Lessons Learned from “Lessons Learned”: The Evolution of Nuclear Power Safety after Accidents and Near-Accidents

Looking to the Future

Back to table of contents
Authors
Edward D. Blandford and Michael M. May
Project
Global Nuclear Future

In examining the above conclusions and looking to the future of nuclear power worldwide, we come to another set of observations.

  1. Modern reactors are of safer designs and can be operated more safely than the ones that have caused major accidents. But it is not clear how many of the safest designs will be built. Most reactors being built today are of the Gen II+ design and are significantly safer than the RBMK design involved in Chernobyl and the Mark 1 BWR design involved in Fukushima. With the Gen II+ design, both the reactor vessel and the spent fuel are under two layers of containment. Even safer designs, such as the Gen III and Gen III+, feature more passive cooling systems, which can keep all fuel cool for days without electricity or high-pressure water injection, among other improvements. As of this writing, it is unclear what the future reactor mix will be. An interesting question is whether new reactor users will buy modern designs while existing users will mostly extend the lifetimes of their existing designs.
  2. The Fukushima accident was initiated by a supposedly “once in a thousand years” event and was considerably worsened by faulty design and siting as well as operational and management response. The precursor incident at the Le Blayais Nuclear Power Plant in France had also been viewed as a “once in a thousand years” event. Nevertheless, given how many of the current nuclear sites are subject to rare major external events, and considering the lifetimes of modern reactors, there is a clear statistical basis for taking into account even very rare events and spending some money to prevent or alleviate their consequences. Reactor lifetimes today are roughly in the sixty-year range, which is 6 percent of the “thousand years” postulated for the recurrence time of the Tohoku tsunami. In addition, there are a number of sites subject to locally rare floods. Since a serious nuclear accident anywhere affects the nuclear industry everywhere, the industry should look at a much higher probability of problems than is implied in the “once in a thousand years” viewpoint. The cost of the Fukushima accident is estimated to be somewhere between $30 billion and $100 billion; if about a billion dollars had been prudently spent on the precautions that have been identified since the accident (and that we summarized above), some of the worst consequences of the accident could at least have been mitigated. While tsunamis are not the only possible external source of disaster, and while prioritization in allocating limited resources is always necessary, a new look must be taken at rare but potentially catastrophic events as well as the precautions that could be useful and economically justifiable in dealing with such events.
  3. The failure at Fukushima was due to the lack of a sufficient “tsunami defense-in-depth” approach, not a failure of the defense-in-depth philosophy in general. The Fukushima accident cannot be attributed solely to an inadequately sized seawall. Rather, the accident followed a series of failures, including failures in plant defensive actions, mitigation efforts, and emergency response. Accounting for every potential event that falls within the tails of the respective probability distributions is an unmanageable approach. Appropriate reform should focus not solely on defensive actions but on a robust blend of improved defensive actions, mitigation efforts, and emergency response procedures.
  4. Mechanisms to facilitate and incentivize mutual learning may not be adequate to make best use of lessons learned and prevent avoidable disasters. The present mechanisms are unsystematic and do not have enforcement or incentive features. They include the efforts of vendors to build safer reactors, the general availability of lessons learned from particular accidents and near-accidents, and awareness of the worldwide cost of a nuclear accident anywhere. At the institutional level, the two active organizations are the IAEA and WANO. The IAEA produces reports and submits protocols for adoption by its nation-members. It has major responsibilities in other areas (for example, safeguards against military use of civilian facilities), and it does not have the personnel, budget, or authority required to set and enforce safety standards (should any be agreed upon). WANO focuses on reactor operation, an essential—but not the only—ingredient of safety. Its main activity in that regard is information sharing. INPO, the U.S. counterpart to WANO, is quite effective. But it is a confidential and cooperative U.S. industry effort that seems difficult to replicate on a worldwide basis, at least without major changes.
  5. Improved cooperation will rest most securely on lasting shared economic interest among vendors, owners-operators, government regulators, and the public. At the same time, the international nuclear power and nuclear fuel cycle markets will become, if anything, more competitive. No solution to this problem is in sight. Elements of a solution might include the following factors:
  • Some form of an import/export agreement, such as what the Nuclear Suppliers Group now uses to monitor weapons-sensitive materials and components, might be effective. Those efforts rest on an agreement at the state level; the same would be true of a safety-oriented agreement. If there were such agreement among states, one could envisage that any vendor wishing to export reactors or other potentially dangerous nuclear facility would need a license certifying that the design meets modern safety standards. With only a few international reactor vendors, implementation of such an agreement seems feasible.
  • Reactor design is not the only safety consideration. Siting, construction practices, and operations also enter the mix in essential ways, as do accident management, regulatory review, and lessons-learned feedback. Agreement at the state level that would strengthen cooperation among regulatory authorities—perhaps even setting standards for independence of those authorities— would be a positive step. There is no clear consensus on what structure best assures such independence—or, rather, effectiveness in managing an inherently interdependent process that involves many stakeholders. A conversation that would take into account national precedents and institutions is needed before any attempt is made to discuss standards.
  • Finally, investors and insurance companies have strong incentives to avoid serious accidents. Liability for insurance companies is generally limited, leaving investors and taxpayers to take losses. In most countries, investment comes partly from government and partly from bond sales. Investment represents a potential source of leverage to avoid accidents; however, to date it has not been harnessed toward effective action because of a lack of knowledge and because nuclear-related investments may make up only a small part of the portfolios.