Science in Society Archive

Close-up on Nuclear Safety

New report finds nuclear safety seriously amiss and there is no protection against sabotage by terrorists Dr. Mae-Wan Ho

Nuclear safety under the spotlight

While world leaders are falling over themselves signing up to the nuclear renaissance [1] (Nuclear Renaissance Runs Aground, SiS 40), critics have been quick to remind them rightly of the accidents at Three Miles Island in 1979 and Chernobyl in 1986.

At the Three Mile Island power station near Harrisburg, Pennsylvania, in the United States, a cooling malfunction caused part of the core of a nuclear reactor to melt down, releasing an estimated 43 000 Curies of radioactive krypton gas and under 20 curies of the particularly hazardous iodine-131 to the environment [2].

The disaster at the Chernobyl plant near Pripyat in the Ukraine of the former Soviet Socialist Republic was the worst nuclear accident in history. A nuclear reactor exploded (several times) and caught fire, sending a plume of highly radioactive fallout into the atmosphere that contaminated an extensive geographical area [3]. The fallout was 30 to 40 times that released by the atom bombs of Hiroshima and Nagasaki in Japan during World War II. Some 336 000 people were evacuated and resettled. A 2005 report prepared by the Chernobyl Forum, led by the International Atomic Energy Agency and World Health Organization attributed to the Chernobyl incident 56 direct deaths and an estimated 4 000 extra cancer cases among the approximately 600 000 most highly exposed, and 5 000 among the 6 million living nearby.

Given the poor safety records of the nuclear industry even in the top nuclear nation France [1], who can guarantee that accidents on the scale of Chernobyl will not happen again with the proliferation of new power stations and especially while old power stations are being extended beyond their intended, safe lifetimes?

Poor safety design offers no protection especially against malevolent acts

In response to the tabling of two new reactors and the refurbishing of old ones in Ontario, Canada, a detailed assessment of nuclear accidents and malfunction was carried out by Gordon Thompson of the Institute for Resource and Security Studies at the Massachusetts Institute of Technology [4]. The assessment reveals a litany of design faults in nuclear reactors that fail to protect the public adequately against accidents and malfunction due to human error, mechanical hitches, or external events such as tornados and earthquakes. In particular, there is no protection against malevolent or terrorist attacks. This applies to both existing nuclear reactors and “Generation III” reactors in the pipelines or under construction.

Neither international nor national safety guidelines require such safe designs. Thompson is especially critical of the regulator’s and industry’s concept of “risk” defined as a product of a number indicating the consequence of an event and another number indicating its probability of occurrence, arguing that equal levels of risk should be equally acceptable to the public.

That argument is not a scientific statement, it is, instead, dogma representing a particular set of values and interests.” Thompson writes. The reason is that the public may be more concerned about the potential for a high-hazard, low-probability event than a low-hazard, high-probability event at the same level of risk. “That concern can reflect a legitimate set of values and interests, scepticism about estimates of low probability, doubt about the complexity of consequences can be represented by simple indicators, and recognition that new phenomena can come into play when thresholds of consequence are exceeded.”

(Thompson’s criticism applies to risk assessment in every field, from genetically modified crops to mobile phones, as our readers will be fully aware.)

Can nuclear power be safe, or safer?

In the 1980s, the reactor vendor ASEA-Atom developed a preliminary design for an “intrinsically safe” commercial reactor known as the Process Inherent Ultimate Safety (PIUS) reactor which was described as follows.

The basic design of today’s light water reactors evolved during the 1950s when there was much less emphasis on safety. Those basic designs held certain risks, and the control of those risks led to an increasing proliferation of add-on systems and equipment ending up in the present complex plant designs, the safety of which is nevertheless being questioned. Rather than to continue into the ‘blind alley’, it is now time to design a truly ‘forgiving’ light water reactor in which ultimate safety is embodied in the primary heat extraction process itself rather than activated by add-on systems that have to be activated in emergencies. With such a design, system safety would be completely independent of operator actions and immune to malicious human intervention.”

The PIUS design goal was “complete protection against core melting or overheating in case of any credible equipment failure, natural events such as earthquakes and tornadoes, reasonably credible operator mistakes, and combination of all those. In addition, the design should protect against inside sabotage by plant personnel completely knowledgeable about reactor design, terrorist attacks in collaboration with insiders, military attack, as by aircraft with ‘off-the-shelf’ non nuclear weapons, and abandonment of the plant by the operating personnel.

Such a PIUS light-water reactor was indeed designed by ASEA-Atom that would cost no more than a conventional plant with the same generation capacity. But to-date no PIUS plant has been ordered.

Another attempt at improving nuclear reactor safety was made in 1991 in a study conducted at the US Oak Ridge National Laboratory, which put together a list of characteristics of ‘PRIME’ reactors, with safety features that are passive, resilient, inherent, malevolence-resistant, and extended, i.e., remaining in a safe state for an extended period after an accident or attack. The study identified several types of reactors in various states of development as PRIME, but did not set a framework of indicators and criteria that could be used to assess the comparable merits of those reactors to determine if it belonged in the PRIME category.

During the past decade, Generation IV reactors have been proposed that use ‘closed fuel cycles’ to extend the life of uranium reserves, but these remain on paper as long-term strategies to be developed over the next several decades while Generation III reactors are constructed. The European Commission concedes that Generation III reactors would not meet criteria for sustainability [5] (see The Nuclear Black Hole, SiS 40), let alone safety.

The reactor is not the only source of serious hazard in case of accidents. The  Canadian Environmental Assessment Agency (CEAA) identifies three categories of accidents and malfunctions: those directly involving the nuclear reactor such as serious damage to the reactor core; conventional accidents and malfunctions that result in chemical or radioactive releases not directly involving the reactor core and may include those associated with nuclear fuel, and malevolent acts involving fires, explosions, punctures, aircraft crashes that could result from sabotage or terrorist actions.. 

Major hazard involving spent fuel

The spent nuclear fuel now stored on site in nuclear power stations is another source of major hazard. Large amounts are stored under water in pools next to the reactors. Those pools currently use high-density racks to maximise the storage space. Unfortunately this makes cooling less effective especially if water were lost from a pool. Several studies, including one from the US Nuclear Regulatory Commission (NRC) [6] (see Old Nuclear Cash Cows Exposed, SiS 40)  have come to the conclusion that loss of pool water could lead to spontaneous ignition of the zirconium alloy cladding of the most recently discharged spent fuel assemblies. The resulting fire would spread to adjacent fuel assemblies and propagate across the pool. It would be difficult if not impossible to extinguish the fire once it had started. Spraying water would make it worse because of an exothermic (heat producing) reaction between steam and zirconium. A fire in the spent fuel storage pool would release huge volumes of radioactive gases to the atmosphere, just as in the case of fire in the reactor core, including a large proportion of the radioactive cesium-137, which is water-soluble and extremely toxic in minute amounts. Loss of pool water could happen in various ways, such as the failure of pumps or valves, piping failures, an ineffective heat sink, a local loss of power, and malevolent acts. According to the  NRC Report [7], a fire in the spent fuel pool at a reactor like Vermont Yankee in Pennsylvania, USA, which stores 488 metric tonnes of spent fuel, would cause 25 000 fatalities over a distance of 500 miles if evacuation were 95 percent effective. But that evacuation rate would be almost impossible to achieve.

It gives us little comfort to know that none of the commercial nuclear power plants now operating around the world can resist malevolent attacks, not because it is impossible to design such plants, but because the industry has simply chosen not to do so, and the International Atomic Energy Agency, responsible for among other matters, the development of criteria for the safety and security of nuclear power plants, does not explicitly require plants to be safe against malevolent attacks. The Canadian Nuclear Safety Commission’s criteria are no better. Neither agency addresses potential releases from stored spent fuel.

Not surprisingly, none of the proposed Generation III nuclear reactor designs in Ontario or elsewhere gives adequate protection against malevolent attacks and may also fail other safety design criteria.

There is practically no defence against a range of “credible” attacks on existing nuclear plant. Among the possibilities mentioned is [4] “a small, general aviation aircraft laden with explosive material, perhaps in a tandem configuration in which the first stage is a shaped charge.” A shaped charge is one that is shaped to deliver all the energy of explosion in one direction.

Devastating as they are, it won’t be safety concerns that aborts the nuclear rebirth, but the economics [8] (see Nuclear Industry’s Financial and Safety Nightmare, SiS 40).

Article first published 17/09/08


  1. Ho MW. Nuclear renaissance runs aground. Science in Society 40.
  2. Three Mile Island accident, Wikipedia, 3 September 2008,
  3. Chernobyl disaster, Wikepedia, 2 September 2008,
  4. Tompson GR. Scope of the Environmental Impact Statement for New Nuclear Power Plants at the Bruce site in Ontario: Assessment of Accidents and Malfunction, Institute for Resource and Security Studies, Massachusetts Institute of Technology, Greenpeace Canada, June, 2008, presented to the Canadian Environmental Assessment Agency and the Canadian Nuclear Safety Commission
  5. Ho MW. The Nuclear black hole. Science in Society 40 .
  6. Ho MW. Old nuclear cash cows exposed. Science in Society 40.
  7. Collins TE and Hubbard G. Technical Study of Spent Fuel Pool Accident Risk at Decommissioning Nuclear Power Plants, Division of Systems Safety and Analysis, Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission, Washington DC 20555-0001, February 2001,
  8. Ho MW. Nuclear industry a financial and safety nightmare. Science in Society 40.

Got something to say about this page? Comment

Comment on this article

Comments may be published. All comments are moderated. Name and email details are required.

Email address:
Your comments:
Anti spam question:
How many legs on a duck?