Q: In your recent article you briefly referred to "underwater nuclear reactors" and to the order of magnitude improvement in their safety through automation. You also talked about "overrule safety" type automation. Could you elaborate on both of these topics a little more? I do not fully understand either term ("overrule safety" and "underwater reactor").
George F. Schmidt
A: The underwater reactor requires a small, artificial lake with the reactor at the bottom of it, inside a containment, as shown on the left of Figure 1. Under normal operation, the containment is evacuated to provide thermal insulation for the reactor, while under emergency conditions (see the right of the figure), the thermal expansion rods expand and open the safety valves so that the water flows by gravity into the containment. This design satisfies two key requirements for "overrule safety:"
- Nothing and nobody can turn off either of its energy sources: thermal expansion and gravity.
- No other energy source is required. All external and internal energy sources can fail and the shutdown will still take place safely.
I deal with this in detail in my recent book, Automation Can Prevent the Next Fukushima. The general philosophy of "overrule safety" automation is the same for all other processes. Its key characteristic is that nothing and nobody can turn it off. Take, for example, the BP accident: If the controls were so designed that the rig would have been "automatically" disconnected from the well and moved away as soon as fire was detected, 11 lives would have been saved.
Overrule safety also applies to protection against transportation accidents or cyberterrorism. In the case of cyberterrorism, we must understand that a firewall in our digital age is nothing more than what a visitors' door was in the past, and a password is nothing but the key to that door. When applied to protect against cyberterrorism, overrule safety is simply the elimination of both the door and the key. That means the process control computers are not connected to and cannot be accessed by anything or anybody: There is no door for visitors.
Therefore, in this age of cyberterrorism, the only road to absolute safety is to eliminate all wired and wireless contact to the outside, so not even the CEO can turn off the automatic override safety system. The key profession to explain all this to the public and to start applying the concept of overrule safety automation to our control systems is our own.
NORMAL: Containment is evacuated to thermally insulate the reactor and safety valves are closed, because the thermal expansion lifting rods are contracted EMERGENCY: Containment is flooded as soon as safety valves are opened by the thermal expansion of the lifting rods. This automatically cools the reactor.
Q: Minimum Control Valve Size in an Oil Pipeline?
I am Kaushal Shah, working as an instrument design engineer for L&T Chiyoda Limited, India. I have a question concerning the API Standard 553, Section 3: Control Valves/ Sub Section 3.1: Valve Body , Clause 3.1.9. The clause states, "The valve body size should be no less than two pipe sizes smaller than the line size. Smaller valve sizes must be reviewed to make sure that line mechanical integrity is not violated."
Here are my questions:
- What does line mechanical integrity mean? Are there any guidelines?
- How do you ensure that mechanical integrity is achieved? Is there a standard?
- How do you demonstrate this to a third party in cases where the control valve size is smaller than two line sizes?
Also, ASME B31.1, which provides a stress analysis technique, does not require that all lines shall have stress analysis. If I am the EPC contractor, and if I need to prove to the licensor/PMC that my valve will not cause problems to mechanical integrity, is there any laid down standard? Does any standard require that to prove mechanical integrity, stress analysis must be performed in addition to the requirement specified in ASME B 31.1?