For months, and perhaps years, lessons will be learned from the events at the Fukushima Daiichi nuclear power plant in Japan, which will serve as both a laboratory and a classroom. As the sequence of events leading to the accident continued through the accident response, at least one concept was made clear: When operating reactors, defense-in-depth — the technical concept of multiple layers of safety backup systems — must incorporate a series of active backup systems (meaning that they require human intervention) that must be operable to forestall single-point catastrophic failures. Ultimately, defense-in-depth can be vitiated by failures such as the vital diesels during a complete loss of off-site power, tarnishing the very essence of the concept of design-in-depth, including the necessary features of multiple, diverse, and redundant safety systems. This naturally raises the question of whether substantial improvements are in the offing. The short answer is yes, but there is a crucial caveat: The risk of single-point catastrophic failure is reduced significantly if reliance on active safety systems, no matter how superbly engineered, is minimized — that is, if safety measures are largely passive in nature. Unlike active safety features, passive safety features do not require operator intervention or active controls, relying instead on fundamental physical principles — such as natural thermal convection in the presence of gravity — to allay the effects of unexpected events.
But not everything is completely active or passive. As defined by the International Atomic Energy Agency, components and systems — but not structures — having safety functions must operate effortlessly when taking the plant from normal operation to a safe shutdown. For a system or component to be deemed passive, three functions must operate reliably: the “intelligence,” such as a signal or parametric change; the automatic initiation of motive power processes (natural agents, like water, steam, wind, etc., used to move machinery, a motor, mover, etc.); and the means to operate, without operator intervention, going toward and remaining in a shutdown condition.
The tragedy at Fukushima has increased public concerns about nuclear reactor safety. And, consequently, there has been more interest in designing safety systems for new reactors that are passive in nature and are not vulnerable to the kinds of planning and operational failures that seem to have led to the recent disaster in Japan. Passive design features are increasingly seen as an essential component of next-generation reactors and are already on the market. But the game-changer may well be that the new standard for licensable designs will be a design maximally dependent on passive safety features and minimally dependent (if at all) on active safety backup systems. Such redesigns by US manufacturers could potentially secure them a lead in advanced reactor manufacturing and regain a significant place in the international marketplace for nuclear reactors.
Types of reactor systems. The existing 104 nuclear power plants currently operating in the United States include only one generation of nuclear power system: Generation II. Designed in the 1950s, the first systems are known as Generation I reactors; today, there exists only one of these plants in operation in the world, which is in Wales and is scheduled to close in 2012.
The full contents of this article are available in the July/August issue of the Bulletin of the Atomic Scientists and can be found here.
The Bulletin elevates expert voices above the noise. But as an independent, nonprofit media organization, our operations depend on the support of readers like you. Help us continue to deliver quality journalism that holds leaders accountable. Your support of our work at any level is important. In return, we promise our coverage will be understandable, influential, vigilant, solution-oriented, and fair-minded. Together we can make a difference.