Fukushima; about risks, reliability and robust design


  • Aarnout Brombacher

Friday, March 11th, 2011 Japan was hit by one of the most severe earthquakes ever recorded. The earthquake not only caused incredible immediate damage to people, buildings and infrastructure, but also initiated a Tsunami that caused incredible damage as well.

As we all have seen, a combination of events caused the major damage and problems to the nuclear reactors at the Fukushima nuclear power plants. Since Japan is in a part of the world where earthquakes are quite common the reactors are designed to handle (the consequences of-) even major earthquakes. At the moment the earthquake was detected the reactors were automatically switched off. Diesel generators automatically powered up to generate electricity for the cooling systems of the reactors for the case that the power grid would be damaged. So far, so good. Unfortunately, the mentioned Tsunami flooded the diesel generators so that the cooling system also was without power, the reactors overheated, control was lost and currently many people are fighting an often heroic battle to prevent further escalation and to, as far as possible, minimize further damage to people and the environment.

Following these events as they develop an old quote from Helmuth von Moltke1 came into my mind: ‘No battle plan survives first contact with the enemy’. In the context of our profession this could very well be rewritten as ‘No model survives first contact with reality’. Without any doubt the operating permit of the powerplant in Fukushima required models, based upon a solid scientific foundation, demonstrating that, also in the case of (combinations of-) highly likely events the powerplant would remain within its safety limits. Readers of this journal have, without any doubt, seen numerous models for purposes like this in various degrees of sophistication. Unfortunately, generating models has often become a goal in itself. It is not uncommon that papers are submitted with, for example, unusual degrees of redundancy that are, without any doubt, extremely interesting from a mathematical perspective but do not relate to any possible situation in practice.

On the other hand reality is often stranger than any of the aspects covered in the entire known repository of known models. The disaster in Fukushima is a striking example in this context. An interesting challenge to the readers of this journal, who are all leading professionals in the field of Quality and Reliability Engineering, would be not to further refine models that cover known situations but to come up with architectures for future systems that can also handle situations currently unknown. These ‘inherently robust’ architectures could handle unpredicted situations by falling back to very simple (physical) principles. Especially, the field of nuclear engineering has shown interesting concepts but, unfortunately, only very few have made it beyond the drawing board. Economic reasons have often prevented further development into commercial systems. Hopefully, the Fukushima events will be the start of a new development that is no longer dominated by principles of economic efficiency but by principles of structural safety. A nice challenge for the future!