Does the Fukushima Dai-Ichi accident demonstrate the supremacy of "defense-in-depth" over "risk-based regulation" ? Or put differently, "Is Fukushima an indictment of risk-based reactor safety regulation?"
Five minutes before the devastating earthquake shook Japan on March 11, neither a richter 9 earthquake or a 15 meter tsunami were considered to be "credible" events. Yet they both occurred. Whether due to bad data, mis-interpretation of data, or poor risk methodology, almost everyone was caught "flat-footed" by the historic event.
The devastation unleashed upon Japan and the Japanese people by the quake and the resulting tsunami was horrific.
Fukushima Dai-Ichi was designed to withstand neither event. The damage to four of the six units was extreme. Yet, to this point in time, the reactors and primary containments in units 1-3 have apparently avoided gross energetic failures (not so the refueling pools and secondary containments, but that's another story). I'm not minimizing the severity of the accident or it's off-site consequences – just acknowledging that matters could have been even worse. Why aren't they?
The answer is due in large part to good old-fashioned "defense-in-depth".
Defense-in-depth is a traditional reactor safety design philosophy that integrates multiple engineered barriers and redundant layers of defense to compensate for mechanical and human failures so that no single barrier is relied upon to protect against an accident. An example is that radioactive fission products are contained in the fuel, which is inside the fuel cladding, which is inside the reactor vessel, which is inside the primary containment, which is inside the secondary containment. For those unfamiliar with the principle, see NRC's discussion of the topic here and here.
Many things went wrong at Fukushima, yet the engineers who designed the plant (prior to the era of risk-based regulation) incorporated a number of conservative assumptions, defense-in-depth design strategies, and robust design margins that have, until now, prevented the accident at Fukushima Dai-Ichi from evolving to a much more dire situation.
So back to my question...The truth is that risk-based regulation, properly applied, should result in designs more capable of withstanding the threats we expect them to face during their operating lifetimes. This is good – but not sufficient. Fukushima confirms our need for a healthy dose of humility when it comes to quantifying "credible" events.
Defense-in-depth and risk-based regulatory approaches complement each other. Call it the "belt and suspenders" approach. Fukushima confirms the importance of this approach.
So, when it comes to reactor safety, I'm a "belt and suspenders" man. And so should we all be who are serious about nuclear energy and a sustainable energy future.