17 Months Later, Fukushima Daiichi Offers Bitter Lessons in Risk Management

The meltdowns, radiation leaks and ongoing dangers of the stricken nuclear power plant could have been prevented with better risk management, contingency planning, readiness training and communication.

By Ryan McGreal
Published August 09, 2012

this article has been updated

On March 11, 2011, a magnitude 9.0 earthquake ripped through the eastern coast of Japan, one of the most powerful earthquakes since measurement started a century ago. The undersea upthrust of the earthquake also triggered a tsunami that flooded 560 square kilometres along the coast under several metres of water.

The twofold devastation killed nearly 16,000 people, destroying or damaging hundreds of thousands of buildings and 230,000 automobiles and trucks. The total cost is estimated in the hundreds of billions of dollars.

When the earthquake hit, eleven nuclear reactors at four power plants automatically shut down, including the 40-year-old Fukushima Daiichi plant with six boiling water reactors.

Satellite view of Fukushima Daiichi nuclear power plant (Image Credit: Wikimedia Commons)
Satellite view of Fukushima Daiichi nuclear power plant (Image Credit: Wikimedia Commons)

So far, so good. However, the earthquake disrupted the power supply to the cooling systems at Fukushima. The nuclear fission of uranium fuel rods produces radioisotopes that in turn generate heat as they undergo radioactive decay. As a result, pumps need to keep circulating cold water over the fuel rods - even spent fuel - so they do not overheat.

If the fuel rods get too hot, they can literally melt from the heat - a meltdown - and the liquid reactor fuel drops down into the concrete base of the reactor.

When the power to the Fukushima cooling systems was disrupted, backup diesel generators kicked in to maintain the cooling. Unfortunately, an hour after the earthquake, a 14 metre tall tsunami overran the seawall protecting the plant. It flooded the generator rooms, washed away the fuel tanks and knocked out the cooling system.

This precipitated a cascade of failures that spiraled quickly out of control and ultimately revealed some serious deficiencies in the disaster readiness of Tokyo Electric Power Company (TEPCO), the nuclear power operator running Fukushima.

Immediately following the crisis, I was impressed with the engineering and disaster management at the stricken nuclear plant.

It remains true that the plant managed to ride out an earthquake ten times more powerful than it was designed to withstand, but with the perspective of hindsight and more complete information, my enthusiasm for the plant's risk planning and crisis management is tempered by the understanding that the meltdowns, radioactive leaks and ongoing dangers could have been prevented.

Cascade of Failures

Units 1-3 were in operation when the earthquake hit on Friday. Units 4-6 were offline, but had spent fuel rods stored in pools above the reactors that still needed to be kept cool. When the cooling systems failed and the water levels fell, the fuel rods began to heat up as they became exposed.

The Japanese government evacuated a 3 km radius around Fukushima the day of the earthquake, but extended the evacuation area to 20 km the next day as the situation deteriorated. By late March, the government also offered assistance for an evacuation up to 30 km around the plant.

Attempts to reduce pressure by venting radioactive steam from inside the reactors caused several hydrogen-air explosions that destroyed the exterior buildings and caused some damage to the reactors themselves. Radiation spikes forced workers to withdraw even as fuel rods continued to overheat and release radiation. Because the reactors are so close together, incidents at one unit often exacerbated conditions at an adjacent unit and forced retreats from the entire area.

Meanwhile, the spent fuel rods were also exposed when water levels in their cooling pools fell or boiled off. Firefighters sprayed water through holes in the buildings to try and cover the spent fuel rods and cool the reactors, while workers injected seawater and boric acid into the cooling systems.

Even as these measures sought to control the heating inside the reactors, the corrosive seawater was destroying the cooling systems. Multiple leaks caused radioactive water to leak out, contaminating the areas around the units and running into the sea.

As an example of the cascading nature of the disaster, an explosion in unit 3 knocked out the cooling system in unit 2. A subsequent explosion in unit 2 damaged the reactor container itself, releasing dangerous levels of radiation outside the reactor.

By about the fourth day, the reactors at units 1, 2 and 3 had undergone full meltdowns (though this was not confirmed until mid-April).

Because of the spiking radiation, workers were frequently withdrawn from the plant and could not stay for long. They were not able to gain access to the reactors themselves until May, at which point they began the job of replacing the severely damaged cooling systems. Attempts to use robots on-site were hampered by a combination of high radioactivity and extreme humidity, coupled with the severe damage inside and around the reactors.

Over the next few months, TEPCO managed to put in place a water decontamination and recycling system so the same water could be re-used for cooling, instead of constantly having to add water which would then become contaminated and leak. By September, core temperatures in units 1-3 had all dropped below 100 degrees Celsius.

By December, all three reactors were stable - though leaks, equipment failures and radioactive discharges continued to plague the stabilization efforts. The long-term plan is to have all the reactors decommissioned by 2052. The area around the plant is still severely radioactive and will be uninhabitable for decades.

The Situation Today

The government and TEPCO claimed on December 16 that the three reactors had achieved cold shutdown, meaning the cooling water was being maintained below the boiling point of 100 degrees Celsius. However, observers pointed out that given the extent of damage and the ongoing extreme levels of radioactivity inside the reactors, TEPCO could not actually confirm the condition of the melted fuel rods or the reactors themselves.

As recently as this past May, the government-sponsored Japan Nuclear Energy Safety Organization reported that unit 1 was leaking water and that the water level inside the reactor had already fallen low enough to potentially expose some fuel rods.

It is by no means certain that the units will remain in cold shutdown if the cooling systems fail again. Another serious earthquake at this stage could completely undo all of the recovery work taken so far and trigger a much wider release of radiation than has already occurred.

Today, thousands of fuel rods remain in the spent fuel pools on top of the reactors, and several buildings are showing signs of structural instability.

The Fukushima disaster has been rated level 7, "Major Accident", on the International Nuclear Event Scale (INES). Level 7 is the highest rating, indicating extensive radioactive contamination and widespread impact on health and the environment. The 1986 Chernobyl disaster is the only other incident to be rated at this level (the partial meltdown at Three Mile Island in the USA was rated level 5, "Accident With Wider Consequences").

Overall, it is estimated that 900,000 terabecquerels of radioactive material were released in the Fukushima disaster. For comparison, the Chernobyl disaster released 5,200,000 terabecquerels in total, or almost six times as high as Fukushima.

One becquerel is enough radioactive material to produce one radioactive decay per second. In other words, enough radioactive material has been released from Fukushima to produce 900,000,000,000,000,000 (900 quadrillion) radioactive decays per second.

160,000 people were evacuated from the area around Fukushima, and most people remain skeptical about government claims that some areas are now safe for return.

According to recent estimates by scientists at Stanford, the fallout from Fukushima will most likely cause 180 additional cancers and 130 deaths, most of them in Japan. (In the worst case, the fallout will cause 2,500 cancers and 1,500 deaths from cancer.) In contrast, 600 people died during the evacuation, due to stress, fatigue and exposure to the elements.

Disastrous Disaster Management

The management of this disaster by TEPCO and the Japanese government has been excoriated in several damning reports, including the Fukushima Nuclear Accident Independent Investigation Commission and the Investigation Committee on the Accident at the Fukushima Nuclear Power Stations of Tokyo Electric Power Company.

Lessons Learned?

In the conclusion [PDF] of the Fukushima Nuclear Accident Independent Investigation Commission (NAIIC), a corporate culture of deference, bureaucracy and intransigence conspired to create a perfect storm of vulnerability and unpreparedness that transformed a natural disaster into a crisis management fiasco.

For all the extensive detail it provides, what this report cannot fully convey - especially to a global audience - is the mindset that supported the negligence behind this disaster.

What must be admitted - very painfully - is that this was a disaster "Made in Japan." Its fundamental causes are to be found in the ingrained conventions of Japanese culture: our reflexive obedience; our reluctance to question authority; our devotion to 'sticking with the program'; our groupism; and our insularity.

The report is clear and emphatic: the disaster at Fukushima was man-made. With open, responsible risk management, full contingency planning and proper attention to safety and continuous improvement, the outcome for Fukushima after the earthquake and tsunami would have been much different. Instead, officials hid behind the "safety myth" of nuclear power and refused to act on their own studies of risk and risk management.

Unfortunately, the response, recovery and clean-up operations since last March suggest that, at least so far, the lessons of Fukushima have yet to percolate through the organization.

In response, the Japanese government has just nationalized TEPCO and placed it under state control.

Cultural, Not Technical

From a technical and engineering perspective, it is possible to build and maintain a nuclear power plant that is safe from any imaginable threat (but not, obviously, from an unimaginable threat). There are already several designs of nuclear reactors that are much more inherently safe than the boiling water reactors at Fukushima, including the CANDU reactors designed and used in Canada.

You can engineer a mechanism for safety, but how do you engineer an organization for safety? In the case of Fukushima Daiichi, TEPCO knew that it could not withstand a tsunami higher than 10 metres but chose to ignore the threat. The organization did not raise the seawall high enough to hold back a taller tsunami. It did not move its cooling systems into watertight chambers. It did not move the backup generators to higher ground.

It also failed to develop a plan for what to do if all three power systems (main, generator, battery) failed in succession. It failed to train its workers in how to recognize such a crisis and how to respond to it. It failed to coordinate information internally between its vertically-segregated silo departments. It failed to provide timely information to third parties who could help it cope with the crisis. It failed to act on information provided by third parties.

More generally, the company actively resisted government attempts to increase the strength of the safety regulations it had to follow, and repeatedly falsified reports on its conformance with existing regulations.

The government also bears considerable responsibility for the failures. It allowed regulatory capture (the tendency for executives of regulated industries to move into leadership positions in the regulatory body) to undermine the mission of its oversight bodies. It fell behind international standards for nuclear safety. It was too quick to accept the facile claims by the nuclear industry that threats to their operations were too remote to take seriously.

Notwithstanding the conclusion of the NAIIC that Fukushima was a "Made in Japan" disaster, the regulatory and cultural state of affairs that precipitated the cascading crisis is by no means unique to Japan - nor, indeed, to the nuclear power industry. Narrow interest, secrecy and irresponsibility are both global and endemic in public policy organizations.

The question we face is whether it is possible to build - and, more important, to sustain - a high-reliability organization with the clear mandate, open operation and expertise to make the most responsible decisions in the public interest based on the best information.

Can the crooked timber of humanity produce a platform straight and strong enough to maintain a responsible nuclear agency in perpetuity? Too much is at stake merely to shrug and hope for the best.

Update: Corrected article to note that decay heat comes from radioisotopes produced as a result of uranium fission, not from the fission itself. Thanks to Mark Ramsay for helpfully pointing out the error. You can jump to the changed paragraph.

Ryan McGreal, the editor of Raise the Hammer, lives in Hamilton with his family and works as a programmer, writer and consultant. Ryan volunteers with Hamilton Light Rail, a citizen group dedicated to bringing light rail transit to Hamilton. Ryan writes a city affairs column in Hamilton Magazine, and several of his articles have been published in the Hamilton Spectator. He also maintains a personal website and has been known to post passing thoughts on Twitter @RyanMcGreal. Recently, he took the plunge and finally joined Facebook.


View Comments: Nested | Flat

Read Comments

[ - ]

By Transformer Man (anonymous) | Posted September 21, 2012 at 11:37:27

Bruce 1 is back...

Permalink | Context

[ - ]

By Noted (anonymous) | Posted August 23, 2013 at 13:24:44

"It's like a haunted house, one thing happening after another."

Permalink | Context

View Comments: Nested | Flat

Post a Comment

You must be logged in to comment.

Events Calendar

Recent Articles

Article Archives

Blog Archives

Site Tools