> In January of 1974, after 60 person-years of effort, the Chair of the AEC reported to Congress that the odds of a significant meltdown were less than one in a million.
...Per what time frame? 1 in a million per year? 1 in a million per lifetime of the power plant? Something else? This number on its own is meaningless.
The chronology in this one is kind of spastic. We start in 1985, then jump to "the 70's and 80's", then '74, then 2011, then "the second event" in '77 which is eight years before the first event. I've basically lost track of where we are at any point in history.
On the other hand, cats are cute and rice is tasty. Thumbs up. How many I don't know; probably depends on what year it is.
The biggest risk factor is Human Error. Any model that hopes humans will not make errors at every opportunity will give excessively optimistic risk assessments.
The problem of keeping a hideously complex system like a nuclear reactor from failing catastrophically, killing lots of people, seems to me, a naïve observer, conceptually very similar to the problem of keeping a hideously complex system like an airliner from failing catastrophically, killing lots of people. A comparison of the two industries' approaches to safety--both theoretical and practical--might be useful. Are their methodologies similar? Is there anything the two industries could learn from each other? Are there major differences that necessitate different methods for each?
Interestingly, it seems that both industries have done very well overall at maintaining extremely high standards of safety and reliability--yet one has a commensurately stellar reputation, while the other has to deal with persistent, chronic public suspicion. What's the source of this difference? Is it a matter of a fundamental, ineradicable difference in public attitudes, or is there something about the air transport world's approach to public fear that the nuclear industry could learn from?
This is a strange review, because "Safe Enough?" naturally invites the rejoinder "Compared to What?" which the review never addresses. The standard narrative of nuclear power is that hysteria over nuclear risk was allowed to strangle the industry, creating more risk in society overall, from fossil fuels. I don't necessarily buy that narrative, but it's disappointing that we get nothing about the tradeoffs involved. Is that because the book doesn't discuss them, or because it's not interesting to the reviewer?
excellent review of safe enough: phase change possibility after a cascading event is an important insight ; erosion of culture is more imp than erosion of material, another powerful insight --learned a lot from a very well written book review, compliments to the author
>Had this incident been taken seriously, disaster at Three Mile Island would have been averted
In what sense does the actual outcome of Three Mile Island, with zero deaths, zero injuries and negligible environmental damage, *not* count as "averting disaster"?
> As a reminder, there are over 20,000 parts in a utility-scale plant
As someone who works in manufacturing drawing management, I can assure you with a high degree of confidence that this estimate is laughably low even for a 60s era plant. It might be an accurate estimate of "how many assemblies is the plant prepared to diagnose a problem down to"; presumably your nuclear techs don't disassemble sump pumps to diagnose which float switch or capacitor failed. But there are many, many more parts in your iphone, much less something at the scale of a nuclear plant.
a) probabilistic risk management is easy to understand
b) i'm really smart
c) this review is better-written in terms of per-word information conveyed than most things I read
d) some combination or other factors
Under (d) perhaps I'm just in some mood where everything seems meaningful and profound. And perhaps also the core points (probabilistic risk management) are very well suited to this substack's audience. But if it's not me, goddamn this is a well-written (effectively-written) review. I read several sections of it aloud to other people.
> Rasmussen delivered. In January of 1974, after 60 person-years of effort, the Chair of the AEC reported to Congress that the odds of a significant meltdown were less than one in a million. Congress and the public could rest assured that nuclear energy was far safer than comparable electrical generation methods such as coal, or a hydroelectric dam. The risks were astonishingly small, akin to getting hit by a meteor falling from the sky. Commissioner Ramey had nothing to worry about. The academics showed that nuclear energy was plenty safe enough.
Thing is, they were right. In the years since then, there have been exactly zero people killed by nuclear power plant accidents in America. For all the press attention it got, the Three Mile Island incident was incredibly minor; the radiation released into the environment was somewhere around half of what a typical coal power plant exposes people nearby to in one year... and that was it. The worst ever nuclear disaster in American history did no detectable harm to anybody.
> The plant managers at the time opted to avoid publicly visible upgrades, ironically because they feared that new safety measures would relay the unwanted message that nuclear power was untrustworthy.
I realize this is not much of a substantial comment, but... I really fricking hate that people keep doing this.
Hm, I'm surprised to read this and not find anything about the use of passive safety systems (https://en.wikipedia.org/wiki/Passive_nuclear_safety). My understanding is that these could have prevented basically all the big nuclear disasters, had they been around when the plants were built!
Looking it up, it seems like annoyingly passive nuclear safety systems are recent enough that (due to the giant slowdown in building nuclear reactors) few actual commercial reactors have been built with them. Annoying. If enough were built, they could maybe just replace the older less safe ones...
I enjoyed this review a lot. However, like other people mentioned, the lack of a true comparison to alternatives leaves me feeling unsatisfied. Based on a quick web search, it looks like particulate air pollution costs us about 7 million premature deaths per year. There are lots of variables, but consider that order of magnitude compared to what looks like 32 deaths from nuclear power, ever. Sure, there's the "evacuate Tokyo" style long tail, but eventually you have to try to convert that into an expected value, and I bet it's pretty low.
The description of Probabilistic Risk Assessment is fascinating, but ultimately it doesn't sound very... probabilistic? If every scenario is intended to have a probability of zero, you end up spending approximately an infinite amount of money, which is part of the reason why I still suspect that nuclear is more expensive than it needs to be.
Great review and a nice accessible primer on risk management in safety critical industries.
I do wish one point was driven in a little more boldly - probabilistic risk management is only as good as the team administering it. If your team is working with bad data, if your team isn't competent, or if management incentives distort the priority of maintenance work/budget - these are all failure modes that undermine the effectiveness of the methodology. I'm surprised that this wasn't covered in the Fukushima part!
I'm also curious about the regulatory landscape - what's binding the plant management to conduct the assessments and ensure that competent people are doing them? Who's reviewing your LOPAs (Layers of Protection Analysis) or mandating that you need to do them at all (or do the follow-up maintenance / improvement works)? Again, the methodology isn't cheap (monitoring and fixing every component is pretty pricey). If there is no license to operate tied to compliance, the management is basically free to ignore it. Not necessarily in the scope of the review but an interesting question nevertheless.
The problem I have with this entire area is that it is populated by rogues on all sides.
Radiation is the bugbear used by the anti-nuclear people:
Ignore the radiation from riding on planes, from nuclear testing, from mining, from burning and/or releasing fossil fuels, from natural gamma ray emissions on earth and from space etc etc. Ignore the deaths from nuclear as compared to literally all other energy sources. Ignore the carbon emissions (or lack thereof) from nuclear. It can release radiation! Boo!
It is perfectly fair to say that dismissing all radiation emission concerns/accident concerns is also ridiculous.
But ultimately, the true issue is being ignored. All sources of energy have tradeoffs vs. each other.
These tradeoffs are not being discussed even secondarily - carbon emissions or radiation vs. what any given society considers a priority.
Japan used a lot of nuclear because they literally have to import all their energy. They have no coal, no oil, no minerals to speak of, no natural gas, etc etc. The shutdown of all Japan's nuclear plants literally led to the return of oil burning electricity generation in Japan. Is that a win?
Massive installations of alternative energy electricity generation in Japan have not fixed their energy import problem; it has actually made it worse in conjunction with the nuclear shutdown. World Bank data shows Japan up to 2015 (its latest data) importing more energy than literally ever before as an overall percentage. EIA shows alternative energy providing all of 6% of Japan's energy supply even as the step up jumps in oil, natural gas and coal imports - pre 2011 vs. post 2011 still persist.
So is extremely expensive and carbon intensive Japanese imported energy worth the "safety"of nuclear plant shutdowns? That issue is not even in the discussion.
Well written but lost me early. "Nuclear energy is perhaps unique as a technology, in that no amount of experience seems to change society’s comfort with it. The topic is forever radioactive."
If it said: "society's discomfort", it would be not less true. (plus "no change" kinda contradicts the next sentence: "Wellock sets out to tell this history, how the US public went from nuclear-lovers in the 1960s to suspicious in the early 1970s, hostile in the 80s, and ambivalent today..")
Only at the end it is mentioned that all other energy-sources are killing people, and all kill more by kw/h produced. I assume, it is clear, that not having electricity would kill billions, soon and ugly.
While the deaths by nuclear energy turned out to be in the same ballpark as meteors, one digit per year on average.
2. Worse: I did not really learn anything about "Probabilistic Risk Assessment". Except that the author seem to argue we should instead imagine the worst possible "dragon king" and (without probability?) see how we feel about it? - "What if we assume the maximum cost of a nuclear event is not $1 trillion for the Fukushima we lived, but $10 trillion for the Fukushima we escaped?" - well, what if we assumed the 1 trillion is a hundred times overblown? The deadliest thing about it was the forced evacuation of elderly, resulting in premature deaths.
3 Cat on fire? Kidding? Hell there are a thousand more likely ways to have a fire in a furniture shop. The sane way is to install alarms. fire-fighting equipment and fast exits. Plus a competent fire department not too far. All that is done in real life. One lesson of Fukushima was: Have rescue measures ready. But there was no radiation proof robot/remote vehicle to get inside, let alone do something.
Massive forest fires are dangerous, therefore any sufficiently large forest is not safe enough and needs to be split into several small forests instead?
This review is vague in places, there is a kind of “hint, hint“ quality to it at times. For example, in the beginning it says that the nuclear industry was faced with a “crisis,” which apparently was caused by the lack of accidents at nuclear facilities, something vague about the civil rights movement, and something (what?) people would discover thanks to the freedom of information act. So what was the crisis exactly?
This book is probably harder to review than some of the others because it seems quite technical. I can’t tell whether the vagueness in the review is caused by the difficulty caused by this technical nature or by the reviewer’s own opinions, which he or she suggests at but doesn’t bring out into the open.
Or take this passage: “"Safe Enough?" was not written as a defense of the Nuclear Regulatory Commission's regimented style. But as an outsider reading about the math for the first time, it became clear to me that once the NRC chose to implement Probabilistic Risk Assessment, an intrusive bureaucracy became its destiny.”
Any regulatory agency or commission is, by definition, an intrusive bureaucracy. That is literally the whole point. So what does “an intrusive bureaucracy became its destiny“ mean?
If I was to sum up this review it would be “analysts can make models that calculate the probability of nuclear accidents, but that isn’t sufficient because maybe we should always be thinking about the worse case scenarios”. The problem with that is that if global warming is as bad as we are expected to believe, we don’t have the luxury of thinking about very unlikely nuclear accidents.
As far as I am aware, by the way, at least part of public wariness about nuclear power is based on the inaccurate idea that a nuclear power plant can blow up like a nuclear bomb.
Is the timing of this related to the ongoing rumors that Russia have physically implemented a plan to sabotage the biggest European fission power plant (specifically by blowing up its cooling pond) ?
And blowing up the cooling pond is still probably one of the least damaging ways to sabotage it ?
That someone (with nation-state levels of means, not talking about small fringe groups) would be willing to do that is likely to radically shift the public opinion against fission power !
I'm really angry at this point that Macron has *still* not done an emergency press-conference, Johnson-style, about how the reaction to this kind of sabotage would be the same as for the use of nuclear weapons.
(And think of the opportunity to show yourself as a defender of Mediterranean (and Black Sea) countries in general, and Turkey in particular ! But I guess it's like when he ignored both of the nuclear issues in early 2022, despite their centrality in the UKR-RUS conflict... I guess this is what happens when you basically decide to get rid of your diplomatic corps to the profit of a small, inexperienced team that you have full control over ?)
This review isn't clear enough to me on how that first report treated uncertainty : is the fact that it doesn't show up on the graph because :
- that was a propaganda operation deliberately misleading the public
- the scientists were incompetent
- and/or my assumption is wrong that if you would try to properly calculate uncertainty ranges across "cascade events" like these you are going to end up with ridiculously wide ranges for them ?
Another minor annoyance of mine is the improper use of units :
"triple the GDP of" should be instead "three years worth of (time interval X-Y) GDP".
(Also GDP hasn't been a good indicator of "wealth" for like half a century, but that's another issue...)
I was a licensed reactor operator in the late 70’s. What I remember was the NRC analysis saying that the “maximum credible accident” would cause 0.1 % fuel rod damage. At Three Mile Island the fuel rod damage was an order of magnitude higher. So much for “science”.
Clearly the industries and its apologist were full of shit. Unfortunately we still need energy and fossil fuels are a suicide pact. Thank goodness that solar and wind seem to the answer. (Oh, and in 20 years in the future there will be fusion of course)
I seriously doubt that in a worst case Fukushima event evacuation of Tokyo would have been NECESSARY (i.e. a significant portion of the inhabitants would have experienced severe radiation sickness or death if left in place).
I think we would merely have CHOSEN to evacuate based on current exposure limits which is the problem in the first place. Btw. this same attitude also killed a bunch of people in the real Fukushima event as the evacuation proved way more lethal than the radiation.
Does anyone know the actual predicted does rate in Tokyo this claim is based on?
One important factor in understanding the switch to probabilistic risk assessment is that back when it was introduced US power was run as a series of regulated monopolies allowed to set their rates to profit at a cost-plus basis. In circumstances like that there's always a temptation to increase one's costs as much as possible, since a 10% profit on $10 billion in costs is more than a 10% profit on $1 billion. So the regulators always have to be looking at the proposed safety schemes the utlities are coming up with and saying "nice try" when PG&E comes to them with a plan to bury all their power lines or something.
But with nuclear the power companies saw a chance to get laws enacted which would drastically raise their cost structure, allowing them to legally raise their rates and profit more. So you had a sort of bootleggers and baptists coalition in favor of applying unprecedented safely regulations to nuclear power, aiming not just to reach a certain level of safety but to make it as safe as possible.
I remember reading some article, where cost-efficiency of safety in some industry was highly unfavorably compared to that of nuclear-powered aircraft carriers, "staffed by lightly-trained 18-year olds". Nuclear power usage by the military does seem to be unusually competent, despite presumably being pretty challenging, and rarely ever does anybody pay attention to it.
"The Tokyo metro area has a GDP roughly twice the Paris metro area, so a $10 trillion estimate is not nuts, though truthfully the people of Japan might simply decide to just live with the fallout rather than pay that figure."
So the figure actually is NOT $10 trillion but just a small readjustment in life expectancy.
Great review. This raises a question for me. Does anyone know if hurricanes are cascades? I.e., is there any theoretical reason that a hurricane couldn't have winds of 500 or 1000 mph?
The problem with traditional designs like the LWR and BWR is that they don't fail safe if the cooling system fails. After shutdown, you end up with too much excess heat that can't be dissipated without an ACTIVE cooling system that needs to run for a few hours, or maybe a day or two for the biggest plants.
That's it -- that's the engineering problem that needs to be solved.
You can't fix this with layers of bureaucracy, complex mathematical modelling, or lots and lots of redundancy. That's the lesson of Fukushima and Three Mile Island.
The curve in the Rasmussen Report suggesting that the dangers of nuclear power are on par with meteor strikes seems like bullshit to me. If your model says that the death due to nuclear power per year are effectively nil, then it might be a good idea to consider how confident you are that your model captures reality correctly in the relevant parts. If you allow even a modest 1% chance that non-modeled conditions cause a big accident, then that part will simply dominate your estimates. [0]
---
> There are about 40,000 generations of neutrons every second.
That is 25us, which is less than a thermal neutron would need to diffuse from the moderator to the fuel. The number is correct (for light water reactors) because a significant fraction of fission events are caused by not-quite thermalized neutrons. [1]
> The known speed of these feedback loops is probably a source some of the public’s hesitation around nuclear energy - one of the public’s Bayesian priors, if you like to frame it in terms of logic.
That is utterly wrong. I don't think we could implement a control rod reacting within 25us. The reason why we can control nuclear reactions at all is that there are two groups of neutrons:
* prompt neutrons are emitted when the fission happens, and make up more than 98% of the neutrons
* delayed neutrons are emitted some time after the fission, the emission half-life is on the order of 0.2-60s.
A situation in which the prompt neutrons alone can further the chain reaction is called prompt criticality. Anyone who runs a reactor into prompt criticality is going to have a bad day. In general, nuclear reactors make rather poor nuclear bombs (where the neutron generation time is much shorter, likely less than a nanosecond), but depending on the particulars of your reactor (void coefficient) you may generate enough energy to blow up containment before something decreases your reactivity.
The correct way to run a reactor is to avoid prompt criticality. Instead, you rely on the ~1-2% delayed neutrons to get to neutron multiplication factor of one per generation. The delayed neutrons react on a time scale which is long enough that you can compensate with your control rods during normal operation.
---
Footnotes
[0] Also, I think using impact events as a baseline for "least threatening" is kind of rich. Impacts may kill much less individuals than tsunamis, but they can take out species. If I was one of the 75% of species wiped out in the KT impact, I would not not just be sad at the lives lost directly, but also at the glorious Cretaceous being cut short, preventing many generations of my species from existing.
A good review, which explains why caution around nuclear power isn't just ecohippy nonsense, and why it is a good resource if we are careful how we operate it.
I think it’s popular to take a stance (which I also endorse to some extent) that abbreviates to “the environmentalist movement did more harm than good by not embracing nuclear”.
I think there are some potential flaws in this position though. As a statement at Simulacrum Level 1 (objective claims about the world [1]) it’s true as far as I can tell.
However it seems perhaps naive considering Simulacrum Level 3 (honest statements about political/social coalitions). I suspect there was not a stable political coalition that could have formed in the 50s-70s around “environmentalism + nuclear”. One could hypothesize a “homo rationalis” that just evaluates the evidence and decides it’s good policy to invest in both renewable energy and nuclear as a transition off fossil fuels. But in practice what actually builds a movement/community is uniting around a common cause, and I’m not convinced that there was actually a story to weave those two communities together; nuclear power post-war seems to have been a techno-futurist high-modernist optimistic movement, and environmentalism more of a doomer anti-technology/development vibe (not trying to strawman / deprecate here, meaning these in neutral sense). So given that I struggle to see a path to a stable, strong, cohesive “pro nuclear environmentalist” movement actually forming at the same level of engagement as our current environmentalist movement.
I am aware there are pro-nuclear environmentalists it just seems a somewhat niche/nuanced position to take, and not something you can fit on a bumper sticker, which suggests to me it’s not memetically viable in the same way as our current environmentalism.
Another point in defense of the environmentalists - their “no nuclear / all renewable” vision was in fact cohesive and sufficient to solve the problem of climate change. If we had actually ended the massive government subsidies for fossil fuels and instead pushed them into renewables, we’d have reached our present point on the technology learning curve many years ago.
My opinion is that nuclear built 10-20 years ago would have been the optimal path, but from where we are now solar and wind look so cheap that I struggle to find nuclear worth the indigestion. There was a lot of doubt that a mostly-renewable energy mix wouldn’t work, batteries/storage too expensive, etc., and it now seems that all-renewable is more viable than we previously forecasted [2],[3]. Given our inability to do any major construction projects in the US on time and on budget, large scale nuclear just doesn’t realistically synergies with our current capabilities.
Is it deeply difficult to design a plant that turns itself off by default unless active measures are maintained by workers to keep it on? I know that molten salt designs use an actively cooled ice plug that automatically drains the reactor if there are failures. Do Gen 4 water reactors still have these problems?
Spitballing here since I’m out of my depth, but a simpler solution for the first kind of errors (not those caused by tsunamis), is to keep organizing small incidents in your nuclear power plant every year instead of probabilistic risk assessment which is killing the industry by miring it in bureaucracy. In software, you regularly manually switch off servers, kill connections to stress test your system and check if the engineers are prepared to handle these issues. I suppose something similar can be done for nuclear power, start a fire randomly through the year to ensure engineers are prepared and ready to do what’s needed. I know the navy does similar drills.
Interesting review. I completed my doctorate in nuclear engineering, focused on the safety aspects of one particular reactor design, and yet this is the first I've read about when PRA became king.
That being said, I think this review gives too much credit to both the cost of PRA and the competence of the NRC. While I'm sure that PRA greatly increases the design and cert costs of new reactors, I don't believe it's responsible for us choosing to build reactors with the QC requirements - and thus cost - of space ships. Nor is it responsible for the NRC requiring that the PRA analysis must report that the reactor will kill negative one people - as opposed to perhaps 10 or 20 - over its lifetime.
And speaking of the NRC, right now they are going to universities and asking for help to determine whether the NRC itself has the competence and tools to even evaluate a new reactor design.
I wish there was a dislike button. It's a great pity to see this blog associated with the misinformation in this post, though I appreciate the open book review contest format and freedom of speech, etc. Perhaps Scott should add disclaimers highlighting any dangerously misleading claims made in book reviews?
To address this specific case, there is no possible world where the Fukushima accident could have led to Tokyo needing evacuation. It's the kind of claim that is great for making Neflix 'documentaries' more exciting but doesn't really deserve much attention in the real world.
In comparison to the efforts to make nuclear energy safe, how many man-hours are spent making sure viral research labs don't have a "cat on fire" incident?
If the bio labs are safe enough, and given the risk-reward comparison between them and nuclear power, I don't see any reason why Homer Simpson shouldn't be a nuclear engineer.
I hate this one. Extremely irritating the way it tries to anticipate or manipulate my emotional reaction to a fact, and completely fuck it up every time.
"A coarsely cynical reader might thus expect Wellock to sidestep damning details of nuclear risk at the behest of his employer."
No, why would I think that? What bureaucrat has ever tried to sidestep the details of the thing that keeps him employed?
I think the real missing piece of a discussion of nuclear power plant regulation is why the extremely high level of safety prioritisation isn't applied more universally - Prioritising safety may be rational, but if so it would be rational to do it much more uniformly, and one doesn't see anything like this culture applied to dams or to coal power plants or to heavy industries, despite almost all of those being statistically more dangerous than nuclear power.
This review so utterly failed the ideological Turing test that I couldn't read it through.
The last sentence I read was: “There are about 40,000 generations of neutrons every second” : there is no unit of time, no unit of weight, nothing to compare this data to. The only thing that I can do with this number is to be scared.
TL;DR: the first lie is that a nuclear release can't happen. That's obviously false. The second is that such a release would be catastrophic. This too is false (read the linked article to find out why).
All these silly anecdotes about reactor plant operators rushing about are entirely irrelevant. The fact is that nuclear meltdowns despite the scary names tend to be rather benign events when compared to the range of industrial disasters that people regularly put up with. And for a good reason: the benefits far outweigh the (possible) harms.
"Excessive concern about low levels of radiation led to a regulatory standard known as ALARA: As Low As Reasonably Achievable. What defines “reasonable”? It is an ever-tightening standard. As long as the costs of nuclear plant construction and operation are in the ballpark of other modes of power, then they are reasonable.
This might seem like a sensible approach, until you realize that it eliminates, by definition, any chance for nuclear power to be cheaper than its competition. Nuclear can‘t even innovate its way out of this predicament: under ALARA, any technology, any operational improvement, anything that reduces costs, simply gives the regulator more room and more excuse to push for more stringent safety requirements, until the cost once again rises to make nuclear just a bit more expensive than everything else. Actually, it‘s worse than that: it essentially says that if nuclear becomes cheap, then the regulators have not done their job."
"A plot from the Rasmussen Report estimating the likelihood of deaths from nuclear power as orders of magnitude less probable than dying from common natural disasters, closer to being killed by a meteor. There have been no known meteor deaths since this curve was published in 1974, though there is historical evidence that this is not impossible!"
Then, disappointingly, no discussion of deaths from nuclear power generation radiation since 1974.
I'm pretty surprised this review made the finalists. The author has a couple of sentences that mention the safety of other energy generation but the comparative safety of nuclear vs. other is clearly the main determinant of whether nuclear is "safe enough." Every analysis I've seen indicates nuclear is far safer than any other major energy generation technology and that it has been obviously safer than any competing technology for decades now.
> In January of 1974, after 60 person-years of effort, the Chair of the AEC reported to Congress that the odds of a significant meltdown were less than one in a million.
...Per what time frame? 1 in a million per year? 1 in a million per lifetime of the power plant? Something else? This number on its own is meaningless.
> A neutron colliding with an unstable nuclear generates more neutrons
Typo, "nuclear" should be "nucleus".
The chronology in this one is kind of spastic. We start in 1985, then jump to "the 70's and 80's", then '74, then 2011, then "the second event" in '77 which is eight years before the first event. I've basically lost track of where we are at any point in history.
On the other hand, cats are cute and rice is tasty. Thumbs up. How many I don't know; probably depends on what year it is.
The biggest risk factor is Human Error. Any model that hopes humans will not make errors at every opportunity will give excessively optimistic risk assessments.
Was it not taughtthat you should not pay the people responsible for nuclear power plant safety a bonus based on financial performance?
The problem of keeping a hideously complex system like a nuclear reactor from failing catastrophically, killing lots of people, seems to me, a naïve observer, conceptually very similar to the problem of keeping a hideously complex system like an airliner from failing catastrophically, killing lots of people. A comparison of the two industries' approaches to safety--both theoretical and practical--might be useful. Are their methodologies similar? Is there anything the two industries could learn from each other? Are there major differences that necessitate different methods for each?
Interestingly, it seems that both industries have done very well overall at maintaining extremely high standards of safety and reliability--yet one has a commensurately stellar reputation, while the other has to deal with persistent, chronic public suspicion. What's the source of this difference? Is it a matter of a fundamental, ineradicable difference in public attitudes, or is there something about the air transport world's approach to public fear that the nuclear industry could learn from?
This is a strange review, because "Safe Enough?" naturally invites the rejoinder "Compared to What?" which the review never addresses. The standard narrative of nuclear power is that hysteria over nuclear risk was allowed to strangle the industry, creating more risk in society overall, from fossil fuels. I don't necessarily buy that narrative, but it's disappointing that we get nothing about the tradeoffs involved. Is that because the book doesn't discuss them, or because it's not interesting to the reviewer?
excellent review of safe enough: phase change possibility after a cascading event is an important insight ; erosion of culture is more imp than erosion of material, another powerful insight --learned a lot from a very well written book review, compliments to the author
>Had this incident been taken seriously, disaster at Three Mile Island would have been averted
In what sense does the actual outcome of Three Mile Island, with zero deaths, zero injuries and negligible environmental damage, *not* count as "averting disaster"?
> As a reminder, there are over 20,000 parts in a utility-scale plant
As someone who works in manufacturing drawing management, I can assure you with a high degree of confidence that this estimate is laughably low even for a 60s era plant. It might be an accurate estimate of "how many assemblies is the plant prepared to diagnose a problem down to"; presumably your nuclear techs don't disassemble sump pumps to diagnose which float switch or capacitor failed. But there are many, many more parts in your iphone, much less something at the scale of a nuclear plant.
I'm left wondering if
a) probabilistic risk management is easy to understand
b) i'm really smart
c) this review is better-written in terms of per-word information conveyed than most things I read
d) some combination or other factors
Under (d) perhaps I'm just in some mood where everything seems meaningful and profound. And perhaps also the core points (probabilistic risk management) are very well suited to this substack's audience. But if it's not me, goddamn this is a well-written (effectively-written) review. I read several sections of it aloud to other people.
> Rasmussen delivered. In January of 1974, after 60 person-years of effort, the Chair of the AEC reported to Congress that the odds of a significant meltdown were less than one in a million. Congress and the public could rest assured that nuclear energy was far safer than comparable electrical generation methods such as coal, or a hydroelectric dam. The risks were astonishingly small, akin to getting hit by a meteor falling from the sky. Commissioner Ramey had nothing to worry about. The academics showed that nuclear energy was plenty safe enough.
Thing is, they were right. In the years since then, there have been exactly zero people killed by nuclear power plant accidents in America. For all the press attention it got, the Three Mile Island incident was incredibly minor; the radiation released into the environment was somewhere around half of what a typical coal power plant exposes people nearby to in one year... and that was it. The worst ever nuclear disaster in American history did no detectable harm to anybody.
Not sure what the book is about but I know the reviewer is a typical nuclear power hater.
> The plant managers at the time opted to avoid publicly visible upgrades, ironically because they feared that new safety measures would relay the unwanted message that nuclear power was untrustworthy.
I realize this is not much of a substantial comment, but... I really fricking hate that people keep doing this.
Hm, I'm surprised to read this and not find anything about the use of passive safety systems (https://en.wikipedia.org/wiki/Passive_nuclear_safety). My understanding is that these could have prevented basically all the big nuclear disasters, had they been around when the plants were built!
Looking it up, it seems like annoyingly passive nuclear safety systems are recent enough that (due to the giant slowdown in building nuclear reactors) few actual commercial reactors have been built with them. Annoying. If enough were built, they could maybe just replace the older less safe ones...
I enjoyed this review a lot. However, like other people mentioned, the lack of a true comparison to alternatives leaves me feeling unsatisfied. Based on a quick web search, it looks like particulate air pollution costs us about 7 million premature deaths per year. There are lots of variables, but consider that order of magnitude compared to what looks like 32 deaths from nuclear power, ever. Sure, there's the "evacuate Tokyo" style long tail, but eventually you have to try to convert that into an expected value, and I bet it's pretty low.
The description of Probabilistic Risk Assessment is fascinating, but ultimately it doesn't sound very... probabilistic? If every scenario is intended to have a probability of zero, you end up spending approximately an infinite amount of money, which is part of the reason why I still suspect that nuclear is more expensive than it needs to be.
Great review and a nice accessible primer on risk management in safety critical industries.
I do wish one point was driven in a little more boldly - probabilistic risk management is only as good as the team administering it. If your team is working with bad data, if your team isn't competent, or if management incentives distort the priority of maintenance work/budget - these are all failure modes that undermine the effectiveness of the methodology. I'm surprised that this wasn't covered in the Fukushima part!
I'm also curious about the regulatory landscape - what's binding the plant management to conduct the assessments and ensure that competent people are doing them? Who's reviewing your LOPAs (Layers of Protection Analysis) or mandating that you need to do them at all (or do the follow-up maintenance / improvement works)? Again, the methodology isn't cheap (monitoring and fixing every component is pretty pricey). If there is no license to operate tied to compliance, the management is basically free to ignore it. Not necessarily in the scope of the review but an interesting question nevertheless.
Might go read the book now, too!
The problem I have with this entire area is that it is populated by rogues on all sides.
Radiation is the bugbear used by the anti-nuclear people:
Ignore the radiation from riding on planes, from nuclear testing, from mining, from burning and/or releasing fossil fuels, from natural gamma ray emissions on earth and from space etc etc. Ignore the deaths from nuclear as compared to literally all other energy sources. Ignore the carbon emissions (or lack thereof) from nuclear. It can release radiation! Boo!
It is perfectly fair to say that dismissing all radiation emission concerns/accident concerns is also ridiculous.
But ultimately, the true issue is being ignored. All sources of energy have tradeoffs vs. each other.
These tradeoffs are not being discussed even secondarily - carbon emissions or radiation vs. what any given society considers a priority.
Japan used a lot of nuclear because they literally have to import all their energy. They have no coal, no oil, no minerals to speak of, no natural gas, etc etc. The shutdown of all Japan's nuclear plants literally led to the return of oil burning electricity generation in Japan. Is that a win?
Massive installations of alternative energy electricity generation in Japan have not fixed their energy import problem; it has actually made it worse in conjunction with the nuclear shutdown. World Bank data shows Japan up to 2015 (its latest data) importing more energy than literally ever before as an overall percentage. EIA shows alternative energy providing all of 6% of Japan's energy supply even as the step up jumps in oil, natural gas and coal imports - pre 2011 vs. post 2011 still persist.
So is extremely expensive and carbon intensive Japanese imported energy worth the "safety"of nuclear plant shutdowns? That issue is not even in the discussion.
How many people died of radiation poisoning from 3 Mile Island?
How many people died of radiation poisoning from Fukushima?
These are very important numbers to compare to number of deaths from coal-based power plants.
Well written but lost me early. "Nuclear energy is perhaps unique as a technology, in that no amount of experience seems to change society’s comfort with it. The topic is forever radioactive."
If it said: "society's discomfort", it would be not less true. (plus "no change" kinda contradicts the next sentence: "Wellock sets out to tell this history, how the US public went from nuclear-lovers in the 1960s to suspicious in the early 1970s, hostile in the 80s, and ambivalent today..")
Only at the end it is mentioned that all other energy-sources are killing people, and all kill more by kw/h produced. I assume, it is clear, that not having electricity would kill billions, soon and ugly.
While the deaths by nuclear energy turned out to be in the same ballpark as meteors, one digit per year on average.
2. Worse: I did not really learn anything about "Probabilistic Risk Assessment". Except that the author seem to argue we should instead imagine the worst possible "dragon king" and (without probability?) see how we feel about it? - "What if we assume the maximum cost of a nuclear event is not $1 trillion for the Fukushima we lived, but $10 trillion for the Fukushima we escaped?" - well, what if we assumed the 1 trillion is a hundred times overblown? The deadliest thing about it was the forced evacuation of elderly, resulting in premature deaths.
3 Cat on fire? Kidding? Hell there are a thousand more likely ways to have a fire in a furniture shop. The sane way is to install alarms. fire-fighting equipment and fast exits. Plus a competent fire department not too far. All that is done in real life. One lesson of Fukushima was: Have rescue measures ready. But there was no radiation proof robot/remote vehicle to get inside, let alone do something.
Not sure what I should take away from this.
Massive forest fires are dangerous, therefore any sufficiently large forest is not safe enough and needs to be split into several small forests instead?
This review is vague in places, there is a kind of “hint, hint“ quality to it at times. For example, in the beginning it says that the nuclear industry was faced with a “crisis,” which apparently was caused by the lack of accidents at nuclear facilities, something vague about the civil rights movement, and something (what?) people would discover thanks to the freedom of information act. So what was the crisis exactly?
This book is probably harder to review than some of the others because it seems quite technical. I can’t tell whether the vagueness in the review is caused by the difficulty caused by this technical nature or by the reviewer’s own opinions, which he or she suggests at but doesn’t bring out into the open.
Or take this passage: “"Safe Enough?" was not written as a defense of the Nuclear Regulatory Commission's regimented style. But as an outsider reading about the math for the first time, it became clear to me that once the NRC chose to implement Probabilistic Risk Assessment, an intrusive bureaucracy became its destiny.”
Any regulatory agency or commission is, by definition, an intrusive bureaucracy. That is literally the whole point. So what does “an intrusive bureaucracy became its destiny“ mean?
If I was to sum up this review it would be “analysts can make models that calculate the probability of nuclear accidents, but that isn’t sufficient because maybe we should always be thinking about the worse case scenarios”. The problem with that is that if global warming is as bad as we are expected to believe, we don’t have the luxury of thinking about very unlikely nuclear accidents.
As far as I am aware, by the way, at least part of public wariness about nuclear power is based on the inaccurate idea that a nuclear power plant can blow up like a nuclear bomb.
Is the timing of this related to the ongoing rumors that Russia have physically implemented a plan to sabotage the biggest European fission power plant (specifically by blowing up its cooling pond) ?
https://apnews.com/article/ukraine-russia-zaporizhzhia-nuclear-drill-856d616b63c7d3b48645fc55ad3b0853
https://www.thedrive.com/the-war-zone/russia-plotting-to-assassinate-prigozhin-ukraines-spy-boss-tells-us (<= part of the interview)
And blowing up the cooling pond is still probably one of the least damaging ways to sabotage it ?
That someone (with nation-state levels of means, not talking about small fringe groups) would be willing to do that is likely to radically shift the public opinion against fission power !
I'm really angry at this point that Macron has *still* not done an emergency press-conference, Johnson-style, about how the reaction to this kind of sabotage would be the same as for the use of nuclear weapons.
(And think of the opportunity to show yourself as a defender of Mediterranean (and Black Sea) countries in general, and Turkey in particular ! But I guess it's like when he ignored both of the nuclear issues in early 2022, despite their centrality in the UKR-RUS conflict... I guess this is what happens when you basically decide to get rid of your diplomatic corps to the profit of a small, inexperienced team that you have full control over ?)
This review isn't clear enough to me on how that first report treated uncertainty : is the fact that it doesn't show up on the graph because :
- that was a propaganda operation deliberately misleading the public
- the scientists were incompetent
- and/or my assumption is wrong that if you would try to properly calculate uncertainty ranges across "cascade events" like these you are going to end up with ridiculously wide ranges for them ?
Another minor annoyance of mine is the improper use of units :
"triple the GDP of" should be instead "three years worth of (time interval X-Y) GDP".
(Also GDP hasn't been a good indicator of "wealth" for like half a century, but that's another issue...)
I was a licensed reactor operator in the late 70’s. What I remember was the NRC analysis saying that the “maximum credible accident” would cause 0.1 % fuel rod damage. At Three Mile Island the fuel rod damage was an order of magnitude higher. So much for “science”.
Clearly the industries and its apologist were full of shit. Unfortunately we still need energy and fossil fuels are a suicide pact. Thank goodness that solar and wind seem to the answer. (Oh, and in 20 years in the future there will be fusion of course)
I seriously doubt that in a worst case Fukushima event evacuation of Tokyo would have been NECESSARY (i.e. a significant portion of the inhabitants would have experienced severe radiation sickness or death if left in place).
I think we would merely have CHOSEN to evacuate based on current exposure limits which is the problem in the first place. Btw. this same attitude also killed a bunch of people in the real Fukushima event as the evacuation proved way more lethal than the radiation.
Does anyone know the actual predicted does rate in Tokyo this claim is based on?
One important factor in understanding the switch to probabilistic risk assessment is that back when it was introduced US power was run as a series of regulated monopolies allowed to set their rates to profit at a cost-plus basis. In circumstances like that there's always a temptation to increase one's costs as much as possible, since a 10% profit on $10 billion in costs is more than a 10% profit on $1 billion. So the regulators always have to be looking at the proposed safety schemes the utlities are coming up with and saying "nice try" when PG&E comes to them with a plan to bury all their power lines or something.
But with nuclear the power companies saw a chance to get laws enacted which would drastically raise their cost structure, allowing them to legally raise their rates and profit more. So you had a sort of bootleggers and baptists coalition in favor of applying unprecedented safely regulations to nuclear power, aiming not just to reach a certain level of safety but to make it as safe as possible.
I remember reading some article, where cost-efficiency of safety in some industry was highly unfavorably compared to that of nuclear-powered aircraft carriers, "staffed by lightly-trained 18-year olds". Nuclear power usage by the military does seem to be unusually competent, despite presumably being pretty challenging, and rarely ever does anybody pay attention to it.
"The Tokyo metro area has a GDP roughly twice the Paris metro area, so a $10 trillion estimate is not nuts, though truthfully the people of Japan might simply decide to just live with the fallout rather than pay that figure."
So the figure actually is NOT $10 trillion but just a small readjustment in life expectancy.
Great review. This raises a question for me. Does anyone know if hurricanes are cascades? I.e., is there any theoretical reason that a hurricane couldn't have winds of 500 or 1000 mph?
The problem with traditional designs like the LWR and BWR is that they don't fail safe if the cooling system fails. After shutdown, you end up with too much excess heat that can't be dissipated without an ACTIVE cooling system that needs to run for a few hours, or maybe a day or two for the biggest plants.
That's it -- that's the engineering problem that needs to be solved.
You can't fix this with layers of bureaucracy, complex mathematical modelling, or lots and lots of redundancy. That's the lesson of Fukushima and Three Mile Island.
The curve in the Rasmussen Report suggesting that the dangers of nuclear power are on par with meteor strikes seems like bullshit to me. If your model says that the death due to nuclear power per year are effectively nil, then it might be a good idea to consider how confident you are that your model captures reality correctly in the relevant parts. If you allow even a modest 1% chance that non-modeled conditions cause a big accident, then that part will simply dominate your estimates. [0]
---
> There are about 40,000 generations of neutrons every second.
That is 25us, which is less than a thermal neutron would need to diffuse from the moderator to the fuel. The number is correct (for light water reactors) because a significant fraction of fission events are caused by not-quite thermalized neutrons. [1]
> The known speed of these feedback loops is probably a source some of the public’s hesitation around nuclear energy - one of the public’s Bayesian priors, if you like to frame it in terms of logic.
That is utterly wrong. I don't think we could implement a control rod reacting within 25us. The reason why we can control nuclear reactions at all is that there are two groups of neutrons:
* prompt neutrons are emitted when the fission happens, and make up more than 98% of the neutrons
* delayed neutrons are emitted some time after the fission, the emission half-life is on the order of 0.2-60s.
A situation in which the prompt neutrons alone can further the chain reaction is called prompt criticality. Anyone who runs a reactor into prompt criticality is going to have a bad day. In general, nuclear reactors make rather poor nuclear bombs (where the neutron generation time is much shorter, likely less than a nanosecond), but depending on the particulars of your reactor (void coefficient) you may generate enough energy to blow up containment before something decreases your reactivity.
The correct way to run a reactor is to avoid prompt criticality. Instead, you rely on the ~1-2% delayed neutrons to get to neutron multiplication factor of one per generation. The delayed neutrons react on a time scale which is long enough that you can compensate with your control rods during normal operation.
---
Footnotes
[0] Also, I think using impact events as a baseline for "least threatening" is kind of rich. Impacts may kill much less individuals than tsunamis, but they can take out species. If I was one of the 75% of species wiped out in the KT impact, I would not not just be sad at the lives lost directly, but also at the glorious Cretaceous being cut short, preventing many generations of my species from existing.
[1] https://www.nuclear-power.com/nuclear-power/fission/prompt-neutrons/prompt-generation-time-mean-generation-time/
A good review, which explains why caution around nuclear power isn't just ecohippy nonsense, and why it is a good resource if we are careful how we operate it.
I think it’s popular to take a stance (which I also endorse to some extent) that abbreviates to “the environmentalist movement did more harm than good by not embracing nuclear”.
I think there are some potential flaws in this position though. As a statement at Simulacrum Level 1 (objective claims about the world [1]) it’s true as far as I can tell.
However it seems perhaps naive considering Simulacrum Level 3 (honest statements about political/social coalitions). I suspect there was not a stable political coalition that could have formed in the 50s-70s around “environmentalism + nuclear”. One could hypothesize a “homo rationalis” that just evaluates the evidence and decides it’s good policy to invest in both renewable energy and nuclear as a transition off fossil fuels. But in practice what actually builds a movement/community is uniting around a common cause, and I’m not convinced that there was actually a story to weave those two communities together; nuclear power post-war seems to have been a techno-futurist high-modernist optimistic movement, and environmentalism more of a doomer anti-technology/development vibe (not trying to strawman / deprecate here, meaning these in neutral sense). So given that I struggle to see a path to a stable, strong, cohesive “pro nuclear environmentalist” movement actually forming at the same level of engagement as our current environmentalist movement.
I am aware there are pro-nuclear environmentalists it just seems a somewhat niche/nuanced position to take, and not something you can fit on a bumper sticker, which suggests to me it’s not memetically viable in the same way as our current environmentalism.
Another point in defense of the environmentalists - their “no nuclear / all renewable” vision was in fact cohesive and sufficient to solve the problem of climate change. If we had actually ended the massive government subsidies for fossil fuels and instead pushed them into renewables, we’d have reached our present point on the technology learning curve many years ago.
My opinion is that nuclear built 10-20 years ago would have been the optimal path, but from where we are now solar and wind look so cheap that I struggle to find nuclear worth the indigestion. There was a lot of doubt that a mostly-renewable energy mix wouldn’t work, batteries/storage too expensive, etc., and it now seems that all-renewable is more viable than we previously forecasted [2],[3]. Given our inability to do any major construction projects in the US on time and on budget, large scale nuclear just doesn’t realistically synergies with our current capabilities.
1: https://www.lesswrong.com/posts/qDmnyEMtJkE9Wrpau/simulacra-levels-and-their-interactions
2: https://reneweconomy.com.au/a-near-100-per-cent-renewables-grid-is-well-within-reach-and-with-little-storage/
3: https://emp.lbl.gov/utility-scale-solar/
Is it deeply difficult to design a plant that turns itself off by default unless active measures are maintained by workers to keep it on? I know that molten salt designs use an actively cooled ice plug that automatically drains the reactor if there are failures. Do Gen 4 water reactors still have these problems?
Spitballing here since I’m out of my depth, but a simpler solution for the first kind of errors (not those caused by tsunamis), is to keep organizing small incidents in your nuclear power plant every year instead of probabilistic risk assessment which is killing the industry by miring it in bureaucracy. In software, you regularly manually switch off servers, kill connections to stress test your system and check if the engineers are prepared to handle these issues. I suppose something similar can be done for nuclear power, start a fire randomly through the year to ensure engineers are prepared and ready to do what’s needed. I know the navy does similar drills.
> Is nuclear still safe enough then?
You just said the cost would have been pennies per kWh, so if the cost is 10x, it's now dimes per kWh, right?
Interesting review. I completed my doctorate in nuclear engineering, focused on the safety aspects of one particular reactor design, and yet this is the first I've read about when PRA became king.
That being said, I think this review gives too much credit to both the cost of PRA and the competence of the NRC. While I'm sure that PRA greatly increases the design and cert costs of new reactors, I don't believe it's responsible for us choosing to build reactors with the QC requirements - and thus cost - of space ships. Nor is it responsible for the NRC requiring that the PRA analysis must report that the reactor will kill negative one people - as opposed to perhaps 10 or 20 - over its lifetime.
And speaking of the NRC, right now they are going to universities and asking for help to determine whether the NRC itself has the competence and tools to even evaluate a new reactor design.
I wish there was a dislike button. It's a great pity to see this blog associated with the misinformation in this post, though I appreciate the open book review contest format and freedom of speech, etc. Perhaps Scott should add disclaimers highlighting any dangerously misleading claims made in book reviews?
To address this specific case, there is no possible world where the Fukushima accident could have led to Tokyo needing evacuation. It's the kind of claim that is great for making Neflix 'documentaries' more exciting but doesn't really deserve much attention in the real world.
In comparison to the efforts to make nuclear energy safe, how many man-hours are spent making sure viral research labs don't have a "cat on fire" incident?
If the bio labs are safe enough, and given the risk-reward comparison between them and nuclear power, I don't see any reason why Homer Simpson shouldn't be a nuclear engineer.
The NRC has always had an antinuclear agenda.
I hate this one. Extremely irritating the way it tries to anticipate or manipulate my emotional reaction to a fact, and completely fuck it up every time.
"A coarsely cynical reader might thus expect Wellock to sidestep damning details of nuclear risk at the behest of his employer."
No, why would I think that? What bureaucrat has ever tried to sidestep the details of the thing that keeps him employed?
I think the real missing piece of a discussion of nuclear power plant regulation is why the extremely high level of safety prioritisation isn't applied more universally - Prioritising safety may be rational, but if so it would be rational to do it much more uniformly, and one doesn't see anything like this culture applied to dams or to coal power plants or to heavy industries, despite almost all of those being statistically more dangerous than nuclear power.
This review so utterly failed the ideological Turing test that I couldn't read it through.
The last sentence I read was: “There are about 40,000 generations of neutrons every second” : there is no unit of time, no unit of weight, nothing to compare this data to. The only thing that I can do with this number is to be scared.
“The very existence of the nation of Japan was at stake. “
This seems false.
This entire review feels like a rehash of the two lies: https://jackdevanney.substack.com/p/the-two-lies-that-killed-nuclear.
TL;DR: the first lie is that a nuclear release can't happen. That's obviously false. The second is that such a release would be catastrophic. This too is false (read the linked article to find out why).
All these silly anecdotes about reactor plant operators rushing about are entirely irrelevant. The fact is that nuclear meltdowns despite the scary names tend to be rather benign events when compared to the range of industrial disasters that people regularly put up with. And for a good reason: the benefits far outweigh the (possible) harms.
I was expecting a discussion of ALARA:
"Excessive concern about low levels of radiation led to a regulatory standard known as ALARA: As Low As Reasonably Achievable. What defines “reasonable”? It is an ever-tightening standard. As long as the costs of nuclear plant construction and operation are in the ballpark of other modes of power, then they are reasonable.
This might seem like a sensible approach, until you realize that it eliminates, by definition, any chance for nuclear power to be cheaper than its competition. Nuclear can‘t even innovate its way out of this predicament: under ALARA, any technology, any operational improvement, anything that reduces costs, simply gives the regulator more room and more excuse to push for more stringent safety requirements, until the cost once again rises to make nuclear just a bit more expensive than everything else. Actually, it‘s worse than that: it essentially says that if nuclear becomes cheap, then the regulators have not done their job."
https://rootsofprogress.org/devanney-on-the-nuclear-flop
"A plot from the Rasmussen Report estimating the likelihood of deaths from nuclear power as orders of magnitude less probable than dying from common natural disasters, closer to being killed by a meteor. There have been no known meteor deaths since this curve was published in 1974, though there is historical evidence that this is not impossible!"
Then, disappointingly, no discussion of deaths from nuclear power generation radiation since 1974.
[Wikipedia](https://en.wikipedia.org/wiki/List_of_nuclear_and_radiation_accidents_by_death_toll) seems to think there are around one hundred up to a few thousand depending on how you count. Seems safe enough, probably pretty similar to other power generation modalities.
I'm pretty surprised this review made the finalists. The author has a couple of sentences that mention the safety of other energy generation but the comparative safety of nuclear vs. other is clearly the main determinant of whether nuclear is "safe enough." Every analysis I've seen indicates nuclear is far safer than any other major energy generation technology and that it has been obviously safer than any competing technology for decades now.