To most of us, nuclear is an all-or-nothing word. Nuclear war is unthinkable. Nuclear weapons must never be used. Nuclear power plants must be perfectly safe. Nuclear meltdown is the end of the world. "Going nuclear" means you've hit the fatal button, and there's no turning back.
The crisis in Japan is teaching us that this isn't true. Nuclear safety, like nuclear doom, is never certain. Too many things can go wrong. And then, just when catastrophe seems inevitable, things can go right. Our challenge in managing the current crisis, and in preparing for the next one, is to broaden our options. We can't anticipate or prevent every scenario. But we can give ourselves a fighting chance.
Two days ago, I saluted the reactor containment vessels at the Fukushima Daiichi power plant for surviving the earthquake and tsunami that knocked out their primary and backup cooling systems. "Everything that could go wrong did," I wrote. Hours later, an explosion damaged one of the containers. Now officials say a second container may have ruptured. Take that as a corollary to Murphy's Law: Anyone who says "Everything that could go wrong did" is overlooking something else that could go wrong.
No one could have predicted every misfortune that hit this plant. First a quake bigger than any quake in Japan's history took out the power grid. Then a tsunami arrived with unprecedented speed and took out the backup diesel generators. An explosion at one reactor knocked out four of five pumps at another. A valve malfunction blocked water from being pumped into one of the reactors. Gauges failed. Instrument panels failed. A fire erupted in a spent-fuel storage pool in a reactor that had been offline for months.
But just as surprisingly, the disaster hasn't become an apocalypse. Cooling water has been depleted, then replenished. The damaged containers have remained largely intact. Cores are believed to have melted, but only partially, and by some estimates only marginally. Reactor buildings have exploded, but peripherally. External radiation levels have risen, then fallen. Fires have died, then restarted, then died again. Most plant workers have been evacuated, but others have stayed behind to cool the reactors and put out the fires.
We don't know how this story will turn out. And that's the point. Failure is an option. So is success.
The nuclear industry likes to think failure isn't an option. It builds power plants according to a principle called "defense in depth." Under this principle, as articulated by the Nuclear Energy Agency, "consecutive and independent levels of protection … would all have to fail" before harm could happen. But the levels of protection at Fukushima weren't really independent. They were all taken out by the same chain of events. The quake triggered the tsunami, knocking out the diesel generators. The cooling system's power failure led to explosions that knocked out the cooling system's conduits. The overheated reactors produced hydrogen explosions that blew off the roofs of the reactor buildings, exposing spent-fuel pools to the atmosphere.
It's bizarre to hear the dismay among nuclear industry veterans that so many reactors could be imperiled at the same time. The Fukushima reactors stand right next to each other on the waterfront. How could a quake or tsunami hit one without hitting the others? And when you put spent-fuel pools on top of the reactor buildings, what do you expect?
Still, the various levels of protection have helped. The reactor containers have kept Fukushima from becoming Chernobyl. Boron stored with the spent-fuel rods has kept them from going critical. Access to transportable pumps has made it possible to resume the cooling.
Human persistence and ingenuity have helped, too. A valve was disabled, then fixed. A pump was crippled, then revived. Plant operators couldn't administer fresh water, so they resorted to sea water.
When the unexpected happens, even at a nuclear power plant, don't freak out. All you have to do is cool the cores. Just add water. If you can't deliver it through a pump, you can spray it from a truck or dump it from a helicopter. If pressure builds up, you can vent it. Yes, that might entail releasing some radiation. But releasing radiation isn't the end of the world. It's better to go nuclear in small doses than in a catastrophic blast.
While the workers at Fukushima wage this fight, the rest of us should rethink power plant construction with the same innovative urgency. American plants built with a container design similar to Fukushima's have already been upgraded to relieve pressure in the event of overheating. The Japan crisis suggests other fixes as well. Put diesel generators on higher ground. Require longer-lasting batteries to power the cooling system when the electrical grid goes out. And for crying out loud, build some robots.
Nothing is more exasperating than reading reports about all the things that can't be done at Fukushima—fixing valves, pumping water, ascertaining damage, dousing spent-fuel pools—because of heat, radiation, or the risk of explosion. Last year, BP plugged an oil leak a mile under the Gulf of Mexico with the aid of remotely operated vehicles. Why doesn't Japan, the world's most robotically advanced country, have unmanned vehicles on hand to do simple but dangerous jobs at a radiation-contaminated nuclear power plant? Ten minutes ago, I got a newsletter from the unmanned-vehicles industry about all the cool things robots are doing to help Japan. It has not a word about the nuclear reactors. That's disgraceful.
To head off the next nuclear accident, we need to rethink the parameters of plant design. Why do we build backup cooling pumps for reactors but not for spent-fuel pools? And we need layers of protection that are truly independent. If some safety mechanisms require electricity, others should be functional without it. Store cooling water above the reactor so you can deliver it with plain old gravity if you lose power. And diversify the layers. At Fukushima, all the gizmos failed, but the containers have largely held firm. Build in different kinds of protection—barriers, gizmos, training, manual tools—so that if one kind fails, another can intercede.
If everything goes wrong, and your reactor melts down, don't give up. You still have evacuation and iodine. And even if Fukushima becomes another Chernobyl, nuclear energy still has a much better safety record than fossil fuels, just as stocks have a better track record than bonds over the long term, despite the occasional crash. But that safety record depends on us. We have to learn from Fukushima, just as we learned from Chernobyl. We have to diversify our means of managing disasters and averting meltdowns. We have to give ourselves a fighting chance when things go wrong, as they sometimes will. Fukushima's workers haven't surrendered. We shouldn't either.
Human Nature's latest short takes on the news, via Twitter: