As someone who has been involved in many safety reviews and incident investigations, what always concerned me more than anything were the things we might have missed.
In 2002, Defense Secretary Donald Rumsfeld made the following observation:
There are things we know that we know. There are known unknowns. That is to say there are things that we now know we don’t know. But there are also unknown unknowns. There are things we do not know we don’t know.”
Chernobyl was caused by one of these unknown unknowns. This is partially true for Fukushima as well, but at least in that case the causes were understood. They were just deemed to be highly unlikely, such as the possibility that a tsunami could breach the plant’s 33-foot tall seawall.
Preventing Another Chernobyl
When someone asks if a Chernobyl could happen again, the engineer in me pauses and thinks about the unknown unknowns. By definition, we don’t know what they are. Thus, the completely honest answer when someone asks me this question is “I don’t think so, but I can’t guarantee it.”
Further, we have seen people deliberately crash airplanes. Could a disgruntled operator deliberately sabotage a nuclear plant and cause a catastrophic outcome?
Given the possibility of unforeseen events or even sabotage — in combination with potentially catastrophic consequences — nuclear power plants must approach the mitigation of consequences with overkill and redundancy. By that, I mean that if a series of events can take place that would potentially lead to a catastrophic incident, there should be several layers of potential mitigation. We have to ensure that even with a saboteur’s best efforts, they couldn’t cause a catastrophic release from a nuclear power plant.
Ultimately, there is no way to foresee all possible causes of an accident. Thus, we have to ensure that if a failure takes place, it results in a safe state. I discussed the example of an electrical fuse in a previous article. When the fuse fails, it does so in a safe state. The flow of electricity stops. I do believe our best minds can ensure such designs in the world’s nuclear power plants.
If we can ensure that all nuclear power plants in the world are fail-safe designs, then we can indeed say that even though failures could happen, “No, another Chernobyl is simply impossible.”