It was with a profound sadness that I read this article, "Automation Could Have Saved Fukushima, March 2013, in Control.
It is full of technical inaccuracies. Operators, designers and instrumentation are blamed for the events at this power station.
The opening paragraph states that "had the level detectors operated correctly, and if the operators had flooded the reactors as soon as the earthquake was sensed, and if they had started venting of the hydrogen as soon as the rods were uncovered, the hydrogen explosions would have been prevented." This is just is not true.
Read Also: Help for Fukushima?
We have no reason to suspect that the instruments did not operate correctly. The environment in which they operated during the first stages of the accident (prior to the hydrogen explosions) should not have been significantly different from normal operating conditions. The operators would have been able to track the decrease in water level, and instrumentation signals to start emergency equipment should have been generated as designed.
Unfortunately, because of a tsunami that was about 15 feet higher than the station was designed to handle, normal and emergency power supplies were flooded and not available; thus, the operators were unable at that point to put water into the reactor vessel.
If the operators had filled the vessel as soon as the earthquake was sensed (there would be no reason to do this because at that point emergency power was still available—and there was no reason to believe the resulting wave would be higher than design features), Fukushima still would not have been saved. The inevitable result of not having normal or emergency power sources would still have been the melting of the fuel, and the hydrogen explosions—perhaps delayed by several hours—still would have occurred.
To suggest that the operators should have vented the hydrogen as soon as the core was uncovered assumes that there would be significant amounts of hydrogen. BWRs by design can uncover some fuel without the fuel significantly overheating and producing hydrogen. The information I saw indicated that the venting was not so much the problem, but where the hydrogen was vented to. If normal or emergency power had been available the core would have remained covered and adequately cooled.
There are several detailed articles published by the NRC and the American Nuclear Society which, if referenced, would have reduced the likelihood of publishing an article filled with technical errors, and which proposes a solution that would not have prevented or even mitigated the events of this tragedy.
Béla Lipták responds:
Fukushima was much better designed than Chernobyl because the reactors had a negative void coefficient; they were protected by primary containment vessels (PCV); the PCVs were inerted and provided with wet wells; and scramming of the reactors was automatic. In contrast to Chernobyl, the operators made few mistakes, but the designers provided them with unreliable information (as I gave one example in connection with the useless level sensors) and, therefore, none of that made any difference. This accident still became a level 7 nuclear disaster, the second one in history.
Read Also: Automation Could Have Prevented Chernobyl
What the plant lacked was full automation that would have taken full advantage of the time window between the occurrence of the earthquake and the arrival of the tsunami (~ 44 minutes later) or of the time window between the earthquake and the starting of the meltdown (three to four hours).
The main and most important design deficiency (which even today is common to most operating nuclear power plants), was the inability of the plant to provide automatic and safe shutdown when both the external and internal electric power supplies simultaneously fail. In other words, the plant was neither provided with elevated water storage tanks (to take advantage of gravity to flood the reactors), nor with backup cooling water pumps driven by steam turbines, as steam energy was available.
Mr. Daigler is wrong, not only because level measurement was lost due to reference leg boil off, but also because the presence of hydrogen was not even measured. He is also wrong about the pressure relief system because it took almost a day for the operators to manually depressurize the PCV because the block valves isolating the rupture disks could not be opened. They had no hand-wheels nor local backup power to operate their actuators, so they had to drag batteries and portable air compressors into the area to open them.
In short, the operators were right not to trust the sensors. Just imagine the panicked operators in the dark (the control room did not even have its own battery backup) trying to figure out what to do. In short, I do not criticize the operators at all. They did the best they could with what they had (a bunch of manual switches and indicators without interlocks and not even a graphic panel), but I do blame the semi-manual mode of operation, unassisted by automatic safety controls, which they had to work with.
When my book is published this summer, giving the detailed specifics of how automation would have prevented Three Mile Island, Chernobyl and Fukushima, I know that I will receive some defensive letters like Mr. Daigler's, but I also know that the smart operators of the 438 nuclear power plants around the world will go back to their plants and implement the automatic safety systems I came up with to make those plants safer in this age of cyber terrorism.