Lessons Learned from “Lessons Learned”: The Evolution of Nuclear Power Safety after Accidents and Near-Accidents

Background

Back to table of contents
Authors
Edward D. Blandford and Michael M. May
Project
Global Nuclear Future

Safety issues associated with nuclear technology first arose during the Manhattan Project, which established the U.S. nuclear weapons program. In 1942, the DuPont company agreed to be the prime contractor responsible for construction of the plutonium production complex, starting at Oak Ridge, Tennessee, and ending up at the Hanford site in Washington State. Nuclear technology spanning the fuel cycle, from enrichment all the way to chemical separation, developed at a remarkable pace, with large material inventory demands and little margin for error.

In fact, it was DuPont chemical engineers working on the B-Reactor at Hanford who formally introduced reactor system hierarchy and the “defense in depth” concept into reactor design and construction.5 The B-Reactor was the first large-scale reactor built following the successful demonstration of the technology at Oak Ridge with the X-10 pilot reactor. Due to the unfamiliarity of the technology, the DuPont engineers relied on their fundamental understanding of industrial chemical plants and implemented several layers of independent between the site workers and the hazardous radioactive source. Additionally, the concepts of redundancy and diversity in engineered safety systems were formalized into the reactor design process.

Out of the weapons program emerged a commercial nuclear industry that has undergone many transformations over the last fifty years. In this paper, we focus on the ways the organizations responsible for operating and regulating this industry have learned from operational experience, their own and that of others.6 Throughout this history there has been a range of reactor events differing in severity. Many of these events have been deconstructed and better understood through root-cause investigations yielding a set of lessons learned. We seek to examine these sets further and develop insights about how the industry and other stakeholders collectively learn from accident experience. Following the three major commercial reactor accidents—Three Mile Island, Chernobyl, and Fukushima—the lessons-learned process was carried out in public and scrutinized by the media. However, there have been less severe incidents and operational anomalies that have received much less attention but have, in some cases, provided invaluable learning experiences. What lessons were learned as compared with lessons that should have been learned and were not? How can this experience inform the future so that we can improve on the past?

Key Stakeholders Involved

The key organizations that are responsible for industry learning include the regulatory and other relevant government authorities, licensees and their shareholders, industry organizations, the media, and citizen groups. Given the potential for severe accidents and the public apprehension over all things nuclear, there is a special need for nuclear installations to demonstrate and maintain higher safety standards than is the industry norm with regard to fossil fuel–based utilities. Thus all stakeholders need to make full use of the lessons-learned process. Additionally, regulatory bodies and licensees have to learn from serious accidents. This requires, among other factors, regulatory independence from politics and transparency; we consider these questions insofar as they affect stakeholder groups.

Historically, one of the challenges of establishing effective regulatory bodies has been ensuring the complete separation of the organizations responsible for advancing and implementing the technology from those charged with regulating it, as well as insulating the regulators from political pressures to the extent possible.7 The two types of agency were originally combined because of heavy federal involvement in the commercial introduction of the technology. Splitting the agencies occurred for different reasons and with different effectiveness in different countries. In 1974, the United States split the Atomic Energy Commission into the NRC and the Energy Research and Development Administration primarily for political and confidence reasons. Other countries such as India and, following the Fukushima accident, Japan have taken initial steps in the same direction.

Private organizations such as INPO and WANO perform important functions and are discussed later in the context of learning from accidents. Members of the public, through nongovernmental organizations and the process of intervention, have also played roles in the lessons-learned process, roles that can vary in the international context.

Evaluating Off-Normal Operation

In order to combine into an effective system, both licensee and regulator must constantly learn from all modes of operation. Success and failure in nuclear operation are continuums and must be evaluated with equal scrutiny. Success does not mean simply meeting regulatory requirements and maintaining high capacity factors. It is a dynamic process that includes learning. Conversely, failure in plant operation can include routine maintenance all the way up to catastrophic failure. Each aspect enters into a dynamic process of improvement. Success and failure can be measured in such variables as economic, health, and environmental impacts.

In this paper, we discuss events that have occurred since the inception of the commercial nuclear industry. We will loosely follow the qualitative, and therefore somewhat subjective, International Nuclear and Radiological Event Scale (INES) introduced by the International Atomic Energy Agency (IAEA) in 1990; the scale allows events to be rated from “operational anomalies” through “incidents” and all the way to “severe accidents.” The INES considers the impact on people and the environment, radiological barriers and control, and defense in depth. Figure 1 indicates where each event considered in this paper lies on the scale. The role of precursor events is especially noteworthy because severe accidents are often the results of earlier anomalies and incidents. Successful identification of these precursors requires initiative, awareness, and operational experience.


Figure 1. IAEA International Nuclear and Radiological Event Scale (INES) Image of Figure 1
Source: IAEA; used here with permission from the IAEA.



General Assumptions

To focus our discussion, we have made some initial assumptions about the relevant background, including:

  • Risk acceptance varies widely around the world. This paper is normative in the sense that it represents a local perspective and is not globally representative.
  • It is critical that we differentiate reactor technology and plant operations, as they involve fundamentally different organizations; their relationship varies widely across the globe.8
  • Initiating events can be broadly classified as internal or external. Internal events are typically caused by combinations of hardware failures and human errors. External events can be malicious (for example, a terrorist attack) or natural hazards such as earthquakes or tornadoes. Some events that can be internally or externally initiated, like fire and flooding, are often classified as external events.
  • The term near miss, while not quantified, is used when damaged or deteriorating equipment, human error, or some other factor internal to the state of the reactor or its operation increases the risk of core damage to such a degree that the NRC sends out an inspection team.
  • Lessons are learned from both success and failure. Severe reactor accidents are extremely rare, and every effort should be taken to abstract key engineered or organizational successes.

ENDNOTES

5. William Keller and Mohammad Modarres, “A Historical Overview of Probabilistic Risk Assessment Development and Its Use in the Nuclear Power Industry: A Tribute to the Late Professor Norman Carl Rasmussen,” Reliability Engineering & System Safety 89 (3) (2005): 271–285.

6. Some of this learning was facilitated by EPRI and involved cooperation between utilities and the nuclear industry, leading to advanced reactor designs that took advantage of lessons learned from prior incidents.

7. The NRC is structured to function as an independent agency in which commissioners can be removed only for just cause. In most executive branch agencies, administrators serve at the will of the U.S. president.

8. One NRC spokesperson put this point a different way: “A really good careful driver can probably drive a poorly designed car with no bumpers, but a poor driver can easily wreck a well-designed car.” See Joseph V. Rees, Hostages of Each Other: The Transformation of Nuclear Safety Since Three Mile Island (Chicago: University of Chicago Press, 1994).