Nuclear power is on its way out in the United States. The current technology has failed in the U.S. marketplace, and it will not be revived. Advocates of nuclear power will, for a while yet, be able to point to nuclear power's ever-increasing share of electricity production. And, to be sure, a few more nuclear power plants will begin operating each year for several more years. Such controversial plants as Seabrook and Shoreham may even come on line. But the pipeline is nearly empty; all the plants presently under construction were ordered before 1974, and no utility has plans to order another for as far into the future as it can see. In a few years the oldest nuclear plants will begin to be retired, either because their licenses have expired or because they will simply become too expensive to maintain. As the stream of new nuclear plants dies away and the rate of retirement increases, nuclear power will gradually play a less important role in the nation's economy, and in 25 or 30 years it will be completely negligible.
This is unfortunate, because we know enough now to build a new generation of nuclear reactors that could save billions of dollars and tens of thousands of lives. These reactors would not strain the public's shaken faith in scientific integrity and industrial competence because their safety could be publicly demonstrated by actual test. Neither would they strain the utility industry's ability to raise funds for multibillion-dollar units. Despite this, the potential of a radically different sort of nuclear power plant is rarely mentioned in the public debate over nuclear power. It is as if the participants in the AIDS debate had agreed not to mention the possibility of a cure.
It is easy to see why the opponents of nuclear power are perfectly happy to leave a troublesome concept such as a demonstrably better reactor out of the discussion. The surprise is that the proponents of nuclear power are willing to leave it out also. Those who speak for the nuclear industry are simply not interested in the potential of radically new reactors. The pessimists among them look at the shambles of the failed U.S. nuclear industry and say that there is no hope, no reactor could possibly get us out of this mess. The few optimists and the true believers out there look upon the highly successful French and Japanese nuclear programs and say that there is no problem: the technology is fine, it is only the public that has failed. But there aren't enough of them to sway the debate.
It is easy to argue that we would actually be better off without nuclear power because the electric power generated by many nuclear plants now coming on line is far more expensive than electrical power produced by burning coal or natural gas. And there are psychic and social costs that must be charged against nuclear power. It is harder to argue the costs of not having nuclear power because these costs are widely and almost invisibly diffused throughout society. In fact, the cost of not making nuclear power work is being paid now in human lives. In a few decades, the cost will also be paid in international competitiveness.
Every year approximately 100 people die in coal-mining accidents and more than 500 die in railroad and other accidents associated with the transport of coal. These deaths and serious injuries usually come in ones and twos, are noted briefly in local newspapers, and are never summed up in the public imagination. Nor are the ravages of air pollution. The effects of acid rain on our environment have become apparent, but there is also the less obvious though statistically very real effect of air pollution in shortening people's lives. Because the pollution contributes to, but does not directly cause, what statisticians call "premature deaths," it is difficult to quantify its human costs precisely. It is clear, however, that the toll, primarily upon the sick and the old, amounts to some tens of thousands of lives every year—invisible, unindictable, but nevertheless very real. These costs are ignored in the studies that claim to show how much money or how many lives we will save by shutting down all our nuclear plants.
The toll that burning fossil fuels exacts in lives and money is not an inevitable price we must pay for an advanced society, for despite all the recent difficulties, many of the glittering promises of the first advocates of the nuclear age can come true. Nuclear power really does have the potential to be one of the least environmentally damaging, most economical sources of power available. The current problems are inherent not in nuclear power, but in the particular machinery we have devised to exploit it, and in the astonishingly harebrained schemes we have evolved to dispose of its unavoidable waste. There are now working prototypes of demonstrably safer reactors that are much better suited to the capabilities and limitations of their human operators. The difference between these advanced reactors and the reactors now used to generate power is qualitative and easily grasped. These new reactors also turn out to be substantially cheaper and more reliable than existing reactors.
When nuclear power was first developed, there were dozens of different technologies available for its exploitation: different forms of fission fuel, different coolants, different physical arrangements and sizes, etc. Nuclear power's early history was similar to the early days of selfpowered transport, with steam, diesel, and gasoline vehicles of various bizarre shapes all vying for supremacy. Much as the gasoline-powered, four-wheeled automobile emerged from the pack, so did the light water reactor (LWR). The light water reactor, so called to distinguish it from "heavy water" reactors, now is by far the dominant reactor type across the world.
THE LWR IS inherently an exceedingly complex, unforgiving device. It was known that this was the case even while the LWR was driving rival designs from the scene; the dominance of the LWR is due at least as much to politics as it is to technology. When it became undeniable in the early 1950s that nuclear power would spread around the globe, it was clearly in the national interest for U.S. technology to become the dominant technology. The LWR was already highly developed in the United States because of its suitability for submarine propulsion and its important role in a plutonium-based economy. Hothouse development using military funds gave the LWR a jump on the rest of the pack, and so it was the first reactor type able to go from laboratory scale to sizes of industrial interest. The LWR was available in 1953 when the Atoms for Peace program was instituted and became "the U.S. reactor." The Atomic Energy Commission diverted all the available development money to light water while other reactor concepts withered and died for lack of support. As a result of the LWR's victory, GE and Westinghouse dominated the world's nuclear industry much as Boeing came to dominate the world's aircraft industry. Initial government support provided an almost insurmountable head start. Ironically, because of the demands the LWR places upon its builders and operators, it turned out to be much better suited to the institutional structures of countries such as France and Japan than it did to that of the United States. In those countries, the manufacturers, utilities, and regulators are closely linked and the opportunities for the public to get involved limited. The LWR now does much better in exile than it does in its homeland, and foreign manufacturers have taken a clear lead in the design and sales of advanced LWRs.
The design of a nuclear reactor requires three basic choices: the fuel, which undergoes the chain reaction; the moderator, which surrounds the fuel and facilitates the chain reaction; and the coolant, which carries the heat generated in the chain reaction off to do useful work. All the problems of the LWR stem from the particular choices that were made.
The fuel used in LWRs embodies uranium in the form of a ceramic material quite similar in properties to the ovenware used for cooking. Like ovenware, the ceramic fuel of the LWR is capable of withstanding extremely high temperatures, but it is very hard and very brittle. Like ovenware, it will crack if it is heated too quickly or cooled too suddenly. Most important, it is, again like ovenware, a very poor conductor of heat. This property of most ceramics accounts, for example, for the fact that frying pans are usually not made of ceramics, whereas baking dishes—which need respond only slowly—can be and usually are made of such materials.
The moderator in the LWR is common water, the same water we drink and swim in. The coolant used in the LWR is also common water. In all reactors now used for electricity generation, the final stage in the process is the turning of water into steam to spin the huge turbines that actually turn the generators. In the designs known as boiling water reactors (BWRs), the steam is generated inside the reactor itself. In the devices known as pressurized water reactors (PWRs), the reactor cooling water is transferred to huge external steam generators where additional water is boiled to make the steam that drives the turbines. Both the BWR and the PWR are important variants of the LWR, but their differences, so crucial to the battle between GE and Westinghouse, are not greatly consequential in the broader context. From the perspective of cost and public safety, all LWRs are pretty much the same.
The choice of ceramic fuel and water coolant determines the overall attributes of the whole nuclear plant. This choice also determines, although in a less obvious fashion, the type of society required to operate those nuclear plants safely and economically. The reason for this is that the ceramic-fueled, water-cooled plant has almost no margin for a particular sort of failure—the loss-of-coolant accident. This particular failure is so much the focus of attention in nuclear safety analyses that it is referred to by its acronym, LOCA.
The fuel in a ceramic-fuel reactor must be extraordinarily hot to force the heat through the ceramic. The ceramic is so brittle that it must be encased in a metal tube to keep it from falling apart as the reactor heats and cools. The difficulty ensues because the required fuel temperatures are far greater than the temperature necessary to melt the metal tube. This is not a problem in normal operation because the tube is cooled with water.
However, water can boil away, or flow away through a broken pipe. If it does, the now uncooled fuel will heat its metal container to the melting point in less than a minute. This can start a chain of circumstances, the least severe of which is radioactive contamination of the remaining cooling water and the most severe of which includes meltdown, with consequences that may or may not be contained within the power plant itself. Three Mile Island showed the results of a contained meltdown; Chernobyl demonstrated the reasons for the fear of an uncontained meltdown.
THE ONLY WAY to ensure against meltdown of LWR fuel is to provide an absolute guarantee of the presence of cooling water. This guarantee must be valid in the event of pump failure, or pipe breakage, or operator error, or any combination, however unlikely, of any of these. Even in the worst-case scenario—an earthquake where electrical power cannot be brought in from the outside to operate the pumps and valves—the plant must be able to protect itself.
Designers of the LWR attempt to reduce the risk of a LOCA by using multiple redundant pipes, pumps, valves, and con trol systems arrayed so that every item has at least one backup and so that particularly critical items have multiple levels of backup. Nuclear power plants even have as many as three standby diesel generating plants that can kick in during an emergency. This makes the probability of failure even smaller, but for some, the probability can never be small enough. If the probability of a multiple failure is deemed too high, then yet another safety system can be added as backup. It must also be argued that the backups are truly independent and that there is no "common mode" failure that could affect them all at once, say the starter batteries on the diesel generators all failing simultaneously. The technique of multiple, redundant backup systems is known as "defense-in-depth" and is the keystone of nuclear reactor safety regulation. It is easy to see that systems that rely on defense-in-depth can become extremely complicated. The problem is that the guarantee can never be absolute; it must be based on reducing probability to "negligible" levels.
THE CONCEPT OF defense-in-depth is not unique to the nuclear industry. The passenger aircraft in commercial service all rely on just this system. Every twoengine airliner can take off using just one, should the other fail at a critical moment. Every three-engine commercial aircraft can continue its flight using just one, should two engines inexplicably fail at the same time. The aircraft's automatic control system has a manual system to back it up, and an additional mechanical system, should that one fail.
Such systems can be made to work if they are well designed and if sufficient care is given to their maintenance. But it is sometimes difficult to test systems that must work on infrequent demand. It is sometimes impossible to simulate the condition under which the backup system will be called upon. And, as recent evidence in the airline industry has shown, it is possible to disable backup systems "temporarily" if their presence becomes annoying.
Defense-in-depth has two important difficulties when it is applied to nuclear reactors. The first is that the consequences of a nuclear accident are potentially so much greater than those of an airplane accident. The required level of safety is much higher and the safety system is therefore far more complex. The components needed to supply the additional levels of safety make the power plant harder to operate and maintain, and harder to analyze. Hundreds of millions of dollars have been expended in the task of trying to calculate the probability of failure of the existing nuclear power plants, yet there is little agreement. The huge investment in complex safety systems also explains the high cost, long construction time, and high operational costs of the nation's current nuclear power plants.
The second difficulty with defense-in-depth is that its efficacy in complex situations cannot be demonstrated experimentally. The only way to prove defense-in-depth works is to disable intentionally major safety items and then test the system. It is relatively simple, for example, in certifying an aircraft to turn off one or more engines while in flight to demonstrate that the airplane can be controlled and the engines restarted. It is not feasible, however, to melt the core of a nuclear reactor to show that the containment will hold. The barely conceivable becomes impossible when it is realized that dozens of different accident sequences must be simulated for each reactor, depending on which safety systems or combinations have failed. Such testing is prohibitively dangerous and expensive. Defensein-depth for the current generation of nuclear plants can be made plausible but can never be conclusively proven.
Because of their basic design and their consequent reliance on defense-in-depth, the LWRs used by U.S. utilities are inherently large and complex. The U.S. power generating system—a mix of private, public, and federally owned power generating facilities—is complex, widely variable in capability, experience, and dedication. Individual elements of the system are subject to a myriad of differing institutional, regulatory, and financial pressures. We are trying to mesh a complex technology with a complex economic and political structure; it should be no surprise that the level of success is quite low.
It is often claimed by members of the "nuclear community" that this mismatch of technology and social structure could be resolved if only our institutions and, in particular, our regulatory structures were streamlined and simplified. History, however, shows us the futility of such arguments: the American public wants a pluralistic system, with maximum public participation, with clear division of powers, and with multiple levels of safeguards and appeals. Unless there is clear consensus, such a system can be slow, contentious, frustrating, and inefficient. Nonetheless, except for the most immediate emergencies, it is the preferred mode of operation. It is correctly perceived that the "need to keep the nuclear option open" is not such an emergency issue. As a consequence, attempts to mold U.S. political structures to match a complex technology have little chance of success. This argument is not universal; other countries have social structures better suited to the demands of nuclear technology. The coal and gas resources of the United States afford us the luxury of resisting.
REACTORS CAN BE built today that are able to survive the failure of any single component or any combination of components without fear, indeed without even the possibility, of fuel damage. Without fuel damage, there can be no release of radiation. These reactors don't rely on defense-in-depth. They also possess another essential attribute: the reactor can survive component failures without serious damage to the internal structures of the reactor itself. The elimination of public hazard is essential if the public is ever again to accept nuclear power. Freedom from financial risk is necessary if the utilities are ever again to include nuclear power in their plans.
We have known for a long time how to build such reactors—a prototype has been operating since 1967. It is only recently, in light of our experience with LWRs, that we realize how badly they are needed. The key to the new reactors is a radically different fuel form that is capable of withstanding very high temperatures. The reactors are small to ensure that it is physically impossible for such temperatures ever to be achieved. Such reactors are termed "inherently safe." They are sometimes labeled "passively safe" because no action whatever need be taken to mitigate the effects of equipment failure. Whatever the name, these new reactors eliminate the need for the defense-in-depth strategy. They are designed so that the power plant could suffer the simultaneous failure of all its control and cooling systems without any danger to the public living near the power plant. According to the most stringent rules now in place, there would not even be a requirement to mount warning sirens on the plant.
WHY IN THE world are inherently safe reactors not in common use? Until recently,"existing reactors were deemed to be "safe enough," and thus there was no need to consider introducing safer reactors. To the beleaguered industry, a public assertion that there was anything at'all to be gained from increased safety was equivalent to an explicit statement that existing reactors were not safe enough. As a result, the coalition formed by the Energy Department, nuclear plant builders, and utilities that had invested so much money and prestige in the LWR went further than merely ignoring the potential of inherently safe reactors. They actually impeded the development of such reactors.
The second reason is that such reactors must be substantially smaller than the 3,000 megawatt behemoths now in general use. The maximum size consistent with inherent safety is about one-tenth the size of today's nuclear plants. It was commonly thought that the bigger reactors would be more economical because economies of scale would spread the fixed costs of safety and support systems over more units of electricity generation. Such economies of scale have not been demonstrated. In any event, it has slowly dawned that repetitive construction of identical reactor modules in centralized factories might have compensating advantages. The learning curve of such serial production has certainly been demonstrated in our airplane factories and the Japanese shipyards.
The smaller, inherently safe reactors also deliver electricity more cheaply than the alternatives. The current generation of reactors now coming on line, such as Shoreham and Seabrook, cost twice as much as the smaller reactors because of the money that goes to installing and maintaining their complex safety systems. Detailed cost estimates show that inherently safe plants can produce electricity at less than one-half the cost of current reactors. In addition, the predicted cost of an inherently safe plant is lower than that of its main competitor for next generation power, the modern coal-fired plant.
Because an inherently safe reactor will survive a worstcase accident without damage, it could be licensed much as aircraft are, by a combination of analysis and proof testing. That is, unlike an LWR, you could actually try out each reactor and prove it won't melt down. Such license-by-test is absolutely essential if the American public is ever again to accept nuclear power.
The license-by-test process responds to the request for standardization made by both proponents and opponents of nuclear power. Several congressional committees have made standardization a keystone of regulatory reform, but there is, of course, little agreement as to whose design will become the standard. License-by-test will lead to standardization as a byproduct. Reactor vendors will, for reasons of cost, settle on a few basic designs because of the expense of preparing a prototype for testing. The analogy to the aircraft industry is apt in this case also; a relative handful of different models is adequate to fit a wide variety of missions. The regulatory agencies will not be "reformed," but their tasks will be made a great deal simpler. Standardization will result from market forces, not regulation.
WE THOUGHT we had been having a great national debate over nuclear power. Instead, we have merely been discussing the acceptability of the LWR. But the LWR is no more a surrogate for the potential of nuclear power than the Hindenburg was for the potential of air transportation.
The LWR provides an easy target for those seeking to prove that a phaseout of nuclear power is a "good thing." The proponents of nuclear power cling to the LWR for a variety of rational and not-so-rational reasons. Major companies have made an enormous investment in manufacturing capability and proprietary designs. These designs would become worthless if a revolutionary new design were to come into use. Experience building balloons was little help when the airplane came along. The irrational factors are, as usual, stronger. The visionary engineers and industrialists who helped bring nuclear power into commercial use 25 years ago are now the program managers and company presidents. They are at what should be the peak of their careers. Many were motivated by dreams of non-polluting power and by the chance to turn the horror of the atomic bomb into something of merit. It was hard enough for them to see the industry to which they devoted their careers crumbling, but the public questioning of their abilities and their motives was intolerable. The all too human response when one's best efforts have unaccountably failed is to blame others.
The leadership of the nuclear industry is firmly convinced that when the lights begin to go out, the public will see the error of its ways and demand nuclear power. Until that time, any hint that the existing nuclear power plants are not good enough—and a revolutionary new design would imply precisely that—is heresy. The strongest arguments against new power plants are being made by those who have invested their prestige in the older ones.
The unwritten agreement to limit the discussion of nuclear power to the light water reactor has cost the nation dearly in time and in lives. It will eventually become even more costly—several countries have begun to recognize the advantages that small, inherently safe reactors have for export to industrializing countries and even to the loose confederation of power-generating utilities that supply the United States. We may eventually become importers of the technology we tried to stifle.
This article originally ran in the December 28, 1987, issue of the magazine. Lawrence M. Lidsky is professor of nuclear engineering at the Massachusetts Institute of Technology.