Fukushima Daiichi

Copyright ThinkReliability 1

Cause MappingProblem Solving • Incident Investigation • Root Cause Analysis • Risk Mitigation

March 2016

Angela Griffith, P.E.webinars@thinkreliability.comwww.thinkreliability.comOffice 281-412-7766Houston, TX

Fukushima DaiichiRoot Cause Analysis

Case Study

®

Copyright 2016 ThinkReliability

How a Reactor WorksNuclear chain reaction produces heat, which makes steam and turns turbine

Chain reaction stopped by inserting control rods

Heat continues to be produced by decay of unstable isotopes

Fukushima Daiichi

Copyright ThinkReliability 2

Levels of containment

First: Fuel pellets & fuel rods

Second: Reactor pressure vessel & primary system

Third: Reactor building/ components

PRIMARY:

SECONDARY:

Reactor CoolingNormal cooling system: pumps driven by electric motors

Auxiliary cooling system: Unit 1: Isolation condenser (large tank of water)Units 2-6: Reactor core isolation cooling (RCIC) system powered by steam/ battery

Emergency core cooling system: seawater pumps

Fukushima Daiichi

Copyright ThinkReliability 3

Power Supply

External power from grid

Backup power from diesel generators

Emergency power from batteries

Timeline – Day 1 (March 11, 2011)

14:46 Earthquake magnitude 9.0

- Damaged equipment causes loss of all off-site electrical power

- Reactors shut down automatically

- Diesel generators start up automatically in all 6 units

Fukushima Daiichi

Copyright ThinkReliability 4

Timeline – Day 1

15:17 Unit 1 isolation condenser manually started

Units 2-3 pressure limited by automatic safety relief valves

14:50 Units 2-3 RCIC manually activated

Unit 1 isolation condenser manually shut down due to pressure/ temperature decrease (consistent w/ procedure)

Timeline – Day 115:41 Tsunami (height at plant ~50’)

- Seawater pumps destroyed

- Loss of power from ALL diesel generators for units 1-5

- damaged generators

- damaged electrical dist. sys.

- Unit 1 batteries flooded

Fukushima Daiichi

Copyright ThinkReliability 5

Timeline – Day 2 (March 12)15:36 Hydrogen explosion at unit 1

11:01 Hydrogen explosion at unit 3

Timeline – Day 4 (March 14)

Timeline – Day 5 (March 15)

6:00 Hydrogen explosion in unit 4

6:14 Hydrogen explosion at unit 2

Timeline – Day 8 (March 18)

Incident elevated to level 5 of 7 on IAEA scale (later raised to 7)

Offsite power restored to units 1& 2

Timeline – Day 10 (March 20)

Offsite power restored to units 3 & 4

Timeline – Day 16 (March 26)

Fukushima Daiichi

Copyright ThinkReliability 6

Step 1. Define the ProblemWhat Problem(s)

When Date

Different, unusual, unique

Where Unit, area, equipment

Task being performed

Impact to the Goals

Worker Safety

Environmental

Regulatory

Production/ Schedule

Labor/ Time

This incident

Frequency

Public Safety

Customer Service

Earthquake, tsunami, hydrogen explosionsSee timeline9.0 magnitude earthquake, 50’ tsunamiFukushima Daiichi nuclear power stationUnits 1-3 producing power; 4-6 shut down

No radiological health effects~1,600 deaths attributed to evacuation2 operators drowned; 16 injuredRelease of 940,000 terraBq radiation~150,000 evacuated (20-30 km evac zone)Rolling blackoutsIAEA level 7 disasterComplete loss of power from nuclear plantsResponse, cleanup, investigation

Only one other level 7 disaster in history

$60B

$200B$15B

$>275B

Public Safety Goal Impacted

150,000 evacuated

Release of radiation to

environment

Step 2. Analysis (Cause Map)

Loss of containment

~1,600 deaths

Fukushima Daiichi

Copyright ThinkReliability 7

First: Fuel pellets & fuel rods

Second: Reactor pressure vessel & primary system

Third: Reactor building/ components

PRIMARY:

SECONDARY:

Levels of containment

Cause Mapping®

Release of radiation to

environment

Loss of containment (structures)

Hydrogen explosions

Buildup of hydrogen

Damage to fuel

Loss of containment

(fuel)

AND

Damage to fuelIncreased heat of reactor fuel

Fukushima Daiichi

Copyright ThinkReliability 8

Cause Mapping®

Increased heat of reactor fuel

Residual (decay) heat

Consequence of normal plant

operation

Lack of cooling for reactor

AND

Reactor CoolingNormal cooling system: pumps driven by electric motors

Auxiliary cooling system: Unit 1: Isolation condenser (large tank of water)Units 2-6: Reactor core isolation cooling (RCIC) system powered by steam/ battery

Emergency core cooling system: seawater pumps

Fukushima Daiichi

Copyright ThinkReliability 9

Power Supply

External power from grid

Backup power from diesel generators

Emergency power from batteries

Cause Mapping®

Lack of cooling for reactor

Normal cooling lost

Off-site power lost

Damage from earthquake

Auxiliary cooling lost

Diesel generators shut

down

Flooded by tsunami

AND

Loss of batteries

Limited life

AND

Emergency cooling lost

Off-site power lost

Damage from earthquake

AND

Seawater pumps not

working

Flooded by tsunami

AND

Fukushima Daiichi

Copyright ThinkReliability 10

From the National Diet of Japan Report

the “accident at the Fukushima Daiichi Nuclear Power Plant cannot be regarded as a natural disaster. It was a profoundly manmade disaster – that could and should have been foreseen and prevented.”

From the IAEA Report

“A major factor that contributed to the accident was the widespread assumption in Japan that its nuclear power plants were so safe that an accident of this magnitude was simply unthinkable.”

Fukushima Daiichi

Copyright ThinkReliability 11

Design Basis Accidents

Accident scenarios designed to represent the most severe credible accident

Fukushima design basis earthquake = 8.0

Design basis tsunami = 5.7 meters

ANS Report

“A risk-informed regulatory approach would have identified the existing design bases as deficient. Although addressing low-probability events is very difficult, a risk-informed treatment for natural-phenomenon hazards is necessary.”

Fukushima Daiichi

Copyright ThinkReliability 12

Lessons Learned

“A severe event anywhere in an industry has severe consequences everywhere in that industry.”

– Dr. William Corcoran, Ph.D., P.E.

Lessons Learned

Assessment of natural hazards:- Sufficiently conservative- Re-evaluated periodically- Must consider potential for

occurrence in combination- Use national & international

experience

Fukushima Daiichi

Copyright ThinkReliability 13

Lessons Learned

Defense in depth:- Remains valid- Must be strengthened at all levels- Focus on prevention AND

mitigation- Instrumentation/ control systems

MUST remain operable

Lessons Learned

Beyond Design Basis Accidents:- Cooling systems must function- Containment must be reliable- Management provisions must be

comprehensive, well-designed, and up to date

- Include training, exercises & drills

Fukushima Daiichi

Copyright ThinkReliability 14

Current Status

Temp & radioactive release stable (cold shutdown)

Containment:Equipment to install ice wall in placeInflow of water limited to 150 tons/ day770 m wall between facility & ocean

Removal:~10% of cleanup work doneRobots searching site failing due to exposure

Decontamination:10M yd3 soil & debris removedOutdoor radiation <2mSv/year

Cause MappingProblem Solving • Incident Investigation • Root Cause Analysis • Risk Mitigation

March 2016

Angela Griffith, P.E.webinars@thinkreliability.comwww.thinkreliability.comOffice 281-412-7766Houston, TX

Fukushima DaiichiRoot Cause Analysis

Case Study

®

Copyright 2016 ThinkReliability