This article looks at the sequence of mechanical and operator failures that led to the 1979 Three Mile Island nuclear accident and what the authors feel the accident revealed about the unjustifiable hazards of nuclear power.
Paul Ehrlich (Bing Professor of Population Studies and Professor of Biological Sciences, Stanford University) and Anne Ehrlich (Senior Research Associate, Department of Biological Sciences, Stanford) are familiar names to ecologists and environmentalists everywhere. As well they should be. Because it was Paul and Anne who — through their writing and research — gave special meaning to the words "population," "resources," and "environment" in the late 1960's. (They also coined the term coevolution, and did a lot to make ecology the household word it is today.) But while most folks are aware of the Ehrlichs' popular writing in the areas of ecology and overpopulation (most of us — for instance — have read Paul's book The Population Bomb ) . . . far too few people have any idea of how deeply the Ehrlichs are involved in ecological research (research of the type that tends to be published only in technical journals and college textbooks). In this installment of their regular Ecoscience column they discuss the Three Mile Island nuclear accident and what it revealed about the nuclear power industry.
Now that the dust and radioactivity have settled, and the laborious and dangerous cleanup is underway, it's time to take a look at the lessons that can be learned from the near disaster at Three Mile Island.
While the details of the complex accident are still not entirely understood, its basic outline is fairly clear. A section of the auxiliary system that was designed to supply cooling water to the reactor core in case of failure of the primary pumping system had been removed from service by the closing of valves so that repairs could be made. However, through human error the valves weren't reopened after the repairs were completed, leaving the backup system cut off from the main system. Before this mistake was discovered, an unrelated breakdown of the primary pump (which is a fairly common occurrence) cut off the flow of cooling water to the reactor core.
The pump of the auxiliary system started up as programmed but could not supply water to the primary system because of the closed valves. Sensors detected the problem and "scrammed" the reactor (in other words, the neutron-absorbing control rods were immediately inserted all the way to stop the chain reaction). This action, however, did nothing to solve the problem of disposing of the residual heat of radioactivity in the reactor core . . . the problem on which the whole subject of emergency core cooling systems (ECCS) is focused.
You may recall from previous columns in MOTHER EARTH NEWS that the heat present in a scrammed reactor core is, under most circumstances, capable of building in less than a minute to the point where the core starts to melt . . . after which a complete meltdown is probably inevitable. The mass of molten fuel then would melt through the floor of the containment building and could, under some conditions, release an enormous inventory of radioactivity above ground. The result would be the kind of accident that, under the worst conditions, is potentially capable of killing thousands of people immediately and hundreds of thousands more by delayed cancers, while making state-sized areas uninhabitable.
After the TMI reactor scrammed, mechanical failures exacerbated the problem initiated by the original human error (the failure to reopen the valves on the secondary system . . . which was not corrected until a full eight minutes after the start of the accident): A pressure-release valve stuck open, and a gauge that was supposed to register the level of water around the core malfunctioned. . . showing more water than was actually present (a condition astonishingly similar to that portrayed in the movie The China Syndrome ).
Such mechanical problems, however, need not concern us. The crucial fact is that the reactor operators fixated on the single malfunctioning instrument and repeatedly switched the emergency core-cooling systems on and off — attempting to control a water level that was being erroneously reported to them by the faulty gauge — while they simultaneously ignored numerous other instruments that were reporting an overheating core.
In actuality, the operators were permitting the water level to drop repeatedly (thus exposing part of the core) and then turning the ECCS back on (partially reflooding the core). Through pure dumb luck, there was sufficient steam around the core to cool it enough to prevent a meltdown. A further crucial bit of luck was the discovery that the auxiliary feed water system had been valved off. If this realization had been delayed by only a few minutes, the chance of a meltdown occurring would have been even more probable.
Even with all that good fortune, the zirconium alloy cladding on some of the fuel rods melted, split, and reacted with the water to produce hydrogen. Some 10 hours after the initial pump failure, a hydrogen explosion occurred, stressing the containment building to about half its tolerance.
The whole affair was a very close call indeed, according to Robert Budnitz (Deputy Director of the Office of Nuclear Regulatory Research of the Nuclear Regulatory Commission) when he spoke at the Lawrence Berkeley Laboratory on October 19, 1979. After about 15 hours of mishandling of the accident, analysts from the NRC, the utility, and the reactor manufacturer finally realized what was being done wrong. They then instructed operators to turn the ECCS on permanently . . . and started the sequence of events that ultimately brought the reactor under control.
Even that sequence was not without its thrills, though . . . as operators tried to determine whether there was sufficient hydrogen in the system to cause another explosion that would breach containment and release the lethal load of radioactivity.
Perhaps Three Mile Island's first lesson is that the concerns which many of us have expressed about the safety of nuclear reactors are fully justified. A disaster that could have made much of eastern Pennsylvania (possibly including Philadelphia) uninhabitable and killed great numbers of Americans was prevented, largely by luck. Only a moron would be reassured by the fact that it didn't happen, and the nuclear establishment's propaganda is clearly falling mostly on deaf ears. The second lesson that's been learned is that our concern about the competence of utilities to run plants as complex and dangerous as light-water power reactors is also fully justified.
The reactor operators, as the report of the President's Kemeny Commission detailed, were not remotely qualified to deal with the problems confronting them. The conditions of reactor operator training, it turns out, were more primitive than even the most cynical critics Imagined. With millions of lives and billions of dollars' worth of equipment in their hands, the operators are paid a maximum of $35,000 per year (about half the salary of a senior jet captain) and receive infinitely less training than, say, a pilot of a top-of-the-line jetliner who's entrusted with "only" a hundred or so lives and an apparatus worth a few million dollars.
The operators do not, for example, get recurrent simulator training such as an airline pilot receives. Every six months a pilot is thoroughly checked out, either in a real airplane or an extremely effective simulator, for his or her ability to handle a wide variety of emergency situations: engine failures on takeoff, for example . . . complicated by simultaneous fires, instrument malfunctions, and so on. The pilot is expected to handle the entire sequence of such emergencies flawlessly.
It's integral to the training of all pilots, from private through holders of air transport ratings, who operate under instrument flight conditions that they learn never to depend on the reading of a single instrument . . . or even of two-instruments. Such pilots are intensively trained to evaluate the condition of the aircraft and its position by continuously cross-checking a variety of instruments which operate on different principles. Learning to expect and detect instrument failure is part and parcel of pilot training.
Had the nuclear reactor operators been trained to even one-tenth the competence of a 727 pilot, Three Mile Island would have been just one more incident in the thousands that occur annually in the reactor industry, rather than a close brush with calamity.
Another lesson learned from the near-disaster is that the instrumentation and procedures for monitoring releases of radioactivity from nuclear power plants are wholly inadequate. It has proven impossible to ascertain the scale of radioactive releases in the course of the Three Mile Island accident or the geographic pattern of the resultant fallout. Therefore, the dosage received by the surrounding population can only be guessed at. (Fortunately, all the estimates are quite low.)
In addition, the TMI accident demonstrated the hopeless inadequacy of the civil defense apparatus that's depended upon to evacuate people from the vicinity of nuclear plants in case of a large release of radioactivity (as would follow a full-scale meltdown). The plans for evacuation made during the crisis were sketchy at best, and the apparatus for implementing them was wholly incapable of carrying out the task rapidly enough to reduce significantly the expected loss of life.
But perhaps most frightening of all was the attitude of the Commissioners of the NRC during the course of the drawn-out emergency. Roger Mattson (Director of the Division of Systems Safety, Office of Nuclear Reactor Regulation, and one of the top NRC people on the scene of the accident) urgently recommended that evacuation be initiated immediately, as evidenced by taped excerpts from his phone reports to the Commission:
"It's a failure mode that has never been studied. It is just unbelievable . . . . My principle concern is that we have got an accident that we have never been designed to accommodate, and [the situation] is — in the best estimate — deteriorating slowly . . . the most pessimistic estimate is [that it's] on the threshold of turning bad. And I don't have any reason for not moving people .... I don't know what you're protecting by not moving people . . . . I think we ought to be moving people."
Yet the reaction of the Commissioners was clearly to worry about what an evacuation would do to the "credibility" of the nuclear industry. They should, of course, have been — purely and simply — concerned with the balance between social disruption (including the probably small, if any, loss of life that would accompany an evacuation) and the potentially catastrophic loss of life had the reactor melted down.
It seems clear that, considering the information available at the scene, the proper move would have been to evacuate . . . even though luck prevented a total meltdown. The position of those who claim otherwise is equivalent to that of a school bus driver who knowingly coasts down a long, winding hill without any brakes, battering the children as he or she careens around curves, and then at the bottom says, "See, it was all right. None of them got killed, so there was certainly no reason to let them out at the top of the hill."
Overall, though, the long-range effects of the Three Mile Island accident should prove to be beneficial. Although the exact degree of injury to the general public is unknown, it almost certainly was small, especially in comparison to what it could have been. Attempts will now be made to upgrade the qualifications, training, pay, and prestige of people who become nuclear reactor operators . . . as well as to improve the means of monitoring their performances.
Reactor control room simulators do exist, and could be easily integrated into a program of recurrent training similar to that now required of airline pilots. Indeed, there are many similarities between the two jobs . . . not the least of which is pointed out by a description of flying — commonly quoted by pilots — as "many hours of boredom punctuated by moments of sheer terror". Both pilots and reactor operators earn their pay in those moments of sheer terror . . . and the next time, we hope, the latter group will be up to their task.
Similarly, there's some sign that other aspects of reactor safety will be tightened up, emergency evacuation plans developed, and the NRC restructured so that there's an improvement in its overseeing functions. (However, it seems unlikely that political pressures will be eased enough to let the NRC do its job really well.) Indeed, even the Kemeny Commission report made every attempt to soft-pedal the numerous mechanical flaws in the power plant, while emphasizing the fumbling actions of the operators and the bungling of the NRC.
Many experts, for example, insist that all TMI-type Babcock and Wilcox reactors should be taken off line immediately until their steam generators can be replaced with those of a design less sensitive to the kinds of events that took place at Three Mile Island. It would be an enormously expensive modification and would undoubtedly involve considerable discomfort to the public in some areas where the supply of electricity would be reduced . . . but the alternative, in the opinion of some experts in the field, is an unacceptably high risk of meltdown. Yet at this writing it appears that such plants will be allowed to continue to function without modification.
Perhaps the greatest benefit from the Three Mile Island accident, though, will be a general weakening of the public's confidence in nuclear power and the development of more healthy cynicism about the statements of members of the nuclear establishment.
Although a barrage of misstatements and lies are now being circulated to the effect that the accident proved how safe the reactors are, it's clear that most of the general public is no longer fooled. Realization is spreading that, at present, the safety of light-water power reactor technology is hopelessly inadequate and that the most prudent course of action would be to phase out such reactors as rapidly as is consistent with public safety and welfare.
Reactor safety is, of course, only one of the reasons for moving away from fission as a major source of energy. The others include the waste problems and — much more important — the problems of nuclear proliferation (the ways in which such power plants contribute to the spread of atomic weapons to countries and sub-national terrorist groups), plus the problem of overcentralization of energy technology . . . issues that we'll discuss in future columns.
But as it stands now, it would seem that Three Mile Island was a colossal disaster for those who would promote nuclear power without any long-term view of human needs and a considerable bonanza for the rest of us who would like to see a sustainable society established on this planet.
More details on the Three Mile Island accident can be found in "Kemeny Report: Abolish the NRC", Science, vol. 206, November 19, 1979, page 796. A nice summary of the problem of inadequate operators can be found in the Wall Street Journal, October 22, 1979.
For a description of the design of nuclear reactors and an overview of nuclear power, see Ecoscience: Population, Resources, Environment by Paul R. Ehrlich, Anne H. Ehrlich, and John P. Holdren (W.H. Freeman and Co.).
We would like to thank Professor John Holdren of the Energy and Resources Group, University of California, Berkeley, for once again lending us his expert judgment on issues related to nuclear power.