Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.

This summers incident at Forsmark

by A swedish kind of death Mon Sep 11th, 2006 at 07:30:26 PM EST

This summer - the 25th of July - there was an incident at the nuclear plant Forsmark in Sweden. Now the analysis performed by SKI - the swedish governmental agency in charge of nuclear safety - is nearly completed.

I just read an article on the incident by an journalist that has read the nuclear plants report with aid from the investigators. If you can read Swedish I suggest you read it yourself (open the flash graphics on the right), but for you who do not, here is a summary:


What happened:
The original problem was a shortcircuit in switchgear (the article does not mention this, but I have heard that it was a bird that caused the shortcircuit). The problem transplanted itself in 37 seconds through a number of safety layers and left the reactor without electricity to monitoring equipment, waterpumps (to the keep the core with water). However (and it is unclear why) all power was not lost. After 22 minutes the staff manages to get the reactor power from the grid and power and control is restored. In the meantime half the water above the reactor has been lost.

All reactors of the same type has since been down awaiting this report.

Problems:
From the step by step analysis in the article and its list of 9 faults, I find one thing that was broken: an oilpump. There is also one faulty installation and one possibly broken gasturbine. Other then that there are the original shortcircuit and then a series of no less then five consecutive faults that are all more or less the consequences of the original problem.

Meltdown?
It is as of now unclear why not all power was lost, and as far as the analysis goes it could just as well have been lost. If all power had been lost, the finnish version of SKI claims that there would have been of nuclear meltdown within two hours, while the nuclear plant maintains that they would still have been able to control the blackout and get power from the general grid.

So, now you know. (For the record, the paper in question - Dagens Nyheter - is pro-nuclear in their political leanings.)

Display:
Do they say why the cascade failure happened? Was it a design fault?
by Colman (colman at eurotrib.com) on Tue Sep 12th, 2006 at 02:48:57 AM EST
It would be nice to have an explicit list of faults, not just their number. Cascades of electrical faults are not unusual.

Nothing is 'mere'. — Richard P. Feynman
by Migeru (migeru at eurotrib dot com) on Tue Sep 12th, 2006 at 05:32:23 AM EST
[ Parent ]
I was thinking of how to write this diary. To actually describe each step in the chain and make it understandable I would have to write at least as good an article as the one I started with (it is good do check it out, follow the link and then press 'se grafik' if nothing else for the neat pictures) and I am not sure I could. Not without the original report (which I have been unable to find) to check disambiguities. So I brought you a summary instead.

But of course you can have the list:

  1. Shortcircuit
  2. High-power pulse
  3. Back-up batteries A and B (two of four) automatically turned of
  4. Faulty oilpump in turbine 1
  5. Faulty installation takes out turbine 2
  6. To low frequency in the current activates switches that isolate the system from the grid, making backup power from the grid unavailabel.
  7. A gasturbine does not start.
8 & 9. Dieselengines A and B does not start as their batteries (step 3) has been turned of. Dieselengines C and D worked however as their batteries had not been turned of.

And why batteries C and D was not turned of in step 3 is still unclear. If they had been they would have lacked all power.

Sweden's finest (and perhaps only) collaborative, leftist e-newspaper Synapze.se

by A swedish kind of death on Tue Sep 12th, 2006 at 07:50:07 AM EST
[ Parent ]
A very good summary of events.  I've never worked in a power plant, but I work fairly closely with people who do.  I can imagine the scenario you describe.  It sounds like a marvelous example of Murphy's Law.  The statistical odds of all those things happening at the same time is probably on the order of a meteor strike.  Cold comfort to anyone who remembers Chernobyl, I know.


We all bleed the same color.
by budr on Tue Sep 12th, 2006 at 10:51:22 AM EST
[ Parent ]
The statistical odds of all those things happening at the same time is probably on the order of a meteor strike

Which points at negligence as a cause rather than bad luck.
by Colman (colman at eurotrib.com) on Tue Sep 12th, 2006 at 10:56:58 AM EST
[ Parent ]
Not necessarily.  Meteor strikes do happen after all.

Still, I wouldn't be at all surprised to learn that large amounts of money eventually change hands based on the circumstances surrounding items 4 & 5.  Pure speculation on my part, you understand.

We all bleed the same color.

by budr on Tue Sep 12th, 2006 at 11:05:50 AM EST
[ Parent ]
I think 1, 2, 3, 6 are actually related and should not be considered independent. Each failure in the chain increases the likelihood of the next one.

So maybe there are just 4 independent faults instead of 7 independent faults.

Nothing is 'mere'. — Richard P. Feynman

by Migeru (migeru at eurotrib dot com) on Tue Sep 12th, 2006 at 12:15:23 PM EST
[ Parent ]
That is exactly the way I am reading it. 7 is unclear as to why it happened and could also be related.

I do not know why 8 & 9 fell out of the list, but they are clearly related as they are because of 3 (nad the reason I call them 8 & 9 instead of 8 is that the paper does so).

Sweden's finest (and perhaps only) collaborative, leftist e-newspaper Synapze.se

by A swedish kind of death on Tue Sep 12th, 2006 at 01:16:53 PM EST
[ Parent ]
It's generally accepted, by those who calculate such things, that the probability of dying from a meteor strike is roughly the same as dying in an airplane accident. Not at all an insignificant chance.
by asdf on Wed Sep 13th, 2006 at 09:36:04 AM EST
[ Parent ]
Um. What are the odds? Both events are pretty unlikely, to the point of being insignificant unless you expect to live for a few thousands of years.
by Colman (colman at eurotrib.com) on Wed Sep 13th, 2006 at 09:41:39 AM EST
[ Parent ]
Here are detailed statistics about air disasters. The risk is per flight, not per distance travelled, and is broken down by aircraft model. The Boeing 737 has 3 accidents for each 5 million flights.

Nothing is 'mere'. — Richard P. Feynman
by Migeru (migeru at eurotrib dot com) on Wed Sep 13th, 2006 at 09:48:32 AM EST
[ Parent ]
Interesting.

Could you clarify why the high-power pulse counts as separate failure? Was some system meant to block high-power pulses in case of short-circuits?

Overall, withe the final point, this now looks as a much more serious system failure than Vattenfall would have us believe. As a nuclear sceptic, I'd highlight as general principles
(a) the irreducibility of the system (which makes cascading failures likely),
(b) that this cascading failure, like many others, wasn't expected and as such doesn't turn up in (prior) disaster probability calculations used in safety arguments,
(c) that such serious and multiple examples of negligence and technical bungling can occur even in countries with the best record (not the level to be expected in most places should nuclear become a global-warming-battling mainstay of electricity generation globally),
(d) that companies do some serious spinning and withholding of information (in this case, the it-wasn't-that-serious-at-all routine) even if they can expect government oversight to uncover the facts for the public some time later.

*Lunatic*, n.
One whose delusions are out of fashion.

by DoDo on Tue Sep 12th, 2006 at 11:31:07 AM EST
[ Parent ]
Could you clarify why the high-power pulse counts as separate failure? Was some system meant to block high-power pulses in case of short-circuits?

Yes, there was some protection in the switchgear that was supposed to protect the rest of the system. The article does not say more then that. As I read it, it is implied that this should have worked even in the case of shortcircuit but it does not say it explicitly.

Sweden's finest (and perhaps only) collaborative, leftist e-newspaper Synapze.se

by A swedish kind of death on Tue Sep 12th, 2006 at 01:27:43 PM EST
[ Parent ]
The most striking fallacy of these I think are 6. I can understand that low frequency would isolate the system form the grid wrt outgoing power from the plant but that it also cut off backup power from the grid to the plant sounds like a serious failure in the design.
by high5 (high5104@gmail.com) on Wed Sep 13th, 2006 at 04:55:12 AM EST
[ Parent ]
Theya are not really comfortable with that conclusion but yes. Or at least design fault in combination with  human error.

This is just the sort of thing that is not supposed to happen as it cuts through the different layers of security.

Sweden's finest (and perhaps only) collaborative, leftist e-newspaper Synapze.se

by A swedish kind of death on Tue Sep 12th, 2006 at 06:58:29 AM EST
[ Parent ]
What this shows (again) is the faulty use of statistics to determine risk. While the risk of a meltdown may be small the consequences are huge. Chernobyl affected possibly millions of people and continues to cause elevated exposure to radiation over much of Europe.

So a true measure needs to combine these factors such as done with travel risk (fatalities per unit distance traveled, for example). By this measure nuclear is not safe. The biggest failure at a conventional plant (say an explosion) would affect at most a thousand or so people. The fact that direct fatalities from nuclear accidents has remained small, proves nothing except we have been moderately lucky until now.

I know nothing about nuclear plant design, (except for the fact that making the world's largest teapots shows the 19th Century mindset of engineers), but there are certain fail-safe things that could be used. Things like gravity are pretty reliable and don't depend on external power.

Human error is usually the cause of failures in most highly engineered systems, and thinking this can be prevented by better procedures is a utopian dream.

Unless there is a design that cannot meltdown or explode under any conditions than nuclear plants should be phased out. Do I think this will happen? No. In fact I think usage will increase.

Policies not Politics
---- Daily Landscape

by rdf (robert.feinman@gmail.com) on Tue Sep 12th, 2006 at 11:38:31 AM EST
I know nothing about nuclear plant design, (except for the fact that making the world's largest teapots shows the 19th Century mindset of engineers), but there are certain fail-safe things that could be used. Things like gravity are pretty reliable and don't depend on external power.

Here is the rub: conventional power plant design needs an external power supply for normal work, to keep up circulation (emergency generators are good enough for just that, emergency shutdown). Gravity might be used, and both the EPR and pebble-bed designs rely on it in case of emergency, but other technical problems come with the basic idea of those solutions.

*Lunatic*, n.
One whose delusions are out of fashion.

by DoDo on Tue Sep 12th, 2006 at 12:04:35 PM EST
[ Parent ]
Are you sure the EPR use gravity? I thought it wasn't a passive reactor.

Peak oil is not an energy crisis. It is a liquid fuel crisis.
by Starvid on Tue Sep 12th, 2006 at 12:35:12 PM EST
[ Parent ]
Gravity only gets the fuel out of the core and into the core catcher, while channeling and cooling requires action, so it both uses gravity and is not a passive system.

*Lunatic*, n.
One whose delusions are out of fashion.
by DoDo on Tue Sep 12th, 2006 at 05:53:47 PM EST
[ Parent ]
Well there is one. It's called the AP1000. They're going to build like a dozen of it in the US.

Peak oil is not an energy crisis. It is a liquid fuel crisis.
by Starvid on Tue Sep 12th, 2006 at 12:39:32 PM EST
[ Parent ]
But compared to what?

The average level of radiation in the exclusion zone around Chernobyl is about one-third the level that Finns are exposed to naturally, and less than natural background radiation in parts of Spain and France.

It's a good thing Chernobyl evacuees didn't move to Finland--they would have tripled their dose!

You would expect the incidence of radiologically-induced disease to be high among the Finns, or among populations in Iran, Brazil, India, and China who live on geological formations high in uranium, thorium, or radium.  But there is no increase in disease or reduction in life span attributable to the greater radiation these populations receive.

by Plan9 on Thu Sep 14th, 2006 at 01:34:07 PM EST
[ Parent ]
There are two things that I don't really agree with in the article. First of all the meltdown issue. The head of SKI said something like "there was never any risk of a meltdown", something the article implies.

The other thing is the boiling in the reactor. The core has 4 metres of water above it, and according to the article 2 metres boiled away. According to things I have read those 2 metres of water disappeared not due to boiling but due to (correct) depressurizing actions made by the operators.

I mean, two out of four emergency generators are all that's needed to maintain full, 100 % cooling of the core. And throughout the event, two emergency diesels were online, right? So how could there be any boiling in the core? If I have understood things right it was under full cooling throughout the event (except in between 0 and 37 seconds into the event, when diesel C&D went online).

Strange.

Peak oil is not an energy crisis. It is a liquid fuel crisis.

by Starvid on Tue Sep 12th, 2006 at 12:34:24 PM EST
According to the article 4 out of 8 emergency water pumps could not be used. It does not specificly say why. Or for that matter what was the effect of it.

Rereading it I realise that only the headline says that "Half the cooling water boiled away" the rest of the text does not claim so (only that 2 meters were not there in the end). From what I know about swedish newspapers headlines are not written by the same people as the articles, so this could very well be an example of exaggerated headline.

For the final analysis of the risk of meltdown I guess we have to wait for the SKI report. The article claims it will be finished in a matter of days, so we should not have to wait long.

Sweden's finest (and perhaps only) collaborative, leftist e-newspaper Synapze.se

by A swedish kind of death on Tue Sep 12th, 2006 at 01:43:42 PM EST
[ Parent ]
I am looking forward to it.

When it comes to the pumps, they are, just like the emergency diesels, 200 % of needed capacity. Only 4 out of 8 pumps are needed to maintain full cooling.

As a sidenote, the EPR will have 4 separate (and this time I guess they really mean it) reserve diesel and cooling systems, and only one will be needed to manitain full power and cooling.

Peak oil is not an energy crisis. It is a liquid fuel crisis.

by Starvid on Tue Sep 12th, 2006 at 01:57:25 PM EST
[ Parent ]
Doesn't de-pressurizing lead to boiling? E.g. if the article was imprecise, then in implying that it was heat alone which pumps failed to carry away that caused the boiling?

*Lunatic*, n.
One whose delusions are out of fashion.
by DoDo on Tue Sep 12th, 2006 at 05:58:51 PM EST
[ Parent ]
I believe (I am not sure) that what they did was dumping some of the hot cooling water into the torus to reduce the amount of heat and lower the pressure inside the containment, to avoid weakening of the containment. I can't see how this would cause extra boiling.

The reactor in question is a BWR, so there is always boiling going on in the reactor, but as 4 of 8 cooling pumps were online this should not have reduced the water level inside the reactor.

Peak oil is not an energy crisis. It is a liquid fuel crisis.

by Starvid on Wed Sep 13th, 2006 at 11:51:05 AM EST
[ Parent ]


Display:
Go to: [ European Tribune Homepage : Top of page : Top of comments ]