Thursday, April 19, 2012

What are the chances? It depends on who you ask...


Dear Readers,

I don't know about you, but I'm having a lot of trouble trusting nuclear scientists these days. They couldn't prevent Fukushima and, now that it's happened, they can't fix it. It's still spewing, and their best estimates are that it will take 30 years to "clean up" -- AS IF there was ANY place to put the mess! Tank farms of highly-irradiated water is NOT a solution!

After Chernobyl we were assured that "Western" reactors are different, and completely safe from meltdown. They are different, but they are not safe. Now, a year after Fukushima, yesterday's Japan Times contained an article by an MIT-trained nuclear engineer. The author apparently could not conceive of the idea that it is essentially impossible to make a safe nuclear power plant. By that I mean that even with infinite funds, you'd still have to contend with human error. But even so, funds are NEVER unlimited. The author listed about a dozen things that went wrong in Fukushima, claiming that if any of them hadn't gone wrong, the meltdowns could have been prevented.

Perhaps that's true, but there will be other meltdowns, and even if all the author's recommendations were taken (which has a snowball's chance in a reactor core of happening) there would still be meltdowns or worse at our reactors. He hasn't covered airplane strikes against dry storage casks, for instance.

I suppose his main suggestion should be considered wonderful in theory. "If you are operating a nuclear reactor, you must find a way to bring it down to a cold shutdown in any type of emergency."

Isn't that grand? An MIT-trained nuclear physicist, writing in the Japan Times, tells us this! If only they had listened to him 50 years ago, when then designed those old Mark 1 Boiling Water Reactors! But there are SO MANY "Achilles' heels" in THAT design! Nevertheless, even I can assure the MIT-trained nuclear engineer that avoiding meltdown was PARAMOUNT in the original engineers' minds, as well! What does he THINK they were thinking about?!? They thought of everything that they could think of that could possibly go wrong, and designed a way that would unquestionably (probably, hopefully, maybe, possibly... within budget constraints) prevent that triggering event -- or series of events -- from happening. That's how nuclear power plants have ALWAYS been built! What is he, the one that can suddenly fix everything? Let him stop Fukushima from spewing then.

The ONLY constraint on safety has ALWAYS been money. First there's the problem of getting enough of it to build the reactor in the first place. You can't convince Wall Street to invest in them, so it's invariably the ratepayers at the insistence of the government who pays, and they want to pay as little as possible, as would anyone else. Then cost over-runs start to set in: Bad parts get delivered, bad welds get discovered, bad concrete pours have to be torn up and redone.... or you could look the other way, and that's what often happens.

Lack of testing equipment means you can't make sure the metals your supplier supplied you with are of the quality they say they are. Everything costs money, and nuclear power plants are in the business of making money out of something that's here today, and... here tomorrow, as nuclear waste. The electricity that is generated is gone in an instant -- used or not. Most is used, of course, so it can be billed, but any that's unused is lost forever, and the nuke plant itself needs dozens of megawatts just to run its own pumps.

When building or making repairs to a nuclear power plant, it's always a question of money. The MIT-trained nuclear engineer points out that San Onofre -- pardon me, thats my local nuclear power plant, which is just as bad but of a different design -- he points out that Fukushima had one functioning generator but needed two or three. The author explains that the one functioning generator was ONLY functioning because plant operators wanted to SAVE MONEY by placing it far away, which happened to be up a hill. Saving money at nuclear power plants usually doesn't help, but in this case apparently, two of the six reactors at Fukushima were able to be cooled because of this piece of luck. The author seems to miss the obvious: If it wasn't this mistake, it would have been something else.

San Onofre, my local nuclear reactor, is completely shut down right now (like all but one reactor in Japan) and may never reopen. Why not? Because the steam generator tubes (made in Japan, by the way) clang into each other. Why does that happen? Apparently because the plant tried to increase the power output of the reactor by adding nearly 400 extra tubes when they ordered a "like-for-like" replacement of the original (four) steam generators, which were supposed to last the entire lives of the (two) reactors.

The original steam generators didn't last because they ran 'em too hot, I suspect. A couple of years ago they realized that as soon as the tubes wear out, they can replace them with steam generators that have more tubes inside but still fit in the same locations. (Or thought they could.) So they upped the power output of the reactor, which caused the tubes to fail more quickly than the normal life of the reactor -- but they didn't care. They knew our California Public Utilities Commission would stick the ratepayers with the cost of the replacement steam generators when the time came -- and they did. SanO's owners wanted to avoid having the steam generator replacement happen at the same time as the much more risky license renewal because there's ALWAYS a lot of opposition to that.

San Onofre's owners got through several steps of this process. The Nuclear Regulatory Commission saw it as a "like for like" replacement even though it wasn't, the ratepayers were charged with the costs of replacement, it happened years before license renewal, and best of all (from the utility's point of view), the utility ALSO made billions of extra dollars while they ran the reactors at extra-high power, pressure, and temperature, blowing out the gaskets, seals, and tubes!

It's like how you treat a rented car.

Only the difference is, things can go wrong when steam generator tubes burst. They are very thin, fragile things, with a thousand pounds of pressure differential on one side from the other. One tube failure can lead to another, and another, and another, which can lead to an inability to cool the reactor. Fukushima USA. is what it could lead to!

But the utility company's biggest worry isn't that, because they figure one of the backup systems will work (they might be right, but they might not be). Their biggest worry is this: Because the new replacement steam generators have ALSO failed, just like the old ones but faster, they now have to try to stick the ratepayers with the whole cost over again, and it's only a few years from license renewal, AND Fukushima happened in the meantime. And the Internet grew. And the local citizens are up in arms. And many of the local politicians want the plant closed permanently, too. Everyone grasps what could happen there. Our homes could be lost, our lives ruined, our economy destroyed.

So getting San Onofre up and running again is not such an easy battle for the utility this time. Japan may be down to zero reactors soon, and California is already at half it's normal strength and might stay that way.

What's wrong with probabilistic risk assessment? Nothing, in theory. because in theory, the probability of critical bolts rusting out at critical moments can be estimated. That's some theory, though! To think you can put an accurate estimate on human failure is pure folly, especially when most of the time, those failures come from financial cost-saving measures, or job-saving measures. ("If I tell anyone what I just did, I'll get fired" is a hell of a thought to have after dropping a wrench into a reactor's primary coolant loop, but stray tools have been found in very odd places inside of reactors over the years...)

The real nuclear nightmare is undoubtedly just beginning. Not only is the probability of accidents ever-increasing as old reactors get older and their parts (and their replacement parts) wear out, but complacency has plagued every industry where vigilance is necessary, and the nuclear industry is no exception. It happens to pilots in cockpits, astronauts in space capsules, lookouts on watch for sneak attacks during war, it happens to people trying very hard NOT to get pick-pocketed. Then they get bumped by a pretty girl, a deft hand on the other side grabs the wallet, a third person helps hide the activity, and then leaves with the booty after a hand-off. It's orchestrated.

The nuclear industry orchestrates to steal lives. They steal them from children, infants, and everyone else, as well as from the animal kingdom. In addition to causing billions of deaths in the animal world from Fukushima alone, radiation disasters have caused millions of deaths in the human world already, and Fukushima will undoubtedly increase that toll substantially -- especially if Spent Fuel Pool 4 falls. Meltdowns are hardly the only worry at nuclear reactors. In fact, it's the ever-growing, glowing, spent fuel that worries many people the most.

Solar, wind, geothermal, wave, tide, biomass... these are all ready to replace nuclear power. They need a fighting chance, instead of handouts to the nuclear industry.


Ace Hoffman
Carlsbad, CA


1) Links to Ace Hoffman on KPBS radio and tv last Monday
2) Japan Times article on "probability theory"

1) Links to Ace Hoffman on KPBS radio and tv last Monday:

Ace Hoffman on KPBS:

More info on the Audio:

KPBS home page:

2) Japan Times article on "probability theory":


Nuclear nightmare: The destroyed No. 3 reactor building at Tokyo Electric Power Co.'s Fukushima No.1 nuclear power plant on Feb. 20. The earthquake and tsunami that struck March 11, 2011, crippled Nos. 1, 2 and 3 reactors at the plant, triggering the world's worst nuclear crisis since the 1986 Chernobyl incident. AP

Fukushima: Probability theory is unsafe

Special to The Japan Times

A year has now passed since the complete core meltdowns of three boiling water reactors at Tokyo Electric Power Co.'s Fukushima No. 1 plant. Because of the limited and biased information issued by the Japanese government, the world does not know what really happened when the earthquake and the tsunami hit the six Fukushima nuclear reactors. There are many important lessons that must be learned to avoid a future disaster. These lessons can be applied to all the nuclear reactors globally. People around the world deserve the right to know what happened.

Explaining the disaster: Plant manager Takeshi Takahashi of Tepco's Fukushima No. 1 nuclear power plant talks to journalists in Okuma, Fukushima Prefecture, on Feb. 28. Members of the media were allowed into the plant for a tour ahead of the one-year anniversary of the March 11, 2011, disaster. AP

As a nuclear core designer and someone who earned a Ph.D. from the Massachusetts Institute of Technology in nuclear engineering, I volunteered to look into the situation at Fukushima No. 1 in June of 2011. Mr. Goushi Hosono, minister of nuclear power and environment, personally gave me access to the information and personnel who were directly involved in the containment operations of the postdisaster nuclear plants. After three months of investigation, I analyzed and wrote a long report detailing minute by minute how the nuclear reactors were actually disabled (

Here are the highlights of my findings:

1. Three of the six reactors of Fukushima No. 1 had a complete core meltdown a few days after the tsunami hit. The molten fuel penetrated not only through the bottom of the thick pressure vessel, but also poked holes at the bottom of the containment vessel, thus releasing fission materials into the environment. The meltdown itself started at 11p.m. on the day of the tsunami, March 11, 2011.

2. As expected, the meltdown caused the fuel cladding material, zircaloy (zirconium alloy), to react with vapor and to create large quantities of hydrogen and zirconium oxide, which caused the catastrophic hydrogen explosion that blew out three reactor buildings. The hydrogen explosion took place on March 12, 14 and 15. The Japanese Government did not admit to the meltdown until three months later, nor did they admit to the damage to the containment vessels until a half year later. Our government tried to hide this important information for some reason, though judging from the amount of fission material released and from the size of the hydrogen explosion, the meltdown of the entire core was undeniable for anyone who has studied reactor engineering.

3. The earthquake on March 11 damaged all of the five independent external power supply systems, and the 15-meter-high tsunami damaged all of the pumps and motors of the main and emergency cooling systems that were constructed along the shore line, thus disabling the cooling system that pumps in sea water.

4. The tsunami also sent massive amounts of water into the reactor buildings and the turbine housing, thus soaking the emergency diesel engines and batteries, which were stored in the basement of these buildings. This meant that all sources of emergency backup power stored in the basement of the reactors were totally destroyed.

5. There was an air-cooled diesel engine sitting atop a hill close to Reactor No. 6. Its airfins were too big to fit into the basement and was luckily placed outside, and as such, this engine started to generate electricity. With a pump brought in from outside, it started to cool not only Reactor No. 6, but had enough power to cool Reactor No. 5. Of the 13 emergency generators associated with the six plants, this was the only one of the three air-cooled backups, and hence not dependent on water as the heat sink. This air-cooled diesel engine was the only one not entirely submerged in water, but in fact at one point the water level did reach up to half its height. A few weeks later Reactors No. 5 and No. 6 were brought to a cold shutdown.

6. The buildings of reactors No. 1 and No. 3 were blown away by an explosion of hydrogen generated by the core meltdown. Reactor No. 4 eventually exploded, though its core had no fuel inside due to a periodic inspection that meant the fuel rods were stored elsewhere. It turned out that the Reactor No. 4's building filled with hydrogen that leaked from Reactor No. 3 through their common gas release ducts. Reactor No. 2 escaped from the massive explosion, although its core had completely melted. Its windows were blown away most likely by the explosions from neighboring reactors No. 1 and No. 3 and the hydrogen inside Reactor No. 2 escaped into the air.

These facts teach us one important lesson: The Fukushima accident could have been avoided if the plant had had the capacity for electricity generation of any form along with the appropriate heat sink.

It is also clear that it was not the "unexpectedly high" tsunami that caused the accident. Reactors No. 5 and No. 6 remained intact, even though they were damaged to the same extent as the other four reactors by the earthquakes and tsunami. The difference was that they had a source of electricity through the air-cooled emergency diesel engine that had been was installed ad hoc by the management because they wanted to save money when the government demanded increased back up from two to three emergency generator sets.

The most important lesson of Fukushima No. 1 plant, therefore, is that we should have multiple sources of electrical supply and cooling heat sinks. This is not to say that "you should not put all of your eggs in one basket." What I want to say is that we should have eggs and apples in a few different baskets.

The Japanese government has tried to explain and offer excuses for the disaster in Fukushima, but no one in the government has accurately analyzed the situation. They continue to claim that the magnitude of the earthquake and tsunami was a natural disaster far beyond anything anyone could have imagined or planned for. But is this true? Was it a catastrophe that could not have been avoided?

My analysis takes a totally different point of view. It shows in documented detail ( that if you want to operate a nuclear reactor, then you should not assume anything about potential disasters ­ be they earthquakes, tsunamis, terrorists or a plane crash. No matter what happens, if you are operating a nuclear reactor, you must find a way to bring it down to a cold shutdown in any type of emergency. We now know from the Fukushima disaster that this will require electricity and heat sinks. It is a pretty simple principle.

But there is also another important lesson to be learned, and it applies to all operating nuclear facilities around the world: If you have to assume something, then you are not prepared.

All nuclear reactors in the world have been designed using probability assumptions. This idea was originally proposed by professor Norman Rasmussen of MIT. Put to use, it is a scientific way of expressing what the public will accept.

For example, what is the probability of a plane crashing into Yankee stadium with a full audience during the World Series? This can be calculated if one assumes that there is a level of probability for each element leading to the eventual accident. And, despite the probability, because it is infinitely small, the public tacitly accepts it. This principle was followed at Fukushima. Assumptions were made about possible causes of nuclear plant accidents. Engineering precautions were taken accordingly so that everyone could feel rest assured knowing "the reactor is safe."

In Japan, the Nuclear Safety Commission made this fatal mistake by relying casually on this probability theory. They assumed that the probability of a long-term stoppage of the external electric supply "in a country like Japan" was very unlikely, so they did not have to assume and plan for a prolonged power breakdown. With this assumption in mind, they insisted on having three emergency generator sets per reactor. They gave no further thought to the possibility of a situation that could include the breakdown of all external electrical connections.

Fukushima No. 1 had five different paths for the grid to come in, but all of them were destroyed by the powerful earthquakes 45 minutes prior to the tsunami. It would have taken only one active electrical connection to stabilize the reactors after the tsunami hit.

The government did its best and brought in mobile generators from outside. There were two problems with this tactic. First, all of the three electric panels in the reactors that needed to receive outside power were submerged in water. To make matters worse, the mobile generators couldn't plug in. The final straw was that the GE-built plants were on a 660-volt power line needed to run the plants, but the mobile generators brought in by the government were usually used on construction sites and they were limited to only 220 volts, the standard voltage in Japan. The mobile generators were useless in this situation.

Had the Commission made assumptions about the possible loss of the external electrical supply and ordered the plant to be equipped on site with other external power generation, be that solar, wind, gas turbine or even small LNG power stations to back up the six gigantic reactors, this disaster could have been averted.

It is very important to note that the one small gas turbine generator that was on site worked, but unfortunately, the one generator that worked was only connected to the control room for administration, and this power could not be shared with the reactors.

There has been a lot of useless discussion about the tsunami's power and size. Historically, people have assumed that the maximum height of observed tsunamis along the eastern shore of Japan is no more than 10 meters. Until this disaster occurred, the probability of a 15 meter tsunami hitting the Japanese coast was so low that one did not have to plan for such an unlikely event. It was known in some circles that a major tsunami could in fact hit the Tohoku coast. History shows that extreme tsunamis hit Tohoku at least once every 10,000 years. What we learned in Fukushima is that even if an event is predicted to happen infrequently, it will happen! To then talk about the probability is moot. The probability is now 100 percent and we have to face the challenge at hand and find a way to safeguard the reactors.

As a nuclear core engineer I can tell you that reactors are built to withstand the expected hardships. In light of what happened in Fukushima No. 1, the assumptions were completely wrong. In order to make nuclear energy work we must build reactors that can reach cold shutdown with 100 percent certainty, no matter what happens.

Assumptions and probability are for the theoretical dreamers. If you have a hot reactor, submerged in water and this reactor is without the power to circulate the coolant that can shut it down, then you have to find another way to cool it no matter what. If you have lost your last resort of power and heat sink, you should not have taken on the responsibility to operate a nuclear plant in the first place. That is the lesson of Fukushima.

In this world nothing is absolutely safe. The public approval for nuclear reactor construction is normally very hard to get. To this end the reactor engineers have constructed what is now called the containment vessel. They explained that should something "unimaginable" happen and fission materials leak from the nuclear core, the containment vessel will confine them and nothing will escape into the external environment. People living near the reactor were told to rest assured that they would never be exposed to radiation.

Many people compare this disaster to Chernobyl. The Russian reactor was very different. The Russians did not build a containment vessel to cover their reactor. They did not see a need for that precaution. Because Chernobyl did not have a containment vessel, when that nuclear accident occurred, the result was a massive release of radiation materials that were carried away into whichever direction the wind was blowing.

In the case of Three Mile Island, it did have the needed containment vessel and practically all of the fission materials were held inside the dome. Many long-held myths have been broken as a result of the Fukushima No. 1 meltdown.

As the molten fuel made its way through the pressure vessel and the molten "lava" melted the bottom of the containment vessel, it released huge amounts of fission gasses and particles to the air and water.

The assumed role of the containment vessel proved to be faulty against this type of melt through. If you go back to the original public discussions for the construction of these early nuclear plants, none of the safety devices, such as emergency cooling systems (ECCS), boric acid spray, etc., worked in Fukushima in 2011. What we found, regrettably, is that even the most critical emergency devices are dependent on the availability of power, either in alternating or direct currency.

In the case of Fukushima, all power was lost for a prolonged period of time and the complete core meltdown could not be stopped.

My recommendation is very simple. We should not assume anything in the design of a nuclear reactor. We should be prepared to cool down the reactor and bring it to cold shutdown with at least one reliable power supply and heat sink. This means that the emergency power should be provided by a multiple of means and locations, and the heat sink should not be dependent on prevailing water alone, but on air and alternative water reservoirs.

If this is established, then the reactor can be safe not only against natural disasters but also against man-made catastrophes such as sabotage, plane crashes and terrorist attacks.

The Japanese government's official explanation of the Fukushima disaster focuses only on the inability of anyone to predict an extreme natural disaster. Because of this focus, the rest of the world is not taking notice of the important lessons we need to understand to make the world a safer place. Many countries rely on nuclear energy, and yet these same countries assume that because they do not have to worry about earthquakes and tsunamis, what happened in Japan on March 11, 2011 does not apply to them. This could become a fatal mistake.

All reactors should be scrutinized against the possible loss of power and coolants, regardless of the cause of the disaster. Nuclear reactors are all built around the same probability assumptions. This pattern of thinking developed in the 1970s to gain the otherwise hard-to-come-by public acceptance of nuclear generated energy. Nuclear engineers, utilities and pronuclear governments around the world needed to persuade their public of the safety of nuclear energy.

With the hindsight of Fukushima, all of us who are engineers must challenge ourselves to once again think through the worst possible situation, such as a complete loss of power and coolant for a prolonged time, and we must work together to remedy the situation.

We must show how we can avoid core meltdowns under any circumstance. The challenge is no longer just the gaining of public acceptance but to realize that we are being tested by nature, and that God will keep testing us, checking to see if we are ready to ask the right questions.

Kenichi Ohmae ­ an MIT-trained nuclear engineer who is also a well-known management consultant ­ is dean of Business Breakthrough University. He was a founder of McKinsey & Co.'s strategic consulting practice and is the author of many books including "The Borderless World."

Contact information for the author of this newsletter:

Ace Hoffman
Author, The Code Killers:
An Expose of the Nuclear Industry
Free download:
Phone: (760) 720-7261
Address: PO Box 1936, Carlsbad, CA 92018
Subscribe to my free newsletter today!
Email: ace [at]