"A key assumption of the PRA is the availability of the UHS to provide an adequate heat sink. To support passive heat removal with the DHRS or ECCS, the reactor modules are housed and partially submerged in the UHS such that most of the outer surface of the CNV directly contacts the UHS, which is a large pool of water in the reactor building (RXB). "
DHRC is decay heat. CNV is reactor containment vessel. So drain the pool and the reactor is in trouble.
Nuclear engineer here. I've read through a good portion of the regulatory submission to the NRC and have a few takeaways that oppose some of the less-well-informed takes in this thread:
- The reactor differs substantially from existing PWRs by encasing the primary in double containment, using natural circulation flow for both normal operation and emergency cooling. There are no pumps needed (or installed) to move coolant through the reactor.
- During normal operation, the primary is entirely contained within the primary containment, and circulates naturally, using the differential temperature and gravity. The steam system can is used to remove heat.
- During an emergency, valves open to admit the reactor coolant into the backup containment. These valves are normally held shut by hydraulics with positive control from electronics-- their failure mode is to open with no other operator action in case of a loss of power. No additional operator action is needed to initiate the emergency cooling flow, which is also a natural circulation loop to the backup containment shell, which then conducts heat to the pool.
- The backup containment shell is designed to withstand hydrogen explosions such as those that occurred at Fukushima, and which was possibly prevented at Three Mile Island by venting (whether there was a hydrogen explosion at TMI-2 is not fully understood).
- There is no mechanism for positive reactivity addition via graphite moderator rod such as in the Chernobyl design. The specific failure mode at Chernobyl is not possible with this reactor.
- The pool is specified as a stainless-steel-lined reinforced concrete and designed to withstand earthquakes. The safety systems are such that no reactor electricity supply is needed to remove heat-- the pool could be filled e.g. from a fire truck, and the immediate decay heat from shutdown does not require any additional heat removal or water addition. So the failure mode we saw at Fukushima (inability to remove decay heat due to loss of electricity) and hydrogen explosion breaching containment does not apply to this design.
So it requires gravity. It may seem trivial, but how would this thing react if suddenly not mounted vertically, say if it got knocked onto its side while running? Would coolant still flow as planned?
From reading the NRC submission, the support structure for the modules is Seismic Category 1 (rated for design basis earthquake). This includes the entire Reactor Building, its foundation, and requirements for the site on which it is built. The reactor building is also designed to withstand an impact from a large commercial aircraft. Note that conjecture that the modules are top-heavy appears to be unfounded given the configuration described in the NRC submission.
Elsewhere in the probabilistic risk assessment, they address a module tipping over if it is dropped in the operating area-- the most probable scenario for a horizontal module.
In the case where the drop causes the containment to be breached and does not permit inflow of water from the pool (ostensibly due to pressure difference) the result is core damage and a release of radioactive contamination to the pool.
I encourage interested readers to look at Chapter 19 of the NRC submission. Much of the document is at a level where a lay engineer can understand it. NB: I am not affiliated with NuScale or the NRC.
Safety on the ground is one thing, the other is whether this sort of design might be used in less-than-earth gravity. We need passive/fail-safe reactors for space and this thing looks like it could fit inside a rocket.
Anything that knocks a fully functional multiple thousands of tonnes of concrete, steel, water and fissile material onto it's side was already going to fuck up your day.
As far as I'm aware we've never had a nuclear reactor go sideways, and it's kinda ludicrous to even ask. It's one of the most massive structures, built on bedrock because it's too heavy to be built on anything else, and even these "small" reactors will be incredibly heavy.
They are vertical cylinders to be suspended vertically in a pool of water, not massive squat objects sitting on bedrock. They are thin and relatively top-heavy. It is not ludicrous to ask what could happen should they not remain as vertical as designed.
From a planning perspective, if verticality is a requirement then that verticality has to be protected as strongly as any other aspect. Any attachment or mounting points that maintain verticality must therefore be earthquake proof. If, as in the pictures, these reactors are held in place from the top, horizontal shaking from even a small earthquake would put massive strain on that joint. It isn't just the long/thin/heavy reactor but all the water sloshing around too. A super-strong joint and maybe something important bends/breaks under load? A flexible joint to allow the reactor to sway? Sway how much? What happens at the travel limit of the joint? Can we risk the reactor contracting its neighbours? These are not trivial engineering questions.
I think they are not trivial but relatively easy parts of the design. I’m sure they can design support structure to withstand whatever arbitrarily large earthquake you throw at it. The structure doesn’t need to be particularly light or compact so there shouldn’t be any design constraints getting in the way of strength. The heat transfer problem is much much harder and they’ve already solved that apparently.
I;m not saying it is impossible, just interesting. One option could be to suspend these reactors on cables from above. That might let them swing around all they want during even a huge quake. The water would act as the dampener. Not much extra engineering required.
As other Nuke submariners in this thread can attest, there are definitely PWRs designed to tolerate massive rolls and “angles and dangles.” I guess it depends on your definition of sideways.
> During normal operation, the primary is entirely contained within the primary containment, and circulates naturally, using the differential temperature and gravity. The steam system can is used to remove heat.
If it's using gravity, what happens if this whole reactor gets tilted? What happens at 10 degrees? 45? 90? 180? Are there any critical angles where it would melt down?
I'm curious how you would make such a design that would be both using gravity yet tolerate being moved around.
Layman's question: I don't see how this small reactor is so unique or why it took so long to be developed for regulatory approval. The article claims it produces about 50MW of power with a planned 60MW version. Well, there are already very compact reactors in use on today's aircraft carriers (the A1B and A4W) that produce a much larger 500 to 700MW per module and are also relatively small (after all they fit on individual ships). And obviously deemed quite safe for the exact same reason -they're on ships that travel to all major ports and contain thousands of crew members right inside the same metal hull that the reactor is in. Even more compact and fit into an even smaller vessel quite safely for the crew: submarine reactors like the S8G, which produces over 220MW and measures only 42 x 55 feet in size, with a weight that's not unreasonably greater than that of the NuScale
Basically: What's so dramatically difficult about doing the same for a terrestrial compact reactor to make something like the NuScale take so long to get approval?
The $1/2 billion they had to spend due to paperwork related to certification of the design. From an earlier comment[1] from a different thread about this approval quoting NuScale's press release:
"NuScale spent over $500 million, with the backing of Fluor, and over 2 million labor hours to develop the information needed to prepare its DCA application"
Military reactors don't have to go through this process and those designs (modified to work on land, etc) would.
In other words, the "impracticality" of compact, safe terrestrial reactor designs is almost entirely created by an immense mountain of bureaucratic hurdle that the military is excepted from? I can see the need for safety and careful documentation of contingencies but the scale of what you describe is simply dismaying.
Thank you for that answer and link. checking further now.
Also, I can't even begin to imagine how much paperwork would be necessary (in literal visual, procedural terms) for the cost of fulfilling it to reach half a billion fucking dollars and 2 million man hours to fulfill. What would this even contain? Multiple 200+ page technical laboratory test breakdowns for every single nut and bolt and washer in the reactor set-up?
I'm amazed that convection alone provides enough flow. I mean this is compared to the massive pumps that previous reactors needed. An innovation of the AP1000 was that the massive pump was fully inside the containment (actually attached to the steam generator) and they had to show that it would work without service forever.
Anyway, what if the valves to the backup containment open while it's running at full power? I mean the electronics fail so the valves open. I suppose the steam generator is still running, but even so lots of heat would be dumped into the pool. Maybe there is an interlock so that the reactor scrams in this case.
This is very interesting, can reactor like that be used on a ship or submarine(probably stupid question but I am curious). I remember reading some Tom Clancy novel that had a reactor with cooling that used no pumps as a major technical story point.
On submarines that might be a liquid metal coolant, as used on a few soviet submarine reactors. Lead-bismuth eutectic is most likely, it would be sensible to avoid sodium/potassium coolant on a submarine.
What is the maximum external temperature the design can operate in? Can you build it in hot places to power air conditioning and things like that during the worst days?
I think that the only impact the outside temp has on this is how it relates to the cooling efficiency of the steam loop. External temp will have almost no effect at all on the reactor itself or its operation.
Those reactors are small compare to usual one, but they still operate in a power plant like a gas or coal one.
It's not a home or neighbourhood nuclear reactor.
Wasn't the big push (or maybe big PR push) for more research and development of Thorium reactors a few years ago because they fail closed/safely? That seems like the kind of thing you'd want for smaller reactors (which I assume means more and more geographically diverse, but don't really know).
Yes. Molten Salt Reactors (MSR), while operating very hot, are not operating under a lot of pressure. A pressurized water reactor (PWR) does, and if there is a leak or other problem, it can turn into an explosion.
you are confusing two different characteristics of reactor design.
one is whether or not the coolant is highly pressurised relative to atmosphere, the other is what the thread was originally about, which is how reactivity changes with respect to temperature. this is the temperature coefficient of reactivity.
the people you were responding to were referring to the latter. specifically, if a reactor becoming more reactive results in more or less total reactivity. this characteristic is related to, but independent of, how pressurized the coolant and/or moderator are.
There's no research being done on materials to safely contain molten radioactive salt, that research could be dangerous, pretty much only superpowers would have the resources to do the research.
Bill Gates is funding a company called Terrapower that is planning to bring compact MSR to market in the next 10 years. They already have working prototypes but are still a few years behind NuScale.
Terrapower is (was?) developing multiple technologies. They got approval for their traveling wave reactor (which uses molten sodium, not molten salt, but they are easily confused for obvious reasons) last week. Not sure if they're going to keep developing other techs.
Really? I literally read dozens of papers about it a decade ago, at least... I guess I don't work adjacent to there so maybe no one else does either. Odd, I never have heard a reason why they were all that much worse than alternatives other than for corrosion and licensing costs, I am surprised that such a well defined problem just stopped being studied.
I suppose at some point it's not competitive with solar so what's the point. Maybe we reached that threshold recently.
Ok, there probably is actually lots of research going on, what little I know of it is several years out of date by now, at the time, advocates for the tech complained about the lack of research being done and I took them at their word.
The problem is that the nuclear reactions produce many random materials which in turn might be corrowive to the reactor veasel. Dont forget that the vessel has to last decades, so even minor corrosion is a big deal.
No, steel doesn't work, the salt is too corrosive. It's a very challenging problem, imagine you have half the periodic table floating around in a very radioactive salt at high temperature.
Early molten salt reactor experiments used Hastelloy N (nickel: 71 wt%, molybdenum:16 wt%, chromium: 7 wt%, iron: 5 wt%, others:1 wt%), which apparently works. But as others have noted, there is ongoing research to further improve it.
Also think of how saltwater effects metal. That's just a bit of salt dissolved in water. Molten salt is like that, but way more concentrated, and hotter. Corrosive reactions go faster when you add heat. Molten salt is like metal's worst nightmare.
That's before you even add the radioactivity into the mix, I believe that makes this problem an order of magnitude harder than just trying to contain molten salt, which is already kinda pretty hard.
Stone, maybe, something like a specialized ceramic could work?
Random thought experiment -- why not just drop it in the middle of a lifeless desert, forget about heat exchangers, and just let it slowly melt its way down through the crust of the earth? Assuming it went straight down and into the mantle, it would probably not impact the ecosystem.
> DHRC is decay heat. CNV is reactor containment vessel. So drain the pool and the reactor is in trouble.
In some reactor designs overheating slows and eventually stops the reaction in a controlled/deliberate manner. The reactor system may still fail irreversibly, but it wouldn't necessarily meltdown in a way that risks widespread contamination or excessively expensive site remediation, such as by exposing unapproachable material.
I haven't had time to read all of the info, but I get the impression that this is still a pressurized water reactor, just on a smaller scale. It will fail in pretty much the same way as current reactors like Fukushima and Chernobyl. I believe that the point is that the pool provides an extra level of failsafe against coolant loss, and additionally that the substantially smaller size of the core limits the amount of heat build-up in a meltdown.
Fukushima is a BWR design using water moderator, closed with a lid bolted on a flange. It uses two pumps. Chernobyl is a RBMK design with graphite moderator and a highly positive void coefficient.
This reactor is a much smaller PWR with a double containment and natural circulation, without these failure modes.
In a standard commercial pwr the containment building is a steel shell surrounding the entire system, then there is a void of varying width then that large cement building that you can see when driving by. That building is called the shield building.
Around 600-700 kWh per cubic meter depending on temperature. The reactor outputs around 200 MW thermal.
So if you have one of them in an olympic size swimming pool 50x25x2 meters, 2500 m^3, it'd need ~8 hours to evaporate the whole pool at full output.
If you assume decay heat as 1% of regular output (https://en.wikipedia.org/wiki/Decay_heat), you'd need to add (or have stored) ~3 m^3 of water per hour, or slightly less than a liter per second, to keep it from melting down.
If you assume an average of 2% for the first two hours, that'd be 8 MWh -> 12-13 m^3 for the first two hours, so a 5x5x5 = 125 m^3 pool (only considering the part above the "must always stay submerged" level) should be able to cool it for days.
I think _as long as the containment pool is intact_ (and you manage to SCRAM the reactor), this isn't going to be a major issue. But if e.g. an earthquake breaks the pool...
Seems to me that you are also assuming that the water is not dumping any heat on its own. I would bet that most of that decay heat is going to conduct from the water to the pool containment vessel and from there to the rest of the environment faster than the reactor is putting more heat into the pool.
Makes me think; the water will not boil if the pressure goes up, was the Fukushima explosion caused by a hidden mechanism where if the water starts to evaporate, the steam can't go anywhere as to push the pressure up to keep it liquid?
You need a sufficiently large reserve to allow the reactor to cool, not an infinite supply. Reactors can be shut down and in this case the pool is sized to absorb all decay heat from the shutdown, plus a significant safety margin.
It does, but it makes sense to explore fail-safe designs.
Depending on a lack of incompetence in dangerous systems works until it doesn't. To the extent that these things can simply halt when incompetently managed, they should.
If anyone disagrees, I'd like to know why they think the next hundred years are going to be so much freer of political shortsightedness and corruption than the last hundred.
Fukishima is a perfect example. Unit 1 had been retrofitted with an isolation condenser, which should have been able to prevent a meltdown even with no power, but it wasn't activated, for reasons that remain murky.
Nothing has to move it. It’s in a pool and always there. The pool is big enough to sink all of the decay heat of the reactors it hosts, without needing a refill or heat exchange.
Reactor cores continue to produce waste heat when shut down, and water evaporates. It’s passively safe till you run out of coolant, then it’s actively dangerous.
In this case the pool boils off slowly enough from thermal load to let decay heat reduce to the point where air cooling is adequate. So it remains passively safe unless there is a sudden loss of water from the pool.
Engineering a very resilient pond does not feel like as complex a problem as engineering highly complex cooling systems to be resilient.
Patch it? Keep adding water? There's lots you can do with a (non-catastrophic) leak, and building water vessels that don't leak in your lifetime is honestly not that hard.
The elephants foot was generated because of the failure to cool the core when the pumps failed. This design puts the core in thermal contact with a giant water reservoir to keep it from ever getting hot enough to melt.
2. There have been proposals before for core dilution buckets: a wide shallow dish under the reactor full of something like gallium for the hot core to dissolve into. As it spreads out into the dish, the heat and radiation fluxes become less unmanageable, and the core material becomes less critical.
Chernobyl is not a good comparison, because that reactor design had a number of flaws that nobody in their right mind would have designed into it even then, let alone now. (The Soviet Union was not in its right mind.) And then on top of that, the operators were running an experiment with the reactor without having thought through the consequences.
Chernobyl was an ancient design that didn't have many safeguards. This one had safety built in from the start, and it's smol and can be contained easily.
Making statements as fact does not help to clarify the discussion. Try posing a question instead. You are not adequately informed on reactor design or operation
It's not necessary as discussed elsewhere, but even if it was a concern simply build it near a river, below the water level and dig a connecting canal (that is normally closed off). In the very worst case just lift a sluice gate and the tank will remain topped up.
Nuclear reactors run at cool temperatures compared to say gas turbines. And they are powerful.
So the surface area for radiative cooling is proportional to the power divided by temperature to the fourth power. So the cooling would need to be very big.
Right, but there is no shortage of metals and ceramics that can maintain cohesion (and strength!) at high temperature -- I'm thinking about those videos the machinists post of tools slicing through metal at an obscene rate with incandescent tooling. You don't even need ceramics to do that, there are steel alloys that stay hard and strong enough to slice through (soft) steel while incandescent, although for wear optimizaton they typically only actually do it with ceramics. In any case, it seems like someone should be able to figure out a "retract rods, let them glow" mode that dumps the energy into the sky like a lightbulb.
I'm sure there's a reason why it hasn't been done. Maybe you really do need high enough temperatures that you can't engineer compatible cladding, or it's hard to make IR windows low-loss enough to pass the energy, or something. Still... fourth power! The temperature you need the "lightbulb mechanism" to withstand is the fourth root of power/area! That's a powerful wind at one's back! It's easy to think of reasons why it might be impossible but if it's "just" a hard engineering problem then that's where things get interesting.
My non-expert guess is that given the large amount of power you have in a small area in a nuclear reactor, it would be hard to reach equilibrium while keeping the fuel solid.
If the fuel is in a liquid state (as in a molten salt reactor), then you could more easily since you could have it pour into a wide container, increasing surface area. (Basically the freeze plug approach).
It would be more possible for a high temperature reactor that can stand the high heat.
A regular low temperature reactor would require a huge radiator for the same power.
Many inland rectors are built on waterways. A plant can shut down due to drought. That's a slow enough process that you have plenty of advance warning, though.
Nuclear power plants were designed with this in mind. It would take a substantially larger earthquake to damage a nuclear power plant and cause it to leak than a commercial pool. Such a comparison is in bad faith and disingenuous.
People are fallible on the best days, assuming everyone did their very best from nuclear physicists to construction workers, mistakes are made. You take steps to reduce the risk. Research gets review. Engineering schematics get review. Construction gets inspection. Still some mistakes will get through.
And people always act their very best all the time right?
You can even have a perfect design, perfect construction, that is mismanaged years after it's built, after the original engineers and bureaucrats lose control.
The same people problems apply to basically every human endeavor, but nuclear's capability to cause accidents that have a lasting impact is pretty scary. You don't feel even a twinge of existential dread when you think about? If you don't, then I don't think I want you working on a reactor.
A sufficiently large pool can be built, that any plausible leak will take many days. Think about it: a million liters of water take a long time to dissapear, after all lakes stay there for a long time without rainfall. Weve built many many ponds, it's not hard.
The water in a glass can take a long time to evaporate, but if you put your fist inside the glass and press you will have a sudden loss of 2/3 of the water in seconds.
There are pools and pools and there are leaks and leaks. Anybody that has built an aquarium knows that a 80cm high design is much more complicated to made leak-proof than a 40cm high design holding the same water.
A shallow pool would not be enough to contain a small nuclear plant, so you need a non standard bigger pool. Higher the pool, higher the weight of water column, the force pressure against the walls will increase, and the leak will be much faster because the water weight in the upper level of the pool will force the water in the low levels to go out. If your leak is in the upper side of the pool will be a small self contained problem but if the bottom leaks is a different thing. As the bottom needs to support much more force against it and there is a weak area when walls meet bottom, is more probable to fail first.
Our largest manmade lakes are created by dams, and you can find plenty of example of dams failing in ways that don't take many days.
If our smallest manmade lakes (swimming pools) can leak a lot, and our largest manmade lakes (dams) can also leak a lot the idea there's an in-between size that doesn't leak might need a bit of elaboration.
There's a big difference between a dam and a pool; the pool is supported by the ground, and even if you bash holes in it, the water still has to find somewhere to go. Also, pools are not typically built from concrete and stainless steel.
The safety requirement here is not "doesn't leak", it's "holds most of the water for 30 days (after which water is not required)". You would have to get an implausibly-large leak, during a situation where nobody can add more water for a month.
I don't lack imagination; my imagination just has enough structure to distinguish between realistic and unrealistic scenarios.
We should be orders of magnitude more worried about all the carbon dioxide we're dumping into the atmosphere, than the failure modes of an engineered hole in the ground.
Thinking that nuclear safety just comes down to digging a big hole and filling it with water is such a gross over simplification that I honestly can't believe you are arguing in good faith.
Maybe a particular reactor design could use such a mechanism as one failsafe, but that alone is not enough, and no design is perfect, and the people operating it are not perfect.
I think some of the risks of nuclear are acceptable, I am actually very pro nuclear, but we should acknowledge them instead of pretending they don't exist. The only way risk can be properly managed is if it's acknowledged.
They didn't just drop a reactor in a pool; they also eliminated a bunch of pumps and other failure-prone components from the system.
I would prefer to see inherently safe designs like LFTR gain traction, but NuScale has one of the few designs likely to be built in the near term, where you could SCRAM and take a vacation without causing a meltdown. That is a major advancement in safety; let's not let perfect be the enemy of good.
I was actually going to reply with something similar, but I don't think this stacks up to the damage that can be unleashed in a nuclear accident. Building this took a few lifetimes. Nuclear accidents can have effects that are orders of magnitude larger and longer.
Cool it (pun intended) with the accusations of bad faith. Unless you have enough data to prove it, don't accuse it.
"Substantially larger" is not the same as "impossible". And, given substantially larger consequences if a reactor pool breaks (compared to a swimming pool breaking), I don't think the question is out of line.
We learned from Fukushima that natural disasters don't always follow the parameters that we expect them to.
An earthquake that was one of the largest ever recorded and resulting in one of the largest tsunamis ever as well. So you know, pretty common circumstances.
That the '1000 year tsunami' happened 40 years after commissioning is more suggestive of engineering incompetence than bad luck. And unlike bad luck, incompetence is a lot more prevalent.
You just defined bad luck. They did plan for better than a 100 year earthquake. They met those standards. Problem is sometimes you flip 10 heads in a row (equivalent to 1000 year event), when they could only handle 7.
Or an attack, of course. Or some other event (social unreset, invasion, coup, etc...) causes an evacuation of staff and it boils off during the resulting excursion.
People tend to have poor mental models for the long tail of external failures that happen in real life. It's easy to imagine that things that have never happened in the last century would Never Happen. But... they will, somewhere.
Nuclear sites are designed to withstand a strike from a commercial airliner (747). Like you, the designers imagined many of the events you mentioned and more. A good rule of thumb is that if you, a non-expert, can think of a scenario within 10 minutes, an expert has probably already thought of this scenario. Nuclear power plants and weapons sites have always been considered targets and thus considered extra scrutiny in their design.
You'd hope so. Reactors yes, but not spent fuel pools. Everyone misses things. I've found 3 design flaws myself in the industry. Not too big of a deal as actions can be taken to mitigate some of the flaws. The other flaws are less probable of causing an issue due to redundant and diverse systems but there's always the off chance...
Everyone who remembers the post 9/11 "but what if the terrorists attack X" pandemonium knows that spent fuel pools are outside the containment building. That was one of the scenarios that got paraded around to maximize FUD.
Wanted to is very different than doing. As far as I'm aware there has never been a dirty bomb attack. You could effectively create a dirty bomb with less radiation with more easily obtainable materials (still pretty expensive and labor intensive). The threat would be similar to a more radioactive substance because the biggest damage is the fear (that's what terrorism is about. They could do MUCH more _damage_ if they weren't as concerned about striking fear). The reason it hasn't been done is because it is impractical and difficult to do without killing yourself. There's better and far easier ways to strike fear into people's hearts. Killing a single person is more effective for them than increasing the chance of getting cancer in one's lifetime by 10% for a dozen people. The much bigger threat is a briefcase nuke but that is several more orders of magnitude difficult/expensive to obtain.
They shot an F4 target drone at a block of "reactor grade" concrete wall back in the 80s and they took measurements and did science on the resulting lack of damage and concluded that a reactor can shrug off one of anything. They didn't change containment buildings to be plane proof. It's just a side effect of the design required to contain a melting down reactor with a sufficient safety factor.
> the designers imagined many of the events you mentioned and more
Designers are awesome. Sadly they were also unable to find some time in 50 years to raise a wall a few m so it can stand a Tsunami. It seems that the extra scrutiny, was not so extra in the real life when the company will need to allocate real money.
The event you are referring to was also a freak event. The Tohoku earthquake was the 4th largest _ever_ recorded and the largest ever recorded in Japan (by 0.2M, it is a log scale btw). The closest earthquake to that, in the region, in the previous 100 years was 0.7M lower (and the 6th largest ever recorded, in the area). The Tohoku earthquake also resulted in one of the largest tsunamis ever recorded.
We should note that a lot of rare things happened all at once, more than just the freak earthquake and freak tsunami. There is no such thing as perfect. But consider that there were no lives lost due to the reactor accident. Yes, there is economic damage, but that is the worst. Lives were not lost and the environment was not irreparably damaged. Nature has actually started to take back the region and it more looks like a scene out of I Am Legend rather than The Road or The Book of Eli. I do not intend to dismiss the event, as it is concerning (and we've learned a lot since then), but however you measure it coal or oil or gas have had far greater environmental (or human/health) impacts than nuclear. The difference is that it is more in our mind. Despite the Fukushima cleanup estimate (2x Chernobyl's) costing about 9x Deep Water Horizon (2010) I'll let you decide what costs more[0], even if we ignore all the costs to health and atmosphere. There simply is no free lunch.
> "The event you are referring to was also a freak event. The Tohoku earthquake was the 4th largest _ever_ recorded and the largest ever recorded in Japan"
There is no doubt that the 2011 earthquake was an extreme event, but it's incorrect to say that it was not foreseeable or that the plant's safety systems could not have prevented the disaster.
Further up Japan's coast, the Onagawa nuclear plant was much closer to the earthquake's epicentre. It was subjected to extreme shaking, far more than any other nuclear plant in history, and like Fukushima was also flooded by the tsunami.
Yet it was able to shut down safely as designed in the hours that followed, and its structure was "remarkably undamaged" considering the extreme magnitude and duration of the shaking. 2 of its 3 reactors are expected to be restarted soon following structural repairs and seismic upgrades.
I am not trying to say that things couldn't be designed better. They could (that is never _not_ true). But it is also important to remember that this was a crazy accident as well and several uncommon things had to go wrong at once. The reactor was designed to withstand 100 year earthquake and tsunamis (that's equivalent to flipping almost 7 heads in a row) (we're also not accounting for the odds of the tsunami). But what I am suggesting is that there is a limit. Sure, we could foresee 100 heads landing in a row, it is certainly possible, but at the end of the day you have that end up with an acceptable amount of risk. I do not think 100 year events (1:99 probability) is correct as climate change is changing those odds, but it isn't like this was engineers being lazy and dumb. You are using post hoc analysis to justify actions made without that knowledge. As they say, hindsight is 2020. I do want to remind you that this was the largest earthquake to EVER hit Japan. That's much harder to predict and extremely reasonable to believe such an event is unlikely during the expected lifetime of the reactor.
> an evacuation of staff and it boils off during the resulting excursion.
It is trivial to design a system that powers off when unstaffed. Without power, this reactor will SCRAM and passively switch to air cooling over the course of a month.
Presumably, a skilled attacker could compromise the passive safety systems and force a meltdown, but wouldn't it be easier to steal some spent fuel and disperse it?
Once an attacker is inside the plant, with just some Wiki knowledge, any plant is as good as melted down. It's a much better plan to simply drain the spent fuel pool.
Yes. This is not an inherently safe design. However, it adds a second level of safety, in that each reactor has its own coolant loop that would have to fail first, followed by a second failure of the large pool. It looks like the large pool is also passive, in that it does not rely on circulator pumps to provide cooling.
Reactor's aren't boolean. If a reactor has no heat sink and attempts to shut down, there's still going to be a catastrophic amount of heat to disperse.
That said, rapidly losing the UHS should be incredibly rare/difficult (as several other posters have mentioned).
https://www.nrc.gov/reactors/new-reactors/smr/nuscale.html
Here is an interesting sub-report:
https://www.nrc.gov/docs/ML2022/ML20224A525.pdf
Information withheld for security reasons. One item concerns the "ultimate heat sink". What happens when the ultimate heat sink is lost?
Well a design assumption is that it is not lost:
https://www.nrc.gov/docs/ML2020/ML20205L410.pdf
"A key assumption of the PRA is the availability of the UHS to provide an adequate heat sink. To support passive heat removal with the DHRS or ECCS, the reactor modules are housed and partially submerged in the UHS such that most of the outer surface of the CNV directly contacts the UHS, which is a large pool of water in the reactor building (RXB). "
DHRC is decay heat. CNV is reactor containment vessel. So drain the pool and the reactor is in trouble.