Insights on Accident Information and System Operations during Fukushima Events

Kim, Man Cheol

doi:https://doi.org/10.1155/2014/123240

Science and Technology of Nuclear Installations

On this page

Abstract Introduction Conclusions Acknowledgments References Copyright Related Articles

Special Issue

Lessons Learned from the Fukushima Accident: An Integrated Perspective

View this Special Issue

Review Article | Open Access

Volume 2014 | Article ID 123240 | https://doi.org/10.1155/2014/123240

Insights on Accident Information and System Operations during Fukushima Events

Man Cheol Kim¹

Academic Editor: Inn Seock Kim

Received15 May 2014

Accepted25 May 2014

Published05 Jun 2014

Abstract

As part of the development of an integrated perspective on lessons learned from the Fukushima Daiichi nuclear accident, this paper highlights lessons learned and implications relating to the accident information and system operational aspects during the events. Our analysis clearly indicates that the plant was neither designed nor prepared to withstand such an unexpected event, which included a complete loss of electrical power sources for a long period. The author focused on the accident information and system operational aspects of the Fukushima event, including lack of information, provision of wrong information, operator performance in life-threatening environments, and improvisation given lack of procedures and training. Suggestions for further improvement of the nuclear plant safety are then made with respect to preparation for beyond design basis events, provision of reliable essential information to operators, development of guidelines/procedures, training of operators, and development of operator support systems with consideration of severe accidents caused by unexpected events. It is hoped that the lessons learned from the accident will significantly contribute to the enhancement of nuclear plant safety.

1. Introduction

On March 11, 2011, an earthquake measuring 9.0 on the Richter magnitude scale (M 9.0) occurred off the Pacific coast of Tohoku; this earthquake, together with the subsequent tsunami, caused damage to the Fukushima Daiichi nuclear power plants (NPPs), resulting in severe core damage and considerable release of radioactive materials to the environment. Many organizations investigated the events at the Fukushima site, producing the following reports:(i)the National Diet of Japan Fukushima Nuclear Accident Independent Investigation Commission (NAIIC report) [1];(ii)the Investigation Committee on the Accident at Fukushima Nuclear Power Stations of Tokyo Electric Power Company by the Japanese Government (government report) [2, 3];(iii)the Independent Investigation Commission on the Fukushima Nuclear Accident by the Rebuild Japan Initiative Foundation (RJIF report) [4];(iv)the Tokyo Electric Power Company and its Fukushima Nuclear Accident Analysis Report (TEPCO report) [5];(v)the Near-Term Task Force of the United States Nuclear Regulatory Commission (NTTF report) [6];(vi)the American Nuclear Society Special Committee on Fukushima (ANS report) [7];(vii)the ASME Presidential Task Force on Response to Japan Nuclear Power Plant Events (ASME report) [8];(viii)the United Kingdom Office of Nuclear Regulation (UK ONR report) [9];(ix)the Nuclear Energy Agency of the Organization for Economic Cooperation and Development (OECD/NEA report) [10].

These reports outline lessons learned in relation to the various aspects of the nuclear disaster. Installation or improvement of hardware (such as antitsunami walls, filtered vents, and passive autocatalytic recombiners (PARs), amongst others) is an often cited aspect. The disruption in command and control has also been discussed frequently in such reviews.

Much research has been conducted to distill lessons learned from the accident. D’Auria et al. [11] reviewed the accident within a technological framework of nuclear reactor safety and provided relevant findings, observations, and recommendations. Hirano et al. [12] reviewed the behavior of reactors at Units 1, 2, and 3, identifying major safety issues such as design basis tsunami, accident management measures, and regulatory treatment of beyond design basis events (BDBEs), among others. Tanaka [13] reviewed the accident and highlighted lessons learned, such as the need for a unique and reliable regulatory body, the backfit rule, and higher engineering competence in light water reactors (LWRs). Urabe et al. [14] discussed lessons learned from the viewpoint of radiation protection from the Fukushima accident, such as the importance of urgent protective actions like evacuation and limiting the intake of foods harvested from contaminated areas.

In order to protect the NPPs and the public safety from danger, various activities are needed including accident prevention, accident response, and emergency preparedness. From a viewpoint of accident response, correct implementation of operation and recovery activities by the shift operators and the recovery team is essential. It is thus important to review and analyze, in a systematic and structured way, the lessons that were learned from the actual response of shift operators and management staff at the Fukushima Daiichi NPPs. Even though several studies have been performed on the human factor aspects of the accident [15] and resilience engineering perspective on the accident [16–18], it seems that there has been few study on the lessons learned from the information and operational aspect of the accident in relation to accident response.

As part of the development of an integrated perspective on lesson learned from the station blackout (SBO) conditions resulting from the M 9.0 earthquake and the subsequent tsunami, this paper highlights the responses of shift operators and emergency management staffs together with implications for accident information and system operational aspects. Section 2 outlines key characteristics relating to the accident. Section 3 discusses accident information and system operational aspects of the accident response. Section 4 outlines lessons learned and their implications, with special attention on instrumentation and control (I&C) systems and human operators in NPPs. Finally, Section 5 presents the conclusions of this paper.

2. Key Characteristics of Fukushima Accident

The Fukushima accident can be characterized as an occurrence of the unexpected events that the plant and the operators were not prepared to cope with, which eventually resulted in considerable core damage and radiation releases to the environment. The unexpected event involved the simultaneous loss of alternate current (AC) and direct current (DC) power in Units 1, 2, and 4 and a prolonged loss of AC power in Units 3 and 5. The unexpected event was not considered in the plant design and operation. There was no guideline or procedure applicable to such an event. Operators were not trained to manage and respond to such an event. Improvisation and trials and errors were only available strategies at the moment. Operators, who did not have enough knowledge of severe accident phenomena, had to find necessary response actions in a very short time and implement them in life-threatening environments.

2.1. Event Outside of the Design Basis

With the term design basis, a NPP is required to withstand a set of postulated accidents without imposing risk to the public health and environment. Additional regulatory requirements, such as the anticipated transient without scram (ATWS) rule (10 CFR 50.62 [19]) and the SBO rule (10 CFR 50.63 [19]) in the United States, were issued to complement regulations based on design basis events. According to the SBO rule, NPPs must be able to withstand an SBO for a specified duration of time and must also be able to recover from it. Station batteries and other necessary support systems are used for this purpose.

The establishment of requirements on design basis events and additional requirements is not intended to ignore those events that lie outside the boundary but rather to focus on those events that lie inside the boundary in order to maximize the safety of NPPs with limited time, resources, and effort. Inevitably, those events considered to lie outside the boundary receive less attention, partly because such boundaries defined only design basis conditions and not beyond design basis events.

In Fukushima Daiichi NPPs, the design basis for flooding by tsunamis was originally 3.1 m at the time of the construction permit, with this later reevaluated to 5.7 m based on the methodology proposed in 2002 [20]. Based on a recognition that tsunami heights may exceed the design basis, Sakai et al. [21] performed probabilistic tsunami hazard analysis in 2006, estimating the frequency of tsunamis higher than 15 meters in 50 years to be approximately four occurrences in every 100,000 years.

It has been argued that the design basis tsunami did not properly reflect historical tsunami experiences in Japan. Uchida and Matsuzawa [22] emphasized the importance of the relationship with a large tsunamigenic earthquake having a recurrence interval of 400–1300 years, as estimated on the basis of geological data. Shibata [23] provided a review of the two gigantic tsunamis, the 869 Jogan tsunami and the 1611 Keicho tsunami, which affected the Sendai plain prior to the 2011 Great East Japan earthquake/tsunami. Shishikura [24] reconstructed the tsunami inundation area of the 869 Jogan earthquake and concluded that the magnitude and source of the tsunami were very similar to those of the 2011 Great East Japan earthquake.

The tsunami of maximum height 15 meters (higher than the design basis) that followed the earthquake caused not only the loss of all AC power (which can be considered to lie inside the regulatory boundary, based on the SBO rule) but also the loss of DC power (which lies outside the boundary). The plant was neither designed nor prepared to withstand such an event. For example, the loss of DC power caused the isolation interlock of the isolation condenser (IC) in Unit 1, in turn leading to the closure of all valves associated with the IC. If the loss of both AC and DC powers had been considered in the design of the plant, the interlock could have been designed to open all valves, so that core cooling could be maintained.

Narabayashi [25] is of the opinion that had the IC been appropriately operated, the accident would have been terminated quickly; the IC, the valves of which closed as a result of the IC isolation signal (caused by the loss of DC power), can, therefore, be considered a “fail-dangerous system,” as opposed to the incorporation of a “fail-safe” mechanism that is typically the case at NPPs. However, one should also bear in mind that should any break occur in the piping of the IC, it would make sense to close the valves so that radioactive steam from the reactor pressure vessel (RPV) would not be released to the reactor building (R/B) or to the environment. Thus, while one type of design seems appropriate for one set of circumstances, such a design may not be as well suited to beyond design basis events. In order to determine optimal system design, systems interaction effects [7] should be carefully analyzed, with consideration and analysis of tradeoffs between advantages and disadvantages under various postulated scenarios. The designer of the Fukushima IC chose from a variety of options (open, close, or stop as is) that are available upon the detection of abnormalities associated with the IC and opted for valve closure to maximize safety, given that the loss of both AC and DC powers was not a consideration during the design phase.

2.2. Prolonged Loss of AC Power

Given that the plant was not designed or prepared for prolonged loss of AC power, the likelihood of the plant being unable to withstand such an event was significant. The Fukushima Daiichi NPPs could have withstood the event by restoring AC power (either through off-site power or through emergency diesel generators (EDGs)) over a very short period, probably less than two hours, since the reactor core of Unit 1 started to be uncovered around this time without IC operation. It should be noted that Fukushima Daiichi Units 5 and 6 and Fukushima Daini NPPs could withstand the event with one air-cooled EDG installed in Unit 6 and the available off-site power, respectively.

In an SBO situation, it is expected that turbine-driven pumps, such as RCIC pumps in Units 2, 3, and 4, and turbine-driven auxiliary feedwater pumps in pressurized water reactors (PWRs) and station batteries will be used to manage the situation for a specified time. Station batteries are expected to provide power to essential components for about four or eight hours, depending on the licensing design of the associated NPP. As noted by Al Shehhi et al. [26], successful mitigation of an SBO eventually requires restoration of AC power. The SBO rule also focuses in the main on restoration of AC power, either through off-site power or through on-site EDGs.

Even though the site superintendent quickly ordered the restoration of off-site power to restore AC power, TEPCO [5] indicated that early restoration of off-site power was extremely difficult. With the complete loss of both AC and DC powers, combined with the failure to quickly restore AC power, difficulties related to the maintenance of core cooling and containment integrity were present from the start.

Table 1 shows the timing of loss and restoration of AC power, as well as the timing of core damage. It took approximately twenty-three days to restore AC power after it was completely lost. It is assumed that RPV injection occurred at the same time that AC is recovered.

As mentioned in the ANS report [7], the dominant core damage scenario identified by probabilistic safety assessments (PSAs) of boiling water reactors (BWRs) results from an SBO combined with eventual failure of the reactor core isolation cooling (RCIC) and high-pressure coolant injection (HPCI) systems. It was very fortunate that the RCIC system in Unit 2 could operate for approximately 70 hours and that the RCIC and HPCI systems in Unit 3 could operate for approximately 35 hours. According to ANS report [7], one should not expect the RCIC system to run beyond 8 hours in an SBO situation. However, in this instance, AC power had not been restored after this interval, nor could an alternative injection to the reactor (after depressurization of the RPV) be established, inevitably resulting in core damage in Units 2 and 3. According to Tanabe [27] and Kataoka [28], core damage started to occur after 2, 5, and 2.5 hours after the loss of emergency core cooling capabilities in the case of Units 1, 2, and 3, respectively.

2.3. Shortage of Available Time

In a simulation of a hypothetical complete SBO at the Browns Ferry Nuclear Plant [29], core uncovery and core damage commenced after 33 and 70 minutes, respectively; this simulation represented a situation in which RCIC and HPCI systems were unavailable owing to closed valves or failed batteries.

According to the ANS report [7], when the emergency core cooling system (ECCS) cannot function properly, the reactor core starts to be uncovered in one to two hours, depending on the reactor design; core damage starts to occur approximately 30 minutes after the core is uncovered. This is in accordance with the Unit 1 MAAP analysis described in the TEPCO report [5], which indicates that top of active fuel (TAF) and bottom of active fuel (BAF) were reached at around 18:10 and 19:40, respectively, approximately 2.5 hours and 4 hours after the occurrence of the SBO. This analysis result is supported by observations of increasing radiation at around 22:00 in the reactor and turbine buildings of Unit 1.

As mentioned above, shift operators in Unit 1 only had one to two hours available to prevent core damage once the IC was not in service. Owing to the short time available for operators to respond to the accident situation when the ECCS cannot perform its intended function, fast recognition of and response to the situation are very important. Such fast response can be accomplished through preprepared and clearly described procedures and through regular training in accordance with these procedures. Without these elements, a rapid response cannot be expected.

2.4. Lack of Procedures and Training for Severe Accidents

As mentioned in the ASME report [8], current accident management in many NPPs is based on the availability of plant status indications and available safety systems. In NPPs lacking both, as was the case during the accident at the Fukushima Daiichi NPPs, mitigation of accidents becomes very difficult. Such conditions were not within the boundary of design basis, and, therefore, NPPs were not sufficiently prepared for such conditions.

In the Fukushima Daiichi nuclear accident, the loss of all AC and DC power resulted not only in the inoperability of important equipment but also in the loss of essential instrumentation. Given that the plant conditions deviated from the basic assumptions underlying emergency operating procedures (EOPs) and accident management guidelines (AMGs) and given that no procedures or guidelines had been available for such conditions that actually occurred, it must have been extremely difficult for the operators to prevent core damage.

For procedures to be used effectively, operator training based on these procedures needs to be accomplished. According to the NAIIC report [1], training relating to the management of severe accidents performed in BWR operator training centers (BTCs) mainly comprised a personal computer- (PC-) based simulator exercise. Moreover, the simulator did not include the IC. Training with site simulators was conducted with instructors explaining how to operate equipment in front of the accident management control panel. Rather than saying that simulator training was insufficient, it would be fair to say that less attention was given to simulator training with severe accident operating procedures (SOPs) than was given to simulator training with EOPs. Needless to say, a severe accident scenario involving the total loss of AC and DC power was not considered in the simulator training.

2.5. Core Damage and Massive Radioactive Releases

The prolonged loss of AC power, combined with shortage of available time and lack of procedures and training, resulted in core damage in Units 1, 2, and 3. Thermal-hydraulic (TH) behavior and the progress of core damage were analyzed by TEPCO using MAAP, as described in the TEPCO report [5]. Sandia National Laboratory performed TH analysis using MELCOR, as described in report [30] and papers [31–33]. Accident progression analysis using MELCOR was also performed by Hoshi and Kawabe [34]. Ishikawa [35] applied THALES2 code to the analysis of accident progression.

Allison et al. [36] calculated possible core/vessel damage states of Units 1, 2, and 3 with RELAP/SCDAPSIM and concluded that not only fuel melting but also the failure of vessels in Unit 1 was likely significant. Parisi et al. [37] also conducted a simulation for Unit 1 with RELAP/SCDAPSIM, with results consistent with those of other simulation studies.

The quantity of radioactive releases due to the accident was estimated by Tomioka and Mørup [38] and Takemura et al. [39]. Le Petit et al. [40] analyzed fission product activities measured approximately 210 km away from the NPP and showed that the reactor cores were exposed to high temperatures for a prolonged period of time. Achim et al. [41] analyzed long-term dispersion of radionuclides and showed that at least 80% of the core inventory was released into the atmosphere.

3. Accident Information and System Operational Aspects

As discussed in Section 2, the plant was neither designed nor adequately prepared for the unexpected event that had actually occurred at the Fukushima NPPs. The total loss of AC power lasted much longer than ever imagined in the nuclear power community; too little time was available for the operators and the recovery team to properly respond to the rapidly evolving events; no guidelines were available at that time that could help them cope with such complex situations caused by the extreme natural disaster and the consequential loss of AC and DC power. Even though core damage could not have been prevented under such conditions, it is important to derive important lessons by looking into the actual situations during the events at Fukushima. Focus herein will be placed on the information and system operational aspects during the events.

3.1. Lack of Information

According to the ATHEANA human reliability analysis (HRA) method [42] that provides a rich and holistic understanding of the context concerning the human factors, four distinct activities are typically performed by the operators in coping with an operational event at NPPs: (1) monitoring/detection, (2) situation assessment, (3) decision making, and (4) implementation. One can easily comprehend that information is essential in each of these activities, and lack of information will have adverse effects on the human performance associated with these activities. Kim and Seong [43] and Lee and Seong [44] provided situation assessment models for shift operators that can be used to estimate such adverse effects based on Bayesian inference.

Given limited resources and staff with limited time available for accident response at Fukushima NPPs, it was important for correct decisions to be made at the earliest possible time during the accident in order to adequately cope with the evolving events, with time and resources prioritized to respond to the most urgent situations first.

To prevent core damage, it was essential to provide sufficient coolant to each of the reactors and to transfer the decay heat from the reactor to the ultimate heat sink. Information about the RPV water level was crucial for accident management to ensure maintenance of an adequate amount of RPV coolant inventory. As the RPV pressure also had to be properly controlled in order to maintain the integrity of the RPV, the provision of suitable measures to depressurize the reactor in a controlled manner was also needed.

Had the RPV water level indicator in Unit 1 been available and monitored continuously, the decreasing trend in the RPV water level could have alerted shift operators to the fact that the IC was not operating. Drywell (D/W) pressure could also have provided information on the inventory inside the RPV, because an increase in D/W pressure indicates that the reactor has lost an amount of reactor coolant. Shift operators also needed to consider the possibility of a break or leakage in the RPV, which would have resulted in a decrease in the RPV water level and in RPV pressure and an increase in radiation levels in the reactor building (R/B), main control room (MCR), and eventually in the nearby environment.

In Units 3 and 5, DC power was not affected by the tsunami, and, therefore, essential information was available in the MCR. The author believes that the availability of information had significant contribution to the recovery of Unit 5. In Unit 5, because the plant parameters could be monitored in the MCR with the DC power supply, priorities could be given to the restoration of AC power by cross-connecting to the AC power in Unit 6, which was supplied by an air-cooled EDG.

With this in mind, it seems logical that the emergency response team first tried to restore essential instrumentation in the MCR of Units 1 and 2. The RPV water level indicator was restored first through connection with ten batteries in series; this was followed by the D/W pressure indicator, which was restored through connection with a temporary mobile generator located inside the MCR at the time. It is also noteworthy that the shift operators in Unit 5 first tried to restore the AC-powered instrumentations, which can be understood as an attempt to collect more information on the plant status to make optimum decisions at the moment.

The generation of steam from the IC in BWRs indicates that the heat generated inside the RPV is being removed. The amount of steam generation from the IC is proportional to the amount of heat removed inside the RPV. When there is no break or leakage, removal of heat inside the RPV means that inventory and pressure inside the RPV are being maintained. In the case of Unit 1, it was later discovered that heat removal was being performed through subsystem A of the IC, even though this was not known during the initial phase of accident progression. On April 1, 2011, the IC valves were found to be open in the case of the 3A and 2A valves (subsystem A) and closed in the case of the 3B and 2B valves (subsystem B). The shell side water level was found to be 63% and 83% for subsystems A and B, respectively.

In severe accident conditions, it was found to be difficult to obtain information from field indicators by dispatching operators owing to safety concerns. Unit 1 shift operators could not confirm the operational status of the IC, because the dispatched operator returned without information owing to the high radiation level in the R/B. Shift supervisors also hesitated to dispatch operators because of frequent aftershocks, tsunami warnings, and high radiation levels in the R/B. According to Kawano [45], there were 195 aftershocks with magnitude greater than M 5.0 on March 11 alone. The magnitude of three of these was greater than M 7.0.

With significantly insufficient information, decisions thus had to be made under conditions of much uncertainty. The decisions made by different parties involved in the accident were inconsistent, and an issue of command and control was raised owing to these differing decisions. Had there been sufficient information, it is highly likely that decisions made by the different parties would have been similar, possibly resulting in less confusion or conflict among them. It is believed that the lack of information played a significant role in the issue of an unclear command and control line during the progression of the accident.

3.2. Wrong Information

Historically, wrong information has often misled operators from correctly understanding the situation and making decisions accordingly. In the case of the Three Mile Island (TMI) accident [46], the indicator for the pilot operated relief valve (PORV) misled operators into wrongly believing that the PORV was closed. This occurred because the indicator light for the PORV was off, meaning that the electric power to the solenoid was cut off; shift operators interpreted this information to indicate the closure of the PORV. In reality, the PORV was stuck and remained in the open position. Because the shift operators did not realize that this was the case, reactor coolant was escaping from the reactor coolant system (RCS). This misunderstanding on the part of shift operators (or, in other words, the provision of wrong information by the PORV indicator) eventually resulted in damage to the reactor core.

Another example of the provision of wrong information in the TMI NPP was related to the pressurizer level. As the RCS continuously lost coolant through the stuck-open PORV, the pressurizer level shown at the indicator in the MCR gradually increased. This led shift operators to shut down the emergency core cooling pumps, eventually halting emergency injection to the reactor. From that point onwards, human errors have been classified into errors of omission and errors of commission, and significant research has been conducted on the latter especially due to its significant role during the progression of the TMI accident scenario.

In the case of Fukushima Daiichi Unit 1, there were at least two instances of providing wrong information to the shift operators: the notification of steam generation from the IC by the emergency response center (ERC) and the display of the wrong RPV water level. When the shift operators asked the ERC whether the IC was functioning, the ERC confirmed that steam had been generated from the IC at 16:44 on March 11, even though the amount of steam was insignificant. As in the case of the TMI accident, the RPV water level indicator at the Fukushima Daiichi Unit 1 led operators to mistakenly believe that the reactor had sufficient water to cool the core down. An explanation on the probable cause of the wrong reactor water level indication is provided in the TEPCO investigation report [5].

It is generally speculated that wrong information misled shift operators and the emergency recovery team into focusing on the recovery of Unit 2 instead of Unit 1. The TEPCO report [5] argued that operators focused on the recovery of Unit 1; however, the NAIIC report [1] pointed out that Unit 2 was at first regarded as being most critical, even if Unit 1 was actually in a more critical condition, because the operational status of RCIC in Unit 2 was not known at the moment. This may mean that shift operators and the recovery team paid more attention to the recovery of Unit 2, until the RCIC operational status was confirmed from the field.

3.3. Operator Performance under Life-Threatening Situations

There have been some discussions on the contribution of human errors to the progress of the accident. For example, the government interim report [2] indicated the following problems regarding operator response to the accident:(i)misjudgment of the operational situation of the IC in Unit 1 (see Table 2);(ii)poor handling of alternative water injection in Unit 3 (see Table 3).

It is known that the RJIF report [4] also specifically indicated human errors during accident management, such as failures relating to the IC operation in Unit 1 and the shutdown of the HPCI in Unit 3. Among the chronicle records of shift operators’ operations in Units 1 and 3 shown in Tables 2 and 3, those marked in bold are what are frequently considered as human errors during the response to the accident, with some backgrounds on why shift operators performed such misoperations.

In addition to the background of such operations, it is also worth reviewing the environment where the shift operators were placed and how HRA methods typically estimate human error probability (HEP) under such an environment. When the SBO occurred, after the NPPs had been hit by the earthquake and tsunami, the shift operators and recovery team found themselves in complete darkness, experienced frequent tremors caused by aftershocks, and may well have feared that their lives were in danger. Under such a life-threatening situation, with frequent aftershocks, tsunami warnings, hydrogen explosions, and high radiation levels, the shift operators, recovery team, and management staff had to manage the unprecedented accident to keep the progression of the accident under control.

In Technique for Human Error Rate Prediction (THERP) [47] and Accident Sequence Evaluation Program (ASEP) [48], developed a long time ago but still widely used in the HRA community, the HEP under life-threatening situations is roughly estimated to be 0.25 with error factor 5 for skilled shift operators. This means that human operators are likely to make mistakes or errors once every four important tasks. In Standardized Plant Analysis Risk-Human Reliability Analysis (SPAR-H) method [49], a multiplier of 5 to the HEP at hand was assigned as a performance shaping factor for the situation when shift operators were under extreme stress situations (less than life-threatening). Even though the situation at the time of the Fukushima accident was worse than the one assumed in THERP [47], ASEP [48], and SPAR-H [49] (namely, a large loss of coolant accident), the shift operators and emergency response team successfully established plans and performed planned tasks with only a few reported minor human errors.

The overall response of the shift operators and emergency response team is considered to be adequate, despite the harsh conditions and staff fears of losing their own lives in such a life-threatening situation.

3.4. Improvisation under Lack of Procedures and Training

The SBO, combined with the loss of DC power, resulted not only in the loss of instrumentation but also in the loss of control of valves, which was due to the loss of motive force. For example, owing to the loss of DC power, the IC valves could not be opened until 18:18 on March 11, when DC power was temporarily available. Shift operators encountered difficulties, particularly in opening the solenoid valves to control the air-operated containment vent valves.

Despite little time being available for shift operators to respond to the accident in order to prevent core damage, no procedures or guidelines were available and no information was provided to the operators. It is important to note that the EOPs and AMGs could not be applied owing to deviations from the basic assumptions necessary to apply them. Frequent aftershocks, tsunami warnings, and high radiation levels inside the R/B prohibited operators from recovery or information collection activities.

Under such circumstance, considerable improvisation was required to devise creative ways to manage the accident. Essential instrumentation was restored using car batteries. Car batteries and temporary air compressors were used in order to attempt to open the valves, until the opening of the valve was successfully accomplished.

The author agrees with the UK ONR’s evaluation of shift operators’ response [9], which notes that operators were successful in implementing early responses to the accident. It would be desirable though significant efforts are made in the future to avoid or at least reduce the instances where the shift operators have to undergo improvisation during time-critical situations such as the early stage of an accident.

4. Lessons Learned and Implications

One of the important lessons learned is that unexpected events may occur at NPPs, and operators need to be prepared for such unexpected events. For this reason, severe accidents involving core damage need to be considered in the nuclear plant design with proper training provided to the shift operators and the members of technical support centers (TSCs). Essential information should be provided to them in reliable manner without interruption to support their various activities associated with accident management. This section outlines lessons learned and their implications from the accident, with special attention to instrumentation and control (I&C) systems and human operators to enhance the nuclear plant safety through proper design and accident management for such unexpected events.

4.1. Preparation for Beyond Design Basis Events

One of the important lessons learned from the accident would be the need for fundamental changes in safety approaches and thinking [50]. Yang [51] pointed out that the deterministic approach alone was found to be insufficient in deriving the design basis for tsunamis and that a probabilistic approach should, therefore, be used in a complementary manner to address large uncertainties associated with natural hazards. Deterministic safety assessment (DSA) and PSA were developed and conducted by different groups of people, as in the case of seismic PSA and tsunami PSA having been developed independently [52]. The complementary use and/or harmonization of deterministic and probabilistic approaches, such as in the approach proposed by Kang et al. [53], seems to be the right direction for future risk assessments based on the lessons learned from the accident.

In this sense, the risk-informed defense-in-depth framework, which was originally proposed by Fleming and Silady [54], has been receiving increasing attention as the USNRC’s NTTF report [6] highlighted the concept as the new framework for the post-Fukushima era. After reviewing the Fukushima accident with the defense-in-depth (DID) and risk viewpoints, Yang [51] explained how risk insights can contribute to strengthening DID or developing a new risk-informed DID framework. Suzuki [55] interpreted the Japanese government’s recommendation of swift utilization of PSA and improvements of safety measures as Japanese safety regulations’ departure from being a “zero-risk” culture, providing a lesson to all 31 countries with nuclear power.

In Europe, the attempt to consider more accident scenarios to enhance nuclear safety by taking both deterministic and probabilistic approaches into account resulted in the introduction of design extension conditions (DECs). DECs were originally proposed by European Utility Requirement (EUR) and appeared in International Atomic Energy Agency (IAEA) Draft Safety Standard DS 414 in, 2010, with this later formally published as IAEA SSR-2/1 [56]. The purpose of DECs was to further improve the safety of NPPs by addressing additional accident scenarios that involve accidents more severe than design basis accidents or involving multiple failures. DECs need to be derived on the basis of expert judgment, deterministic assessment, and probabilistic assessment. The inclusion of DECs in the regulatory boundary would impose strict requirements on the design and operation of NPPs, with consideration of accidents with complex sequences and severe accidents involving core damage. Examples of DECs considered in EURs are ATWS and SBO, which are also considered in the regulatory framework in the United States based on the risk insights from PSA studies. Containment bypass accident such as steam generator tube rupture (SGTR) accidents combined with main steam line break (MSLB) is another example of DEC.

In considering additional accident scenarios, the dependency between different events needs to be carefully examined. Pate-Cornell [57] noted that the M 9.0 earthquake and the 14-meter high tsunami during the Fukushima accident provide an example of the dependent conjunction that should have been properly addressed by reviewing historical records. Ebisawa et al. [52] pointed out that the dependency between seismic ground motion effects and/or tsunami effects has not been properly considered because seismic and tsunami PSAs were developed independently for reasons of efficiency.

Despite the high safety standards in the nuclear industry, severe accidents involving core damage could not be completely prevented. According to Kaiser [58], the three severe accidents (TMI, Chernobyl, and Fukushima) in commercial nuclear facilities occurred with a period of approximately 4,000 to 5,000 reactor years (RY). From the historical experience of such severe accidents, growing attention is being given to accident management. The report by the OECD/NEA task group on accident management [59] proposed the development of the integrative accident management (IAM) approach to provide the right balance and prioritization of accident prevention and accident management. Plant design needs to consider the accident management under severe accidents, such as essential information, operator support systems, and associated operator training.

4.2. Reliable Essential Information under Severe Accidents

From the accident information and system operation viewpoint, the need for essential information to make proper decisions would be one of the most important lessons learned from the accident. It was found that the information necessary to clearly understand the progression of severe accidents was not provided sufficiently for shift operators. Shift operators were uncertain as to whether core damage was occurring, how much of the core was damaged, how much hydrogen was generated by the zirconium-steam reaction, and so on, until they experienced the hydrogen explosions.

It is speculated that if the shift operators at Fukushima Daiichi Unit 1 had recognized the status of the IC and successfully performed necessary actions to recover its functions, core cooling at Unit 1 could have been maintained for some time. Even though the IC at Unit 1 could operate for about 10 hours (and its operation time could have been extended by making up the IC tanks with diesel-driven fire protection (DDFP) pumps, fire engines, and other such power sources), it is yet uncertain whether core damage could have been prevented by operating the ICs for an extended period. However, situations might have been quite different if it had been the case, since a lot of other options might have been developed and implemented, potentially avoiding core damage.

To provide essential information to shift operators in a reliable way, possible additional instrumentations for severe accidents may include the following:(i)temperature measurements in various locations inside an RPV, including the lower head [7];(ii)hydrogen concentration and radiation level measurements [7];(iii)water level and temperature measurements for spent fuel pools [6, 7, 10].

Also, measures to provide protection for the essential information need to be considered for implementation at NPPs, such as the following:(i)improved protection for station batteries [7, 10];(ii)alternative connectable electrical power supplies for essential instrumentation [7, 10];(iii)enhancement of essential instrumentation to survive under extreme environments [10];(iv)DC power load shedding for essential instrumentation [10];(v)better understanding of limitations of essential instrumentation [10].

In PWRs, steam generators (SGs) are analogous to the ICs in BWRs, and therefore the accident progression in Unit 1 provides important lessons on how to enhance the safety of PWRs. Based on the TH analysis with RELAP5/MOD3.3, Prošek and Cizelj [60] showed that core uncovery can be significantly delayed by using turbine-driven pump systems and manually depressurizing the RCS. The successful operation of the auxiliary feedwater system (AFWS), the successful dump of steam to the atmosphere (the ultimate heat sink), and, therefore, the successful depressurization of RCS should be carefully monitored. It should be also noted that pressurizer and accumulator level during depressurization can assist inventory control and prevent nitrogen injection from the accumulators. The FLEX methodology [61] provides much information on instrumentation and control requirements such as the essential parameters for key safety functions in PWRs and BWRs.

4.3. Operator Support Systems for Severe Accidents

The analysis of the response of Fukushima Daiichi Unit 1 shift operators gives the impression that they did not consider the status of the plant as being critical, though it actually was. Had they recognized that core damage might potentially occur just two hours after the occurrence of an SBO (given that the IC was not in service), their response might have been different. For instance, they might have assigned higher priority to the confirmation of the operational status of the IC.

Upon investigation of why ICs were not operating, it was found that the isolation interlock closed all valves associated with ICs when abnormalities (including the loss of DC power) were detected. The government interim report [2] criticized the shift operators on duty and the staff members of the emergency response centers as having insufficient understanding of the functioning of the IC, especially of its fail-safe feature. However, the author believes that it would be very difficult to memorize all interlock relations in the plant during periods of extreme stress, especially when such interlock operations are neither frequently encountered during normal operation nor covered in the operator training under simulated emergency conditions. It must be borne in mind that the loss of all AC and DC power constituted an extraordinary accident situation, to which neither EOPs nor AMGs could be applied.

Under such rare situations, operator support systems may provide important technical assistance to shift operators. A faster-than-real-time simulator [7] is an example that may help shift operators make important decisions, such as dispatching operators to the field (where radiation levels are high) for information collection and restoration of critical equipment, venting of radioactive steam to the environment, and evacuation of people living nearby. For this reason, the development of operator support systems for severe accidents needs to be encouraged.

5. Conclusions

Under the conditions of loss of both AC and DC powers that occurred after the earthquake and tsunami at Fukushima Daiichi NPPs, there may have been a slight chance of the plants recovering from the progression towards core damage. However, based on the recognition that the plants were not designed nor prepared to withstand such an event and that shift operators and management staff were likewise unprepared for this eventuality, the occurrence of core damage does not seem to have been avoidable. Nevertheless, it would be still important to review the accident by highlighting the accident information and system operation aspects from the wide range of information already known and to derive lessons learned from the performance of shift operators in such a hopeless situation.

In view of the fact that an effective response to an accident, with timely and proper operator actions, is pivotal to enhancing the safety of NPPs, the discussion in this paper pays special attention to the accident information and system operational aspects of the Fukushima accident. The accident information aspect was found to include lack of information and the provision of wrong information to shift operators. The system operational aspect was found to include operator performance under life-threatening situations and improvisation given lack of procedures and training. From the accident information and system operational aspects of the lessons learned, implications for improving the nuclear plant safety were derived, with examples including preparation for BDBEs, provision of reliable essential information to operators, development of guidelines/procedures, training of operators, and development of operator support systems, with consideration of severe accidents caused by unexpected events.

It is also worth looking into the potential contribution of research and development (R&D) for the improvement of operator response capability under severe accident conditions. It is unfortunate that the R&D results relating to severe accidents, which have accumulated over a long time period, could not provide immediate assistance to the shift operators in the MCR and the emergency response members in the TSC or elsewhere during the accident. The author believes that the development of operator support systems for severe accidents, such as an accident diagnosis tool, will serve as a connection point between the needs of the nuclear industry to enhance response capabilities for severe accidents and the accumulated knowledge on the R&D side.

To improve the nuclear plant safety based on the lessons learned from the chaotic accident at the Fukushima Daiichi NPPs, it is necessary to consider a broader spectrum of events and conditions, and train the shift operators and the emergency response staff against such events and conditions. More efforts are also needed to (1) identify potential hazards that may threaten the NPP safety; (2) devise and implement effective prevention and mitigation measures against such hazards; and (3) explore and implement recovery strategies and emergency preparedness measures following core damage or release of radioactive materials to the environment. The considerable activities, currently being carried out throughout the US nuclear industry to implement the FLEX methodology, are apparently in a right direction in this regard.

The nuclear industry learned very expensive lessons as a result of the Fukushima Daiichi nuclear accident. It is hoped that the lessons learned from the accident will significantly contribute to the improvement of nuclear plant safety in the most cost-effective manner.

Conflict of Interests

The author declares that there is no conflict of interests regarding the publishing of this paper.

Acknowledgments

This research was supported by Chung-Ang University Research Grants received in 2013. It was also supported by a Grant from the Nuclear Safety Research Program of the Korea Radiation Safety Foundation with funding by the Korean government’s Nuclear Safety and Security Commission (Grant no. 1305008-0113-SB110).

References

“The national diet of japan fukushima nuclear accident independent investigation commission,” The Official Report of the Fukushima Nuclear Accident Independent Investigation Commission, The National Diet of Japan, 2012.
View at: Google Scholar
“Investigation committee on the accident at Fukushima nuclear power stations of Tokyo electric power company (established by the cabinet),” Interim Report, 2011.
View at: Google Scholar
“Investigation committee on the accident at Fukushima nuclear power stations of Tokyo electric power company (established by the cabinet),” Final Report, 2012.
View at: Google Scholar
“Independent investigation commission on the Fukushima Daiichi nuclear accident,” Investigation and Verification Report of Independent Investigation Commission on the Fukushima Daiichi Nuclear Accident, Discover Twenty-One, Rebuild Japan Initiative Foundation, 2012.
View at: Google Scholar
Fukushima Nuclear Accidents Investigation Committee, Fukushima Nuclear Accidents Investigation Report, Tokyo Electric Power Company, 2012.
C. Miller, A. Cubbage, D. Dorman, J. Grobe, G. Holahan, and N. Sanfilippo, Recommendations for Enhancing Reactor Safety in the 21st Century: The Near-Term Task Force Review of Insights from the Fukushima Dai-Ichi Accident, United States Nuclear Regulatory Commission, Washington, DC, USA, 2011.
Special Committee on Fukushima, Fukushima Daiichi: ANS Committee Report, American Nuclear Society, La Grange Park, Ill, USA, 2012.
The ASME Presidential Task Force on Response to Japan Nuclear Power Plant Events, Forging a New Nuclear Safety Construct, The American Society of Mechanical Engineers, New York, NY, USA, 2012.
HM Chief Inspector of Nuclear Installations, Chief Nuclear Inspector's Report on Lessons Fukushima, Office for Nuclear Regulation, Bootle, UK, 2011.
Nuclear Energy Agency, “The Fukushima Daiichi nuclear power plant accident: OECD/NEA nuclear safety response and lessons learnt,” Tech. Rep. NEA no. 7161, Organisation for Economic Cooperation and Development/Nuclear Energy Agency (OECD/NEA), 2013.
View at: Google Scholar
F. D'Auria, G. Galassi, P. Pla, and M. Adorni, “The Fukushima event: the outline and the technological background,” Science and Technology of Nuclear Installations, vol. 2012, Article ID 507921, 25 pages, 2012.
View at: Publisher Site | Google Scholar
M. Hirano, T. Yonomoto, M. Ishigaki et al., “Insights from review and analysis of the Fukushima Dai-ichi accident,” Journal of Nuclear Science and Technology, vol. 49, no. 1, pp. 1–17, 2012.
View at: Publisher Site | Google Scholar
S.-I. Tanaka, “Accident at the Fukushima Dai-ichi nuclear power stations of TEPCO—outline & lessons learned,” Proceedings of the Japan Academy B, vol. 88, no. 9, pp. 471–484, 2012.
View at: Publisher Site | Google Scholar
I. Urabe, T. Hattori, T. Iimoto, and S. Yokoyama, “Radiation protection lessons learned from the TEPCO Fukushima No. 1 NPS accident,” Journal of Nuclear Science and Technology, vol. 51, no. 2, pp. 136–149, 2014.
View at: Publisher Site | Google Scholar
H. Sakuda and M. Takeuchi, “Safety-critical human factors issues derived from analysis of the TEPCO Fukushima Daiichi accident investigation reports,” Nuclear Safety and Simulation, vol. 4, no. 2, pp. 135–146, 2013.
View at: Google Scholar
E. Hollnagel and Y. Fujita, “The Fukushima disaster-systemic failures as the lack of resilience,” Nuclear Engineering and Technology, vol. 45, no. 1, pp. 13–20, 2013.
View at: Publisher Site | Google Scholar
Y. Ohsuga, T. Yoshida, and H. Sakuda, “Critical review on what factors affected the evolution of the Fukushima accident,” Nuclear Safety and Simulation, vol. 4, no. 1, pp. 10–21, 2013.
View at: Google Scholar
J. Park, T. P. Seager, P. S. C. Rao, M. Convertino, and I. Linkov, “Integrating risk and resilience approaches to catastrophe management in engineering systems,” Risk Analysis, vol. 33, no. 3, pp. 356–367, 2013.
View at: Publisher Site | Google Scholar
10 CFR Part 50: Domestic Licensing of Production and Utilization Facilities, United States Nuclear Regulatory Commission, Washington, DC, USA, 1956.
International Atomic Energy Agency, IAEA International Fact Finding Expert Mission of the Fukushima Dai-Ichi NPP Accident Following the Great East Japan Earthquake and Tsunami, International Atomic Energy Agency, Vienna, Austria, 2011.
T. Sakai, T. Takeda, H. Soraoka, K. Yanagisawa, and T. Annaka, “Development of a probabilistic tsunami hazard analysis in Japan,” in Proceedings of the 14th International Conference on Nuclear Engineering (ICONE-14), Miami, Fla, USA, July 2006.
View at: Google Scholar
N. Uchida and T. Matsuzawa, “Coupling coefficient, hierarchical structure, and earthquake cycle for the source area of the 2011 off the Pacific coast of Tohoku earthquake inferred from small repeating earthquake data,” Earth, Planets and Space, vol. 63, no. 7, pp. 675–679, 2011.
View at: Publisher Site | Google Scholar
A. Shibata, “Importance of the inherited memories of great tsunami disasters in natural disaster reduction,” in Proceedings of the International Symposium on Engineering Lessons Learned from the 2011 Great East Japan Earthquake, Tokyo, Japan, March 2012.
View at: Google Scholar
M. Shishikura, Y. Sawai, and Y. Namegaya, “Reconstruction of the 869 Jogan Earthquake, the predecessor of the 2011 Tohoku earthquake, by geological evidence combined with tsunami simulation,” in Proceeding of the International Symposium on Backward Problems in Geotechnical Engineering and Monitoring of Geo-Construction, pp. 25–28, Osaka, Japan, 2011.
View at: Google Scholar
T. Narabayashi, “Lessons learned from the Fukushima Daiichi nuclear power plant accident,” in Proceedings of the 7th International Symposium On Turbulence, Heat and Mass Transfer, Palermo, Italy, September 2012.
View at: Google Scholar
A. S. Al Shehhi, S. H. Chang, S. H. Kim, and H. G. Kang, “Analysis of economics and safety to cope with station blackout in PWR,” Annals of Nuclear Energy, vol. 59, pp. 63–71, 2013.
View at: Publisher Site | Google Scholar
F. Tanabe, “Analyses of core melt and re-melt in the Fukushima Daiichi nuclear reactors,” Journal of Nuclear Science and Technology, vol. 49, no. 1, pp. 18–36, 2012.
View at: Publisher Site | Google Scholar
I. Kataoka, “Review of thermal-hydraulic researches in severe accidents in light water reactors,” Journal of Nuclear Science and Technology, vol. 50, no. 1, pp. 1–14, 2013.
View at: Publisher Site | Google Scholar
D. D. Yue and W. A. Condon, “Severe-accident-sequence assessment of hypothetical complete-station blackout at the browns ferry nuclear plant,” in Proceedings of the International ANS/ENS Topical Meeting on Probabilistic Risk Assessment, New York, NY, USA, September 1981.
View at: Google Scholar
R. Gauntt, D. Kalinich, J. Cardoni et al., “Fukushima Daiichi accident study (status as of April 2012),” Tech. Rep. SAND2012-6173, Sandia National Laboratories, Albuquerque, NM, USA, 2012.
View at: Google Scholar
R. Gauntt, D. Kalinich, J. Cardoni, and J. Phillips, “MELCOR simulations of the severe accident at the Fukushima 1F1 reactor,” in Proceedings of the International Meeting on Severe Accident Assessment and Management: Lessons Learned from Fukushima Dai-ichi, pp. 212–221, San Diego, Calif, USA, November 2012.
View at: Google Scholar
J. Phillips, J. Cardoni, R. Gauntt, and D. Kalinich, “MELCOR simulations of the severe accident at the Fukushima 1F2 reactor,” in Proceedings of the International Meeting on Severe Accident Assessment and Management : Lessons Learned from Fukushima Dai-ichi, pp. 334–342, San Diego, Calif, USA, November 2012.
View at: Google Scholar
J. Cardoni, R. Gauntt, D. Kalinich, and J. Phillips, “MELCOR simulations of the severe accident at the Fukushima 1F3 Reactor,” in Proceedings of the International Meeting on Severe Accident Assessment and Management 2012: Lessons Learned from Fukushima Dai-ichi, pp. 346–359, San Diego, Calif, USA, November 2012.
View at: Google Scholar
H. Hoshi and R. Kawabe, “Accident sequence analysis of unit 1 to 3 using MELCOR code,” in Proceedings of the Technical Workshop on TEPCO's Fukushima Dai-ichi NPS Accident, Tokyo, Japan, July 2012.
View at: Google Scholar
J. Ishikawa, “Analysis for accident progression with THALES2 code,” in Proceedings of the Technical Workshop on TEPCO's Fukushima Dai-ichi NPS Accident, Tokyo, Japan, July 2012.
View at: Google Scholar
C. M. Allison, J. K. Hohorst, B. S. Allison et al., “Preliminary assessment of the possible BWR core/vessel damage states for Fukushima Daiichi station blackout scenarios using RELAP/SCDAPSIM,” Science and Technology of Nuclear Installations, vol. 2012, Article ID 646327, 25 pages, 2012.
View at: Publisher Site | Google Scholar
C. Parisi, A. Del Nevo, E. Negrenti, and M. Sepielli, “Simulation & analysis of the severe accident of the unit 1 of Fukushima Daiichi NPP,” in Energia, Ambiente e Innovazione, pp. 56–61, 2012.
View at: Google Scholar
R. Tomioka and M. Mørup, “A Bayesian analysis of the radioactive releases of Fukushima,” in Proceedings of the 15th International Conference on Artificial Intelligence and Statistics (AISTATS '12), la Palma Canary Islands, Spain, April 2012.
View at: Google Scholar
T. Takemura, H. Nakamura, M. Takigawa et al., “A numerical simulation of global transport of atmospheric particles emitted from the Fukushima Daiichi nuclear power plant,” Scientific Online Letters on Atmosphere, vol. 7, pp. 101–104, 2011.
View at: Google Scholar
G. le Petit, G. Douysset, G. Ducros et al., “Analysis of radionuclide releases from the fukushima dai-ichi nuclear power plant accident part I,” Pure and Applied Geophysics, vol. 171, pp. 629–644, 2014.
View at: Publisher Site | Google Scholar
P. Achim, M. Monfort, G. le Petit et al., “Analysis of radionuclide releases from the fukushima dai-ichi nuclear power plant accident part II,” Pure and Applied Geophysics, vol. 171, pp. 645–667, 2014.
View at: Publisher Site | Google Scholar
S. E. Cooper, A. M. Ramey-Smith, J. Wreathall et al., “A Technique for Human Error Analysis (ATHEANA)—technical basis and methodology description,” Tech. Rep. NUREG/CR-6350, United States Nuclear Regulatory Commission, Washington, DC, USA, 1996.
View at: Google Scholar
M. C. Kim and P. H. Seong, “An analytic model for situation assessment of nuclear power plant operators based on Bayesian inference,” Reliability Engineering and System Safety, vol. 91, no. 3, pp. 270–282, 2006.
View at: Publisher Site | Google Scholar
H.-C. Lee and P.-H. Seong, “A computational model for evaluating the effects of attention, memory, and mental models on situation assessment of nuclear power plant operators,” Reliability Engineering and System Safety, vol. 94, no. 11, pp. 1796–1805, 2009.
View at: Publisher Site | Google Scholar
A. Kawano, “Facts and lessons of the Fukushima nuclear accident and safety improvement—the operator viewpoints,” in Proceedings of the DOE Nuclear Safety Workshop, Bethesda, Maryland, September 2012.
View at: Google Scholar
J. G. Kemeny, The Need for Change: The Legacy of TMI, The President's Commission on the Accident at TMI, Washington, DC, USA, 1979.
A. D. Swain and H. E. Guttman, “Handbook of human reliability analysis with emphasis on nuclear power plant applications,” Tech. Rep. NUREG/CR-1278, United States Nuclear Regulatory Commission, Washington, DC, USA, 1983.
View at: Google Scholar
A. D. Swain, “Accident sequence evaluation program human reliability analysis procedure,” Tech. Rep. NUREG/CR-4772, United States Nuclear Regulatory Commission, Washington, DC, USA, 1987.
View at: Google Scholar
D. Gertman, H. Blackman, J. Marble, J. Byers, and C. Smith, “The SPAR-H human reliability analysis method,” Tech. Rep. NUREG/CR-6883, United States Nuclear Regulatory Commission, Washington, DC, USA, 2005.
View at: Google Scholar
G. Vayssier, “Present day EOPs and SAMG—where do we go from here?” Nuclear Engineering and Technology, vol. 44, no. 5, pp. 225–236, 2012.
View at: Google Scholar
J.-E. Yang, “Fukushima dai-ichi accident: lessons learned and future actions from the risk perspectives,” Nuclear Engineering and Technology, vol. 46, no. 1, pp. 27–38, 2014.
View at: Google Scholar
K. Ebisawa, M. Fujita, Y. Iwabuchi, and H. Sugino, “Current issues on PRA regarding seismic and tsunami events at Muliti units and sites based on lessons learned from Tohoku earthquake/tsunami,” Nuclear Engineering and Technology, vol. 44, no. 5, pp. 437–452, 2012.
View at: Publisher Site | Google Scholar
D. G. Kang, S.-H. Ahn, and S. H. Chang, “A combined deterministic and probabilistic procedure for safety assessment of beyond design basis accidents in nuclear power plant: application to ECCS performance assessment for design basis LOCA redefinition,” Nuclear Engineering and Design, vol. 260, pp. 165–174, 2013.
View at: Publisher Site | Google Scholar
K. N. Fleming and F. A. Silady, “A risk informed defense-in-depth framework for existing and advanced reactors,” Reliability Engineering and System Safety, vol. 78, no. 3, pp. 205–225, 2002.
View at: Publisher Site | Google Scholar
T. Suzuki, “Deconstructing the zero-risk mindset: the lessons and future responsibilities for a post-Fukushima nuclear Japan,” Bulletin of the Atomic Scientists, vol. 67, no. 5, pp. 9–18, 2011.
View at: Publisher Site | Google Scholar
IAEA, “Safety of nuclear power plants: design, IAEA specific safety requirements,” Tech. Rep. SSR-2/1, International Atomic Energy Agency, Vienna, Austria, 2012.
View at: Google Scholar
E. Paté-Cornell, “On “black swans” and “perfect storms”: risk analysis and management when statistics are not enough,” Risk Analysis, vol. 32, no. 11, pp. 1823–1833, 2012.
View at: Publisher Site | Google Scholar
J. C. Kaiser, “Empirical risk analysis of severe reactor accidents in nuclear power plants after fukushima,” Science and Technology of Nuclear Installations, vol. 2012, Article ID 384987, 6 pages, 2012.
View at: Publisher Site | Google Scholar
Nuclear Energy Agency, “Accident management insights after the Fukushima Daiichi NPP accident,” Tech. Rep. NEA/CNRA/R(2014)2, Organisation for Economic Cooperation and Development/Nuclear Energy Agency (OECD/NEA), 2014.
View at: Google Scholar
A. Prošek and L. Cizelj, “Long-term station blackout accident analyses of a PWR with RELAP5/MOD3.3,” Science and Technology of Nuclear Installations, vol. 2013, Article ID 851987, 15 pages, 2013.
View at: Publisher Site | Google Scholar
Nuclear Energy Institute, “Diverse and flexible coping strategies (FLEX) implementation guide,” Tech. Rep. NEI 12-06, Rev.0, Nuclear Energy Institute, Washington, DC, USA, 2012.
View at: Google Scholar

Copyright

Copyright © 2014 Man Cheol Kim. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

2632

Downloads

1138

Citations