The Fukushima Daiichi Disaster and Designing for Fundamental Safety

Kirk’s note: I want to welcome Bram Cohen as an author on Energy from Thorium!

The ongoing Fukushima Daiichi disaster is naturally making many people wonder about the safety of nuclear power. It’s a good illustration of how unexpected failures happen in practice, and also shows how Liquid Fluoride Thorium Reactor (LFTR) is a fundamentally safer approach. When building a reliable system, you must assume it will fail. Regardless of how many layers of safety you build into something, what really determines its fundamental safety is what happens if all safety systems fail at once. For a nuclear facility, aside from specifically hardening against disasters like hurricanes, tornadoes, terrorist-flown airplanes, tsunamis, earthquakes, malicious actors, etc., you must also make a fundamental engineering assumption that it will melt down. No matter how improbable you think you’ve made it for a meltdown to occur, the most important feature of any nuclear facility is what happens when a meltdown does occur. And not only that, but there should be contingency plans for what happens when the plant is hit with God’s flyswatter, not because such a thing is likely or even possible, but because you can’t really be too paranoid about engineering for such scenarios.

Below I will describe development of the disaster in Japan, and how a Liquid Fluoride Thorium Reactor (LFTR) is a fundamentally safer design, not only in terms of basic safety measures, but in terms of planning for absolute worst-case scenarios.

Here are the basic facts of what we know has happened at the Fukushima Daiichi plant (events are still developing and currently available information is sketchy and unreliable, but these points are fairly well established):

  1. There was a massive earthquake, much larger than the plant was designed for, which caused loss of external power.
  2. A tsunami, also much larger than what the plant was designed for, washed through, destroying the backup generators, and several hours later the battery backups to the backups ran out of power.
  3. With the pumps for the water cooling system not working because the power was off, a partial meltdown occurred and the coolant water overheated, building up pressure and resulting in several explosions.

This is fairly typical of disaster scenarios. Something unexpected occurs, resulting in failure. In this case the cause was a natural disaster which was merely larger than prepared for, usually it’s something far less prosaic. The failure was then followed by a predictable chain of events which extra safety precautions could have been built for, but weren’t on the theory that adequate safety mechanisms were already in place, violating the maxim everything will fail. Specifically in this case, pressure valves could have been added so that in the event of excessive pressure building up gases could be released without cracking the containment vessel. But that sort of extra safety precaution, while a good idea, should only be viewed as a stop-gap measure. The real problem is having water-cooling at all, which inherently creates problems of high pressures, potential dissociation of the water, and need for powered cooling. Far better to not have water present in the first place.

While some currently operating plants are much safer than the compromised Japanese reactors, no existing reactors have near the potential safety features of a LFTR, which can be designed to limit the amount of damage that happens if everything, and I mean everything fails.

  1. Since a LFTR is preferably liquid salt and gas cooled instead of water cooled, there isn’t any chance of a steam explosion or water cracking into hydrogen. Also, since the cooling system is passive, a loss of power would not result in overheating from cooling stopping.
  2. A LFTR operates at normal atmospheric pressure, resulting in vastly reduced chances of explosion, because there isn’t any pressure being contained to begin with.
  3. If a LFTR should somehow overheat, it can be designed with passive safety systems like draining the liquid fuel from the core to passive cooling tanks which will simply shut it off. In fact doing this occasionally is part of normal plant operation and maintenance.
  4. Even if every one of the above systems fail, a LFTR has the fundamental safety property that it barely has positive reactivity to begin with. It’s so difficult to get it to even get hot (normally the core must be 90% graphite or it won’t even function) that practically any type of failure will necessarily change the geometry to be subcritical.  Any spilled liquid salts would soon result in a slightly radioactive but very stable chunk of slag.
  5. Large LFTR plants would be made from modular units, which naturally contain failures to a single unit, and have greater surface area so in the event of total cooling system failure simple heat dissipation is much more effective. Also, small units are easy to physically secure, for example, they can be suspended on cables, making the chances of earthquake damage even from record-shattering quakes remote. (Remarkably, some nuclear plants already do this, showing just how seriously designers take safety at some facilities.)

That said, all possible levels of failure of a LFTR can and should be prepared for. They basically go as follows:

  1. Simple failures – merely large earthquakes, power outages, and routine equipment failures will not significantly disrupt operation.
  2. Real damage – massive earthquakes, byzantine multiple failures, tsunamis directly washing through the plant, result in temporary outages.
  3. Massive damage – tornadoes, earthquakes scale 10, explosions causing damage to the integrity of the building, unforeseen events resulting in the core winding up on its side or upside down, require repairs on the scale of renovations, but are fixable.
  4. Unforeseeable damage – massive tornadoes, tsunamis greater than 100 feet, and the hand of God picking up the plant and smashing it back into the ground again, result in a release of short-lived radioactive Iodine and permanent destruction of the plant, with the plant’s remains requiring a messy but not terribly radioactive cleanup. Cesium, thankfully, wouldn’t get released even in this scenario, because it bonds well to Fluorine, and hence wouldn’t evaporate into the air. Despite the ridiculous unfathomability of this scenario, any region which has nuclear facilities should have a massive supply of non-radioactive Iodine at the ready in case of release, for people to flush out the radioactive iodine from their bodies in the event of leakage, because that would be a cheap preparation and it’s an effective way to minimize the damage even in the worst case scenario.
  5. Malicious damage – in the case of a team of highly trained engineers breaking into the plant, bringing with them highly specialized equipment for reconfiguring everything, and spending months without being interrupted maliciously doing the most toxic thing they could, at worst may reconfigure the plant to temporarily spew radioactive Iodine. Even dropping a conventional explosive on the plant would only result in a cleanup comparable to what would be necessary with merely unforeseeable damage. This sort of scenario planning can get very silly. Any team capable of pulling this off would have a much easier time building a real nuclear weapon from scratch using natural resources rather than doing this type of heist.

A final step to keeping everything secure, counterintuitively, would be to build a plant submerged underwater. We tend to think of oceans as stormy places, because we are used to the surface, but 100 feet down they are the most serene, well-shielded place on earth, immune to earthquakes, hurricanes, airplanes, and all but the most extraordinary of tsunamis.

All these safety features aren’t happenstance to the advantages of LFTRs. Almost every aspect of how LFTRs are cheaper and more expedient to produce is directly related to them having fundamental safety features which make them not require the massive overengineering of conventional nuclear reactors. While the fuel cost advantages of a LFTR over a conventional reactor appear overwhelming at first ($100,000 instead of $50,000,000) when you dig into the numbers it turns out that fuel costs aren’t a big driver of nuclear plant cost, because Uranium contains extraordinary amounts of energy itself. The extreme lengths you have to go to in order to overcome a conventional solid fueled plant needing to have excess fuel in the reactor and operate at greater than atmospheric pressure are what account for most of the price of conventional plants.



No Replies to "The Fukushima Daiichi Disaster and Designing for Fundamental Safety"

    Leave a Reply