Part 1 of this series listed some of the process control errors that contributed to the Fukushima accident (Control, May 2011, www.controlglobal.com/articles/2011/FukushimaNuclear1105.html). In the coming parts of this series I will discuss those design and control errors, because they still exist in many American boiling-water reactors (BWR) and must be corrected to protect against new accidents. I will discuss one error in each of this series of articles. In this issue, I will describe both the causes of the hydrogen explosions at Fukushima and the controls needed to protect against hydrogen explosions at American BWRs. In the third part, I will describe the sensors that are needed in the reactor core which will measure water level, steam/water ratio, temperature, etc., and which did not exist at Fukushima and meant that the operators there were operating "blindly."
Preventing Hydrogen Explosions
Cooling of both the BWR reactors and the spent fuel rod storage ponds is essential for safety. As I have described in my previous article, well-designed backup systems, such as cooling water ponds on the roofs of earthquake-proof reactor buildings, can provide such backup, as gravity flow is always available even when electric power is lost. Some American plants provide such ponds, but not all.
When cooling is lost, as at Fukushima, the heat generated by fission will increase the temperature until first, the zirconium cladding and later, the fuel rods themselves start to melt. As the water level drops, and the zirconium cladding reaches about 1,000 ˚C, it will react with the water to split it into hydrogen and oxygen. As the temperature rises, the top of the fuel rods (the uranium dioxide fuel inside the cladding) also melts, resulting in a partial or total meltdown.
As the water splits into oxygen and hydrogen, the hydrogen is released and mixes with the steam being generated in the reactor (Figure 1). Once the fuel rods start melting, the steam becomes radioactive. When the steam piping leaks/ruptures, or if the steam relief valve (PSV on Figure 3) opens, the mixture of steam and hydrogen is sent into the primary containment vessel or into the wet well.
If the hydrogen accumulates and comes into contact with air, it will explode (oxidize back into water). It is for this reason that both the primary and secondary containment should have been filled with nitrogen. They were not and, therefore, the hydrogen explosions at Fukushima destroyed the buildings and cracked some of the primary containment walls, allowing the leakage of radioactive water into the ground and the steam/hydrogen mixture into the air. The same scenario can be repeated in many American plants, if cooling is lost due to earthquakes, hurricanes or terrorist acts.
Meltdowns can also occur in the spent fuel ponds if cooling is lost. These ponds are even less protected as they are outside the primary containment (Figure 3). Storage pond accidents are becoming more frequent when the ponds are filled beyond design capacity. At Fukushima, built in 1971, some 500,000 used fuel rods have accumulated. This is ten times the amount which the ponds were designed for. In many American plants, the spent-fuel pools represent a worse radiation threat than the reactors, because they contain far more uranium than is in the reactor cores.
There are safer temporary storage alternatives ("dry casks"), which do not require continuous cooling, but few American plants use them. The typical temporary storage pool used at American plant is shown in Figure 2.
Manual Operation is Inherently Unsafe
Below, I will describe the automatic controls that would have prevented the hydrogen explosions at Fukushima and can prevent their repetition in many American plants. First, (in Figure 3) I will shows the bad design that was used in Japan and in many American plants. The reasons why these designs are unsafe are the following:
- The pressure relief valves on the wet well (torus) are manually operated (SS in Figure 3). At Fukushima it was seven hours until the operators finally opened these valves. In many American plants, this valve is similarly under manual control.
- When, after the first explosions, the operators at Fukushima finally decided to open the vent valves, the mixture of hydrogen and radioactive steam was vented without any filtering and, therefore, radioactive solid particles were released. Many American plants have no filters either.
- The steam/hydrogen mixture was not vented to outside the building, where it would have been diluted by the wind and quickly risen (because of its low molecular weight of hydrogen), but was allowed to accumulate inside the building, where it exploded and caused structural damage. The same could occur in some American plants.
- The building was filled with air (not inert gas, N2) and, therefore, oxygen was available to support the hydrogen explosions. In the newer and safer reactor designs the primary and the secondary containment structures can be purged or filled with inert gas (N2), which, at the cost of operator inconvenience, increases safety. In the Fukushima plant and in most older American plants, the containment structures (including the torus) are not designed for purging with nitrogen and therefore, even during an accident, oxygen is available to support hydrogen explosions.
The Correct Design Requires Automation
Figure 4 shows the automatic overpressure protection design that eliminates all the problems in the above list. The main reason why this design is safe is because it is automatic. Therefore, there is no operator's judgment involved. There is no hesitation for seven hours. It works automatically by venting whenever its set pressure (usually 75% of the design pressure) is reached. Period.
The second important feature is that the released hydrogen is not allowed to accumulate inside the building, but is released into the atmosphere, where it is diluted and the hydrogen quickly rises up, away from the building. In addition, the radioactive particles are filtered out so they do not contaminate the area around the buildings.
Figure 3: In many American BWR plants, if the radioactive steam, which is relieved by the PSV, does not condense in the wet well (due to loss of cooling), the pressure can build up and crack the primary containment unless the operator manually opens the vent valve (SS). At Fukushima this valve was not opened for 7 hours. Also, once this valve was opened (after the containment already cracked) hydrogen was not released from the building, but accumulated inside, mixed with air and exploded.
Another important feature is that as soon as the excess pressure is released, the pressure safety valve (PSV) recloses. In case of the Fukushima (or any other plant where the vent valve is manually opened), the operator can forget to close it, releasing additional radioactive vapors. It is also important that full backup is provided for the automatic pressure relief system and that the burst rupture disk can be replaced while the plant is in operation.
In the next article of this series, I will describe how to measure the water/steam ratio, the swelled and collapsed water level and the temperature inside the reactor core, in order to eliminate guesswork. As we know, at Fukushima―and at many American plants―the operators do not have this information and are only guessing when answering such critical questions such as, are the fuel rods covered or if melting has started, how far has it progressed?
There has been, as yet, not time for the American nuclear industry to automate its manual systems based on the type of safety advice presented in this series of articles, but they are already becoming more vigilant. For example, during the latest flooding of the Missouri Rive, the Fort Calhoun plant near Omaha, Neb., was placed into "cold shutdown," and plants in Louisiana and Florida were shut down when hurricanes were approaching.
