I think about Passive Safety all the time, so I want you to think about it for a few minutes by reading something I sorta remember about nuclear power plants

8-minute read

Passive Safety

reactor_image
Hey, this is going to be fun, but you are probably wondering how much you can skip. Once you lose interest, jump down to the next section and you will be fine.

CORRECTION: I have received feedback that this is not fun at all. There is no narrative or amusement. It is more of an exposition about passive safety. You have been warned.

I’m going to share with you a fun1 anecdote2 about nuclear3 power. The point is to actually talk about passive safety in normal life, it isn’t about nuclear safety at all. Everything mentioned here has long been solved 1000 times over in far better ways in generation IV reactor designs4. I’m not going to fact check myself and look it up because I don’t want to find out this story is wrong then need to get a new story5. If you aren’t a nuclear engineer, then you probably won’t use this story to misbuild a fission reactor, so the world will probably be ok. I’m also pretty sure there are few enough nuclear engineers out there that I can just manually delete their hate mail or create a gmail rule to trash any message with the word “fuel rod” for a few months and be fine.

Here we go!

In times long ago, before the internet existed, there were people who didn’t hate nuclear energy and thought it was worth spending their lives studying. It turns out that the basic physics behind fission power plants and nuclear weapons are pretty easily explained over a beer or two. The hard part is all the engineering required to do that basic physics well6. Fissile material (like Uranium 235) can randomly fission releasing energy and a fast moving neutron. If that neutron collides with another U-235 then that one can fission too. Smush enough U-235 together and blah blah blah chain reaction etc. Tricky old man physics has a surprise though: the fast neutron is too fast for reasons you don’t care about. But if you add a moderator that slows down the neutron as it passes through then it can be a really nice speed when it finds the next U-235 and then blah blah blah chain reaction again. Alternately, a control rod that absorbs neutrons can slow down or stop the chain reaction all together.

So, that should be enough to talk about safety. Back in the dark times before athleisure, inserting control rods was the solution to safely control the chain reaction7. But Chernobyl8 happened and people binged the miniseries on HBO so we know that one of the many things that went wrong was the control rods getting jammed halfway down.

Passive Safety in fission power plants

Inserting control rods is not a passively safe design for a nuclear power plant. Everything here is oversimplified so I’m going to summarize it as “I hope these rods don’t get left in or stuck and allow the reaction to run out of control”. In other words, it is active safety because something has to be done for the safety part to happen.

But there are modern reactor designs that take advantage of water as a moderator for a passively safe design for a nuclear power plant. The fuel rods need to be in water for the reaction to continue9 and the water cools the fuel rods so they don’t overheat. If the core starts to overheat and the water turns to steam the reaction slows down10. They rely on the concept of “if we need humans to not make mistakes so that this system stays safe then this system is not safe”. There are student reactors that are passively safe enough that even an evil nuclear engineer (or a hungover undergrad) with freedom in the control room couldn’t do anything worse than shut everything off safely.

Skip here to avoid all physics/engineering

I think passive safety is great. My goal is passive safety as the default for everything. This translates to three specifics:

When designing anything, try to identify all the ways that people making mistakes could cause something bad to happen. You may not be able to think of everything, which is unfortunate because you or someone may get blamed when the chaos of the real world finds something you missed.
Next, find ways to make the system safe even when those mistakes happen Finally, evaluate the effort involved to implement those safeties vs the damage a mistake could cause and the likelihood the safety will be needed

I get it, if you are an engineer and/or you are thinking about production code right now you should be yawning. In your technical work you probably are already doing this and you are also considering so many ways unexpected non-human events could need to be mitigated as well11.

No, I’m talking about people and life.

If you manage a team, then you should know your people and always be thinking about their strengths and weaknesses. That also means knowing when they could make mistakes. Whether it is because they are stretching for a new skill or struggling with a fundamental, you should be identifying potential mistakes that could have consequences, finding ways to make it ok if those mistakes happen, then implementing safeguards.

If you are looking out for yourself at work, then you should be thinking about any way you could be exposed to risk. At a swing for the fences startup? Then you had better be developing transferable skills. Working on a new project from your manager that is supposed to be easy? That is a red flag that usually means the hardest parts haven’t been identified yet, so start finding all the ways it could go off the rails early and try to mitigate. The point isn’t these hand wavy example solutions. It is to start identifying opportunities for passive safety everywhere in your life.

Bringing a friend to a party? Setting down an object? Asking someone to edit your presentation? Planning a trip? Calling your mom? Posting on Instagram? Picking up an object? Petting a dog?

Oh, woah, writing a blog post? Yes, I have been thinking about anything I or others could do to make this go horribly wrong and I’ve been attempting to mitigate. Next up is learning to do that with fewer words and footnotes.

One last bit of nuclear engineering

That general “passive safety in fission reactors” story has stuck with me since I first learned it long ago in undergrad. Certainly long enough that I forgot many of the actual details and needed some help getting them reasonably close to correct12. As presented it is still simplified to try to get to the point faster. Maybe it will stick with you too!

In reality, there is a pretty neat passive safety design for control rods where they are secured by electromagnets, so in a power loss event they should automatically drop into the place and scram13 the reactor. But seems like with the cascade of problems at Chernobyl this wouldn’t have helped. Also, though Three Mile Island had nice designs to automatically safely halt the nuclear chain reaction, it was everything else that went wrong that made that event famous.

I know, shocking, who would have thought nuclear engineering would be too complicated to include in a blog post.

  1. Maybe ↩︎

  2. I have been informed that in no way is this description of reactor design differences an anecdote. It is just a collection of poorly chosen words. ↩︎

  3. Fission ↩︎

  4. Gen4 reactors are super cool, even the fuel rods are passively safe, once you get excited about passive safety go read about those ↩︎

  5. This is already a lie. First draft was about as wrong as you would expect when trying to write about a complex topic from memory that I learned 20 years ago. It is now less wrong. ↩︎

  6. I’m starting to feel guilty, nuclear physicists and engineers are really taking an undeserved beating in this article. ↩︎

  7. This is just one safety measure of many, but I know I’m pushing the limits of your interest already. ↩︎

  8. There are just so many reasons behind what happened in Chernobyl that are not even remotely related to this post. Probably read a book about it if you want to learn those. ↩︎

  9. ok I know I said you could skip to here, but don’t get mad at me if you don’t know all the details of what is going on if you didn’t read all those extra words above. ↩︎

  10. Yes, Three Mile Island had a partial meltdown even with water as a moderator. In the past decades research on nuclear engineering has created way better/safer reactors that account for more things that could go wrong. Maybe focus less on trying to gotcha me on the details and focus more on “what is the point of this” ↩︎

  11. Or, wow, if you think that production code shouldn’t be passively safe even when the effort to implement is low and the risk is high then please hit me up. You probably have an interesting perspective I’m missing ↩︎

  12. Thanks to Rob Pridham for taking time on his weekend to get me back on track, though any remaining errors are certainly my own ↩︎

  13. I feel a tiny bit less bad about getting details wrong here since so much of nuclear history is half remembered legends. Who doesn’t love the story that scram is an acronym based on the design that there was a guy with an axe who would cut a rope to drop the control rods if things went wrong. Last I heard scram is just related to the idea that if the reactor really needs to be shut down urgently everyone should scram, which is also kinda fun, but has no axe ↩︎