Things like nuclear meltdowns are black swan events, with a multitude of causes and guilt.
I'm not advocating ritual suicide, but I think it's worth noting that in the case of Fukushima, there is an easily identifiable single root cause to all the current problems: the fact that the backup diesel generators and the switchgear for them were sited behind a seawall that was overcome by the tsunami. If they had been on higher ground, none of this would have happened; there would have been a continuous supply of cooling water to the reactor cores and things would have shut down normally. The process that led to that siting of the backup generators should be fairly easily traceable, as compared to the design process for the entire reactor complex.
> "the fact that the backup diesel generators and the switchgear for them were sited behind a seawall that was overcome by the tsunami"
Sure, but who's responsible for that? I don't mean to say that there must be many technical causes of incidents, but rather that it is almost impossible to find a situation where there is a singular human cause.
The multitude of engineers that saw the plans before they went final? The managers who pushed for the generators to be placed there in the first place? The contractors who built it knowing full well that the design was garbage? How high up does it go, and how many degrees removed from the situation do we require before you're absolved of guilt?
We could do something silly to consolidate the guilt, like, "the last person to stamp the designs gets the blame", but that seems like it would encourage a culture of hot-potatoing instead, especially if the stakes are your own life ;)
To put a more extreme example of it: a bus driver falls asleep at the wheel, jumps a curb, and kills a person. Do we punish the driver for his negligence, or his shift supervisor for threatening him into taking an extra-long shift, or someone even further up who knowingly encouraged a culture of overwork?
it is almost impossible to find a situation where there is a singular human cause.
But if you can focus in on a single technical decision that had such a large impact, you can at least focus attention on how that particular technical decision got made. Yes, many humans will have been involved even in that single technical decision; but it's still a lot more manageable to look into how it got made than to look at how the entire plant got designed.
We could do something silly to consolidate the guilt
I'm not talking about guilt; I said I wasn't advocating ritual suicide. I'm talking about how to prevent it from happening again. To do that, you need to be able to focus on something that can actually be changed. Take your bus driver example:
Do we punish the driver for his negligence, or his shift supervisor for threatening him into taking an extra-long shift, or someone even further up who knowingly encouraged a culture of overwork?
Depends on the facts. Was the driver negligent? Could he have reasonably predicted that he would fall asleep at the wheel? How could he have acted on such a prediction?
Did the supervisor actually threaten him into taking an extra-long shift? If so, how did he get away with it? Aren't there rules about preventing driver fatigue? (Certainly commercial airline crews have strict rules about how long they can fly before they have to rest.) If not, why not?
Is there a systemic culture of overwork, encouraged from higher up? Do bus drivers in this company routinely drive longer hours than the industry average? Than the average in other similar occupations?
The point is that if you can focus in on specific causal chains, you can direct efforts at changing them. In the case of Fukushima, if you can focus in on how the technical decision to site the backup generators that way got made, you can direct efforts at improving that process. Did the engineers just not realize that siting the backup generators that way was a bad idea? Was the question never even asked? Or did the engineers realize it, but management overruled them? Or did the original design have them sited differently, but time pressure during construction persuaded someone (not the engineers or managers who did the original design) to change the location in order to meet some deadline?
All this, btw, reinforces your point that ritual suicide doesn't help anything.
> Could he have reasonably predicted that he would fall asleep at the wheel?
Such things sometimes can't be predicted. If you fall asleep because of exhaustion, you don't necessarily see it coming (it happened to me several years back, one minute I was fine and the next I blacked out). You cannot criminally persecute a person for falling asleep. Only if he did something against the law, like also being under the influence of alcohol.
> Did the supervisor actually threaten him into taking an extra-long shift?
You know very well that supervisors rarely have to threaten their subordinates in low-end jobs. I have a personal acquaintance who's a truck driver. And he was explaining to me how when the new management came in, they first did some lay-offs based on silly reasons and after that nobody dared arguing.
Also do some reading on Japanese culture. Subordinates rarely question their bosses (or change jobs for that matter). It happens in many cultures. If you're from the US, then what's natural to you may not apply in other countries or cultures.
I'm not saying that blame cannot be assigned (it can clearly be, especially in the case of broken engineering designs), but seeing people here suggesting "ritual suicide"? OMG.
As I said, I'm not talking about guilt, or blame (and I'm certainly not advocating for ritual suicide); I'm talking about what could be done to change the causal factors that lead to harmful events. All of your comments are basically pointing out particular facts that are relevant to assessing those causal factors.
> behind a seawall that was overcome by the tsunami.
They made a 20 ft sea-wall. I guess nobody thought it would be overrun. I suspect now any future seawalls will be made with a good factory of safety.
But why would you even take that risk? Not to mention that tsunamis can easily reach 100 feet in wave height; I'm not sure you could build a seawall that could keep one out.
It would be easier to put the generators in bunkers and harden them.
Besides, it was pretty clear to me reading the sequence of events at Fukushima that there was entirely too little thought given to backup decoupling - there was too much of a zipper effect of one failure leading to another.
I'm not a lay person on this - I worked for 3 years on airliner designs, and much of that is finding ways to deal with failure cases. The nuke industry could learn a lot by consulting with airframe engineers.
It would be easier to put the generators in bunkers and harden them.
Yes, that would work, as long as you also protected the switchgear and the power cabling leading to the pumps that serve the reactor.
The nuke industry could learn a lot by consulting with airframe engineers.
I think the nuke industry in general does pay attention to these things; I was actually somewhat surprised to find that the designers of Fukushima had missed such an obvious failure mode.
From what I read about the disaster, there were a long series of design issues that could not withstand failures. As I recall,
1. hydrogen being vented into an enclosed area
2. no backup method for determining coolant levels
3. backup generators were not protected
4. no backup method for adding coolant (I would have had a gravity fed backup system)
5. critical systems were located too close to the reactor - I would have moved them further away so they could be repaired without the workers being irradiated
1. You cannot prevent that if the reactors cannot be cooled down. Ultimately very high temperatures will break vapor into hydrogen and will cause hydrogen to accumulate on the shell.
3. Backup generators were located in different areas. The only mistake is that they were ALL at ground level. That's unfortunate that they were all wiped out at the same time but one of the largest Tsunami ever, some stuff that almost never happens. They'll learn from that.
> None of these are expensive to do.
Yeah, when you are building the plant, it's not expensive to do. When you have to modify an existing design, it's way more expensive and you'll have to make a good case for why you need it.
Bear in mind that these reactors were built in the 1970s. Modern designs are a lot better, and some shut down by themselves upon loss of power, with no need for active measures at all. Even some reactors built in the 1980s got through the events at Fukushima just fine.
I worked on airframe design in the 1970s. The ethos of design to withstand failure was well-entrenched then, and goes back a long way in the airframe industry.
The key idea is nobody has managed to design parts that won't fail. But they have figured out how to design highly reliable systems out of parts that fail.
Sure. The American nuclear industry kinda caught up with that after Three Mile Island, when they figured out that one nuclear accident put them all at risk. They developed an extreme culture of safety after that.
Current designs use lots of redundant safety systems. New designs depend more on simple physics...eg., fuel that expands enough when it heats to damp down the reaction, or large quantities of coolant with very high thermal capacity and conductivity. At Argonne's IFR project, they shut down coolant circulation and electric power, and the reactor quietly shut down with no damage.
The problem was not in shutting down the chain reaction - that worked just fine. The problem was in dealing with fuel rods that were still, due to decay processes that nothing in the universe can stop, producing massive amounts of heat that, without active cooling, would melt them and re-start the chain reaction.
Sure, but if the reactor can go a week without cooling and not sustain damage, you've got a lot more leeway. Some of the GenIII+ designs we have now can do that.
The ultimate solution is probably the molten salt reactor. With liquid fuel you continually remove fission products, and with most of those gone you don't have decay heat issues anymore.
I'm not advocating ritual suicide, but I think it's worth noting that in the case of Fukushima, there is an easily identifiable single root cause to all the current problems: the fact that the backup diesel generators and the switchgear for them were sited behind a seawall that was overcome by the tsunami. If they had been on higher ground, none of this would have happened; there would have been a continuous supply of cooling water to the reactor cores and things would have shut down normally. The process that led to that siting of the backup generators should be fairly easily traceable, as compared to the design process for the entire reactor complex.