COVID-19 Lessons from Three Mile Island #2 — the NRC
My last column was about crisis management lessons I learned back in 1979 while investigating the Federal Emergency Management Agency for the President's Commission on the Accident at Three Mile Island (TMI). Let's just say that FEMA wasn't ready for a nuclear meltdown. Today we turn to the other federal agency I investigated at that same time - the Nuclear Regulatory Commission (NRC). While FEMA was simply unprepared and incompetent, the NRC was unprepared and lied about it.
Like FEMA, the NRC had recently undergone a rebranding from its previous identity as the Atomic Energy Commission - a schizoid agency that had been charged with both regulating nuclear power and promoting it. It's difficult to be the major booster of technology while at the same time making safety rules for it. Think of the Trump Administration's approach to coal as an example of such a paradox.
When the NRC was created to regulate nuclear power, that PR function was sent over to the U.S. Department of Energy. So all the NRC had to do at Three Mile Island was to make sure the utility was following the rules and to help them keep the public safe. Not much of either actually happened during the accident, mainly because nobody really had any idea of the actual state of the reactor. This suggests that maybe a bit more regulation should have been done during the reactor design phase.
Since almost nobody but me remembers any of this let's get out of the way the two most important lessons of Three Mile Island. The first lesson explains why the accident was so bad while the second explains why nobody died.
The primary technical failing of TMI came down to a poor operator training combined with a major user interface glitch. All of the TMI operators were originally trained by the U.S. Navy, where they operated nuclear reactors on submarines and aircraft carriers. This was a deliberate policy on the part of General Public Utilities (GPU), the electric company that owned the plant. And it wasn't a bad policy. The Navy vets were proven operators who didn't panic and had been well trained on their ships. Alas, they weren't especially well trained on the actual reactor they operated at TMI. In fact, they weren't really trained to operate the reactor at all: they were trained to pass the reactor operator test.
This distinction between being trained to operate the reactor versus being trained to pass the test is crucial. GPU assumed the Navy veterans already knew plenty about reactors, so they concentrated solely in their training on the actual operation of reactor systems. This may sound okay, but what was missing was any deep understanding of what was actually happening inside the reactor that might have been helpful for troubleshooting.
By streamlining their training, the reactor operators may have known which valve to open or close, but not necessarily why they were opening or closing it.
Look at the picture above of the control room at Three Mile Island Unit 2. There is a lot going on in this picture from 1979. There are hundreds of switches and valves matched by hundreds of meters and gauges. Video screens on the back wall mainly verified the state (open/closed, on/off) of these valves and switches. In this entire control room there was ONE warning light and ONE horn or buzzer. When something went wrong this one light would start to blink red and the buzzer would sound an alarm.
In theory, when the buzzer sounded an operator could scan all the gauges and figure out what was happening inside the reactor. In real terms, however, this was close to impossible to do. There were just too many variables and - remember - the operators weren't trained to understand the innards of the reactor, just how to run it.
What actually ran the reactor was a minicomputer. So when the warning light started to blink (by this time they'd turned-off the buzzer) the operators could go to that IBM Selectric printer in the foreground of the picture above where the minicomputer would print out a trouble code and description of what had gone wrong. This printer-based user interface was a key failing at TMI because within two minutes of the first alarm sounding, that printer queue was alreadysix hours behindin printing trouble codes.
While designing this printer-centric system they'd apparently never considered what would happen if there were 100 or 1000 trouble codes hitting at the same time. Worse still, every time the system updated (which as I recall was every minute), it sent to the printer another 100 or 1000 codes.
Certainly, there was an engineer somewhere who understood that printing subsystem and could have found a way into the queue, but nobody in Harrisburg knew who that engineer was. That engineer didn't work for GPU. So the utility was never able to get past this UI problem which made the reactor operators essentially blind. They had to guess what was happening inside the reactor, and their guesses had to be correct, they thought, or people might die.
No pressure here.
The reactor operators were clueless. The GPU executives called-in to help were clueless. And the NRC experts" were clueless, too. In fact, nobody at the NRC had been through operator training for this particular class of reactor.
I will shortly look in some detail at the NRC's response, but first let's cover that other lesson of TMI - why nobody died. That nobody died at Three Mile Island was a total fluke. There was at least one over-pressure event that should have blown the containment dome over the reactor, releasing radiation into Middletown, Pennsylvania. The only reason the containment wasn't breached was TMI had been built extra-strong because it was right next to the Harrisburg International Airport.
In this picture notice the airport in the background. The final approach goes right past Three Mile Island.
There were a dozen Babcock & Wilcox reactors in the U.S. identical to the two units at Three Mile Island, but only those two TMI reactors were built next to what had been a US Air Force B-52 base. So only those two reactors got an extra foot of concrete added to their containment domes, taking them from three feet thick to four feet thick, just in case a B-52 happened to crash into one.
Had the TMI accident happened at the otherwise-identical Rancho Seco reactor near Sacramento, California, people probably would have died.
So TMI-2 melted-down, but it was overbuilt and nobody was actually in danger. However, back in 1979 nobody knew this.
Let's take a moment here to contrast TMI and Chernobyl, the difference being that there was no containment at Chernobyl. The accidents were comparable, but with no containment, Chernobyl directly killed 31 people with an estimated 4000 additional deaths over the years since from radiation-caused cancer.
Reactor containments are good.
Not knowing what was actually happening inside the reactor, the men controlling Unit 2 made some bad decisions that made things worse. And after the first few hours, those decisions were all made with the agreement of the NRC, which also didn't have a clue what was happening. For the most part, whatever was done was based on guesses and more of those guesses were wrong than were right. But since the containment was extra-thick, it probably didn't matter.
Now to the part about lying. It is common for people in positions of authority to prefer that they are seen as acting correctly. Certainly, that was the case with the NRC, which never in the months I investigated them said anything like the truth - that they had no idea what the fuck was happening inside that reactor. They wanted to be seen as professional and calm, not clueless and panicked. So their official accounts projected this professionalism and tended to point fingers mainly at the utility - GPU. The NRC story was that they saved the day.
With the benefit of 41 years of hindsight, it's pretty clear that nobody saved the day at TMI. Nor was the day especially at risk, though that, too, wasn't known at the time.
My job in 1979 was to understand what happened and how it was presented to the outside world and when I did interviews at the NRC it just plain felt wrong. If the agency had done everything right, why did the accident seem so perilous?
That's when I phoned-into the NRC Emergency Operations Center and learned something the agency had failed to disclose.
In one of the documents I retrieved from the NRC I found a telephone number for the NRC Emergency Operations Center. Purely on a hunch, I called it. This was in July 1979 and the accident began in March of that year. Like all government phones 41 years ago, this one was answered by a person. The EOC was still in operation, still supporting the accident recovery. As I spoke on the phone I heard a beeping sound.
What's that beep?" I asked.
That's the recorder - this call is being recorded," the person on the phone explained.
Are all incoming lines recorded?" I asked.
Yup, all 40 of them," was the answer.
We were already a month into investigating the NRC and nobody at the agency had mentioned that all incoming lines to the Emergency Operations Center were recorded (this was very unusual at the time). Rather than listen to the NRC explain what had happened back in March, I could presumably listen to the recordings myself.
The NRC said, no."
Remember those FEMA guys tapping their West Point rings on the conference table? Ring tapping was common at the NRC as well, where the agency had a huge investment in looking infallible. Giving me access to those recordings could have blown their cover, so they rejected my request.
The NRC, which was part of the Executive Branch, rejected a request effectively from the President of the United States.
At this point, some writers might mention the Deep State. But that implies a conspiracy. What I think was going on here was more like hubris.
We subpoenaed the tapes. The NRC said they couldn't give us the tapes (no reason was given, by the way - they just couldn't" do it). Nor could they copy the tapes for us. So we went to court and eventually the NRC offered to transcribe the tapes for us - a process they estimated would take six weeks. They wanted to wait until all the transcriptions were finished before providing any, so we went back to court for quicker access.
Does any of this make sense to you? If your state governor calls up the highway department and asks for some files, do you think they ever say no?"
As the transcripts began to trickle out it was clear that something was wrong. Some of the transcriptions simply didn't make sense. And key sections were missing entirely, with the transcription saying only that they were unintelligible. So it was back to court to get the original tapes, which the NRC stillrefused to give up. Instead, they set up a listening room at NRC headquarters where only one investigator at a time could go for a few hours per day to listen to the original tapes. We had to know which tapes to ask for based on the bad transcriptions that still weren't all complete.
The NRC, so intent on maintaining security, had hired an outside transcription service. That service had no special knowledge of nuclear reactor operations, so when technical terms were used they often got them wrong or just said they were unintelligible. Things were unintelligible, too, when more than two people were on the line or when people were urgently speaking over one another. In other words, the most urgent moments were those moments least likely to be correctly transcribed.
Sitting in that NRC listening room, listening to the tapes after a month of fighting to get them, they were actually quite clear. By this time I was an expert, I knew the terms and I knew what the speakers were discussing and the context. When they said things like Shit, I think it's going to blow!" that wasn't unintelligible to me.
The lesson of the Nuclear Regulatory Commission at Three Mile Island was that they were incompetent and unhelpful. Part of this was a difficult relationship with GPU, part was that crazy printer-based user interface to the reactor computer, but a lot of it came down to the NRC having a huge investment in looking infallible. And that's the lesson for COVID-19.
I happen to think it is worse for a government in crisis to fake it than to admit they aren't sure of the correct problem, much less the correct answer. To say that COVID-19 is no worse than the flu" or that it will disappear in a few weeks" when you don't really know what you are talking about is dangerous. It costs lives.
No executive ego is worth loss of life.
Digital Branding
Web DesignMarketing