Union of Concerned Scientists

• Scientific Integrity
• Global Warming
• Clean Vehicles
• Clean Energy
• Nuclear Power
  • Nuclear Power 101
  • Nuclear Power Technology
  • Nuclear Power Risk
    • Nuclear Power Safety
    • Sabotage and Attacks on Reactors
    • Nuclear Proliferation and Terrorism
  • Nuclear Power and Global Warming
  • Nuclear Power Solutions
  • What You Can Do
  • Successes
• Nuclear Weapons & Global Security
• Food & Agriculture
• Invasive Species

Three Mile Island's Puzzling Legacy

Sunday March 28, 1999, marks the 20th anniversary of the worst nuclear power plant accident in US history. A series of equipment problems and worker errors turned a routine incident at the Three Mile Island Unit 2 plant outside Harrisburg, Pennsylvania into a full-fledged disaster. The reactor core suffered a partial meltdown and released more than 10 million curies of radioactivity into the atmosphere. Nearly 150,000 people left their homes near the facility and did not return until the situation stabilized days later.

The accident was a watershed event for the US nuclear industry. Seventy-four plants under construction at the time of the accident have since been cancelled. Thirteen plants that were operating when the accident occurred have been permanently closed by their owners. Only fifty-three plants then under construction were completed and placed into service. No nuclear power plants have been ordered since the accident.

The many lessons learned from the accident improved safety in areas such as better operator training programs, more comprehensive emergency response capabilities, and the creation of an industry peer group. However, recent problems in each of these areas strongly suggest that more homework is needed before these lessons can be considered fully learned.

More troubling signs indicate that some of the lessons have been ignored or forgotten. The nuclear industry, with the NRC's blessing, is calculating falsely high safety levels at nuclear power plants by ignoring the reality of past problems. The accident at TMI occurred after ten prior warnings at the plant were ignored by the plant's owner and the NRC. Ample evidence indicates that plant owners and the NRC continue to ignore signs of trouble. After TMI, the NRC earned a "Doublespeak" award for its communicating skills. The agency's persistent use of technical jargon and acronyms makes it apparent that the NRC does not yet want to relinquish this award.

We were relatively lucky at TMI because the plant was minutes away from the molten reactor core burning its way through the reactor vessel and triggering a steam explosion that would have released massive amounts of radioactivity into the atmosphere. We may not be so fortunate next time. The nuclear industry and the NRC must use the 20th anniversary of the TMI accident as an opportunity to take steps to make luck less of a factor in protecting public health and safety.

TMI's Forgotten Lessons

The Three Mile Island accident occurred a long time ago--so long ago that the industry and the NRC have apparently forgotten about it. For example, Figure 3.11 was taken from an NRC document released in October 1996. It shows the probabilities for serious accidents at nuclear plants with reactors designed by Babcock & Wilcox, the supplier of the Three Mile Island reactor. This data indicates the chances of an accident to be range between 3 in 10,000 years and less than 1 in 100,000,000 years. That sounds plenty safe, except there is data missing. The total experience in the United States--adding up every operating hour at every nuclear plant--amounts to just under 2,400 reactor years. So, reality is one accident every 2,400 years. But the NRC and the nuclear industry tossed out the TMI accident in order to present these very low probability numbers. Every student in America would be on the Honor Roll if wrong answers were ignored. Nuclear power plants are benefiting from inflated risk grading. More importantly, the American public is being wronged by this data manipulation.

There are other problems with the studies of risks at nuclear power plants that render their results useless. For example, the studies ignore the very real fact that design errors have been frequently identified that would have prevented emergency systems from functioning in event of an accident. After the Haddam Neck nuclear plant in Connecticut shut down in 1996, the NRC discovered that the pipe that its emergency system would have used to send makeup water to the reactor during an accident was too small to pass the necessary amount of water. Thus, this plant operated for 28 years with an emergency system that would not have functioned properly during an accident. Considering that this emergency system was installed solely for this purpose, this error seems significant. Yet, the risk study for this plant, and the risk studies for other nuclear plants, do not account for these design errors.

The Three Mile Island accident was triggered by a loss of feedwater. The plant had ten reactor shut downs caused by loss of feedwater in the year it operated. The plant's owner and the NRC overlooked these ten warning signals, thus setting the stage for the accident. Such tolerance of unacceptable performance persists. The three reactors at the Millstone nuclear plant and the two reactors at the Salem nuclear plant generated about as many warning signals as electricity from the early 1990s until 1995, when external factors forced the NRC to compel them to be shut down. It took more than two years for the plant owners to repair all the safety deficiencies and restart the reactors. Right now, five of the nation's 104 operating nuclear plants languish in extended outages because their owners placed production ahead of safety--and the NRC merely watched. The NRC's role must change from spectator to regulator.

The National Council of Teachers of English presented the Nuclear Regulatory Commission with its Doublespeak Award in 1979 for "a whole lexicon and jargon and euphemisms" that downplayed the dangers of nuclear accidents. Things haven't changed much in twenty years. The NRC refers to fires as "rapid oxidations," to explosions as "over-pressurization events," and to unwanted holes in piping and walls as "degraded barrier integrity." That is, the NRC uses these terms when they aren't using acronyms like "ECCS," "SALP," "RAI," "DET," and "LER" or using numerical codes like "50.59," "50.72," and "2.206." Its seems that the agency does not want to relinquish the award.

Lessons Learned -- But More Homework is Needed

Training programs for nuclear plant workers have substantially improved as a result of the accident. About 15 to 20 percent of the operators' time is spent in training programs. In addition, the focus of the training has been shifted from reacting to what they think has happened to evaluating plant conditions and taking actions to protect the integrity of the barriers. This new approach is intended to prevent "tunnel vision" and has functioned well, as in the case of the tornado striking the Davis-Besse plant in Ohio last June. When in-plant electrical systems malfunctioned after the tornado knocked down transmission lines, the operators acted quickly to restore vital safety equipment.

While considerable progress has been made, continued vigilance is needed. In March 1987, the NRC ordered the Peach Bottom nuclear plant outside Philadelphia to be shut down after its inspectors found the operators and supervisors asleep in the control room. This past December, the NRC reported that its inspectors found that operators at the Donald C. Cook nuclear plant in Michigan had made 123 phone calls to a sports and information hotline from within the control room over a four-month period in 1997. There have also been numerous reports of workers cheating on their qualification exams. And finally, the well-trained and well-rested operators at the Haddam Neck nuclear plant in Connecticut were forced to abandon the control room after a worker inadvertently triggered the release of Halon gas by taking a picture. The camera's flash tricked the fire detector's infrared sensor into thinking there was a fire. The Halon gas discharge forced the operators out of the control room because it dropped the oxygen level. The operators peered through a window into the control room. When they saw an alarm light, an operator would take a deep breath and rush in to take the required actions, then rush back out. So while it is commendable that training programs have been improved, they are effective only when operators are awake, not distracted on personal business, and inside the control room.

The Three Mile Island accident prompted upgrades to emergency-response capabilities. Now, a team of workers is assembled at the site within an hour after an emergency situation is declared. This team consists of representatives from operations, engineering, maintenance, radiological protection, and other plant departments. The team evaluates plant and offsite conditions and its leader assumes responsibility for directing the plant's response. This team is supplemented by two additional teams as conditions require. One team is tasked with making emergency repairs to equipment and taking other manual actions in the plant. The other team serves as the interface between the plant and external organizations like reactor and component manufacturers, state agencies, and the media.

Emergency preparedness has also been upgraded since the accident. Large-scale emergency drills are conducted periodically, putting plant workers along with state and federal officials through simulated nuclear accidents. These exercises test the flow of information and the process for making decisions about recommending sheltering and evacuations of the affected populace. There's still room for improvement. In April 1997, the NRC heavily criticized the owners of Three Mile Island Unit 1 for poor performance during its annual emergency plan exercise. A general emergency had not been declared when plant conditions warranted that call. Such serious problems at the one nuclear facility on the planet that should have an exemplary emergency-response capability does not instill much confidence in the quality of the programs at other nuclear plants.

As with most things nuclear, there have been emergency-preparedness controversies. Most notably, concerns by county and state governments about evacuating a large population from a transportation bottleneck ultimately led to the Shoreham nuclear plant on Long Island being closed after it was built, but before becoming operational. Costing over $5 billion, it is easily the most expensive electricity never generated. Similar concerns persist because portions of Long Island are within the evacuation zone for the Millstone nuclear plant in Connecticut.

Shortly after the accident, the nuclear industry created the Institute for Nuclear Power Operations (INPO) to function as a peer watchdog. Among other duties, INPO accredits the training programs for nuclear plant operators, maintains a computer network for reporting problems, and performs periodic assessments of plant performance. Curiously, the insurance industry uses the INPO plant assessments, and not those of the NRC, when setting its premium rates. The INPO's assessment reports are among the most closely guarded secrets in the nuclear industry.

Another closely guarded secret is why INPO continually fails to stem declining performance before lengthy plant shutdowns are required. INPO's stated goal is operational excellence at nuclear plants. During 1997, nine nuclear plants failed to generate a watt of electricity because they were closed for safety repairs. Today, four nuclear plants have been shut down for over a year for repairs. While four is better than nine, four is still too many. INPO's role as an industry peer group must become more effective.

Back to the Future

Anniversary retrospectives are a time for looking back at events with full benefit of hindsight. For safety's sake, the TMI accident anniversary needs to include some foresight. Specifically, the nuclear industry and the NRC must do the following:

1. Develop risk studies based on all information, not just a convenient subset of data. The NRC is moving towards risk-informed regulatory practices. However, as the United States General Accounting Office (GAO) testified to the US Senate just last month, the NRC currently does not have assurance that the plant information used in the risk studies is complete and accurate. The faults in the risk studies must be fixed.
   
   
2. Respond quickly to warning signs, instead of waiting for problems to avalanche into disaster. The Salem nuclear plant in New Jersey was shut down from 1995 to 1997 while its owner made extensive safety repairs. The NRC had a list of 47 items that it wanted to be fixed before the plant restarted. The GAO examined the NRC's list and found that Salem was operating in 1995 with at least 42 of these problems. The GAO asked the NRC how, if these safety problems were so serious that Salem could not restart without fixing them, the plant could have been safe when it was operating with these problems. The GAO concluded that the NRC does not have a definition for safety margin and is therefore unable to determine when declining safety performance at any nuclear power plant warrants a shutdown.
   
   
3. Communicate openly--without technical jargon and acronyms--with the public on nuclear safety matters. The NRC uses ill-defined terms, like "adequate protection" and "substantial compliance" when talking to the public about LOCA, PRA, and SALP information. The agency must stop the obfuscation and communicate to the public in plain English.
   
   
4. Remain aggressively vigilant to prevent complacency from eroding safety margins. Nuclear power plants are aging. History teaches us that products are particularly prone to failure early in their lifetimes (i.e., the break-in phase) and late in life (i.e., the wear-out phase). The TMI accident occurred on the plant's first birthday. So we have had a nuclear accident during the break-in phase. NRC vigilance is needed to guard against an accident in the wear-out phase that the nuclear plants are now facing.

Unless these reasonable steps are taken, it may only be a matter of time before there's another reactor accident, perhaps with even more serious consequences than Three Mile Island.