Eleventh Bieleschweig Workshop, Bielefeld, 3-4 August 2011
The Fukushima Accident and Systems Prone to EUE
Senate Meeting Room (Senatssaal) A3-126, University of Bielefeld
- CITEC, University of Bielefeld
- Causalis Limited
- Centre for Software Reliability, University of Newcastle-upon-Tyne
- University of Bielefeld Faculty of Technology
The book arising from this Workshop,
The Fukushima Dai-Ichi Accident, Peter Bernard Ladkin, Bernd Sieker and Christoph Goeker, eds., is now available (December 2013) from the publisher,
LIT Verlag WebShop (please note there is a button on the WWW site for English-language and German-language pages). It includes longer articles on both engineering and risk issues by Lee Clarke, John Downer, Peter Bernard Ladkin, Stephen Mosley, Charles Perrow, Volkmar Pipek and Gunnar Stevens, Bernd Sieker and Stefan Strohschneider and is dedicated to Hal Lewis, one of the pioneers of accurate risk assessment of nuclear-power technology.
The mature versions of the papers presented at the Workshop are included in the proceedings, above. Additional material which does not appear in the proceedings is linked below.
On March 11, 2011, the Tohoku earthquake took out the primary power supply for the Fukushima Dai-ichi nuclear power plant on the east coast of Japan. Less than an hour later, the tsunami caused by the earthquake flooded the plant and the backup generators ceased functioning. This is called a station blackout. Tertiary power is supplied for a few hours by batteries. An electricity supply is needed in order to keep the cooling systems running; a running reactor or one in cold shutdown requires continual cooling. Thus started the most severe nuclear accident in a quarter century and one of the two most severe ever.
From a purely technical point of view, the accident can be characterised by the physical necessity of cooling active and spent nuclear fuel and the difficulty of doing so, caused partly by the inability to do so using foreseen methods and the consequent physical distortions such as core meltdown.
From a broader social point of view, the accident may be characterised by the lack of operational foresight into foreseeable events (it is by now uncontroversial that a tsunami event sufficient to top the seawall at Fukushima Dai-ichi was foreseeable), and the extremely severe consequences. A station blackout unrecoverable by foreseen procedures may be characterised as an Extreme Unsafe Event (EUE). The Japanese Government has set initial recovery costs from the accident at some €70 billion, which contrasts with the €20 billion set aside by BP as compensation for the Deepwater Horizon accident and the typically €200 million - €1 billion which a major commercial aircraft accident costs. Nuclear accidents are by most measures the most severe peacetime unsafe events. Social questions arise as to how, even whether, nuclear fission power technology can be rendered sufficiently safe; indeed what level of safety is sufficient, why, and how this is decided.
The key issues are thus not purely technical. Neither are they purely organisation-theoretical. The polity plays a role in deciding sufficient safety, at the extremes by giving up the technology, as in Germany and Switzerland, and at the other extreme through public protest, as has been experienced in Japan. At the technical level, the question arises why the clearest and most accessible public statement of the specific hazard which led to the Fukushima accident is to be found on a book by a sociologist of organisations, Charles Perrow, and not, say, in a publically-available Hazard Analysis by the operator or regulator of the accident plant. This phenomenon makes it crystal clear that sociology of engineering has a role to play in the very engineering of such systems.
Talks and References
Wednesday 3 August
- 10:10-11:30 Peter Bernard Ladkin, Bernd Sieker (Uni Bielefeld/Causalis): The Fukushima Diaries
Abstract: Since March 13, we have run a closed mailing list for unrestricted discussion of the Fukushima accident and related issues withe systems prone to EUE (there have been discussions of cloud computing, and the Mississippi floods as well). PBL will summarise the main issues which concerned discussants, while preserving the necessarily-discreet nature of the continuing discussion. BMS will present his data analysis of the daily published parameters.
Ladkin: The Fukushima Dai-Ichi Accident: Some Themes (slides)
Ladkin: Fukushima, the Tsunami Hazard, and Engineering Practice (27.03.2011)
Ladkin: Fukushima Dai-Ichi Accident: Sociologist Needed! (31.03.2011)
Ladkin: The Epidemiology of Memes and its Effect upon Safety (14.04.2011)
Ladkin: 11th Bieleschweig Workshop: The Fukushima Accident and Systems Prone to EUE (22.04.2011)
Ladkin: Probabilistic and Possibilistic Analysis: The Precautionary Principle and EUEs (13.05.2011)
- Bernd Sieker built SW to receive the multiple daily Fukushima reactor parameter-value publications from TEPCO and NISA and automatically display them in graphical format. Observations are possible that have otherwise not been explicitly made. Thus, for example, the cooling of the spent fuel pools of Units 5 and 6, where the core fuel elements are currently stored, appears to have proceeded alternately, which suggests there was only means of cooling which had to be switched between the two plants. This seems to represent a loss of defence in depth, which would seem to entail an INES Level of 1 or 2, higher than the given Level
Sieker: Continuously Plotted Parameter Graphs
- 11:30-13:00 Nancy Leveson (MIT): Regulating Nuclear Power
Abstract: Nuclear power plant certification and regulation has remained relatively constant over their existence but technology and social factors are changing. I will discuss what I think is the problem and the direction we should be moving.
- 14:00-15:30 John Downer (Stanford): Why Do We Trust Nuclear Safety Assessments? Failures of Foresight and the Ideal of Mechanical Objectivity.
Abstract: This paper is about the bureaucratic processes through which we frame technological risk as credibly 'knowable'. It looks at how risk-assessment practices sustain their credibility, even in the aftermath of disaster.
Downer: Why Do We Trust Nuclear Safety Asessments? : Failures of Foresight and the Ideal of Mechanical Objectivity
- 15:30-17:00 Martyn Thomas (Thomas Associates): Systems Dependent on GPS
Many ground-based systems are becoming dependent on satellite navigation systems, for example the traditional emergency services: police, fire and ambulance. However, such satellite navigation systems are quite vulnerable to intentional and unintentional disturbance. Martyn chaired a study by the Royal Academy of Engineering into the vulnerabilites induced by such dependence, published the day before the Fukushima accident. He presented the results.
Global Navigation Space Systems: Reliance and Vulnerabilities
- 17:00-18:00 Axel Schneider (Bielefeld): To Boldly Go.. Legged robots as remote handling devices in disaster scnearios? - Challenges and chances
Abstract: A brief overview of the current development of bio-inspired drive systems and walking machines in Bielefeld, followed by a survey of different locomotion strategies without wheels in mobile robotics. Can these systems be of any help in disasters such as Fukushima? Is an alignmnet of research strategies in mobile robotics necessary and desirable? Discussion is encouraged!
Thursday 4 August
- 10:00-11:30 Charles Perrow (Yale): Fukushima as Poster Boy for EUEs.
Abstract: I shall discuss What is commonplace with the Fukushima accident, compared with other industrial disasters, and point out some unique issues that are more disturbing than the commonplace ones.
Perrow: Lessons from Fukushima (28 March 2011)
Perrow: Fukushima, Risk and Probability: Expect the Unexpected (1 April 2011)
- 11:30-13:00 Lee Clarke (Rutgers): I'm Warning You
Abstract: I shall offer some reflections on the institutional aspects of "warning." Warning is often thought of as a technical problem--TCAS on aircraft, PAVEPAWS for US defense, smoke detectors in homes, radar detectors in cars--or as mainly a problem of informing the public to take preventive action. Clarke is concerned with a different class of events: Which voices do organizations pay attention to, and which do they ignore? How do elites and organizations respond to expertise? What are the dilemmas for scientists who might warn? I shall have more questions than answers.
Clarke: Worrying About Worst-Case Scenarios Makes Sense (24.03.2011)
- 14:00-15:30 Robin Bloomfield (Adelard/City Uni, London): Fukushima: Some Observations
Bloomfield: Fukushima: Some Observations
- 15:30-17:00 John Knight (Uni Virginia): Discussion
Theme: Cybersecurity Issues with Critical Plant
- 17:00-18:00 Jörg Bergmann (Bielefeld): Views of the "Communicating Disaster" participants on the Fukushima accident
Bergmann, Schorch, Hitzler (eds): The Earthquake, the Tsunami and the Nuclear Meltdown in Japan: Responses from members of the `Communicating Disaster' Research Group