On July 24, 2014, the National Academy of Sciences (NAS) released the final pre-publication report by a committee tasked with reviewing the March 2011 accident at the Fukushima nuclear plant in Japan and its lessons for improving the safety of U.S. reactors. With appendices, the report is over 350 pages long. My colleague Ed Lyman and I have done an early review of the report and have these initial comments, likely to be supplemented as we probe this extensive report further.
Overall, UCS notes that the final Statement of Task for this study was quite narrow. In particular, it states that the study “should not make policy recommendations that involve non-technical value judgments.” In our view, this introduces an artificial distinction. Both technical and non-technical considerations are integral to the understanding of nuclear safety issues and to their practical application. There is no strictly technical right answer to the key question “how safe is safe enough.” We think the committee’s failure to recognize this is a weakness in its analysis.
The study also explicitly excluded recommendations for specific changes in U.S. laws or regulations or designs or operations of U.S. nuclear plants. This limits the report’s usefulness, because the biggest challenge to implementing lessons learned from Fukushima lies in how they can be translated into workable and effective regulations and procedures.
The UCS book “Fukushima: The Story of a Nuclear Disaster,” written in collaboration with Susan Q. Stranahan and published earlier this year by the New Press, provides more detail of our views on these questions and our own recommendations.
Some specific comments follow:
1. Section 6.1 (page 6-4) states that a region “about the size of the U.S. state of Connecticut” has been contaminated to levels that would expose inhabitants to radiation doses that exceed the long-term cleanup limit.
UCS Comment: Few technological disasters, other than those of the nuclear power variety, can affect such large areas of the map. This reality emphasizes the importance of extracting as many lessons as possible from the disaster and of implementing effectively and expeditiously upgrades that lessen the vulnerabilities at U.S. nuclear power plants.
Appendix L of the report points out that the process the NRC uses to evaluate the costs of nuclear plant accidents and judge whether safety improvements are needed does not produce results consistent with real-world economic damages. This biases the decision-making process in the direction of not taking action. We strongly agree that the process must be fixed to ensure that NRC takes into account the full public health and economic consequences of such accidents when making its decisions.
2. Section 18.104.22.168 (page 5-15) states “it is not at all clear that U.S. operators could have prevented core damage given the severity of the accident.”
UCS Comment: This reinforces our position that Fukushima was not a Japanese nuclear plant accident; it was a nuclear plant accident that happened in Japan. It could happen here, too, unless steps are taken to reduce commonly shared vulnerabilities.
3. Finding 5.1 (page S-3) states that “Implementation of these [FLEX] actions is still underway; consequently, it is too soon to evaluate their comprehensiveness, effectiveness, or status in the regulatory framework.”
UCS Comment: FLEX is the U.S. nuclear industry’s primary response to the most important lessons learned by the NRC from the Fukushima accident. By punting on this key topic, the report becomes significantly limited in its value. While we agree that FLEX efforts are still underway, we respectfully disagree that it’s premature to comment on their value. We expected the committee to comment on FLEX and are disappointed that they instead opted to duck this key topic.
The report does point out in Section 22.214.171.124 (page 5-4) that “neither the USNRC order nor FLEX specifically addresses the need to protect station DC batteries and power distribution systems so that they remain functional during beyond-design basis events.” Given the central role that the failure of the batteries and distribution systems played during Fukushima, this loophole allows reactor operators to ignore one of the major lessons of the accident.
4. Section 5.1.3 (pages 5-19 and 5-20) points out that the precursors to the Fukushima accident had been identified decades ago but those warnings had not been heeded. For example, the report cites a 1981 study by researchers at the Oak Ridge National Laboratory that concluded “Neither existing training nor emergency operating procedures adequately prepared operators for an unmitigated station blackout accident.” The NAS report further states: “The committee agrees that the Fukushima accident was not a technical surprise and was in fact anticipated by previous severe reactor accident analyses.”
UCS Comment: It seems prudent, therefore, to undertake a formal analysis of all past severe reactor accident analyses – not merely the ones subsequently validated by Fukushima – to identify other vulnerabilities that can and should be rectified before they can contribute to future nuclear plant accidents. This is not to suggest that all past findings and recommendations need be implemented. Some hopefully have been superseded by subsequent actions. Others may be shown to be impractical. But any that have not been superseded and are not impractical could be strong safety upgrade candidates. We also recommend in our book that all reactors should systematically reevaluate their vulnerabilities to severe accidents and correct all that they find, something the NRC has not required.
5. Recommendation 5.1A (page 5-3) recommends that monitoring of hydrogen concentrations inside the reactor buildings is needed.
UCS Comment: UCS wholeheartedly agrees that monitoring hydrogen concentrations inside structures other than the containments is necessary. Currently, in the U.S. hydrogen concentrations are only monitored within containment buildings because hydrogen gas is not supposed to collect inside the reactor buildings. Hydrogen found its way into the Unit 1, 3 and 4 reactor buildings at Fukushima and exploded. Waiting for an explosion to inform the operators about undesired hydrogen gas accumulation inside a reactor building is the irresponsible way to manage this hazard.
6. Section 126.96.36.199 (page 5-5) points out that control room simulators cannot handle events involving reactor core damage.
UCS Comment: Fukushima involved damage to three reactor cores. Yet control room simulators cannot handle an event like this.. The problem extends beyond limited training capabilities. Many of the proposed FLEX options also cannot handle reactor core damage. The radiation levels resulting from reactor core damage could make it impossible for workers to connect and operate the FLEX equipment. Because reactor core damage is a credible consequence of severe reactor accidents, training and response measures need to be capable of handling this reality.
7. Section 188.8.131.52 (page 5-18) recommends that training programs be expanded to cover situations such as decision-making when confronted with missing, conflicting, and misleading data and recognizing complex system interactions.
UCS Comment: This NAS recommendation is solidly on point. Existing training programs confront workers with simplistic challenges, like seeing one of three or four sensors monitoring the same parameter falling high or low and having to figure out which is yielding the correct information. It’s relatively easy to grasp the entire picture when only one jigsaw piece is missing.
8. Section 5.1.3 (page 5-24) points out that “PRAs [probabilistic risk assessments] that have been performed generally do not adequately account for human error in design, construction, maintenance, and operation of nuclear plants … or for intentional sabotage.”
UCS Comment: This point reinforces the conclusions from our August 2000 report, “Nuclear Plant Risk Studies: Failing the Grade” and many other reports and testimonies. This is not a minor omission. Not adequately accounting for human error is like trying to balance a checkbook with only some of the deposits and withdrawals—yes, you can tally up a number but that number may not indicate how much money you have. The NRC cannot make valid risk-informed decisions using such an impaired risk tool unless it makes appropriate compensation for the associated uncertainties.
9. Section 3.5 and Table 3.3 discuss information that TEPCO and the Japanese regulator acquired prior to the Fukushima accident about the tsunami hazard potentially being greater than the plant’s protections.
UCS Comment: Similar timelines with similar implications can be drawn for the shoreline fault hazard discovered in 2008 just offshore from the Diablo Canyon nuclear plant in California and the Jocassee Dam failure hazard identified in 2006 for the Oconee nuclear plant in South Carolina. The NRC needs a faster process for resolving known safety hazards. Safety IOUs protect no one.