by Tony Stein
Harrisburg, PA March 28, 1979, 4 a.m. Three Mile Island
A chronic problem at the Three Mile Island nuclear reactor was water filters becoming jammed. Two technicians were busy working over the routine task of trying to clear a filter. One of the technicians had climbed upon one of the huge pipes that make up much of the reactor coolant system, in order to get a better view of a particular gauge. His attention was redirected by the immense sound and vibration he felt. Looking down the length of the pipe, he saw a bullet of water surging his direction. He jumped free just in time. The force of the water ruptured the pipe at the point where it connected to one of the coolant pumps. The technician rushed to the control room while the words "Unit Two. Turbine trip, reactor trip." echoed out over the PA system. Three Mile Island was about to get on the map.
The initial problem at Three Mile Island, the failure of its main reactor coolant pump was serious. It did not have to become the major distaster that it matured into. As a safety-critical system, nuclear reactors such as the one at Three Mile Island are subject to certain government regulations; and are required to have standard features to prevent major accidents. The first line of defense where safety is critical is redundancy. Every system at Three Mile Island had at least one backup, usually more. The coolant circulation system is a particularly important part of keeping a reactor under control, so in addition to the main coolant pump, Three Mile Island had three emergency pumps as backup.
Moments after the main coolant pump failed, the emergency feedwater pumps, as they are called, were automatically activated to take up the slack. However, a sequence of events had already begun that would nullify the efforts of the pumps.
The heart of a nuclear power plant is its reactor. This is where fission takes place and water is superheated to run the electrical generators. This heat transfer takes place in a closed loop, so that radiation does not escape the reactor chamber. It usually does not even get to the inside walls of the chamber. What does build up is pressure. This pressure must be controlled, and usually is as a part of the normal operations of the reactor. In an emergency however, pressure can sometimes build up faster than it can be handled. When the main coolant pump in Unit 2 failed, the pressure inside the reactor spiked. It had to be released somehow. Designers of reactors are required by law to include on their reactors, emergency release valves to vent the pressurized steam in such a spike. Unit 2 was no exception and had such a valve.
This valve was never used. It turns out that releasing pressure in this fashion, while averting disaster, is very expensive. The steam that comes out is not pure water but water mixed with whatever harsh chemicals exist inside the reactor containment. Upon release, this steam condenses over all of the hardware inside the unit, causing much corrosion and expensive damage to the working of the power plant. To solve this problem, designers included a second valve, one that opens when the pressure is between the safe level and the danger level, then closes again when it goes higher or lower.
It is important to note here the contradictory nature of government regulations concerning safety-critical systems. The business of the pressure release valves serves as a good demonstration. As a requirement of nuclear critical systems, the main release valve is subject to certain manufacturing and operational minimum standards. In short, it has to perform when it is supposed to. The secondary valve was not required by the government even to exist. It was put there simply to ease the operations of the reactor. As such it was not subject to the same regulations. These secondary valves had a history of flakiness and it was not uncommon for them to fail.
The secondary valve on Unit 2 did just this. It was opened by the pressure spike in the reactor. It then failed to close after the pressure was no longer inside the specified range. This meant that the reactor had a leak, just the same as if someone had knocked a hole its wall. Further, the sensor that was supposed to tell the operators in the control room was out of service, so no one knew that the valve had failed.
It is here that the human coefficient to the equation made its presence felt. The government can regulate as much as it wants, but humans as part of a safety-critical system add an element of unpredictability that cannot be eliminated. Each of the technicians involved had extensive training and good experience with nuclear power plants. They were required to undergo reactor event simulations on a regular basis and could handle everything fission could throw at them. This is what happened:
Upon the main coolant pump failure, the reactor was SCRAMed. This means that the neutron-eating rods that control the nuclear reaction are slammed completely into the reactor core, killing fission. However, the reactor must still be cooled, because there is immense residual energy present in the core. (If it is not kept cool, fission will continue unabated and meltdown occurs.) The people manning the control room had the following situation. Pressure inside the reactor was falling, because the secondary valve was stuck open (but they did not know this). The temperature in the reactor was rising dangerously high, because all of the coolant was being released through this valve. This is the opposite of what the operators expected because (as any high school physics student can tell you), pressure is directly related to temperature. If the pressure goes up, the temperature goes up and vice versa. Now we have a case where the pressure is going down, but the temperature is going up. No one knew why and, as a result, Unit 2 of the Three Mile Island nuclear reactor was left uncooled. It was to remain so for longer than sixteen hours. The damage had been done.
Temperature inside the core began to reach unimagineable temperatures and things began to happen. The rods that contained uranium fuel began to disintegrate under the heat, releasing pure hydrogen gas (that explodes spectacularly on contact with oxygen) and radiation began to escape the rods, to be released into the outer parts of Unit 2 through the faulty release valve. Upon noting the increased radiation a "site emergency" was declared. Soon after, when the operators found that they were unable to end the problem, this was upgraded to "general emergency" and Pennsylvania state authorities were notified of the event. At about 7:30 a.m., the plant operators settled in for a long day.
What is a core meltdown? Essentially, fission inside the core rages uncontrolled, not enough to explode as in a nuclear bomb, but hotter than any man-made structure can contain. The uranium core will eventually burn down through is steel and concrete pedestal, breaching its containment and melting into the ground, probably stopped only by bedrock. An additional problem is groundwater. When the core reaches the water underground, the water flashes to steam and plows it way to the surface, irradiating everything it passes over. The plant operators and now, emergency personnell, had to do everything they could to prevent a core meltdown.
It is the fear of meltdown that drove the events to follow. Nearby towns were evaculated, the area surrounding Unit 2 was uninhabitable (Unit 1 is still in operation). While the engineers were able to prevent the meltdown by getting coolant back to the core eventually, enough radiation leaked from the containment to poison the immediate area long into the foreseeable future. There was, of course the media storm following. Officials were slow to act, slow and reluctant to inform the public of the problem, and ignorant of the problems of ensuring safety where nuclear power is concerned.
The Three Mile Island incident was a result of a spectacular string of design flaws, mechanical failures, and human misunderstanding. While the nuclear power plant is a safety-critical system, this safety was not ensured at Three Mile Island. Nuclear power was a point of public contention before the accident, and is even more so after. Government safety-critical regulations have been called into question, and the nuclear power industry is stalled and even now, in decline.
Last updated 98/06/17
Developed as part of a class assignment, CS 3604, Fall 1997, by Tony Stein