http://www.freep.com/news/nw/nuc7_20020507.htm

The Nuclear Regulatory Commission was "surprised" to find a large hole 
eroded almost all the way through the six-inch-thick steel reactor 
vessel of a plant in Ohio.  They also found cracking of a type they've 
never seen before in nozzles in a reactor in South Carolina.  Both 
problems could have eventually lead to a loss of cooling water, if they 
hadn't been caught.

"If this occurred in Russia, we would be saying it could never happen 
here."  -- former Nuclear Regulatory Commission Commissioner Victor 
Gilinsky.

Obviously there are some shortcomings in the design and maintenance of 
nuclear power plants.  You have to wonder what else is happening in 
there that they haven't expected, and hence haven't thought to look 
for.  That combined with the fact that we *still* don't have a good 
place to put the waste from nuclear reactors doesn't give me a warm 
fuzzy about Bush promoting construction of more of them.

66 responses total.

The problem was discovered and there were no leaks of radiation. It is not
likely a leak would have been catostrphic anyway, because of all the other
protective features and detectors. Component failure is an inherent part
of engineering systems and it is impossible to ever design anything that
can NEVER fail. I would not call the subject corrosion problem an example
of "shortcomings in the design and maintenance of nuclear power plants",
but just the expected unexpected, from which better designs evolve. 

        There's these caves in Aghanistan that we seem to currently
have control of.

        Even with those caveats, I'm not sure that nuclear power is less
dangerous than coal.  We're just more acclimated to coal pollution and coal
mining accidents.

Re #1: Yes, but would the backup systems have functioned?  You'll recall
Three Mile Island, a "can't happen" situation where most of the backup
systems failed to operate.  By the time it all settled out, they were
relying on *one* coolant pump with no backup remaining if it had failed.

I recall there was some operator error at 3-Mile. This is not true
in this case. It was soley  an engineering near-failure. That's why
they have all the precautions and inspection protocols, which worked. 

In my opinion, nuclear power is much more dangerous than coal, but
because of the waste problem, which not even Yucca Mt, or even a
better facility, can completely resolve. 

I think they found that the operator error at 3-mile island was due to 
the bad design of the engineers. You know, putting controls in odd 
places and such. In fact, wasnt it 3 mile island where they put the 
Heinekin tap on a knob because it was too similar to another knob that 
did an opposite function?

According to http://www.barc.ernet.in/webpages/rca_india/reactor.html all
the automatic safety systems functioned properly until operators turned
off the main coolant circulation pumps manually - operator error. 

I am sure that a lot of people think that the problem was bad design. 
If you are going to design something with human operators, you have to 
design the thing for the human operators. In other words, the plant 
might have been a good design from an engineering point of view but 
apparently it was a horrible design in other ways that contributed 
directly to the disaster. 


Dr Donald Norman said the following at 
http://www.cooltown.com/mpulse/0901-norman.asp

"The Three Mile Island nuclear power incident occurred, and I got 
called in. They wanted to see what was the matter with their operators. 
Could we perhaps train them better? I discovered, much to my surprise, 
that if they had set out to design a plant to cause errors, they could 
not have done a better job." 

One often discovers that by accidents occurring. It is often only "bad
design" in hindsight. Consider air bags and small women and children.
It was bad design but this was not discoverable except by tests and
not everything can be tested in advance. If someone had vociferously
claimed that 3-Mile was badly designed in advance of the accident, but
nothing was done about it, then one can point the finger at bad design.
Pointing fingers at it after the fact isn't much different than confirming
what contributed to the accident and is hollow rhetoric. The simple
action to take is Fix It.

I think in the case of the controls for 3 mile island, it was just plain
bad design.  There was enough human factors research done before the
fact that there was no question but that it *could* and *should* have
been better designed.  Quite a bit of research was done during ww2, for
instance, when it was well known that human lives might depend on split
second decisions made by people in stresful situations.  It doesn't take
much imagination to realize the same might be true in a nuclear reactor.

Unfortunately, nobody knows of any good way to build this kind of
imagination into nuclear power plant design before the fact.  The best
solution people have found so far is an open design process where
everything happens before the public eye.  At least, it seems to work
with software, and we kinda do it with building design.  Nobody wants to
do this with nuclear power, because this increases the perceived risk of
a terrorist incident.  Unfortunately, nuclear power is not really one of
those things that one wants to discover the bad problems the hard way.
Our current system, involving miles of secret paper work, does seem to
work *slightly* better than the soviet method, which seems to have
simply not valued safety at all.  Our current system has yet to come up
with a solution for fuel disposal however, and given that's where the
worst of the safety issues arise, that suggests we, as a race, aren't
really mature enough yet for nuclear power.

I agree with #10.  I'm of the opinion that no more nuclear plants should be
built until we've solved the waste problem.

Has the navy ever had a nuclear power accident?  Their operators are well
trained, and the design uncomplicated.

What if every car we drove was designed by a committee and built to its own
design?  D you think we would have any really good working cars?

re: component failure.  The problem is not that components fail.  That's 
a given.  The problem is that "a large hole eroded almost all the way 
through the six-inch-thick steel reactor vessel" before it was noticed.

We need better power sources if we expect to be able to maintain current
lifestyles, because the ones we have now aren't cutting it.

The waste problem may take a few years, but I have an idea:  Space. 
Specifically, Space as the medium through which the waste travels on its way
toward the sun where it really can't do much damage.

To say that such a possibility is a few years away would be to understate the
issue in a way comperable to stating that Bill Gates has some "spare change."

Re #10: it was not a matter of "split second decisions" at 3-Mile. All
the safety interlocks worked and then the operators turned off the main
cooling pumps - for 8 hours before the core melted. What was missing there
was knowledge or, if you wish, a further interlock that would have
warned of the folly of that, given everything else. What happened was
the problem went beyond the several levels of automatic safety interlocks,
and was then on its own....in the hands of insufficiently trained
operators (who apparently did not call for a second opinion). This is the
sort of things like trains being shunted to the wrong tracks or pilots
deciding to land under very poor conditions, etc. It was not an engineering
failure per-se.

Re #13: the corrosion through six inches of steel is nothing unusual given
the cause, which was cracking of some tubes that passed through the shell.
This permitted a very small, and undetected leak, which slowly ate away at
the steel. There are thousands of similar corrosion problems occurring
annually in the chemical industry, almost none of which lead to any
disaster, and this corrosion problem also did not lead to a disaster. (The
cracking of the tubes was detected in a similiar reactor elsewhere, and
all similar reactors were shut down for inspection, which found the
problem elsewhere. This is a normal inspection and maintenance process.
The anti-nuclear bunch does, of course blow anything like this all out of
proportion. The danger of nuclear power lies elsewhere, not dominantly
with the engineering and maintenance, which has never caused a problem,
with the possible exception of the original experimental Fermi reactor,
where a flow deflector broke loose and the consequences of that were not
anticipated.) 

re#12:  The USNAVY has never had an 'accident' involving a nuclear
reactor.  They've have plenty of accidents where
nuclear weapons were 'involved' in that they were burned in a fire
or dropped or crushed, but none came even close to detonating and
few if any resulting in any radiation leakage - and those at
insignificant levels (on par with having yer teeth x-rayed at the
dentist).  I think the USAIRFORCE has had more accidents involving
nuclear weapons than the NAVY.  THe Navy reactors are designed to
be ultra safe, indeed one of the 'problems' is that they are so
very easy to 'scram' which causes a lot of noise - something the
'squids' like to avoid at all costs.  Unfortunately, the navy
designs are too uneconomical for civilian use even to this day.
They are small, mostly mechanical, and labor intensive, and
extremely stable and safe to operate - they just cost too much
to use to generate consumer electricity.  The civilian nuke plants
don't produce cheap enough electricity to allow for a profit.  It
takes clever accounting methods and government bail-outs to allow
commercial operation of them in the first place and as others have
noted above the problem of nuclear waste has yet to be solved.

Before russ (and his other 'r' dopple-gaanger) chime in, there *are*
modern designs that *in theory* could provide economical safe 
electricity.  But they are smaller and require a number of them
before the economics become profitable and nobody wants to live
near one (NIMBY strikes again) so they aren't likely to happen.

If it wasn't ever a matter of split second decisions at TMI, then it's
even more amazingly bad controls design that resulted in the problem.
If TMI were a fully-automatic plant designed to run by itself, then I
would agree it was not a design problem: but it's not: the human
operators are clearly an integral part of the system, and a failure of
the humans to do the right thing through shear animal stupidity is just
as much a failure of the system, and of the engineering, as if a horse
pulling a carriage were to accidently fall off a road dragging the
carriage with it.  If the engineers who designed TMI did not consider
the needs of the human operators (and in hind-sight it would seem they
did not), then this is still a design failure, quite separate from any
failings of the operators themselves (and from what you're saying, it
sounds like their training had yet more issues.)  It's pretty common for
massive failures to have multiple "faults" with lots of finger pointing
-- and TMI is certainly no exception.  If anything, TMI highlights our
difficulties in managing systems that involve both humans, and the risk
of unlikely but massively expensive failures.

re#9: How can one "Fix It" if one wont admit that there are design 
problems? Of course everything cant be anticipated before something 
happens but from what I understand, a lot of the problems at TMI could 
have been avoided if the engineers had consulted an Industrial 
Psychologist. Obviously they just didnt think about that which actually 
really isnt their fault since it isnt their job to think about that. 
Nevertheless, whoever was in charge of that project should have thought 
of that and didnt. 

One good thing about TMI is that it did bring about substantial changes 
in other nuclear plants which makes them more safe which is the idea 
after all. 

Re #14: What happens if you have a launch failure while you're boosting all
that highly toxic waste into space?  You've effectively created a very large
"dirty nuke".  Winds aloft would do a great job of distributing the fallout
over a wide area.  It'd make Chernobyl look like a minor accident.

(And you *will* have a launch failure, eventually.  I don't think there are
any launch vehicle designs that haven't exploded at least once.)

Re #17: Marcus makes a very forced argument. No engineering system has
ever been built, including all safety interlocks and so forth, that
a human cannot defeat by sheer stupidity or lack of knowledge or training,
or just be being tired, or on drugs, or whatever. Why are 40,000 people
per year killed in automobile accidents? None would be if Marcus' arguments
were implemented. Very few of those deaths are caused by strictly engineering
failures in the designs of the vehicles. Poeple are responsible for most
of the accidents, and people were responsible for the 3-mile incident.

It is certainly true that often another level of engineering is added
after a serious accident. I am not sure what was done after 3-mile, but
clearly all that was needed was a warning or interlock that prevented
cooling from being shut down while core temperature was rising. But given
all the safety interlocks that were present and worked, a lot of thought
had gone into the possible failure causes....but (at least) one got
missed. That's how we learn to decrease the probability of future
accidents.

  re #20:  Marcus is presenting an argument which has been proferred by
  many experts in the field of human factors engineering, people who
  are generally quite worth listening to.  The fact that Rane is resorting
  to a reductio ad absurdum argument in an attempt to discredit it says
  considerably more about Rane than it does a about Marcus' position or the
  arguments supporting it.

I think Rane is just one of those people who cant admit it when he is 
wrong or at least I dont recall any time he has admitted that he was 
wrong even when it has been shown by others. Interestingly this is also 
true of jp2 but taht more obvious because jp2 is wrong more often.

You are grossly overstating your case. I would always agree that
engineering design includes human factor engineering. However that
has limitations as does the physical engineering itself, simply because
not *everything* can be thought of in advance. There would be no need
for any testing of engineering systems, including human factor aspects,
if that were the case. And all the testing that is done is still not
capable of addressing every possible contingency.

The question here is, what precisely led to the failure of the operators
to respond correctly to the developing problem. Only  when that is
known can one say whether it was inherent in the design, physical or
human factor, or in training, or in human failure. 

The professional conclusions I have seen published are that it was
operator error. If you have information that explains the causes of
operator error, please present it. 

I havent ever seen any professional conclusions that say it was only 
operator error. 

Operator error can be encouraged by a poor design.  I saw a good 
example recently, in the form of an NTSB report.  A pilot, attempting 
to land a sailplane, overshot the end of the runway.  The particular 
aircraft he was flying has both flaps and spoilers.  Both are 
controlled by identical handles mounted a few inches apart.  The pilot 
noted that during the landing attempt, he deployed full spoilers; but 
during the accident investigation the spoiler handle was found in the 
closed position, and the flap handle in the fully extended position.

Should he have noticed that the airplane wasn't slowing down like it 
would with the spoilers fully out?  Sure.  Training could have fixed 
that problem.  But if the two handles were different shapes it sure 
would have helped.

This response has been erased.

Anyhow, everything I have seen shows that the operators turned off the 
emergency cooling system because they had trouble understanding the 
readings on some of the displays. Sure, this was an operator error. But 
then the bad design really kicked in.

In a PBS special, Jim Higgons of the Nuclear Regulatory Commission was 
quoted as saying: "There was such an avalanche of alarms that the 
operators couldn't really address any of those on a real time basis. 
They were just catching up and trying to -- trying to prioritize and 
handle the most important ones and do what they could." It sounds like 
he is describing a bad design to me. 

In the same special Bob Long (supervising engineer) said, "There was so 
much data being dumped to the computer and the process was so slow in 
getting it analyzed and printed out, that when they'd go to look for 
data from their computer print-out, it wasn't there until an hour-and-a-
half later. " Another description of the incident that describes bad 
design. 

A very quick search on google shows over 42,000 sites with information 
on this. Obviously I got the above quotes from my quick search. I dont 
have time to read all of those but every one that I did read says that 
the incident started with a mechanical error which the workers didnt 
fully understand because they had trouble reading displays (were those 
displays poorly designed?). The workers then made a mistake by turning 
off the cooling system. Then, they didnt realize what they had done 
because the control room was too chaotic mostly because of bad design. 
 

At any rate, my point is that it is normal for humans to make errors. 
It should be expected.

re#26 I think the rare thing is the admission. *snort*

A couple meaningless notes on gull's points, not because they're relevant (my
suggestion isn't exactly unfeasible, but it's decades {centuries?} from being
a potential reality) but because I just can:  Few launch vehicles explode in
midflight, preferring the launchpad as the incinerant location.  Also, this
"suggestion" wouldn't be used until space was used for a lot more than just
the occasional exploration mission--travel would be a lot more commonplace,
at least for commercial purposes.  Besides, we're talking about a REALLY BIG
vehicle here, given: 1. the mass of the waste it would have to carry to make
an impact on the waste problem, and 2. the mass of the vehicle required to
spring this waste from Earth orbit and on a path toward Sol.  

Space is my default suggestion for everything, but now that I think about it
it's probably more likely that we'd establish nuclear power sources in space
and find a way to transmit the power to earth than lifting waste skyward.

Um, it's not that uncommon for rockets to explode in midflight.  Very
often, it's a deliberate choice, to explode a rocket that has had a
guidance failure but is still under limited ground control.  It also
happens accidently, as the challenger accident.  The launch pad is
certainly the place where there is the most opportunity, but it's by no
means the only possibility, either in theory or in practice.  In any
event, unless nuclear waste can be packaged in such a fashion as to
safely survive a rocket disaster, I don't think we've got any business
using this method.  There are almost certainly far cheaper methods to
more safely dispose of nuclear waste.

Rane offers automobiles as an example of the "failure" of design
engineering.  In fact, automobiles are a good example of the success:
automobiles today are probably about twice as safe as automobiles made
in the 40's.  Seat belts, crumple resistance, visibility,
instrumentation, tires, road design, etc., have all improved quite a bit
since then, and the results are clearly visible in accident statistics
then and now.  Automobiles also offer one other sobering lesson: we
still have accidents today despite improved design.  What is an
acceptable accident risk level for nuclear power plant engineering?

It's been a while since I read _The Warning_ but my impression afterward
was that the most terrifying part wasn't the mechanical failures or the
technician errors but that those in charge told the public it was safe and
under control when they *still didn't know* what the problem was.

Good read, by the way.

re#30 That is a pretty scary thing.

Rane states 40,000 people a year are killed by cars.  The figure is much too
low and includes only Americans, if that.  Cars are even more unsafe in most
of the world.

I meant only in the USA. The (preliminary) number for 2000  is 41,804. 
I'd say by off-the-cuff guess was close enough.

When I looked it up the number had stayed roughly constant for several years,
after going down slightly at one point, possibly because of better safety
measures.  It was 47,000 or more.  This despite more cars per year going more
miles, but possibly less people per car.  Anyone know how many people are
killed by cars per year, not just American people?  How many injured?

Re #1:  Depends on the leak.  The corrosion was found in the cap for
the *REACTOR PRESSURE VESSEL*, IIRC.  If that blew out there wouldn't
be much left to hold coolant.  OTOH, if it failed with a small crack
it wouldn't be that big a deal just to SCRAM the reactor and keep
pumping water into it until it cooled off.

The "most catastrophic" failure scenario used to be the "guillotine
break", where one of the coolant lines is sheared off right at the
pressure vessel.  A hole in the pressure vessel itself would be
comparable.

Now that this problem has been found, I am making a prediction:  there
will be regular inspections of reactor pressure vessels with ultrasound
and/or eddy currents to detect thinning of the metal, and no such
corrosion problem will ever get to the severity of this one and there
will never be a serious accident due to such corrosion.

Re #8:  Design of the controls and control room has to go through the
Nuclear Regulatory Commission.  Ironically, fixing the human-factors
errors is a violation of government regulations, because it alters
the licensed configuration of the controls!  How's that for idiocy?

Re #10, #11:  Yeah, "we" haven't... but they have.  The French have
solved the problem of waste disposal.  So have the Canadians.  The
problem in the USA is political, not technical, and it is a problem
created by the left wing.  So, get rid of the left wing and we'll be
mature enough (by definition). ;-)

Re #14:  Dumb idea.  Even aside from launch failures, it takes much
more energy (and much better navigation) to send a payload into the
Sun than it does to send it out of the Solar system.  Makes a good
thought-free sound bite notion, though...

As I recall the incident cited in #0 where boric acid had eaten
completely through a 6-inch steel top the only thing between a
containment breach and the boric acid was a thin stainless steel
membrane that was never intended to but some how stood up under the
stress.  

Again, I think safe nuclear power is not economical enough to
exist in the private sector.

Re #35: The French "solve" the problem by reprocessing fuel.  That still
creates a certain amount of waste, though, and it's more corrosive, more
concentrated, and more highly radioactive than what you started with. 
The reprocessing itself also carries some risks, as the Japanese have
demonstrated.

That containment breach would have started with a small leak that would
have grown in size. There has been no suggestion that it could have
led to a catastrophic failure. 

But it is certainly true that nuclear power is non-economic to be fully
in the private sector. Both fuel processing and waste disposal are nearly
entirely government subsidized. Does anyone know what the REAL cost
of electricity from nuclear reactors, including everything? (The difference
betweeen that and for fossil-fuel powered generation is what we pay for
not producing greenhouse gases, although lots are produced by the
processing done in the nuclear industry, such as mining, fuel processing,
etc).

Don't forget the insurance provided by the government.  I'm sure there are
lots of other industries that would *love* to have their liability insurance
paid for by U.S. taxpayers.

- Backtalk version 1.3.30 - Copyright 1996-2006, Jan Wolter and Steve Weiss