6 Nuclear safety

Table of Contents
1 Introduction
2 Electricity in Alberta
3 Options for meeting Alberta’s needs
4 An overview of nuclear power
5 Nuclear fuel management
6 Nuclear safety
7 Nuclear electricity in Alberta
8 Nuclear regulation in Canada
9 Conclusion

6.1 Overview
The issue of public safety inevitably arises in any discussion of nuclear power. Concerns relate to the possible impacts on public health and the environment due to the release of radioactive material from a nuclear power plant. Opinions on nuclear safety tend to be highly polarized between supporters and opponents, making it more difficult to develop an objective, balanced view of the risks and impacts.

This chapter outlines:

• Background for discussing radiation’s impacts on health and the environment, including the comparison of natural and man-made sources.
• An overview of safety goals and approaches related to nuclear power plants.
• How nuclear plant design addresses safety functions.
• An overview of nuclear incidents throughout the history of this technology, their impacts and the lessons learned from them.
• The safety issues associated with low-level waste. (High-level waste management was discussed in chapter 5.)

Nuclear power has been used to generate electricity in North America, Europe and Asia for more than 50 years. During that time, there has only been one incident in which fatalities resulted from exposure to radiation. This was the Chernobyl accident in the former Soviet Union, which was the result of significant design and management deficiencies, as discussed later in this chapter. Otherwise, there have been no fatalities or severe health impacts caused by radiation exposure from a nuclear power plant.

The chapter focuses on safety issues specific to radioactivity. Nuclear power plants, like any thermal generating power plants, must manage safety issues related to high pressures and temperatures. But these hazards are not part of the scope of this discussion.

6.2 Radioactivity
Radioactivity is simply the release of energy from an unstable element. This energy may be released in a number of different forms. The three primary forms are:

• Alpha particles (ionized nuclei of the helium atom).  These particles deliver energy over very short distances and can be easily shielded by such things as a sheet of paper or a garment (cloth or plastic).
• Beta particles (charged electrons). They penetrate further than alpha particles but deliver less intense energy. Beta particles can be shielded against by material such as a sheet of plywood.
• Gamma rays (electromagnetic radiation similar in nature to X-rays). They are significantly more penetrating than alpha and beta particles and can be shielded against by thick concrete walls, slabs of lead or a deep pool of water.

All living objects – human, animal and plant – are continuously exposed to radiation from natural sources and periodically from man-made sources. Natural sources include cosmic radiation that enters the earth’s atmosphere from outer space, radiation from elements found in nature that are of primeval origin, and elements that are part of the food we eat. This radiation exposure is referred to as background radiation.

Other sources of man-made radiation exposure we experience come from dental and medical examinations and medical diagnostic and therapeutic treatments.  These include X-rays, CT scans and treatments. As part of health and dental care, we are periodically subjected to radiation for diagnostic purposes (such as X-rays, CT scans, medical radioisotope diagnostics, etc.) or for therapeutic purposes (such as Cobalt-60 to treat cancer or Iodine-131 to treat a diseased thyroid gland).

The average annual radiation exposure (or radiation dose) that individuals receive worldwide (from both natural and man-made sources) is 2.8 milli-Sieverts(mSv) (The Sievert (Sv) is a unit used to quantify the effective energy transferred to biological tissue and a milli-Sievert (mSv) is one thousandth of a Sievert).. The average exposure of individuals in Canada is approximately 3.4 mSv.  Figure 11 shows the components of the average world-wide radiation dose.  

Most of this exposure – 2.4 mSv on average – comes from natural sources. However, levels of natural radiation vary from location to location around the world, with a typical range of between 1 and 10 mSv, and there are locations where it is extremely high because of natural materials such as radium or pitchblende (which contains uranium). For example, in Ramsar, Iran the peak annual background level from terrestrial sources is 260 mSv, while in Kerala, India it is 35 mSv. At a popular beach in Brazil, the level is approximately 35 mSv. These levels are between 73 and 540 times the average dose to individuals world-wide.  However epidemiological studies have not identified any negative health impacts in these communities.

Background radiation also depends on the state of economic development in the country we live in, and it varies with both our lifestyle and the voluntary choices we make. For example, a return flight across the country will lead to an additional effective dose of 0.08 to 0.1 mSv from cosmic radiation. Obviously, increased radiation exposure is voluntarily accepted by air-crews and by frequent fliers, although many in the latter group are unaware of their increased exposure because there is no perceptible impact on their health. Air crews on the other hand are subject to regulated limits on their exposure that impose a limit on their flying time during a year. Similarly, living at elevations close to sea-level will produce a lower dose of 0.27 mSv/yr from cosmic radiation while living at higher altitudes, such as 1600 m above sea-level gives a dose of 0.5 mSv/yr.

World-wide, the average annual radiation dose to individuals from nuclear power plants is approximately 0.0002 mSv/year. This is approximately 400 to 500 times less than the radiation dose from one transatlantic return air flight. It is also 12,000 times less than the average world-wide annual radiation dose individuals receive from natural background radiation sources.

If nuclear power is compared with coal generation, the maximum dose to an individual living next to a nuclear power plant for one year is approximately 0.02 mSv/yr., whereas the maximum radiation dose to a person living next to a coal plant for one year is approximately 0.2 mSv/yr. The increased dose from the natural radioactivity in coal is 10 times higher than that from living next to a nuclear power plant for the same period of time.

This raises the question of what levels of radiation dose have identifiable impacts on health. The majority of hard data has been accumulated from acute exposures of individuals and groups of individuals – i.e., people who have received relatively large doses over short time intervals. These data have been subject to detailed analysis by many experts and radiological protection organizations, including the International Committee for Radiological Protection (ICRP). Table 5 shows the levels of acute whole-body dose at which specific effects are perceptible in humans.

As the table indicates, the levels of acute dose that cause perceptible changes in human health are hundreds to thousands times larger than the doses people receive from natural sources. They are also orders of magnitude larger than the doses to persons living in the vicinity of nuclear power plants. At the low dose levels associated with natural sources and nuclear power, the effects are considered to be stochastic (random) and are expressed in terms of risks of additional cancers. Based upon various data sources, such as atomic bomb survivors, the ability to unambiguously distinguish increased risk becomes difficult at doses below approximately 200 mSv.  Significant controversy exists regarding health risks at the very low dose levels. Some groups claim a linear projection of risk downward with dose while others claim a beneficial effect for low dosages, based upon anecdotal observations. It is unlikely that this controversy will be resolved in the near future. At best, empirical evidence supports the conclusion that many other risks in daily life are far greater than those associated with low levels of radiation dose.

6.3 Approaches to nuclear safety
A range of approaches ensure nuclear power plants are designed and operated so that the risk to public health and possible deleterious impacts on the environment are both minimized and maintained below legally regulated levels.

Safety principles affect all stages in the life cycle of a nuclear power plant, including design, construction, commissioning, operation, decommissioning and long-term storage of radioactive materials. At all stages, the national nuclear regulator of a country with civilian nuclear facilities is responsible for granting licenses to operate facilities and ensuring that regulatory requirements are being met through ongoing monitoring and assessment of licensee performance. (See chapter 8 for more on nuclear regulation).                            

One important principle is that all activities must be performed in a transparent manner and are subject to external scrutiny. One means of implementing this principle is the 1994 Convention on Nuclear Safety (The Convention on Nuclear Safety was adopted in Vienna on 17 June 1994. The Convention was drawn up during a series of expert level meetings from 1992 to 1994 and was the result of considerable work by Governments, national nuclear safety authorities and the Agency’s Secretariat. Its aim is to legally commit participating States operating land-based nuclear power plants to maintain a high level of safety by setting international benchmarks to which States would subscribe. As of 04 April 2007, there were 65 signatories to the Convention and 60 contracting parties. All countries with operating nuclear power plants are now parties to the Convention)coordinated by the International Atomic Energy Agency (IAEA), which is legally binding on all states that are signatories to the convention. Under this Convention meetings are held every three years for peer review of technical and management aspects of nuclear safety, with the aim of enhancing the level of nuclear safety on a global scale.

6.3.1 Safety goals
Safety goals are both ‘qualitative’ and ‘quantitative.’  A qualitative safety goal involves placing a limit on the societal risks posed by nuclear power plant operation.  For this purpose, the following two qualitative safety goals have been established by the IAEA:

• Individual members of the public shall be provided a level of protection from the consequences of nuclear power plant operation such that there is no significant additional risk to the life and health of individuals; and
• Societal risks to life and health from nuclear power plant operation shall be comparable to or less than the risks of generating electricity by viable competing technologies, and should not be a significant addition to other societal risks.

Quantitative safety goals have the same intent as the qualitative ones, but are more targeted towards specific risks associated with certain situations and activities (Mathematically: Risk = Frequency of occurrence of an event x Consequence of the event).

6.3.2 Defence-in-depth
The defence-in-depth approach to nuclear safety applies to all organizational, behavioural, and design activities that are safety-related. It ensures that overlapping provisions will detect and compensate/ correct accidents or incidents. Defence-in-depth requires that all levels of defence be available while the plant is in operation; some systems may be relaxed when the plant is in non-operational modes.

This five-level scheme was developed by the International Atomic Energy Agency (IAEA).

1. Level 1 prevents deviations from normal operation and prevents failures of systems, structures, and components (SSCs).
2. Level 2 detects and responds to deviations from normal operational states, to prevent SSC failures from escalating to accident conditions and to return the plant to a state of normal operation.
3. Level 3 minimizes the consequences of accidents by providing adequate safety features, fail-safe design, additional equipment, and procedures. This includes safety features capable of leading the plant first to a controlled state and then to a safe shutdown state, and maintaining at least one barrier to prevent the release of radioactive material.
4. Level 4 controls severe plant conditions, prevents accidents from progressing to more severe consequences, and mitigates the consequences of severe accidents to ensure that radioactive releases are kept as low as reasonably achievable.  To achieve this objective the plant design must provide adequate protection of the containment barrier. This protection may be achieved by a robust containment design, by provisions to remove heat from containment and by procedures to prevent accident progression and facilitate accident management.
5. Level 5 will mitigate consequences of potential releases of radioactive materials that may result from accident conditions. This requires providing an adequately equipped emergency support centre, and plans for on-site and off-site emergency response capability.

6.4 Safety in nuclear power plant design
The primary focus of design is assuring that the plant has good safety features incorporated in various systems to either prevent or mitigate accidents for safe operation over the life of the facility. One very important factor is to constantly learn from the past and make changes in either design or operational procedures that improve safety.

Three basic safety functions are incorporated into nuclear power plants to either prevent or mitigate radioactive fission products being released during upset or accident events. These functions are Control, Cool and Contain, often referred to as the 3 Cs. They provide the underlying technical principles for assuring nuclear safety in design and operation of a nuclear plant.

The 3 Cs maintain the integrity of inherent physical barriers incorporated into nuclear power plants that prevent or limit the release of radioactivity. The physical barriers in commercial nuclear power plants consist of:

1. A ceramic uranium dioxide fuel pellet which retains the majority of radioactive elements created from fission within the grains of the ceramic material. The fission products trapped in the fuel can be released only if the ceramic material overheats significantly for extended periods of time.
2. A metal cladding that surrounds the ceramic fuel pellets and is welded closed to form a leak-tight container for any radioactivity released from the fuel pellets. Again radioactivity can be released only if this barrier fails.
3. The piping system around the metal-clad fuel, through which a coolant flows to remove heat from the nuclear fuel. This piping acts as a barrier limiting the release of radioactivity into the reactor containment.
4. The reactor containment, which is a large, strong concrete structure (steel-lined in modern plants).  This prevents release of radioactivity outside of the plant should the other three physical barriers fail.

6.4.1 Control
The primary design objective of the control safety function is to ensure that the first two barriers to radioactivity release – the fuel ceramic pellet and the metal cladding – do not fail.

In a nuclear reactor, the rate of energy production (power) is governed by the balance between how quickly neutrons are being produced and how quickly they are being absorbed by non-fissioning material.  This balance is controlled by adjusting the amount of neutron-absorbing material in the reactor, in the form of rods of neutron-absorbing material inserted into the core. Changes in the number of neutrons produced in the reactor occur relatively slowly, making control of the reactor power a relatively easy function.

Should the balance between production and removal of neutrons become greater than desired, separate ‘reactor shutdown systems’ act independently of the power control systems. They are designed to rapidly reduce the reactor power to very low power levels.  Equally importantly, the safety shutdown systems are designed to be ‘fail-safe.’ For example, if the electrical power supply should fail, gravity automatically causes the neutron-absorbing rods to drop into the reactor, thereby shutting it down.

Nuclear power plants cannot explode like an atomic bomb. This is a direct consequence of the manner in which fissile material is arranged in a nuclear reactor and the physics of fission chain reactions. It is physically impossible to generate the extremely rapid large fission chain reaction characteristic of a nuclear explosion without the reaction being terminated by inherent physical changes within the reactor.

6.4.2 Cool

Heat generated by fission is constantly transported away by a coolant fluid. After a nuclear reactor is shut down, energy continues to be produced at a low level (typically at a few percent of full power or less, depending upon the time since reactor shutdown). This residual ‘decay heat’ must be removed from the fuel by a coolant and transported to a heat sink (such as a steam generator or some other heat exchanger).

The cooling safety function includes systems designed for normal operation at either high or low power and also systems designed to provide reliable alternate means of removing heat from the reactor.  One such safety system is the Emergency Core Cooling System, which provides an independent highly reliable supply of coolant to the reactor should an event like a rupture in piping cause a loss of normal coolant.

6.4.3 Contain
With very few exceptions, all commercial nuclear power plants in the world incorporate a containment structure as part of the design. Certainly all power reactors in North and South America, Europe and Asia have containments.

Containment is typically a large reinforced concrete structure surrounding the reactor which is designed to accommodate the discharge of steam from a ruptured pipe and limit the release of radioactive material outside the plant to safe levels. (These safe levels are prescribed by regulatory limits on the maximum permissible radiation dose to individuals living in the vicinity of the nuclear power plant. See Chapter 8 for information on regulating the nuclear industry.) Many new designs have a steel lining inside the concrete structure, while other designs have double-walled concrete structures.

6.4.4 External events
Nuclear power plants are designed not only to provide high levels of safety from events and accidents that occur within the plant itself, but also to ensure safe operation following challenges from external events.  

An external event could be some natural phenomenon with the potential to cause damage, such as tornados, hurricanes, earthquakes and flooding, or some deliberate hostile act committed by persons or groups from outside the plant. These latter events, which have become of increased importance since the September 11, 2001 attacks in the U.S., are generally termed security events. Specific measures have been taken world-wide to address these security threats.  For obvious national security reasons the nature of specific measures are not publicly available; however, as a result of them, nuclear power plants are not attractive targets for hostile actions.

Nuclear power plants are designed to be very robust against naturally occurring external events. This is achieved by a variety of means, such as the physical separation of important groups of safety functions to prevent simultaneous damage. Another example is designing special supports for systems so that they can withstand seismic events (i.e. earthquakes). Historical evidence from events such as hurricanes in the Gulf of Mexico, tornados in the Midwestern USA and Bruce County in Ontario, and earthquakes in Japan and other parts of the world have demonstrated the robustness of nuclear power plants.

6.5 Lessons from Past Nuclear Accidents
Over the past 56 years, a number of accidents have occurred in nuclear reactors, some of which have resulted in some off-site release of radioactive material.  Several of these accidents involved research or non-commercial reactors during the early stage of nuclear power development and provided important lessons that contributed to increased safety in the later reactor designs.  The more important accidents are discussed briefly below and the important lessons learned are identified.

6.5.1 NRX, Chalk River Ontario
In 1952 an accident involving an uncontrolled power increase occurred in the National Research Experimental reactor (NRX) at Chalk River, Ontario.  The reactor core was badly damaged and had to be removed in a clean-up activity that is best known for the involvement of future U.S. president Jimmy Carter, who was a nuclear engineer in the U.S. navy at the time. The core was replaced and the reactor was subsequently restarted.   No off-site radioactivity release occurred.

An investigation of the accident (Lewis, 1954) concluded that lack of separation between the control and shutdown functions was a major contributor to the accident. This led to the requirement in Canada that these two functions be totally separate and that shutdown be provided by an independent fast-acting system.  Subsequently, in CANDU reactor designs that followed the Pickering A design, this requirement was extended by requiring that two totally independent, equally capable fast-acting shutdown systems be provided.

6.5.2 SL-1 Accident, Idaho, USA
The Stationary Low Power Reactor Number One (commonly referred to as SL-1) was a small military test reactor. In 1961 during a maintenance outage technicians were manually moving control rods when they inadvertently withdrew a rod more than they should have. This caused a rapid power excursion, melting of some of the fuel and a resultant energetic interaction between the molten fuel and the water coolant. The control rods were also ejected from the vessel and three operators were killed. Although there was no containment or confinement structure around the reactor other than an industrial-grade metal shed, the off-site radiological consequences were minor.

Although SL-1 was a military test reactor with little resemblance to commercial nuclear power reactors a number of lessons were learned from the accident.  First, the importance was recognized of designing control rods such that removal of individual rods can only induce relatively small slow power increases.

Second, small reactors where manual rod movement is allowed must provide automatic safety shutdown as a backup. Third, the presence of water in a reactor limits the release of the radiologically significant isotope Iodine-131, which dissolves in water.

6.5.3 Three Mile Island Unit 2, Pennsylvania, USA
This accident in 1979 occurred a few months after the start up of the second Pressurized Water Reactor unit at the Three Mile Island nuclear power station (TMI-2). The accident involved a major loss of cooling function for a sustained period of time. It was the first major accident in a commercial nuclear power plant.  To this day it remains one of the most notorious nuclear accidents because of the media attention that occurred during the accident. Despite the fact that a significant portion of the core melted, the off-site consequences were insignificant and the maximum off-site dose to any member of the public was very much below levels that could cause health effects. The major consequence was a significant economic impact on the plant owner from the loss of the unit.

A number of major lessons were learned from the TMI-2 accident including:

• the importance of containment in limiting the release of radioactive material;
• the need for timely communication about operating experiences throughout the industry, to evaluate possible implications of events and ensure similar events do not lead to accidents;
• the need for systematic operator training including the use of full-scale simulators, similar to those employed in the air transportation industry;
• the need for emergency response organizations and clear communication during abnormal events and accidents; and
• the need to better understand accidents which cause severe damage to reactor cores with the related development of Severe Accident Management Guidelines to assist operators in mitigating such events.

One important outcome was the establishment of the Institute for Nuclear Power Operations (INPO), an organization whose role is to coordinate and promote safe operation and practices, improve information sharing, and provide for industry benchmarking among North American utilities.

6.5.4 Chernobyl Unit 4, Ukraine
On April 26, 1986 the worst commercial nuclear power reactor accident in history occurred in the Fourth Unit of the Chernobyl Nuclear Power Station in Ukraine, which at that time was part of the Soviet Union. A large uncontrolled power increase occurred in the reactor during a safety system test. This destroyed the reactor and a large quantity of radioactive material was ejected to the environment during the initial stage of the accident. For the next five days the graphite moderator in the reactor core continued to burn, resulting in an ongoing release of radioactivity to the environment.  The main contributor to the accident’s severity was the lack of fast-acting shutdown systems, while the main contributor to the large release was the lack of any containment structure around the reactor. Other factors involved included poor safety culture, poor design and  poor communication between designers and operators.

In responding to the accident a large number of station operating staff and firefighters were exposed to very high doses of radiation and over a period of a number of months 28 of these individuals died from the effects of radiation exposure. The population in the nearby town of Pripyat was evacuated and permanently relocated. The radiation plume spread around Europe causing great concern. Subsequently the reactor was encased in a concrete vault where it remains awaiting final cleanup and decommissioning.

A large epidemiological study was initiated and continues to this day with reports at ten-year intervals following the accident. These studies are conducted by the Chernobyl Forum (The members of the Chernobyl Forum include the International Atomic Energy Agency (IAEA),World Health Organization (WHO), United Nations Development Programme (UNDP), Food and Agricultural Organization (FAO), United Nations Environment Programme (UNEP),United Nations Office for the Coordination of Humanitarian Affairs (UN-OCHA), and United Nations Scientific Committee on the Effects of Atomic Radiation (UNSCEAR)), led by the International Atomic Energy Agency and the World Health Organization and involve many other agencies of the United Nations.

One conclusion of the Chernobyl Forum studies is that the consequences of the Chernobyl accident are often overstated.(The Chernobyl Forum, “Chernobyl’s Legacy: Health, Environmental and Socio-Economic Impacts”, International Atomic Energy Agency (IAEA), April 2006).  They estimate that the total number of individuals that could eventually die from radiation exposure from this accident to be about 4000 out of an exposed population of 600,000. The detailed studies have identified a total of  56 persons in this exposed population whose deaths in the past twenty years following the accident can be attributed to the effects of radiation released from the accident.   This number includes 28 individuals who died within four months in 1986 as a result of high exposures received in responding to the event, 19 subsequent deaths between 1986 and 2004 of persons involved in responding to the consequences of the accident and 9 individuals who died of thyroid cancer.

National responses to the Chernobyl accident varied substantially between the different countries in the region.  Poland, for example, immediately instituted emergency protection measures to distribute potassium iodide (KI) tablets to the population. This compound protects the thyroid gland of individuals exposed to Iodine-131, a radioisotope with a half-life of 12 days, and is particularly important for young children who are vulnerable to the exposure. In Belarus, Russia and Ukraine (which were part of the Soviet Union at the time), no similar early widespread protective actions were taken outside of the areas close to the reactor, such as the city of Pripyat. As a result, about 4000 individuals in these three countries who were children at the time of the accident have since developed thyroid cancer. Fortunately, since the form of thyroid cancer is very treatable, only 9 of these individuals have died and the survivors have favorable prognosis. Had potassium iodide tablets been more widely distributed these thyroid cancers most likely could have been avoided.

The background radiation levels at this time in the areas around Chernobyl, including Pripyat, are approximately two times the natural background radiation level that existed in the area prior to the accident.  

As a result of the intense international focus on nuclear safety following the Chernobyl accident the World Association of Nuclear Operators (WANO) was formed, with headquarters in London, UK. This organization provides similar functions to INPO for cooperatively promoting safe operations and information exchange amongst nuclear operators world-wide.

6.6 Managing low-level waste
The safe disposal of waste nuclear fuel is discussed in chapter 5. However, there are other kinds of waste products that must be handled safely:

• Low-level waste includes minimally radioactive materials from normal operation, such as used protective clothing and cleaning materials (mops, paper towels).
• Intermediate-level waste includes activated components that have been replaced during routine maintenance, and resins and filters and materials left after a plant has been decommissioned.

Low-level waste, which represents approximately 95% of the total non-fuel waste volume, is handled through volume reduction processes including either incineration or compaction. The reduced volume is then stored on-site in above-ground concrete structures.  Intermediate level waste is more radioactive than low level waste and not subject to volume reduction processes. However, it makes up a much smaller volume. Intermediate-level waste is stored in steel-lined concrete containers set into the ground.

In Ontario, storage of low- and intermediate-level waste is centralized at Ontario Power Generation’s Western Waste Management Facility (WWMF) located at the Bruce Nuclear Power Development site. In 2002, the Municipality of Kincardine approached Ontario Power Generation, requesting that the company consider a long-term storage facility for low and intermediate waste. Following a study, the Municipality endorsed an option to develop a Deep Geological Repository which is undergoing environmental assessment and licensing processes. Separate vaults for low level and intermediate waste storage will be constructed at depths around 660 m below the surface.

Chapter 7>