Chernobyl

I consider myself something of a connoisseur of the Chernobyl accident. I recommend:

Surviving Disaster: Chernobyl
Seconds from Disaster: Meltdown in Chernobyl
Zero Hour: Disaster at Chernobyl
The HBO series
Chernobyl: History of a Tragedy
Midnight in Chernobyl

Note that INSAG-1 and INSAG-7 are considered authoritative investigations but the information comes primarily from USSR authorities and the deputy chief engineer who are quite intent on blaming each other for the accident. The conclusion I think has to be that the reactor was very poorly designed, documentation intentionally incomplete and previous accidents covered up in addition to the deputy chief engineer violating prudent reactor operations. ECCS turned off for 11 hours in anticipation of the test? Sure. The reactor grinds to a halt? Withdraw more control rods! Run the test at 200MW(thermal) instead of 700MW(thermal)? That’ll be fine. Explain the testing protocol to people running the reactor? No need for that. Before the test event began the reactor was in such a bad state that they basically had no chance of avoiding the whole thing blowing up even if they decided to call it a day.

It should also be noted that you can’t claim to uphold rules regarding anything if you only bust people for breaking the rules and bad things happening. The Soviet authorities smiled upon violating any set of rules to get things done and only busted people for breaking rules when things went wrong. We have seen this in many places since and it is clear to deduce that breaking rules is expected in these organizations.

Anyway, I think the Chernobyl accident could have been avoided if people running the damn things were actually told what they were running. Telling someone that a loaded gun is not loaded is begging for someone to end up getting shot. It never occurred to anyone else to actively lie to nuclear reactors engineers about what they were running because that’s an absolutely idiotic idea. If someone had suggested this when rolling out some nuclear power plant in the US they would probably have been sent for psychiatric diagnosis because no sane person thinks that might be on the table. In the Soviet Union not only was no one sent for a psych-exam, but the idea actually became policy. In their defense I don’t think the decision actually boiled down to one person weighing “tell operators what they are working on” and “don’t tell operators what they are working on” against one another. It was probably a decision made by a variety of people over time and at no point did it seem like a very dangerous idea. But I argue that it would have been a simple matter to tell engineers what they needed to know and make sure they kept their mouths shut.

All operational staff at Chernobyl Unit 4 is asked to attend a meeting in a large onsite hall before going on-stream.

  • All right. Everyone here? … Anyone know if anyone’s missing? … No? Good. Uhm, you there! The guy who closed to the door. Lock the doors! … Locked? Good. Okey, I’m Davidoff and I’m with… the Security Services. Does anyone know what happens if someone talks about state secrets outside of approved situations? Like if someone tells his wife that our air-to-air missiles don’t work or something like that. … I don’t know anything about our fighter capacity but it’s the kind of thing that you really shouldn’t tell your wife. You there!

Davidoff points to a random engineer in the audience.

  • What happens if you blab about state secrets?
  • You… get sent to a prison camp?
  • Yes, or you get executed. That has also happened. So I don’t think I need to tell you that state secrets are not to be shared with people who are not “in the know”. Fair enough?

There are no objections from the audience.

  • Good! Now, you may not understand this introduction but I will share with you things that are considered state secrets. They are considered essential for you to know when running these reactors but you are not to talk about this with people who aren’t directly involved with running these reactors. Let’s start from the beginning.

Davidoff shows an overhead projection of his first point.

  • Item 1. We tell the general public that RBMK reactors are entirely safe. Otherwise they might cause trouble when we build them all over the place. Even people in charge of entire nuclear power plants say that these reactors are so safe you could put one in Red Square. This is not true. RBMK reactors have a set of dangerous properties that are to be presented here today. It is entirely ruled out that RBMK reactors be put in Red Square or any densely populated area. This entire nuclear power plant was initially meant to be built closer to Kyiv but… Well… Obviously that didn’t happen.
  • Item 2. RBMK reactors are unstable at low power levels. This is not a secret really but it’s worth considering. If you try to run these reactors at low power levels they might shut themselves down – this is relatively good outcome – or they might unexpectedly power UP – this is not a good outcome. So don’t try to run these reactors at low power levels. If all that happens is that the reactors power down unexpectedly you are in luck, it could be considerably worse.
  • Item 3. RBMK reactors have a huge positive void coefficient. For those of you in the audience who is not a nuclear engineer that means that steam in the reactor contributes to the reactor’s reactivity. You actually want that to be a negative feedback loop for stability. So water boiling to steam to a greater extent than anticipated makes the reactor split more atoms generating more heat and that boils more water to steam and makes even more atoms split producing even more steam and so on. You probably get the gist… Now, if we use water as a moderator – to slow down neutrons to where they actually split atoms – and as a coolant we are typically in the clear. Our VVER reactors operate on this principle. Since water is a moderator, boiling it to steam makes the reactor power down. But in RBMK’s we use graphite as a moderator and water is only there as a coolant. Water actually steals neutrons from the chain reaction so boiling it to steam gives us more free neutrons and therefore we have to huge positive void coefficient. This void coefficient is not balanced out by the temperature coefficient at all power levels, as in the Canadian CANDU reactor. Specifically at low power the temperature coefficient does not compensate for the large void coefficient. As a sidenote: the Americans have a reactor which produces both plutonium and electricity at Hanford which is channel-based, uses graphite as a moderator and light water for cooling. It has a positive void coefficient but not as big as we have with the RBMK. So we have to be very careful with RBMK’s because they’re less stable than what the Americans have in one of they military facilities.
  • Oh, by the way! The Americans think we are using RBMK’s to produce plutonium. That was the idea back in the day but the design would have been even more dangerous in that configuration so it’s been reduced to just producing electricity. The Americans still think RBMK’s are producing plutonium though and we haven’t been able to convince them that RBMK’s are only about producing electricity.
  • Item 4. The control rods have graphite displacers under them. This is for efficiency as the control rods are mostly drawn out of the core during operation and normally neutron-absorbing water would take their place. But with graphite displacing the water we lose fewer neutrons. Thus the difference between control rods being inserted and being extracted is greater and we get better efficiency during normal operations. However… This means that pulling out most control rods and them jamming them back in can actually create a boost to the reactor’s power, not the anticipated decrease. The decrease would eventually be present but you have to be careful or inserting a bunch of control rods creates such a spike in power that you never get to that stage because the fuel channels break and jam the rods. They had this happen at Ignalina and narrowly averted disaster.

A man in the audience carefully raises his hand.

  • Yes, you have a question?
  • Yes… We never heard anything about an accident at Ignalina.
  • Uhm… No. The whole thing was classified as a state secret. Why would you be told about that incident?
  • Oh… Uhm. I see. Never mind then…

The man sits down again.

  • Item 5: Sensors are not great… Under normal operating conditions sensors will be fairly helpful but during startup and shutdown they are insufficient. You will need to guess the state of certain parts of the reactor which isn’t ideal. No plan exists to put more sensors into the reactor. So… Be careful.
  • So in summary: RBMK reactors are unstable and way more dangerous than the general public knows. There are a variety of properties than make these reactors so dangerous and the manual – without mentioning those dangers – has to be followed to the letter! When it says “don’t run the reactor at less than 700 MW” it does not say “because otherwise bad things can happen” but now you know that bad things can happen if you do that. Do not pull out all the control rods and then jam them back in because very bad things can happen. The reactivity margin for these reactors must be respected to steer clear of dangers. Follow the manual exactly and you should be fine. Any questions?

A man in the audience raises his hand.

  • Yes?
  • Why do we build RBMK reactors if they are dangerous?
  • A sensible question! I assume that you consider VVER to be the main competitor to RBMK. Well, imagine if you will that you are a politician. You can choose to roll out just a handful of VVER reactors because most of the Soviet Union’s capacity for producing such reactors is taken up by the navy. Or you can choose to roll out RBMK’s which can be built by ordinary craftsmen. In the first case you take the heat because you have locked the Soviet Union into using a technology which can’t meet the needs of its growing industry, but the people running those reactors basically can’t screw things up no matter how hard they try. In the second case you don’t catch any flak for your decision but the operators of reactors will sweat bullets every minute they are working at the controls of an RBMK. Which do you choose? … That’s rhetorical, you’re not expected to provide an answer. Of course we have to tell the general public that RBMK’s are safe but it’s not like they have a keen understanding of how nuclear reactors work so it’s not all that difficult.

Something I don’t understand: Power plant blackouts. This could happen due to a war or something simple like a lighting strike disconnecting the plant from the grid. It takes more time to get the backup generators up to 100% power than the reactor can really handle so the thought was that power would be produced by a “rundown unit”(one of the generators) during this gap. This had not been tested on unit 4 before it was put into production and this shutdown presented an opportunity to do that test. But I don’t understand why you would need electricity to keep the reactor safe in the gap between blackout and the generators reaching maximum output. The emergency core cooling system(ECCS) was pressurized with nitrogen gas, so shouldn’t that be sufficient to cool the reactor before the generators are working at full power? Insag-7 mentions that the ECCS had three sub-systems and that one of them required electricty(DBA = Design Basic Accident):

“According to the design requirements for total loss of power in the event of
a DBA, electric power supply to the feedwater pumps of the third subsystem of the
emergency core cooling system (ECCS) had to be provided by the mechanical energy
of the rundown mode of the turbogenerator.”

So it might have been this aspect that they were thinking of. And making the ECCS robust seems sensible.

Addendum

There is an attempt to rehabilitate Anatoly Dyatlov and painting him as the scapegoat on whom the Soviet authorities blamed everything. Well, the Soviet authorities did try to blame him and the control room staff for things going wrong and this sometimes involved them inventing rules after the fact that did not apply at the time of the accident. I find this somewhat beside the point from an external perspective because the whole system relied on people breaking whatever rules were in place. Everyone knew that rules were hypothetical, just like quotas and deadlines. So the Soviet authorities trying to blame “the rule-breakers” is quite disingenuous but that seems like an internal matter of diverting blame. The Soviet system handled nuclear power incredibly poorly generally, so if the higher-ups try to blame the control room staff, does that make them seem innocent? No, that isn’t viable for us on the outside. I’m sure it was quite effective internally to blame the staff and draw attention to them breaking rules(existing ones and made up ones) as if though rules weren’t routinely violated everywhere as a matter of course. But an outside observer isn’t convinced by this poor attempt at subterfuge.

I think at it’s core we have to acknowledge that mr Dyatlov was a terrible boss. The word “terrible” in this context doesn’t equate to “very mean”. I’m sure he was, but I’m saying that he was very bad at being a boss. He discouraged reports of mistakes, was uninclined to inform people of ongoing plans and trusted no one else to know their job. In pretty much any other country he would at most be asked to clean the floors at a nuclear power plant. But he was almost the perfect boss from a Soviet perspective. He was entirely in line with the Stalin-approach of shouting at people until they agreed to whatever he said and had people sent off to Siberia if they didn’t. He got things done which meant that any rules that may have to be broken were mere suggestions.

So did he cause the accident? Sort of, yes. But the hierarchy above him bears the responsibility. They put a bad boss in charge precisely because he broke rules and shouted at people. So Dyatlov was an important part of the chain that caused the accident but he can’t really be blamed for the consequences when he did what was expected of him. Should we then rehabilitate him in the eyes of the world? Well, I think it’s fair to say that he wasn’t to blame for the accident. But we still have to recognize that his way of running things would be entirely unacceptable selling shoes to random people on the street and the fact that he had any say whatsoever about a nuclear power plant is the root of the problem, not what decisions he made along the way.