03/23/2009 - 10:01

Thirty years after TMI: Five continuing vulnerabilities

Edwin S. Lyman

Edwin S. Lyman

A physicist, Lyman is a senior staff scientist in the Global Security Program at the Union of Concerned Scientists...

More

To its credit, in the 30 years since the accident at Three Mile Island, the Nuclear Regulatory Commission (NRC) has taken many steps to improve the safety and security of U.S. nuclear reactors. But despite these efforts and the fact that a Three Mile Island-scale accident hasn't occurred in the United States since 1979, safety and security vulnerabilities remain at the country's nuclear plants. And what is more relevant than the absence of large-scale accidents is the alarming frequency of serious near misses.

The most severe recent near miss occurred in 2002. The NRC allowed the Davis-Besse plant in Ohio to delay a planned shutdown to inspect piping on the top of the reactor vessel (which contains a plant's radioactive fuel) for leaks that had been seen at similar plants. When operators finally conducted the inspection, they discovered that corrosion had eaten away a pineapple-sized hole in the lid of the reactor vessel, with only a thin layer of steel left to prevent cooling water from flowing out of the vessel. Separately, the reactor's emergency cooling system was degraded and probably would have malfunctioned if it was needed. As a result, the plant came within months of an uncontrolled loss-of-coolant and core-melt accident that could have been worse than Three Mile Island.

The Davis-Besse debacle was a shared failure on the part of plant managers, plant personnel, NRC regional inspectors, and NRC senior officials. Vulnerabilities such as those at Davis-Besse can be largely avoided in the future if regulators and plant operators take a more cautious approach and worry less about the industry's bottom line. In particular, here are several weaknesses that need to be addressed immediately:

Fuel rods can possibly fracture, allowing radioactive material to escape. Nuclear fuel is bundled into fuel rods. Each rod consists of a stack of uranium pellets encased in a metal jacket known as cladding. In the event of a loss-of-coolant accident, in which the fuel overheats, this cladding must maintain its integrity in order to keep radioactive material from escaping.

The NRC has regulations designed to ensure that in a loss-of-coolant accident, the cladding doesn't become brittle and crack. These requirements, which date from the early 1970s, were based on experiments performed on unirradiated fuel cladding in pristine condition. The NRC considered this adequate because at that time, utilities used nuclear fuel for three years or less, and the cladding didn't undergo significant weakening in the reactor. Subsequently, however, utilities received permission to leave fuel in the reactor for up to twice as long, increasing the "fuel burnup" and reducing the frequency of refueling outages.

In approving these requests, the NRC didn't realize that cladding would undergo physical changes that made it more vulnerable to embrittlement. Consequently, some fuel cladding in U.S. reactors today could potentially shatter during a loss-of-coolant accident even though it meets the current regulatory criteria. The NRC plans to change its regulations to address this problem, but the industry is resisting.

Densely packed spent fuel in storage pools creates a fire risk. The inability of the United States to build a long-term repository for its spent nuclear fuel has left temporary storage pools at many nuclear plants around the country full of this extremely hazardous waste. These pools typically contain the largest quantity of radioactive material at nuclear plants. Yet the safety requirements for these facilities aren't nearly as stringent as they are for the reactors, which are located in containment buildings.

Another source of risk comes from the practice of dense-packing. As storage pools reached their original capacities at plants, utilities re-racked them to enable more spent fuel to be packed into the same space. According to studies by the NRC, independent groups, and the National Academy of Sciences, re-racking can make it more difficult to keep spent fuel from overheating in the event of a rapid loss of cooling water. The zirconium cladding of such overheated spent fuel can reach temperatures where it will burn, causing a spent fuel fire that could lead to fuel melting and a large release of radioactivity.

If some of the spent fuel in densely packed pools were moved to dry casks, it would be easier to keep the remaining fuel cool in the event of a catastrophic water loss. But dry casks are now deployed only to handle the overflow when the re-racked spent fuel pools are full, and utilities are loath to buy more of the casks than they absolutely need since they can cost more than $1 million each. In spite of these findings, the NRC has refused to change its policy on spent fuel pool storage to require accelerated transfer of spent fuel from pools to dry casks.

Containments at a number of plants could fail during a disaster. Thirteen U.S. reactors have so-called pressure-suppression containment structures, which are highly vulnerable to hydrogen explosions in the event of a full loss of power--due to their dependence on electric-powered spark plug-like igniters to burn off hydrogen in a controlled manner. When fuel overheats in an accident, explosive hydrogen gas is generated by the interaction of cooling water with metallic fuel cladding. During the Three Mile Island accident, a hydrogen explosion caused a sudden pressure spike of about twice atmospheric pressure, which its large containment was able to withstand without rupture. But if Three Mile Island had instead had a pressure-suppression containment, which is designed only to withstand overpressures of less than one atmosphere, there would have been a high likelihood of containment failure and a release of radioactivity to the biosphere.

Although the NRC did a risk study nearly a decade ago indicating that the safety benefit of requiring additional backup power systems for these plants would be worth the cost, it allowed the plants to voluntarily fix the problem. Today, some plants still haven't made the upgrades, and others have made fixes of unverified reliability.

Bias influences independent research and analysis. As much as the NRC likes to consider itself a scientifically based organization, the work it does remains beholden to the decisions of politically appointed commissioners. Thus, the personal prejudices of commissioners can influence the overall direction of technical research done by the commission and can compromise the scientific integrity of the work.

An example is the "State-of-the-Art Consequence Assessment." This program was initiated several years ago at the request of certain commissioners who believed that previous NRC studies performed since Three Mile Island vastly overestimated the health impacts that could result from severe nuclear plant accidents. Therefore, they ordered the staff to do new assessments. But before the study even began, NRC commissioners and staff made remarks that presupposed its outcome--namely, that accidents would take a much lower toll on human health than previous studies indicated. The commission issued secret guidelines for the study that it subsequently refused to release to the public.

There is little wonder then that preliminary results released in March indicate a significantly lower risk to the public from reactor accidents. The NRC's independent advisory committee has repeatedly criticized the study's methodology, but the commission has rejected its concerns. The NRC is developing a communications plan to "explain" the findings to the public, but the public should be wary of the study's conclusions.

Nuclear power plants are vulnerable to 9/11-style aircraft attacks. 9/11 showed that critical U.S. infrastructure was vulnerable to terrorist attacks using jet aircraft. After 9/11, public concern that nuclear plants could be the next target motivated the NRC and the nuclear industry to assert that the plants were impervious to such attacks. Previous NRC studies, however, indicated that an aircraft crash at a nuclear plant could result in very severe damage and the potential for a core meltdown.

While there are a few options for directly enhancing the defense of existing nuclear plants against aircraft attack, the NRC rejected them as impractical. These preventive options include establishing no-fly zones, deploying anti-aircraft batteries, and building additional protective structures. Instead, the commission required only that nuclear plants develop plans for preparatory actions in the event of an imminent aircraft threat and procedures for addressing the loss of large areas of the plant due to explosions or fires--hardly a substitute for a more aggressive preemptive approach since such plans rely on the heroism of plant personnel who could be killed or injured.