To most of us, nuclear is an all-or-nothing word. Nuclear war is unthinkable. Nuclear weapons must never be used. Nuclear power plants must be perfectly safe. Nuclear meltdown is the end of the world. "Going nuclear" means you've hit the fatal button, and there's no turning back.
The crisis in Japan is teaching us that this isn't true. Nuclear safety, like nuclear doom, is never certain. Too many things can go wrong. And then, just when catastrophe seems inevitable, things can go right. Our challenge in managing the current crisis, and in preparing for the next one, is to broaden our options. We can't anticipate or prevent every scenario. But we can give ourselves a fighting chance.
Two days ago, I saluted the reactor containment vessels at the Fukushima Daiichi power plant for surviving the earthquake and tsunami that knocked out their primary and backup cooling systems. "Everything that could go wrong did," I wrote. Hours later, an explosion damaged one of the containers. Now officials say a second container may have ruptured. Take that as a corollary to Murphy's Law: Anyone who says "Everything that could go wrong did" is overlooking something else that could go wrong.
No one could have predicted every misfortune that hit this plant. First a quake bigger than any quake in Japan's history took out the power grid. Then a tsunami arrived with unprecedented speed and took out the backup diesel generators. An explosion at one reactor knocked out four of five pumps at another. A valve malfunction blocked water from being pumped into one of the reactors. Gauges failed. Instrument panels failed. A fire erupted in a spent-fuel storage pool in a reactor that had been offline for months.
But just as surprisingly, the disaster hasn't become an apocalypse. Cooling water has been depleted, then replenished. The damaged containers have remained largely intact. Cores are believed to have melted, but only partially, and by some estimates only marginally. Reactor buildings have exploded, but peripherally. External radiation levels have risen, then fallen. Fires have died, then restarted, then died again. Most plant workers have been evacuated, but others have stayed behind to cool the reactors and put out the fires.
We don't know how this story will turn out. And that's the point. Failure is an option. So is success.
The nuclear industry likes to think failure isn't an option. It builds power plants according to a principle called "defense in depth." Under this principle, as articulated by the Nuclear Energy Agency, "consecutive and independent levels of protection … would all have to fail" before harm could happen. But the levels of protection at Fukushima weren't really independent. They were all taken out by the same chain of events. The quake triggered the tsunami, knocking out the diesel generators. The cooling system's power failure led to explosions that knocked out the cooling system's conduits. The overheated reactors produced hydrogen explosions that blew off the roofs of the reactor buildings, exposing spent-fuel pools to the atmosphere.
It's bizarre to hear the dismay among nuclear industry veterans that so many reactors could be imperiled at the same time. The Fukushima reactors stand right next to each other on the waterfront. How could a quake or tsunami hit one without hitting the others? And when you put spent-fuel pools on top of the reactor buildings, what do you expect?
Still, the various levels of protection have helped. The reactor containers have kept Fukushima from becoming Chernobyl. Boron stored with the spent-fuel rods has kept them from going critical. Access to transportable pumps has made it possible to resume the cooling.
Human persistence and ingenuity have helped, too. A valve was disabled, then fixed. A pump was crippled, then revived. Plant operators couldn't administer fresh water, so they resorted to sea water.