nuclear safety or risky nuclear
Download
Skip this Video
Download Presentation
Nuclear Safety or Risky Nuclear?

Loading in 2 Seconds...

play fullscreen
1 / 61

Nuclear Safety or Risky Nuclear? - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

Presented to: The Georgia Triangle Lifelong Learning Institute, January 21, 2011 Lecture 2 – Nuclear Energy and Technology Dan Meneley, PhD, PEng Revised and presented to the Ottawa Branch of CNS, April 21, 2011. Nuclear Safety or Risky Nuclear?. Why should we study nuclear reactor safety?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Nuclear Safety or Risky Nuclear?' - tender


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
nuclear safety or risky nuclear

Presented to:

The Georgia Triangle Lifelong Learning Institute, January 21, 2011Lecture 2 – Nuclear Energy and Technology

Dan Meneley, PhD, PEng

Revised and presented to the Ottawa Branch of CNS, April 21, 2011

Nuclear SafetyorRisky Nuclear?

outline of this lecture

Why should we study nuclear reactor safety?

      • THE NEED FOR ENERGY
  • Some useful definitions
      • WHAT ARE WE TALKING ABOUT?
  • Risk and safety
      • UP FRONT ISSUES -- from the course outline
  • A bit of techie talk
      • THE NATURE OF THE BEAST
  • Experience and lessons from the past
      • Past performance – Including the Daiichi disaster
  • The Present and Future
      • GUIDING PRINCIPLES
Outline of this Lecture
energy delivery

For the past 150 years we have lived on oil.

        • First oil well in North America was drilled in Ontario
  • Today we burn ≈ 1,000 barrels each second.
        • By 2100 CE we must have other energy sources in place
        • If we can wait 100 million years, there will be new oil formed
  • Coal can do the job for several centuries
        • But its environmental effects may be unmanageable
  • Uranium can do the job forever
Energy Delivery

THE NEED FOR ENERGY - 1

why the big interest in this topic

The potential energy in heavy elements is immense:

      • 1 kg (U) in CANDU produces about 180 MWh(th) = 60 MWh(e).
  • Typical 4 - person household’s electricity use:
      • 1,000 kilowatt hours per month = 12 megawatt hours per year
      • So, a mere 200 grams of uranium - 6 to 8 pellets - serves one household for an entire year.
  • If the same energy were obtained from fossil fuel
      • The fuel would be 30,000 times heavier
      • For example, about 6,000 kg of coal would be used
      • Carbon dioxide and massive quantities of ash would be produced
  • Yet we use less than 1% of uranium’s potential energy
      • New technology is available that can use the remainder
Why the big interest in this Topic?

ΔE = ΔmC2

THE NEED FOR ENERGY - 2

consequences of energy deficiency

Changes in lifestyle

        • First, the poor people get poorer
        • Then, the rich people get poorer
        • Chaos, health degradation, and starvation follow
  • Energy wars?
        • We may already be involved in one of them
  • General collapse of modern civilization
        • Extreme, but possible
Consequences of energy deficiency

THE NEED FOR ENERGY - 3

what s to talk about

Two sides of the story:

      • The technical, “hard science & engineering” side
      • The social, human understanding side
What’s to Talk About?
what s to talk about1

Two sides of the story:

      • The technical, “hard science & engineering” side
      • The social, human understanding side
  • All energy sources are important
      • But nuclear energy is uniquely capable of “scaling up”
What’s to Talk About?
what s to talk about2

Two sides of the story:

    • The technical, “hard science & engineering” side
    • The social, human understanding side
  • All energy sources are important
    • Nuclear energy is uniquely capable of “scaling up”
  • We (all of humanity) are in a fix
    • We are addicted to petroleum – a limited resource
    • There are too many of us to sustain a low energy existence
What’s to Talk About?
safety is a state of mind

At the same time, I might feel perfectly safe and you might feel terribly threatened

        • Years ago, my brother was a military helicopter pilot. He could terrify me with maneuvers that were routine to him
        • Nuclear safety discussions take place at the border between technology and psychology
  • Risk is my topic today
        • Notionally, it is the inverse of safety
        • Objective risk is easier to discuss because it is usually expressed as the product of probability and consequence
        • Subjective risk is not often recognized, but is vitally important
Safety is a State of Mind
let s talk like insurance brokers

The insurer (we) is the society at large

      • You are the insured
  • “We” will compensate you for loss, should it occur
      • at a price
  • What price will we charge for this assurance?
      • a price calculated so that we show a profit, on average
  • How will we calculate the price?
      • by the average sum over all policy holders of the probability of loss times the promised compensation
  • Will you decide to pay the price?
      • that depends on what you expect to receive from us as the beneficiary, in both objective and subjective terms
Let’s Talk Like Insurance Brokers
nuclear risk vs life insurance

You are the beneficiary – today

        • You also pay the premiums
        • Your risk of loss continues over the life of the power plants
  • We (society) promise you electricity for an eon
        • High reliability and reasonable cost, at low risk
        • Is this credible?
  • Your risk of loss is said to be insignificant
        • We also are members of this society
        • We think we know whereof we speak
        • Why should you believe us?
Nuclear Risk vs Life Insurance
what is at stake here

Energy, delivered reliably for many generations

        • The objective value of ample, economical energy
        • Avoided consequences of not having enough energy
        • Available alternatives – can you get a better deal??
What is at Stake Here?
what is at stake here1

Energy, delivered reliably for many generations

        • The objective value of ample, economical energy
        • Avoided consequences of not having enough energy
        • Available alternatives – Can you get a better deal?

better deal??

  • Objective and subjective risk
        • The real risk of personal harm – NOT the average, but YOURS
        • The perception of being safe or unsafe, day by day
What is at Stake Here?
what is at stake here2

Energy, delivered reliably for many generations

        • The objective value of ample, economical energy
        • Avoided consequences of not having enough energy
        • Available alternatives – can you get a better deal??
  • Actual and perceived risk
        • The real risk of personal harm – NOT the average, but YOURS
        • A perception of being safe or unsafe, day by day
  • The key measure –TRUST
      • How can you know? Whom can you trust?
        • Past performance, future expectations
        • Trust but verify – as in international disarmament negotiations
        • Distrust, but value – as we do all of our important institutions
What is at Stake Here?
trust but who should you trust

Past performance

      • Trust the trustworthy
      • Engineering is a statutory profession – with personal liability
  • Trust, but verify
      • Watchdogs are useful, even if they’re skilled professionals
      • The Canadian Nuclear Safety Commission is your watchdog
  • Who else has a deep interest in safety (low risk)?
      • Plant owners want to protect their investment
      • Customers want to avoid any radiation accidents
      • In our case, these are the same people
Trust – but Who should you trust?

especially

trust but who should you trust 2

Past performance

      • People working in many institutions are less than perfect
      • The frequency of institutional failure is seen to be large
  • Distrust, but value – ref. Hugh Heclo ‘On Thinking Institutionally”
      • We cannot live without institutions in many forms
      • We need to watch them carefully, but respect them nonetheless
Trust – but Who should you trust (2)
alternatives a better deal

It’s a matter of scale

    • On a small scale, with few people, the job is quite easy
    • On a massive scale, with billions of people, the job is harder
  • We ask for solutions to serve billions of people for hundreds of years
    • A child now in diapers might find a brand new solution
    • Until then, nuclear fission energy is the only feasible answer.
      • Is this a credible statement?
Alternatives – A better deal?
risk of personal harm actual

This can be calculated, albeit with uncertainty

    • Only the average risk can be quantified
        • Too many variables – individual risk has a wide range of possibilities
  • Make conservative assumptions
    • Assume the most sensitive individual
        • For example, an infant
    • Assume maximum consequences
        • Ignore beneficial effects of low dose radiation, for example
    • Assume extreme failure conditions
        • Several unlikely events in sequence, conservative assumptions
Risk of Personal Harm - Actual
but are you still feeling unsafe

Remember, you live in one of the richest, safest, best protected societies in all of history.

      • Canadian life expectancy at birth today is more than twice as long (>80) as the poorest – in Swaziland (<40)
      • Swaziland’s life expectancy at birth today is about the same as was the US life expectancy at birth in 1850.
But Are you still Feeling Unsafe?
but are you still feeling unsafe1

Remember, you live in one of the richest, safest, best protected societies in all of history.

      • Canadian life expectancy at birth today is more than twice as long (>80) as the poorest – in Swaziland (<40)
      • Swaziland’s life expectancy at birth today is about the same as was the US life expectancy at birth in 1850.
  • Subjective risk is high for large events
      • Aircraft crash Actual: less than 1 in 9 million per flight
  • Subjective risk is low for small events
      • Fatal car crash Actual: about 1 in 5 thousand per year
But Are you still Feeling Unsafe?

Paul Slovic & Elke U. Weber, “Perception of Risk Posed by Extreme Events”, Proc. Conf. ‘Risk Management Strategies in an Uncertain World’, Apr. 2002

is nuclear energy dangerous

Of course it is!!

        • A large amount of potential energy wrapped in a small package
        • Potential energy must be extracted at a controlled rate
        • The reaction products (the “ashes” of fission) must be managed
  • Dangerous, but manageable
        • We’ve learned a lot over the past five decades
        • We know how to do this job
        • Are we perfect? No, but the residual risk is small
  • Less risky in the future
        • The technology is mature
        • Operational training and skill needs are clear
        • Worldwide institutional arrangements are in order
Is Nuclear energy dangerous?
what are the risks

The usual industrial risks

      • Mainly heavy objects, live steam, high voltage
  • Radiological risks
      • Digging uranium out of the ground and stimulating it to fission at a very high rate is a hazardous business
        • Under strict control, as we will see
        • Need to protect the plant, operating staff, and public
  • Sabotage risks
      • Hostile attack
  • Diversion of nuclear materials
What are the risks?
what is being done to reduce risk

Who is actually at risk?

        • The plant owner, in financial terms
        • Senior management, in terms of their careers
        • The plant operating staff, in physical terms
        • The local population, in lesser physical terms
        • The rest of us, almost entirely in financial terms
  • Who is doing what, to reduce risk?
        • The plant owners are training, testing, and retraining staff
        • The Canadian Nuclear Safety Commission is auditing operations
        • Atomic Energy of Canada is evolving new plant designs
        • Everyone is studying past operations for improvement ideas
What is being done to Reduce Risk?
can terrorists make nuclear bombs

First, can a reactor blow up like a nuclear bomb?

        • Absolutely not. (Too weak, too wet, too slow)
  • Terrorists – who are they?
        • They are actually saboteurs -- why are we so afraid?
        • Are they working for a foreign government, or on their own?
  • Can they do it on their own?
        • Not unless we let them
  • Can they make a bomb from nuclear waste?
        • They can make an ordinary bomb a little more dangerous, but this is very difficult and dangerous – mostly to themselves
Can terrorists make nuclear bombs?
terrorists continued

Diversion of nuclear material to hostile uses

      • This starts, most likely, as a financial transaction and may then become a tool for sabotage
      • This is a problem to be solved by cooperation between nations, not by nuclear plant designers
  • Attack on a nuclear facility by an armed group
      • To be a real threat, the group must have the active support of a national government – and a powerful arsenal
      • Detection/detention is a job for the national police force
  • Crash of an aircraft into a nuclear station
      • Almost surely, the crash will cause shutdown of the reactor
        • A shut-down reactor is a pussy cat, not a tiger (Daiichi??)
        • Most of the people killed will have been passengers on the plane
Terrorists, continued
some specifics of nuclear risk

The nature of the beast:

    • Compare a coal plant and a nuclear plant . . .
  • Old reactor accidents
    • Louis Slotin, NRX, NRU, SL1, Windscale
  • World’s largest power plant accident . . .
    • Chernobyl unit 4
  • World’s 2nd largest power plant accident . . .
    • Three Mile Island unit 2
  • An accident that that didn’t happen
    • Davis Besse pressurized water reactor
Some Specifics of nuclear risk

THE NATURE OF THE BEAST - 1

is nuclear safety different yes
Is Nuclear safety different? -- Yes

HEAT ENERGY

FLY ASH

CARBON DIOXIDE

HEAT ENERGY

NEUTRONS

AIR

CONTROL

CONTROL

COAL

BOTTOM ASH

USED FUEL

URANIUM

THE NATURE OF THE BEAST - 2

the neutron chain reaction
The Neutron Chain Reaction

• When the number of slow neutrons is

constant, the system is critical.

Leaked Neutrons

• Delayed Neutrons appear after

Neutrons Slowing

~ 10 seconds.

Down

• Fast Neutrons slow down in about

one thousandth of a second

Delayed Neutrons

from Fission

Prompt

Neutrons

Neutrons

Diffusing

Leaked Neutrons

from

Fission

CONTROL THIS TO

"ASHES”

(Fission

Products)

CONTROL HEAT

PRODUCTION

U235

FISSION

Captured

Slow Neutrons

Neutrons

HEAT

  • Some neutrons are captured in U238
  • and produce a useful fuel – Pu239

THE NATURE OF THE BEAST - 3

heat balance the key to control

A power reactor produces a lot of heat energy

  • A steam turbine uses almost all of this heat
  • The amount of heat added must equal the amount removed, at all times
  • If too much heat is added (or not enough heat is taken away), material temperatures rise & water pressures increase
      • This is a dangerous combination
Heat Balance – the Key to control

THE NATURE OF THE BEAST - 4

how fast can heat be released
How fast can heat be released?

.07

Prompt

Critical

.007

Reactivity (Dimensionless)

Prompt Neutron Lifetime

= 1 millisecond

.0007

Prompt Neutron Lifetime

= 0.01 millisecond

Normal

Control

Range

.00007

10000

1000

100

10

1

0.1

0.01

0.001

Time (T) Taken to Double the Reactor Power (Seconds)

Power (t) ≈ Power (0) exp [t/(T x 1.36)]

THE NATURE OF THE BEAST - 5

safe operating domain
Safe operating domain

Operating Trajectory

Design Center

Operating Limit

Operating Domain

Trip Limit

Operating Margin

Safety Limit

Safety Margin

THE NATURE OF THE BEAST - 6

old accidents

Louis Slotin (1945)

      • Re-Enactment of Slotin Experiment
Old Accidents
national research experimental nrx
National Research Experimental -- NRX

First Startup July 22, 1947 Accident 12 Dec 1952 Last Shutdown April 8, 1993

windscale production reactors uk
Windscale Production Reactors - UK

Built in the 1940s for Pu production. Loss of control & fire on Oct 11, 1957

national research universal nru
National Research Universal - NRU

First startup Nov 11, 1957. Failure in experimental channel May 24, 1958

sl 1 stationary low power reactor 1
SL-1: Stationary low power reactor #1

Major accident on Jan 3, 1961. Three operators killed

US Army developed this concept

for electricity and heating

at remote sites.

Operator

sl 1 lessons learned prof t j thompson

(1) As far as possible, design, construction and operation should be the responsibility of a single organization.

  • (2) Responsibility for safety and all facets of reactor operation should be unequivocally defined -- ("a line organization should be used, not a committee").
  • (3) Safety review should be carried out by a single competent group external to the operating organization - reviews repeated by competing safety groups can "unduly harass the operating group and thereby reduce safety."
  • (4) The ultimate responsibility for operational safety must ultimately rest on the immediate operating team at the reactor - "in the final analysis the reactor shift supervisor and, in turn, the operator at the control console should have the authority to shut down the reactor if either believes it to be unsafe."
SL-1 Lessons Learned Prof. T.J. Thompson
three mile island 2 final reactor configuration
Three Mile Island-2 Final Reactor Configuration

March 28, 1979

Good design

No overpower pulse

Poor operation

Bad procedures

Effective containment

chernobyl unit 4
Chernobyl Unit 4

April 26, 1986

chernobyl some contributing factors

The plant designer won a Lenin prize

  • Safety cautions from Kurchatov Inst. were ignored
  • Test procedure was mandated from Moscow
  • Effective command of the plant operation was turned over to the test team – they were ignorant
  • Safety protective systems were disabled
  • Operation at low power continued in spite of ban
  • Test was continued in spite of serious operator errors
Chernobyl – Some Contributing Factors
davis besse vessel head corrosion
Davis-Besse Vessel Head Corrosion

Circa March 2002

An accident that did not happen

another accident that didn t happen

During the 1990s:

      • Ontario “fell out of love” with nuclear energy
      • An open “retirement package” was offered to staff
        • More than 10,000 employees took the package and retired
        • About 4,000 skilled nuclear operations staff left the company
      • Nuclear Operations was placed under extreme stress
  • In 1997:
      • Seven large nuclear units were shut down, voluntarily
      • Morale in the nuclear fleet hit rock bottom
      • Due to strong leadership within middle management
        • No serious consequences ensued
Another Accident that Didn’t Happen
and one that did happen tsunami

Design basis – 5.2 to 5.7 metres

  • Measured wave – 14 metres (TEPCO update)
  • Consequent multi-unit station blackout
  • Human errors
      • Insufficient grid protection from earthquake (地震) jishin
        • Fossil units shut down, so the offsite grid collapsed
      • Insufficient protection of emergency power supply
        • Diesels in basement, fuel tanks at grade
        • Inter- unit electrical connections?
      • Failure to review promptly following Kobe event (1995)
---- and One That Did Happen (津波)tsunami
lessons learned

Human error dominated in all of these events

      • Machines are much too stupid to make mistakes
  • Humans also perform spectacular “saves”
      • Pickering pressure tube failure
      • Dislocation of OH nuclear operations in 1997 and beyond
      • Hudson River airline pilot landing in Hudson River
      • Chilean coal mine rescue
  • Studying others’ accidents is educational
      • It helps to avoid having to study one’s own accidents
      • The practice builds care, caution – and humility
Lessons Learned?
what is risk
What is Risk?

A thing of the Future

FUTURE

RISK LEVEL

PAST

UNCERTAINTY

0

systems design for risk reduction

Prevention

Detection &

Quality

Automatic

Disciplined

Automatic

Correction

Design and

Response

Radio-

Operation

Control

of Faults

Construction

to Faults

active

Material

Disciplined

Management

Regulating

Maintenance,

Setback,

Engineering

Procedures

Systems

UER Procedures

Stepback

Process Systems

Mitigation

Fuel

Exclusion

Emergency

Shutdown

Containment

Cooling

Zone

Response

Environ-

ment &

SDS1 &

ECCS &

Building &

Sheltering,

Public

Dilution

SDS2

Moderator

Spray Dousing

Evacuation

Safety Systems

Systems Design for Risk Reduction

Also known as Defence in Depth

Review

Maintain

Upgrade

Defence in Time

risk and people to err is human

Uniquely

Risk and People -- To Err is Human

Complaisance

The human cycle of

Performance

Neglect

Confidence

Institutional

Factors?

Decreasing risk

Decay

Safety

Increasing risk

Caution

Danger

Doubt

Failure

a risk management system
A risk Management system

PEOPLE

AND

GOVERNMENT

SAFETY

SCIENTIFIC-

STANDARDS

TECHNICAL

AUTHORITY

COMMUNITY

OPERATING

ORGANIZATION

DESIGNER-

SAFETY

MANUFACTURER-

PERFORMANCE

CONSTRUCTOR

REGULATOR

INDUSTRY

REGULATORY

PUBLIC

RESPONSIBILITY

RESPONSIBILITY

RESPONSIBILITY

but what if everything goes wrong

Reactivity rises

Loss of control?

Safety shutdown fails?

Big energy release

High temperature

Steam Explosion

No Fuel Cooling?

Containment Rupture? Fuel Ejection Out of Reactor?

Widespread Distribution of Radioactive Fission Products?

But What if Everything Goes Wrong?

.07

.007

Prompt Neutron Lifetime

= 1 millisecond

.0007

Prompt Neutron Lifetime

= 0.01 millisecond

.00007

10000

1000

100

10

1

0.1

0.01

0.001

conclusion pickering a worst accident

The important overall conclusions are as follows:

  • The discharge of steam from a failed calandria vessel must consider the available physical heat transfer mechanisms and compartment volumes. This becomes the dominant discharge into containment volumes over and above the discharge from the initiating LOCA pipe rupture and determines the extent of over-pressurization of the containment envelope. Thus, containment integrity margins can be expected to be larger than in Pickering A for designs which have water filled reactor (calandria) vaults (Pickering B, CANDU-6) or shield tanks (Bruce A & B, Darlington) which will further condense steam discharged from a failed calandria vessel, or for plants which have large multi-unit shared containment volumes (Bruce A & B, Darlington). Since Pickering A has an acceptable margin it may be inferred that the margins for other CANDU plant will also be acceptable.
  • The original 1987 analysis was considered at the time by some, and to this date by others, to be speculative. This reassessment has demonstrated that the analysis was in fact robust and the conclusions remain significantly conservative and essentially unchanged by knowledge gained and discoveries made in the intervening years.
  • CANDU plants are capable of withstanding extremely unlikely events causing early core disruption without significant risk to the public.
      • Long term fuel cooling is required by all power reactors – they must have an ultimate heat sink
      • Continuing electrical power supply is required by most water reactors
Conclusion - Pickering “A” worst Accident

Prof. J.C. Luxat

result another example

This reactor was vulnerable

    • Weak design
    • Poor operation
    • Bad management
  • After this accident:
    • Design improved
    • Operating procedures changed
    • Better control systems installed
    • Management was changed
    • IAEA and WANO plant inspections were initiated
Result – another example
yet another example
Yet Another example

Core Uncovered

Fuel Overheating

Fuel melting - Core Damaged

Info. From Duane Arnold

(BWR Mark 1)

Core Damaged but retained in vessel

Containment pressurizes. Leakage possible at drywell head

Releases of hydrogen into secondary containment

Some portions of core melt into lower RPV head

54

hiroshima then and now
Hiroshima, Then and Now

Daiichi did not produce such large health consequences

meltdown in a pwr

Concentrated fuel mass, small amount of hot, high pressure water around fuel

  • Poor maintenance practice
  • Operator misunderstanding
  • Management laxity
  • Poor procedures based on bad regulatory demands
  • Lucky outcome
Meltdown in a PWR
the solution westinghouse ap 1000
THE SOLUTION – Westinghouse AP 1000

Similar to BWR Mark I Primary Containment Concept

Depressurize

  • Water is added when Tcoreexit> 650 C
  • Steam is vented to containment
  • Ultimate heat sink --- conduction + convection to atmosphere
another solution cooling in candu
ANOTHER SOLUTION - COOLING IN CANDU

Much more cool, low pressure water than either PWR or BWR

Filtered containment vent, passive hydrogen-oxygen recombiners

ShieldTank

Can remove 0.4% decay power. Takes >20 hours to heat up and boil off with no heat removal

Calandria

Vessel

Moderator

Can remove 4.4% decay power

Takes >5 hours to

heat up and boil off

with no heat removal

Fuel

Channels

Debris spreading &

cooling area

CANDU 6 Dousing system

candu power supply reliability

Power setback and stepback capability

      • Unit continues to run on its own power supply
  • Duplicate service transformers – unit & station
      • Auto-transfer on loss of UST
  • Emergency supplies on site
  • Multi-unit sites – (China, Korea, Romania, Ontario)
      • Inter-unit transfer bus
  • Grid feed-in logic – (Ontario)
      • System recognizes station as potential power customer
  • Future modifications?
      • Ultimate heat sink?
CANDU Power Supply reliability
notional risk curves and trends
Notional Risk Curves, and Trends

Direct

Experience

Range

Risk

Assessment

Range

Disaster

Range

Utility economics & performance requirements

“Smart” components and systems

Log Frequency

Regulatory Risk

Acceptance Curve

Trends with increasing

experience, knowledge, and

realistic consequence assessment

Log Consequence

Realistic accident modeling

and consequence assessment

today s conclusions

What will tomorrow bring?

      • We don’t know – just wait, and the future will come
      • Oil and gas supplies will wane
      • The population of the earth will rise
      • Climate will change, in one way or the other
  • Nuclear fission energy will be available for all
      • Yes, someone might invent a better way, someday
        • But just in case they do not:
      • There is plenty of uranium for many thousands of years
      • There is enough uranium available to supply ALL human energy needs for as long as we live on this earth
      • This technology can be safely managed, in the past
    • Will people reject the nuclear energy solution?
      • Doubtful– but buildup might be delayed until time runs out
Today’s conclusions
ad