World Is Ignoring Most Important Lesson From Fukushima 328
mdsolar writes "Kenichi Ohmae, an MIT-trained nuclear engineer also widely regarded as Japan's top management guru, is dean of Business Breakthrough University. In the CSM he writes: 'Fukushima's most important lesson is this: Probability theory (that disaster is unlikely) failed us. If you have made assumptions, you are not prepared. Nuclear power plants should have multiple, reliable ways to cool reactors. Any nuclear plant that doesn't heed this lesson is inviting disaster.'"
Correct (Score:5, Insightful)
Which is why modern reactors depends on gravity; which to the best of my knowledge has never been turned off.
Error in translation? (Score:5, Insightful)
Either there's an error in translation or the MIT trained nuclear engineer has forgotten what probability theory is.
Having multiple means of cooling a reactor sounds like a good idea, but that will only reduce the probability of disaster.
Re:Correct (Score:3, Insightful)
Well, if you *could* figure out a way to turn off gravity, I'm sure the Nobel Prize committee, NASA, and a whole bunch of science fiction fans would be listening eagerly.
Re:Correct (Score:5, Insightful)
That doesn't solve the problem of all the OLD reactors that are now past the original intended end of life for their design.
Re:Error in translation? (Score:4, Insightful)
Redundant systems are a good idea, but you should ask yourself if one event (or a common group of events, like an earthquake and a tsunami) can knock out all of your systems at once.
Re:Correct (Score:4, Insightful)
What the hell? (Score:3, Insightful)
For one
For two, accidents are unlikely - over the 58 years nuclear reactors exist (1954 in Obninsk was first) there hasn't been much significant disasters despite their wide usage. Hell, air travel has probably killed more people and noone's into banning airplanes.
That's an important lesson, but... (Score:5, Insightful)
But I think the most important lesson is that neither the nuclear power industry nor the regulators of that industry can be trusted to be at all truthful about the scope and scale of problems. They both have strong incentives to minimize the perception of such. This, more than anything, is the biggest and most important lesson that has broad applicability to almost any regulated industry.
Probability in reliability engineering (Score:5, Insightful)
A few voices in reliability engineering and safety engineering (not the same thing!) have warned that if you start producing figures that show that you can go a million years or more without an accident, that doesn't mean your product is safe, it means you've overlooked something.
Not even an anvil can live up to some of the probability estimates people have come up with for deployed systems.
That said, there's still such a thing as intellectual dishonesty. Large scale blackouts in industrialized societies are a known phenomenon (1965 eastern US, etc.) and should have been taken into account even if Japan weren't prone to natural disasters. Rumor has it that there's a plaque in the hills above Fukushima that says in effect "Water has come up this high in the past, don't build anything you care about lower than this level".
Re:Error in translation? (Score:3, Insightful)
Don't forget that Fukishima was TWO events happening at once (or close enough together to be counted as one). I think the design would have been fine if it was JUST an earthquake, or JUST a tsunami. But combined so close to each other was too much for the design.
Re:Error in translation? (Score:5, Insightful)
Got it in 1.
The article even states, all of this would have been avoided if it had maintained even one connection to the grid. They had 5. Now they may have all failed at once because they were basically all the same and they weren't really redundant, but past this layer they had multiple generators at each reactor so even if the external power did fail there was something to go on.
He is sort of right, in the same way security researchers in computing systems talk about never assuming a system is secure. You need layers of defences, detection, prevention, repair, redundancy etc. But I don't think anyone disputes that, nor is there any evidence they didn't have those things. They may have implemented them badly, maliciously, but they picked a probability of failure and said 'that's good enough for the money we have'.
There are lots of theories about designing reactors that are fundamentally more safe, they won't have runaway heating for example (a by product of how uranium undergoes nuclear reactions, and how the reactors are built to deal with that). I'm not sure anyone is suggesting we should somehow not consider those designs superior in some way. But no matter what you design you can only build so much redundancy into the system. If your error tolerance is 1/10K years, then why not 1/100k years? Why not 1/1M years? With any physical thing there is a probability of something going really wrong. Suggesting otherwise is lying. You choose your risk tolerance. Ultimately the people who pay the bills have to decide what the risk is worth. If a nuclear reactor cost 100 billion dollars, and had a 1 in a billion chance of failing per year is that good enough? It could still get hit by a 1 in a billion event after all.
Some things have to survive ANYTHING (Score:4, Insightful)
One of the big reasons mil-spec software and equipment costs so much is it has to be designed to function no matter what happens. In no other industry is there a requirement for a monitor to take a .50 caliber shell and keep running, for example, or for hard drives to survive multi-story drops while running (which is what happens when a ship crashes down a wave.)
I am absolutely stunned that reactors aren't designed to the same stringent "failure is not an option" standard, given the consequences of a failure. It can and should be done if you're going to risk meltdowns. Every possibility you can think of needs to be accounted for.
After all, we're not talking about just poisoning the people around a failed facility -- we're talking about the possibility of leaving kilometers of land completely uninhabitable for decades.
Wrongheaded.... (Score:5, Insightful)
Modern reactors already do the things this guy is suggesting. This guy is decades late to the party. I'm sure there will be 100 comments saying this by the time I hit submit, but the real lesson should be to build new plants with modern reactors, so that once built the old ones can be decommissioned *after* the new ones are built. The kind of attitude this guy has (I'm sure his real motivation is just to get attention) obviously scares people into not wanting new nuke plants built.
On the other hand, he's not very specific in the TFA. Perhaps is real life he has suggested a specific way to retrofit existing reactors with backup generators? Or is he just regurgitating crap that we were reading the day after the tsunami?
And Business Breakthrough University? SERIOUSLY? WTF is that? It reminds me of all those high priced fat loss pills that were developed by places like the "fat loss institute." Apparently anyone can file a DBA with the word institute or university in it. Does anybody really regard this clown as Japan's top management guru? Or am I wrong and this guy is actually dean of an accredited university?
Re:Correct (Score:2, Insightful)
just put you Mr.Coffee in a centrifuge...
Re:Error in translation? (Score:4, Insightful)
So the solution is a proper application of probability theory. Probability theory didn't fail. We failed to use it.
Re:Error in translation? (Score:5, Insightful)
If you're near any large body of water, they're very likely to happen together and should always be considered that way.
Re:Error in translation? (Score:5, Insightful)
The risk tolerance should be for an event that causes significantly more damage in and of itself than the reactor meltdown would. Someone above mentioned an asteroid collision. An asteroid of significant size would cause far more damage than the destroyed reactor would. You can also make the engineering such that even in extreme failure conditions, the amount of radioactive spreading is minimal (although, again, an asteroid would pretty much splatter the uranium everywhere).
I would argue that the Fukushima disaster actually did meet this criterion: far more people were killed by the earthquake/tsunami than will ever be killed by the radiation (in fact, the disaster probably killed more people than all the nuclear reactor accidents ever put together) released, and the cleanup will be a fairly small fraction of the total cost of the disaster. Obviously, they could have been better designed and survived even this (a modern reactor would have), but the simple fact is a disaster bad enough to take out a well-designed nuclear reactor will dwarf the damage caused by the reactor malfunction itself.
The PR disaster is a different story.
Re:Too many protective measures (Score:4, Insightful)
This is an excellent post.
There was basically the biggest earthquake that the earth is capable of making, a tremendous tsunami that killed 20k people, and a 50-year-old power plant had some problems that added a couple of percent to the death toll? This is a tragedy, certainly, and we need to work on making reactors that don't do that. But it is hardly a condemnation of nuclear power.
Re:Error in translation? (Score:5, Insightful)
The probability of a widget failing is 0.001. The cost of a widget failing for us is $1000. Therefore, we should budget $1 per widget to cover the expected failures.
Trouble is, this only makes sense if you make 10000 widgets. Then you expect 0.001 x 10000 x 1000= 1000x(10 +/- sqrt(10)) failures (assuming widget failures are independent and uncorrelated events, which means the expected number of failures follow a Poisson distribution), so if yo budget
$20000 = 1000 x (~10 + 3*sqrt(10)), you'll be covered 99% of the time.
Note that "99% of the time" means that if you make 100 production runs of 10000 widgets, and budget $20000 for covering failures on each run, you'll be good for 99 of those 100 runs, and you might be over budget on the 100th.
When you make exactly one widget, and it costs you $1000 if it fails, and you estimate that the probability of failure is 0.001, and you budget exactly $1 to cover failures, what you've done is you've wasted $1, and you're still not covered, because if your one widget fails, you don't have the budget to cover it.
There was exactly one Fukushima plant, and when you talk about risk analysis for something like that, anything that is remotely likely to cause a catastrophic failure needs to be fully accounted for, because there is no such thing as an amortized catastrophic failure. It either works or it blows up in your face, not a small percentage of your face.
Re:What the hell? (Score:5, Insightful)
Where the rubber meets the road is deaths per terawatt hours. Even with the disaster, nuclear remains well lower (0.04) than any of the other mainstream energy sources (coal's world average is 161, oil is 36).
With nuclear having 900 times fewer deaths than oil, this shows that something is being done right.
The problem is that with all the fear around nuclear reactors, no new, safe ones are built, so we are left with maintaining venerable designs designed barely after WWII with far fewer safety features.
The insanity of this shows when one compares this with other industries. It would be ridiculous to claim that aircraft are fundamentally unsafe and banning any new design to be made, only allowing biplanes from WWI to keep in the skies. Or saying how pathetic an automobile is while barring anything newer than a steam engine.
Probability didn't fail, gamblers did (Score:4, Insightful)
I ran a poker game for about 6 years. I have seen this before. Its not probability that failed, its your use of it that did. Low probability events happen with great regularity on the long run. A poker player that is willing to bet his entire stack on anything less than the nuts, even if there is only one hand out of the enitire deck that could beat him.... if he sees that situation enough times, he will still loose that hand that one time out of 250 or so.
So.... maybe you bet your whole stack in a tournament, but....you never sit down with your whole bankroll. That is just bad bankroll management....or bad risk assessment...whatever you wanna call it.
They don't call em 100 year floods because they never happen. They call em that because they seem to be of a size you only see every 100 years or so. However... you have to remember how the odds work. Just because he had pocket aces last hand, doesn't mean he doesn't this hand. What are the odds? 1 in 250 or so times 1 and 250 or so (assuming a good shuffle etc) ... pretty unlikely... but its happened to me.
Re:Correct (Score:2, Insightful)
Re:Too many protective measures (Score:5, Insightful)
That's fine if you only care about deaths. If you actually lived there and found your home was no longer habitable, your job was gone and you had to live in crappy rented accommodation where your children can't play outside... Well, you might take issue with it. If you are a farmer or fisherman who can't sell their produce due to contamination it may bother you. If you are a tax payer facing a bill of trillions of yen to deal with it you could be quite upset.
Even Japanese companies and citizens that are having to deal with power shortages may be troubled by the problems with nuclear power there. One of the big attractions of wind, geothermal and solar in Japan is that even if a tsunami completely destroyed some installations it wouldn't require them all to be shut down - the danger just isn't there. Even if some are damaged by an earthquake the majority will be fine, so instead of losing 500+MW from a single reactor going offline you lose a few tens of megawatts from a couple of downed turbines.
Re:Correct (Score:5, Insightful)
That's just the kind of reckless thinking that caused the failure in the first place. We must provide for EVERY contingency, no matter how unlikely! For the children!
Unfortunately unwashed masses that inhale fumes from coal plants every day go batshit insane when they hear 'nuclear' and politicians play along. I am all for closing all nukes at once. Maybe those ignorant hippies, who don't understand how the world they live in works and what greases its wheels, will learn something from blackouts, brownouts and less juice for their apple branded gizmos.
Basically a "suitable" site can't be:
* within 1 light year of anything else * actually engage in any sort of nuclear reactions * use the standing nuclear infrastructure for anything * produce any waste whatsoever. It produces clean drinking water, power, and air? BAD! BAAAAAAD! * "actually" nuclear in any way, shape or form. * use any technology that doesn't have at least 50,000 years of hardcore reliability testing * offend anyone's delicate sensibilities in any way
Basically there is no such thing as a "suitable" site for these people. Because the second someone says "nuclear" their head turns off COMPLETELY (if it wasn't already off) and the first thing out of their yap-holes is "bombs" "Hiroshima" "Nagasaki", "Three Mile Island", "Chernobyl" and now "Fukashima".
***
Is it just me, or are the nuclear power lobby on slashdot getting more and more emotional and less and less coherent?
Re:Correct (Score:4, Insightful)
The reaction then stops being self sustaining, and you just have to recover the containment units and repair the reactor.
At Fukushima, the reaction stopped being self sustaining seconds after the quake, and minutes before the tsunami. It didn't save them. You can't just wash your hands and say 'problem solved' when the chain reaction ceases. Fission products will keep generating large amounts of heat for months afterwards. If your 2-3 smaller tanks have no way to lose this heat, they will eventually melt.
I'm not saying that these new reactor designs can't deal with this, but you need much more evidence before can claim it's "literally idiot proof".
Re:Correct (Score:3, Insightful)
Sorry, but contrary to popular belief, it IS possible to do modern nuclear in a clean, safe way.
But the second you mention it, someone points out a 30 year old facility based on 50 year old technology where people were cutting corners and paints the issue of nuclear power with said brush.
TMI, Chernobyl and Fukushima aren't instances of "nuclear power is bad m'kay?". They're instances where improper planning, inappropriate supporting infrastructure, and plain old malfeasance compromised old, out-of-date facilities.
Re:Error in translation? (Score:4, Insightful)
You need layers of defences, detection, prevention, repair, redundancy etc.
... which is why "too cheap to meter" nuclear power is so bloody expensive. By the time you've built your defenses, detection, prevention, and redundancy (and gone through the 10-year planning process, paid off or muscled out the NIMBYs, settled the lawsuits, weathered the protests, and hired the highly trained nuclear technicians and emergency response personnel you'll need on hand at all times) you've spent so much money that it would have been cheaper to just build a different type of power plant and avoid the whole mess.