Last time, I was discussing the lessons that could be learned and applied from organizational problems at NASA and its contractors which led to the Challenger (and Columbia) disaster. This post builds off of some of those same lessons, but I want to talk about nuclear power and the ways organizational failures parallel those at NASA.
There have not been very many nuclear power plant disasters since nuclear power became possible in the post-WWII period, but the disasters which have occurred were pretty catastrophic. This is one argument against the use of nuclear power; despite its ability to provide “clean” burning power (unlike fossil fuels, for example), any accidents tend to be extremely bad, both for humans and the environment. In the very compelling book, Atomic Accidents: A History of Nuclear Meltdowns and Disasters from the Ozark Mountains to Fukushima, James Mahaffey notes the relatively few deaths that have occurred as a result of a nuclear power accident in the United States. There have been deaths of Americans, some during the early nuclear reactor concept testing years and others in an accident in Idaho, but generally speaking, nuclear power has been fairly safe, especially when compared to the human costs of mining for coal or the environmental degradation of natural gas fracking. And yet, there have been several nuclear catastrophes that put the entire concept of nuclear power into question – but most of these catastrophes can be blamed on organizational failures.
The 1986 accident at Chernobyl is probably familiar to most of us, but full details of what had happened there were not available for years after the incident, due to Soviet suppression of reports and other information. In subsequent years, reports have been declassified and showed that while the Chernobyl reactor and power plant had serious design flaws, the accident itself was exacerbated by the “deficient safety culture” at the plant. An experiment in running the reactor at low power was planned for the day shift of April 26. The engineers wanted to test whether the plant could provide electricity during a shut down – ordinarily in a nuclear reactor shutdown, backup diesel generators come online to provide enough power until the reactor is back up and running. However, there is a lag between the time a reactor is shut down and the full operation of the backup generators. Because seconds are crucial in this type of situation, the engineers wanted to test whether the still-spinning turbine could continue to power the plant through this lag period, until the generators are fully running. This test essentially meant the reactor would be shut down the way it might during an emergency, and then the rest of the experiment would be performed. Unfortunately, this also meant safety controls were turned off.
Because of other issues during the day shift, the experiment did not get underway until the night shift had started. However, the night shift were not the authors of the experiment, and had not been prepared to run the entirety of this test. Once the reactor was shut off, the power got very low – lower than was safe, which created an unstable situation in the reactor core. Because the safety systems were offline, the typical automated responses to the emergency which developed did not occur, and the workers had to manually deal with the situation. As you know, that did not go well, and there was a massive meltdown and steam explosion.
Regulations at the plant were not robust or always followed. The night shift should not have been responsible for carrying out an experiment they were not fully up to speed on. The 1992 report on the incident describes an “inadequate safety culture,” which allowed many of the conditions on that day to develop without any internal oversight. In essence, the operators at the plant didn’t do anything to violate regulations or general rules of behavior – but they still caused a terrible accident and could not do much to stop it once it began. This accident and the meltdown at Fukushima are case studies in making sure all involved personnel have guidelines and instructions that are enforced. If a culture of carelessness develops, it is hard to blame individual operators for the accident or situation that occurs due to those lapses. Similarly to NASA, the nuclear power plant was creating something extraordinary, and treated it as though it were not.
A similar set of problems occurred at the TEPCO-run Fukushima Daiichi nuclear power plant in Japan in 2011, although the lion’s share of blame for this disaster can be put on the somewhat lax regulatory culture surrounding nuclear power at the time as well as TEPCO’s slow-walking of crucial updates to the plant. Because Japan is a nation with a lot of seismic activity, installations such as power plants are required to be built and modified to withstand natural events such as earthquakes. The Fukushima plant had been built with these concerns in mind when it was opened in 1971, but as time went on, the Japanese government became more concerned with the likelihood of both more powerful earthquakes and more powerful tsunamis as a result. These well founded concerns led to a series of studies of the nuclear plants in Japan, particularly those located in coastal areas, such as the Fukushima Daiichi plant. Fukushima was specifically told to retrofit its earthquake and tsunami protection as far back as 2006. While the plant was reinforced against earthquakes and had a sea wall, these were all built to outdated guidelines from the 1970s. For instance, the approximately 20 foot sea wall was deemed inadequate, but was never altered. The tsunami waves reached heights over 40 feet. By 2011, TEPCO was promising to have the retrofits at least started by 2016, which would be nearly a decade after they were warned to make them. (There were other issues that affected the response to the accident, and I highly recommend Mahaffey’s book for more details.)
In its report, the National Diet of Japan Fukushima Nuclear Accident Independent Investigation Commission said the following about the plant: “the environment far exceeded conditions set by the design.” I found that to be a really profound statement, and one which could be applied to NASA with regard to the Challenger and Columbia shuttle disasters. Of course, one cannot predict the future – no one can be certain that an earthquake will hit or that your memo won’t be read. But one can prepare and establish an organizational culture that is clear eyed about the nature of the work being done and whether your present “design” is sufficient for your environment.
This could be relevant for academia, as well – are we really considering whether our current model is appropriate for the current environment? What are we offering our current students? Is it an outdated design? What would it take to get back in sync with the environment on our campus? Are we doing things that are maybe not healthy because there are no specific regulations telling us not to? We shouldn’t succumb to an inadequate organizational culture just because no one is pushing us to change. Why don’t we take charge of the environment and find way to solve problems and move forward that don’t just repeat last year’s ideas? This is certainly easier said, perhaps, than done, but it doesn’t mean we can’t try.
Pingback: SpaceX & the Ghosts of Space Travel’s Past | Sharyn Emery