Sunday, March 13, 2011

Fukushima in layman's terms

This post started out as a facebook note to try and educate and inform my non-technical friends and associates about what's been going on in the situation with Japan post-quake with respect to the reactors at Fukushima Daiichi. I was surprised at how many people appreciated having the relevant issues explained to them in both a way that was factual (rather than sensationalist) and in a way they could understand.

With the help of my colleagues Alan and Cyrus, this post began evolving into a platform for communicating what's been going on since the initial response and digesting much of the information for a more general audience. Given that, it made sense to branch these updates out into a more flexible, updated format - in other words, a blog.

This post will cover some of the frequently-asked questions I posted on facebook, and following from this, we'll be covering the situation as it has evolved from there.

First, the most authoritative place for news would be the Tokyo Electric Power Company, which is releasing regular press releases on the situation. Likewise, ANS nuclear cafe is featuring constant media updates on the situation. Rod Adams at Atomic Insights also has a good summary of the situation. NEI also has a good fact sheet on the events at Fukushima that have occurred up until now and details as they unfold.

What happened in the earthquake?

When the earthquake struck, Japan's reactors were immediately shut down by a quick insertion of control rods, stopping the chain reaction responsible for producing fission (known as a "scram.") This was successful in all of the reactors. However, the reactor still remains "hot" for a short time after shutdown, because of very short-lived radioactive fission products which are in the fuel. As these fission products decay, they produce heat - this heat still must be removed from the reactor in order to keep the fuel cool. As my colleague Cyrus points out, this can be 6-7% of full power at shutdown - in a reactor like Fukushima, this can be 60-70 MW. However, the rate of heat produced decays exponentially; after 24 hours, it would be around 10 MW and falling. In other words, the first few days are the most crucial - keeping the fuel submerged over the next week is the highest safety priority.

Normally, when the power is cut off in an emergency such as this, a diesel generator serves as a backup system, which powers pumps in order to circulate coolant (much like in your car's radiator). However, it appears that these diesel systems were damaged during the earthquake - thus, the pumps had to operate on limited battery power until this was exhausted. Contrary to early reports, the USAF wasn't "flying in coolant" (as this just consists of ordinary water); however, a backup diesel generator was flown in and installed to get the pumps working again. (Cyrus points out that the diesel generator was working for about an hour until the subsequent tsunami struck, which is what disabled the diesel backup system.)

What is the big concern?

The biggest concern in this case is keeping the fuel cool - even though the reactor is "off" (e.g., not producing any more fissions), heat is still being produced which needs to be "wicked" away. Without the water circulating, what will happen is similar to in your car's radiator if the car's water pump fails - i.e., the coolant will continue to get hotter and hotter until it boils. This increases pressure inside containment (or your radiator). In each case, the pressure build-up can eventually cause a blow-out, where the containment (or your radiator) is breached. This is obviously undesirable.

To prevent this, some of the steam is being vented, to "bleed off" the pressure. The downside of this of course is that letting out steam means there's less water available for cooling now. Likewise, a very small amount of radiation may be released in the process (carried with the steam). However, the amounts are generally incredibly small - the largest dose indicated has been in the reactor building, where one worker received 106.3 mSv - elevated beyond regulatory limits, but far from fatal. Current estimates of the control room put the dose around 70 microsieverts/h, or about 7 mrem/h - elevated, but quite small. One would have to be exposed continuously for nearly an entire work year for it to begin to hit regulatory limits, which are themselves conservative.

The big concern about keeping the fuel cool is to keep the fuel intact. When fissions occur, almost all of the radioactive isotopes created are trapped in the ceramic fuel itself - this is a safety feature. Thus, the main concern about keeping the fuel cool isn't a "China Syndrome" type of situation (which itself is physically impossible), but rather a matter of keeping the radioactivity safely confined.

As water is boiled away from the reactor, there is a chance that the fuel can be "uncovered," which is where the risk of partial melting of the fuel exists. (i.e., nothing is left to wick away heat from the element itself). However, the fuel itself is only the first radiation containment barrier - the containment building itself is also designed to prevent the release of radiation to the environment, specifically under these types of circumstances.

Has there been a meltdown? (Is this like Three-Mile Island or Chernobyl?)

Basically, no. First, it's helpful to define the term "meltdown."  Were the reactor completely devoid of coolant, eventually the entire core assembly would heat and melt - producing a large, very hot radioactive pool of metal on the floor of the containment building. (Rod Adams helpfully points out that it's unlikely it would even get this far - in Three Mile Island's case, a substantial portion of the core melted, however it cooled into a lump of metal - "corium" - at the bottom of the pressure vessel.) This is not what is happening, nor is it the danger. The risk is in "uncovering" fuel from coolant, where the top portion of the fuel may melt and release radioactive fission products.

What has happened is that the fuel in Unit 1 may have been exposed for some time due to loss of coolant, which may have resulted in some loss of radioactivity.

Three-Mile Island was a partial fuel melt due in part to operator errors - operators incorrectly believed the reactor was being flooded with coolant (when in fact a pump was stuck closed), turning off coolant to the reactor. While the core itself was rendered unusable and the unit shut down, the actual dose received by the public was extremely minimal.

Chernobyl was a reactor different than the kind operated in Japan or the United States (and in fact would be illegal to build in the U.S. for technical reasons). Chernobyl operators were conducting tests with poor communication and had bypassed several safety devices. This was a full "meltdown" in the true sense, resulting in an explosion in the containment reactor building and a release of radioactivity. However, it should be noted that the death toll was relatively small, and most of the dose received (and subsequent casualties) were in the first responders to the accident.

Update: Reader David helpfully points out the following about Chernobyl's lack of safety systems which are present in all U.S. and Japanese reactors:
Chernobyl didn't have a containment building. It was not designed to withstand internal pressure from the reactor, and relied on continuous atmospheric ventilation. Chernobyl was also graphite moderated, the graphite reacting with superheated steam to create the large explosion internal to the core that blew the roof off the place. No commercial reactors, in the US or Japan, make use of graphite, and all have containment buildings designed to withstand significant internal pressures. The GE Mark I suppression-pool containment design, their first, is arguably the weakest design (structurally) still in service. As design basis accidents evolved, Mark I containments were retrofitted with a venting system to limit containment overpressurization, and prevent catastrophic containment failure
In that sense, Fukushima could not be more different than the Chernobyl design; it has a containment designed to withstand high internal pressures, and does not rely upon air cooling with the outside. Likewise, it is a water-moderated reactor, rather than graphite, which has several key safety advantages, including a design which automatically "shuts down" the reaction as temperatures increase. This is known in technical parlance as a "void coefficient," which means how the reactor responds to an increasing fraction of stream-to-liquid, or in other words, "void." Unlike Chernobyl, all reactors licensed in the U.S. must have a negative void coefficient, meaning they "slow down" as the fraction of steam in the coolant increases, preventing a runaway acceleration of the core reaction rate as it heats up. Because the core is already shut down, any Chernobyl type of scenario is already off the table - the issue now is simply one of keeping the fuel cool and intact until the decay heat comes down over the course of a few days. (End update).

In the case of Japan, the operators have been doing things correctly - the fuel has been kept as cool as possible to prevent any possible overheating of the fuel. Everything they've done so far has been to minimize the risk of damage to the core or accidental release of radiation to the public.

Wasn't there a radiation leak at one of the reactors?

Fukushima Daiichi Unit 1 appears to have released a small amount of radioactivity when the containment was vented in order to relieve pressue (due to the buildup of boiling water). However, this release appears to have been very small and of no real danger to the public. The measured radiological levels near the plant have been reported to have been elevated from 0.007 rem/hr to 0.67 rem/hr. While this is elevated beyond normal acceptable limits, this is far below the levels of Three Mile Island (itself quite small) or Chernobyl (much larger). The IAEA has given the incident a 4 on its International Nuclear and Radiological Event Scale (on a scale of 1-7; TMI was a "5", and Chernobyl was a "7").

TEPCO has announced that it is venting containment in Unit 3 as the high-pressure coolant injection system - an emergency system designed to inject coolant into the core - has stopped and cannot be restarted. Like Unit 1, venting is a safety precaution to release pressure from containment.

To clarify: when the containment is vented, a very small amount of radioactivity is released into the environment. This primarily consists of nitrogen-16, which is created when atmospheric nitrogen is bombarded by neutrons. N-16 has an extremely short half-life (7.16 seconds), meaning that by the time any release would reach any member of the public, it would have already decayed back away into stable oxygen; thus, the exposure from nitrogen would be nearly non-existent.

One of the other major isotopes released would be tritium, an isotope of hydrogen with two neutrons (instead of none) which exists in trace quantities in nature, and is created in small quantities in reactors when hydrogen in water molecules absorbs neutrons. Tritium is weakly radioactive - as a beta radiation emitter, it only poses a real issue if it is ingested into the body (and even then, in large quantities). (This is unlike gamma emitters, which are deeply penetrating, or alpha emitters, which can be stopped by the surface of the skin or a sheet of paper). Tritium actually is present in a lot of everyday applications, from exit signs (yes, really!) to glow-in-the-dark watch dials. Overall, this represents a very minor amount of radiation compared to that present in the fission products contained by the clad and fuel material itself.


Why are they evacuating the area?

This is done as a preventative precaution to protect the public. While so far there has been no known escape of radioactivity (save for what may have been released when the containment was vented), the evacuation is to ensure that this can be verified without putting anyone at risk.

My colleague Alan disagrees with my characterization somewhat, indicating that he thinks the evacuation may be more of a preventative measure against possibly larger failures. While I remain more optimistic, I don't fundamentally disagree with the idea that any such evaluation is fundamentally preventative in nature. My point here is more emphasize that no significant public danger currently exists (i.e., no known significant radiological hazard at the present time). However, Alan's contention is that he believes that a potential, undetermined radiological hazard would not warrant such an extreme evacuation alone (especially under these conditions), and thus the evacuation is a precautionary measure against potential larger failures.


What caused the explosion? (Is this a meltown?)

There was an explosion in the reactor building (not the reactor or the containment building). Official sources speculate that this was due to an ignition of hydrogen gas. Hydrogen gas can build up due to the extreme heating of the water and dissolution into hydrogen and oxygen. When the cladding which encases the fuel gets very hot, it can dissolve water into its components of oxygen and hydrogen. (This may have been caused by the fuel becoming "uncovered"). This hydrogen may have ignited as containment was vented, causing an explosion. However, this is not a meltdown - so far, there has been no good indication that any kind of catastrophic fuel failure (melt) has occurred.

Some further explanation: for this reactor, there are two "nested" containment buildings - "primary" containment, which houses the core itself and is the chief barrier against a release of radioactive materials if the fuel, clad, and pressure vessel fail. Then there is a larger building around this, "secondary" containment, which is the reactor building itself, including industrial equipment like cranes, etc. used to service the core. The explosion occurred outside of primary containment, in secondary containment. This diagram from NEI shows a diagram of the building, including the core and where the explosion occurred. You can see what happened from this photo to give you some perspective of what these buildings normally looked like, see here (you're looking at the tall, rectangular-looking buildings - light blue). Basically, an explosion is serious, but not an indication that primary containment has failed or that radioactive materials are being released from the fuel/core itself.

Why are they flooding the containment building with seawater?

Basically, they need to keep the temperature down in the reactor. Because they've been losing water to boiling, they need to quickly cool the reactor. In order to do this, the operators have made the decision to flood the containment building with seawater containing boron (boron is used to "quench" nuclear reactions by absorbing neutrons - the point here is as an added safety precaution). What this ultimately means is that Unit 1 is likely a total loss - i.e., it will never operate again. However, this appear to be the only reactor which was so significantly impacted. Again, the other reactors on the same site (along with other reactors in the general area) have shut down and been cooled normally.

Doesn't this prove nuclear power is fundamentally unsafe?


No no no. A thousand times no.  First, bear in mind that earthquakes are part of the design basis for every single reactor built today. Second, after an magnitude 8.9 earthquake - the largest in Japan's recorded history, and the fifth largest earthquake in human history - and a subsequent tsunami, the integrity of the reactor (and all of the other units at this same site) are intact. While breaking reports indicate that this reactor may have been "ruined" by the catastrophe, the danger to the public has been extremely minimal - namely, because engineered safety systems worked as planned.

Let me re-emphasize: nuclear reactors are often over-designed for the point of safety. The very first safety system to kick in was to turn off the reactor. This worked for every single unit. The second safety system, a diesel generator, worked in most cases - it would appear that the severity of the quake / tsnunami damaged the diesel backup in the case of Unit 1. However, battery backup systems gave operators time to provide a contingency. Second, the physical containment itself has operated as designed in providing a means of containing potential releases. (As Cyrus points out, nuclear systems are designed with a "defense in depth" - with the fuel, clad, pressure vessel, and containment building providing multiple layers against a radioactive release. At the moment, the main concern is at the level of the fuel / clad - not beyond this.)

What this proves is that in the very worst scenario - a once-in-a-lifetime earthquake beyond the design basis - that the systems can safely contain the integrity of the reactor, particularly with well-trained personnel.

To put a further point to it, this is what is going on right now at a liquified natural gas facility in the same area. (More images of the devastation here.) Basically, no system out there is going to stand up favorably to a disaster like this, but nuclear systems are specifically engineered against situations like this - again, unlike natural gas.

The BWR/6 design manual gives a more detailed explanation of the emergency cooling systems being employed here, in pages 57-68 of the PDF (pages 4-4 to 4-15 of the manual). While the BWR/3 at Unit 1 is slightly different these details are discussed on page 11 (page 1-2).

Hopefully this clears up some of people's questions, but if you have more, by all means ask, and I'll update this post accordingly. (And of course, if my NE friends want to add anything, please do!)

And of course, a special thanks to my colleagues Alan and Cyrus who have been helping me compile information for these updates.