Science / Medicine : Building a Safer Nuclear Reactor : Designs Aim to Reduce Chances of Human Error

They will be smaller, smarter and, it is hoped, safer. A new generation of “natural” nuclear reactors is barely off the drawing boards but holds great promise, proponents believe, in bypassing the imperfect--and occasionally blundering--human brain.

In ambitious research and design projects in the United States, Sweden and Canada, engineers are trying to demonstrate that nuclear power reactors can be more economical and at least 10 times more reliable than those now operating.

The effort is much more than an academic exercise. Many industry and utility officials acknowledge that the future of nuclear power in the United States, where there have been no orders for nuclear plants since 1978, hangs on the success of these and similar design projects. Other factors include the construction of permanent repositories for nuclear waste and the streamlining of licensing procedures for new reactors.

The distinguishing characteristic of the new reactor designs is the greater reliance on so-called passive safety mechanisms, which would operate in the event of an accident or malfunction regardless of the actions--or inaction--of plant operators. This would help avoid plant operators’ errors or delays, which have aggravated virtually all nuclear mishaps to date. In the 1979 accident at Three Mile Island in Pennsylvania, an operator mistakenly stopped the flow of coolant water to the reactor’s overheated core. Last February at Mihama in western Japan, a small pipe ruptured and operators reportedly waited 50 minutes before shutting down the plant.

(Serious errors and poor judgment were also implicated in the disaster five years ago at the Soviet plant in Chernobyl, but that reactor lacked even the most basic safety features required in a Western commercial reactor).

Once activated, the safety systems of these future reactors would rely to a greater extent on natural phenomena, such as gravity, convection and evaporation, to keep the reactor from overheating dangerously and releasing radioactivity to the environment. Because natural forces are always present, the emergency response could not be halted, at least in theory. Cooling of a reactor after an accident now depends on the human operation of valves and special safety-grade pumps, some of which cost hundreds of thousands of dollars apiece and are subject to rigorous, costly programs of maintenance and inspection.

The likelihood of an accident severe enough to damage a reactor’s core is, on average, a few chances in 10,000 each year (this is not the same as the probability of a significant release of radiation, which is at least 10 times less likely, depending on the plant built around the reactor).

There are 109 commercial reactors in operation in the United States and about 300 more elsewhere in the world. “If you built (more than a thousand) of them, you would be almost assured of having a core-damage accident every few years,” said Steven Sholly, a senior consultant with MHB Technical Associates, a San Jose analysis firm specializing in nuclear energy.

Designers of the future, “simplified” reactors, on the other hand, aimed for an annual possibility of core damage of no more than one chance in 100,000, which Sholly calls “eminently achievable. And you could build a lot of these plants and still keep risk down to a reasonable level.”

Simplified reactor designs have been developed by General Electric Co., Westinghouse Electric Corp., Asea Brown Boveri (ABB, a giant Swedish-Swiss firm) and Combustion Engineering, which had been the third-largest U.S. reactor maker and is owned by ABB. Toronto-based Atomic Energy of Canada Ltd. also has produced a reactor design that is simplified in comparison with existing ones, but does not incorporate any passive safety features. In the United States, the design work is being supported by $240 million in funding from the Department of Energy, the reactor manufacturers, and U.S. utilities through the Electric Power Research Institute in Palo Alto.

Although none of the reactors have been built, scale models of parts of them have been tested in the United States and abroad. Construction will begin shortly in the Far East on a series of “evolutionary” nuclear plants, with some elements of current reactors and some features of the simplified ones. In Japan, Tokyo Electric Power Co. plans to break ground this year on the first of two plants with GE-designed evolutionary reactors; other plants with Westinghouse and ABB-Combustion Engineering reactors may follow.

All of the simplified designs are for relatively small reactors that would produce 450 to 600 megawatts, as compared with the 1,000- to 1,300-megawatt units that have been commissioned in recent years in Europe, Japan and elsewhere. The smaller size serves more than one purpose, said Joseph Hendrie, a senior scientist at Brookhaven National Laboratory in Upton, N.Y., and a former chairman of the Nuclear Regulatory Commission. Lower power levels mean less residual heat that must be dissipated in the event of an accident, simplifying the design of safety systems.

Smaller sizes also offer utilities the option of building a relatively small plant around a single unit, or a larger one with two or more reactors. To reduce construction costs, large parts of the reactors would be built in factories and then shipped to the construction site for final assembly.

As with all nuclear plants, the simplified ones have extensive safety systems devoted to preventing the reactor’s core from damaging itself by overheating. Overheating can happen, for example, if the reactor becomes suddenly disconnected from the turbine and condenser, which normally remove heat by converting it to mechanical energy and by condensing steam. A loss of coolant--caused by a pipe rupture that diverts water flowing to the core, for example--is another, potentially more serious cause of overheating.

Typically, the emergency response takes place at either high or low pressure, depending on the severity of the problem. If the turbine has become disconnected, the safety-grade pumps of a conventional reactor would automatically inject coolant water into the reactor vessel at operating pressure: 1,000 or 2,000 pounds per square inch, depending on the reactor type. If there is a pipe break and a loss of pressure in the vessel, however, other pumps provide more coolant at lower pressure.

In each case, after the initial automatic response, successful handling of the emergency depends on operators accurately and quickly interpreting conditions inside the reactor and activating the appropriate pumps, valves and other equipment.

Reactors based on simplified designs, on the other hand, would be much less dependent on these subsequent operator actions, and on the pumps and other active devices. In Westinghouse’s AP-600, for example, a core makeup tank contains water at the same pressure as the reactor vessel. A loss of pressure in the vessel triggers a sensor that releases water from the makeup tank into the vessel, according to Howard Bruschi, AP-600 program director at Westinghouse. Gravity, and the difference in pressure, sustains the flow. If the pressure keeps falling, a second tank begins discharging into the vessel.

As a last resort, the reactor vessel is depressurized and the surrounding steel containment flooded with 500,000 gallons of water, fed by gravity. The water continues to cool the flooded reactor core indefinitely through natural circulation, which carries heat from the core to the containment. The containment is cooled mainly by the convection of air at its surface, aided by the evaporation of water sprayed on it. Operators need not do anything for three days, when more water might be needed for the sprayers, Bruschi said.

This safety measure of depressurizing the reactor vessel in a severe accident has long been a feature of General Electric’s reactors. It was retained in GE’s simplified reactor design, only its million-gallon reserve would be fed into the containment by gravity instead of pumps in the event of a worst-case accident, according to Daniel Wilkins, general manager of advanced boiling water reactor programs at GE Nuclear Energy in San Jose.

The reactor vessel is larger than in a conventional GE design, enabling the core to cool itself by convection, with heat escaping through a “chimney” above the core. Because the larger vessel also holds more water, it would take longer for the water to leak out, exposing the hot nuclear fuel and creating a dangerous situation. This in turn would allow more time for the gravity-driven cooling system to flood the containment, which takes longer than in a conventional reactor of this type. Like Westinghouse’s AP-600, GE’s SBWR (simplified boiling water reactor) could take care of itself for three days after an accident, Wilkins said.

Perhaps the most intriguing of the simplified designs is ABB’s PIUS (process inherent, ultimately safe). Whereas many of the other reactors would flood themselves in a severe accident, the core and other key components of PIUS would already be entirely submerged in a million-gallon pool of pressurized water during normal operation. The pool and reactor would be enclosed by a giant, specially reinforced concrete and steel vessel.

Underneath the reactor core is water with boron dissolved in it (“borated” water). Boron, which absorbs neutrons and halts nuclear reactions, is kept out of the reactor by a delicate balance of hydrostatic pressures. No physical barrier separates the borated and unborated water.

However, any change in the flow of unborated coolant--caused by a pump failure, for example--upsets the hydrostatic balance and causes the borated water to well up and stop the nuclear reaction. The huge volume of water surrounding the reactor would absorb all of the excess heat, ABB says.

“PIUS is probably as far as you could go in reducing the chance of core damage in a water-cooled reactor,” said Sholly. “I’ve tried to find ways of causing core damage within a week, and I haven’t come up with any yet.”

Hendrie, of Brookhaven National Laboratories, had his own reservations. “It’s quite clear that if you could indeed execute it, it would sure as hell be safe enough. The question is, could you operate it--would it make electricity steadily enough? Or would it shut itself down all the time, at every hiccup? I don’t know if that question has been solved.”

He questioned whether ABB has “gone so far in the direction of making it ultimately safe that you’ve sacrificed the necessary operating capabilities.”

Nonetheless, nine major U.S. utilities have issued a statement in support of the PIUS design, and next year the Nuclear Regulatory Commission plans to begin reviewing it for possible future certification in the United States, a spokesman said.

A ‘Simplified’ Reactor

The Westinghouse AP-600 below is one example of the nuclear industry’s “simplified” nuclear reactor. These reactors are designed to be at least 10 times safer and more economical then conventional ones.

NEW REACTOR’S FEATURES

Self-contained: Reserve coolant tanks are located inside the containment structure itself--unlike conventional reactors, where only the accumulator tank is located inside the containment vessel.

Natural cooling: Safety systems use natural forces of gravity, pressure circulation and cooling by convection and evaporation, rather than the complex and expensive external pump-operated systems in conventional reactors.

Automated safety features: So-called passive safety mechanisms are designed to automatically kick in and override any detrimental human action or inaction in the event of an emergency. Most conventional reactors, although partially automated, require human oversight and intervention.

Less power: The amount of power produced will be at least one-third less than modern conventional reactors, allowing for simplified emergency response systems needed to remove heat from the reactor in the event of an accident. A larger reactor vessel ensures that more reserve cooling water is on hand in the event of an accident.

HOW THE REACTOR WORKS

A. Under 2200 psi (pounds per square inch) pressure, 550-degree water (heated up in previous trips through the cyclical process) is pumped through what is called the cold leg pipe into the reactor vessel, where it is exposed to the radioactive fuel rods.

B. In the reactor, water is reheated up an additional 50 degrees and then re-enters the steam generator via the hot leg pipe.

C. From there, heat from the radioactive water is transferred to non-radioactive water, producing steam that passes out of the containment structure to turn the turbines and generate electricity.

D. Cooler non-radioactive water returning from the turbine enters the steam generator, where it cools radioactive water that then enters the reactor through the cold leg pipe, repeating the cycle.

SOURCE: Westinghouse Energy Systems

Compiled by Times researcher Michael Meyers