The Chernobyl disaster was a catastrophic nuclear accident. It occurred on 25-26 April 1986 in the No.4 light water graphite moderated reactor at the Chernobyl Nuclear Power Plant near the now abandoned town of Pripyat, in northern Ukrainian Soviet Socialist Republic, Soviet Union, approximately 104 km north of Kiev.
The event occurred during a late-night safety test which simulated a station blackout power-failure, in the course of which safety systems were intentionally turned off. A combination of inherent reactor design flaws and the reactor operators arranging the core in a manner contrary to checklist for the test, eventually resulted in uncontrolled reaction conditions. Water flashed into steam generating a destructive steam explosion and a subsequent open-air graphite fire. These lofted plumes of fission products into the atmosphere. The radioactive material precipitated onto parts of the western USSR and other European countries.
In steady state operation, a significant fraction of the power from a nuclear reactor is derived not from fission but from the decay heat of its accumulated fission products. This heat continues for some time after the chain reaction stopped and active cooling may be required to prevent core damage. RBMK reactors like those at Chernobyl use water as a coolant. Since cooling pumps require electricity to cool a reactor after a SCRAM, in the event of a power grid failure, Chernobyl’s reactors had three backup diesel generators, these could startup in 15 seconds, but took 60-75 seconds to attain full speed and reach the output required to run one main pump. To solve this one minute gap analysis indicated that residual momentum and steam pressure might be sufficient to run the coolant pumps for 45 seconds. This capability still needed to be confirmed experimentally and all the 3 previous tests had been ended unsuccessfully. The test was scheduled during maintenance shutdown of Reactor Four. The test focused on the switching sequences of the electrical supplies for the reactor. The test procedure was expected to begin with an automatic emergency shutdown. No detrimental effect on the safety of the reactor was anticipated, so the test program was not formally coordinated with either the chief designer of the reactor or the scientific manager. Instead, it was approved only by the director of the plant.
According to the test parameters, the thermal output of the reactor should have been no lower than 700 MW at the start of the experiment. If test conditions had been as planned, the procedure would almost certainly have been carried out safely. The eventual disaster resulted from attempts to boost the reactor output once the experiment had been started which was inconsistent with approved procedure. The Chernobyl power plant had been in operation for two years without the capability to ride through the first 60-75 seconds of a total loss of electric power and thus lacked an important safety feature.
According to the INSAG-7 report, the chief reasons for the accident lie in the peculiarities of physics and in the construction of the reactor. They are:
The reactor had a dangerously large positive void coefficient of reactivity. Most of the other reactor designs have a negative coefficient. The nuclear reaction rate slows when steam bubbles form in the coolant, since as the vapor phase in the reactor increases, fewer neutrons are slowed down. Faster neutrons are likely to split uranium atoms, so the reactor produces less power.
Chernobyl’s RMBK reactor used solid graphite to absorb neutrons. Thus neutrons are slowed down even if steam bubbles form in water, because, steam absorbs neutrons much less readily than water, increasing the intensity of vaporization means that more neutrons are able to split uranium atoms, increasing the reactor’s power output. This makes the RBMK design very unstable at low power levels and prone to suddenly increasing energy production to a dangerous level. This behavior is counter-intuitive and this property of the reactor was unknown to the crew.
A more significant flaw was in the design of the control rods that are inserted into the reactor to slow down the reaction. With the design, when the rods are inserted into the reactor from the uppermost position as they are shorter in length than necessary, the graphite parts initially displace some water, effectively causing fewer neutrons to be absorbed initially. Thus for the first few seconds of control rod activation, reactor power output is increased rather than reduced as desired. This behavior was also not known to the reactor operators.
There were numerous other issues that were contributing factors that led to the incident:
The plant was not designed to safety standards in effect and incorporated unsafe features.
Inadequate safety analysis performed.
There was insufficient attention to independent safety review.
Operating procedures not founded satisfactorily in safety analysis.
Safety information not adequately and effectively communicated between operators and designers.
The operators did not adequately understand safety aspects of the plant.
Operators did not sufficiently respect formal requirements of operation and test procedures.
The regulatory regime was insufficient to effectively counter pressures for production.
There was a general lack of safety culture in nuclear matters at the national level as well as locally.
If an experienced process control engineer had been on site he or she would have known that in order to maintain stability, supply-demand matching controls were needed. If the employees had a complete overview of the process, then the disaster would be prevented. The test was conducted under manual control and all automatic safety systems were disabled which lead to the disaster. Design errors also contributed to the disaster. The plant had no containment building.
The lessons learnt at Chernobyl are there is no such thing as safe nuclear plant, understanding process dynamics and providing redundant automatic controls to match them can minimize the probability of accidents. Designing a safe control system requires the in-depth understanding of the process by experienced process control engineers and cannot complete rely on the advice of manufacturer’s representatives alone.
References
https://en.wikipedia.org/wiki/Chernobyl_disaster
https://www.controlglobal.com/articles/2009/chernobyl0907/