II Etiology

Where Was the Weakness in Application of Defense-in-Depth Concept and Why?

Akira Omoto

Abstract The accident at Fukushima Daiichi Nuclear Power Station was caused by an unprecedented Magnitude 9.0 earthquake and tsunami. However, the plant was not well prepared to withstand such an unexpected natural hazard. Although defense-in-depth was supposed to be compensating for uncertainties and incompleteness in our knowledge, there were weaknesses in the application of the concept. This paper analyzes where the weakness was and why. Besides technical lessons, the analysis goes to the background of the weakness and concludes with the importance of questioning and critical review of the current practices and provisions, and learning from best practices in order to continuously improve safety. However, it should be considered that this insufficiency in preparedness was not necessarily unique to Japan (its environment and other national factors). Hence, nuclear power countries and those new entrants launching nuclear power programs are expected to learn lessons from this accident, such as the need for continuous re-assessment of design basis natural hazards, understanding of where the cliff edge to core melt exists, how to increase distances to the cliff edge, and, above all, that technical fixes do not solve everything and attitude matters.

Keywords Nuclear safety Tsunami Defense in depth


The accident at the Tokyo Electric Power Company (TEPCO)'s Fukushima Daiichi Nuclear Power Station was not a black swan, but was probably a gray swan [1]. The technical problem that led to the multi-unit accident involving core melt and fission product release to the environment was insufficient preparedness for complete Station Blackout (SBO: loss of all AC/DC power) coupled with Isolation from Heat Sink (IHS) caused by the tsunami (see Chap. 2—eds.). The tsunami resulted in flooding of the Electric Equipment Room (containing switchgears, power center, batteries, power source for Reactor Protection System) located on the underground floor of Turbine Buildings of Units 1–4, which almost completely (with exception of DC power in Unit 3) deprived AC/DC power supply capability to safety systems as well as to other components required to function for Accident Management in Beyond Design Basis Events (BDBE).

Historically, tsunami had frequently hit coastlines in Japan. With the advent of knowledge of plate tectonics and other factors, Japanese nuclear reactor operators had discussed re-evaluation of Design Basis Tsunami (DBT) for more than 10 years before March 11, 2011. Nevertheless, decision-making on counter-measures to possible high tsunami after 2002 (when revision of design basis tsunami was made) was not done in time for 3.11 (hereafter the accident is also referred to as 3.11). Furthermore, progress in preparedness in the form of Accident Management to BDBE after the Chernobyl accident and the 9.11 attack was not fully developed, especially on two points: incapability to withstand extended SBO and IHS, and insuffi capability to implement Accident Management under disabled conditions [given damage to Structure, System and Component (SSC), team, communication, etc. by external hazard]. Similar provisions as those represented by B.5.b[1] in the

U.S. nuclear industry to protect plant safety under damaged conditions did not exist.

This chapter discusses why there was incompleteness in preparation to the unexpected disaster in Japan, utilizing information from reports including accident investigation committees' reports and other studies and insights [2–14].

The etiology naturally goes to the question “what was behind the insufficient preparedness and decisions by those involved in the accident, namely TEPCO, the regulatory body, the nuclear community, as well as those involved in Emergency Preparedness and Response (EPR)?” This discussion leads to national factors including cultures prevailing in an organization, the nuclear community, and society as a whole. However, as researchers in safety culture argue, cultures are not good or bad by themselves but are good or bad at achieving certain outcomes.

  • [1] Considering the event of September 11, 2001, U.S. Nuclear Regulatory Commission (NRC) imposed licensees, by Section B.5.b of the order, to take compensatory measures. This section was kept confidential due to security reasons.
< Prev   CONTENTS   Next >