Radioactive Risk Mitigation
Fail-safe and redundancy systems show how the nuclear industry manages some of the most dangerous risks of all
An irrational fear has been cultivated around this technology, but we are afraid of some risks when we simply don’t understand them. It seems we fail to transfer the same intelligent capability to design our homes, cars and lives to be more and more safe to the concept that the nuclear industry has designed nuclear power stations with these same pre-loss mitigation principles in mind.
And these principles have been around for a long while. The basic concepts are generally understood in the nuclear industry and are taught by the Canadian Nuclear Society in their CNS CANDU Reactor Technology & Safety Course. They can be boiled down to: build a robust system (one that’s tolerant of mechanical failure or human error), and operate with highly trained personnel, but assume accidents will happen so build to prevent and control those accidents with multiple backups; do frequent safety tests and improve your systems on operational experience. Nuclear power stations are built to extremely exacting standards, among the most fortified structures built in our modern society. For instance, the World Nuclear Association says: “Nuclear facilities are designed so that earthquakes and other external events will not jeopardize the safety of the plant.” The stations are sited and over-designed to withstand nearly incredible external scenarios.
Furthermore, the training of nuclear personnel is a continuous program of improvement and development for all employees at the site. Nuclear power operators, those who work in the control room at stations, receive on average about 10 years-worth of training to do their jobs. Then they rotate through a training program on a mock control room, exactly like the one they work in. On this simulator, they learn to deal with many various scenarios that could go wrong, the same way airplane pilots are required to do. Training of staff is very diverse at these stations, where employees learn many ‘event-free’ tools such as self-checking, questioning attitude and pre-job briefs, just to name a few. There are many other procedures for operations, engineering and maintenance of these monolithic structures.
Despite all this, the nuclear safety philosophy assumes that an accident will happen. So, the plant is designed to prevent accidents and control an event, should one occur. This is where the “defense in depth” principles are prevalent. There are multi-layered, multiple redundant designed systems, to either prevent and or mitigate an accident.
“Build a robust system (one that’s tolerant of mechanical failure or human error), and operate with highly trained personnel, but assume accidents will happen…”
Let’s begin with the CANDU fuel. The fuel pellets are high-temperature, ceramic solid fuel that self-contains its own waste products. The pellets are encased in rods and assembled into bundles, which keep the fuel in place from cradle to grave. Then there are the shut-down systems. There are two independent systems that are poised at all times, ready to shut down the reactor. These systems are “fail-safe,” meaning that no matter what else can happen in the reactor, they will always work to shut the reactor down. There are many other independent reactor controls systems as well.
There are many different ways to cool the reactor should an event occur that prevents the normal cooling process. There are auxiliary cooling, shutdown cooling, emergency water systems and emergency core cooling systems, just to name a few important systems that are capable of operating in an emergency. Should cooling the reactor fail, there are further defences, such as containment of the structure. This is the leak-tight reinforced concrete structure, with walls about five feet thick. The single unit stations are also kept at negative pressure, whereas multi-unit stations have a vacuum building, kept a negative pressure, with extremely thick walls to contain any radioactive steam.
You would think that, with such a robust design and well-trained employees armed with event-free tools, all this would be enough. But that wouldn’t be telling the whole story. Oversight by many independent organizations, domestic and international, into the operations and performance of the stations, as well as regulation by the nuclear regulator, create even more layers of redundant protection for the public at large.
These many layers are the result of shared operational experience among the world’s nuclear power stations, as well as the unfortunate events at Three Mile Island, Chernobyl and Fukushima. The willingness to discover the root cause and learn lessons from every event is an attitude that should be transferred from the nuclear space to other businesses and everyday life. For instance, the root causes of Three Mile Island brought nuclear control room simulators into stations around the world. This was only one of many lessons that were learned from this event.
The design of the station to ensure proper containment and the need for a robust nuclear regulator were just a few of the lessons we learned from the Chernobyl event. However, it was the recent event at Fukushima that has changed the nuclear world yet again. Both Three Mile Island and Chernobyl happened because of initiating events within the station itself. But Fukushima wasn’t able to cope with the complete loss of power after the tsunami disabled the emergency power supplies to the station. This has led to a worldwide adoption of strategies to mitigate against external events that could cause a station blackout.
As well, most countries using commercial nuclear power have established a nuclear liability regime: Should all the mitigation techniques fail, an established mechanism of victim compensation through insurance is available to respond. This coverage is provided to the stations predominately by nuclear insurance pools, which were established for this purpose in the late 1950s, to support the development of a new industry. The pools provide centralized underwriting, loss control and claims management services to operators, while at the same time protecting the solvency of insurer.
The lessons we could incorporate into everyday life from standard practice at a nuclear power station would go a long way to making our environments much safer: the bigger the risk, the more elaborate the risk control techniques to either avoid, manage or mitigate it.
Colleen Demerchant is general manager of the Nuclear Insurance Association of Canada.
Copyright 2014 Rogers Publishing Ltd. This article first appeared in the November 2014 edition of Canadian Insurance Top Broker magazine