrorist attack even inside a plant (which are well defended) and causing loss of cooling, core melting and breach of containment would not result in any significant radioactive releases.


Switzerland's Nuclear Safety Inspectorate studied a similar scenario and reported in 2003 that the danger of any radiation release from such a crash would be low for the older plants and extremely low for the newer ones.

The conservative design criteria which caused most power reactors to be shrouded by massive containment structures with biological shield has provided peace of mind in a suicide terrorist context. Ironically and as noted earlier, with better understanding of what happens in a core melt accident inside, they are now seen to be not nearly as necessary in that accident mitigation role as was originally assumed.

Advanced reactor designs

The designs for nuclear plants being developed for implementation in coming decades contain numerous safety improvements based on operational experience. The first two of these advanced reactors began operating in Japan in 1996.

One major feature they have in common (beyond safety engineering already standard in Western reactors) is passive safety systems, requiring no operator intervention in the event of a major malfunction.

The main metric used to assess reactor safety is the likelihood of the core melting due to loss of coolant. These new designs are one or two orders of magnitude less likely than older ones to suffer a core melt accident, but the significance of that is more for the owner and operator than the neighbours, who - as Three Mile Island showed - are entirely safe also with older types. (As mentioned in the box above, studies related to the 1970s plant in USA show that even with a breach of containment as well, the consequences would not be catastrophic.)

Safety relative to other energy sources

Many occupational accident statistics have been generated over the last 40 years of nuclear reactor operations in the US and UK. These can be compared with those from coal-fired power generation. All show that nuclear is a distinctly safer way to produce electricity.

Three simple sets of figures are quoted in the Tables below. A major reason for coal's unfavourable showing is the huge amount which must be mined and transported to supply even a single large power station. Mining and multiple handling of so much material of any kind involves hazards, and these are reflected in the statistics.

Summary of severe* accidents in energy chains for electricity 1969-2000

OECD Non-OECD
Energy chain Fatalities Fatalities/TWy Fatalities Fatalities/TWy
Coal 2259 157 18,000 597
Natural gas 1043 85 1000 111
Hydro 14 3 30,000 10,285
Nuclear 0 0 31 48
Data from Paul Scherrer Institut, in OECD 2010. * severe = more than 5 fatalities

Comparison of accident statistics in primary energy production
(Electricity generation accounts for about 40% of total primary energy)

Fuel Immediate fatalities
1970-92
Who? Normalised to deaths
per TWy* electricity
Coal
6400
workers
342
Natural gas
1200
workers & public
85
Hydro
4000
public
883
Nuclear
31
workers
8

* Basis: per million MWe operating for one year, not including plant construction, based on historic data which is unlikely to represent current safety levels in any of the industries concerned.
credit to : Sources: Sources: Ball, Roberts & Simpson, 1994; Hirschberg et al, Paul Scherrer Institut 1996, in: IAEA 1997; Paul Scherrer Institut, 2001.

0 comments:

Post a Comment