Automation Could Have Prevented Chernobyl

Bela Liptak Tells How Automatic Safety Controls Could Have Prevented the Accident at Chernobyl

By Bela Liptak

2 of 2 1 | 2 > View on one page

The Test That Caused the Accident

At Chernobyl, it was the conducting of a "safety test" that caused the meltdown. The purpose of the test was to determine if, in case of the failure of the external power supply grid, the residual "rotational energy" (inertia) of the turbines would be enough to provide electric power until the backup diesel generators (DG) started up. The goal of the test was to determine if this "rotational inertia" was enough to supply the plant with electricity for about a minute after a grid failure .

The test should have been performed when the thermal power generation exceeded 700 MWt—when the void coefficient is negative (-VC)—but the operators, being in a hurry at 1 a.m. and ignorant of the consequences, started the test before reaching this minimum power and, therefore, started the test under +VC conditions. They ran the test "in manual," disabled the turbine generator's safety systems, and therefore, the main process computer could not shut down the reactor or even reduce its power.

Automation Would Have Prevented the Accident

So why would having automation prevented this accident? The answer is simple: An automatic safety interlock would have prevented the start of the test until the 700 MWt limit was reached. Unfortunately, automatic safety interlocks can prevent accidents only if they exist and can't be deactivated by the operators. In other words, allowing panicked, unqualified and sleepy operators at 1 a.m. to do what they felt like doing was a recipe for disaster.

Naturally, if the control system was so designed that the operators could not bypass the automatic safety system, the accident could not occur, but even if it did due to some other cause, at the first sign of a power surge, the control computer would have "scrammed" the reactor by inserting all of the control rods into the core and flooding it with water.

In Figure 2, I have inserted some numbers, showing the points where automatic safety controls should have existed and did not. Point 1 refers to the fact that automatic pressure relief valves should have been provided to relieve the steam overpressure that caused the explosion that damaged the building.

Reliable water level and pressure/temperature measurements should have been combined with automatic interlocks to scram the reactor if the water level dropped below the reactor core (Points 2 & 3). Automatic pressure relief should have been provided on the roof to protect the building from steam explosion damage (Point 4). Control rod controls should have been faster than the speed of the worst possible power surge, and operators should have been prevented from manually removing any control rods (which they did), and should have automatically "scrammed" the reactor when the power surge was detected (Point 5). When the presence of hydrogen was detected, both automatic venting and inerting should have been triggered (Points 6 & 7).

In the next article of this series, I will show how safety automation could have prevented the Fukushima accident.  

2 of 2 1 | 2 > View on one page
Show Comments
Hide Comments

Join the discussion

We welcome your thoughtful comments.
All comments will display your user name.

Want to participate in the discussion?

Register for free

Log in for complete access.


No one has commented on this page yet.

RSS feed for comments on this page | RSS feed for all comments