The TMI meltdown was stupid and expensive, but didn't kill anyone.
Perhaps. But that isn't much of a decent threshold of
acceptance, either. And the story provides an interesting
series of failures, which gives one pause:
http://www.nrc.gov/reading-rm/doc-collections/fact-sheets/3mile-isle.html
"The accident began about 4:00 a.m. on March 28, 1979,
when the plant experienced a failure in the secondary,
non-nuclear section of the plant. The main feedwater
pumps stopped running, caused by either a mechanical
or electrical failure, which prevented the steam
generators from removing heat. First the turbine,
then the reactor automatically shut down. Immediately,
the pressure in the primary system (the nuclear portion
of the plant) began to increase. In order to prevent
that pressure from becoming excessive, the pilot-
operated relief valve (a valve located at the top of
the pressurizer) opened. The valve should have closed
when the pressure decreased by a certain amount, but it
did not. Signals available to the operator failed to
show that the valve was still open. As a result,
cooling water poured out of the stuck-open valve and
caused the core of the reactor to overheat.
"As coolant flowed from the core through the pressurizer,
the instruments available to reactor operators provided
confusing information. There was no instrument that
showed the level of coolant in the core. Instead, the
operators judged the level of water in the core by the
level in the pressurizer, and since it was high, they
assumed that the core was properly covered with coolant.
In addition, there was no clear signal that the pilot-
operated relief valve was open. As a result, as alarms
rang and warning lights flashed, the operators did not
realize that the plant was experiencing a loss-of-coolant
accident. They took a series of actions that made
conditions worse by simply reducing the flow of coolant
through the core."
So,
* man feedwater pump __fails__
* turbine and reactor shuts down and pressures increase
* pilot valve opens but __fails__ to close
* signals to the operator __failed__ to show this fact
* so cooling water vented out of the open pilot valve
* no instrument existed to show the level of coolant!!
Worth noting. Design failures (no instrumentation for more
directly measuring coolant level, for example) combined with
ad-hoc failures of a pump system, pilot valve, and pilot
valve condition readout, at the very least. Makes you wonder
what other design lacks, instrumentation failures, or
component or system failures were present and unaccounted for
because they were not tested by the event.
By the way, I support nuclear power in the US and the people
who, I believe, do work very hard and at-risk to provide a
resource we use with far too little appreciation. But that
doesn't mean I do so with eyes closed.
There is a cozy relationship between the NRC and plant
operators (MOA between INPO and NRC, for example) an NRC
licensing process for early site approval and certification
of plant designs by rule (avoiding public hearings for each
plant) that provides for simultaneous issuances of both a
construction permit and an operating license as a one-stop
licensing called "combined licenses," the Price-Anderson Act
capping to ridiculously low numbers their liability and
completely hides the costing out of risk (and would be better
handled via the usual private business insurance mechanisms),
to name a few things. I'd also like a mechanism for
adversarial, informed disputes to take place. There is none,
right now.
We can do better, and should.
Jon
