How safe is nuclear energy?
This question was posed by Sir Alan Cottrell in his book of the above title published in 1981*. He concluded that “…not all … natural safety features are … achievable and some engineered safety cannot be avoided”.
The principle engineered safety feature for the light water reactor (LWR) is the emergency core cooling system (ECCS). The generic LWR includes the P(ressure)WR and the B(oiling)WR
In the UK the advanced gas-cooled reactor (AGR) was selected because it is classed as a low-intensity reactor and less affected by a loss of coolant than a high-intensity PWR. Cottrell compared the two candidate reactors’ intensities as 4.5 kW/litre for the AGR with 100 kW/litre for the PWR. Nevertheless, at the Sizewell B public inquiry it was concluded that a PWR could be built and that the ECCS would provide an engineered safety. Currently there are in the UK 19 reactors, of which 18 are gas-cooled and just one is a PWR.
This is not to say that the AGR has no problems; its graphite moderator blocks are disintegrating and debris may block the control rod passages preventing a full trip.
At both the Three Mile Island (TMI) and Fukushima incidents
it was the failure to deal with the residual fission and heat that caused the
meltdown of the fuel elements. After tripping, i.e., dropping the control rods
at TMI (or raising them in the Fukushima BWRs), there remains 6% to 7% of the
full heat.
With a normal shutdown for re-fuelling the reactor is first tripped. In the case of the PWR the initial cooling is achieved by dissipating heat through the steam generators and discharging steam to the condenser by means of the turbine steam bypass system. This means that at least some of the coolant pumps and the feed water pumps must remain operative until the coolant temperature has fallen to 180°C and the residual heat removal system can be brought into operation, bringing the temperature down to 60°C and further to 35°C while re-fuelling proceeds. In the case of the BWR it is only necessary to open the turbine bypass, maintain the condenser cooling pump(s) and the feed water pump(s), to the reactor vessel as there are no steam generators and coolant pumps.
Both incidents were caused by the relief of the reactor
pressure before the residual fission and heat had been removed. This caused the
pressurised hot water in contact with the fuel cans to produce flash steam. The
water/steam mixture exhibited a lower heat transfer rate, the temperature of the
cans rose and their zirconium cladding reduced the steam to hydrogen, which when
vented into the TMI’s containment or the Fukushima service floors at a
temperature above 585°C (its auto-ignition temperature), it exploded.
At TMI the explosion was held in the containment, but as a result hydrogen recombiners are now incorporated in PWR containments as a measure to reduce hydrogen concentrations below the explosive limits. At Fukushima the explosions in the service floors caused severe damage to the structures, especially significant in the case of the spent fuel ponds and core fuel change ponds
Cottrell wrote “The doubt has been over whether the
ECCS water will actually get to the fuel rods, because it may be forced back by
the pressure of steam issuing from the core itself.”
In the case of TMI there was no accidental breach in the
cooling circuit, while at Fukushima there may have been damage to the ancillary
equipment, but in both cases it appears that the reactors tripped and it was the
residual fission and heat that caused the incidents. In the case of TMI a
pressure relief valve opened but seized in the open position, while at Fukushima
either an operator was forced to relieve the rising pressure manually or a
pressure relief valve opened. The relief of the saturated water pressure before
its temperature could be lowered resulted in the production of steam/water mix
between the fuel rods.
The creation of the hydrogen indicates that, with the
reduced heat transfer afforded by a steam/water mix, the zirconium cladding of
the fuel rods heated to more than 800°C. The resulting exothermic ion exchange
reaction with the steam leading to the oxidation of the zirconium and the
production of hydrogen at a higher temperature than its auto-ignition
temperature of 585°C meant that when it met the air in the TMI containment or
the air in the Fukushima service floor it exploded.
Since TMI PWR containments have been fitted with catalytic
hydrogen recombiners to reduce the occurrence of a deflagration or worse a
detonation.
The meltdown of the fuel rods occurred once the steam/water
mixture in contact with the fuel rod was mainly steam and unable to prevent a
further temperature rise.
An analysis of the Areva EPR Safety Injection/Residual Heat
Removal System and the Westinghouse AP1000 “passive” core cooling system (PCCS)
shows that a prerequisite for the water injection is a reduction in the system
pressure. In the case of the AP1000 the PCCS is claimed to operate automatically
without standby power. The relief of the reactor pressure before the residual
heat is at least partially removed would cause the water in the interstices
between the fuel rods to flash to steam, creating a problem when perhaps none
was arising.
The EPR core consists of 63,865 fuel rods 4.2 metres long
clad in a zirconium base alloy. The AP1000 core consists of 45,373 fuel rods
4.27 metres long. After the pressure has been relieved sufficiently to allow the
injection water to enter the vessel, the interstices between the multiplicity of
rods will be filled with a mixture of water and steam. It is unlikely that the
injected water will reach all or even some of the cladding surfaces before they
have overheated, generated hydrogen and melted.
Loss of coolant at full power
The unmitigated power of the residual heat has been manifest at TMI and at Fukushima. The consequences of a loss of coolant at full power, some 15 times the residual heat, can only be imagined. Cottrell again:- “The problem is whether this strength (of the vessel) is likely to be undermined in any way, from the effects of heat and radiation on the material, or ageing and corrosion; and above all by the presence and growth of cracks in the material.” Cottrell then considers the formation of cracks in the thick wall of the reactor vessel and espouses the theory that “a leak can be detected and remedial action taken, long before it has grown to the dangerous critical size.”
The spectre of a loss of coolant at full power was realised at the Davis-Besse reactor in Ohio in 2002, when a crack in a control rod mechanism “penetration” (branch) led to a leak containing boric acid, which then ate a large hole in the ferritic head of the vessel, whereby the thin stainless steel liner ballooned out and cracked. It was rated as a “near-miss” and was only days from catastrophe. Had the crack in the branch been circumferential, the control rod mechanism would have detached and the exuding pressurised water would have most likely damaged neighbouring mechanisms under the common cover.
The remedy for the failure of all or some of the control rods to be applied is to add boric acid to the coolant, which poisons the fission. It is unlikely that this would be able to be added until the pressure had been fully relieved and its chances then of reaching the innermost fuel rods before a meltdown are marginal.
Unmanaged residual fission and heat is sufficient to occasion a disaster.
Emergency core cooling systems are unlikely to avoid a partial or full meltdown
A loss of coolant at full power cannot be ruled out. Such an event would have disastrous consequences
Has Fukushima has brought the nuclear “renaissance” in the UK to an end?
John Busby 27 May 2011 (Revised 28 September 2011 )
* “How safe is nuclear energy?”
Sir Alan Cottrell FRS Heinemann Educational Books ISBN 0 435 54175 7 Obtainable from Amazon