When designing anything in a area prone to earthquakes, a cold hearted calculation has to be made: With finite resources, you can only build it to hold up to so much even with the probability that something larger can happen. All over the country of Japan, things were built with earthquakes and tsunamis in mind, but earthquakes smaller than the one that happened. The result has been huge devastation throughout the country. And even-though the nuclear reactor will likely result in little to no death, it will be considered one of the major consequences.
There were a number of failures and a number of triumphs at Fukushima. If the nuclear industry is to survive, they must learn from it. Many will try to destroy the industry and point that the risks are too high. While this calculation does not make sense compared to the risks required for any other path, the FUD (fear, uncertainty, and doubt) of radiation and nuclear power can overcome anyone's rational response. The only way to overcome FUD is to educate and to learn to better deal with Earth's fury.
Failure #1: No defense in depth against natural disasters. Nuclear safety is built under the idea of defense in depth. You build everything to hold up to the worst you can imagine and then assume it will break anyway and build another layer to protect against that. When the risk analysis of the plant was done, they worked under the assumption to withstand an 8.2 earthquake and resulting tsunami. They built a system that could handle that situation, but then failed to consider and plan for a situation of greater magnitude. Having three of the four emergency power systems vulnerable to a tsunami epitomizes this failure. In the future, defense in depth will have to be considered against not only human made accidents but also natural disasters.
Failure #2: Risk Analysis based on Independence. Four power systems was considered more than enough because the risk analysis assumed independence. While a lot was designed to make sure they were independent (diesel fuel far enough apart, battery inside containment, engines outside, etc), risk analysis was not done assuming that systems would become dependent. Independence based risk analysis has lead to reactors with three diesel systems and more pressurizers and more independent systems. But a third diesel system would not have improved the situation at Fukushima. That is because three systems were all dependent on one thing: the tsunami wall. A risk analysis that assumed some level of dependence (in this case all being outside containment) would have shown the advantage of having a diesel system inside primary containment. (Independent only analysis would say that the risk of this system falling prey to a reactor only accident would make this placement a poor choice). If one of the diesel systems were inside, an emergency cooling failure would not have occurred. In the future, a deeper look at system independence will be required. But a further analysis based on dependence is the bigger adjustment that needs to take place. Bayesian statistics would be a great tool for this but new experts in both Bayesian and nuclear science will have to be found.
Failure #3: Hydrogen response. There are many and complicated reasons that zirconium alloys are used as cladding. All materials are about achieve the correct balance of characteristics. The industry long ago accepted the risk of zirconium oxidation. However, the oxidation has caused hydrogen formation in water and the hydrogen explosions at Fukushima have been the most damaging to the plant. A better mechanism to deal with hydrogen formation must be look into. It is not enough to have system in place that try and keep the temperature below the oxidation temperature. All this does is lower the temperature of extreme failures.
Failure #4: Acceptance of oxidation risk in the spent fuel pool. Zirconium is chosen as a material for complex reasons, but many have to deal with its properties inside the heart of a huge neutron flux and heat conductance at full power. But once outside the core, there is little reason to accept oxidation for these properties. The reactor was designed to have offsite storage and the failure of the government to provide such storage and force maximum spent fuel storage at all time made this problem worse. However, acceptance of this risk was unnecessary and added to the problems as Fukushima. Onsite reprocessing or recladding is not practical. Finding a chemical that can be added to the cladding that can encase and reduce oxidation (much like tannic acid will create iron tannite on bare steel) is a practical solution even if the casing isn't as heat conductive. Further such a chemical would also be useful to add to the core and prevent oxidation there in case of an accident.
Failure #5: Lack of media and communication. TEPCO is so overwhelmed and needs to stay focused that it is not responsible to have them also need to deal with the media. The result is a sprinkling of anonymous experts giving media information that is both sensational and at times outright wrong. But without a good source of information and a huge demand across the world for such news, anything and everything ends up on TV, in the newspaper, and across social media. This creates a huge and unnecessary amount of FUD. And FUD is going to kill the industry faster than any accident can. The industry needs a media response team that will give lots of good data and experts whenever they request it. A great example is when TEPCO applied principles of ALARA. When the dosage became too high, they took out everyone who was reasonable to be there. But without information, the media took this not as a responsible action but as a last ditch effort in sending suicide teams in to fix the problem like Chernobyl. When the dust settles, and the real doses are found out, the media will have moved on. It is unlikely the real dosage will get more than a paragraph on the 5th page of newspapers and a scrolling sentence on TV. The atomic energy agency originally had this task. After TMI, that task was given to the department of energy. However, it is clear that the DOE is not going to take that responsibility. When these things happen, the industry gets HUGE amounts of free media and we are squandering it.
With the failures, there are also triumphs. These triumphs are going to be needed to save the industry. Throwing Fukushima, GE Mark I, and/or the Japanese regulation commission under the bus and trying to show why everything else is better is not going to work again. With Chernobyl it was reasonable, with Fukushima, the public will not see it that way.
Triumph #1: Containment. Even with everything hat has been going on, The reactor is contained. The radiation levels while unacceptably high, are not going to threaten the general public. Many will do calculations based on the tiniest amounts of radiation but we keep the reactors contained beyond all design limits. Compared to anywhere else where the tsunami hit with such magnitude, the damage to the plant is minimal. It is likely the workers were far more safe at the plant than in their home. And the death rate is so low, even with the accidents, that you are for more safe at a nuclear reactor than an amusement park or even an insurance office.
Triumph #2: Cold shutdown. Even with all the failures, the fires, the explosions, the cores came into cold shutdown. Even with depressurization, partial melt, and huge damage, the cores have been stabilized. It is a real test to how much punishment these things can take and a real life example of why an airplane or terrorist attack isn't going to cause Chernobyl.
Triumph #3: Defense in depth is shown to work. In the places were we had layers of safety, things worked. It shows that the method of nuclear safety is a strong one. It just needs to be expanded.
Even if we shutdown every pressurized reactor and move on to LFTR's and more advanced models, lessons can be learned. What we have done to protect ourselves against human accidents has been shown to work beyond every design limit. But we must not focus only on isolated events that happen in a vacuum. We must expand those methods to natural disaster response if we want to continue this industry. Nuclear engineering must accept a higher standard. We can not consider a small amount of death, a large but unlethal radiation dose, or breach of containment in any situation acceptable. We also need to learn how to deal with the media. Accepting FUD until all the dust settles is not going to work in a world and news cycle as active as ours. As with any industry, its adapt or die.
