1、AUTOMATION CAN PREVENT THE NEXT FUKUSHIMAAUTOMATION CAN PREVENT THE NEXT FUKUSHIMA By Bla LiptkCopyright 2014 International Society of Automation 67 T .W . Alexander Drive P .O. Box 12277 Research T riangle Park, NC 27709 All rights reserved. Printed in the United States of America. 10 9 8 7 6 5 4 3
2、 2 1 ISBN: 978-0-876640-17-3 No part of this work may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the publisher. Notice The information presented in this
3、 publication is for the general education of the reader. Because neither the author nor the publisher has any control over the use of the information by the reader, both the author and the publisher disclaim any and all liability of any kind arising out of such use. The reader is expected to exercis
4、e sound professional judgment in using any of the information presented in a particular application. Additionally, neither the author nor the publisher have investigated or considered the affect of any patents on the ability of the reader to use any of the information in a particular application. Th
5、e reader is responsible for reviewing any possible patents that may effect any particular use of the information presented. Any references to commercial products in the work are cited as examples only. Neither the author nor the publisher endorses any referenced commercial product. Any trademarks or
6、 tradenames referenced belong to the respective owner of the mark or name. Neither the author nor the publisher makes any representation regarding the availability of any referenced commercial product at any time. The manufacturers instructions on use of any commercial product must be followed at al
7、l times, even if in conflict with the information in this publication. Library of Congress Cataloging-in-Publication in processWe do not know when and how mankind will convert to a sustainable lifestyle, but we do know that during this transition period, the traditional energy sources will still be
8、needed, and therefore, we must improve their safety. I wrote this book to show that the accidents at Three Mile Island, Chernobyl, and Fukushima could all have been prevented if these plants were provided with fully automated SIS safety controls. We should remember also that the average age of the 4
9、38 nuclear power plants 1in operation is 29 years, and that not many cars of that age are on the road today. It is for that reason that in this age of cyber-terrorism, it is not a question of if, but only of when the next Fukushima will occur! This book shows that the accumulated, collective knowled
10、ge of the automation profession can prevent most of these accidents. Bla Liptk 1 As of January 2013, there were 438 commercial nuclear power reactors operating in 31 countries, having a total capacity of 413 GW. In addition, 56 countries operate a total of about 240 research reac- tors, and nuclear
11、reactors also power some 150 ships and submarines.vii PREFACE xiii INTRODUCTION xvReading Material xvi CHAPTER 1: NUCLEAR POWER GENERATION . 11.1 HISTORY .11.2 ENERGY FROM SPLITTING ATOMS 51.2.1 The Fission of Uranium-235 .61.2.2 The Moderation of Fast Neutrons 81.2.3 Fission, Isotopes and Nuclear F
12、uels .9 1.2.4 Controlling the Reactor .111.3 POWER PLANT DESIGN VARIATIONS 121.3.1 Boiling Water Reactors (BWR). .141.3.2 Emergency Core Cooling System 17 1.3.3 BWR Pressure T ransients . 18 1.3.4 Pressurized Water Reactors (PWR) 18 1.4 NUCLEAR WASTE STORAGE AND DISPOSAL .211.4.1 Types of Nuclear Wa
13、stes 211.4.2 Reprocessing of Nuclear Wastes .221.4.3 Temporary Storage . 221.4.4 Decommissioning .241.4.5 T ransportation .241.4.6 Permanent Disposal .251.4.7 Reading Material .26 CHAPTER 2: SAFETY AUTOMATION INSTRUMENTS 272.1 THE TOOLS OF SAFETY 282.1.1 Redundancy, Backup, and Self-Diagnostics .282
14、.1.2 Data T ransmission .29 2.1.3 Digital T ransmission and Smart T ransmitters .32 CONTENTS viii2.2 LEVEL MEASUREMENT .342.2.1 Unreliable D/P Level Measurement .35 2.2.2 The Fukushima Design 38 2.2.3 Obtaining Reliable Ex-Core Level Measurement.392.2.4 Thermal Ex-Core Level Measurement 422.2.5 In-C
15、ore Level Measurement 452.2.6 Newer Developments in In-Core Level Measurement.472.2.7 Reading Material .472.3 RADIATION AND NEUTRON DETECTORS .502.3.1 Radiation Exposure .502.3.2 Radiation Monitoring .52 2.3.3 Personal Dosimeters 532.3.4 Portable Radiation Detectors .552.3.5 Ionization Chambers .56
16、2.3.6 Neutron Detectors 582.3.7 Scintillation Neutron Detectors . 59 2.3.8 Geiger-Mller T ubes 612.3.9 Reading Material .622.4 REACTOR POWER MEASUREMENT .652.4.1 Measuring Fission Power by Neutron Flux Detection 662.4.2 In-Core Flux Detectors .672.4.3 Total Fission Rate of the Reactor .682.4.4 Therm
17、al Power Measurement 69 2.4.5 Maximum Operating Thermal Power .702.4.6 Measurement Uncertainty Recapture 702.4.7 Reading Material .702.5 FLOW MEASUREMENT .712.5.1 Flow Units 732.5.2 Specifying the Required Accuracy 732.5.3 Temperature and Pressure Effects 772.5.4 Rangeability and Automatic Range Swi
18、tching .792.5.5 The Reynolds Number 80ix2.5.6 Head Type Flowmeters .822.5.7 Orifice Plate .862.5.8 Elbow T aps 902.5.9 Magnetic Flowmeters . 92 2.5.10 Coriolis Mass Flowmeters .98 2.5.11 Pitot T ubes .1002.5.12 Ultrasonic Flowmeters .1022.5.13 Venturi T ubes .1062.5.14 Flow T ubes .1082.5.15 Flow No
19、zzles 1112.5.16 Vortex Shedding and Swirl Meters .1122.5.17 Flowmeter Calibration and Maintenance .1152.5.18 Operating Energy Costs .1162.5.19 Comparing the Relative Merits of Flowmeters .1192.5.20 Reading Material1222.6 TEMPERATURE MEASUREMENT 1242.6.1 Resistance Temperature Detectors .1262.6.2 The
20、rmocouples .1312.6.3 Fiber Optic Thermometers .1372.6.4 Ultrasonic Thermometers .1392.6.5 Reading Material1412.7 PRESSURE MEASUREMENT1432.7.1 Pressure Gauges and T ransmitters .1442.7 2 Differential Pressure T ransmitters .1512.7.3 Electronic Pressure Sensors 1532.7.4 Optical T ransducers .1592.7.5
21、Reading Material1602.8 HYDROGEN DETECTION 1612.8.1 Catalytic Combustion Type Sensors .162 2.8.2 Solid-State Hydrogen Detectors .167 2.8.3 Reading Material1692.9 STEAM QUALITY (DRYNESS) MONITORING 1712.9.1 Throttling Calorimeter and Other Methods .1732.9.2 Reading Material175x2.10 PRESSURE RELIEF SYS
22、TEMS AND DEVICES 1752.10.1 Steam Pressure Relief .1772.10.2 Containment Structure Protection .1822.10.3 Conventional Pressure Relief Valves . 184 2.10.4 Pilot Operated Relief Valves . 191 2.10.5 PRV Specification Form .1952.10.6 Rupture Discs 1972.10.7 Reading Material200 CHAPTER 3: HOW AUTOMATION W
23、OULD HAVE PREVENTED THREE MILE ISLAND, CHERNOBYL, AND FUKUSHIMA .2033.1 THE MAIN SAFETY CONCERNS 2033.1.1 Cyber-Terrorism 2053.2 THREE MILE ISLAND .2073.2.1 The Accident: Operator Errors .2103.2.2 The Role of the PORV 213 3.2.3 Further Operator Errors 2163.2.4 Conclusions 2173.2.4 Reading Material .
24、2183.3 CHERNOBYL .2213.3.1 The Process and the RBMK Reactor . 2223.3.2 Design Errors, Positive Void Coefficient 2253.3.3 Control Rod Design Errors .2263.3.4 Operator Errors .2273.3.5 Automation Would Have Prevented the Accident 2283.3.6 Conclusions 2303.3.7 Reading Material . 230 3.4 FUKUSHIMA 2323.
25、4.1 Unused “Time Windows”2353.4.2 The Chronology of Events .2373.4.3 The Approximate Layout of Unit 1 2403.4.4 Semi-Manual Controls. .2423.4.5 Unreliable Water Level Measurement 2443.4.6 Semi-Automatic Emergency Cooling System 2463.4.7 High Pressure Coolant Injection (HPCI) System .246xi3.4.8 Isolat
26、ion Condenser System Controls 2493.4.9 Unreliable Pressure Controls .2513.4.10 Unreliable Hydrogen Explosion Protection 2543.4.11 The Fukushima Disaster Was Preventable . 2563.4.12 Reading Material 259 CHAPTER 4: SUMMARY AND LESSONS TO LEARN 2634.1 General Design Requirements for Safety .2644.2 The
27、Future .2664.3 Conclusions .267 APPENDIX 269A-1 Definitions .269A-2 Acronyms and Abbreviations 285A-3 Organizations .289A-4 Conversion T ables 290Table A4-1 Conversion Among Flow Units. .290Table A4-2 Conversion Among Engineering Units 292 A-5 Steam T ables .303Table A5-1 Dry and Saturated Steam Tab
28、le .303Table A5-2 Superheated Steam Table 305A-6 Water T able 310T able A6-1 Water T able .310 A-7 Nuclear Power Plant Accidents .311Nuclear power plant accidents and incidents with multiple fatalities and/or more than US$100 million in property damage, 19522011 .311A-8 Nuclear Reactor Attacks 313Cy
29、ber-Attacks, Cybersecurity 313 INDEX 315 ABOUT THE AUTHOR . 331xiixiii The automation and process control profession is not much older than I am. I have spent my professional life striving to advance this new profession, which started with such simple contributions to our comfortable lifestyle as th
30、ermostats, and today operates unmanned drones in the air and robots on Mars. Over the years, I have automated the safe and efficient operation of hundreds of processes in a wide variety of industries and have shared the lessons I have learned with my colleagues in dozens of books and hundreds of art
31、icles. Over the decades, I have also designed many automatic emergency shutdown systems (ESD) for a variety of power plants, but besides a couple of consulting jobs, I did not work in the nuclear power industry. This changed with the Fukushima accident, because it prompted me to take a closer look a
32、t the practices of the nuclear power industry, and this book is the result of that investigation. I have spent nearly two years studying the design and operation of the Three Mile Island, Chernobyl, and Fukushima power plants. My goal was to determine if the nuclear power industry has learned to use
33、 automatic safety-instrumented systems (SIS) to maximize their safety, as did other industries over the past decades. I was surprised to see that it did not, that in many instances, the operators were allowed to override critical safety controls. While studying the information available in the publi
34、c domain and while digging for more, I was lucky to make contact with, and benefit from, the experience and opinions of such colleagues as Ritsuo Yoshioka, President of the Japan Functional Safety Laboratory, who has studied the Fukushima accident in great detail, and with others who were similarly
35、familiar with the events at Three Mile Island and Chernobyl. As a result, I feel comfortable to say that the Three Mile Island, Chernobyl, and Fukushima accidents could have been prevented 2if 2 Automation saves lives! Leaving safety solely in the hands of operators reduces safety, because ir- respo
36、nsible, panicked, or badly trained operators often make the wrong decisions. Recent non-nuclear accidents reinforce this recognition: Lives would have been saved at the BP accident, if the drilling platform was automatically disengaged from the well, or in the case of the Asiatic Jet accident, if la
37、nd- ing was automatically aborted when the jets speed dropped below its minimum safe limit. Similarly, in the Spanish train accident, 71 lives would have been saved, if the maximum speed of the train was automatically limited. One could go on with examples showing that manual operation can be unsafe
38、. PREFACExiv they were fully automated and if their equipment and ESD systems were up to the SIS of today. Even more important, I feel certain that accidents similar to these three will occur in the future, unless the nuclear power industry abandons its present semi- manual operating and accident pr
39、evention philosophy and replaces it with a fully automatic one. I have written this book to show how this conversion should take place. It should occur, not only when new plants are built, but also right now, in the 438 aging operating plants around the world, which are badly in need of updating. Af
40、ter all, the average age of all operating nuclear power plants is approaching 30 years, and most of us have better sense than to drive 30-year old vehicles. Yet, that is exactly what is being done when the operating license of such plants are extended for another 20 years without thoroughly updating
41、 them. xv While practicing process control for half a century, one of the key lessons I have learned is that one cannot safely control and automate a process unless one fully understands it and unless one realizes, that anything that can happen, will! Therefore, in Chapter 1after describing the hist
42、orical evolution of the nuclear power industryI will focus on describing the “personality” of the nuclear fission process and the differences between the basic reactor designs. This I will do not only for the benefit of those readers who do not work in the nuclear industries, but also for the benefi
43、t of experienced nuclear professionals, who might not be familiar with safety-oriented automation or might have spent their time focusing on just one aspect of the plants overall operation. Nuclear power plants will operate safely if two goals are met. The primary goal is guaranteeing cooling under
44、all conditions to prevent meltdowns, and the second is that if the effort to maintain cooling fails and meltdown starts, to prevent steam and hydrogen explosions by safely relieving the built-up pressure to the outside. Because meeting these two goals are key to nuclear power plant safety, in Chapte
45、r 2, I focus on describing the measurement and safety sensors that are essential for reliably monitoring the operating conditions in the plant and for triggering the automatic safety-instrumented system (SIS) safety interlocks that will prevent the meltdowns or explosions. Once the reader is provide
46、d with a clear understanding of both the “personality” of the process and of the tools available to monitor its safe operation, I will then describe in Chapter 3 the design of the Three Mile Island, Chernobyl, and Fukushima plants and the events leading up to their accidents. After describing the se
47、quence of events that took place at each, I will discuss the automatic safety systems that should have been provided to prevent them. After the above discussion, I will conclude the book by showing that the causes of these three accidents were not unique to just those three plants. I will show that
48、these potential accident causes are still present not only in the aging and still operating plants, but also in the designs of some of the new ones; therefore, INTRODUCTIONxvi it is essential to learn the lessons of these three accidents and to implement the specific corrections discussed in this bo
49、ok I have organized the contents of this book into these three chapters, because I would like to make my recommendations understandable to all readers, no matter what your background is. Naturally, those of my colleagues who are working in the nuclear power industry and who are fully familiar with both the safety concerns of that industry and with the various safety instruments and systems that are available to monitor and control them, can skip Chapters 1 and 2 and proceed directly to Chapter 3. In this last chapter, I give a detailed description of the Three Mile Island,
