1 / 61

Nuclear Safety or Risky Nuclear?

Presented to: The Georgia Triangle Lifelong Learning Institute, January 21, 2011 Lecture 2 – Nuclear Energy and Technology Dan Meneley, PhD, PEng Revised and presented to the Ottawa Branch of CNS, April 21, 2011. Nuclear Safety or Risky Nuclear?. Why should we study nuclear reactor safety?

tender
Download Presentation

Nuclear Safety or Risky Nuclear?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Presented to: The Georgia Triangle Lifelong Learning Institute, January 21, 2011Lecture 2 – Nuclear Energy and Technology Dan Meneley, PhD, PEng Revised and presented to the Ottawa Branch of CNS, April 21, 2011 Nuclear SafetyorRisky Nuclear?

  2. Why should we study nuclear reactor safety? • THE NEED FOR ENERGY • Some useful definitions • WHAT ARE WE TALKING ABOUT? • Risk and safety • UP FRONT ISSUES -- from the course outline • A bit of techie talk • THE NATURE OF THE BEAST • Experience and lessons from the past • Past performance – Including the Daiichi disaster • The Present and Future • GUIDING PRINCIPLES Outline of this Lecture

  3. For the past 150 years we have lived on oil. • First oil well in North America was drilled in Ontario • Today we burn ≈ 1,000 barrels each second. • By 2100 CE we must have other energy sources in place • If we can wait 100 million years, there will be new oil formed • Coal can do the job for several centuries • But its environmental effects may be unmanageable • Uranium can do the job forever Energy Delivery THE NEED FOR ENERGY - 1

  4. The potential energy in heavy elements is immense: • 1 kg (U) in CANDU produces about 180 MWh(th) = 60 MWh(e). • Typical 4 - person household’s electricity use: • 1,000 kilowatt hours per month = 12 megawatt hours per year • So, a mere 200 grams of uranium - 6 to 8 pellets - serves one household for an entire year. • If the same energy were obtained from fossil fuel • The fuel would be 30,000 times heavier • For example, about 6,000 kg of coal would be used • Carbon dioxide and massive quantities of ash would be produced • Yet we use less than 1% of uranium’s potential energy • New technology is available that can use the remainder Why the big interest in this Topic? ΔE = ΔmC2 THE NEED FOR ENERGY - 2

  5. Changes in lifestyle • First, the poor people get poorer • Then, the rich people get poorer • Chaos, health degradation, and starvation follow • Energy wars? • We may already be involved in one of them • General collapse of modern civilization • Extreme, but possible Consequences of energy deficiency THE NEED FOR ENERGY - 3

  6. Two sides of the story: • The technical, “hard science & engineering” side • The social, human understanding side What’s to Talk About?

  7. Two sides of the story: • The technical, “hard science & engineering” side • The social, human understanding side • All energy sources are important • But nuclear energy is uniquely capable of “scaling up” What’s to Talk About?

  8. Two sides of the story: • The technical, “hard science & engineering” side • The social, human understanding side • All energy sources are important • Nuclear energy is uniquely capable of “scaling up” • We (all of humanity) are in a fix • We are addicted to petroleum – a limited resource • There are too many of us to sustain a low energy existence What’s to Talk About?

  9. At the same time, I might feel perfectly safe and you might feel terribly threatened • Years ago, my brother was a military helicopter pilot. He could terrify me with maneuvers that were routine to him • Nuclear safety discussions take place at the border between technology and psychology • Risk is my topic today • Notionally, it is the inverse of safety • Objective risk is easier to discuss because it is usually expressed as the product of probability and consequence • Subjective risk is not often recognized, but is vitally important Safety is a State of Mind

  10. The insurer (we) is the society at large • You are the insured • “We” will compensate you for loss, should it occur • at a price • What price will we charge for this assurance? • a price calculated so that we show a profit, on average • How will we calculate the price? • by the average sum over all policy holders of the probability of loss times the promised compensation • Will you decide to pay the price? • that depends on what you expect to receive from us as the beneficiary, in both objective and subjective terms Let’s Talk Like Insurance Brokers

  11. You are the beneficiary – today • You also pay the premiums • Your risk of loss continues over the life of the power plants • We (society) promise you electricity for an eon • High reliability and reasonable cost, at low risk • Is this credible? • Your risk of loss is said to be insignificant • We also are members of this society • We think we know whereof we speak • Why should you believe us? Nuclear Risk vs Life Insurance

  12. Energy, delivered reliably for many generations • The objective value of ample, economical energy • Avoided consequences of not having enough energy • Available alternatives – can you get a better deal?? What is at Stake Here?

  13. Energy, delivered reliably for many generations • The objective value of ample, economical energy • Avoided consequences of not having enough energy • Available alternatives – Can you get a better deal? better deal?? • Objective and subjective risk • The real risk of personal harm – NOT the average, but YOURS • The perception of being safe or unsafe, day by day What is at Stake Here?

  14. Energy, delivered reliably for many generations • The objective value of ample, economical energy • Avoided consequences of not having enough energy • Available alternatives – can you get a better deal?? • Actual and perceived risk • The real risk of personal harm – NOT the average, but YOURS • A perception of being safe or unsafe, day by day • The key measure –TRUST • How can you know? Whom can you trust? • Past performance, future expectations • Trust but verify – as in international disarmament negotiations • Distrust, but value – as we do all of our important institutions What is at Stake Here?

  15. Past performance • Trust the trustworthy • Engineering is a statutory profession – with personal liability • Trust, but verify • Watchdogs are useful, even if they’re skilled professionals • The Canadian Nuclear Safety Commission is your watchdog • Who else has a deep interest in safety (low risk)? • Plant owners want to protect their investment • Customers want to avoid any radiation accidents • In our case, these are the same people Trust – but Who should you trust? especially

  16. Past performance • People working in many institutions are less than perfect • The frequency of institutional failure is seen to be large • Distrust, but value – ref. Hugh Heclo ‘On Thinking Institutionally” • We cannot live without institutions in many forms • We need to watch them carefully, but respect them nonetheless Trust – but Who should you trust (2)

  17. It’s a matter of scale • On a small scale, with few people, the job is quite easy • On a massive scale, with billions of people, the job is harder • We ask for solutions to serve billions of people for hundreds of years • A child now in diapers might find a brand new solution • Until then, nuclear fission energy is the only feasible answer. • Is this a credible statement? Alternatives – A better deal?

  18. This can be calculated, albeit with uncertainty • Only the average risk can be quantified • Too many variables – individual risk has a wide range of possibilities • Make conservative assumptions • Assume the most sensitive individual • For example, an infant • Assume maximum consequences • Ignore beneficial effects of low dose radiation, for example • Assume extreme failure conditions • Several unlikely events in sequence, conservative assumptions Risk of Personal Harm - Actual

  19. Remember, you live in one of the richest, safest, best protected societies in all of history. • Canadian life expectancy at birth today is more than twice as long (>80) as the poorest – in Swaziland (<40) • Swaziland’s life expectancy at birth today is about the same as was the US life expectancy at birth in 1850. But Are you still Feeling Unsafe?

  20. Remember, you live in one of the richest, safest, best protected societies in all of history. • Canadian life expectancy at birth today is more than twice as long (>80) as the poorest – in Swaziland (<40) • Swaziland’s life expectancy at birth today is about the same as was the US life expectancy at birth in 1850. • Subjective risk is high for large events • Aircraft crash Actual: less than 1 in 9 million per flight • Subjective risk is low for small events • Fatal car crash Actual: about 1 in 5 thousand per year But Are you still Feeling Unsafe? Paul Slovic & Elke U. Weber, “Perception of Risk Posed by Extreme Events”, Proc. Conf. ‘Risk Management Strategies in an Uncertain World’, Apr. 2002

  21. Of course it is!! • A large amount of potential energy wrapped in a small package • Potential energy must be extracted at a controlled rate • The reaction products (the “ashes” of fission) must be managed • Dangerous, but manageable • We’ve learned a lot over the past five decades • We know how to do this job • Are we perfect? No, but the residual risk is small • Less risky in the future • The technology is mature • Operational training and skill needs are clear • Worldwide institutional arrangements are in order Is Nuclear energy dangerous?

  22. The usual industrial risks • Mainly heavy objects, live steam, high voltage • Radiological risks • Digging uranium out of the ground and stimulating it to fission at a very high rate is a hazardous business • Under strict control, as we will see • Need to protect the plant, operating staff, and public • Sabotage risks • Hostile attack • Diversion of nuclear materials What are the risks?

  23. Who is actually at risk? • The plant owner, in financial terms • Senior management, in terms of their careers • The plant operating staff, in physical terms • The local population, in lesser physical terms • The rest of us, almost entirely in financial terms • Who is doing what, to reduce risk? • The plant owners are training, testing, and retraining staff • The Canadian Nuclear Safety Commission is auditing operations • Atomic Energy of Canada is evolving new plant designs • Everyone is studying past operations for improvement ideas What is being done to Reduce Risk?

  24. First, can a reactor blow up like a nuclear bomb? • Absolutely not. (Too weak, too wet, too slow) • Terrorists – who are they? • They are actually saboteurs -- why are we so afraid? • Are they working for a foreign government, or on their own? • Can they do it on their own? • Not unless we let them • Can they make a bomb from nuclear waste? • They can make an ordinary bomb a little more dangerous, but this is very difficult and dangerous – mostly to themselves Can terrorists make nuclear bombs?

  25. Diversion of nuclear material to hostile uses • This starts, most likely, as a financial transaction and may then become a tool for sabotage • This is a problem to be solved by cooperation between nations, not by nuclear plant designers • Attack on a nuclear facility by an armed group • To be a real threat, the group must have the active support of a national government – and a powerful arsenal • Detection/detention is a job for the national police force • Crash of an aircraft into a nuclear station • Almost surely, the crash will cause shutdown of the reactor • A shut-down reactor is a pussy cat, not a tiger (Daiichi??) • Most of the people killed will have been passengers on the plane Terrorists, continued

  26. The nature of the beast: • Compare a coal plant and a nuclear plant . . . • Old reactor accidents • Louis Slotin, NRX, NRU, SL1, Windscale • World’s largest power plant accident . . . • Chernobyl unit 4 • World’s 2nd largest power plant accident . . . • Three Mile Island unit 2 • An accident that that didn’t happen • Davis Besse pressurized water reactor Some Specifics of nuclear risk THE NATURE OF THE BEAST - 1

  27. Is Nuclear safety different? -- Yes HEAT ENERGY FLY ASH CARBON DIOXIDE HEAT ENERGY NEUTRONS AIR CONTROL CONTROL COAL BOTTOM ASH USED FUEL URANIUM THE NATURE OF THE BEAST - 2

  28. The Neutron Chain Reaction • When the number of slow neutrons is constant, the system is critical. Leaked Neutrons • Delayed Neutrons appear after Neutrons Slowing ~ 10 seconds. Down • Fast Neutrons slow down in about one thousandth of a second Delayed Neutrons from Fission Prompt Neutrons Neutrons Diffusing Leaked Neutrons from Fission CONTROL THIS TO "ASHES” (Fission Products) CONTROL HEAT PRODUCTION U235 FISSION Captured Slow Neutrons Neutrons HEAT • Some neutrons are captured in U238 • and produce a useful fuel – Pu239 THE NATURE OF THE BEAST - 3

  29. A power reactor produces a lot of heat energy • A steam turbine uses almost all of this heat • The amount of heat added must equal the amount removed, at all times • If too much heat is added (or not enough heat is taken away), material temperatures rise & water pressures increase • This is a dangerous combination Heat Balance – the Key to control THE NATURE OF THE BEAST - 4

  30. How fast can heat be released? .07 Prompt Critical .007 Reactivity (Dimensionless) Prompt Neutron Lifetime = 1 millisecond .0007 Prompt Neutron Lifetime = 0.01 millisecond Normal Control Range .00007 10000 1000 100 10 1 0.1 0.01 0.001 Time (T) Taken to Double the Reactor Power (Seconds) Power (t) ≈ Power (0) exp [t/(T x 1.36)] THE NATURE OF THE BEAST - 5

  31. Safe operating domain Operating Trajectory Design Center Operating Limit Operating Domain Trip Limit Operating Margin Safety Limit Safety Margin THE NATURE OF THE BEAST - 6

  32. Louis Slotin (1945) • Re-Enactment of Slotin Experiment Old Accidents

  33. National Research Experimental -- NRX First Startup July 22, 1947 Accident 12 Dec 1952 Last Shutdown April 8, 1993

  34. NRX Human Errors (1)

  35. NRX Human Errors (2)

  36. Windscale Production Reactors - UK Built in the 1940s for Pu production. Loss of control & fire on Oct 11, 1957

  37. National Research Universal - NRU First startup Nov 11, 1957. Failure in experimental channel May 24, 1958

  38. SL-1: Stationary low power reactor #1 Major accident on Jan 3, 1961. Three operators killed US Army developed this concept for electricity and heating at remote sites. Operator

  39. (1) As far as possible, design, construction and operation should be the responsibility of a single organization. • (2) Responsibility for safety and all facets of reactor operation should be unequivocally defined -- ("a line organization should be used, not a committee"). • (3) Safety review should be carried out by a single competent group external to the operating organization - reviews repeated by competing safety groups can "unduly harass the operating group and thereby reduce safety." • (4) The ultimate responsibility for operational safety must ultimately rest on the immediate operating team at the reactor - "in the final analysis the reactor shift supervisor and, in turn, the operator at the control console should have the authority to shut down the reactor if either believes it to be unsafe." SL-1 Lessons Learned Prof. T.J. Thompson

  40. Three Mile Island-2 Final Reactor Configuration March 28, 1979 Good design No overpower pulse Poor operation Bad procedures Effective containment

  41. Chernobyl Unit 4 April 26, 1986

  42. The plant designer won a Lenin prize • Safety cautions from Kurchatov Inst. were ignored • Test procedure was mandated from Moscow • Effective command of the plant operation was turned over to the test team – they were ignorant • Safety protective systems were disabled • Operation at low power continued in spite of ban • Test was continued in spite of serious operator errors Chernobyl – Some Contributing Factors

  43. Davis-Besse Vessel Head Corrosion Circa March 2002 An accident that did not happen

  44. During the 1990s: • Ontario “fell out of love” with nuclear energy • An open “retirement package” was offered to staff • More than 10,000 employees took the package and retired • About 4,000 skilled nuclear operations staff left the company • Nuclear Operations was placed under extreme stress • In 1997: • Seven large nuclear units were shut down, voluntarily • Morale in the nuclear fleet hit rock bottom • Due to strong leadership within middle management • No serious consequences ensued Another Accident that Didn’t Happen

  45. Design basis – 5.2 to 5.7 metres • Measured wave – 14 metres (TEPCO update) • Consequent multi-unit station blackout • Human errors • Insufficient grid protection from earthquake (地震) jishin • Fossil units shut down, so the offsite grid collapsed • Insufficient protection of emergency power supply • Diesels in basement, fuel tanks at grade • Inter- unit electrical connections? • Failure to review promptly following Kobe event (1995) ---- and One That Did Happen (津波)tsunami

  46. Human error dominated in all of these events • Machines are much too stupid to make mistakes • Humans also perform spectacular “saves” • Pickering pressure tube failure • Dislocation of OH nuclear operations in 1997 and beyond • Hudson River airline pilot landing in Hudson River • Chilean coal mine rescue • Studying others’ accidents is educational • It helps to avoid having to study one’s own accidents • The practice builds care, caution – and humility Lessons Learned?

  47. What is Risk? A thing of the Future FUTURE RISK LEVEL PAST UNCERTAINTY 0

  48. Prevention Detection & Quality Automatic Disciplined Automatic Correction Design and Response Radio- Operation Control of Faults Construction to Faults active Material Disciplined Management Regulating Maintenance, Setback, Engineering Procedures Systems UER Procedures Stepback Process Systems Mitigation Fuel Exclusion Emergency Shutdown Containment Cooling Zone Response Environ- ment & SDS1 & ECCS & Building & Sheltering, Public Dilution SDS2 Moderator Spray Dousing Evacuation Safety Systems Systems Design for Risk Reduction Also known as Defence in Depth Review Maintain Upgrade Defence in Time

  49. Uniquely Risk and People -- To Err is Human ⌃ Complaisance The human cycle of Performance Neglect Confidence Institutional Factors? Decreasing risk Decay Safety Increasing risk Caution Danger Doubt Failure

  50. A risk Management system PEOPLE AND GOVERNMENT SAFETY SCIENTIFIC- STANDARDS TECHNICAL AUTHORITY COMMUNITY OPERATING ORGANIZATION DESIGNER- SAFETY MANUFACTURER- PERFORMANCE CONSTRUCTOR REGULATOR INDUSTRY REGULATORY PUBLIC RESPONSIBILITY RESPONSIBILITY RESPONSIBILITY

More Related