The Abnormal Distribution

We distribute Thoughts

Fukushima, the Tsunami Hazard, and Engineering Practice

The conclusion first, as well as at the end. For safety-critical infrastructure, there should be required a continuously-maintained, public safety case. Members of the public may at any time look it up. A wise government will make provision for commentary and rework where necessary.

I am well aware that this sets the importance of a safety case differently from that suggested by Charles Haddon-Cave in his inquiry into the RAF Nimrod accident. This is a different case. The UK MoD is a closed organisation and I am talking about critical public infrastructure.

I am running a private discussion group on the Fukushima accident. One of the main questions, raised by sociologist Charles Perrow on the Monday after it happened, is why on earth was backup power put in a place at which it could be incapacitated by a common-cause event (Perrow phrased it somewhat differently). He suggested it was a design accident, not a “normal accident” in his technical use of that phrase.

I thought there had been an obvious failure of hazard analysis (HazAn), which is a required step (rather, series of steps) in development and deployment of most safety-critical systems. I thought the idea of a public safety case was a useful suggestion even then. It was partly based on news at the time that tsunami researchers had recently discovered evidence of a comparable historical tsunami in the area some 1200 years ago.

But it turns out to be worse than that.

On Wednesday, the Washington Post contained reports of comments at a NISA meeting in 2009 by a tsunami expert, Yokinobu Okamura, who brought up the issue of tsunamis, and, reading between the lines, was peremptorily dismissed.

But it turns out to be much worse than that.

The NYT contains the story today.

* The word “tsunami” did not appear in government guidelines until 2006.

* People have been saying “well, it was a big quake!”, but it turns out one of magnitude 7.5 would have sufficed to breach the high-water defences at the plant.

* Recommendations in 2002 led TEPCO to raise its “maximum projected tsunami” to 17.7-18.7 feet, which was higher than the 13-ft bluff on which the plant is built. Yet all they did is to raise an electrical pump 8 inches.

Here is the text

Japanese government and utility officials have …. said that engineers could never have anticipated the magnitude 9.0 earthquake — by far the largest in Japanese history — that …. generated the huge tsunami. Even so, seismologists and tsunami experts say that according to readily available data, an earthquake with a magnitude as low as 7.5 …. could have created a tsunami large enough to top the bluff at Fukushima.

After an advisory group issued nonbinding recommendations in 2002, Tokyo Electric Power Company, the plant owner and Japan’s biggest utility, raised its maximum projected tsunami at Fukushima Daiichi to between 17.7 and 18.7 feet — considerably higher than the 13-foot-high bluff. Yet the company appeared to respond only by raising the level of an electric pump near the coast by 8 inches, presumably to protect it from high water, regulators said.

Then there is some further wonderful stuff on how hazards were thought about, in the following quote.


“We can only work on precedent, and there was no precedent,” said Tsuneo Futami, a former Tokyo Electric nuclear engineer who was the director of Fukushima Daiichi in the late 1990s. “When I headed the plant, the thought of a tsunami never crossed my mind.”

1. If one is following safety-engineering practice, one is supposed to work on a HazAn, not on “precedent”, whatever that might be.

2. Tsunamis never thought of? How about performing a HazAn? Then maybe there is somebody in the room, say by the name of Yokinobu Okamura, who does.

3. And when the question is raised, finally in 2009, why is a dismissive reply acceptable? Is that the way continuous hazard assessment is performed in Japan? When they perform an FMEA, do they just look at the system and not at the system environment? Let me recommend our course on how to perform HazAns. It is System Safety and Security 2 in our university catalog and we give it every year.

The NYT article makes it clear that TEPCO and NISA were well aware that they were not always sufficiently prepared.

…. For decades …..Japanese officialdom and even parts of its engineering establishment clung to older scientific precepts for protecting nuclear plants, relying heavily on records of earthquakes and tsunamis, and failing to make use of advances in seismology and risk assessment since the 1970s.

For some experts, the underestimate of the tsunami threat at Fukushima is frustratingly reminiscent of the earthquake — this time with no tsunami — in July 2007 that struck Kashiwazaki, a Tokyo Electric nuclear plant on Japan’s western coast.. The ground at Kashiwazaki shook as much as two and a half times the maximum intensity envisioned in the plant’s design, prompting upgrades at the plant.

“They had years to prepare at that point, after Kashiwazaki, and I am seeing the same thing at Fukushima,” said Peter Yanev, an expert in seismic risk assessment based in California, who has studied Fukushima for the United States Nuclear Regulatory Commission and the Energy Department.

TEPCO and NISA knew in 2007 that their hazard criteria needed review. Presumably this was the reason for the meeting that Okamura attended at which his question was trivially rebuffed.

And now for what was known about tsunamis by the scientific establishment. And what TEPCO did.


When Japanese engineers began designing their first nuclear power plants more than four decades ago, they turned to the past for clues on how to protect their investment in the energy of the future. Official archives, some centuries old, contained information on how tsunamis had flooded coastal villages, allowing engineers to surmise their height.

So seawalls were erected higher than the highest tsunamis on record. At Fukushima Daiichi, Japan’s fourth oldest nuclear plant, officials at Tokyo Electric used a contemporary tsunami — a 10.5-foot-high wave caused by a 9.5-magnitude earthquake in Chile in 1960 — as a reference point. The 13-foot-high cliff on which the plant was built would serve as a natural seawall, according to Masaru Kobayashi, an expert on quake resistance at the Nuclear and Industrial Safety Agency, Japan’s nuclear regulator.

Eighteen-foot-high offshore breakwaters were built as part of the company’s anti-tsunami strategy, said Jun Oshima, a spokesman for Tokyo Electric. But regulators said the breakwaters — mainly intended to shelter boats — offered some resistance against typhoons, but not tsunamis, Mr. Kobayashi said.

……….

Two independent draft research papers by leading tsunami experts — Eric Geist of the United States Geological Survey and Costas Synolakis, a professor of civil engineering at the University of Southern California — indicate that earthquakes of a magnitude down to about 7.5 can create tsunamis large enough to go over the 13-foot bluff protecting the Fukushima plant.

Mr. Synolakis called Japan’s underestimation of the tsunami risk a “cascade of stupid errors that led to the disaster” and said that relevant data was virtually impossible to overlook by anyone in the field.

………………

…… even through the narrow lens of recorded tsunamis, the potential for easily overtopping the anti-tsunami safeguards at Fukushima should have been recognized. In 1993 a magnitude 7.8 quake produced tsunamis with heights greater than 30 feet off Japan’s western coast, spreading wide devastation, according to scientific studies and reports at the time.

On the hard-hit island of Okushiri, “most of the populated areas worst hit by the tsunami were bounded by tsunami walls” as high as 15 feet, according to a report written by Mr. Yanev. That made the walls a foot or two higher than Fukushima’s bluff.

But in a harbinger of what would happen 18 years later, the walls on Okushiri, Mr. Yanev, the expert in seismic risk assessment, wrote, “may have moderated the overall tsunami effects but were ineffective for higher waves.”

And even the distant past was yielding new information that could have served as fresh warnings.

Two decades after Fukushima Daiichi came online, researchers poring through old records estimated that a quake known as Jogan had actually produced a tsunami that reached nearly one mile inland in an area just north of the plant. That tsunami struck in 869.

To my mind, this catalog of astonishing engineering practice makes the case for a continuously-maintained, public safety case for safety-critical infrastructure-components to be overwhelming.

There were lots of people around who knew about tsunamis, and were prepared to say. Had TEPCO been required publically to justify any countermeasures it had implemented, then I imagine the inadequacy of the case would have been apparent to any high-school student who decided to look at it for her public affairs class, let alone geologists, hydrologists, or other engineers.

PBL

admin

Leave a Reply

Recent Posts

Recent Comments

No comments to show.

Categories

Admin

Log in

Entries RSS

Comments RSS

WordPress.org

Archives