A Chernobyl Here?

People often ask: "Can Chernobyl happen here?". To answer, we have to examine why the accident occurred, and why the consequences were so severe. The more important causes are:

• The U.S.S.R.'s RBMK design of reactor, to which the Chernobyl one belonged, used inflammable graphite (similar to barbecue briquettes) as moderator. During reactor operation the graphite runs hot: when the accident happened it became exposed to the air and started to burn. It was the resulting fire, lasting ten days, that was primarily responsible for the early deaths of 31 plant workers and for releasing so much radioactive material to the near and far environments. The CANDU design uses heavy water, not graphite, as moderator. Water, far from sustaining a fire, tends to wash out and hence retain the fission products of greatest concern, iodine and cesium.
• The Chernobyl reactor had a large "positive void effect" during operation with fuel at a high burn-up, such as existed at the time of the accident. A positive void effect means that if a void develops within the reactor core, e.g., by steam formation when cooling water hits hot graphite, the reactor power increases, making the accident more difficult to control. CANDU reactors have a positive void effect but this is maintained at a low level, well within the capacity of the shutdown systems to override it, by continuous on-power refuelling. Also, the absence of hot graphite reduces the likelihood of large void formation.
• The detailed design of the Chernobyl shutdown rods was such as to increase the reactor power first before having their intended effect, under the particular circumstances at the time of the accident. This design weakness does not apply to CANDU reactors.
• The building in which the Chernobyl reactor was located was totally inadequate as containment for radioactive material released as a result of the accident. CANDU reactors are contained in reinforced-concrete buildings with walls about a metre thick, designed to retain releases and suppress steam formation.
• There was generally a poor "safety culture" at Chernobyl. It, according to the IAEA, is "that assembly of characteristics and attitudes in organizations and individuals which establishes that, as an overriding priority, ... safety issues receive the attention warranted by their significance". Examples of the poor safety culture at Chernobyl were inadequate examination of a test program that had not been done during commissioning but was being conducted at the time of the accident; violation of operating procedures; and pressure on the operators to maintain production at the expense of safety. Since this cause is not a simple question of yes or no as for previous ones, the difference in Canadian utilities is only a matter of degree. Indeed, Ontario Hydro was criticized in the 1997 IIPA Report for a decline in its safety culture. However, Ontario Hydro at its worst would never have allowed the abuses that led up to the Chernobyl accident.
• A largely ignored root cause of the Chernobyl accident was the absence of a fully independent and effective regulatory body, a vital component of defence in depth. The Canadian regulator, the AECB, would not have licensed the RBMK design and would not have permitted operation under the conditions prevailing at the time of the accident. Regrettably, the international program to improve the safety of former-U.S.S.R. reactors has paid little attention to this aspect, concentrating on the design and operations.

To help readers understand the technical argument, the Commissioner of the Ontario Nuclear Safety Review, Professor F. Kenneth Hare, quoted as follows in his 1988 report:

"A well-known nuclear advocate, J.A.L. Robertson, wrote to me that he was appalled by the number of operator errors at Chernobyl and the difficulty of explaining them to the public. Under such circumstances, Robertson felt that it would be helpful to use more familiar analogies, where apt: