| Case Name |
Three Mile Island Nuclear Accident |
| Pictograph |
|
| Date |
March 28, 1979 |
| Place |
Pennsylvania, USA |
| Location |
Three Mile Island |
| Overview |
An accident occurred at Three Mile Island site, Unit 2 nuclear power plant 10 miles (16 km) southeast of Harrisburg, Pennsylvania (See Figure 1). Failure of the cooling system of the Unit 2 nuclear reactor led to overheating and partial melting of the pressurized-water reactor's uranium core and release of radioactive gas and contaminated water. The accident had a number of primary causes, related both to technical malfunction in the condensation system and human error. Three days after the accident, the official issued an advisory to evacuate pregnant women and preschool children living within a 5-mile radius of Three Mile Island, raising fears an explosion and dispersal of radioactivity among residences. The accident increased public concern over the dangers of nuclear power and slowed construction of other reactors in the US. |
| Incident |
An accident occurred at Three Mile Island site of a nuclear power plant 10 miles (16 km) southeast of Harrisburg, Pennsylvania. Failure of the cooling system of the Unit 2 nuclear reactor led to overheating and partial melting of the pressurized-water reactor's uranium core and release of radioactive gas and contaminated water. Three days after the accident, the official issued an advisory to evacuate pregnant women and preschool children in a 5-mile radius of Three Mile Island, raising fears of an explosion and dispersal of radioactivity among residences. |
| Sequence |
(1) The Three Mile Island Generating Station had two pressurized water reactors. Unit 2 was rated at 959 MWe. The accident in the Unit 2 reactor began when the plant's main feedwater pumps in the secondary non-nuclear cooling system failed (4 in Figure 2). In response to the failure, the auxiliary feedwater pumps kicked in, however, the water did not reach the steam generator because the outlet valves were closed (5 in Figure 2). The valve was discovered closed about eight minutes into the accident. Responding to the increase in temperature and pressure in the primary system, the pressurizer relief valve automatically opened in the line between the pressurizer and the quench tank (7 in Figure 2). After the nuclear reactor automatically shut down (8 in Figure 2), pressure in the reactor dropped. The valve, which was supposed to close after the pressure dropped below the set-point for closure, failed to re-close (11 in Figure 2). The valve was left open for 2 hours and 20 minutes, leaking 80 ton of primary coolant water from the quench tank. At this point, over 100 warnings tripped in the control room causing a big panic.
(2) Pressure drop in the reactor caused the Emergency Core Cooling System (ECCS) to pour water into the reactor system at 4ton/min (13 in Figure 3). As water and steam escaped through the relief valves, coolant water surged into the pressurizer, raising the water level in it. Unaware of the stuck valve and the false indicator readings, operators manually turned off the ECCS (15 in Figure 3). Temperature rose, steam then formed in the reactor primary cooling system (22 in Figure 3). The pumping of the mixture of steam and water caused the reactor cooling pumps to vibrate, and the operators shut down the pumps to stop severe vibrations (24 in Figure 3). As the reactor cooling water boiled away, the top of the reactor core was exposed (26 in Figure 3).
(3) Coolant water stopped flowing into the pressurizer, the temperature in the primary system reached 2,000 degrees Celsius, and approximately 45% of the reactor core melted down (32 in Figure 4). The coated tubing and water reacted to generate hydrogen gas, and ten hours later, a hydrogen explosion occurred. Water from the pressure relief valves overfilled the quench tank (18 in Figure 4) and flooded the containment vessel floor. The floor pump sent the radioactive coolant to the auxiliary building ventilation system (20 in Figure 4) where the radioactivity escaped to the outside. Eventually, cooling water was added and the reactor (33 in Figure 4) which then started to cool with natural circulation, however, hydrogen gas and radioactive gas kept generating and approximately 10 million curies of radioactive gas were released into the atmosphere by the event. |
| Cause |
(1) Inadequate failure information system
Problems with the failure information system in the control room caused inadequate emergency response by the operators. A warning sign blocked the view of a LED indicating that the auxiliary feedwater valve was closed, and moreover, a green LED was lit when the valve was closed. The instruments in the control room did not have consistent LED color - some LEDs were green and some were red under abnormal conditions.
The instruments only showed that a CLOSE signal was sent to the relief valve without indicating the valve's actual position. The LED instruments were not designed to warn malfunctions, and the operators did not know that the relief valve was stuck open.
Operators generally try to prevent filling up the pressurizer because them they will then not be able to control pressure in the pressurizer filled with water. Note that the pressurizer water level rises with high-pressure injection pumps pushing replacement water into the reactor system and cooling water surging into the pressurizer while water and steam escape through the open relief valves. Gas generation from the heated reactor core also lifts the pressurizer water level as well. The operators mistakenly judged that the pressurizer water level was rising under these situations. The water level indicator did not show the actual amount of water in the pressurizer.
The control panel had more than 1,200 LEDs and over 100 alarms went off during the emergency.
(2) Lack of reliability assurance
The malfunctioned pressurizer relief valve had repeated troubles earlier and was unreliable. Despite of the obvious issue, the plant instructed the operators to "fool" the system without replacing the valves with reliable ones.
(3) Inadequate training of operators
The operators of the Three Mile Island Nuclear Power Plant were not employees of the utilities firm. The utilities firm had contracted out the plant operations, however, the contract operators lacked proper knowledge about nuclear reactors and thermal phenomena. They had hardly been trained for accident situation.
(4) Unexpected event not in the safety design standards
Safety devices of nuclear plants are designed to handle certain nuclear accidents. The chain of events in the Three Mile Island Nuclear accident was far out of the range of assumed failures and no one had thought about how to handle such cases. |
| Response |
The above sections describe actions taken by the operators. Because of confused communication among people uninformed about the plant's status, officials concluded that the accident released hazardous amount of radiation and issued an advisory to evacuate pregnant women and preschool children within a 5-mile radius of Three Mile Island. Approximately 140,000 people evacuated the area in panic. |
| Countermeasures |
Many agencies and officials investigated the Three Mile Island Nuclear accident. The U.S. President ordered a full investigation of the incident, and the Accident Investigation Board reported inadequate training of operators.
Nuclear Safety Commission of Japan submitted the first, the second and the third reports on the incident. The reports provided 52 safety measures including safety standards, safety study, safety design, operating control, disaster prevention and safety research. The local government reviewed its nuclear disaster prevention plan. |
| Knowledge Comment |
(1) Most of the time, an accident starts from a malfunction and gets aggravated with human misunderstandings and other problems further complicating the event..
It is important to install highly reliable equipment and maintain a backup system so that it functions properly when needed.
(2) It is essential to design safety devices that has easy-to-read indicators accommodating human cognitive constraints. It is also essential to develop safety systems for preventing inadvertent control inputs and erroneous operations.
(3) Outsourcing can involve risks to the operations. It is necessary to prevent outsourcing from degrading operation efficiency and reliability. |
| Background |
The energy sources in the world at the time had shared of 70% oil, 20% coal, and a little less than 10% hydroelectric; oil by far supplied most of the electricity to the world. At the time, OPEC turned its oil pricing policy and the infrastructure of oil supply was vulnerable. Nuclear power then was the star alternate energy source.
Commercial nuclear power generation involves containing and controlling the fission reactions so that the heat can be used to make steam, which in turn drives a turbine and generates electricity. Basically the heat source, which is oil or coal for thermal power stations, was replaced with fission.
Three Mile Island Nuclear Generating Station consists of two pressurized light water reactors, each with its own containment building and cooling towers. The Unit 2 reactor, which suffered a partial meltdown, had 959MWe total capacity. It was constructed by Babcock and Wilson, and its operations were run by Metropolitan Edison Company. There were number of malfunctions reported since its test operation in March 1977 and during the commercial operation until January 1979: 9 malfunctions in the feedwater system, stuck-open main steam relief valve, 9 activation of ECCS (1 manual activation). In particular in March 1978, a station blackout occurred during low-power operation, and the pressurizer relief valves opened by accident. ECCS (high-pressure injection system) was activated automatically, but it was unable to control the reactor pressure and the pressurizer water level because of the station blackout. When the power came back on, the operators responded to the emergency situation appropriately, but not immediately because the control room was not equipped with open/close indicator of the pressurizer relief valve and it took time for the operators to understand the circumstances.
Prior to this accident, similar accidents were reported at a Swiss power station in August 1974, at Oconee Nuclear Station in the US in June 1975 and at Davis-Besse Nuclear Power Station in the US in September 1977, and their reports including analysis and evaluation on the events were available. The utilities firm should have studied these accident reports closely and have taken preventive measures.
Public confidence in nuclear energy declined sharply following the Three Mile Island accident. It was a major cause of the decline in nuclear construction through the 1980s and 1990s. |
| Scenario |
| Primary Scenario
|
Regular Movement, Wrong Movement, Non-Regular Operation, Emergency Operation, Carelessness, Insufficient Precaution, Planning and Design, Poor Planning, Bad Event, Thermo-Fluid Event, Bad Event, Thermo-Fluid Event
|
|
| Sources |
Yotaro Hatamura (Editor), Jissai-no Sekkei (Practical Design) Research Foundation (1996) Zoku-Zoku Jissai-no Sekkei (Practical Design III), The Nikkan Kogyo Shimbun, LTD.
Genshiryoku Hyakka Jiten (Nuclear Energy Encyclopedia), http://mext-atm.jst.go.jp/atomica/02070401_1.html
Kunio Yanagida (1986) Kyoofu-no Ni-jikan Juuhappun (2 Hours 18 Minutes in Terror), Bungeishunju, LTD.
"US Nuclear Power Plant Accident Analysis Report III", Nuclear Safety Bureau Monthly Report, June 1981, 34, Nuclear Safety Bureau of Science and Technology Agency of Japan.
|
| Multimedia Files |
Figure1.Location of Three Mile Island Generating Station [4]
|
|
Figure2.Three Mile Island Nuclear Accident: Sequence of Events 1 [1]
|
|
Figure3.Three Mile Island Nuclear Accident: Sequence of Events 2 [1]
|
|
Figure4.Three Mile Island Nuclear Accident: Sequence of Events 3 [1]
|
| Field |
Mechanical Engineering
|
| Author |
NAKAO, Masayuki (Institute of Engineering Innovation, School of Engineering, The University of Tokyo)
|
|
