OK, by now everyone is suffering from disaster numbness. Last year Haiti earthquake. Tornado season, record blizzards, the coming spring thaws and flooding. An now, the Japan earthquake and Tsunami, culminating with the on-going reactor debacle.
Focus for a second on the last of this list—the reactor story. I’ve heard some commentators talk about lack of preparedness. “They should’ve known,” is the often delivered comment from the pundits.
Let’s take a minute and look at what turns events into unmitigated disasters.
No disaster ever has a single cause. It is always precipitated by some event that, on the surface, may actually be relatively benign. Disasters are always caused by multiple events, any one of which, if prevented, could have averted the catastrophe. Consider an airplane accident. Investigators in the aviation industry analyze accidents to determine the cause(s). There are always more than one. If the pilot had changed altitude….. If the airplane had another 300 lbs of fuel….. If the radar operator had requested acknowledgement of a direction change…. Any one of these “ifs” would have prevented the accident, since the result is that the airplane would not have been at the point in space at the time the accident occurred.
Apply this thought process to the current events. The reactors in Japan were built to earthquake standards. Since no force 9 quake had ever occurred, the standard was set to something less than that. But the quake itself didn’t cause the radiation leak. The reactors all have an automatic shutdown feature that triggers at the onset of a quake, and they all worked, despite some quake damage to the reactors.
In fact, the quake disrupted the power grid throughout the country. Electric power is needed to keep the cooling pumps running, which are required even in shutdown mode. No problem! Each reactor has a bank of backup generators that kick in if the power fails….except when a tsunami of such magnitude overwhelms their protections and the generators flood. No problem! There is a bank of battery power that runs the pumps until the generators can come back on line….. No problem! except when the generators are rolling around in the surf. A third backup existed where the local fire department sends its pumpers to provide cooling water to the reactors, even sea water, if necessary…. No problem! except where the fire departments are scattered everywhere trying to handle the disaster. The fire departments spared some pumpers and positioned them to pump sea water over the reactor cores…. No problem! until they ran out of gas because there was no electric power to fill tankers to deliver fuel through the disaster area to the pumpers.
Are we seeing a picture here? No matter what backup exists, there can always be another hiccup that prevents it from working as advertised. Risk management and mitigation can and should provide many layers of backup procedures and protection. How much and how many are determined by some actuary who creates an objective cost to a subjective probability. Costs are the final determinant. Build to withstand a Cat 8.5 earthquake. Build it on a site that is elevated 50’ above sea level, since the highest tsunami ever recorded reached 30 feet high. Site the generators on the ground, but protect them with a security wall so they can be serviced and swapped out as needed. Build battery backup to power the pumps for one-hour, since redistributing power from the other generators takes only 20 minutes. Establish a memorandum of understanding with the local fire department to dispatch a pumper if called on by the power station. Execute a contract to have fuel delivered to the site as needed in an emergency. (While the numbers in this paragraph are hypothetical, they illustrate my point.)
How many levels are enough? Obviously in this case they weren’t enough.