Charles Perrow on the Fukushima Reactors

This is an extended review of the background and situation at the nuclear plants in Japan by an expert on the sociology of risk, Charles Perrow, now retired from Yale and spending (at least) a year at Stanford.  It was shared on the Envirosoc listserv and Perrow approved its publication here.  If you are interested in Perrow's work, The Next Catastrophe (referred to below) is a good place to start, as is Normal Accidents: Living with High Risk Technologies (1984; revised 1999, Princeton University Press)

As I noted in a recent book, The Next Catastrophe (Princeton, 2011), we continue to populate our planet with systems that have catastrophic potential. We have vulnerable concentrations of populations, economic power, and hazardous materials. The most fearful concentrations of hazardous materials are in nuclear power plants.

         We have yet to face up to the enormous risks of nuclear power plants.  Japan is the current case in point. Known risks were run regarding earthquakes, plant layout, and engineering design, all assuming that the “worst case” event would be a rare outlier.  I will take each in turn. 

An island without other energy sources, Japan has sprinkled its coastline with nuclear power plants. Earthquakes occur in areas where no geological faults are known, such as a 7.3 earthquake in 2000, in Japan.  But the area of northeast Honshu, where the Fukushima and the Onagawa nuclear power facilities are a few miles apart, is known for its seismic activity.   Called the Japan Trench Subduction Zone, it has hosted nine events of magnitude 7 or greater since 1973, according the US Geological Survey. []  There was a 5.8 earthquake in 1993, 30 km from the Onagawa facility; a 7.1 in 2003 affecting the Onagawa facility; a 7.2 earthquake in 2005 that shutdown three Onagawa reactors; and a 6.2 earthquake  offshore of the  Fukushima facility just last year, close calls all.  Even relatively small earthquakes can be devastating for the plants; a 6.8 one in 2007 on the west coast cost the Tokyo Electric Power Company $5.62 billion.  [ ] The March 11 earthquake, a 9 on the Richter scale, was special; the USGS labeled it an “infrequent catastrophe” for the area. It was the first one to cause a tsunami that seriously flooded a nuclear power plant.  But a proper risk analysis will consider infrequent events, and tsunamis are hardly rare in the Pacific Ocean. Four of the five “megaquakes” (over 8.5)  in the twenty-first century have had them, and geologists predict increased probability for a major earthquake in the future. 

Tsunamis should be taken into account in plant design.  A Regulatory Guide issued in 2006 and updated in January of this year, put out by the equivalent of the Nuclear Regulatory Commission in the U.S., the Nuclear Safety Commission, recognized the tsunami danger but reassuringly concluded: “Even for a nuclear plant situated very close to sea level, the robust sealed containment structure around the reactor itself would prevent any damage to the nuclear part from a tsunami, though other parts of the plant might be damaged. No radiological hazard would be likely.”

However the “robust sealed containment structure” has failed in two or three of the plants, and the seawall defense against a tsunami was totally inadequate; designed to halt a 10 foot wave, it received a 30 foot wave and water poured into the plant.  The Richter earthquake scale is logarithmic.  The plants were designed to withstand a maximum 8.2 earthquake, the 9 was 15 times higher than the design limit.  But it was not inconceivable that one could have occurred.

The reactors in the six plants at the Fukushima Daiichi facility did remarkably well handling an enormous earthquake a few miles offshore, in that we did not have three meltdowns in the operating plants and fissioning spent pool rods from all six.  Perhaps one or two of the reactor containment vessel were cracked, which can lead to serious radiological releases, but that is far less than a core meltdown accompanying a seriously damaged vessel.

But the plants themselves had a serious design failure; the emergency power source, diesel generators, needed if offsite power failed, were reportedly in the basement where it can be flooded, though their location has not been confirmed.  There is no surprise flooding here, no “whoever would have thought that…”  Most of the area subject to earthquakes is ocean; earthquakes in the ocean can be expected to cause tsunamis.  Tsunamis will flood buildings on the shore. Diesel generators, needed for backup power, are unreliable at best, as we know from U.S. plants.  They should not be in areas subject to flooding and should be accessible in an emergency.  Even if they have to be in the basement, they could have flood protection there in case the first line of defense, the floodwall, is breached.  It would not be expensive.

The flooding of the basement also disabled another essential safety device, the wiring for the electrical power supply.  This has made it very difficult to restore offsite power once the long transmission line was installed, adding to the importance of having diesel generators above water.  Ease of transporting fuel rods to a spent pool in the Boiling Water Design led to having the spent reactor pool storage on the fourth floor of the reactor building.  But this makes them unapproachable because of radiation levels, and leaves them without independent power sources to keep the rods chilled. (The pools contain more lethal potential than the uranium in the core.)  This is design vulnerability.

The BWR reactor design, a Mark 1, had an even more serious flaw, the subject of much controversy and serious warnings when it was first developed in the 1960s by G.E. – it lacked robust containment.  In contrast to the pressurized water reactor (PWR) the BWR was cheaper and easier to build because of a thinner and smaller containment shell over the reactor vessel. (This is disputed by the  designer, G.E. at

The “last line of defense” in the case of an accident, the BWR containment vessel, was promptly considered inferior to the PWR design by some experts. (It is used in 23 U.S. plants.) The chairman of what was to be the U.S. Nuclear Regulatory Commission agreed it was more dangerous, but said that if it was not allowed it “could well be the end of nuclear power” since it was already being widely accepted.  Tom Zeller, in a New York Times piece refers tointernal “company documents dating back to 1975 that suggested the containment vessel designs were either insufficiently tested or had flaws that could compromise safety.”

A construction, rather than a design flaw, was acknowledged by an engineer who falsified documents when casting one vessel for the Fukushima complex, and received a large bonus for saving the company the expense of making a new one.  The vessel sits in reactor #4 at Fukushima.  In 2006 a nuclear expert resigned from a Japanese nuclear power advisory committee over the issue of lax design standards for earthquakes and tsunamis.

 Installing vents in the containment building has moderated the hydrogen explosion risk, but apparently the vents stuck closed in unit 2 at Fukushima.

G.E denies the containment risk., pointing to 40 years of successful operation of the Mark 1 in 32 Japanese installations.  With similar risk analysis logic the Tokyo Electric Power Company can point to 40 years of operation without a direct tsunami hit on any of its many plants.  But as my colleague John Downer points out, the database is so small for nuclear plants as to be statistically meaningless.  The levels of reliability required for a complexly interactive and tightly coupled nuclear power plant is hugely greater than that required for, say, an automobile plant.  The number of reactors in operation in the world is very small, and there are many different designs and configurations.  Equally statistically meaningless is the trivial experience with tsunamis hitting nuclear plants.  If there is a potential for catastrophic failure, placing risky systems such as nuclear plants in risky settings such as storm-washed coasts is doubly unforgivable.

This mindset has continued even after the explosions.  On March 12 the American Nuclear Society noted the dire events, but continuing the tradition of risk analysis in the industry reassured us: In an event like this, “containing the radioactive materials could actually be considered a ‘success’ given the scale of this natural disaster that had not been considered in the original design. The nuclear power industry will learn from this event, and redesign our facilities as needed to make them safer in the future.”

Will the industry learn anything from this event, especially anything that might require expenses that reduce profits in either Japan or the U.S. ? 

Japan and the US have weak central governments, so regulating hazardous activities has always been difficult.  In the U.S. the first body to regulate the nuclear industry, the Atomic Energy Commission, was also responsible for promoting it, an obvious conflict of interests that was resolved with the formation of the Nuclear Regulatory Commission. But the NRC was soon compromised as it drew it commissioners from those well connected to the nuclear industry and became a stepping-stone for lucrative positions in the industry when leaving the Commission.  The NRC has a history of blackballing whistleblowers and in one egregious case secured a fine and jail sentence for the person most responsible for preventing a meltdown at the Davis-Besse nuclear plant.  We should not expect more vigorous regulation from the Japanese equivalent, the Nuclear and Industrial Safety Agency; both promotion and safety still reside there.  (This is the case with India also, which has a poor safety record.) Japan has a long history wherein operating utilities falsify data and hide accidents. Tepco, the leading utility, saw ritual resignations by the utility’s chairman in 2002 and its president in 2007 after scandals.

Warnings of unsafe practices in Japan were sounded by international agencies and by the U.S. NRC in 1990 .  A representative in the Japanese national parliament, concerned that the six reactors at the Fukushima Daiichi utility were required to withstand only a 5.7-meter tsunami, discussed his concerns at least 20 times with Tepco in 2003 and sent the president of Japan a warning.  A seismology professor at Kobe University resigned in protest from a nuclear safety board in 2006 because of lack of attention to earthquake and tsunami risks.  After the Fukushima Daiichi disaster he observed that “Nuclear power is national policy and there’s a real reluctance to scrutinize it.”  An engineer reported to the government that he had been ordered to cover up a flaw in a steel pressure vessel, but the government refused to investigate.  The flawed vessel sits in reactor #4 at Fukushima Daiichi. 


One feature of the nuclear industry is that it has become highly centralized, giving it more political clout in all countries.  Westinghouse was bought by Toshiba; the French company Areva dominates in Europe and is now in joint projects in the U.S., Exelon and Entergy run most of the plants in the U.S.; in Japan Tepco accounts for 30 percent of the generating capacity and is the fourth largest utility in the world. Vast amounts of capital, and potential profits, are pooled in the nuclear plants.  They supply a third of Japan’s electric power and a fifth of the U.S. market; this gives them power over their governments. 

But perhaps the most threatening form of concentration in this most dangerous industry is at the facility level.  One of Tepco’s facilities has 7 plants on one site; Fukushima Daiichi has 6 and plans to build two more there.  This makes them obvious targets for a “common mode” failure such as loss of off site power and flooding of sources of emergency power.  Even if only one plant had an accident the radiation levels might be too high to safely monitor the other 7 after automatic shut down.  Had the facilities been required to disperse their plants, at some small economic penalty, earthquake and tsunami risks would be greatly reduced.

The industry necessarily has a longer time perspective than most— after years of permissions and planning it may take10 years to build a facility that will have a life span of 40 to 60 years.  One would think that this time span would broaden their vision enough to embrace all the accident potentials and guard against them: operator error or sloppy work, faulty designs, tsunamis, hurricanes, terrorist attacks, or the rare “normal accident” where, even if everyone plays safe and tries hard, small failures interact in totally unexpected ways to defeat all safety devices, as happened at TMI.  Since they are loaded with the most toxic substances we have, a wide embrace of all imaginable risks should occur.  But the interests of shareholders, at least in the U.S., are very short term.  Legally obedient to them, managers must maximize short-term profits, and this means riskier designs and operating short cuts, and lobbying to prevent expensive regulatory rules.  In the U.S. political lobbying and congressional campaign contributions has insured weak and delayed regulation by the NRC. The Japanese regulatory regime is at least as weak. 

It is true that the plants’ performance exceeded design standards in three respects: they kept running without off-site power longer than required; they survived a wave that may have been three times as high as they were expected to confront; and survived an earthquake much larger than their design anticipated.  But, in this “success” that is claimed by the industry and academic nuclear experts alike, we still have radiation levels that, if not catastrophic, will be devastatingly high. In our disasters is our salvation.