I just finished reading ON THE BRINK: The Inside Story of Fukushima Daiichi. Aside from being well-researched and technically interesting, it was also emotionally wrenching in a way I didn't expect. Many of the people involved in the operation to save the plant (and Japan itself) carried out their duties knowing that they could - and as the situation seemed to indicate at many points, likely would - be killed.
What happened at Fukushima Daiichi was a genuine disaster, with many killed and a great deal of devastation that remains to this day. And yet, it is a miracle that it was not even worse. Of course, miracle is not the right word. Humans managed the disaster from the beginning, with a huge amount of effort expended prior to, during, and after the disaster. It is only by their cleverness in planning and determination during the worst of things that Japan itself remains inhabitable.
Having read this book, and other writing about this and other disasters, it's difficult to come up with general axioms for avoiding catastrophes like what happened at Fukushima Daiichi.
Simply asking, "How can we avoid nuclear (and other) disasters?" is daunting. The failure modes are so many, so varied, and so interdependent, that it is hard to know where to start.
The universe does not know about us, does not care about us, and is sufficiently unpredictable that designing systems capable of thriving despite its volatility will remain difficult for as long as we humans exist.
However, taking a Mungeresque reverse perspective is one possible way to crawl in the right direction.
For example, based on some of the examples from the Fukushima Daiichi disaster, we can perform the thought experiment in reverse, by asking questions like, "How would you destroy a nuclear plant like Fukushima Daiichi?"
Contrary to asking directly how we might prevent a disaster in the abstract, this question is much easier. There are many, many things one could do to make operating a large-scale nuclear power generation facility more failure-prone, and many of them don't take much cleverness to come up with. By thinking of how to make something fail, we can start to imagine how we might make it more resilient.
The following list includes my layman's thoughts of how one would operate a nuclear plant if fragility was the goal, based on my reading of ON THE BRINK: The Inside Story of Fukushima Daiichi:
- Assume the scale, frequency, and origin of future external threats (i.e., climate, geology, security, etc.) will remain the same as they were previously.
- Ensure an unclear chain of command. Even better, negotiate the chain of command during the crisis itself.
- Interrupt the work of frontline workers, as in the case of the Prime Minister visiting the site.
- Assume regular control interfaces (monitoring, reactor control inputs, valves) will work as before.
- Assume regular internal communication channels will be operational.
- Assume you will not need external supplies, equipment, personnel, or capabilities generally. In other words, assume you will be able to maintain complete self-sufficiency.
- Assume the relative importance of capabilities will remain the same as before the crisis. For example, assume that a typically unimportant portable diesel generator will remain unimportant in a crisis.
- Design your systems such that they require positive control input to remain in a stable state, rather than self-stabilizing/shutting down if no input is received. See also dynamically unstable systems.
- Keep frontline workers and managers in the dark: ensure that information only flows upward.
- Assume crises will be shortlived. Stock only small numbers of consumables like radiation-proof suits, respirators, batteries, etc., in reserve.
- Assume crises do not interact. For example, assume the failure of one nuclear power plant will not affect the operation of a separate nuclear power plant miles away.
- Be optimistic and assume the best: trust and do not verify reports you hear about certain capabilities operating normally, i.e., diesel generators remaining operational, radiation levels remaining low, etc.
- Count on the competence and heroism of single, isolated individuals. Assume they will not get hurt, lost, confused, tired, demoralized, panicked, and will always be able to perform their duties as before.